On Thu, Jun 04, 2020 at 01:38:32PM +0200, JÁKÓ András wrote: > Hello everyone,
Hello, > > I've already asked this on forums.freebsd.org, but didn't get an answer > yet. I hope someone can answer it here. > > I'd like to use 802.1Q tagged VLANs on an Ethernet interface, one VLAN > per jail. I assigned VLAN subinterfaces to the jail's network stacks: > > em0 - em0.99 (host) > em0 - em0.100 (jail0) > em0 - em0.101 (jail1) > > Here em0 and em0.99 belong to the base system while em0.10[01] belong to > the jails' network stacks. > > This works perfectly so far. But I didn't see this setup mentioned > anywhere, that's why I'm curious whether this a "valid" setup, do I use > vnet correctly? Or does it only work by accident? > In your case it's OK, but as VLAN ids are unique per interface you need x different physical interfaces if x jails (VNET) need to be in the same VLAN (and use the same interface). Best option is to use SR-IOV (if your interface support it) to have multiple virtual NIC, or use bridge + epair (which has an huge performance impact due to locking issue in if_bridge, although this is fixed in -CURRENT by @kp) > > I found vnet jail examples using one epair per jail, which is connected > to the physical interface by a bridge. With tagged 802.1Q VLANs this > could look something like the following: > > em0 - em0.99 (host) > em0 - em0.100 - bridge0 - epair0a - epair0b (jail0) > em0 - em0.101 - bridge1 - epair1a - epair1b (jail1) > > Here epair[01]b belong to the jails' network stacks, and all other > interfaces to the base system. This works too, but is more complicated > than the one without bridges and epairs. > > András > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. _______________________________________________ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
