From owner-freebsd-net@FreeBSD.ORG Tue Oct 27 22:46:28 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9E901065695 for ; Tue, 27 Oct 2009 22:46:28 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id 8EAA48FC1C for ; Tue, 27 Oct 2009 22:46:28 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id EBCC723979E for ; Wed, 28 Oct 2009 00:49:22 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 9F24F4761F9 for ; Tue, 27 Oct 2009 18:03:44 -0500 (EST) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01948-10 for ; Tue, 27 Oct 2009 18:03:43 -0500 (EST) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 1C5854761F8 for ; Tue, 27 Oct 2009 18:03:43 -0500 (EST) From: "remodeler" To: freebsd-net@freebsd.org Date: Tue, 27 Oct 2009 18:03:43 -0500 Message-Id: <20091027225454.M12540@alentogroup.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Netgraph question - multiple kernels X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 22:46:28 -0000 My understanding is that I can bind multiple machines running netgraph into one large netgraph, by using something like ng_ksocket nodes bound with a tunneling device. By doing this, is the restriction of one ng_ipfw node per netgraph global to all of the machines (one, and only one, ng_ipfw node)? If the ng_ksocket nodes are connected to ng_bridges on both of the machines, will only relevant network traffic cross the link - or all network traffic? Can I configure the link between the two machines so that I can directly connect a netgraph node on one machine to a node on the other, or must they communicate by the bridge-tunnel-tunnel-bridge structure? Thank you.