From owner-freebsd-questions@FreeBSD.ORG Sun Feb 10 13:56:10 2013 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 327AD1CF for ; Sun, 10 Feb 2013 13:56:10 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id CEFAAE61 for ; Sun, 10 Feb 2013 13:56:09 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.31]) by ltcfislmsgpa01.fnfis.com (8.14.5/8.14.5) with ESMTP id r1ADu7mP031909 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sun, 10 Feb 2013 07:56:08 -0600 Received: from LTCFISWMSGMB21.FNFIS.com ([10.132.99.23]) by LTCFISWMSGHT03.FNFIS.com ([10.132.206.31]) with mapi id 14.02.0309.002; Sun, 10 Feb 2013 07:56:07 -0600 From: "Teske, Devin" To: Nikos Vassiliadis Subject: RE: vnet without epair Thread-Topic: vnet without epair Thread-Index: AQHOBt464Fa8DUsL5kqOlKb89O3Sd5hyJMWAgAAqfgD//8hg54ABPouA//+wx9GAAHqXAP//m/lB Date: Sun, 10 Feb 2013 13:56:06 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D7201EA6C2D@ltcfiswmsgmb21> References: <511671FA.3050801@a1poweruser.com> <511680AD.1040209@gmx.com>, <5116A452.6030104@a1poweruser.com> <13CA24D6AB415D428143D44749F57D7201EA6A3F@ltcfiswmsgmb21>, <511780DF.6010600@gmx.com> <13CA24D6AB415D428143D44749F57D7201EA6BAB@ltcfiswmsgmb21>, <5117A540.1060702@gmx.com> In-Reply-To: <5117A540.1060702@gmx.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.120] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2013-02-10_04:2013-02-08,2013-02-10,1970-01-01 signatures=0 Cc: Fbsd8 , FreeBSD questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Feb 2013 13:56:10 -0000 On Sun, 10 Feb 2013, Nikos Vassiliadis wrote: > On 2/10/2013 2:54 PM, Teske, Devin wrote: > > It's not in ports only because I first wanted to see where jail.conf wo= uld take us w/respect to vimages. >=20 > I see. >=20 > > However, this package not being in ports shouldn't prevented you from t= rying it -- it's extremely stable and as I mentioned, we've been using it h= eavily at $work for over 12 months now. When you download the package (*.tg= z) and pkg_add it, it installs the following two files only: > > > > /etc/rc.d/vimage > > /etc/rc.conf.d/vimage > > > > NOTE: The rc.conf.d file is the "documentation" on usage > > > > If you haven't tried it, then I hope you will because I think the new j= ail.conf stuff falls short. Don't get me wrong, jail.conf is a great start,= but simply adding the ability to manage the vnet aspect of a jail does not= make a vimage (what's missing is the built-in support for generating bridg= es as vimages are brought up/down dynamically). > > > > I feel that before I add this to ports I need to reprogram it to use ja= il.conf (not directly). That will simplify its code and [should] make it sm= aller. I was somewhat waiting on /etc/rc.d/jail to blaze the trail for me. > > > > In short, the landscape has been changing fast enough that it's prevent= ed me from adding this to ports, but in spite of that it's still very much = real _and_ real stable. > > >=20 > Yes, of course. >=20 > I will try it and report back to you my findings. >=20 > What I - nikos - really need from a script like yours is the ability > to generate arbitrarily complex topologies with interconnected vnet > jails. Something like: > a----b----c---d > | > | > h----e----f---g > | > | > i >=20 > Like a cut-down version of imunes[1] without the need of a graphical > user interface. >=20 Excellent! This is precisely what I was after when I wrote the vimage packa= ge and its contents. I'm familiar with IMUNES and netgraph fits the bill we= ll (especially with "ngctl dot" being useful in providing visual confirmati= on when you've achieved the desired network layout -- when "ngctl dot | dot= -Tsvg -o netgraph.svg" starts to look like your IMUNES graph, then you kno= w you're making progress toward having the right configuration). --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.