From owner-freebsd-virtualization@FreeBSD.ORG Mon Jun 11 21:37:32 2012 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73BDC106564A for ; Mon, 11 Jun 2012 21:37:32 +0000 (UTC) (envelope-from girgen@FreeBSD.org) Received: from melon.pingpong.net (melon.pingpong.net [79.136.116.200]) by mx1.freebsd.org (Postfix) with ESMTP id 2EA018FC19 for ; Mon, 11 Jun 2012 21:37:32 +0000 (UTC) Received: from girgBook.local (c-fb57e155.1521-1-64736c12.cust.bredbandsbolaget.se [85.225.87.251]) by melon.pingpong.net (Postfix) with ESMTPA id 92A98249A6 for ; Mon, 11 Jun 2012 23:37:30 +0200 (CEST) Message-ID: <4FD66519.8030503@FreeBSD.org> Date: Mon, 11 Jun 2012 23:37:29 +0200 From: Palle Girgensohn User-Agent: Postbox 3.0.3 (Macintosh/20120304) MIME-Version: 1.0 To: freebsd-virtualization@FreeBSD.org X-Enigmail-Version: 1.2.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Subject: VIMAGE, epair/if_bridge or netgraph? X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2012 21:37:32 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm updating some jail servers, and want to use VIMAGE. Compiled it into the kernel, learned the hard way not to even include PF in the same kernel [1], so now it works quite well. I am setting up many similar jails, some for testing, some for production. The applications are web servers, som tomcat+apache's, and some other standard type of services like email and ldap, simple stuff. I need no fancy network control, I just need it to work. For each jail there are two interfaces, one public, connected to a software bridge (if_bridge or ng_bridge) acting as a switch, and one internal, for maintenance, connected to a different software bridge. To each software bridge, I connect a physical external interface from the jail host. I am trying to decide whether to use epair and if_bridge, or to use netgraph. For netgraph, there is a nice package at DruidBSD [3]. When I found that, I had already rewritten the standard jail script, using the v2 patches from polymorf [4]. They work equally fine for my purpose. So now I need to know which scales best, is there a difference in performance or stability between netgraph and epair/if_bridge? Cheers, Palle [1] http://forums.freebsd.org/showthread.php?t=31765 [2] http://forums.freebsd.org/showthread.php?t=31949 [3] http://druidbsd.sourceforge.net/vimage.shtml [4] http://wiki.polymorf.fr/index.php?title=Howto:FreeBSD_jail_vnet -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP1mUZAAoJEIhV+7FrxBJD8ycH/RtOx/++XQUn9xylf73McA/z Y2hBeYDhhdl/aJGi1rrwpq17RTS818yUpV1nuAf1fS8+jPxo30qwmYncAok69v6K h2YVKKx/xF+kczdkl4I9ySh7GfLGYdNcNofwSlY038BZegMMR+FdAVAbYh7QT33d jHOU2xBZoPGqS1bkfrt2vpM9eb9+889jUPfORsJlD0ZfkYQkt41CXo22GYiBNulV t8m64B999ullh+Z+I9dAoT7di9IoaRJKtrsyXeCMwiybMi2Ce9G91mniEL/LBmps jm+NouPkovp6N0/oPFrJM/C3ntvxDqfWTtKwp79LdBY7648IFkP8VVIcfd6PdUU= =aw34 -----END PGP SIGNATURE-----