Netgraph question - multiple kernels

remodeler remodeler at
Tue Oct 27 22:46:28 UTC 2009

My understanding is that I can bind multiple machines running netgraph into
one large netgraph, by using something like ng_ksocket nodes bound with a
tunneling device.

By doing this, is the restriction of one ng_ipfw node per netgraph global to
all of the machines (one, and only one, ng_ipfw node)? If the ng_ksocket nodes
are connected to ng_bridges on both of the machines, will only relevant
network traffic cross the link - or all network traffic? Can I configure the
link between the two machines so that I can directly connect a netgraph node
on one machine to a node on the other, or must they communicate by the
bridge-tunnel-tunnel-bridge structure?

Thank you.

