Point-to-point connection between jails?

Julian Elischer julian at freebsd.org
Tue May 29 16:20:18 UTC 2012 

On 5/29/12 12:52 AM, Darren Reed wrote:
> On 29/05/2012 9:56 AM, Julian Elischer wrote:
>> On 5/28/12 7:14 AM, Darren Reed wrote:
>>> On 28/05/2012 11:45 PM, Nikos Vassiliadis wrote:
>>>> On 5/28/2012 1:37 PM, Darren Reed wrote:
>>>>> I've looked through the list of network interfaces that are
>>>>> supported with FreeBSD and none seem to meet my needs. What
>>>>> I want is a network interface that I can configure up in
>>>>> jail A with address 10.1.1.1 and for which I can configure
>>>>> a mate in jail B with the address 10.2.2.2 and use the
>>>>> network interface as the means by which two jails can
>>>>> directly communicate with each other without the need to
>>>>> send any packets out of the machine. Or another way to do
>>>>> this would be to have a virtual network (something like the
>>>>> "internal network" that VirtualBox has or the host only
>>>>> network supported by VMWware Workstation) defined somewhere
>>>>> and for there to be a specific driver that could be
>>>>> configured and attached to a jail and that virtual network
>>>>> so that you could have N:M communication between jails.
>>>>>
>>>>> Is what I'm looking for already present and google is failing
>>>>> me or is the above functionality the basis for future work,
>>>>> be it planned or otherwise?
>>>> It seems like a loopback interface does this.
>>>>
>>>> root at raidmadi:/home/nik # jls
>>>>      JID  IP Address      Hostname                      Path
>>>>        3  10.2.3.4                                      /
>>>>        4  10.7.3.4                                      /
>>>> root at raidmadi:/home/nik # ifconfig lo1
>>>> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>   metric 0 mtu 16384
>>>>           options=3<RXCSUM,TXCSUM>
>>>>           inet 10.2.3.4 netmask 0xff000000
>>>>           inet 10.7.3.4 netmask 0xff000000
>>>> root at raidmadi:/home/nik #
>>>>
>>>> Maybe you want 'real' isolation? like with epair and VIMAGE?
>>> Yes, I was after real isolation but this might work.
>> what you want is epair  which is a pseudo driver pair,
>> specifically designed to connect two vimage jails to each other.
> Yes, that's it. A good example of using epairs can be found here:
> http://zewaren.net/site/?q=node/71
though you don't need the bridge part if you don't want your jail 
bridged through to the internet.
You can also achieve the same thing using netgraph.

> Something like this should be documented better on freebsd.org.
>
> Darren
>
>

More information about the freebsd-net mailing list