A little followup on this, in an attempt to virtualize my FreeBSD router/firewall, it almost works with https://gist.github.com/silenius/5f556a036330f1595e2e6fcdd5e5e18e
The only thing the doesn't work is the vhid (CARP) on the epairxb interface: as long as the jail is running it works, if I'm stopping the jail the other side switch from BACKUP to MASTER, which is OK, but when I'm starting the jail again afterwards the epairxb never goes to MASTER mode, (it stays in BACKUP mode) although it should... any idea? is CARP supposed to work with epair interfaces? Thanks, Julien On Thu, Oct 22, 2020 at 01:18:08PM +0200, Julien Cigar wrote: > Hello, > > I've a lagg0 interface with three ports: igb0,igb1,igb2 (with LACP). On > top of that I've several VLAN interfaces: vlan10, vlan11, vlan12 with > vlandev lagg0. All those vlans have ip addresses and one of them shares > also a vhid (through CARP). > Translated in ifconfig/rc.conf it gives (1) > > Currently I've several jails, all non-VNET, and I'd like to add a bunch > of VNET jails through epair and bridge. I'm wondering how should it be > done regarding the VLAN/LAGG interface(s).. (given that non-VNET jails > should continue to work too)? > > Some things I wonder: > - If I'm adding a vlan interface to a bridge, I guess the IP addresses > should be moved to the bridge, right? How will behave the non-VNET > jails..? How will behave the vhid on the HOST? Should I add a tap > interface in the HOST on top of the bridge too? > > - From what I can read the best is to create one bridge per vlan, adding > the corresponding HOST vlan and the epairxa, is this correct? > > Thanks, > Julien > > (1) > https://gist.githubusercontent.com/silenius/6066696fe78c95177548319f125d9c44/raw/0319e4d1cad33201ea66e2258a74f8349116fbc9/gistfile1.txt > > -- > Julien Cigar > Belgian Biodiversity Platform (http://www.biodiversity.be) > PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 > No trees were killed in the creation of this message. > However, many electrons were terribly inconvenienced. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. _______________________________________________ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
