VIMAGE (slightly off topic)
Mark Moellering
mark at msen.com
Thu May 30 13:46:15 UTC 2013
On 5/30/2013 8:29 AM, Joe wrote:
> Pietro Paolini wrote:
>> Hello all,
>>
>> I am a new bye on the FreeBSD and I am looking at the VIMAGE features
>> experiencing some problems.
>> I added the options :
>> VIMAGE
>> if_bridge
>>
>> and I removed
>> STCP
>>
>> then I recompiled my kernel and install it.
>>
>> After that, following this tutorial
>> http://imunes.tel.fer.hr/virtnet/eurobsdcon07_tutorial.pdf I tried
>> the "Exercise 2" which consist on the following commands:
>>
>> vimage -c n1
>> vimage -c n2
>> ngctl mkpeer efface ether ether
>> ngctl mkpeer efface ether ether
>> ngctl mkpeer em0: bridge lower link0
>> ngctl name em0:lower bridge0
>> ngctl connect em0: bridge0: upper link1
>> ngctl connect ngeth0: bridge0: ether link2
>> ngctl connect ngeth1: bridge0: ether link3
>> vimage -i n1 ngeth0 e0
>>
>> But my virtual interface on the n1 vimage does not receive any packet
>> from the external network while I can see the packet go out from it.
>>
>> For instance using DHCP, e0 on n1 sends DHCP packets but it does not
>> receive the answers (which are send, I verified it from wireshark),
>> in adding
>> the ARP request for his IP address (if I try to add it statically)
>> are not received then it can not answer.
>>
>> At the end of the line the question is: how can I make this "virtual
>> network" and the external real network be able to communicate ?
>>
>> Thanks in advance.
>> Pietro.
>>
>>
>
> 1. That link is from 2007. So very much has changed since then.
> There are more current links on the internet about this subject. Most
> are for 8.X releases.
>
> 2. If your running 8.2-RELEASE or 9.1-RELEASE all you need to add is
> "options vimage" statement to your kernel source and recompile.
>
> 3. There are 2 networking methods available for creating vnet/vimage
> jail networks, if_bridge/epair and netgraph. The if_bridge/epair
> method is far simpler to config and use then the netgraph method.
>
> 4. There are 2 methods of jail setup, the rc.d method where your jail
> definition parameters go into the hosts rc.conf and the jail(8) method
> where you can place each jails definition parameter in separate files.
>
> 5. There are two very important show stopper PRs on vimage,
> 164763 memory leak and 149050 the rc.d keyword "nojail" problem.
> Vimage is a very long way from prime time usage, thats why it's
> labeled as highly experimental. Host system freezes and page faults
> are common.
>
> 6. When it comes to running a firewall in a vnet/vimage jail your
> limited to IPFW and it has limitations. Dummynet and in kernel NAT
> cause system freezes. IPFILTER causes page fault at boot time. PF will
> run on the host but not run in the vnet/vimage jail. Here are a bunch
> of PRs on vimage firewall problems, 143621, 176092, 161094, 176992,
> 143808, 148155, 165252, 178480, 178482
>
>
> Check out these links
>
> http://druidbsd.sourceforge.net/vimage.shtml
> http://devinteske.com/vimage-jails-on-freebsd-8
> http://lists.freebsd.org/pipermail/freebsd-virtualization/2011-September/000747.html
>
>
> http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto
> http://zewaren.net/site/?q=node/78
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
I would like to thank Pietro for asking the question and Joe for
answering, as I was looking into vimage myself. This sort of thing
really helps a lot of people who are exploring FreeBSD and new features.
More information about the freebsd-questions
mailing list