From owner-freebsd-jail@FreeBSD.ORG  Mon Mar 19 09:16:17 2012
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 67EA21065670
	for <freebsd-jail@freebsd.org>; Mon, 19 Mar 2012 09:16:17 +0000 (UTC)
	(envelope-from girgen@FreeBSD.org)
Received: from melon.pingpong.net (melon.pingpong.net [79.136.116.200])
	by mx1.freebsd.org (Postfix) with ESMTP id 0356F8FC08
	for <freebsd-jail@freebsd.org>; Mon, 19 Mar 2012 09:16:16 +0000 (UTC)
Received: from girgBook.local (citron.pingpong.net [195.178.173.66])
	by melon.pingpong.net (Postfix) with ESMTPA id A3F32226E7;
	Mon, 19 Mar 2012 10:16:14 +0100 (CET)
Message-ID: <4F66F95B.108@FreeBSD.org>
Date: Mon, 19 Mar 2012 10:16:11 +0100
From: Palle Girgensohn <girgen@FreeBSD.org>
User-Agent: Postbox 3.0.3 (Macintosh/20120304)
MIME-Version: 1.0
To: Nikos Vassiliadis <nvass@gmx.com>
References: <4F6673FD.2040809@FreeBSD.org> <4F66E535.9010607@gmx.com>
	<4F66E89B.9090704@FreeBSD.org> <4F66EA0F.6080104@gmx.com>
In-Reply-To: <4F66EA0F.6080104@gmx.com>
X-Enigmail-Version: 1.2.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
Subject: Re: VMNET - problem with epair in jail, cannot ping itself?
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 09:16:17 -0000



Nikos Vassiliadis skrev:
> On 3/19/2012 9:04 AM, Palle Girgensohn wrote:
>>
>>
>> Nikos Vassiliadis skrev:
>>> On 3/19/2012 12:47 AM, Palle Girgensohn wrote:
>>>> Hi!
>>>>
>>>> When I create an epair and pu one end inside a jail, and give that
>>>> interface an IP address, the jail still seems to want to use the lo0
>>>> interface to route traffic to that interface on the inside.
>>>>
>>>> Everything else works, I can set up bridges just like it would be an
>>>> ethernet switch, add services on the inside, it is all fine, except
>>>> this
>>>> little annoying bug(?).
>>>>
>>>> See here:
>>>>
>>>> [root@hostname /home/girgen]# ifconfig epair create
>>>> epair0a
>>>> [root@hostname /home/girgen]# jail -c vnet name=bar host.hostname=bar
>>>> path=/ persist
>>>> [root@hostname /home/girgen]# jls
>>>>      JID  IP Address      Hostname                      Path
>>>>        1  -               bar                           /
>>>> [root@hostname /home/girgen]# ifconfig epair0b vnet bar
>>>> [root@hostname /home/girgen]# ifconfig -a
>>>> bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>   metric 0 mtu
>>>> 1500
>>>>     
>>>> options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
>>>>
>>>>
>>>>      ether 00:23:7d:23:9d:44
>>>>      inet 1.2.3.144 netmask 0xffffffc0 broadcast 1.2.3.191
>>>>      inet6 fe80::223:7dff:fe23:9d44%bce0 prefixlen 64 scopeid 0x1
>>>>      nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>>>      media: Ethernet autoselect (1000baseT<full-duplex>)
>>>>      status: active
>>>> bce1: flags=8802<BROADCAST,SIMPLEX,MULTICAST>   metric 0 mtu 1500
>>>>     
>>>> options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
>>>>
>>>>
>>>>      ether 00:23:7d:23:9d:42
>>>>      nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>>>      media: Ethernet autoselect
>>>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>   metric 0 mtu 16384
>>>>      options=3<RXCSUM,TXCSUM>
>>>>      inet6 ::1 prefixlen 128
>>>>      inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9
>>>>      inet 127.0.0.1 netmask 0xff000000
>>>>      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>>> epair0a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST>   metric 0 mtu
>>>> 1500
>>>>      options=8<VLAN_MTU>
>>>>      ether 02:f9:05:00:0a:0a
>>>>      nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>>>      media: Ethernet 10Gbase-T (10Gbase-T<full-duplex>)
>>>>      status: active
>>>> [root@hostname /home/girgen]# jexec bar ifconfig -a
>>>> lo0: flags=8008<LOOPBACK,MULTICAST>   metric 0 mtu 16384
>>>>      options=3<RXCSUM,TXCSUM>
>>>>      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>>> epair0b: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST>   metric 0 mtu
>>>> 1500
>>>>      options=8<VLAN_MTU>
>>>>      ether 02:f9:05:00:0b:0b
>>>>      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>>>      media: Ethernet 10Gbase-T (10Gbase-T<full-duplex>)
>>>>      status: active
>>>> [root@hostname /home/girgen]# jexec bar ifconfig epair0b 10.1.1.2
>>>> netmask 0xffffff00 up
>>>> [root@hostname /home/girgen]# jexec bar ping 10.1.1.2
>>>> PING 10.1.1.2 (10.1.1.2): 56 data bytes
>>>> ^C
>>>> --- 10.1.1.2 ping statistics ---
>>>> 3 packets transmitted, 0 packets received, 100.0% packet loss
>>>> [root@hostname /home/girgen]# jexec bar route -n get  10.1.1.2
>>>>      route to: 10.1.1.2
>>>> destination: 10.1.1.2
>>>>     interface: lo0
>>>>         flags:<UP,HOST,DONE,STATIC>
>>>>    recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight   
>>>> expire
>>>>          0         0         0         0     16384         1         0
>>>> [root@hostname /home/girgen]#
>>>>
>>>>
>>>>
>>>> Now why would the jail think that lo0 is the way to go to find
>>>> 10.1.1.2?
>>>
>>> That's because 10.1.1.2 is a local address for jail bar and all local
>>> addresses are reachable via lo0. Keep in mind that this is the vnet's
>>> lo0 and has nothing to do with the host's lo0. Just "up" your vnet's lo0
>>> interface and everything will be ok. The lo0 loopback interface is
>>> prerequisite for networking.
>>>
>>> HTH, Nikos
>>
>> Ah, OK, thanks. I had not grasped that.
>>
>> But it does not work?
>>
>> [root@hostname /home/girgen]# jexec bar ifconfig lo0 localhost up
>> [root@hostname /home/girgen]# jexec bar ifconfig -a
>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>  metric 0 mtu 16384
>>     options=3<RXCSUM,TXCSUM>
>>     inet6 ::1 prefixlen 128
>>     inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
>>     inet 127.0.0.1 netmask 0xff000000
>>     nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>> epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>  metric 0 mtu
>> 1500
>>     options=8<VLAN_MTU>
>>     ether 02:f9:05:00:0b:0b
>>     inet6 fe80::f9:5ff:fe00:b0b%epair0b prefixlen 64 scopeid 0x2
>>     inet 10.1.1.2 netmask 0xffffff00 broadcast 10.1.1.255
>>     nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>     media: Ethernet 10Gbase-T (10Gbase-T<full-duplex>)
>>     status: active
>> [root@hostname /home/girgen]# jexec bar ping 10.1.1.2
>> PING 10.1.1.2 (10.1.1.2): 56 data bytes
>> ^C
>> --- 10.1.1.2 ping statistics ---
>> 3 packets transmitted, 0 packets received, 100.0% packet loss
>> [root@hostname /home/girgen]# jexec bar ping localhost
>> PING localhost (127.0.0.1): 56 data bytes
>> 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.045 ms
>> 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.030 ms
>> ^C
>> --- localhost ping statistics ---
>> 2 packets transmitted, 2 packets received, 0.0% packet loss
>> round-trip min/avg/max/stddev = 0.030/0.037/0.045/0.007 ms
>> [root@hostname /home/girgen]#
> 
> Yes, that's somehow normal. You have to "up" lo0 before any
> other interface initialization take place. Otherwise the
> routes to self do not work properly. So, in vnet bar do:
> ifconfig epair0b 10.1.1.200
> ifconfig epair0b 10.1.1.2
> 
> and things will hopefully work.
> 
> Nikos


Ah, lovely. Thanks a lot!

Cheers,
Palle