Multiple jails on host... How to get each host network usage

G

gigikent2000

Hi all
I have 7.2 Generic with multiple jails inside a host.
i use ezjail for jail administration and it works perfect.
I do have one problem.
How do i monitor from jails or within the host each jail's network traffic.
Inside the jail I only have with ifconfig the default host network card and slurm reads even inside the jail the whole server network traffic.
I want to be able to measure the traffic from inside the jail it's own traffic (which would seem logically correct).

One idea is to create a virtual interface for "bce0" for each jail and to assign this interface to the jail. Then slurm would see it (i guess).
Beeing a freebsd newbie, any help would be apreciated.

Thanks,
Vlad
 
I haven't tried this myself, but you could try using "cloned_interfaces" (see /etc/defaults/rc.conf) and use one cloned interface per jail, enabling you to run slurm or pfstat against that specific cloned interface (which should present itself and behave as a 'proper interface') . The only thing I can't really tell you off the bat is how you attach that cloned interface to a physical interface, like you do with aliases. Maybe it's not needed because it simply behaves as a directly connected network.


Code: 
cloned_interfaces="jail1, jail2"
ifconfig_jail1="..."

Code: 
slurm -i jail1

Something like that, maybe.
 
gigikent2000 said:
Inside the jail I only have with ifconfig the default host network card and slurm reads even inside the jail the whole server network traffic.
Click to expand...
I've never used slurm but this reads like it puts the interface in promiscuous mode. Is there a way to not do that?
 
It doesn't, as far as I can see in /var/log/messages when starting slurm, as opposed to e.g. tcpdump (without the -p flag).
 
it doesn't work..
when i configure the
cloned_interfaces="jail1 jail2" in rc.conf, after reboot
ifconfig complains as it could not configure the interface

if o try to manually configure the "cloned" interface
like
ifconfig jail1 inet bla bla bla complaing that it doesn't exist (the interface)

Any ideas?
 
No, not really. It was a bit of a long shot, having used it with 'bridge' and 'carp' type devices only.
 
Will it work in 8.0 :D ?

Does it pay to install that beta assuming i need to configure production ready services on my live production server ?
 
I don't think there is any ongoing effort to combine cloned_interfaces and jails. That was just a speculation on my part.

There is work underway to put pf inside jails, which would mean you could use sysutils/pfstat to monitor/graph traffic per jail.
 
You must log in or register to reply here.
Back
Top