ng_iface problems with VIMAGE

William Phillips wjphilli at mac.com
Sun Dec 12 02:45:33 UTC 2010 

Hello:

Thanks for the quick reply.

I generally use what you mention below to build the network at layer 2 then move all the interfaces into the various jails.  Everything works fine with ng_hub or ng_bridge and ng_eiface but I decided to try a point-to-point connection which use to work in the vimage days (FreeBSD 4.11) and found that it doesn't work with vnet jails.

Bill Phillips

On 2010-12-11, at 10:31 PM, Julian Elischer wrote:

> On 12/11/10 4:49 PM, William Phillips wrote:
>> Hello:
>> 
>> The following script creates a point-to-point link between jails.
> 
> I will admit that I don't remember ever actually connecting
> two ng_iface nodes directly to each other.
> 
> Having said htat  there the epair(4) driver which is specifically designed to do this.
> and you may have more luck with that.
> Also ng_iface nodes are more usually used with a ng_bridge or similar node.
> 
> for an example look at the two example files in -current (9.x)
> in /share/examples/netgraph
> 
> http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.chain?view=markup
> http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.lan?view=markup
> 
> I should move these to 8 soon I guess.
> 
> 
>> #!/bin/sh
>> 
>> # script to create two vnet jails and connect them via ng_iface interfaces
>> 
>> # create two vnet jails
>> jail -c vnet name=node0 host.hostname=node0 path=/ persist
>> jexec node0 ifconfig lo0 localhost
>> 
>> jail -c vnet name=node1 host.hostname=node1 path=/ persist
>> jexec node1 ifconfig lo0 localhost
>> 
>> # create two ng_ifaces and connect them in netgraph
>> ngctl mkpeer . iface hook inet
>> ngctl mkpeer ng0: iface inet inet
>> 
>> # move the corresponding interfaces into the jails
>> ifconfig ng0 vnet node0
>> ifconfig ng1 vnet node1
>> 
>> # configure the interfaces in the jails
>> jexec node0 ifconfig ng0 192.168.10.1 192.168.10.2
>> jexec node1 ifconfig ng1 192.168.10.2 192.168.10.1
>> 
>> # end of script
>> 
>> When I try to ping node1 from node0 the echo request appears on ng1 according to tcpdump on node1 but node1 does not generate an echo reply.  Here is the output generated on each jail.
>> 
>> [root at gateway /home/phillips]# jexec node0 ping -c1 192.168.10.2
>> PING 192.168.10.2 (192.168.10.2): 56 data bytes
>> 
>> --- 192.168.10.2 ping statistics ---
>> 1 packets transmitted, 0 packets received, 100.0% packet loss
>> 
>> 
>> [root at gateway /home/phillips]# jexec node1 tcpdump -n -i ng1
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on ng1, link-type NULL (BSD loopback), capture size 96 bytes
>> 20:31:38.509494 IP 192.168.10.1>  192.168.10.2: ICMP echo request, id 55300, seq 0, length 64
>> 
>> 
>> This is for FreeBSD8.1 with kernel config GENERIC with the following changes:
>> 
>> #options        SCTP                    # Stream Control Transmission Protocol
>> 
>> options         VIMAGE
>> options         IPFIREWALL              #firewall
>> options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
>> options         MROUTING                # Multicast routing
>> 
>> 
>> Bill Phillips
>> 
>> _______________________________________________
>> freebsd-virtualization at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
>> To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe at freebsd.org"
>> 
>

More information about the freebsd-virtualization mailing list