VIMAGE

[Teske, Devin]

On May 30, 2013, at 3:35 AM, Pietro Paolini wrote:

Hello all,

I am a new bye on the FreeBSD and I am looking at the VIMAGE features experiencing some problems.
I added the options :
VIMAGE
if_bridge

and I removed
STCP

then I recompiled my kernel and install it.

After that, following this tutorial http://imunes.tel.fer.hr/virtnet/eurobsdcon07_tutorial.pdf I tried the "Exercise 2" which consist on
the following commands:

vimage -c n1
vimage -c n2
ngctl mkpeer efface ether ether
ngctl mkpeer efface ether ether

Don't you just love autocorrect? (does the same thing to me… turns "eiface" into "efface")


ngctl mkpeer em0: bridge lower link0

Looks good.


ngctl name em0:lower bridge0

I usually do my "connect" before the "name"… but shouldn't matter. Should work all the same.


ngctl connect em0: bridge0: upper link1

This looks wrong to me.

I'd expect:

ngctl connect em0: bridge0:lower upper link1

# The way I see most people using vimage… it seems like almost always a mistake to not hook the upper (unless you have very good reason to make the base machine inaccessible from the jails and vice-versa).

Some missing points…

# Make sure the bridged-interface is active
ifconfig em0 up

# Set promiscous mode and
# don't override src addr
ngctl msg em0: setpromisc 1
ngctl msg em0: setautosrc 0



ngctl connect ngeth0: bridge0: ether link2
ngctl connect ngeth1: bridge0: ether link3

Let's re-work this.

Earlier you did 2x "mkpeer" to pre-create your eiface nodes. I don't do this, as it later requires a "connect" for each created peer.

What you can do instead is _not_ perform those earlier commands (shown below):

ngctl mkpeer eiface ether ether
ngctl mkpeer eiface ether ether

(followed by the above "connect" statements)

But *instead*, you can actually do a contextual "mkpeer" that connects the nodes as they are created.

For example… instead of this:

ngctl mkpeer eiface ether ether
ngctl mkpeer eiface ether ether
ngctl connect ngeth0: bridge0: ether link2
ngctl connect ngeth0: bridge0: ether link3

(which doesn't look right to me, because I'm used to creating an ether edge between bridge:lower and the eiface)

You can instead do:

ngctl mkpeer em0:lower eiface link2 ether
ngctl mkpeer em0:lower eiface link3 ether

This simplifies 4 statements into 2.

NOTE: I can't remember if "em0:lower" can be replaced with the new name of "bridge0" (that you created with "ngctl name em0:lower bridge0"). My scripts continue to use the raw name in the mkpeer statements even after a rename of the lower-link. You *may* be able to instead say "ngctl mkpeer bridge0: eiface link2 ether" etc.)




vimage -i n1 ngeth0 e0

But my virtual interface on the n1 vimage does not receive any packet from the external network while I can see the packet go out from it.


Try hooking changing your PHY->bridge hook to the lower and hooking your PHY upper into the bridge.



For instance using DHCP, e0 on n1 sends DHCP packets but it does not receive the answers (which are send, I verified it from wireshark), in adding
the ARP request for his IP address (if I try to add it statically) are not received then it can not answer.

At the end of the line the question is: how can I make this "virtual network" and the external real network be able to communicate ?

Thanks in advance.

Wondering if you've given my solution a try…

http://druidbsd.sf.net/vimage.shtml
--
Devin

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.