VNET jails + VLAN over LAGG

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

VNET jails + VLAN over LAGG

Julien Cigar-4
Hello,

I've a lagg0 interface with three ports: igb0,igb1,igb2 (with LACP). On
top of that I've several VLAN interfaces: vlan10, vlan11, vlan12 with
vlandev lagg0. All those vlans have ip addresses and one of them shares
also a vhid (through CARP).
Translated in ifconfig/rc.conf it gives (1)

Currently I've several jails, all non-VNET, and I'd like to add a bunch
of VNET jails through epair and bridge. I'm wondering how should it be
done regarding the VLAN/LAGG interface(s).. (given that non-VNET jails
should continue to work too)?

Some things I wonder:
- If I'm adding a vlan interface to a bridge, I guess the IP addresses
  should be moved to the bridge, right? How will behave the non-VNET
  jails..? How will behave the vhid on the HOST? Should I add a tap
  interface in the HOST on top of the bridge too?

- From what I can read the best is to create one bridge per vlan, adding
  the corresponding HOST vlan and the epairxa, is this correct?

Thanks,
Julien

(1) https://gist.githubusercontent.com/silenius/6066696fe78c95177548319f125d9c44/raw/0319e4d1cad33201ea66e2258a74f8349116fbc9/gistfile1.txt

--
Julien Cigar
Belgian Biodiversity Platform (http://www.biodiversity.be)
PGP fingerprint: EEF9 F697 4B68 D275 7B11  6A25 B2BB 3710 A204 23C0
No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: VNET jails + VLAN over LAGG

Julien Cigar-4
A little followup on this, in an attempt to virtualize my FreeBSD
router/firewall, it almost works with
https://gist.github.com/silenius/5f556a036330f1595e2e6fcdd5e5e18e

The only thing the doesn't work is the vhid (CARP) on the epairxb
interface: as long as the jail is running it works, if I'm stopping the
jail the other side switch from BACKUP to MASTER, which is OK, but when
I'm starting the jail again afterwards the epairxb never goes to MASTER
mode, (it stays in BACKUP mode) although it should... any idea? is
CARP supposed to work with epair interfaces?

Thanks,
Julien

On Thu, Oct 22, 2020 at 01:18:08PM +0200, Julien Cigar wrote:

> Hello,
>
> I've a lagg0 interface with three ports: igb0,igb1,igb2 (with LACP). On
> top of that I've several VLAN interfaces: vlan10, vlan11, vlan12 with
> vlandev lagg0. All those vlans have ip addresses and one of them shares
> also a vhid (through CARP).
> Translated in ifconfig/rc.conf it gives (1)
>
> Currently I've several jails, all non-VNET, and I'd like to add a bunch
> of VNET jails through epair and bridge. I'm wondering how should it be
> done regarding the VLAN/LAGG interface(s).. (given that non-VNET jails
> should continue to work too)?
>
> Some things I wonder:
> - If I'm adding a vlan interface to a bridge, I guess the IP addresses
>   should be moved to the bridge, right? How will behave the non-VNET
>   jails..? How will behave the vhid on the HOST? Should I add a tap
>   interface in the HOST on top of the bridge too?
>
> - From what I can read the best is to create one bridge per vlan, adding
>   the corresponding HOST vlan and the epairxa, is this correct?
>
> Thanks,
> Julien
>
> (1) https://gist.githubusercontent.com/silenius/6066696fe78c95177548319f125d9c44/raw/0319e4d1cad33201ea66e2258a74f8349116fbc9/gistfile1.txt
>
> --
> Julien Cigar
> Belgian Biodiversity Platform (http://www.biodiversity.be)
> PGP fingerprint: EEF9 F697 4B68 D275 7B11  6A25 B2BB 3710 A204 23C0
> No trees were killed in the creation of this message.
> However, many electrons were terribly inconvenienced.
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "[hidden email]"

--
Julien Cigar
Belgian Biodiversity Platform (http://www.biodiversity.be)
PGP fingerprint: EEF9 F697 4B68 D275 7B11  6A25 B2BB 3710 A204 23C0
No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"