How I did start using FreeBSD

Posted on Thu 27 December 2018 in FreeBSD

My start with FreeBSD on a DEC Alpha

When I was sorting out some old photos, I came over one showing my old Alpha 800. I found it at my father’s company when I was still in school. They didn't use it anymore back in that days and I was running a quite uncommon amount of hardware for testing and educational purposes at home. I had a bunch of Cisco and Juniper routers for routing setups and some x86 machines from 386, 486, Pentium2 and an Athlon 1200, later some Athlon64 and Opteron Machines joined the setup. I was still in school and hacked on hardware and networks in my free time and at night. You could imagine how much the electricity bill dropped when I moved out.

FreeBSD Alpha 01

First I grabbed the Alpha and cleaned it. I had the the plan to install Linux on it and play with other architectures than x86. My main Linux distribution was Gentoo Linux. The Alpha was used with an old version of SuSE Linux, but the disks were wiped before I could take it home. Since the Alpha architecture was not very popular anymore, not a lot of vendors offered a port of their distribution or OS to it. Since I didn't want to run old software on it and didn't had the money to buy a new version of SuSE or RedHat back in that days, I discovered that FreeBSD 4.x did support Alpha and installed it on that old machine. I think it was 4.6 or 4.7 I installed, not sure about that anymore. It was around 2002-2003.

The fact that I used Gentoo was helpful to understand how to install software on FreeBSD. The portage system was designed based on the ports idea from FreeBSD and worked quite similar back then.

As far as I remember the installation 15 or 16 years ago was quite challenging. Not the FreeBSD part but the fact that I wasn't used to the Alpha architecture and its system layout. I had to fix some problems with old SCSI drives, replace the SCSI adapter and some memory. That machine came with 256MB EDU ram if I remember correctly. Memory back in that days was a complete mess. Different types, special memory and they actually died from time to time.

Well the setup did not work for long. All I could archive on the Alpha was possible with my other machines and that with less power consumption. After I hadn't used it for a while I gave it away to some guys who collected that kind of machines. I was very interested in virtualization, since all the fancy developments like XEN, KVM and VMware were focused on x86 the other platforms became less and less interesting to me.

Never the less the ALPHA architecture was much ahead of its time. One more example that not always the better or more enhanced technology is adopted.

FreeBSD as a Guest

For me it was the starting point of my work with FreeBSD. The OS worked well, and the port tree made software installation easy and manageable. The documentation was one of the main reasons I choose Gentoo Linux in the Linux world and the handbook of FreeBSD was even better. The only thing holding me back from using it widely on my systems back than was VM based virtualization. I was using Xen and VMware to switch between different types of OS to do some network setups or testing software. This was not possible with FreeBSD as a host back in that days (no stable Xen Dom0 support at that time). On bare metal I used Linux and XEN and later VMware ESX and ESXi. I discovered Jails and used them since the beginning but the ease of setting up network setups with virtual switches like you can do with VMware Workstat/ESXi or VirtualBox was 100 times faster and just better than what the Jail, XEN and KVM world brought to you at the beginning. If you want to have a reproducible network setup on a local machine it was not a very stable situation in the Linux or OSS virtualization world back, then. A lot of the infrastructure within the network setups changed over the years. Maybe some of you remember the mess with many distributions around NetworkManager or libvirt back in that days. The way you did a setup was often changed because of the fast development and every Linux distribution did it its very own way. So I did run a lot of FreeBSD and Linux VMs on VMware ESX and ESXi at that time.

I used FreeBSD 7 up to 9 in that time to setup VMs for routing in test networks from time to time. One hardware machine was running FreeBSD as a firewall to act as second line of defense within my network. I wanted to have a different OS and kernel than the other Linux machines to add some security. I still try to mix the types of firewalls in my network setups to not rely on one software stack for security.

More and more FreeBSD

When ZFS became ported and stable in FreeBSD and I gave it a try, I now had a use case to run FreeBSD on bare metal. I had used a lot of LSI RAID controllers in my IBM Servers, and some of the low-price versions were very slow. After removing them and using the onboard SATA controller to attach the disks I installed FreeBSD to play with ZFS. This X3250 could hold 2 disks and up to 8GB of memory. It was enough to do what I planned with ZFS on that old servers. Since then I am using FreeBSD for some use cases and I am quite happy with it.

I run several big ZFS machines in different configurations. Most of them act as backup targets or SAMBA File-Servers. In total around 300-500 TB are hosted by that servers and up to now everything works stable and fast.

Some years ago I started to use PFsense Firewalls and switched to OPNsense some time ago. I don't know the total number because not all are maintained frequently by me, but the number of deployed devices should be around 70-100 Firewalls I deployed with FreeBSD based software over the years.

What still sucks with FreeBSD

No system or community is perfect. Some points I don't like with FreeBSD.

  • Security needs more attention. The World is not full of security engineers, systems need to provide only secure defaults to make life easier. ASLR and other commonly used prevention systems are not implemented by default. The argument that some of them can be bypathed very easy nowadays is not good, if you don't join the race you already have lost it. No excuses. If you need ASRL and some more security features, check out HardenedBSD. It is still very close to FreeBSD plus some interessting security patches and some more tools. In my opinion it would be better to import such changes back to FreeBSD faster or come up with a working alternative rather than not have such a security layer.
  • Performance. Each release should perform better than the last one. The boot time of FreeBSD really needs improvement. On server hardware the time your OS boots may not be as important. But most systems today not boot on hardware and time matters. No excuses.
  • Slow development. For example, the FreeBSD has things like ZFS but the ZFS on Linux project is improving faster and adds features their own way. Allan Jude and the OpenZFS guys are addressing this at the moment to have one codebase with all features for all the supported platforms again. An other example is the PF firewall. FreeBSD imported an old version of PF from OpenBSD but never could keep up with the development and now maintains an older syntax than OpenBSD has today.
  • Hardware Support for latest servers and platforms was slow in the past. For Example the UEFI support took quite a while to become stable.

What FreeBSD makes a very nice OS

  • The community seems to work and is mostly healthy, friendly and growing.
  • Problems like slow development are addressed as the founding of the FreeBSD Foundation is becoming bigger. FreeBSD 12 got performance tuning and reducing the number of sys-calls done by default. It looks like some big vendors start funding the heavy lifting work to make FreeBSD more modern and keep it stable.
  • Documentation, documentation and documentation. It's there, it's good and it's updated frequently.
  • Kernel and user-land come together. It makes life easier to keep up with changes.
  • ZFS, best filesystem around.
  • Jails
  • You can upgrade ;-) I have systems that have been upgraded since 10 years from version to version and it worked.