Date: Sun, 29 May 2016 16:45:48 -0600 From: James Gritton <jamie@freebsd.org> To: freebsd-jail@freebsd.org Cc: =?UTF-8?Q?Sebasti=C3=A1n_Maruca?= <seba@econ.uba.ar> Subject: Re: deploy multiple vnets with VIMAGE/VNET + Production Ready? Message-ID: <9796987a0c51b8449065f895c8f00cf8@gritton.org> In-Reply-To: <366569840.1294540.1464534933908.JavaMail.yahoo@mail.yahoo.com> References: <366569840.1294540.1464534933908.JavaMail.yahoo.ref@mail.yahoo.com> <366569840.1294540.1464534933908.JavaMail.yahoo@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2016-05-29 09:15, Sebastián Maruca via freebsd-jail wrote: > Hi to everyone! > I want to deploy several "jailed" firewalls, where each one of them > would contain at least three multiple virtual interfaces (associated > with virtual internal nets) like "WAN", "LAN" and "DMZ" for example... > First *innocent* question (I beg you pardon for my ignorance dealing > with jails!) Can vnet/vimage help me deploy such a complex jailed > environment??? Yes, I think that sounds like just the sort of complicated mess that vnet jails are best with. It's all about per-jail virtual interfaces. > Secod *innocent* question, so far so good, reading at jail manpage > (circa July 6, 2015/FreeBSD 10.3) it seems VNET/VIMAGE is fully > integrated to the FreeBSD kernel, is VNET/VIMAGE ready for production > level??? > As a side note, at the host level would a be some kind of API/service > that would deal with pfctl in order to rule flows between all of > them... That's more of a maybe. There are definitely still outstanding issues in the vimage world, especially regarding pf. I don't use either one myself, so I'm just going by what I see on bug reports and the like. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9796987a0c51b8449065f895c8f00cf8>