natd in a jail
Morgan Reed
morgan.s.reed at gmail.com
Thu Nov 22 11:42:57 UTC 2012
On Thu, Nov 22, 2012 at 10:32 PM, Teske, Devin
<Devin.Teske at fisglobal.com> wrote:
> I have created a boot script for managing vimages (downloadable as a FreeBSD package) and made a little write-up on how to use it...
> http://druidbsd.sf.net/vimage.shtml
As noted elsewhere, these are VIMAGE jails, but I'm managing them
manually with a spaghetti script at the moment (just proof-of-concept
at this point), I'll have a look at the script, might make my life
easier.
> Note that I use netgraph for bridging (not if_bridge+epair method which seems to be popular in some other setups -- we've benchmarked netgraph and it scales well). Not to mention that "ngctl dot | dot -Tsvg -o network.svg" can produce nice pretty graphs of your vimage structure when using my setup.
Hmmm, I've not done anything with netgraph before, I'll have a look
into it, if it is an issue of the appropriate interfaces not being
exposed to natd from the epair/bridge setup that might be an alternate
solution, not hugely concerned about scale, it'll pretty much only be
my traffic that gets routed this way, but I am interested in making it
as efficient as possible (no sense adding additional latency
unnecessarily when one already has the tunnel latency to deal with).
Thanks,
Morgan
More information about the freebsd-stable
mailing list