Towards and beyond network stack virtualization in the FreeBSD kernel
Marco Zec
University of Zagreb
<zec@icir.org>
Due to great scalability and significantly lower performance cost than full hardware virtualization platforms, operating system level virtualization frameworks such as Linux Vservers and FreeBSD jails are becoming increasingly popular among production hosting environments. Network stack virtualization allows complete networking independence between jails on a FreeBSD system, including providing each jail with its own virtual network interface set, routing tables, firewall, rate limiting, IPSEC configuration and more. This tool extends jails toward full operating system virtualization and addresses many of the known limitations of traditional jails.

The original implementation of the virtualized network stack for FreeBSD first appeared and was maintained as a patch set against 4.x versions of the OS kernel. In this paper we describe some of the design issues and choices taken during our from-scratch reimplementation of the network stack virtualization in FreeBSD 7.0. Most notably, we attempt to tackle the traditional monolithic view on system virtualization, asking the question what could be the benefits of a more modular virtualization approach, in a system where diverse virtualized OS resources could be freely combinable in order to create the “right” level of virtualization for specific application scenarios.

Marko Zec still likes playing with operating systems and networking. He is currently a research assistant at the University of Zagreb


Last modified: Wed, 28 Feb 2007 16:14:06 +0100