Date: Wed, 31 Jan 2007 02:40:43 -0800 From: Jeffrey Williams <jeff@sailorfej.net> To: freebsd-stable@freebsd.org Subject: Re: jails and multple interfaces Message-ID: <45C0722B.3060504@sailorfej.net> In-Reply-To: <200701311119.47888.freebsd-stable@dino.sk> References: <45C06A42.6000001@sailorfej.net> <200701311119.47888.freebsd-stable@dino.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
Milan Obuch wrote: > On Wednesday 31 January 2007 11:06, Jeffrey Williams wrote: >> Hi Folks, >> >> I am trying to set a jail hosting server to support multiple jails for >> development testing. >> >> The server has two network interfaces, I am configuring one for host >> server to use, and the other with several aliased IPs, one for each of >> the jail servers. >> >> All the services running on the host are configured to bind to the host >> IP on the first interface. >> >> The crux is both interfaces on the same network, I am seeing the >> expected arp errors (e.g. kernel: arp: x.x.x.x is on int0 but got reply >> on int1), now I know I set the sysctl variable >> net.link.ether.inet.log_arp_wrong_iface=0 to get rid of these messages, >> but what I want to know if there are any other problems I am going to >> have having both interfaces live on the same network. Also even though >> I have the jail host's services all binding to the first interfaces ip, >> there is not guarantee that network traffic originating from the jail >> host will only use its primary interface/IP, is their anyway to ensure >> that the jail host does not try to talk through the interface being used >> by the jails? >> > > Why are you doing this? Are your addresses from the same network segment? > I am binding my jail addresses to loopback interface and route them - this way > you could easily start take-over jail on another machine and change routing > table (or use dynamic routing) to minimize downtime on hardware upgrades, big > OS upgrades etc. I do not consider this the best way, but it just satisfy my > needs. > Regards, > Milan > I want to segregate the jail and jail host traffic on separate interfaces. How do you route traffic off you loopback interface? by definition, this interface only allows the network stack to talk to itself? By the way from an IP stand point I believe I am ok, I did a netstat -r on the jail host and only the first interface (jail host) is showing in the routing table, the second interface (jails) is not listed. I just want to make sure duplicate arp tables on the separate interfaces is not going to cause in any weird issues. Thanks Jeff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C0722B.3060504>