FreeBSD 7.2 Review: Improved Virtualization

by on May 2, 2009 · 13 comments· LAST UPDATED May 4, 2009

in , ,

FreeBSD is just plain old good UNIX with rock solid networking stack. It is quite popular amongst hosting companies, ISPs, portals (such as Yahoo) and a few large financial institutions because of its reliability, robustness and performance.

A new version of the FreeBSD is scheduled for release next week (4-May-2009). A beta 2 was made available for download few weeks ago for final round of testing before the official launch.

What’s New

The new version 7.2 includes some useful improvements, stability, multiple IPv4 / IPv6 for jails (OS level virtualization that allows root to partition a FreeBSD-based computer system into several independent mini-systems), and much more.

Improved Virtualization

FreeBSD jails are perfect for virtual hosting environments. It offers the following benefits

  • Security - Each jail has its own process, users and account. No one can escape jail, thus providing an additional level of security. Usually, you need to setup jail for web server, mail server and database server.
  • Ease of management - root can painlessly delegate several tasks (such as web or proxy or mail server) which require superuser access without handing out complete control over the system.

Multiple IP address for jail

FreeBSD 7.2 includes Multi-IPv4/v6/no-IP support patch written by Bjoern A. Zeeb. It is even possible to have jails without an IP address at all, which basically gives one a chrooted environment with restricted process view and no networking.
# jls -v
Sample output:

  JID  Hostname                      Path
        Name                          State
        CPUSetID
        IP Address(es)
     6  mail.nixcraft.net             /jails/mail.nixcraft.net
                                      ALIVE
        5
        10.24.55.106
        208.43.79.236
        2607:f0d0:3001:9::4

See how to configure multiple IPs with jail.

SCTP support

SCTP with IPv6 in jails has been implemented. The SCTP protocol provides reliable, flow-controlled, two-way transmission of data. SCTP provides a few benefits over TCP (quoting from the Wikipedia):

  1. TCP is relatively vulnerable to denial-of-service attacks, such as SYN attacks.
  2. TCP provides both reliable data transfer and strict order-of-transmission delivery of data. Some applications need reliable transfer without sequence maintenance, while others would be satisfied with partial ordering of the data. In both of these cases, the head-of-line blocking offered by TCP causes unnecessary delay.
  3. The stream-oriented nature of TCP is often an inconvenience. Applications must add their own record marking to delineate their messages, and must make explicit use of the push facility to ensure that a complete message is transferred in a reasonable time.
  4. The limited scope of TCP sockets complicates the task of providing highly-available data transfer capability using multi-homed hosts.
  5. See sctp(4) man page for further details.

32bit Compatibility with 64bit jails

Compatibility support which permits 32-bit jail binaries to be used on 64-bit systems to manage jails has been added.

BIND / Named Updated

ISC BIND has been updated to version 9.4.3-P2. The timezone database has been updated from the tzdata2008h release to the tzdata2009f release.

FreeBSD Desktop Environment

KDE is a powerful Free Software graphical desktop environment for Linux and Unix workstations. The supported version of the KDE desktop environment has been updated from 3.5.10 (x11/kde3) to 4.2.2 (x11/kde4). The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.22 to 2.26.

Hardware and Userland Support

The FreeBSD 7.2 now supports Ultra SPARC III (Cheetah) processor family. The agp driver now supports Intel G4X series graphics chipsets. Support for AMD/ATI r500, r600, r700, and IGP based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been improved. The snd_hda driver has been updated. This changes include support for multiple codec per HDA bus, multiple functional groups per codec, multiple audio devices per functional group, digital (SPDIF/HDMI) audio input/output, suspend/resume, and part of multichannel audio.

The BTX boot loader program improved and now supports 4-byte volume ID that certain versions of Windows put into the MBR and invoking PXE by pressing F6 key on some supported BIOSes.

Many userland tools are updated. The du utility now supports an -l flag (counts a file with multiple hard links as multiple different files), an -A flag (display the apparent size instead of the disk usage) and a -B blocksize option to calculate block counts in blocks of blocksize bytes. This is different from the -k or -m options or setting BLOCKSIZE and gives an estimate of how much space the examined file hierarchy would require on a file system with the given blocksize.

The FreeBSD kernel virtual address space has been increased to 6GB. This allows subsystems to use larger virtual memory space than before. For example, zfs adaptive replacement cache (ARC) requires large kernel memory space to cache file system data, so it benefits from the increased address space. Note that the ceiling on the kernel map size is now 60% of the size rather than an absolute quantity.


Binary upgrades of i386 and amd64 systems

Make sure you run upgrade commands after backing up all data and configuration files. Systems running 7.0-RELEASE, 7.1-RELEASE, 7.2-BETA1, 7.2-RC1, 7.2RC2 can upgrade as follows (note: the procedure for doing source code based update is described here) :
# freebsd-update upgrade -r 7.2-RELEASE
You may ask to help by merging some configuration files or by confirming that the automatically performed merging was done correctly.
# freebsd-update install

Finally, you must reboot the system
# shutdown -r now

After rebooting, freebsd-update needs to be run again to install the new userland components:
# freebsd-update install
# shutdown -r now

Verify that is everything working fine, go though logs and make sure desired ports are opened:
# tail -f /var/log/messages
# tail -f /var/log/app.log
# sockstat -4
# jls -v

After reboot, just upgrade installed applications via FreeBSD ports system (note portmaster is not in the base system, you need to install it via /usr/ports/ports-mgmt/portmaster/):
# portsnap fetch update
# pkg_version -vl '<'
# portmaster -a

Conclusion

This release improves on the functionality of FreeBSD 7.1 and introduces often requested new features in jail. There is also support for fully transparent use of superpages for application memory. Overall, I'm pretty much impressed with new jail feature.

For more details about the release , refer to the official announcement on the FreeBSD mailing list. You can download the installation images from the FreeBSD mirrors (main FTP site) or via BitTorrent.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 13 comments… read them below or add one }

1 ashwani May 2, 2009 at 6:39 pm

Nice info….i never used it before is it pure unix like solrais?…if so it must really tough to handle :-)

Reply

2 nixCraft May 2, 2009 at 7:07 pm

Yes, it just like UNIX; however it is not tough to handle.

YMMV

Reply

3 Vladimir Micovic May 3, 2009 at 8:27 pm

thank you for info.

Reply

4 reader May 4, 2009 at 2:44 pm

Thanks Vivek that’s a really great post :)

Reply

5 Tsc May 10, 2009 at 2:58 pm

thanks for the review, im going to give it a try :)

Reply

6 Frank May 13, 2009 at 7:34 pm

FreeBSD is easy to handle, even more than Ubuntu. :)

Great review, as usual from Cyberciti. Thanks !

Reply

7 Omid May 14, 2009 at 1:10 pm

good stuff

Reply

8 alam May 22, 2009 at 2:13 am

Good review, cpu set available in 7.2 is great thing.

Reply

9 Ulisses Vicente de Souza May 26, 2009 at 8:56 pm

What about wireless support? I quit using FreeBSD a while ago because I couln’t get my Compaq C720BR fully functional.

Thank you.

Reply

10 nixCraft May 28, 2009 at 12:39 am

@Ulisses:

See FreeBSD 7.2 HCL.

Reply

11 Andrew Madrigallos June 10, 2009 at 4:06 am

I’ve installed FreeBSD 7.2 not just because of the enhancement in virtualization but it’s support to HP ML110 hardware raid function.

Reply

12 jp July 24, 2009 at 1:42 am

I am trying to install freebsd via FTP from the us website, but I do not know what to put in the Options Editor for the field titled “Release Name” so that it will download and install the AMD64 version of FreeBSD 7.2 (as I have the i386 DVD) – if I leave the default of 7.2-RELEASE it gives me the i386 version every time. please assist.

Reply

13 nixCraft July 24, 2009 at 6:09 am

You need to download AMD64 netboot or network installation CD.

Reply

Leave a Comment

Tagged as: , , , , , , ,

Previous post:

Next post: