[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-net
Subject: VIMAGE, epair/if_bridge or netgraph?
From: Palle Girgensohn <girgen () FreeBSD ! org>
Date: 2012-06-12 15:10:48
Message-ID: 4FD75BF8.50606 () FreeBSD ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm updating some jail servers, and want to use VIMAGE. Compiled it into
the kernel, learned the hard way not to even include PF in the same
kernel [1], so now it works quite well.
I am setting up many similar jails, some for testing, some for
production. The applications are web servers, som tomcat+apache's, and
some other standard type of services like email and ldap, simple stuff.
I need no fancy network control, I just need it to work. For each jail
there are two interfaces, one public, connected to a software bridge
(if_bridge or ng_bridge) acting as a switch, and one internal, for
maintenance, connected to a different software bridge. To each software
bridge, I connect a physical external interface from the jail host.
I am trying to decide whether to use epair and if_bridge, or to use
netgraph. For netgraph, there is a nice package at DruidBSD [3]. When I
found that, I had already rewritten the standard jail script, using the
v2 patches from polymorf [4]. They work equally fine for my purpose.
So now I need to know which scales best, is there a difference in
performance or stability between netgraph and epair/if_bridge?
Cheers,
Palle
[1] http://forums.freebsd.org/showthread.php?t=31765
[2] http://forums.freebsd.org/showthread.php?t=31949
[3] http://druidbsd.sourceforge.net/vimage.shtml
[4] http://wiki.polymorf.fr/index.php?title=Howto:FreeBSD_jail_vnet
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJP11v4AAoJEIhV+7FrxBJDdqoIAI8SHZJbXgvRX6r9Qh5Gr6wz
geT16OZXre1qdO8juQnWBt04KYFmuFIrdfLSnMJg8xnsIgtVo5YTedfdG6OjS6RM
ztOQvVRPKoSWe07sEhd7GLTDJay0QLu1zADI9IPQStyhffW08z7n1U2FngEtaeDh
2fQhHgI2A1y6NzjChtM6pnK45Gzi08oogGhq3e7A9GQRHhDZLX65m4rtYG7T2Q3U
K9cWfPQyH1gn/5Zhakc43uLGWkIzWWqrk6IyU4e0swVTRPZvaZeHyfK7Ni0ysKtd
SNE2B3uy6yc5i9o/kFlYAq2nLz8Igs1OwWzarzFAtJg0VcJ+Z1ALw7CRoKHbkz0=
=UqA0
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic