Successfully reported this slideshow.

Papers We Love: Jails and Zones

5

Share

Feb. 12, 2016
5 likes 4,212 views
Upcoming SlideShare
node.js and Containers: Dispatches from the Frontier
node.js and Containers: Dispatches from the Frontier
Loading in …3
×
1 of 44
1 of 44

Papers We Love: Jails and Zones

Feb. 12, 2016
5 likes 4,212 views

5

Share

Download to read offline

Technology

Slides for my @papers_we_love talk at @paperswelovenyc on February 11, 2016. Video to come!

Slides for my @papers_we_love talk at @paperswelovenyc on February 11, 2016. Video to come!

Technology

Recommended

More Related Content

Viewers also liked

The DIY Punk Rock DevOps Playbook
bcantrill
Docker's Killer Feature: The Remote API
bcantrill
Leaping the chasm from proprietary to open: A survivor's guide
bcantrill
The Coming Firmware Revolution
bcantrill
node.js in production: Reflections on three years of riding the unicorn
bcantrill
The Internet-of-things: Architecting for the deluge of data
bcantrill
Manta: a new internet-facing object storage facility that features compute by...
Hakka Labs
Platform as reflection of values: Joyent, node.js, and beyond
bcantrill
BayLISA meetup: 8/16/12
bcantrill
Oral tradition in software engineering: Passing the craft across generations
bcantrill
The Platform Era - 7 steps to an API
bootis
Joyent circa 2006 (Scale with Rails)
bcantrill
Fork Yeah! The Rise and Development of illumos
bcantrill
Is it time to rewrite the operating system in Rust?
bcantrill
Debugging microservices in production
bcantrill
Elatt Presentation
student-elatt
Zebras all the way down: The engineering challenges of the data path
bcantrill
Meetup Mesos : Mesos, Chronos and Marathon in CI/CD factory
Laurent Grangeau
DTrace in the Non-global Zone
bcantrill

Similar to Papers We Love: Jails and Zones

X-Tour: Die wunderbare Welt der Container
NEXTtour
AppSec USA 2014 talk by Chris Swan "Implications & Opportunities at the Bleed...
Cohesive Networks
Hadoop in the Clouds, Virtualization and Virtual Machines
DataWorks Summit
Containers and Why They Matter
Ray Lukas
Solaris Internals Preso circa 2009
Richard McDougall
incs775_lect6.ppt
webhostingguy
SW Docker Security
Stephane Woillez
Bridging The Gap: OpenStack For VMware Administrators (Use Case)
Kenneth Hui
An Introduction To Docker
Gabriella Davis
Dell openstack boston meetup dell crowbar and open stack
DellCloudEdge
Docker Meetup 08 03-2016
Docker
Introduction to Docker
Tharaka Devinda
Docker Enterprise Deployment Planning
Stephane Woillez
OSDC 2016 | rkt and Kubernetes: What’s new with Container Runtimes and Orches...
NETWAYS
What’s the Deal with Containers, Anyway?
Stephen Foskett
The Design of Convoluted Kernel Architectural Framework for Trusted Systems –...
rahulmonikasharma

More from bcantrill

Towards Holistic Systems
bcantrill
Hardware/software Co-design: The Coming Golden Age
bcantrill
Tockilator: Deducing Tock execution flows from Ibex Verilator traces
bcantrill
No Moore Left to Give: Enterprise Computing After Moore's Law
bcantrill
Andreessen's Corollary: Ethical Dilemmas in Software Engineering
bcantrill
Visualizing Systems with Statemaps
bcantrill
Platform values, Rust, and the implications for system software
bcantrill
dtrace.conf(16): DTrace state of the union
bcantrill
The Hurricane's Butterfly: Debugging pathologically performing systems
bcantrill
Papers We Love: ARC after dark
bcantrill
Principles of Technology Leadership
bcantrill
Debugging under fire: Keeping your head when systems have lost their mind
bcantrill
The State of Cloud 2016: The whirlwind of creative destruction
bcantrill
Debugging (Docker) containers in production
bcantrill
A crime against common sense
bcantrill

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
System Identification: Tutorials Presented at the 5th IFAC Symposium on Identification and System Parameter Estimation, F.R. Germany, September 1979 Elsevier Books Reference
(4/5)
Free
Energy Conservation in Buildings: The Achievement of 50% Energy Saving: An Environmental Challenge? Elsevier Books Reference
(4/5)
Free
Longitude: The True Story of a Lone Genius Who Solved the Greatest Scientific Problem of His Time Dava Sobel
(4/5)
Free
Young Men and Fire: Twenty-fifth Anniversary Edition Norman Maclean
(4.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
(4/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4.5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free

Papers We Love: Jails and Zones

  1. 1. Papers We Love: Jails and Zones CTO bryan@joyent.com Bryan Cantrill @bcantrill
  2. 2. Papers we love: Jails and Zones • Discussing two important papers that form the foundation of thinking about OS-based virtualization and containers: • Jails: Confining the Omnipotent Root by Poul-Henning Kamp and Robert Watson, presented at SANE 2000 • Solaris Zones: Operating System Support for Consolidating Commercial Workloads by Dan Price and Andy Tucker, presented at LISA 2004 • As much as possible, want to let these papers speak for themselves — and provoke discussion!
  3. 3. Jails: Problem statement
  4. 4. Jails: Prior work
  5. 5. Jails aside: chroot(2)
  6. 6. Jails: Proposed solution
  7. 7. Jails: Advantages
  8. 8. Jails: jail(2)
  9. 9. Jails: Confining the filesystem
  10. 10. Jails: Confining the network
  11. 11. Jails: Implementation
  12. 12. Jails: Network management complexities
  13. 13. Jails: Filesystem management complexities
  14. 14. Jails: User management complexities
  15. 15. Jails: Unintended consequences
  16. 16. Jails: Networking limitations
  17. 17. Jails: Resource management limitations
  18. 18. Jails: Management limitations
  19. 19. Jails: Epilogue • Jails became easier to manage with jls/jps/ezjail/iocage • Jails were allowed to have multiple IPv4 addresses • Some jail-based resource management was added, including CPU binding and • System V IPC was virtualized, but remains out-of-tree • VIMAGE added exclusive IP stacks to jails, but it remains a build- time option and “is considered experimental”
  20. 20. Zones: Problem statement
  21. 21. Zones: Problem statement detail
  22. 22. Zones: Proposed solution
  23. 23. Zones: Block diagram
  24. 24. Zones: Design principles
  25. 25. Zones: Design principles, cont.
  26. 26. Zones: State model
  27. 27. Zones: Configuration
  28. 28. Zones: Installation
  29. 29. Zones: Application environment
  30. 30. Zones: Virtual platform
  31. 31. Zones: Console
  32. 32. Zones: Process model
  33. 33. Zones: Process model, cont.
  34. 34. Zones: IPC
  35. 35. Zones: System V IPC
  36. 36. Zones: Networking
  37. 37. Zones: Filesystem
  38. 38. Zones: Resource management
  39. 39. Zones: Observability and debugging
  40. 40. Zones: Security experience
  41. 41. Zones: Workloads
  42. 42. Zones: Epilogue • Crossbow added virtual NICs and exclusive IP stacks — and anti- spoof allowed exclusive IP stacks to be deployed safely • Resource management became much more complete, adding memory capping, CPU capping, I/O throttling • ZFS revolutionized zone installation/configuration • With introduction of IPS packaging, Solaris got rid of so-called “sparse root” zones... • ...and Joyent added sparse root zones back to SmartOS (thanks to no IPS and no global zone package management)
  43. 43. Zones: Epilogue, cont. • Sun added notion of branded zones in 2006, including a nascent Linux brand (LX) — and then ripped LX out in 2010 • LX brand revived by Joyent in 2014 in SmartOS and completed (first deployed into production in early 2015) • Overlay network support added to SmartOS by Joyent, allowing software-defined VXLAN-based networks in non-global zones
  44. 44. Jails and Zones: Conclusions • Each of these technologies has served to inspire the other: zones was explicitly inspired by jails — and the jails networking work has been explicitly inspired by Crossbow • These two papers are important because they capture not just the what, but the why of their respective works • These technologies were both ahead of their time; it’s invaluable now to be able to understand their motivations! • In the words of the late, great Jim Gray: You need to write more!

×