Hi All,
Just wondering if anyone had some examples of using a multi port nic to create several or many separate networks between both bhyve vms and jails?
my problem is basically that I need several seperated networks with services on each .. but the caveat here is none of them can be directly attached .. ie I was thinking of using proxy servers between them.
the scenario looks something like this ..
port 1: (connected to a machine network, not computers more like boilers, chillers and air handlers - these relay amqp messages to a broker)
jail with pf firewall infront of
rabbitmq vm on bhyve (trying to convert this to the freebsd version in a jail) that delievres to
the database runs in a seperate jail with a mounted zvol for data
(also working on a way to add bro to filter port 1)
port 2: (connected to the user network)
apache in jail accepts db requests and queries the above db and returns the results to an engine running in another jail where its processed
then those results are turned into pretty charts, and delevered back to the apache instance.. (this is running in 3 jails)
(was thinking I could just share the /data zvol from above, but im not sure if thats wise, or create a new database jail and use zfs send/recieve to update the second copy) idk
port 3: (connected to internet gateway)
is actually a setting in the UI that allows the system access to the internet where it can update the host / jails and vms with updates, patches and container images.
port 4: (connected to a sdlan to the cloud)
runs a jail with snmp, im trying to get that to accept messages and logs from the rest of the systm and deliver them to a cloud instance.
so in total, theres a few vm's and several vms.
Q:
#1 what is the best way to use a combination of jails/vms to separate out all of this traffic?
#2 can you actually achieve physical separated traffic between port 1 and 2 with a multiple port nic? Or should I purchase 2 network cards.. or even a separate machine
#3 is it better to work towards dumping the vms and using all jails, or convert all the jails to vms's..?
#4 security and physical seperate of port 1 and the rest of the services is mission critcal.
Thanks!
Just wondering if anyone had some examples of using a multi port nic to create several or many separate networks between both bhyve vms and jails?
my problem is basically that I need several seperated networks with services on each .. but the caveat here is none of them can be directly attached .. ie I was thinking of using proxy servers between them.
the scenario looks something like this ..
port 1: (connected to a machine network, not computers more like boilers, chillers and air handlers - these relay amqp messages to a broker)
jail with pf firewall infront of
rabbitmq vm on bhyve (trying to convert this to the freebsd version in a jail) that delievres to
the database runs in a seperate jail with a mounted zvol for data
(also working on a way to add bro to filter port 1)
port 2: (connected to the user network)
apache in jail accepts db requests and queries the above db and returns the results to an engine running in another jail where its processed
then those results are turned into pretty charts, and delevered back to the apache instance.. (this is running in 3 jails)
(was thinking I could just share the /data zvol from above, but im not sure if thats wise, or create a new database jail and use zfs send/recieve to update the second copy) idk
port 3: (connected to internet gateway)
is actually a setting in the UI that allows the system access to the internet where it can update the host / jails and vms with updates, patches and container images.
port 4: (connected to a sdlan to the cloud)
runs a jail with snmp, im trying to get that to accept messages and logs from the rest of the systm and deliver them to a cloud instance.
so in total, theres a few vm's and several vms.
Q:
#1 what is the best way to use a combination of jails/vms to separate out all of this traffic?
#2 can you actually achieve physical separated traffic between port 1 and 2 with a multiple port nic? Or should I purchase 2 network cards.. or even a separate machine
#3 is it better to work towards dumping the vms and using all jails, or convert all the jails to vms's..?
#4 security and physical seperate of port 1 and the rest of the services is mission critcal.
Thanks!