From owner-freebsd-virtualization@FreeBSD.ORG Sat Nov 7 01:28:01 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 382FF1065670 for ; Sat, 7 Nov 2009 01:28:01 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id ED42C8FC13 for ; Sat, 7 Nov 2009 01:28:00 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id BD4CD23961B for ; Sat, 7 Nov 2009 03:32:13 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 58FFD4761F9 for ; Fri, 6 Nov 2009 20:38:53 -0500 (EST) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02482-09 for ; Fri, 6 Nov 2009 20:38:51 -0500 (EST) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id A6D764761F8 for ; Fri, 6 Nov 2009 20:38:51 -0500 (EST) From: "remodeler" To: freebsd-virtualization@freebsd.org Date: Fri, 6 Nov 2009 20:38:51 -0500 Message-Id: <20091107013823.M86284@alentogroup.org> References: <7401C27DF540DA4D83B9B35C541825E3E97180@MCHP7I5A.ww902.siemens.net> <20091106030421.M99285@alentogroup.org> <4AF3BC47.4040708@elischer.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Re: Imunes and FreeBSD 8.0 RC2 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Nov 2009 01:28:01 -0000 Hi, [sorry for dup to Julian] > > If you want to use netgraph to build a virtual bridge between a physical > > ethernet interface and the vnet interface on the jail: > > > > # create netgraph bridge, connecting physical interface lower hook > > ngctl mkpeer msk0: bridge lower link0 > > # give the physical interface hook a convenient name > > ngctl name msk0:lower bridge0 > > # connect upper hook of physical interface to the bridge > > ngctl connect msk0: bridge0: upper link1 > > # create a netgraph node for the vnet interface, connected to the bridge > > ngctl mkpeer bridge0: eiface link2 ether > > # connect the vnet virutal interface and the netgraph node > > ifconfig ngeth0 vnet ns > > Ironically I haven't played with netgraph on vnet recently but > haven't you forgotten to put the eiface into the other vimage? I mis-labelled the last line, using the name "ns" instead of an example name. This server has two dozen virtual servers attached through netgraph, and has been subjected to very heavy test-loading for the past two weeks (saturating the 100 base-T NIC's) on my development LAN. I am very impressed with vimage. This is a good alternative to xen. I don't know how most people will do networking on the host for vnet jails, but netgraph seems to me a natural choice. The jail rc.d scripts are not well designed for the new applications vimage opens up imo. I'm using a script to pull configuration info from a db for each virtual server, but there's a lot of security features in /etc/rc.d/jail that I'd like to migrate into it.