The network stack virtualization project aims at extending the FreeBSD kernel to maintain multiple independent instances of networking state. This will allow for complete networking independence between jails on a system, including giving each jail its own firewall, virtual network interfaces, rate limiting, routing tables, and IPSEC configuration. This project is focused at virtualizing the networking stack in FreeBSD -CURRENT. An earlier effort yielded patches for virtualizing the FreeBSD 4.11-RELEASE network stack for which the support has been dropped.
The prototype virtualizes the basic INET and INET6 kernel structures and subsystems, including the TCP machinery and IPFW and PF firewalls, as well as the IPSEC state. The focus is currently being kept on resolving bugs and sporadic lockups, and defining the internal and management APIs.
I have held a tutorial about virtualized stack implementation for FreeBSD -CURRENT at EuroBSDCon '07 in Copenhagen. You can check out these slides for more insight on how currently the management interface is supposed to work, as well as look at configuration examples. A few papers describing the design of an older virtualized stack implementation based on FreeBSD 4.11 can be found here.
If you do not have a FreeBSD -CURRENT or 7.0 system at hand available for experimentation, you can try out a pre-built VMWare image which in addition to the virtualized kernel includes a GUI environment for automating the setup of virtual networked topologies. You can use the freely available VMWare Player for booting the provided system image. Login as root with no password; use xinit to start X and a window manager; and follow the instructions from the tutorial slides. The GUI can be invoked by typing imunes from an xterm window.
The entire source code repository is kept on FreeBSD project's Perforce server(s), which allows the code to be kept more or less in sync with the changes in FreeBSD 8.0-CURRENT and 7.0-STABLE. FreeBSD developers with p4 accounts can access the project's main repository at //depot/projects/vimage , while the branch for tracking RELENG_7 is located at //depot/user/zec/vimage_7
Local snapshots of the sources can be downloaded here: vimage-20081015.tgz (tracking HEAD) or vimage_7_20090505.tgz (tracking RELENG_7).
You can also try to apply this patch against FreeBSD -CURRENT and recompile the kernel. Note that you'll need to first manually create the following directories for the patch to apply cleanly: src/sys/modules/netgraph/pipe src/sys/modules/netgraph/wormhole src/usr.sbin/vimage
So far the modifications to the kernel do not require any of the userspace libraries, utilities or applications to be recompiled. In other words, to run the virtualized kernel, one needs to have a fairly recent -CURRENT or 7.0 system up and running first. Next, the kernel has to be compiled from the sources obtained either using p4 or cvsup. To enable the virtualization code options VIMAGE should be added to the kernel config file. Finally, one should build and install the userspace management utility from the sources in the src/usr.sbin/vimage directory. Note that both the kernel and userspace code are still quickly evolving, have neither stable internal nor management interfaces, and may not even compile successfully at some points in time, not to mention possible lockups and crashes. Nevertheless, any feedback from early testers would be much appreciated.