About FreeBSD's Technological Advances
FreeBSD offers many advanced features.
No matter what the application, you want your system's resources performing at their full potential. FreeBSD's focus on performance, networking, and storage combine with easy system administration and excellent documentation to allow you to do just that.
A complete operating system based on 4.4BSD.
FreeBSD's distinguished roots derive from the BSD software releases from the Computer Systems Research Group at the University of California, Berkeley. Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems. This is only possible because of the diverse and world-wide membership of the volunteer FreeBSD Project.
FreeBSD provides advanced operating system features, making it ideal across a range of systems, from embedded environments to high-end multiprocessor servers.
FreeBSD 7.0, released February 2008, brings many new features and performance enhancements. With a special focus on storage and multiprocessing performance, FreeBSD 7.0 shipped with support for Sun's ZFS file system and highly scalable multiprocessing performance. Benchmarks have shown that FreeBSD provides twice the MySQL and PostgreSQL performance as current Linux systems on 8-core servers.
- SMPng: After seven years of development on advanced SMP support, FreeBSD 7.0 realizes the goals of a fine-grained kernel allowing linear scalability to over 8 CPU cores for many workloads. FreeBSD 7.0 sees an almost complete elimination of the Giant Lock, removing it from the CAM storage layer and NFS client, and moving towards more fine-grained locking in the network subsystem. Significant work has also been performed to optimize kernel scheduling and locking primitives, and the optional ULE scheduler allows thread CPU affinity and per-CPU run queues to reduce overhead and increase cache-friendliness. The libthr threading package, providing 1:1 threading, is now the default. Benchmarks reveal a dramatic performance advantage over other UNIX® operating systems on identical multicore hardware, and reflect a long investment in SMP technology for the FreeBSD kernel.
- ZFS filesystem: Sun's ZFS is a state-of-the-art file system offering simple administration, transactional semantics, end-to-end data integrity, and immense scalability. From self-healing to built-in compression, RAID, snapshots, and volume management, ZFS will allow FreeBSD system administrators to easily manage large storage arrays.
- 10Gbps network optimization: With optimized device drivers from all major 10gbps network vendors, FreeBSD 7.0 has seen extensive optimization of the network stack for high performance workloads, including auto-scaling socket buffers, TCP Segment Offload (TSO), Large Receive Offload (LRO), direct network stack dispatch, and load balancing of TCP/IP workloads over multiple CPUs on supporting 10gbps cards or when multiple network interfaces are in use simultaneously. Full vendor support is available from Chelsio, Intel, Myricom, and Neterion.
- SCTP: FreeBSD 7.0 is the reference implementation for the new IETF Stream Control Transmission Protocol (SCTP) protocol, intended to support VoIP, telecommunications, and other applications with strong reliability and variable quality transmission through features such as multi-path delivery, fail-over, and multi-streaming.
- Wireless: FreeBSD 7.0 ships with significantly enhanced wireless support, including high-power Atheros-based cards, new drivers for Ralink, Intel, and ZyDAS cards, WPA, background scanning and roaming, and 802.11n.
- New hardware architectures: FreeBSD 7.0 includes significantly improved support for the embedded ARM architecture, as well as preliminary support for the Sun Ultrasparc T1 platform.
FreeBSD has a long history of advanced operating system feature development; you can read about some of these features below:
- A merged virtual memory and filesystem buffer cache continuously tunes the amount of memory used for programs and the disk cache. As a result, programs receive both excellent memory management and high performance disk access, and the system administrator is freed from the task of tuning cache sizes.
- Compatibility modules enable programs for other operating systems to run on FreeBSD, including programs for Linux, SCO UNIX, and System V Release 4.
- Soft Updates allows improved filesystem performance without sacrificing safety and reliability. It analyzes meta-data filesystem operations to avoid having to perform all of those operations synchronously. Instead, it maintains internal state about pending meta-data operations and uses this information to cache meta-data, rewrite meta-data operations to combine subsequent operations on the same files, and reorder meta-data operations so that they may be processed more efficiently. Features such as background filesystem checking and file system snapshots are built on the consistency and performance foundations of soft updates.
- File system snapshots, permitting administrators to take atomic file system snapshots for backup purposes using the free space in the file system, as well as facilitating background fsck, which allows the system to reach multiuser mode without waiting on file system cleanup operations following power outages.
- Support for IP Security (IPsec) allows improved security in networks, and support for the next-generation Internet Protocol, IPv6. The FreeBSD IPsec implementation includes support for a broad range of accelerated crypto hardware.
- Out of the box support for IPv6 via the KAME IPv6 stack allows FreeBSD to be seamlessly integrated into next generation networking environments. FreeBSD even ships with many applications extended to support IPv6!
- Multi-threaded SMP architecture capable of executing the kernel in parallel on multiple processors, and with kernel preemption, allowing high priority kernel tasks to preempt other kernel activity, reducing latency. This includes a multi-threaded network stack and a multi-threaded virtual memory subsystem. Beginning with FreeBSD 6.x, support for a fully parallel VFS allows the UFS file system to run on multiple processors simultaneously, permitting load sharing of CPU-intensive I/O optimization.
- M:N application threading via pthreads permitting threads to execute on multiple CPUs in a scalable manner, mapping many user threads onto a small number of Kernel Schedulable Entities. By adopting the Scheduler Activation model, the threading approach can be adapted to the specific requirements of a broad range of applications.
- Netgraph pluggable network stack allows developers to dynamically and easily extend the network stack through clean layered network abstractions. Netgraph nodes can implement a broad range of new network services, including encapsulation, tunneling, encryption, and performance adaptation. As a result, rapid prototyping and production deployment of enhanced network services can be performed far more easily and with fewer bugs.
- TrustedBSD MAC Framework extensible kernel security, which allows developers to customize the operating system security model for specific environments, from creating hardening policies to deploying mandatory labeled confidentiality of integrity policies. Sample security policies include Multi-Level Security (MLS), and Biba Integrity Protection. Third party modules include SEBSD, a FLASK-based implementation of Type Enforcement.
- TrustedBSD Audit is a security event logging service, providing fine-grained, secure, reliable logging of system events via the audit service. Administrators can configure the nature and granularity of logging by user, tracking file accesses, commands executed, network activity, system logins, and a range of other system behavior. Audit pipes allow IDS tools to attach to the kernel audit service and subscribe to events they require for security monitoring. FreeBSD supports the industry-standard BSM audit trail file format and API, allowing existing BSM tools to run with little or no modification. This file format is used on Solaris and Mac OS X, allowing instant interoperability and unified analysis.
- GEOM pluggable storage layer, which permits new storage services to be quickly developed and cleanly integrated into the FreeBSD storage subsystem. GEOM provides a consistent and coherent model for discovering and layering storage services, making it possible to layer services such as RAID and volume management easily.
- FreeBSD's GEOM-Based Disk Encryption (GBDE), provides strong cryptographic protection using the GEOM Framework, and can protect file systems, swap devices, and other use of storage media.
- Kernel Queues allow programs to respond more efficiently to a variety of asynchronous events including file and socket IO, improving application and system performance.
- Accept Filters allow connection-intensive applications, such as web servers, to cleanly push part of their functionality into the operating system kernel, improving performance.
FreeBSD provides many security features to protect networks and servers.
The FreeBSD developers are as concerned about security as they are about performance and stability. FreeBSD includes kernel support for stateful IP firewalling, as well as other services, such as IP proxy gateways, access control lists, mandatory access control, jail-based virtual hosting, and cryptographically protected storage. These features can be used to support highly secure hosting of mutually untrusting customers or consumers, the strong partitioning of network segments, and the construction of secure pipelines for information scrubbing and information flow control.
FreeBSD also includes support for encryption software, secure shells, Kerberos authentication, "virtual servers" created using jails, chroot-ing services to restrict application access to the file system, Secure RPC facilities, and access lists for services that support TCP wrappers.