jail/virtual servers and multiple network interfaces
Jeffrey Williams
jeff at sailorfej.net
Thu Feb 1 23:41:50 PST 2007
Simon 'corecode' Schubert wrote:
> Jeffrey Williams wrote:
>> One thing I have always found frustrating is the inability to set up
a additional network interfaces on the machine so that they can be
dedicated to the jailed servers, in such a way that all the host's
network traffic stays on the primary interface, and all the jail's
network traffic uses its own dedicated interface. i.e. a virtual
network stack, for the jailed server, that can be bound directly to a
separate NIC than the one used by the host environment.
>
> Not quite it, but what happens when you assign the second NIC's IP to
the jail?
I have actually tried setting that up, unfortunately all of the jail's
outbound traffic still goes through the primary interface (even though
the jails ip address is not bound to that interface). The crux of the
problem is that even the jail's services are bound to the IP address of
the second NIC, the jail still shares a common network stack with the
host environment, such that it uses the host's routing tables, arp
tables, etc, which will always route traffic to the first interface.
Some people have suggested that I might be able to solve the problem
with a creative implementation of ipfw/static routing, but I don't think
that would really work, because the problem isn't limited to layer 3
(IP), but is also layer 2 (ethernet/arp), when both NICs are connected
to the same network segment.
>
>> Anyways, I was curious if this type of functionality is being
implemented, or in consideration for implementation, in DragonFlyBSD?
>
> Not yet. It adds quite some infrastructure as well, so I am not sure
if it is worth it. Apart from that, we're always happy to welcome
enthusiastic developers :)
I am flattered that you think I am a developer, alas, I am simply a
humble sys admin. That being said, I have been working hard to collect
enough spare hardware to offer up some testing and development platforms
to the DragonFly crowd (as well as a few other projects), and will
hopefully be able to help by participating in testing in the near future.
I have been watching you guys with great anticipation, ever since Matt
first announced.
>
> cheers
> simon
>
Thanks,
Jeff
More information about the Users
mailing list