1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
|
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
"http://www.FreeBSD.org/XML/doc/share/sgml/xhtml10-freebsd.dtd" [
<!ENTITY title "About FreeBSD's Technological Advances">
]>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>&title;</title>
<cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
</head>
<body class="navinclude.about">
<h1>FreeBSD offers many advanced features.</h1>
<p>No matter what the application, you want your system's resources
performing at their full potential. FreeBSD's focus on
performance, networking, and storage combine with easy system
administration and excellent documentation to allow you to do just
that.</p>
<h2>A complete operating system based on 4.4BSD.</h2>
<p>FreeBSD's distinguished roots derive from the <b>BSD</b>
software releases from the Computer Systems Research Group at the
University of California, Berkeley. Over ten years of work have been
put into enhancing BSD, adding industry-leading SMP, multithreading,
and network performance, as well as new management tools, file
systems, and security features. As a result, FreeBSD may be found
across the Internet, in the operating system of core router products,
running root name servers, hosting major web sites, and as the
foundation for widely used desktop operating systems. This is only
possible because of the diverse and world-wide membership of the
volunteer FreeBSD Project.</p>
<h2>FreeBSD provides advanced operating system features, making it ideal
across a range of systems, from embedded environments to high-end
multiprocessor servers.</h2>
<p><b>FreeBSD 7.0</b>, released February 2008, brings many new features
and performance enhancements. With a special focus on storage
and multiprocessing performance, FreeBSD 7.0 shipped with support
for Sun's <b>ZFS file system</b> and <b>highly scalable
multiprocessing performance</b>. Benchmarks have shown that FreeBSD
provides twice the MySQL and PostgreSQL performance as current Linux
systems on 8-core servers.</p>
<ul>
<li><b>SMPng</b>: After seven years of development on advanced SMP
support, FreeBSD 7.0 realizes the goals of a fine-grained kernel
allowing linear scalability to over 8 CPU cores for many workloads.
FreeBSD 7.0 sees an almost complete elimination of the Giant Lock,
removing it from the CAM storage layer and NFS client, and moving
towards more fine-grained locking in the network subsystem.
Significant work has also been performed to optimize kernel
scheduling and locking primitives, and the optional ULE scheduler
allows thread CPU affinity and per-CPU run queues to reduce
overhead and increase cache-friendliness. The libthr threading
package, providing 1:1 threading, is now the default. Benchmarks
reveal a dramatic performance advantage over other &unix; operating
systems on identical multicore hardware, and reflect a long
investment in SMP technology for the FreeBSD kernel.</li>
<li><b>ZFS filesystem</b>: Sun's ZFS is a state-of-the-art file
system offering simple administration, transactional semantics,
end-to-end data integrity, and immense scalability. From
self-healing to built-in compression, RAID, snapshots, and volume
management, ZFS will allow FreeBSD system administrators to easily
manage large storage arrays.</li>
<li><b>10Gbps network optimization</b>: With optimized device drivers
from all major 10gbps network vendors, FreeBSD 7.0 has seen
extensive optimization of the network stack for high performance
workloads, including auto-scaling socket buffers, TCP Segment
Offload (TSO), Large Receive Offload (LRO), direct network stack
dispatch, and load balancing of TCP/IP workloads over multiple CPUs
on supporting 10gbps cards or when multiple network interfaces are
in use simultaneously. Full vendor support is available from
Chelsio, Intel, Myricom, and Neterion.</li>
<li><b>SCTP</b>: FreeBSD 7.0 is the reference implementation for the
new IETF Stream Control Transmission Protocol (SCTP) protocol,
intended to support VoIP, telecommunications, and other
applications with strong reliability and variable quality
transmission through features such as multi-path delivery,
fail-over, and multi-streaming.</li>
<li><b>Wireless</b>: FreeBSD 7.0 ships with significantly enhanced
wireless support, including high-power Atheros-based cards, new
drivers for Ralink, Intel, and ZyDAS cards, WPA, background
scanning and roaming, and 802.11n.</li>
<li><b>New hardware architectures</b>: FreeBSD 7.0 includes
significantly improved support for the embedded ARM architecture,
as well as preliminary support for the Sun Ultrasparc T1
platform.</li>
</ul>
<p>FreeBSD has a long history of advanced operating system feature
development; you can read about some of these features below:</p>
<ul>
<li><b>A merged virtual memory and filesystem buffer cache</b>
continuously tunes the amount of memory used for programs and the
disk cache. As a result, programs receive both excellent memory
management and high performance disk access, and the system
administrator is freed from the task of tuning cache sizes.</li>
<li><b>Compatibility modules</b> enable programs for other operating
systems to run on FreeBSD, including programs for Linux, SCO UNIX,
and System V Release 4.</li>
<li><b>Soft Updates</b> allows improved filesystem
performance without sacrificing safety and reliability.
It analyzes meta-data filesystem operations to avoid having
to perform all of those operations synchronously.
Instead, it maintains internal state about pending meta-data
operations and uses this information to cache meta-data,
rewrite meta-data operations to combine subsequent
operations on the same files, and reorder meta-data
operations so that they may be processed more efficiently.
Features such as background filesystem checking and
file system snapshots are built on the consistency
and performance foundations of soft updates.</li>
<li><b>File system snapshots</b>, permitting administrators to take
atomic file system snapshots for backup purposes using the free
space in the file system, as well as facilitating <b>background
fsck</b>, which allows the system to reach multiuser mode without
waiting on file system cleanup operations following power outages.
</li>
<li>Support for <b>IP Security (IPsec)</b> allows improved security in
networks, and support for the next-generation Internet Protocol,
IPv6. The FreeBSD IPsec implementation includes support for a
broad range of <b>accelerated crypto hardware</b>.</li>
<li><b>Out of the box support for IPv6</b> via the KAME IPv6 stack
allows FreeBSD to be seamlessly integrated into next generation
networking environments. FreeBSD even ships with many applications
extended to support IPv6!</li>
<li><b>Multi-threaded SMP architecture</b> capable of executing the
kernel in parallel on multiple processors, and with <b>kernel
preemption</b>, allowing high priority kernel tasks to preempt
other kernel activity, reducing latency. This includes a
<b>multi-threaded network stack</b> and a <b>multi-threaded
virtual memory subsystem</b>. Beginning with FreeBSD 6.x, support
for a fully parallel VFS allows the UFS file system to run on multiple
processors simultaneously, permitting load sharing of
CPU-intensive I/O optimization.</li>
<li><b>M:N application threading via pthreads</b> permitting threads
to execute on multiple CPUs in a scalable manner, mapping many user
threads onto a small number of <b>Kernel Schedulable Entities</b>.
By adopting the <b>Scheduler Activation</b> model, the threading
approach can be adapted to the specific requirements of a broad
range of applications.</li>
<li><b>Netgraph pluggable network stack</b> allows developers to
dynamically and easily extend the network stack through clean
layered network abstractions. Netgraph nodes can implement a broad
range of new network services, including encapsulation, tunneling,
encryption, and performance adaptation. As a result, rapid
prototyping and production deployment of enhanced network services
can be performed far more easily and with fewer bugs.</li>
<li><b>TrustedBSD MAC Framework extensible kernel security</b>,
which allows developers to customize the operating system security
model for specific environments, from creating hardening policies
to deploying mandatory labeled confidentiality of integrity
policies. Sample security policies include <b>Multi-Level
Security (MLS)</b>, and <b>Biba Integrity Protection</b>. Third
party modules include <b>SEBSD</b>, a FLASK-based implementation
of <b>Type Enforcement</b>.</li>
<li><b>TrustedBSD Audit</b> is a security event logging service,
providing fine-grained, secure, reliable logging of system events
via the audit service. Administrators can configure the nature and
granularity of logging by user, tracking file accesses, commands
executed, network activity, system logins, and a range of other
system behavior. Audit pipes allow IDS tools to attach to the
kernel audit service and subscribe to events they require for
security monitoring. FreeBSD supports the industry-standard BSM
audit trail file format and API, allowing existing BSM tools to
run with little or no modification. This file format is used on
Solaris and Mac OS X, allowing instant interoperability and unified
analysis.</li>
<li><b>GEOM pluggable storage layer</b>, which permits new storage
services to be quickly developed and cleanly integrated into the
FreeBSD storage subsystem. GEOM provides a consistent and
coherent model for discovering and layering storage services,
making it possible to layer services such as RAID and volume
management easily.</li>
<li>FreeBSD's <b>GEOM-Based Disk Encryption (GBDE)</b>, provides
strong cryptographic protection using the GEOM Framework, and can
protect file systems, swap devices, and other use of storage
media.</li>
<li><b>Kernel Queues</b> allow programs to respond more efficiently
to a variety of asynchronous events including file and socket IO,
improving application and system performance.</li>
<li><b>Accept Filters</b> allow connection-intensive applications,
such as web servers, to cleanly push part of their functionality into
the operating system kernel, improving performance.</li>
</ul>
<h2>FreeBSD provides many security features
to protect networks and servers.</h2>
<p>The FreeBSD developers are as concerned about security as they are
about performance and stability. FreeBSD includes kernel support for
<b>stateful IP firewalling</b>, as well as other services, such as
<b>IP proxy gateways</b>, <b>access control lists</b>, <b>mandatory
access control</b>, <b>jail-based virtual hosting</b>, and
<b>cryptographically protected storage</b>. These features can be
used to support highly secure hosting of mutually untrusting
customers or consumers, the strong partitioning of network segments,
and the construction of secure pipelines for information scrubbing
and information flow control.</p>
<p>FreeBSD also includes support for encryption software, secure
shells, Kerberos authentication, "virtual servers" created using
jails, chroot-ing services to restrict application access to the
file system, Secure RPC facilities, and access lists for services
that support TCP wrappers.</p>
</body>
</html>
|
