Re: veb(4) support for vmd(8)?

2021-03-20 Thread srfsh 
David Gwynne  wrote:
> i think this is enough to let vmd wire guests up to veb interfaces.
> 
> please remember that veb is not the same as bridge, so some care
> has to be taken when replacing bridge with veb. the biggest difference
> to note is that if you want the host to talk layer 3 (ie, ip, dhcp,
> etc) with the guests, the host must have a vport(4) interface set
> up for l3 and added to the veb(4). if you used vether for that, just
> replace the vether interfaces with vports.
> 
> you can also have guests isolated from the host by not having vport
> interfaces on their veb. you can still add a physical interface to the
> veb to let guests talk l2 to the real world without having them talk to
> the host they're running on.
> 
> lastly, veb doesnt filter (non-vport) ports by default. if you're
> using pf and bridge to filter between guests, you have to allow pf
> to run on veb by setting the link1 flag. care must be taken if
> you're also filtering with pf on a vport(4) interface. if anyone is
> having trouble with this bit and wants some more pointers, let me know.
> i suspect you'll learn more from bitter experience though.

Just changed the names of vether0 to vport0 and bridge0 to veb0,
everything worked without me doing anything else (I was using group
names for them, so no PF change at all as well).

I feel like my Alpine instance boots 1 second or so faster, but I might
be just feeling it.  Nevertheless, it works without any issue.  Thank
you for your contributions!

Sincerely,
srfsh

Re: veb(4) support for vmd(8)?

2021-02-28 Thread David Gwynne 



> On 27 Feb 2021, at 10:11, Klemens Nanni  wrote:
> 
> On Sat, Feb 27, 2021 at 09:44:03AM +1000, David Gwynne wrote:
>> 
>> 
>>> On 27 Feb 2021, at 7:50 am, Klemens Nanni  wrote:
>>> 
>>> On Sat, Feb 27, 2021 at 07:30:56AM +1000, David Gwynne wrote:
 i think this is enough to let vmd wire guests up to veb interfaces.
>>> But please update vm.conf(5) to mention veb(4) and vport(4) in as well
>>> SWITCH CONFIGURATION.
>> 
>> How would you fit wording about vport(4) in?
> I was too vague, it'd be just veb(4), I guess.
> I wouldn't go into any of the bridge/switch driver's specific
> configuration in vmd(8), i.e. explicitly omit any mention of vether(4)
> or vport(4).
> 
> How about this (quietly moving vmctl(8) from bridge(4) to veb(4) while
> at it...)

reads good to me, so ok. i'll put the .c bits in now.

> 
> 
> Index: vmd/vm.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/vmd/vm.conf.5,v
> retrieving revision 1.55
> diff -u -p -r1.55 vm.conf.5
> --- vmd/vm.conf.5 23 Sep 2020 19:18:18 -  1.55
> +++ vmd/vm.conf.5 27 Feb 2021 00:07:20 -
> @@ -376,9 +376,10 @@ Set the owner to the specified group.
> .Sh SWITCH CONFIGURATION
> A virtual switch allows VMs to communicate with other network interfaces on 
> the
> host system via either
> -.Xr bridge 4
> +.Xr bridge 4 ,
> +.Xr switch 4
> or
> -.Xr switch 4 .
> +.Xr veb 4 .
> The network interface for each virtual switch defined in
> .Nm
> is pre-configured using
> @@ -435,9 +436,10 @@ as described in
> .Xr ifconfig 8 .
> .It Cm interface Ar name
> Set the
> +.Xr bridge 4 ,
> .Xr switch 4
> or
> -.Xr bridge 4
> +.Xr veb 4
> network interface of this switch.
> If the type is changed to
> .Ar switch0 ,
> Index: vmctl/vmctl.8
> ===
> RCS file: /cvs/src/usr.sbin/vmctl/vmctl.8,v
> retrieving revision 1.72
> diff -u -p -r1.72 vmctl.8
> --- vmctl/vmctl.8 16 Feb 2020 11:03:25 -  1.72
> +++ vmctl/vmctl.8 27 Feb 2021 00:07:41 -
> @@ -280,7 +280,7 @@ This tap/vio interface mapping
> allows guest network traffic to be manipulated by the host.
> Any valid host-side interface configuration may be performed on these
> tap interfaces, such as bridging (via
> -.Xr bridge 4 ) ,
> +.Xr veb 4 ) ,
> or using
> .Xr pf 4
> nat-to rules to create private or host-side NATed networks, as desired.
> @@ -423,7 +423,7 @@ Terminate VM number 1:
> # vmctl stop 1
> .Ed
> .Sh SEE ALSO
> -.Xr bridge 4 ,
> +.Xr veb 4 ,
> .Xr pf 4 ,
> .Xr tap 4 ,
> .Xr vio 4 ,

Re: veb(4) support for vmd(8)?

2021-02-26 Thread Josh Rickmar 
David Gwynne wrote:
> I'd vote that way, but I am biased.
> 
> Some test reports that it's working well for people would be nice too.=

This is working well in my testing as a replacement for bridge/vether
usage as told in the virtualization FAQ, but I was unaware that the
vport interface needed to manually be set 'up', and saw no mention of
that in the manpage.  dlg@ kindly walked me through that and nothing
has been an issue since.

Re: veb(4) support for vmd(8)?

2021-02-26 Thread David Gwynne 



> On 27 Feb 2021, at 9:57 am, Mike Larkin  wrote:
> 
> On Sat, Feb 27, 2021 at 09:44:03AM +1000, David Gwynne wrote:
>> 
>> 
>>> On 27 Feb 2021, at 7:50 am, Klemens Nanni  wrote:
>>> 
>>> On Sat, Feb 27, 2021 at 07:30:56AM +1000, David Gwynne wrote:
 i think this is enough to let vmd wire guests up to veb interfaces.
>>> But please update vm.conf(5) to mention veb(4) and vport(4) in as well
>>> SWITCH CONFIGURATION.
>> 
>> How would you fit wording about vport(4) in?
>> 
>>> 
>>> OK kn
>> 
> 
> Do we want to just talk only about veb/vport and remove all the old discussion
> around bridge/vether?

I'd vote that way, but I am biased.

Some test reports that it's working well for people would be nice too.

Re: veb(4) support for vmd(8)?

2021-02-26 Thread Solene Rapenne 
On Fri, 26 Feb 2021 22:50:29 +0100
Klemens Nanni :

> On Sat, Feb 27, 2021 at 07:30:56AM +1000, David Gwynne wrote:
> > i think this is enough to let vmd wire guests up to veb interfaces.  
> But please update vm.conf(5) to mention veb(4) and vport(4) in as well
> SWITCH CONFIGURATION.
> 
> OK kn
> 

The virtualization FAQ could be updated too when 6.9 is released
if bridge should be replaced with veb.

Re: veb(4) support for vmd(8)?

2021-02-26 Thread Klemens Nanni 
On Sat, Feb 27, 2021 at 09:44:03AM +1000, David Gwynne wrote:
> 
> 
> > On 27 Feb 2021, at 7:50 am, Klemens Nanni  wrote:
> > 
> > On Sat, Feb 27, 2021 at 07:30:56AM +1000, David Gwynne wrote:
> >> i think this is enough to let vmd wire guests up to veb interfaces.
> > But please update vm.conf(5) to mention veb(4) and vport(4) in as well
> > SWITCH CONFIGURATION.
> 
> How would you fit wording about vport(4) in?
I was too vague, it'd be just veb(4), I guess.
I wouldn't go into any of the bridge/switch driver's specific
configuration in vmd(8), i.e. explicitly omit any mention of vether(4)
or vport(4).

How about this (quietly moving vmctl(8) from bridge(4) to veb(4) while
at it...)


Index: vmd/vm.conf.5
===
RCS file: /cvs/src/usr.sbin/vmd/vm.conf.5,v
retrieving revision 1.55
diff -u -p -r1.55 vm.conf.5
--- vmd/vm.conf.5   23 Sep 2020 19:18:18 -  1.55
+++ vmd/vm.conf.5   27 Feb 2021 00:07:20 -
@@ -376,9 +376,10 @@ Set the owner to the specified group.
 .Sh SWITCH CONFIGURATION
 A virtual switch allows VMs to communicate with other network interfaces on the
 host system via either
-.Xr bridge 4
+.Xr bridge 4 ,
+.Xr switch 4
 or
-.Xr switch 4 .
+.Xr veb 4 .
 The network interface for each virtual switch defined in
 .Nm
 is pre-configured using
@@ -435,9 +436,10 @@ as described in
 .Xr ifconfig 8 .
 .It Cm interface Ar name
 Set the
+.Xr bridge 4 ,
 .Xr switch 4
 or
-.Xr bridge 4
+.Xr veb 4
 network interface of this switch.
 If the type is changed to
 .Ar switch0 ,
Index: vmctl/vmctl.8
===
RCS file: /cvs/src/usr.sbin/vmctl/vmctl.8,v
retrieving revision 1.72
diff -u -p -r1.72 vmctl.8
--- vmctl/vmctl.8   16 Feb 2020 11:03:25 -  1.72
+++ vmctl/vmctl.8   27 Feb 2021 00:07:41 -
@@ -280,7 +280,7 @@ This tap/vio interface mapping
 allows guest network traffic to be manipulated by the host.
 Any valid host-side interface configuration may be performed on these
 tap interfaces, such as bridging (via
-.Xr bridge 4 ) ,
+.Xr veb 4 ) ,
 or using
 .Xr pf 4
 nat-to rules to create private or host-side NATed networks, as desired.
@@ -423,7 +423,7 @@ Terminate VM number 1:
 # vmctl stop 1
 .Ed
 .Sh SEE ALSO
-.Xr bridge 4 ,
+.Xr veb 4 ,
 .Xr pf 4 ,
 .Xr tap 4 ,
 .Xr vio 4 ,

Re: veb(4) support for vmd(8)?

2021-02-26 Thread Mike Larkin 
On Sat, Feb 27, 2021 at 09:44:03AM +1000, David Gwynne wrote:
>
>
> > On 27 Feb 2021, at 7:50 am, Klemens Nanni  wrote:
> >
> > On Sat, Feb 27, 2021 at 07:30:56AM +1000, David Gwynne wrote:
> >> i think this is enough to let vmd wire guests up to veb interfaces.
> > But please update vm.conf(5) to mention veb(4) and vport(4) in as well
> > SWITCH CONFIGURATION.
>
> How would you fit wording about vport(4) in?
>
> >
> > OK kn
>

Do we want to just talk only about veb/vport and remove all the old discussion
around bridge/vether?

Re: veb(4) support for vmd(8)?

2021-02-26 Thread David Gwynne 



> On 27 Feb 2021, at 7:50 am, Klemens Nanni  wrote:
> 
> On Sat, Feb 27, 2021 at 07:30:56AM +1000, David Gwynne wrote:
>> i think this is enough to let vmd wire guests up to veb interfaces.
> But please update vm.conf(5) to mention veb(4) and vport(4) in as well
> SWITCH CONFIGURATION.

How would you fit wording about vport(4) in?

> 
> OK kn

Re: veb(4) support for vmd(8)?

2021-02-26 Thread Klemens Nanni 
On Sat, Feb 27, 2021 at 07:30:56AM +1000, David Gwynne wrote:
> i think this is enough to let vmd wire guests up to veb interfaces.
But please update vm.conf(5) to mention veb(4) and vport(4) in as well
SWITCH CONFIGURATION.

OK kn

veb(4) support for vmd(8)?

2021-02-26 Thread David Gwynne 
i think this is enough to let vmd wire guests up to veb interfaces.

please remember that veb is not the same as bridge, so some care
has to be taken when replacing bridge with veb. the biggest difference
to note is that if you want the host to talk layer 3 (ie, ip, dhcp,
etc) with the guests, the host must have a vport(4) interface set
up for l3 and added to the veb(4). if you used vether for that, just
replace the vether interfaces with vports.

you can also have guests isolated from the host by not having vport
interfaces on their veb. you can still add a physical interface to the
veb to let guests talk l2 to the real world without having them talk to
the host they're running on.

lastly, veb doesnt filter (non-vport) ports by default. if you're
using pf and bridge to filter between guests, you have to allow pf
to run on veb by setting the link1 flag. care must be taken if
you're also filtering with pf on a vport(4) interface. if anyone is
having trouble with this bit and wants some more pointers, let me know.
i suspect you'll learn more from bitter experience though.

Index: config.c
===
RCS file: /cvs/src/usr.sbin/vmd/config.c,v
retrieving revision 1.58
diff -u -p -r1.58 config.c
--- config.c11 May 2019 19:55:14 -  1.58
+++ config.c26 Feb 2021 21:17:19 -
@@ -40,7 +40,7 @@
 #include "vmd.h"
 
 /* Supported bridge types */
-const char *vmd_descsw[] = { "switch", "bridge", NULL };
+const char *vmd_descsw[] = { "switch", "bridge", "veb", NULL };
 
 static int  config_init_localprefix(struct vmd_config *);
 
Index: priv.c
===
RCS file: /cvs/src/usr.sbin/vmd/priv.c,v
retrieving revision 1.15
diff -u -p -r1.15 priv.c
--- priv.c  28 Jun 2019 13:32:51 -  1.15
+++ priv.c  26 Feb 2021 21:17:19 -
@@ -81,7 +81,8 @@ priv_run(struct privsep *ps, struct priv
 int
 priv_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 {
-   const char  *desct[] = { "tap", "switch", "bridge", NULL };
+   const char  *desct[] = { "tap", "switch", "bridge",
+"veb", NULL };
struct privsep  *ps = p->p_ps;
struct vmop_ifreqvfr;
struct vmd  *env = ps->ps_env;