[Bug 280648] Traffic leak between fibs

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280648

--- Comment #27 from Zhenlei Huang <zlei@FreeBSD.org> ---
(In reply to Egor from comment #0)
> Hello everyone. I met a problem with my Freebsd configuration. I used two fibs fib0
> for management and fib1 for traffic routing. When i tried to connect to my freebsd
> my ssh session was closed by timeout. This session passed fib1 then it passed a 
> switch and then this traffic came to mgmt interface in fib0.

(In reply to Egor from comment #26)
> Hello, Zhenlei Huang. I want to separate my traffic for two different routing
> tables. Jails looks like overhead that will make maintain of the system more complicated.

So you set fib0 for management, and fib1 for traffic routing, that is good.

For jail setup, it is quite simple. Just leave the host (vnet0) as management,
and spawn a dedicated vnet jail (say vnet1) for traffic routing, and move all
the interfaces those participate the traffic routing and routing daemons to
vnet1.

The architecture is more clear rather than more complicated. You will benefit
separated firewall rules, fine tuned ( per vnet sysctl knobs ), robust OOB
management, etc.

Yes, the overhead is one more vnet jail and some setup.

-- 
You are receiving this mail because:
You are the assignee for the bug.