💾 Archived View for michaelsteele.us › gemlog › it › 2022013101.gmi captured on 2023-01-29 at 02:45:44. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
FreeBSD jails are amazing. They are one of FreeBSD's most prominent features, often being cited as a justification for using FreeBSD verses other operating systems. In this post I'd like to point out a few special considerations regarding networking when you host a FreeBSD environment from within a virtual machine.
I became interested in system containers about 7 years ago. Ubuntu was coming out with a new software solution named LXD which took advantage of Linux control groups (aka "cgroups") to host complete containerized OS environments that shared a common kernel. They offered all the conveniences of virtual machines, but were faster and consumed less memory. The only drawback is that all containers within a host need to be running the same operating system. I invested some time into learning about this, and eventually brought up a container host environment to compliment the virtualization environment I was already using.
Using Containerized systems was a significant improvement to full virtualization, and it quickly became my default solution. Compared to containers, the virtual machines I managed were slow and required about 100 times more memory to operate. I continued to host Windows environments as virtual machines because they couldn't be containerized, and later on I hosted virtualized container hosts.
I felt ahead of the curve. The term, "Containerization", became a buzz word over the next few years, but it seemed that most people were not using the technology as a replacement for virtualization. They were hosting containerized applications with Docker and later Kubernates. A "system container" is when you host a complete operating system.
Little did I know it back in 2015, but I was not ahead of the curve at all. FreeBSD and other UNIX systems have had various forms of process isolation for decades. More that that, they function in a more straightforward way than various solutions available in the Linux world. Linux containers are made possible by a collection of technologies that have all been independently developed fairly recently. FreeBSD jails have been around long enough that they are a core part of the operating system.
For those of us running small or medium operations, I suggest looking into system containers if you haven't already. If you are just getting started, then I suggest looking into FreeBSD jails. For a good introduction to this topic, read FreeBSD Mastery: Jails by Michael W. Lucas.