Date: Wed, 30 Oct 2024 08:20:21 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280648] Traffic leak between fibs Message-ID: <bug-280648-7501-ikmtVAf4Hh@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280648-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-280648-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280648 --- Comment #27 from Zhenlei Huang <zlei@FreeBSD.org> --- (In reply to Egor from comment #0) > Hello everyone. I met a problem with my Freebsd configuration. I used two= fibs fib0 > for management and fib1 for traffic routing. When i tried to connect to m= y freebsd > my ssh session was closed by timeout. This session passed fib1 then it pa= ssed a=20 > switch and then this traffic came to mgmt interface in fib0. (In reply to Egor from comment #26) > Hello, Zhenlei Huang. I want to separate my traffic for two different rou= ting > tables. Jails looks like overhead that will make maintain of the system m= ore complicated. So you set fib0 for management, and fib1 for traffic routing, that is good. For jail setup, it is quite simple. Just leave the host (vnet0) as manageme= nt, and spawn a dedicated vnet jail (say vnet1) for traffic routing, and move a= ll the interfaces those participate the traffic routing and routing daemons to vnet1. The architecture is more clear rather than more complicated. You will benef= it separated firewall rules, fine tuned ( per vnet sysctl knobs ), robust OOB management, etc. Yes, the overhead is one more vnet jail and some setup. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280648-7501-ikmtVAf4Hh>