Jails with a dedicated physical NIC

Hi All, I'm digging through posts and guides on setting up jails but have not found anything that would address explicit, physical NIC dedication. To date, I experimented with a jail which shares my system's bge1 interface. I'm now trying to build one which will be exposed externally and would like to separate its interface from the main system interface.

Both bge0 and bge1 are on the same physical LAN and I've no way of changing that at the moment. Is there a way to pass bge0 to the jail and, at the same time, make it invisible or unusable to the main system? That's not a hard requirement for me, but two NICs on the same subnet won't work so I have to render one unusable by the main system or engineer different physical layout.
 
In the end a jail will always depend on the host to make things work.

So while you won't be able to simply "hide" the NIC from the host I do think this setup could work. But... I don't know for sure what would happen if you were to address an unused NIC (unused on the host) for the Jail to use. One way to find out I suppose.

But yes: when you apply a jail you can indeed easily use 2 IP's within the same network next to each other. For example (not directly comparable to your scenario, but still..):
Code:
peter@unicron:/home/peter $ ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:12:3f:2e:3b:36
        hwaddr 00:12:3f:2e:3b:36
        inet 10.0.1.5 netmask 0xffffff00 broadcast 10.0.1.255
        inet 10.0.1.6 netmask 0xffffffff broadcast 10.0.1.6
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
peter@unicron:/home/peter $ jls
   JID  IP Address      Hostname                      Path
     7  10.0.1.6        psi.intranet.lan              /opt/jails/psi
See? Sure, it is basically an alias for em0 but it's still a separate IP within the same network which is used by my Psi jail.

I don't know for sure what would happen without the main IP but.. as I said: this should be easy enough to set up.
 
Confirmed - other physical interface running on the same subnet is not a problem when being used by a jail. BTW - I've previously assigned it to a test jail but I never used it much. Hence never had issues until after upgrade and jail removal. :D
 
Hi All, I'm digging through posts and guides on setting up jails but have not found anything that would address explicit, physical NIC dedication. To date, I experimented with a jail which shares my system's bge1 interface. I'm now trying to build one which will be exposed externally and would like to separate its interface from the main system interface.
That is not possible. Jails can't even do bridge mode (in a reliable way which is why vnet is disabled in generic). Jails are simply limited to the network alias aka. assigning 2 ip address to a single host NIC.
 
I recently purchased a 4-port ethernet card and use one of the ports exclusively for some jails. My setup is re0 (one of my interfaces) is not assigned anything on the host whatsoever. Instead, I created each jail with vnet and then an epair, one end of which was passed to the jail. I bridged the other to the re0.

It functions as if that jail has 100% control of the ethernet card. Would this solution suffice or are you looking for something more involved?
 
Farhan Khan - I think that would work, but since I've got two separate NICs already, I'll leave it as is but assign control to the jail. The reason why I wanted to make it unusable by the OS is because, as I've learned recently, if it's on the same subnet and NOT utilised by a jail, it'll create TCP/IP issues.
 
Back
Top