Date: Sat, 29 Mar 2014 11:08:16 -0700 From: <dteske@FreeBSD.org> To: <dteske@FreeBSD.org>, "'Palle Girgensohn'" <girgen@FreeBSD.org> Cc: freebsd-virtualization@FreeBSD.org Subject: RE: VIMAGE, epair/if_bridge or netgraph? Message-ID: <036601cf4b79$dc61d9c0$95258d40$@FreeBSD.org> In-Reply-To: <034a01cf4b78$6de95280$49bbf780$@FreeBSD.org> References: <4FD66519.8030503@FreeBSD.org> <034a01cf4b78$6de95280$49bbf780$@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: dteske@FreeBSD.org [mailto:dteske@FreeBSD.org] > Sent: Saturday, March 29, 2014 10:58 AM > To: 'Palle Girgensohn' > Cc: freebsd-virtualization@FreeBSD.org; 'Devin Teske' > Subject: RE: VIMAGE, epair/if_bridge or netgraph? >=20 >=20 >=20 > > -----Original Message----- > > From: owner-freebsd-virtualization@freebsd.org [mailto:owner-freebsd- > > virtualization@freebsd.org] On Behalf Of Palle Girgensohn > > Sent: Monday, June 11, 2012 2:37 PM > > To: freebsd-virtualization@FreeBSD.org > > Subject: VIMAGE, epair/if_bridge or netgraph? > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hi, > > > > I'm updating some jail servers, and want to use VIMAGE. Compiled it > > into the kernel, learned the hard way not to even include PF in the > > same kernel [1], so now it works quite well. > > > > I am setting up many similar jails, some for testing, some for > > production. The applications are web servers, som tomcat+apache's, and > > some other standard type of services like email and ldap, simple stuff. > > I need no fancy network control, I just need it to work. For each jail > > there are two interfaces, one public, connected to a software bridge > > (if_bridge or > > ng_bridge) acting as a switch, and one internal, for maintenance, > > connected to a different software bridge. To each software bridge, I > > connect a physical external interface from the jail host. > > > > I am trying to decide whether to use epair and if_bridge, or to use > netgraph. > > For netgraph, there is a nice package at DruidBSD [3]. When I found > > that, I had already rewritten the standard jail script, using the > > v2 patches from polymorf [4]. They work equally fine for my purpose. > > > > So now I need to know which scales best, is there a difference in > > performance or stability between netgraph and epair/if_bridge? > > > > Cheers, > > Palle > > > > > > [1] http://forums.freebsd.org/showthread.php?t=3D31765 > > > > [2] http://forums.freebsd.org/showthread.php?t=3D31949 > > > > [3] http://druidbsd.sourceforge.net/vimage.shtml > > > > [4] http://wiki.polymorf.fr/index.php?title=3DHowto:FreeBSD_jail_vnet >=20 > [Devin Teske] >=20 > Never saw a reply to this and I'm locating round-tuits to tackle e-mails = that > I've marked as "needing reply": >=20 > I have not profiled Ugh, that was originally "I have not profiled [epair but I have profiled] n= etgraph" --=20 Cheers, Devin > netgraph to have a limitation of 65530 eiface devices off a > single if_bridge, but are allowed multiple bridges with that many devices. >=20 > The problems that you run into with that many devices is that if all the > interfaces are visible to a single jail or single host... your "ifconfig" > command could take several hours (about 4) to enumerate each iface to the > screen. >=20 > I didn't mess much with epair because it failed to produce a situation wh= ere I > could speak separate subnets over the same wire. Netgraph made it easy by > way of being able to enable promiscuous and disable the "autosrc" feature > (as you perhaps already found in my code you linked to above). > -- > Cheers, > Devin >=20 >=20 >=20 > _____________ > The information contained in this message is proprietary and/or confident= ial. > If you are not the intended recipient, please: (i) delete the message and= all > copies; (ii) do not disclose, distribute or use the message in any manner= ; and > (iii) notify the sender immediately. In addition, please be aware that any > message addressed to our domain is subject to archiving and review by > persons other than the intended recipient. Thank you. _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?036601cf4b79$dc61d9c0$95258d40$>