Solved Where can I find a documentation about bsd networking: specifically about cloned interfaces?

[Young Druid]

Hello.
I started recently building a server based on the latest FreeBSD version. I try to put each small service into its jail. Everything seems to be fine when following Handbook. But one thing which I do not get and cannot google why do I need to create a cloned interface?
I cannot find by search a good explanation what cloned interfaces are. What is the difference from aliases? Honestly I do not get exactly what aliases are too. So that is why I will appreciate a good modern book about networking in bsd.
Also I have a question which is unrelated to the subject. Is it fine to assign IPs like 127.0.1.0/24 to jails? I want them to be available only locally and expose them to the world via nginx proxy.

 

[kpa]

Think of cloned interfaces as instances in object-oriented programming, the object is the kernel driver providing the means to create the actual interfaces (the instances). The whole point of cloned interfaces is that you can create multiple instances using the same driver and system won't have problems tracking which one is which because the instances are numbered. For example:

freebsd10 ~ % sudo kldload if_tap.ko
freebsd10 ~ % sudo ifconfig tap create
tap0
freebsd10 ~ % sudo ifconfig tap create
tap1
freebsd10 ~ % sudo ifconfig tap create
tap2
ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 08:00:27:8b:51:ce
        inet 10.71.14.10 netmask 0xffffff00 broadcast 10.71.14.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tap0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether 00:bd:eb:64:fc:00
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: no carrier
tap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether 00:bd:f5:70:fc:01
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: no carrier
tap2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether 00:bd:1e:7a:fc:02
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: no carrier
freebsd10 ~ %

 

[lme@]

Also I have a question which is unrelated to the subject. Is it fine to assign IPs like 127.0.1.0/24 to jails? I want them to be available only locally and expose them to the world via nginx proxy.

That's perfectly fine. Just redirect the incoming connections using nginx, pf, ipfw, ...

 

[Young Druid]

Thanks a lot for clarifications. I would appreciate if you also can recommend any book (or may be a set of good articles) with more detailed information about networking.

 

[SirDice]

Thanks a lot for clarifications. I would appreciate if you also can recommend any book (or may be a set of good articles) with more detailed information about networking.

Any book about TCP/IP will do just that. Pretty much the standard "bible" for TCP/IP is "TCP/IP Illustrated, Volume 1" by Stevens.

http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469