From owner-freebsd-net Fri Feb 11 21:33:13 2000 Delivered-To: freebsd-net@freebsd.org Received: from sabre.velocet.net (sabre.velocet.net [198.96.118.66]) by builder.freebsd.org (Postfix) with ESMTP id 57C6D3F85 for ; Fri, 11 Feb 2000 21:33:09 -0800 (PST) Received: from trooper.velocet.net (trooper.velocet.net [216.126.82.226]) by sabre.velocet.net (Postfix) with ESMTP id 659A1137FB9; Sat, 12 Feb 2000 00:33:01 -0500 (EST) Received: (from dgilbert@localhost) by trooper.velocet.net (8.9.3/8.9.3) id AAA62940; Sat, 12 Feb 2000 00:33:00 -0500 (EST) (envelope-from dgilbert) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14500.61580.441181.119033@trooper.velocet.net> Date: Sat, 12 Feb 2000 00:33:00 -0500 (EST) To: Gregory Sutter Cc: Archie Cobbs , dgilbert@velocet.ca, Freebsd-net@freebsd.org Subject: Re: VLAN on ethernet nodes? In-Reply-To: <20000211134205.A13236@azazel.zer0.org> References: <20000211112034.A4306@azazel.zer0.org> <200002112122.NAA73362@bubba.whistle.com> <20000211134205.A13236@azazel.zer0.org> X-Mailer: VM 6.75 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Gregory" == Gregory Sutter writes: Gregory> Is there anything that netgraph _can't_ do? Swedish massage, Gregory> perhaps? When I first read about netgraph, it took awhile to sink in. It certainly solved the problem at hand --- all sorts of different serial protocols and encapsulations being wrapped and unwrapped --- it was a good BSD solution and I liked it. As I started to work on my own netgraph node (out of sheer necesity), I suddenly began to realize the thinly disguised power available in netgraph... I mentioned to Archie that with a ng_route node and a few bits of goo (largly vlan hooks on ethernet nodes, etc.) that the entire netgraph system could give FreeBSD "VRouter" capability --- something that none of the other UN*X's have... and something that you'd pay Cisco a lot of money for. I was idly rolling all these thoughts over in my mind ... and the fact that the standard networking in the kernel _could_ be replaced with this framework (the vrouter concept easily extends to vfirewall, too!), and I happened upon the idea of an ng_local node --- a node that represents the view that the "local" host should see in terms of packets (gone would be the assumption that you'd see anything on any interface by default). It was then that I realized that a _particular_ ng_local node could be bound to a _particular_ instance of jail(8) --- which would fundamentally solve (in an almost perfect manner) the quandry that each jail(8) only has one IP address. By binding each jail(8) to an ng_local, not only could your ng_local have multiple IP addresses (although it's world view is further controlled by how it is connected into the graph), but your jail(8) could interact with non-IP protocols as dictated by the connections of the graph. (See if that idea doesn't just knock you over, eh?) Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message