From owner-freebsd-virtualization@FreeBSD.ORG Thu Dec 10 17:49:02 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EBECE106566B for ; Thu, 10 Dec 2009 17:49:01 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outV.internet-mail-service.net (outv.internet-mail-service.net [216.240.47.245]) by mx1.freebsd.org (Postfix) with ESMTP id CFAD58FC23 for ; Thu, 10 Dec 2009 17:49:00 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 5A97110C7C; Thu, 10 Dec 2009 09:49:45 -0800 (PST) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id C41A72D6019; Thu, 10 Dec 2009 09:46:57 -0800 (PST) Message-ID: <4B213495.4020108@elischer.org> Date: Thu, 10 Dec 2009 09:49:09 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Reinhard Haller References: <4B1FE20D.9000009@interactive-net.de> <4B20B92E.2070105@interactive-net.de> In-Reply-To: <4B20B92E.2070105@interactive-net.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Bjoern A. Zeeb" , FreeBSD virtualization mailing list Subject: Re: create a vnet jail in rc.conf X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 17:49:02 -0000 Reinhard Haller wrote: > Bjoern A. Zeeb schrieb: >> On Wed, 9 Dec 2009, Reinhard Haller wrote: >> >> Hi, >> >>> I'm searching for a way to create vnet jails in rc.conf. I tried it with >>> jail_flags (-c vnet) with no success. >>> >>> The documentation is not very helpful, I'm missing the way to create the >>> vnet jail and I suspect the specification of an ipv6 address to the >>> epair in the jail is not working. >>> >>> Any suggestions? >> vnets are not yet supported by the legacy jail management framework >> and will not. >> The plan is to have something different for when vimages are no longer >> "experimental" (tech preview, ... call it what you like to and what >> sounds good;). Ideally for 8.2 but that's just a wild handwaving. >> > Wasting another year? >> I have some uncommented old notes lying around here: >> http://people.freebsd.org/~bz/jail-persist.txt >> >> The current ones are actually a lot more complex and no longer good >> examples. Rather than using "persist" you can still give a command to >> start a jail starting all the rc framework etc. in it. >> >> /bz >> > I tried it with the following, but suffered intermittent routing > problems (route6d died and cannot be restarted): > > jail -c vnet name=d1 host.hostname=dns1.intern.de path=/jails/dns1 > persist > jail -c vnet name=d2 host.hostname=dns2.intern.de path=/jails/dns2 > persist > ifconfig bridge0 create > ifconfig epair create > ifconfig epair create > ifconfig bridge0 addm epair0a addm epair1a up > ifconfig epair0a inet6 fd08:e8a3:4825:10::1 > ifconfig epair0b vnet 1 > ifconfig epair1b vnet 2 > jexec 1 csh > ifconfig epair0b inet6 fd08:e8a3:4825:10::10 > route -n add -inet6 default fd08:e8a3:4825:10::1 > exit > jexec 2 csh > ifconfig epair1b inet6 fd08:e8a3:4825:10::11 > route -n add -inet6 default fd08:e8a3:4825:10::1 > exit > > Is this the way to get a stable vnet system? using epair and bridge is probably suboptimal. try using: 1: three epair sets to make a mesh (usable with smal nunbers fo jails) 2: using netgraph to make a bridge.. I'm doing thsii from memory so you may need to tweak it: ngctl mkpeer em0: bridge lower link0 ngctl name em0:lower switch ngctl connect switch: em0: link1 upper # and then for each vnet, ngctl mkpeer switch: eiface link2 ether ifconfig ngeth0 vnet d1 ngctl mkpeer switch: eiface link3 ether ifconfig nget1 vnet d2 ngctl mkpeer switch: eiface link4 ether ifconfig ngeth2 vnet d3 ngctl mkpeer switch: eiface link5 ether ifconfig ngeth3 vnet d4 etc you'll need to kldload ng_ether, ng_bridge and ng_eiface (though I think ngctl may do that for you) > > Thanks > Reinhard > > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org"