vnet jails on VLAN subinterfaces
JÁKÓ András
jako.andras at eik.bme.hu
Fri Jun 5 10:07:07 UTC 2020
> > I'd like to use 802.1Q tagged VLANs on an Ethernet interface, one VLAN
> > per jail. I assigned VLAN subinterfaces to the jail's network stacks:
> >
> > em0 - em0.99 (host)
> > em0 - em0.100 (jail0)
> > em0 - em0.101 (jail1)
> >
> > Here em0 and em0.99 belong to the base system while em0.10[01] belong to
> > the jails' network stacks.
> >
> > This works perfectly so far. But I didn't see this setup mentioned
> > anywhere, that's why I'm curious whether this a "valid" setup, do I use
> > vnet correctly? Or does it only work by accident?
> >
>
> In your case it's OK, but as VLAN ids are unique per interface you need
> x different physical interfaces if x jails (VNET) need to be in the same
> VLAN (and use the same interface).
Thanks! I only need one jail per VLAN right now, but I understand that
this simple setup does not work with more jails in the same VLAN.
> Best option is to use SR-IOV (if your interface support it) to have
> multiple virtual NIC, or use bridge + epair (which has an huge
> performance impact due to locking issue in if_bridge, although this is
> fixed in -CURRENT by @kp)
I didn't know about SR-IOV but it's very promising.
András
More information about the freebsd-jail
mailing list