Hi David, thanks for your input.
And how would you do it? Also putting each vport(4) in its own rdomain(4) and veb(4) takes care of Layer2 connectivity without any pf(4) involvment? thanks Thomas On Mon, 10 May 2021 at 08:10, David Gwynne <[email protected]> wrote: > > Hi Thomas, > > I'd give this a go with vport(4) interfaces instead of vether(4), and join them all together at layer 2 by adding them to a single veb(4). > > Cheers, > dlg > > > On 10 May 2021, at 03:04, Thomas Huber <[email protected]> wrote: > > > > Hi misc, > > > > I wanted to tinker with the cluster manager sysutils/nomad but > > unfortunately I´ve no spare cluster for tinkering... > > > > So I had the idea of utilizing OpenBSDs outstanding > > possibilities for network isolation to create a > > virtual cluster on my VM at openbsd.amsterdam. > > > > I had different ideas to achieve it but nothing worked so far. > > So I'd describe my first approach because I think this is the > > most OpenBSD idiomatic one: > > > > I created 5 vether[0-4] devices, everyone in its own rdomain [0-4] > > and assigned every device its own inet address space 10.10.[0-4].1/24 > > > > I also set the 10.10.[0-4].1 as default route in each rtable. > > > > Now I learned that pf(4) is needed to route between this 5 rdomains > > but after several attempts I've no clue how this could be defined. > > > > Actually I wanted rdomain 0 to work as hub for all rdomains >0. > > Maybe someone can hint me in the right direction.... > > > > regards > > Thomas (host of the u2k20-hackathon, if someone remembers ;-) > > > > some further listings if my description above is unclear: > > > > > > ud$ ifconfig vether > > vether0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > lladdr fe:e1:ba:d7:cc:16 > > index 23 priority 0 llprio 3 > > groups: vether > > media: Ethernet autoselect > > status: active > > inet 10.10.0.1 netmask 0xff000000 broadcast 10.255.255.255 > > > > vether1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> rdomain 1 mtu > > 1500 > > lladdr fe:e1:ba:d8:73:32 > > index 24 priority 0 llprio 3 > > groups: vether > > media: Ethernet autoselect > > status: active > > inet 10.10.1.1 netmask 0xff000000 broadcast 10.255.255.255 > > > > vether2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> rdomain 2 mtu > > 1500 > > lladdr fe:e1:ba:d9:bd:e8 > > index 26 priority 0 llprio 3 > > groups: vether > > media: Ethernet autoselect > > status: active > > inet 10.10.2.1 netmask 0xff000000 broadcast 10.255.255.255 > > > > vether3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> rdomain 3 mtu > > 1500 > > lladdr fe:e1:ba:da:07:4d > > index 28 priority 0 llprio 3 > > groups: vether > > media: Ethernet autoselect > > status: active > > inet 10.10.3.1 netmask 0xff000000 broadcast 10.255.255.255 > > > > vether4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> rdomain 4 mtu > > 1500 > > lladdr fe:e1:ba:db:31:c8 > > index 30 priority 0 llprio 3 > > groups: vether > > media: Ethernet autoselect > > status: active > > inet 10.10.4.1 netmask 0xff000000 broadcast 10.255.255.255 > > > > ud$ netstat -R > > Rdomain 0 > > Interfaces: lo0 vio0 enc0 pflog0 vether0 > > Routing tables: 0 71 > > > > Rdomain 1 > > Interfaces: vether1 lo1 > > Routing table: 1 > > > > Rdomain 2 > > Interfaces: vether2 lo2 > > Routing table: 2 > > > > Rdomain 3 > > Interfaces: vether3 lo3 > > Routing table: 3 > > > > Rdomain 4 > > Interfaces: vether4 lo4 > > Routing table: 4
