FreeBSD virtualization

From ISPWiki

FreeBSD virtualization used in VDSmanager is based on so called "jail". "Jail" is included into the standard set of the operating system and provides minimal virtualization possibilities. A number of changes was made by our specialists.

Contents 1 File system 2 Limit on memory 3 Other limits 4 Other cahnges 5 Network stack

File system

• Additional level of disk quotas that allows to set limits on the number of files for each virtual environment (jail).
• Common system of disk quotas (user group) is unique for each virtual environment.
• The template file system allows both to save disk space and provide centralized update of the software.

Principles of operation. When creating a virtual server, the structure of the disk template directory is recreated, and all the files are created by means of hard links. When attempting to open a file or edit its attribute, while a virtual server is running, a hard link is broken and a file is copied to the user's disk. Thus, it is a private file of a virtual server, rather than a template file.

VDSmanager-FreeBSD uses only UFS2.

Limit on memory

We tried to do our best to make limits and virtual server performance closer to a real situation.

• Limit on the real memory - limits the real memory, i.e. counts the number of real memory pages used. A Libc library that is used practically by all running applications will be counted only once, rather than for each application, as other virtualization systems do.
• Limit on swap - specifies the size of real memory that can be exceeded. Real swap may not be used (it is not recommended to slow down a disk subsystem). If you use real memory instead of swap, performance of a virtual server is slowed down artificially: the more you exceed, the longer the delay is.
• Exceeding all limits. When you exceed the limit both on real memory and swap, new processes won't start (fork will return an error), memory won't be allocated (malloc will return an error) and a process that uses the largest amount of memory will be killed (kill -9).

Other limits

• Limit on CPU
• Limit on the number of processes
• Limit on the number of open descriptors (open files and sockets)

Other cahnges

• Personal data SysV (shm sem msg)

Network stack

There is a new fully virtualized network stack in a standard kernel, so we did not have to improve anything there. Currently this feature is being tested and we would not recommend that you use it.

In VDSmanager you can decide whether to use this option or not. A regular mode is used as default, the virtual server does not allow to use applications that require low-level access to the network. To enable VNET you should add the following line to the config:

Option vnet

and describe the network used by adding the following parameters

DefaultNetmask 255.255.xxx.0
DefaultGateway xxx.xxx.xxx.xxx

We would not recommend that you use this operating mode on the commercial servers.

With all the tests completed, we detected several minor routing problems, as well as memory deallocation when destroying a virtual network stack (suspending virtual server). Consequently you may suffer a lack of kernel memory, and the server will restart.