The Bridge

The Foundation

A document for BSD people coming to Linux, Linux people discovering ZFS, and anyone who wants infrastructure primitives baked in at the kernel level.

For BSD People

You already know ZFS. You know boot environments, jails, bhyve, pkg, and the beauty of a base system built and maintained as one cohesive unit. You know what real isolation looks like.

You’ve avoided Linux because it’s fragmented. Every distro does things differently. There are dozens of package managers. Getting ZFS on root requires fighting DKMS, initramfs, and a bootloader that doesn’t understand your filesystem.

kldload now installs FreeBSD too. base.txz + kernel.txz downloaded on demand, extracted onto a ZFS pool, loader.efi handles the boot. No DKMS, no initramfs — because FreeBSD doesn't need them. ZFS is in the kernel. If you want to stay on BSD, kldload does that. If you want to cross the bridge to Linux, kldload makes the Linux side feel like BSD. Same ZFS, same datasets, same boot environments, same zfs send. The pool doesn't care which kernel is above it.

kldload changes that.

ZFS on root, deterministic dataset layout, ZFSBootMenu — you’ll feel at home immediately. The fragmentation problem is solved: kpkg merges apt and dnf into a single command — like pkg but for Linux. Every k* tool works identically across CentOS, Debian, Ubuntu, Rocky, and RHEL. You don’t have to care which package manager is underneath — the interface is the same. All native ZFS commands are untouched, but wrapped in cleaner shortcuts for anyone getting their feet wet (ksnap, kbe, kdf). The raw zfs and zpool commands are always there when you want them.

Offline darksites baked into the ISO — like building from ports, but pre-resolved. The installer drops you to a shell if you want to build your own pool layout.

What you give up

Real jails (Linux containers share a kernel). bhyve’s hardware-level isolation (KVM is close but not identical). The simplicity of rc.conf.

What you gain

Hardware support for everything. eBPF (the ‘e’ that BSD doesn’t have yet). NVIDIA CUDA. Docker/Kubernetes. Every open source project ships Linux packages first.

For Linux People

You’ve been running Linux for years. You’ve heard of ZFS but never used it. Many of the tools you rely on are solving problems that ZFS handles natively.

If you're coming from ext4, the hardest part isn't learning ZFS commands. It's unlearning ext4 habits. Stop thinking about disks as objects you format. Stop thinking about directories as your organizational tool. Stop thinking about backups as a separate process. On ZFS, the disk is a pool. Directories are datasets. Backups are snapshots that already happened. The mental shift is bigger than the technical one — and it's the reason BSD people look at Linux storage and shake their heads.

ZFS redefines Linux.

Instant snapshots. Block-level checksums. Transparent compression. Native replication. Boot environments. Instant clones. Once you have ZFS on root, you can’t go back to ext4. It’s like going from manual backups to version control.

What kldload Makes Obsolete

Every item below is something you’ve either paid for, spent hours configuring, or accepted as “just how Linux works”:

The problem	The native solution
Site-to-site VPN	`wg-quick up wg0` — 20 lines of config
Multi-node mesh network	WireGuard + a for loop
Centralized log collection	`tar` piped over SSH
Offsite backup	`syncoid -r rpool backup:tank`
Snapshot management	`zfs snapshot -r rpool@today`
Disk encryption	ZFS native — AES-256-GCM, per-dataset
LVM + mdadm + fsck	ZFS — one tool replaces three
Boot recovery	`kbe activate before-upgrade && reboot`
Network observability	`execsnoop`, `tcplife` — already installed
Intrusion detection	XDP + eBPF — line-rate packet filtering
Disaster recovery	`syncoid -r rpool offsite:tank/dr`
Load balancing	HAProxy — 50 lines of config
Network file sharing	`zfs set sharenfs=on rpool/share`
Replication	`zfs send \| ssh remote zfs recv`

Look at that table again. Every row on the left is a product, a service, or a cron job someone is maintaining. Every row on the right is a kernel primitive or a one-liner. The difference isn't capability — Linux has always been capable of this. The difference is that nobody configured it for you. kldload does.

The Real Examples

Encrypted mesh network — one command

PRIV=$(wg genkey) && printf "[Interface]\nAddress=10.99.0.2/24\nPrivateKey=$PRIV\n\n[Peer]\nPublicKey=HUB_PUBKEY\nEndpoint=HUB_IP:51820\nAllowedIPs=10.99.0.0/24\nPersistentKeepalive=25\n" | ssh root@PEER "cat>/etc/wireguard/wg0.conf && wg-quick up wg0"

One command. Encrypted mesh node joined.

Log collection — one line

tar -czf - /var/log/ | curl -sST- -H "X-Token: $TOKEN" https://your-server/ingest

tar was created to stream data the way magnetic tapes stored it. You can “stream” data because that’s what tapes used to do. Now move up from tape to ZFS replication — for free.

Linux vs BSD — The Real Question

Every “VS” comparison you’ve ever read is asking the wrong question. It’s not Linux VS BSD. It’s Linux OR BSD. What does each do well?

What Linux is good at

Hardware support — every driver, every chipset
eBPF — kernel tracing BSD can’t match (yet)
NVIDIA / CUDA — full GPU compute
Docker / Kubernetes — the container ecosystem
Package availability — everything ships Linux first
Performance — optimized scheduler, I/O, networking
Community — more users, more answers, more drivers

What BSD is good at

Real isolation — jails, not containers sharing a kernel
bhyve — hardware-level VMs from individual components
Simplicity — one base system, one pkg, one rc.conf
Security — Capsicum, conservative defaults, audited base
ZFS (native) — first-class since 2007, no DKMS
Documentation — the FreeBSD Handbook is the gold standard
Stability — conservative releases, things don’t break

kldload sits in the middle.

ZFS on root — makes Linux feel like BSD to storage people. WireGuard in the kernel — same simplicity as BSD’s network stack. eBPF — the one thing BSD genuinely lacks. kpkg — one package manager, like pkg but for both Debian and CentOS. Offline darksites — ship artifacts in a bootstrapped ISO, like building from ports. Boot environments — beadm/bectl equivalent on Linux. Core profile — just ZFS on root, stock distro, nothing added — the BSD philosophy applied to Linux.

You don’t have to choose one forever. Use Linux where you need hardware support, eBPF, and NVIDIA. Use FreeBSD where you need real isolation, bhyve, and simplicity. Use kldload when you want the best of both.

The Point

Linux and BSD are different tools built on different philosophies — and that’s the point. Each has strengths the other lacks. Learn what each does well. Use them together with purpose.

A word about expectations

Don’t expect OpenZFS to magically fix your problems. Every workload is different. The defaults are just that — defaults. If you don’t understand how to tune recordsize for your database, or when to use zstd over lz4, or why your ARC is eating all your RAM — you’re going to have a bad time. Not because ZFS is wrong, but because your expectations are. ZFS gives you the knobs. Learning which ones to turn is on you.

This is precisely why kldload goes far beyond a normal installer. The documentation, the tutorials, the zero-to-hero guides, the appliance recipes — they exist to empower you to understand what you’re building and why. Not to sell you a product, but to give you the knowledge to make informed decisions. Because a tool without understanding is just a liability.

Code is free. Code is what you make of it. If you want to pay for a tool, a service, or a function — that’s your choice, fill your boots! If the product works for you, keep it — kldload won’t get in the way. But you should know what the native tools can do before you decide.

kldload includes everything you need to build secure-by-default environments on hostile hardware in a way that wasn't previously possible on Linux. Secure networking, eBPF observability, ZFS replication, boot environments — these are kernel primitives, not optional bolt-ons. They're available from second zero because they're compiled into the image at build time, not installed after the fact.

The BSD world understood this from the beginning: the base system should be complete, cohesive, and self-contained. Linux never had that because Linux is just a kernel — everything else is assembled by vendors with their own priorities. kldload assembles it with yours.

“Learn the primitives. Understand the real computer. Because if it leaves the kernel — it’s already dead.”
— Anthony Carpenter

A Few Words from Anthony

I’ve been a staunch supporter of free and open source since before Wikipedia was built. I’ve been deprived of useful tools because of licensing squabbles for years. My answer to that has always been: get better, learn how, and teach others.

Every tutorial, every recipe, every one-liner in this project is the result of that answer. 70,000+ pages of personal notes. Decades of running real infrastructure. Distilled into something you can boot from a USB stick in two minutes.

It’s yours. Do what you want with it.

ZFS on Linux is going to enable awesome things. The tradeoff of a monolithic kernel is real — slower replication, higher overhead than FreeBSD. But the hardware support is unmatched, the ecosystem is massive, and understanding that cost makes you a better engineer.

The shift from “log into every machine and fix things” to “snapshot, replicate, rebuild” changes everything. Cattle, not pets. I’m just happy that anyone can now run OpenZFS on Linux, using only their nose. Getting the most out of nothing. That’s always been the game.

And I can’t wait to see what’s next.

← Kernel modules & tools — bundled on first boot. Executive Summary. →