FreeBSD is not Linux
0 likes214 views
This document discusses FreeBSD, an open source operating system. It provides an overview of FreeBSD, describing who uses it, why it's useful, its networking capabilities and improvements over time. Key points include that FreeBSD is a complete OS with over 24,000 packages, used by companies like Apple and Netflix. It has high performance, stability and security features like jails and ZFS filesystem. The networking stack is highly optimized and it can run Linux binaries through translation.
![System call translation
"Linux personality disorder" / "Linuxolator"
Natively run a substantial subset of Linux ELF binaries
Often runs Linux binaries faster than Linux [*]
Use cases: not invented here binaries for Linux, databases, CAD tools,...
Known to work: Oracle, Eagle CAD, Mentor, many others!
[*] Usual disclaimers apply. Batteries not included. May contain traces of nuts. Etc.](https://image.slidesharecdn.com/freebsdnotlinux-200420234145/85/FreeBSD-is-not-Linux-22-320.jpg)
FreeBSD is not Linux
- 1. This one goes up to 11! (11.1 actually) FreeBSD for networks MUHAMMAD MOINUR RAHMAN BOFH@FREEBSD.ORG
- 2. Who am I? Ports developer and conference hopper repeat-offender Consultant – - Network Systems - Large scale FreeBSD deployments - Professional paranoid
- 3. What is FreeBSD? Complete Operating System Tools and source code More than 24,000 3rd party open source software packages Complete documentation An open source community
- 4. Who uses FreeBSD? NetApp Dell/EMC/Isilon Dell/KACE Panasas Apple Limelight Networks Swisscom Sentex Microsoft WhatsApp Juniper Networks Verisign Perseus Telecom Sony XipLink McAfee NYI Yahoo
- 5. Why use FreeBSD? Innovation Great tools Mature release model Excellent documentation in many languages ◦ https://www.freebsd.org/doc/zh_CN/books/handbook/ Business friendly licence Open community
- 6. Produce a whole system Operating system Device drivers Compilers and associated tools Debugging tools Editors Packaging system Ready for coding when install is done
- 7. Changes in (recent?) years FreeBSD 11.1 (2017) is not FreeBSD 4.11 (2005)! ◦ New package manager: pkg(8) ◦ Easy to use package building tool: poudriere(8) ◦ Binary system updates: freebsd-update(8) ◦ Many performance improvements (SMP, jemalloc, etc...) ◦ Many new features (ZFS, Capsicum, pf, etc...) ◦ Many improvements to old favourites (jail(8), rc.conf(5), etc...)
- 8. Improvements to filesystems FreeBSD now includes two very mature and time-proven filesystems UFS ◦ Traditional Unix filesystem ◦ High performance ◦ Snapshots ◦ Journaled Soft Updates ZFS ◦ Zetabyte File System (originally from Sun) ◦ Filesystem and volume manager ◦ RAID (many options) ◦ Fully up to date in FreeBSD!
- 9. Jails Light-weight virtualisation: run multiple tenants on a single kernel • Separate filesystem namespace • ZFS delegation features • VIMAGE network stacks
- 10. Jail use cases • Web-based virtual hosting • Email hosting • Service isolation with micro-services
- 11. The FreeBSD network stack TCP/IP was originally developed on BSD and FreeBSD. FreeBSD is still the reference implementation for many network protocols. ◦ Full support for IPv4 and IPv6 ◦ Active development on TCP with pluggable congestion control ◦ Reference implementation of SCTP
- 12. Pluggable TCP stacks Your choice of congestion control: ◦ BBR (in -CURRENT ... coming to 11.x Soon™) ◦ RACK ◦ CUBIC ◦ NewReno
- 13. Performance improvements in networking •30 years since the network-stack design developed •Massive changes in architecture, micro-architecture, memory… •Optimising compilers •Cache-centered CPUs •Multiprocessing, NUMA •DMA, multiqueue •10 Gigabit/s Ethernet •Performance lost to ‘generality’ throughout stack •Revisit fundamentals through clean-slate stack •Orders-of-magnitude performance gains 4 8 16 24 32 64 128 256 512 756 1024 0 20 40 60 File size (KB) Throughput(Gbps) Sandstorm nginx + FreeBSD nginx + Linux 4 8 16 24 32 64 128 256 512 756 1024 0 20 40 60 80 100 File size (KB) CPUutilization(%) Sandstorm nginx + FreeBSD nginx + Linux
- 14. Performance improvements in networking Year Version Feature 1983 4.2BSD BSD sockets, TCP/IP implementation 1986 4.3BSD VJ/Karels congestion control 1999 FreeBSD 3.1 sendfile(2) 2000 FreeBSD 4.2 TCP accept filters 2001 FreeBSD 4.4 TCP ISN randomisation 2002 FreeBSD 4.5 TCP SYN cache/cookies 2003 FreeBSD 5.0-5.1 IPv6, TCP TIMEWAIT state reduction 2004 FreeBSD 5.2-5.3 TCP host cache, SACK, fine-grained locking 2008 FreeBSD 6.3 TCP LRO, TSO 2008 FreeBSD 7.0 T/TCP removed, socket-buffer autosizing 2009 FreeBSD 7.1 Read-write locking, full TCP offload (TOE) 2009 FreeBSD 8.0 TCP ECN 2012 FreeBSD 9.0 Pluggable TCP congestion control, connection groups
- 15. Active transport community FreeBSD network stack developers are active members of the transport community. ◦ Developing and testing new congestion control algorithms ◦ Performance improvements on different workloads ◦ Tie-ins with security folks (bump in the wire / line-rate encryption) ◦ Some work on various multi-path TCP implementations
- 16. Firewalls • IPFW: "native" FreeBSD firewall • pf: fork of the OpenBSD packet filter • ipfilter: for fans of legacy firewalls All three firewalls are well-documented in the FreeBSD Handbook and online manual pages included with the operating system.
- 17. More networking • Multi-IP jails (IPv4 and IPv6) • VIMAGE for multi-tenant routers • Your choice of firewalls: ipfw, pf, (ipfilter) • Multiple FIBs for complex routing • Zebra, Quagga, BIRD, OpenBGPd, OpenOSPFd packages
- 18. VIMAGE • Multiple network stacks for multi-tenant systems • Combine with jails for very light-weight virtualisation • Each VIMAGE jail gets (among other things): • Choice of firewall • Multiple FIBs • All the security features of jails
- 19. Even more networking • IPSEC, IKEv2, etc ... • Layer 2: bridge (dot1d, dot1q), lagg, vlans, spanning tree • Very nearly working MSTP support (*) • Very active "transport community"
- 20. Virtualisation Ready to use images ◦ VMWare ◦ Virtual Box ◦ qemu ◦ HyperV bhyve ◦ Native hypervisor ◦ Runs Linux, Windows and FreeBSD images ◦ Also used on Mac OS (xhyve) ◦ BSD Licensed
- 21. Other security features In addition to jails, FreeBSD sports many other exciting security features MAC and Audit frameworks ◦ Who did what and when? ◦ Much more in-depth than merely logging ◦ Send audit trails to remote machines Capsicum ◦ Better than privilege separation ◦ Capabilities for UNIX ◦ Sandboxing
- 22. System call translation "Linux personality disorder" / "Linuxolator" Natively run a substantial subset of Linux ELF binaries Often runs Linux binaries faster than Linux [*] Use cases: not invented here binaries for Linux, databases, CAD tools,... Known to work: Oracle, Eagle CAD, Mentor, many others! [*] Usual disclaimers apply. Batteries not included. May contain traces of nuts. Etc.
- 23. Some highlights of 11.1-RELEASE ◦ Many improvements to ZFS ◦ Broadcom Wi-Fi driver improvements ◦ bhyve features for ARMv7 ◦ Ported bhyve to ARMv8
- 24. You too can join the FreeBSD community! Join the mailing lists Clone or checkout the code ◦ svn.freebsd.org ◦ github/freebsd Submit patches ◦ reviews.freebsd.org Get a mentor Get proposed to core@ Granted a commit bit (all commits ReviewedBy) Be freed from mentorship Find a mentee
- 25. Learn more about FreeBSD Website: www.freebsd.org FreeBSD Foundation: www.freebsdfoundation.org GitHub: github.com/freebsd Mailing Lists Forums FreeBSD Handbook IRC