jail + delegate interface to vnet or bhyve and PCI passthrough?

B

benoitc

What happen when we delegate an interface from the NIC to a vnet? Is this fully usable without performance penalty ? How it differes from doing PCI passthrough and bhyve in term of perfomances?

I'm asking because somehow I dind the orst one more manageable on the long term.

Thoughts?
 
jails is a very lite framework with minimal performance impact. It does not have any virtualization overhead. Moreover If you need a dedicated network interface for a jail you do not need vnet. vnet is a network isolation mechanism, use it only if you need completely independent network stack in a jail with own addressing, fibs and firewalling.
 
shurik ok I see. So I assume that if I use the interface with vnet (to isolate) I will get all the features. I will try. Thans for your answer :)
 
benoitc said:
shurik ok I see. So I assume that if I use the interface with vnet (to isolate) I will get all the features. I will try. Thans for your answer :)
Click to expand...
I've been reading extensively about VNET jails (using bridge & epair). I've learned quite a bit. There is one line about this in the handbook which is flat out wrong. "With the bridge created, it will be necessary to attach it to the em0 interface by executing the following command:" (emphasis mine) The following pictorial is correct but in fact you are creating the virtual bridge and attaching the physical em0 interface to the virtual bridge interface. There is a difference even if it looks subtle.

In other places where I was reading there were comments that using the virtual bridge interface will result in a speed reduction cost (one more memory-bound interface to transit). In theory correct but in practice in my limited experience the speed reduction has been insignificant; unnoticeable.

I continue to learn...
 
You must log in or register to reply here.
Back
Top