FreeBSD The Power to Serve

FreeBSD features

FreeBSD offers many unique features.

No matter what the application, an operating system should take advantage of every resource available. FreeBSD’s focus on performance, networking, and storage combines with ease of administration and comprehensive documentation to realize the full potential of a computer.

A complete operating system based on 4.4BSD

FreeBSD’s roots are the BSD software releases from the Computer Systems Research Group at the University of California, Berkeley. Decades of development have led to advanced scalability, network performance, management tools, file systems support, security and other features. FreeBSD is found across the Internet in core router products, running root name servers, hosting major web sites, and as a foundation for widely used desktop operating systems.

Features

OpenZFS

More than a file system, ZFS is fundamentally different from traditional file systems. Combining the traditionally separate roles of software RAID, volume manager and file system provides ZFS with unique advantages.

ZFS has three main design goals:

  • Data integrity

  • Pooled storage

  • Performance.

ZFS boot environments

A ZFS boot environment is a bootable clone/snapshot of specially preselected parts of a system.

Use cases include:

  • Bulletproof upgrades/changes to the system

  • Create safe fallback ZFS Boot Environment before upgrade or changes to the system

  • Update a new (inactive) environment without altering the active environment

  • Perform upgrade and test the results inside jail

  • Copy/move ZFS boot Environment into another machine

  • Major reconfiguration (Bareos/Postfix/…​)

  • Mass populate large number of servers with one configured BE

  • Bare metal backup solution.

Jails

Jails originated with FreeBSD 4.X.

They build upon chroot(8), which changes the root directory. This creates a safe environment, separate from the rest of the system. Processes created in a jailed environment can not access files or resources outside of it.

Jails improve upon chroot in several ways. In a traditional chroot environment, processes are limited to a part of the file system. The rest of the system resources, system users, running processes, and the networking subsystem are shared by the chrooted processes and the processes of the host system. Jails further restrict access to the file system, the set of users, and the networking subsystem. Finer-grained access controls are available.

Ports collection

More than 30,000 applications and libraries are ported to FreeBSD. The architecture allows easy customization of compile time options of many of the ports.

Virtualization

bhyve: a BSD licensed, legacy-free hypervisor that runs all supported versions of FreeBSD, as well as other operating systems that support UEFI, including but not limited to OpenBSD, Windows® and Linux®, with the use of bhyve-firmware.

Linux binary compatibility

Linux binary compatibility, commonly referred to as Linuxulator, allows FreeBSD to run many unmodified Linux binaries. It does not involve virtual machines or emulation; instead, it provides the binaries with kernel interfaces identical to those provided by a real Linux kernel. Linuxulator is comparable to 32-bit FreeBSD binaries running on a 64-bit FreeBSD kernel.

DTrace

DTrace, also known as Dynamic Tracing, was developed by Sun Microsystems™ to locate performance bottlenecks in production and pre-production systems. In addition, DTrace can help to investigate and debug unexpected behaviors in the kernel and in userland.

DTrace has an impressive array of features. It’s scriptable. Developers can use the DTrace D Language to create utilities for custom profiling.

The FreeBSD implementation provides full support for kernel DTrace and experimental support for userland DTrace. Userland DTrace allows users to perform function boundary tracing for userland programs using the pid provider, and to insert static probes into userland programs for later tracing.

Capsicum

Capsicum allows sandboxing of several programs that work within the "capabilities mode", such as:

  • tcpdump

  • dhclient

  • hast

  • rwhod

  • kdump.

Network Virtualization

VNET virtualizes the network stack. The basic idea is to change global resources most notably variables into per network stack resources and have functions, sysctls, eventhandlers, etc. access and handle them in the context of the correct instance. Each (virtual) network stack is attached to a prison, with vnet0 being the un-restricted default network stack of the base system. VIMAGE facilities can be used independently to create fully virtualized network topologies, and jail(8) can directly benefit from a fully virtualized network stack.


Last modified on: July 23, 2022 by Sergio Carlavilla Delgado