From owner-freebsd-virtualization@FreeBSD.ORG  Sun Dec 12 01:50:02 2010
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B63B0106567A
	for <freebsd-virtualization@freebsd.org>;
	Sun, 12 Dec 2010 01:50:02 +0000 (UTC)
	(envelope-from wjphilli@mac.com)
Received: from asmtpout026.mac.com (asmtpout026.mac.com [17.148.16.101])
	by mx1.freebsd.org (Postfix) with ESMTP id 9A3CE8FC12
	for <freebsd-virtualization@freebsd.org>;
	Sun, 12 Dec 2010 01:50:02 +0000 (UTC)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=us-ascii
Received: from macbookp.home (blk-89-213-137.eastlink.ca [24.89.213.137])
	by asmtp026.mac.com
	(Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008;
	64bit)) with ESMTPA id <0LDA006NTIAC2610@asmtp026.mac.com> for
	freebsd-virtualization@freebsd.org;
	Sat, 11 Dec 2010 16:49:35 -0800 (PST)
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	ipscore=0 suspectscore=1 phishscore=0 bulkscore=0 adultscore=0
	classifier=spam
	adjust=0 reason=mlx engine=6.0.2-1010190000 definitions=main-1012110152
X-Proofpoint-Virus-Version: vendor=fsecure
	engine=2.50.10432:5.2.15,1.0.148,0.0.0000
	definitions=2010-12-11_08:2010-12-10, 2010-12-11,
	1970-01-01 signatures=0
From: William Phillips <wjphilli@mac.com>
Date: Sat, 11 Dec 2010 20:49:23 -0400
Message-id: <31F97B5E-20FF-402D-B951-F6DB75B1BD88@mac.com>
To: freebsd-virtualization@freebsd.org
X-Mailer: Apple Mail (2.1082)
Subject: ng_iface problems with VIMAGE
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
	<freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Dec 2010 01:50:02 -0000

Hello:

The following script creates a point-to-point link between jails.

#!/bin/sh

# script to create two vnet jails and connect them via ng_iface interfaces

# create two vnet jails
jail -c vnet name=node0 host.hostname=node0 path=/ persist
jexec node0 ifconfig lo0 localhost

jail -c vnet name=node1 host.hostname=node1 path=/ persist
jexec node1 ifconfig lo0 localhost

# create two ng_ifaces and connect them in netgraph
ngctl mkpeer . iface hook inet
ngctl mkpeer ng0: iface inet inet

# move the corresponding interfaces into the jails
ifconfig ng0 vnet node0
ifconfig ng1 vnet node1

# configure the interfaces in the jails
jexec node0 ifconfig ng0 192.168.10.1 192.168.10.2
jexec node1 ifconfig ng1 192.168.10.2 192.168.10.1

# end of script

When I try to ping node1 from node0 the echo request appears on ng1 according to tcpdump on node1 but node1 does not generate an echo reply.  Here is the output generated on each jail.

[root@gateway /home/phillips]# jexec node0 ping -c1 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes

--- 192.168.10.2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss


[root@gateway /home/phillips]# jexec node1 tcpdump -n -i ng1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ng1, link-type NULL (BSD loopback), capture size 96 bytes
20:31:38.509494 IP 192.168.10.1 > 192.168.10.2: ICMP echo request, id 55300, seq 0, length 64


This is for FreeBSD8.1 with kernel config GENERIC with the following changes:

#options        SCTP                    # Stream Control Transmission Protocol

options         VIMAGE
options         IPFIREWALL              #firewall
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
options         MROUTING                # Multicast routing


Bill Phillips