Re: netgraph network setup for jail(8) vnet jails.

[Joe]

Teske, Devin wrote:
snip... 


I rendered your output by saving it in a file (joe.dot) and then running:

dot -Tsvg -o joe.svg  joe.dot

I then uploaded joe.svg to my website:

http://druidbsd.sf.net/download/joe.svg

Compare your output to any of the following:

http://druidbsd.sf.net/download/warden0.jbsd.svg
http://druidbsd.sourceforge.net/download/folsom.svg

It looks like everything is connected properly.

A couple thoughts off the top of my head:

a. Did you enable promiscuous mode on rl0 via ngctl? (in your script perhaps?)

b. Have you tried giving ngeth0 a new MAC address? (I do this through ngctl 
too, but I imagine ifconfig from within the jail could achieve the same thing)
--
Devin




Yes I enabled promiscuous mode and setautosrc 0 on rl0 via ngctl.
I can find no documentation on why this is done. Can you point me to some?

Yes I gave the jail a unique MAC address.

I tried to generate my own network map, but having problem.

ngctl dot  file.dot works.
dot -Tsvg -o file.svg  file.dot
gives me command dot not found.
Tried ngctl dot -Tsvg -o file.svg  file.dot
and -T is illegal option.
What am I doing wrong?

Thanks for your help
Joe

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: netgraph network setup for jail(8) vnet jails.

[Trond Endrestøl]

On Thu, 23 May 2013 09:42-0400, Joe wrote:

 Teske, Devin wrote:
  snip... 
  I rendered your output by saving it in a file (joe.dot) and then running:
  
  dot -Tsvg -o joe.svg  joe.dot
  
  I then uploaded joe.svg to my website:
  
  http://druidbsd.sf.net/download/joe.svg
  
  Compare your output to any of the following:
  
  http://druidbsd.sf.net/download/warden0.jbsd.svg
  http://druidbsd.sourceforge.net/download/folsom.svg
  
  It looks like everything is connected properly.
  
  A couple thoughts off the top of my head:
  
  a. Did you enable promiscuous mode on rl0 via ngctl? (in your script
  perhaps?)
  
  b. Have you tried giving ngeth0 a new MAC address? (I do this through ngctl
  too, but I imagine ifconfig from within the jail could achieve the same
  thing)
  --
  Devin
 
 Yes I enabled promiscuous mode and setautosrc 0 on rl0 via ngctl.
 I can find no documentation on why this is done. Can you point me to some?
 
 Yes I gave the jail a unique MAC address.
 
 I tried to generate my own network map, but having problem.
 
 ngctl dot  file.dot works.

 dot -Tsvg -o file.svg  file.dot
 gives me command dot not found.

Please install graphics/graphviz, either from ports or from packages.

 Tried ngctl dot -Tsvg -o file.svg  file.dot
 and -T is illegal option.
 What am I doing wrong?
 
 Thanks for your help
 Joe

-- 
+---++
| Vennlig hilsen,   | Best regards,  |
| Trond Endrestøl,  | Trond Endrestøl,   |
| IT-ansvarlig, | System administrator,  |
| Fagskolen Innlandet,  | Gjøvik Technical College, Norway,  |
| tlf. mob.   952 62 567,   | Cellular...: +47 952 62 567,   |
| sentralbord 61 14 54 00.  | Switchboard: +47 61 14 54 00.  |
+---++___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

netgraph network setup for jail(8) vnet jails.

[Joe]

Hello list

I cant get to the internet using this netgraph setup script.
I sure would appreciate giving this console log a look over for
errors. My netgraph knowledge level is not sufficient to see what is
wrong. The goal is to run this script to setup and break down a netgraph
network for a single vnet jail at a time. rl0 is the real nic interface
device name of the nic facing the internet. This box is on my lan and
the gateway box does NAT for all lan boxes. The host running this script 
can ping the internet ok.


Thank you very much for your help.





The host's kernel has modules with vimage  ipfw compiled in.

From the host
# /root ifconfig
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
options=2008VLAN_MTU,WOL_MAGIC
ether 00:0c:6e:09:8b:74
inet 10.0.10.5 netmask 0xfff8 broadcast 10.0.10.7
nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
media: Ethernet autoselect (100baseTX full-duplex)
status: active
plip0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST metric 0 mtu 1500
nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
ipfw0: flags=8801UP,SIMPLEX,MULTICAST metric 0 mtu 65536
nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384
options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
inet 127.0.0.1 netmask 0xff00
nd6 options=21PERFORMNUD,AUTO_LINKLOCAL

The jails config file
# /root cat /usr/local/etc/vnet/vdir4
vdir4 {
host.hostname   =  vdir4;
path=  /usr/jails/vdir4;
mount.fstab =  /usr/local/etc/fstab/vdir4;
vnet;
persist;
}

The netgraph script
# /root cat /usr/local/bin/vnet.ng.test
#!/bin/sh
# snip comments for displaying here
# This script is based on this /usr/share/examples/netgraph/virtual.lan

# Give the name of ethernet interface.
ETHER_INTF=rl0

# List the names of virtual nodes and their IP addresses. Use ':'
# character to separate node name from node IP address and netmask.

#TARGET_TOPOLOGY=c1|10.0.2.20/24 c2|10.0.2.21/24 c3|10.0.2.22/24
TARGET_TOPOLOGY=vdir4|10.0.2.20/24

# MAC manufacturer prefix. This can be modified according to needs.
MAC_PREFIX=00:1d:92

# Temporary file is important for proper execution of script.
TEMP_FILE=/var/tmp/virtual.lan.tmp

virtual_lan_start() {

# Load netgraph KLD's as necessary.

for KLD in ng_ether ng_bridge ng_eiface; do
if ! kldstat -v | grep -qw ${KLD}; then
echo -n Loading ${KLD}.ko... 
kldload ${KLD} || exit 1
echo done
fi
done

# Reset all interfaces and jails. If temporary file can not be found
# script assumes that there is no previous configuration.

if [ ! -e ${TEMP_FILE} ]; then
  echo No previous configuration(${TEMP_FILE}) found to clean-up.
else
  echo -n Cleaning previous configuration...
  virtual_lan_stop
  echo done
fi

# Create temporary file for usage. This file includes generated
# interface names and jail names. All bridges, interfaces and jails
# are written to file while created. In clean-up process written
# objects are cleaned (i.e. removed) from system.

if [ -e ${TEMP_FILE} ]; then
touch ${TEMP_FILE}
fi

echo -n Verifying ethernet interface existence...
# Verify ethernet interface exist.
if ! ngctl info ${ETHER_INTF}: /dev/null 21; then
echo Error: interface ${ETHER_INTF} does not exist
exit 1
fi

ifconfig ${ETHER_INTF} up || exit 1
echo done

# Get current number of bridge interfaces in the system. This number
# is used to create a name for new bridge.
BRIDGE_COUNT=`ngctl l | grep bridge | wc -l | sed -e s/ //g`
BRIDGE_NAME=bridge${BRIDGE_COUNT}

# Create new ng_bridge(4) node and attach it to the ethernet interface.
# Connect ng_ether:lower hook to bridge:link0 when creating bridge and
# connect ng_ether:upper hook to bridge:link1 after bridge name is set.

echo Creating bridge interface: ${BRIDGE_NAME}...
ngctl mkpeer ${ETHER_INTF}: bridge lower link0 || exit 1
ngctl name ${ETHER_INTF}:lower ${BRIDGE_NAME} || exit 1
ngctl connect ${ETHER_INTF}: ${BRIDGE_NAME}: upper link1 || exit 1
echo Bridge ${BRIDGE_NAME} is created and ${ETHER_INTF} is connected.

# In the above code block two hooks are connected to bridge interface,
# therefore LINKNUM is set to 2 indicating total number of connected
# hooks on the bridge interface.
LINKNUM=2

# Write name of the bridge to temp file. Clean-up procedure will use
# this name to shutdown bridge interface.
echo bridge ${BRIDGE_NAME}  ${TEMP_FILE}


# Attach vnet jail.
for NODE in ${TARGET_TOPOLOGY}; do

  # Virtual nodes are defined in TARGET_TOPOLOGY variable. They
  # have the form of 'nodeName|IPaddr'. Below two lines split
  # node definition to get node name and node IP.

  NODE_NAME=`echo ${NODE} | awk -F| '{print $1}'`
  NODE_IP=`echo ${NODE} | awk -F| '{print $2}'`

  # Create virtual node (jail) with given 

Re: netgraph network setup for jail(8) vnet jails.

[Teske, Devin]

Sorry for top-post, but just wanted to add a quick note:

The output of ngctl dot would be very helpful to others in debugging your 
setup.
-- 
Devin

On May 18, 2013, at 8:38 AM, Joe wrote:

 Hello list
 
 I cant get to the internet using this netgraph setup script.
 I sure would appreciate giving this console log a look over for
 errors. My netgraph knowledge level is not sufficient to see what is
 wrong. The goal is to run this script to setup and break down a netgraph
 network for a single vnet jail at a time. rl0 is the real nic interface
 device name of the nic facing the internet. This box is on my lan and
 the gateway box does NAT for all lan boxes. The host running this script can 
 ping the internet ok.
 
 Thank you very much for your help.
 
 
 
 
 
 The host's kernel has modules with vimage  ipfw compiled in.
 
 From the host
 # /root ifconfig
 rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
   options=2008VLAN_MTU,WOL_MAGIC
   ether 00:0c:6e:09:8b:74
   inet 10.0.10.5 netmask 0xfff8 broadcast 10.0.10.7
   nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
 plip0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST metric 0 mtu 1500
   nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
 ipfw0: flags=8801UP,SIMPLEX,MULTICAST metric 0 mtu 65536
   nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL
 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384
   options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
   inet 127.0.0.1 netmask 0xff00
   nd6 options=21PERFORMNUD,AUTO_LINKLOCAL
 
 The jails config file
 # /root cat /usr/local/etc/vnet/vdir4
 vdir4 {
 host.hostname   =  vdir4;
 path=  /usr/jails/vdir4;
 mount.fstab =  /usr/local/etc/fstab/vdir4;
 vnet;
 persist;
 }
 
 The netgraph script
 # /root cat /usr/local/bin/vnet.ng.test
 #!/bin/sh
 # snip comments for displaying here
 # This script is based on this /usr/share/examples/netgraph/virtual.lan
 
 # Give the name of ethernet interface.
 ETHER_INTF=rl0
 
 # List the names of virtual nodes and their IP addresses. Use ':'
 # character to separate node name from node IP address and netmask.
 
 #TARGET_TOPOLOGY=c1|10.0.2.20/24 c2|10.0.2.21/24 c3|10.0.2.22/24
 TARGET_TOPOLOGY=vdir4|10.0.2.20/24
 
 # MAC manufacturer prefix. This can be modified according to needs.
 MAC_PREFIX=00:1d:92
 
 # Temporary file is important for proper execution of script.
 TEMP_FILE=/var/tmp/virtual.lan.tmp
 
 virtual_lan_start() {
 
 # Load netgraph KLD's as necessary.
 
 for KLD in ng_ether ng_bridge ng_eiface; do
   if ! kldstat -v | grep -qw ${KLD}; then
   echo -n Loading ${KLD}.ko... 
   kldload ${KLD} || exit 1
   echo done
   fi
 done
 
 # Reset all interfaces and jails. If temporary file can not be found
 # script assumes that there is no previous configuration.
 
 if [ ! -e ${TEMP_FILE} ]; then
  echo No previous configuration(${TEMP_FILE}) found to clean-up.
 else
  echo -n Cleaning previous configuration...
  virtual_lan_stop
  echo done
 fi
 
 # Create temporary file for usage. This file includes generated
 # interface names and jail names. All bridges, interfaces and jails
 # are written to file while created. In clean-up process written
 # objects are cleaned (i.e. removed) from system.
 
 if [ -e ${TEMP_FILE} ]; then
   touch ${TEMP_FILE}
 fi
 
 echo -n Verifying ethernet interface existence...
 # Verify ethernet interface exist.
 if ! ngctl info ${ETHER_INTF}: /dev/null 21; then
   echo Error: interface ${ETHER_INTF} does not exist
   exit 1
 fi
 
 ifconfig ${ETHER_INTF} up || exit 1
 echo done
 
 # Get current number of bridge interfaces in the system. This number
 # is used to create a name for new bridge.
 BRIDGE_COUNT=`ngctl l | grep bridge | wc -l | sed -e s/ //g`
 BRIDGE_NAME=bridge${BRIDGE_COUNT}
 
 # Create new ng_bridge(4) node and attach it to the ethernet interface.
 # Connect ng_ether:lower hook to bridge:link0 when creating bridge and
 # connect ng_ether:upper hook to bridge:link1 after bridge name is set.
 
 echo Creating bridge interface: ${BRIDGE_NAME}...
 ngctl mkpeer ${ETHER_INTF}: bridge lower link0 || exit 1
 ngctl name ${ETHER_INTF}:lower ${BRIDGE_NAME} || exit 1
 ngctl connect ${ETHER_INTF}: ${BRIDGE_NAME}: upper link1 || exit 1
 echo Bridge ${BRIDGE_NAME} is created and ${ETHER_INTF} is connected.
 
 # In the above code block two hooks are connected to bridge interface,
 # therefore LINKNUM is set to 2 indicating total number of connected
 # hooks on the bridge interface.
 LINKNUM=2
 
 # Write name of the bridge to temp file. Clean-up procedure will use
 # this name to shutdown bridge interface.
 echo bridge ${BRIDGE_NAME}  ${TEMP_FILE}
 
 
 # Attach vnet jail.
 for NODE in ${TARGET_TOPOLOGY}; do
 
  # Virtual nodes are defined in 

Re: netgraph network setup for jail(8) vnet jails.

[Joe]

Teske, Devin wrote:

Sorry for top-post, but just wanted to add a quick note:

The output of ngctl dot would be very helpful to others in debugging your 
setup.



graph netgraph {
edge [ weight = 1.0 ];
node [ shape = record, fontsize = 12 ] {
1 [ label = {rl0:|{ether|[1]:}} ];
5 [ label = {bridge0:|{bridge|[5]:}} ];
9 [ label = {ngeth0:|{eiface|[9]:}} ];
e [ label = {ngctl2355:|{socket|[e]:}} ];
};
subgraph cluster_disconnected {
bgcolor = pink;
e;
};
node [ shape = octagon, fontsize = 10 ] {
1.upper [ label = upper ];
1.lower [ label = lower ];
};
{
edge [ weight = 2.0, style = bold ];
1 -- 1.upper;
1 -- 1.lower;
};
node [ shape = octagon, fontsize = 10 ] {
5.link2 [ label = link2 ];
5.link1 [ label = link1 ];
5.link0 [ label = link0 ];
};
{
edge [ weight = 2.0, style = bold ];
5 -- 5.link2;
5 -- 5.link1;
5 -- 5.link0;
};
5.link1 -- 1.upper;
5.link0 -- 1.lower;
node [ shape = octagon, fontsize = 10 ] {
9.ether [ label = ether ];
};
{
edge [ weight = 2.0, style = bold ];
9 -- 9.ether;
};
9.ether -- 5.link2;
};


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: netgraph network setup for jail(8) vnet jails.

[Teske, Devin]

On May 18, 2013, at 5:51 PM, Joe wrote:

Teske, Devin wrote:
Sorry for top-post, but just wanted to add a quick note:
The output of ngctl dot would be very helpful to others in debugging your 
setup.


graph netgraph {
edge [ weight = 1.0 ];
node [ shape = record, fontsize = 12 ] {
1 [ label = {rl0:|{ether|[1]:}} ];
5 [ label = {bridge0:|{bridge|[5]:}} ];
9 [ label = {ngeth0:|{eiface|[9]:}} ];
e [ label = {ngctl2355:|{socket|[e]:}} ];
};
subgraph cluster_disconnected {
bgcolor = pink;
e;
};
node [ shape = octagon, fontsize = 10 ] {
1.upper [ label = upper ];
1.lower [ label = lower ];
};
{
edge [ weight = 2.0, style = bold ];
1 -- 1.upper;
1 -- 1.lower;
};
node [ shape = octagon, fontsize = 10 ] {
5.link2 [ label = link2 ];
5.link1 [ label = link1 ];
5.link0 [ label = link0 ];
};
{
edge [ weight = 2.0, style = bold ];
5 -- 5.link2;
5 -- 5.link1;
5 -- 5.link0;
};
5.link1 -- 1.upper;
5.link0 -- 1.lower;
node [ shape = octagon, fontsize = 10 ] {
9.ether [ label = ether ];
};
{
edge [ weight = 2.0, style = bold ];
9 -- 9.ether;
};
9.ether -- 5.link2;
};


I rendered your output by saving it in a file (joe.dot) and then running:

dot -Tsvg -o joe.svg  joe.dot

I then uploaded joe.svg to my website:

http://druidbsd.sf.net/download/joe.svg

Compare your output to any of the following:

http://druidbsd.sf.net/download/warden0.jbsd.svg
http://druidbsd.sourceforge.net/download/folsom.svg

It looks like everything is connected properly.

A couple thoughts off the top of my head:

a. Did you enable promiscuous mode on rl0 via ngctl? (in your script perhaps?)

b. Have you tried giving ngeth0 a new MAC address? (I do this through ngctl 
too, but I imagine ifconfig from within the jail could achieve the same thing)
--
Devin

_
The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. Thank you.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org