From owner-freebsd-jail@freebsd.org Thu Jun 4 11:38:37 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E6FE1336050 for ; Thu, 4 Jun 2020 11:38:37 +0000 (UTC) (envelope-from goya@eik.bme.hu) Received: from zero.eik.bme.hu (zero.eik.bme.hu [IPv6:2001:738:2001:2001::2001]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49d3gw4B9Xz4Vnh for ; Thu, 4 Jun 2020 11:38:36 +0000 (UTC) (envelope-from goya@eik.bme.hu) Received: from zero.eik.bme.hu (blah.eik.bme.hu [152.66.115.182]) by localhost (Postfix) with SMTP id D47FB746335 for ; Thu, 4 Jun 2020 13:38:32 +0200 (CEST) Received: by zero.eik.bme.hu (Postfix, from userid 884) id B6F8874632C; Thu, 4 Jun 2020 13:38:32 +0200 (CEST) Date: Thu, 4 Jun 2020 13:38:32 +0200 From: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= To: freebsd-jail@freebsd.org Subject: vnet jails on VLAN subinterfaces Message-ID: <20200604113832.GD76013@eik.bme.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Organization: Budapest University of Technology and Economics (BME) X-Spam-Checker-Version: Sophos PMX: 6.4.8.2820816, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.6.4.113018, AntiVirus-Engine: 5.74.0, AntiVirus-Data: 2020.6.4.5740001 X-Spam-Flag: NO X-Spam-Probability: 8% X-Spam-Level: X-Spam-Status: No, score=8% required=50% X-Rspamd-Queue-Id: 49d3gw4B9Xz4Vnh X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of goya@eik.bme.hu designates 2001:738:2001:2001::2001 as permitted sender) smtp.mailfrom=goya@eik.bme.hu X-Spamd-Result: default: False [0.26 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a:nic.bme.hu]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; DMARC_NA(0.00)[bme.hu]; NEURAL_HAM_LONG(-0.71)[-0.709]; NEURAL_HAM_SHORT(-0.41)[-0.408]; RCVD_IN_DNSWL_NONE(0.00)[2001:738:2001:2001::2001:from]; NEURAL_HAM_MEDIUM(-0.77)[-0.767]; FORGED_SENDER(0.30)[jako.andras@eik.bme.hu,goya@eik.bme.hu]; R_DKIM_NA(0.00)[]; R_MIXED_CHARSET(2.14)[subject]; ASN(0.00)[asn:1955, ipnet:2001:738::/32, country:HU]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[jako.andras@eik.bme.hu,goya@eik.bme.hu]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2020 11:38:38 -0000 Hello everyone, I've already asked this on forums.freebsd.org, but didn't get an answer yet. I hope someone can answer it here. I'd like to use 802.1Q tagged VLANs on an Ethernet interface, one VLAN per jail. I assigned VLAN subinterfaces to the jail's network stacks: em0 - em0.99 (host) em0 - em0.100 (jail0) em0 - em0.101 (jail1) Here em0 and em0.99 belong to the base system while em0.10[01] belong to the jails' network stacks. This works perfectly so far. But I didn't see this setup mentioned anywhere, that's why I'm curious whether this a "valid" setup, do I use vnet correctly? Or does it only work by accident? I found vnet jail examples using one epair per jail, which is connected to the physical interface by a bridge. With tagged 802.1Q VLANs this could look something like the following: em0 - em0.99 (host) em0 - em0.100 - bridge0 - epair0a - epair0b (jail0) em0 - em0.101 - bridge1 - epair1a - epair1b (jail1) Here epair[01]b belong to the jails' network stacks, and all other interfaces to the base system. This works too, but is more complicated than the one without bridges and epairs. AndrĂ¡s