Point-to-point connection between jails?

Darren Reed darrenr at freebsd.org
Tue May 29 07:50:55 UTC 2012 

On 29/05/2012 9:56 AM, Julian Elischer wrote:
> On 5/28/12 7:14 AM, Darren Reed wrote:
>> On 28/05/2012 11:45 PM, Nikos Vassiliadis wrote:
>>> On 5/28/2012 1:37 PM, Darren Reed wrote:
>>>> I've looked through the list of network interfaces that are
>>>> supported with FreeBSD and none seem to meet my needs. What
>>>> I want is a network interface that I can configure up in
>>>> jail A with address 10.1.1.1 and for which I can configure
>>>> a mate in jail B with the address 10.2.2.2 and use the
>>>> network interface as the means by which two jails can
>>>> directly communicate with each other without the need to
>>>> send any packets out of the machine. Or another way to do
>>>> this would be to have a virtual network (something like the
>>>> "internal network" that VirtualBox has or the host only
>>>> network supported by VMWware Workstation) defined somewhere
>>>> and for there to be a specific driver that could be
>>>> configured and attached to a jail and that virtual network
>>>> so that you could have N:M communication between jails.
>>>>
>>>> Is what I'm looking for already present and google is failing
>>>> me or is the above functionality the basis for future work,
>>>> be it planned or otherwise?
>>> It seems like a loopback interface does this.
>>>
>>> root at raidmadi:/home/nik # jls
>>>     JID  IP Address      Hostname                      Path
>>>       3  10.2.3.4                                      /
>>>       4  10.7.3.4                                      /
>>> root at raidmadi:/home/nik # ifconfig lo1
>>> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>  metric 0 mtu 16384
>>>          options=3<RXCSUM,TXCSUM>
>>>          inet 10.2.3.4 netmask 0xff000000
>>>          inet 10.7.3.4 netmask 0xff000000
>>> root at raidmadi:/home/nik #
>>>
>>> Maybe you want 'real' isolation? like with epair and VIMAGE?
>> Yes, I was after real isolation but this might work.
> 
> what you want is epair  which is a pseudo driver pair,
> specifically designed to connect two vimage jails to each other.

Yes, that's it. A good example of using epairs can be found here:
http://zewaren.net/site/?q=node/71
Something like this should be documented better on freebsd.org.

Darren

More information about the freebsd-net mailing list