From owner-freebsd-net@FreeBSD.ORG Tue May 29 16:20:18 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A3A7106564A; Tue, 29 May 2012 16:20:18 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 4FABB8FC0A; Tue, 29 May 2012 16:20:18 +0000 (UTC) Received: from julian-mac.elischer.org (c-67-180-24-15.hsd1.ca.comcast.net [67.180.24.15]) (authenticated bits=0) by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id q4TGKFnK095312 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 29 May 2012 09:20:16 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <4FC4F74C.4080104@freebsd.org> Date: Tue, 29 May 2012 09:20:28 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.28) Gecko/20120306 Thunderbird/3.1.20 MIME-Version: 1.0 To: darrenr@freebsd.org References: <4FC36377.1080306@freebsd.org> <4FC3818A.8080801@gmx.com> <4FC3882C.5030105@freebsd.org> <4FC410A9.4000502@freebsd.org> <4FC4802E.4070105@freebsd.org> In-Reply-To: <4FC4802E.4070105@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Nikos Vassiliadis Subject: Re: Point-to-point connection between jails? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2012 16:20:18 -0000 On 5/29/12 12:52 AM, Darren Reed wrote: > On 29/05/2012 9:56 AM, Julian Elischer wrote: >> On 5/28/12 7:14 AM, Darren Reed wrote: >>> On 28/05/2012 11:45 PM, Nikos Vassiliadis wrote: >>>> On 5/28/2012 1:37 PM, Darren Reed wrote: >>>>> I've looked through the list of network interfaces that are >>>>> supported with FreeBSD and none seem to meet my needs. What >>>>> I want is a network interface that I can configure up in >>>>> jail A with address 10.1.1.1 and for which I can configure >>>>> a mate in jail B with the address 10.2.2.2 and use the >>>>> network interface as the means by which two jails can >>>>> directly communicate with each other without the need to >>>>> send any packets out of the machine. Or another way to do >>>>> this would be to have a virtual network (something like the >>>>> "internal network" that VirtualBox has or the host only >>>>> network supported by VMWware Workstation) defined somewhere >>>>> and for there to be a specific driver that could be >>>>> configured and attached to a jail and that virtual network >>>>> so that you could have N:M communication between jails. >>>>> >>>>> Is what I'm looking for already present and google is failing >>>>> me or is the above functionality the basis for future work, >>>>> be it planned or otherwise? >>>> It seems like a loopback interface does this. >>>> >>>> root@raidmadi:/home/nik # jls >>>> JID IP Address Hostname Path >>>> 3 10.2.3.4 / >>>> 4 10.7.3.4 / >>>> root@raidmadi:/home/nik # ifconfig lo1 >>>> lo1: flags=8049 metric 0 mtu 16384 >>>> options=3 >>>> inet 10.2.3.4 netmask 0xff000000 >>>> inet 10.7.3.4 netmask 0xff000000 >>>> root@raidmadi:/home/nik # >>>> >>>> Maybe you want 'real' isolation? like with epair and VIMAGE? >>> Yes, I was after real isolation but this might work. >> what you want is epair which is a pseudo driver pair, >> specifically designed to connect two vimage jails to each other. > Yes, that's it. A good example of using epairs can be found here: > http://zewaren.net/site/?q=node/71 though you don't need the bridge part if you don't want your jail bridged through to the internet. You can also achieve the same thing using netgraph. > Something like this should be documented better on freebsd.org. > > Darren > >