Virtual Isolated Network with Netgraph

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Paul Procacci <pprocacci_at_gmail.com>
Date: Fri, 09 Feb 2024 06:20:11 UTC

Hey all,

I had an itch for testing netgraph; comparing the performance of it next to
if_bridge/epair.

I however have come across a problem that I'm not sure how to resolve.  I'm
hopeful someone knows.

I'd like to do the following:

+------------------+
|    ng_eiface  |
+------------------+
          |
+------------------+
|    ng_bridge  |
+------------------+
          |
+------------------+
|    ng_eiface  |
+------------------+

Seems simple enough.  However, I don't want to dangle any of the nodes off
of a physical interface and want to keep the ngeth* and ng_bridge* devices
completely isolated and virtual.  Eventually the thought is I'll stick each
ng_eiface into a separate jail and go about my merry way.

The above is easily accomplished with if_bridge and epair; I certainly
understand this.
This is just an exercise to replicate the capabilities of if_bridge/epair
with just netgraph.

Thoughts?

~Paul

-- 
__________________

:(){ :|:& };: