From owner-freebsd-virtualization@FreeBSD.ORG  Mon Jan 12 08:42:48 2015
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 00E246C8
 for <freebsd-virtualization@freebsd.org>; Mon, 12 Jan 2015 08:42:47 +0000 (UTC)
Received: from smtp2.hushmail.com (smtp2a.hushmail.com [65.39.178.237])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.hushmail.com", Issuer "Self-signed" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id C959EA8A
 for <freebsd-virtualization@freebsd.org>; Mon, 12 Jan 2015 08:42:47 +0000 (UTC)
Received: from smtp2.hushmail.com (smtp2a.hushmail.com [65.39.178.237])
 by smtp2.hushmail.com (Postfix) with SMTP id C4E94A020A
 for <freebsd-virtualization@freebsd.org>; Mon, 12 Jan 2015 08:11:20 +0000 (UTC)
Received: from smtp.hushmail.com (w7.hushmail.com [65.39.178.32])
 by smtp2.hushmail.com (Postfix) with ESMTP;
 Mon, 12 Jan 2015 08:11:19 +0000 (UTC)
Received: by smtp.hushmail.com (Postfix, from userid 99)
 id E7779E00B1; Mon, 12 Jan 2015 08:11:19 +0000 (UTC)
MIME-Version: 1.0
Date: Mon, 12 Jan 2015 08:11:19 +0000
To: "Willem Jan Withagen" <wjw@digiware.nl>, freebsd-net@freebsd.org,
 freebsd-virtualization@freebsd.org
Subject: Re: ipv4 routing from bhyve
From: williamecowell@hush.ai
In-Reply-To: <54B2FD59.9000407@digiware.nl>
References: <20150111213203.60018E00B1@smtp.hushmail.com>
 <54B2FD59.9000407@digiware.nl> 
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20150112081119.E7779E00B1@smtp.hushmail.com>
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
 <freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization/>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jan 2015 08:42:48 -0000


>Well one of the things of concern is the fact that your tap 
>interfaces
>have:
>	status: no carrier
>
>My connected bhyve vm's have, amongst others:
>	status: active
>        groups: tap
>        Opened by PID 20763
>

I had no running bhyve vms when I ran the commands.

>And my bridge device tells me:
>bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 
>0 mtu
>1500
>        ether 02:76:2d:3d:9c:00
>        inet xxx.xxx.xxx.xxx netmask 0xff000000 broadcast 
>37.255.255.255
>        nd6 options=9<PERFORMNUD,IFDISABLED>
>        groups: bridge
>        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>        member: tap651 
>flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 11 priority 128 path cost 2000000
>        member: tap6 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 10 priority 128 path cost 55
>        member: tap14041 
>flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 9 priority 128 path cost 2000000
>        member: tap13101 
>flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 8 priority 128 path cost 2000000
>        member: tap12041 
>flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 6 priority 128 path cost 2000000
>        member: tap13 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 4 priority 128 path cost 2000000
>        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                ifmaxaddr 0 port 1 priority 128 path cost 20000
>
>
>So I think you first need to connect your VM's, before anything 
>else
>will start to work. Like adding the tap-ifs to the bridge.
>
>And on the host itself you don't really need to add routing for 
>the VM's
>because everything is actually already connected. Which is what the
>netstat output tells you. The routing table tells you that traffic 
>for
>	172.16.32.0/24    link#4             U       bridge0
>is send into the the bridge0 devices, which is directly connected.
>And ip-nrs in that range should appear in the the arp table.
>And the host then knows how to get to them directly.
>
>Routing for 172.16.32.0/24, if any needed, will be required on 
>other
>hosts on you network on lagg0. Unless all hosts there have 
>10.10.2.252
>as their default route.
>

On my gateway/router/internet connection, I added a static route via its web interface:

172.16.32.0	255.255.255.0	10.10.2.252

think maybe I am mis-understanding something.

Basically, Internet connected laptop via wifi on a 10.10.2.0/24 network, laptops IP 10.10.2.252, gateway IP is 10.10.2.1.

I want to put my VMs on a separate, but internet connected subnet 172.16.32.0/24

in the bhyve vms:

# cat /etc/rc.conf:
ifconfig_vtnet0="172.16.32.11/24"
defaultrouter="172.16.32.1"

# cat /etc/resolv.conf
nameserver 127.0.0.1 #unbound

can this sort of network config be done without NAT or a bridge, by pure routing?

>Regards,
>--WjW