Date: Sat, 12 Feb 2000 00:33:00 -0500 (EST) From: David Gilbert <dgilbert@velocet.ca> To: Gregory Sutter <gsutter@daemonnews.org> Cc: Archie Cobbs <archie@whistle.com>, dgilbert@velocet.ca, Freebsd-net@freebsd.org Subject: Re: VLAN on ethernet nodes? Message-ID: <14500.61580.441181.119033@trooper.velocet.net> In-Reply-To: <20000211134205.A13236@azazel.zer0.org> References: <20000211112034.A4306@azazel.zer0.org> <200002112122.NAA73362@bubba.whistle.com> <20000211134205.A13236@azazel.zer0.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Gregory" == Gregory Sutter <gsutter@daemonnews.org> writes: Gregory> Is there anything that netgraph _can't_ do? Swedish massage, Gregory> perhaps? When I first read about netgraph, it took awhile to sink in. It certainly solved the problem at hand --- all sorts of different serial protocols and encapsulations being wrapped and unwrapped --- it was a good BSD solution and I liked it. As I started to work on my own netgraph node (out of sheer necesity), I suddenly began to realize the thinly disguised power available in netgraph... I mentioned to Archie that with a ng_route node and a few bits of goo (largly vlan hooks on ethernet nodes, etc.) that the entire netgraph system could give FreeBSD "VRouter" capability --- something that none of the other UN*X's have... and something that you'd pay Cisco a lot of money for. I was idly rolling all these thoughts over in my mind ... and the fact that the standard networking in the kernel _could_ be replaced with this framework (the vrouter concept easily extends to vfirewall, too!), and I happened upon the idea of an ng_local node --- a node that represents the view that the "local" host should see in terms of packets (gone would be the assumption that you'd see anything on any interface by default). It was then that I realized that a _particular_ ng_local node could be bound to a _particular_ instance of jail(8) --- which would fundamentally solve (in an almost perfect manner) the quandry that each jail(8) only has one IP address. By binding each jail(8) to an ng_local, not only could your ng_local have multiple IP addresses (although it's world view is further controlled by how it is connected into the graph), but your jail(8) could interact with non-IP protocols as dictated by the connections of the graph. (See if that idea doesn't just knock you over, eh?) Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14500.61580.441181.119033>