Bhyve inside jails - WHY?

fred974

Daemon

Reaction score: 36
Messages: 1,557

Hi,

I am reading the release note for FreeBSD 12 and I can see that it is now possible to run bhyve inside a jail..
I run both jail and Bhyve on our servers but I am struggling to see any real-life scenario as when you anyone put bhyve inside a jail.
Could anyone please provide a few examples as to when such a scenario is feasible.
I am asking because if it been implemented, there must be a good reason for it.
Thank you
 

Remington

Well-Known Member

Reaction score: 145
Messages: 487

If a client wants to run something other than FreeBSD in Jail then Bhyve is good. Do make sure that Jail have enough resources to handle Bhyve.
 

pyret

Member

Reaction score: 48
Messages: 69

If you just run a single VNET jail then it is possible to mess with IP settings.

If you run a VNET jail within a VNET jail, though, then you have the outer jail with nothing but the interface. The inner jail gets an inherited NIC with a fixed IP.

This security aspect would hold for bhyve inside a VNET jail. Also, say you have 256G of memory but want to split your network, then you can have a bhyve instance on each network. Put all Windows bhyve in VNET jail 1 and all FreeBSD bhyve in VNET jail 2. Or do it by service and have multiple service DMZs.
 
Top