The following text is about to show you how to use the new feature of FreeBSD 8:VIMAGE in a multi-jail environment.
- Compile VIMAGE support into your kernel
Add the “option VIMAGE” to your kernel config and make sure to remove theSCTP support. Lack of SCTP support is one of the reasons VIMAGE is still considered to be experimental.
If you don’t know how to build your own custom kernel image, follow the detailed instructions of the corresponding FreeBSD Handbook chapter .
- Reboot with your new kernel
- First let’s create a pair of epair interfaces then quickly start two VIMAGE jails. I’m using the same fs root to make it simple, but you should create your jails as you always do, you can even use ezjail to it. The only difference is the “vnet” jailparam which is passed as a command line argument to the jail binary.
If you use rc.conf you could try adding the “vnet” parameter to your jail_
_flags variable for automatic startup.
So we have two instances and an epair device. Let’s see the interface list on the host.
Both sides of the pair is in the host system. Put one end into one of your jails with the ifconfig
vnet command and verify the results by running ifconfig inside your jail.
OK, we have a layer 2 connection. Let’s add some IPs and run a ping test
Let’s do the same with your other jail
Oh wait, these are completely different set of epair interfaces, you can’t use the same IP subnet on them. In order to mash them together on the host side, you have to make a bridge.
The commands above will create a new bridge interface, and add the host side of both epair interfaces to the bridge.
You can see it with ifconfig as well:
Let’s put the host IP we set for epair0a earlier on the bridge interface instead and bring UP the host side of epair1. (Note: If you assign an IP to an interface, its state should automatically change to UP)
Running ping tests from the second jail, you can now ping your host and your other jail(s) too.
Remember, now that you have separate networking stacks for each of your jails, the choice of topology is yours.