Date: Sat, 12 Mar 2022 21:00:13 +0100 From: Michael Gmelin <grembo@freebsd.org> To: Johan Hendriks <joh.hendriks@gmail.com> Cc: Kristof Provost <kp@freebsd.org>, Michael Gmelin <grembo@freebsd.org>, freebsd-net@freebsd.org, "Patrick M. Hausen" <hausen@punkt.de> Subject: Re: epair and vnet jail loose connection. Message-ID: <20220312210013.5cc573e8.grembo@freebsd.org> In-Reply-To: <CAOaKuAXrVONqZ1zHYJxLVo_=LF7GNGjUAmz0zoNoO3o=sq58bQ@mail.gmail.com> References: <41ED1534-5E98-4D46-A562-811E80F82C5F@FreeBSD.org> <43AA6B37-6235-4787-A03F-B4C264C75A58@freebsd.org> <B3094CE7-4869-4CF2-853D-F70E84B28914@FreeBSD.org> <CAOaKuAXrVONqZ1zHYJxLVo_=LF7GNGjUAmz0zoNoO3o=sq58bQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Johan,
I created a setup similar to yours - so it's based on your config
files, but I had to tweak a few things to make it work.
Basically this what it looks like:
Host: Bare metal
Runs bhyve, bridge has 10.1.1.1, does NAT to the world
Bhyve VM runs 14-CURRENT (latest snapshot and has).
vtnet0
- 10.1.1.16/24
- 10.1.1.17/32
bridge0:
- ip: 10.233.185.1/24
- members: epair18a, epair20a
jails:
- haproxy.test.nl
ip: 10.233.185.20
haproxy: listens on 443 (alpn h2,http/1.1 tls), backend to
10.233.185.18 port 80
binat: 10.1.1.16
- web01.test.nl
ip: 10.233.185.18
nginx: listens on 80 and serves the static page from your example
binat: 10.1.1.17
Runing hey on this setup from the bare metal host that hosts the bhyve
vm works ok:
# hey -h2 -n 10 -c 10 -z 300s https://10.1.1.16
Summary:
Total: 300.0030 secs
Slowest: 5.0101 secs
Fastest: 0.0013 secs
Average: 0.0039 secs
Requests/sec: 2582.7142
Total data: 110024724 bytes
On Sat, 12 Mar 2022 15:18:38 +0100
Johan Hendriks <joh.hendriks@gmail.com> wrote:
> ....
> mount.devfs;
> sysvshm="new";
> sysvsem="new";
> allow.raw_sockets;
> allow.set_hostname = 0;
> allow.sysvipc;
> enforce_statfs = "2";
> devfs_ruleset = "11";
What is in devfs_ruleset 11? (it's not a standard one), I used "4" in
my tests.
>
> path = "/storage/jails/${name}";
> host.hostname = "${name}.${domain}";
>
>
> web01 {
> $ip = 18;
> }
I changed web01 to be the same setup as haproxy (that is, a full jail
based in /storage/jails/${name}), as I didn't really know how it worked
in your setup.
>
> haproxy {
> $ip = 20;
> mount.fstab = "";
> path = "/storage/jails/${name}";
> }
Best
Michael
--
Michael Gmelin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220312210013.5cc573e8.grembo>