From owner-freebsd-virtualization@FreeBSD.ORG  Fri Dec 11 08:31:12 2009
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C39871065676
	for <freebsd-virtualization@freebsd.org>;
	Fri, 11 Dec 2009 08:31:12 +0000 (UTC)
	(envelope-from reinhard.haller@interactive-net.de)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8])
	by mx1.freebsd.org (Postfix) with ESMTP id 357988FC15
	for <freebsd-virtualization@freebsd.org>;
	Fri, 11 Dec 2009 08:31:11 +0000 (UTC)
Received: from interactive.dnsalias.net
	(ppp-93-104-66-1.dynamic.mnet-online.de [93.104.66.1])
	by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis)
	id 0Lmws0-1O04xT34Zg-00hfhE; Fri, 11 Dec 2009 09:31:09 +0100
Received: from scalix.interactive.de ([fd08:e8a3:4825:0:20c:29ff:feaa:3622])
	by interactive.dnsalias.net with esmtp (Exim 4.71 (FreeBSD))
	(envelope-from <reinhard.haller@interactive-net.de>)
	id 1NJ0u2-000Mps-VU; Fri, 11 Dec 2009 09:31:06 +0100
Received: from scalix.interactive.de (localhost.localdomain [127.0.0.1])
	by scalix.interactive.de (8.13.8/8.13.8) with ESMTP id nBB8V6vf015705; 
	Fri, 11 Dec 2009 09:31:06 +0100
Received: from [127.0.0.1] (Core2Duo.interactive.de [192.168.0.196])
	by scalix.interactive.de (Scalix SMTP Relay 11.4.5.13150)
	via ESMTP; Fri, 11 Dec 2009 09:31:06 +0100 (CET)
Date: Fri, 11 Dec 2009 09:31:02 +0100
From: Reinhard Haller <reinhard.haller@interactive-net.de>
To: Julian Elischer <julian@elischer.org>
Message-ID: <4B220346.1090204@interactive-net.de>
In-Reply-To: <4B2136D8.9000404@elischer.org>
References: <4B1FE20D.9000009@interactive-net.de>
References: <4B20B92E.2070105@interactive-net.de>
References: <4B213495.4020108@elischer.org>
References: <4B2136D8.9000404@elischer.org>
x-scalix-Hops: 1
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Disposition: inline
X-ACL-rcpt: julian@elischer.org
X-ACL-rcpt: bzeeb-lists@lists.zabbadoz.net
X-ACL-rcpt: freebsd-virtualization@freebsd.org
X-ACL-Send: reinhard.haller@interactive-net.de
X-Provags-ID: V01U2FsdGVkX1/uz3LHutUtYPT7fEPzVQKluESbZVgLLQ/3/df
	b7k2cKV0p7DCpcfu2ALIm4WH0V7E9ledBi990COqJdW0/sMRS+
	WJqbUMz/sUB0qQqdx2QtcFnBbFX5ZTdRA5Fru5h9Iw4q2kpKVi axg==
Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>,
	FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org>
Subject: Re: create a vnet jail in rc.conf
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
	<freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2009 08:31:12 -0000

Julian Elischer schrieb:
> Julian Elischer wrote:
>> Reinhard Haller wrote:
>>> I tried it with the following, but suffered intermittent routing
>>> problems (route6d died and cannot be restarted):
>>>
>>>    jail -c vnet name=d1 host.hostname=dns1.intern.de path=/jails/dns1
>>> persist
>>>    jail -c vnet name=d2 host.hostname=dns2.intern.de path=/jails/dns2
>>> persist
>>>    ifconfig bridge0 create
>>>    ifconfig epair create
>>>    ifconfig epair create
>>>    ifconfig bridge0 addm epair0a addm epair1a up
>>>    ifconfig epair0a inet6 fd08:e8a3:4825:10::1
>>>    ifconfig epair0b vnet 1
>>>    ifconfig epair1b vnet 2
>>>    jexec 1 csh
>>>    ifconfig epair0b inet6 fd08:e8a3:4825:10::10
>>>    route -n add -inet6 default fd08:e8a3:4825:10::1
>>>    exit
>>>    jexec 2 csh
>>>    ifconfig epair1b inet6 fd08:e8a3:4825:10::11
>>>    route -n add -inet6 default fd08:e8a3:4825:10::1
>>>    exit
>>>
>>> Is this the way to get a stable vnet system?
>>
>> using epair and bridge is probably suboptimal.
>>
>> try using:
>> 1: three epair sets to make a mesh (usable with smal nunbers fo jails)

Do you mean 2 ip-addresses per jail and another 2 for the host?

>> 2: using netgraph to make a bridge..

bridge + epair are cloneable interfaces, they are created before pf
starts. The netgraph stuff is problematic when using interfaces in pf.conf.