DragonFly users List (threaded) for 2007-02
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Simon 'corecode' Schubert wrote:
> Jeffrey Williams wrote:
>> One thing I have always found frustrating is the inability to set up a additional network interfaces on the machine so that they can be dedicated to the jailed servers, in such a way that all the host's network traffic stays on the primary interface, and all the jail's network traffic uses its own dedicated interface. i.e. a virtual network stack, for the jailed server, that can be bound directly to a separate NIC than the one used by the host environment.
>
> Not quite it, but what happens when you assign the second NIC's IP to the jail?
I have actually tried setting that up, unfortunately all of the jail's outbound traffic still goes through the primary interface (even though the jails ip address is not bound to that interface). The crux of the problem is that even the jail's services are bound to the IP address of the second NIC, the jail still shares a common network stack with the host environment, such that it uses the host's routing tables, arp tables, etc, which will always route traffic to the first interface. Some people have suggested that I might be able to solve the problem with a creative implementation of ipfw/static routing, but I don't think that would really work, because the problem isn't limited to layer 3 (IP), but is also layer 2 (ethernet/arp), when both NICs are connected to the same network segment.
>
>> Anyways, I was curious if this type of functionality is being implemented, or in consideration for implementation, in DragonFlyBSD?
>
> Not yet. It adds quite some infrastructure as well, so I am not sure if it is worth it. Apart from that, we're always happy to welcome enthusiastic developers :)
I am flattered that you think I am a developer, alas, I am simply a humble sys admin. That being said, I have been working hard to collect enough spare hardware to offer up some testing and development platforms to the DragonFly crowd (as well as a few other projects), and will hopefully be able to help by participating in testing in the near future.
I have been watching you guys with great anticipation, ever since Matt first announced.
>
> cheers
> simon
>
Thanks,
Jeff
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: jail/virtual servers and multiple network interfaces
| From: | Jeffrey Williams <jeff@xxxxxxxxxxxxx> |
| Date: | Thu, 01 Feb 2007 23:41:50 -0800 |
Simon 'corecode' Schubert wrote:
> Jeffrey Williams wrote:
>> One thing I have always found frustrating is the inability to set up a additional network interfaces on the machine so that they can be dedicated to the jailed servers, in such a way that all the host's network traffic stays on the primary interface, and all the jail's network traffic uses its own dedicated interface. i.e. a virtual network stack, for the jailed server, that can be bound directly to a separate NIC than the one used by the host environment.
>
> Not quite it, but what happens when you assign the second NIC's IP to the jail?
I have actually tried setting that up, unfortunately all of the jail's outbound traffic still goes through the primary interface (even though the jails ip address is not bound to that interface). The crux of the problem is that even the jail's services are bound to the IP address of the second NIC, the jail still shares a common network stack with the host environment, such that it uses the host's routing tables, arp tables, etc, which will always route traffic to the first interface. Some people have suggested that I might be able to solve the problem with a creative implementation of ipfw/static routing, but I don't think that would really work, because the problem isn't limited to layer 3 (IP), but is also layer 2 (ethernet/arp), when both NICs are connected to the same network segment.
>
>> Anyways, I was curious if this type of functionality is being implemented, or in consideration for implementation, in DragonFlyBSD?
>
> Not yet. It adds quite some infrastructure as well, so I am not sure if it is worth it. Apart from that, we're always happy to welcome enthusiastic developers :)
I am flattered that you think I am a developer, alas, I am simply a humble sys admin. That being said, I have been working hard to collect enough spare hardware to offer up some testing and development platforms to the DragonFly crowd (as well as a few other projects), and will hopefully be able to help by participating in testing in the near future.
I have been watching you guys with great anticipation, ever since Matt first announced.
>
> cheers
> simon
>
Thanks,
Jeff
- References:
- jail/virtual servers and multiple network interfaces
- From: Jeffrey Williams <jeff@sailorfej.net>
- Re: jail/virtual servers and multiple network interfaces
- From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>
- jail/virtual servers and multiple network interfaces
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]