From owner-freebsd-stable@FreeBSD.ORG Thu Nov 22 11:33:01 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4A7984DB for ; Thu, 22 Nov 2012 11:33:01 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id 0AD9B8FC0C for ; Thu, 22 Nov 2012 11:33:00 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.15]) by ltcfislmsgpa06.fnfis.com (8.14.5/8.14.5) with ESMTP id qAMBWxwk029309 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 22 Nov 2012 05:32:59 -0600 Received: from LTCFISWMSGMB21.FNFIS.com ([10.132.99.23]) by LTCFISWMSGHT04.FNFIS.com ([10.132.206.15]) with mapi id 14.02.0309.002; Thu, 22 Nov 2012 05:32:59 -0600 From: "Teske, Devin" To: "" Subject: Re: natd in a jail Thread-Topic: natd in a jail Thread-Index: AQHNyKUfLExO1/4+QEWlWSCJfqtptA== Date: Thu, 22 Nov 2012 11:32:58 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D7201E49842@ltcfiswmsgmb21> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.14.152.61] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8185, 1.0.431, 0.0.0000 definitions=2012-11-22_03:2012-11-22,2012-11-22,1970-01-01 signatures=0 Cc: Morgan Reed , "freebsd-stable@freebsd.org" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2012 11:33:01 -0000 On Nov 22, 2012, at 2:43 AM, wrote: >> I've not used it myself, but this sound like something VIMAGE may be good >> for, basically it's a virtual tcp stack per jail, there's some docs at >> http://wiki.freebsd.org/Image but I seem to remember a more up to date o= ne >> elsewhere but can't find it at the moment! I have created a boot script for managing vimages (downloadable as a FreeBS= D package) and made a little write-up on how to use it... http://druidbsd.sf.net/vimage.shtml Note that I use netgraph for bridging (not if_bridge+epair method which see= ms to be popular in some other setups -- we've benchmarked netgraph and it = scales well). Not to mention that "ngctl dot | dot -Tsvg -o network.svg" ca= n produce nice pretty graphs of your vimage structure when using my setup. > AFAIK, VIMAGE is still experimental feature. Works great, tho, seriously! We're multiplexing hardware 20:1 and could pro= bably push it further (but have conservatively kept things at about 2-3x th= e number of logical CPUs for number-of-vimages (tho, we have benchmarked up= to 65530 nodes on a single bridged network connection before netgraph woul= d refuse to make another (impressive -- but not nearly as impressive as the= ~90 minutes it took ifconfig to list all the interfaces lol?). --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.