Bhyve NIC VM Association

Ryan Hamel · May 20, 2017

Original Bug Report: https://bugs.freenas.org/issues/23927

Hello,

Is it just me or is it just having this "feature" only set as "Nice To Have" strike a nerve with someone else? Why would you implement a virtual machine feature in a web interface, but not give a choice for the end user to associate that network interface to something on that system? That's the definition of a half baked featured.

Due to this bug, I cannot setup something like pfSense or any other system requiring multiple NICs, which is quite disappointing. Hopefully someone else has hit this limitation already.

Stux · May 21, 2017

Its not going to block the release if it's not there... is it?

Ergo, it's nice to have, but not critical, or a blocker.

Ericloewe · May 21, 2017

Ryan Hamel said:
Due to this bug, I cannot setup something like pfSense

Which would be a bad idea anyway, as discussed both here and on the pfSense forums.

Assigning NICs to VMs is useful in a few scenarios, but there are higher priority items.

Ryan Hamel · May 21, 2017

Ericloewe said:
Which would be a bad idea anyway, as discussed both here and on the pfSense forums.

While I may agree on certain aspects of that, it still doesn't mean that the technical capability should exist.

Please explain or link me to reasons why I should setup another server to be a firewall when I have a Supermicro 3U 16 bay E3 based server that sits mostly idle waiting for backups. It just seems horribly inefficient when someone lives in an area with a high electric bill.

If an IP is not bound to the interface (say for example eth1), how can it be attacked? If I need to protect myself from all corners, I could just write IPFW rules to accept traffic from the NIC to the specific tap interface and drop it going elsewhere.

Stux · May 21, 2017

Anyway, I think this approach should work until the custom NIC support is added to the GUI

http://davidnelson.me/?p=439

Arwen · May 21, 2017

Ryan Hamel said:
...
If an IP is not bound to the interface (say for example eth1), how can it be attacked?
...

Just taking this part... (The following you may know already.)

In Unix, IPs are bound to a specific network interface based on sub-nets. Further, using multiple IPs in the
same sub-net, but on different network interfaces may not have the desired result. Linux and Solaris have
special code to handle this, (Solaris' IPMP works great in Active-Active mode).

On the converse, attempting to use multiple sub-nets on the same network interface, (without VLANing), is
a bit un-usual. I did it for more than 10 years, and while it worked okay, it was not great for security.

m0nkey_ · May 21, 2017

Ryan Hamel said:
While I may agree on certain aspects of that, it still doesn't mean that the technical capability should exist.

FreeNAS, first and foremost is a file storage appliance. Virtual machines are an afterthought and are only coming as it's baked in natively to the FreeBSD kernel. If you want more control over virtual machines, install VMware ESXI, XenServer or ProxMox.

Important Announcement for the TrueNAS Community.

Bhyve NIC VM Association

Ryan Hamel

Cadet

Stux

MVP

Ericloewe

Server Wrangler

Ryan Hamel

Cadet

Stux

MVP

Arwen

MVP

m0nkey_

MVP

Similar threads