2Belette
commented
1 month ago Responding to myself and closing this issue !
I found how to, it is so easy I can"t believe I haven't think about that... Example of of jail settings working with ovs bridge :
vnet;
vnet.interface += "e2b_threejail";
exec.prestart += "ifconfig epair2 create";
exec.prestart += "ifconfig epair2a up name e2a_threejail";
exec.prestart += "ifconfig epair2b up name e2b_threejail";
exec.prestart += "ovs-vsctl add-port vswitch e2a_threejail tag=300";
exec.poststop += "ovs-vsctl del-port vswitch e2a_threejail";
exec.poststop += "ifconfig e2a_threejail destroy";And voila !
In this example the ovs bridge is vswitch and the jail got an vnic into VLAN 300, the interface is properly remove from the ovs bridge when the jail stops and the epair is destroyed.
It is working perfectly well, despite a very poor performance (only got 100mbit/s between two jails, even if I tweak MTU). I know that ovs implementation on FreeBSD is userspace but I must have something wrong as I was expcting something like 7/8Gbit/s on the 10Gbit/s interface... not 100Mbit/s! but I don't believe this is Bastille related.
Is your feature request related to a problem? Please describe. I would like to use advanced networking capabilities available in ovs (OpenVswitch) bridges.
Describe the solution you'd like -B option already exists to use an existing bridge but it is not working with ovs/OpenVswitch bridges.
Describe alternatives you've considered I don't have alternative today :(
Additional context To work this would need to add eXa_jailname to the OVS bridge with
ovs-vsctl add-port bridgename eXa_jailnameThis would also add a very simple way to add vlan with :ovs-vsctl add-port bridgename eXa_jailname tag=100(for vlan 100). bridgename = bridge parameter from bastille create command. eXa_jailname where jailname = name parameter from bastille create command The hook for ovs bridge are available and this would make bastille ready for large and complex networks setup :)