Imunes and FreeBSD 8.0 RC2
remodeler
remodeler at alentogroup.org
Sat Nov 7 01:28:01 UTC 2009
Hi,
[sorry for dup to Julian]
> > If you want to use netgraph to build a virtual bridge between a physical
> > ethernet interface and the vnet interface on the jail:
> >
> > # create netgraph bridge, connecting physical interface lower hook
> > ngctl mkpeer msk0: bridge lower link0
> > # give the physical interface hook a convenient name
> > ngctl name msk0:lower bridge0
> > # connect upper hook of physical interface to the bridge
> > ngctl connect msk0: bridge0: upper link1
> > # create a netgraph node for the vnet interface, connected to the bridge
> > ngctl mkpeer bridge0: eiface link2 ether
> > # connect the vnet virutal interface and the netgraph node
> > ifconfig ngeth0 vnet ns
>
> Ironically I haven't played with netgraph on vnet recently but
> haven't you forgotten to put the eiface into the other vimage?
I mis-labelled the last line, using the name "ns" instead of an example name.
This server has two dozen virtual servers attached through netgraph, and has
been subjected to very heavy test-loading for the past two weeks (saturating
the 100 base-T NIC's) on my development LAN. I am very impressed with vimage.
This is a good alternative to xen.
I don't know how most people will do networking on the host for vnet jails,
but netgraph seems to me a natural choice. The jail rc.d scripts are not well
designed for the new applications vimage opens up imo. I'm using a script to
pull configuration info from a db for each virtual server, but there's a lot
of security features in /etc/rc.d/jail that I'd like to migrate into it.
More information about the freebsd-virtualization
mailing list