| Popis: |
General-purpose operating systems, such as UNIX variants and clones, traditionally maintain a single instance of each supported network protocol family within the kernel network stack. However, the capability of simultaneously supporting multiple independent instances of network stack or protocol suite can be highly desirable in many applications, such as VPN provisioning, virtual hosting or network simulation. This session will provide an overview of design, implementation and performance aspects of an experimental framework for FreeBSD network stack virtualization. It will be explained how various parts of existing kernel code were extended to support grouping of network interfaces and user processes in isolated entities called virtual images. Further, it will be described how basic CPU resource usage scheduling and accounting on per virtual image basis was implemented, and finally, the methods for managing and monitoring the virtualized kernel infrastructure will be presented. As the virtualization framework was implemented entirely within the kernel while retaining the complete API/ABI compatibility with the existing userland binaries, this session will be especially interesting for kernel hackers. However, system administrators will also have the opportunity to learn about a new approach for partitioning system resources, particularly on the network layer. |
