Date: Thu, 4 Jun 2020 15:43:59 +0200 From: Julien Cigar <julien@perdition.city> To: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= <jako.andras@eik.bme.hu> Cc: freebsd-jail@freebsd.org Subject: Re: vnet jails on VLAN subinterfaces Message-ID: <20200604134359.ei6vdsce5xrdbtqo@x1> In-Reply-To: <20200604113832.GD76013@eik.bme.hu> References: <20200604113832.GD76013@eik.bme.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 04, 2020 at 01:38:32PM +0200, JÁKÓ András wrote: > Hello everyone, Hello, > > I've already asked this on forums.freebsd.org, but didn't get an answer > yet. I hope someone can answer it here. > > I'd like to use 802.1Q tagged VLANs on an Ethernet interface, one VLAN > per jail. I assigned VLAN subinterfaces to the jail's network stacks: > > em0 - em0.99 (host) > em0 - em0.100 (jail0) > em0 - em0.101 (jail1) > > Here em0 and em0.99 belong to the base system while em0.10[01] belong to > the jails' network stacks. > > This works perfectly so far. But I didn't see this setup mentioned > anywhere, that's why I'm curious whether this a "valid" setup, do I use > vnet correctly? Or does it only work by accident? > In your case it's OK, but as VLAN ids are unique per interface you need x different physical interfaces if x jails (VNET) need to be in the same VLAN (and use the same interface). Best option is to use SR-IOV (if your interface support it) to have multiple virtual NIC, or use bridge + epair (which has an huge performance impact due to locking issue in if_bridge, although this is fixed in -CURRENT by @kp) > > I found vnet jail examples using one epair per jail, which is connected > to the physical interface by a bridge. With tagged 802.1Q VLANs this > could look something like the following: > > em0 - em0.99 (host) > em0 - em0.100 - bridge0 - epair0a - epair0b (jail0) > em0 - em0.101 - bridge1 - epair1a - epair1b (jail1) > > Here epair[01]b belong to the jails' network stacks, and all other > interfaces to the base system. This works too, but is more complicated > than the one without bridges and epairs. > > András > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200604134359.ei6vdsce5xrdbtqo>