create a vnet jail in rc.conf

Julian Elischer julian at
Thu Dec 10 17:49:02 UTC 2009

Reinhard Haller wrote:
> Bjoern A. Zeeb schrieb:
>> On Wed, 9 Dec 2009, Reinhard Haller wrote:
>> Hi,
>>> I'm searching for a way to create vnet jails in rc.conf. I tried it with
>>> jail_flags (-c vnet) with no success.
>>> The documentation is not very helpful, I'm missing the way to create the
>>> vnet jail and I suspect the specification of an ipv6 address to the
>>> epair in the jail is not working.
>>> Any suggestions?
>> vnets are not yet supported by the legacy jail management framework
>> and will not.
>> The plan is to have something different for when vimages are no longer
>> "experimental" (tech preview, ... call it what you like to and what
>> sounds good;).  Ideally for 8.2 but that's just a wild handwaving.
> Wasting another year?
>> I have some uncommented old notes lying around here:
>> The current ones are actually a lot more complex and no longer good
>> examples.  Rather than using "persist" you can still give a command to
>> start a jail starting all the rc framework etc. in it.
>> /bz
> I tried it with the following, but suffered intermittent routing
> problems (route6d died and cannot be restarted):
>    jail -c vnet name=d1 path=/jails/dns1
> persist
>    jail -c vnet name=d2 path=/jails/dns2
> persist
>    ifconfig bridge0 create
>    ifconfig epair create
>    ifconfig epair create
>    ifconfig bridge0 addm epair0a addm epair1a up
>    ifconfig epair0a inet6 fd08:e8a3:4825:10::1
>    ifconfig epair0b vnet 1
>    ifconfig epair1b vnet 2
>    jexec 1 csh
>    ifconfig epair0b inet6 fd08:e8a3:4825:10::10
>    route -n add -inet6 default fd08:e8a3:4825:10::1
>    exit
>    jexec 2 csh
>    ifconfig epair1b inet6 fd08:e8a3:4825:10::11
>    route -n add -inet6 default fd08:e8a3:4825:10::1
>    exit
> Is this the way to get a stable vnet system?

using epair and bridge is probably suboptimal.

try using:
1: three epair sets to make a mesh (usable with smal nunbers fo jails)
2: using netgraph to make a bridge..

I'm doing thsii from memory so you may need to tweak it:

ngctl mkpeer em0: bridge  lower link0
ngctl name em0:lower switch
ngctl connect switch: em0: link1 upper

# and then for each vnet,
ngctl mkpeer switch: eiface link2 ether
ifconfig ngeth0 vnet d1

ngctl mkpeer switch: eiface link3 ether
ifconfig nget1 vnet d2

ngctl mkpeer switch: eiface link4 ether
ifconfig ngeth2 vnet d3

ngctl mkpeer switch: eiface link5 ether
ifconfig ngeth3 vnet d4


you'll need to kldload ng_ether, ng_bridge and ng_eiface
(though I think ngctl may do that for you)

> Thanks
> Reinhard
> _______________________________________________
> freebsd-virtualization at mailing list
> To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe at"

More information about the freebsd-virtualization mailing list