Post · bonfire.cafe

Creating a stretched layer-2 network for VMs (running in #bhyve) on #FreeBSD

And a first preparation for upcoming changes at @BoxyBSD@bsd.cafe and IPs in locations ;)

https://gyptazy.com/blog/creating-a-stretched-layer2-network-for-vms-in-bhyve-on-freebsd/

dch :flantifa: :flan_hacker:

@dch@bsd.network replied · 2 days ago

@gyptazy … AustRALIA that is a very stretchy VXLAN what are you going to use it for? @BoxyBSD very much looking forwards to hearing the next update!

Jeroen Massar

@jeroen@secluded.ch replied · 2 days ago

@gyptazy @stucchimax @BoxyBSD keep one thing in mind with VXLAN: it is unencrypted and unauthenticated, that means that a MITM can insert and observe packets, which can wreak havoc.

Wireguard etc is thus recommended on untrusted networks. IPSEC, hardware offloaded, is therefore still also a favorite.

Stretching VLANs, especially over longer distances also runs into a lot of fun latency-related issues, thus be aware; not even talking about packetloss.... though at least it is not over TCP ;)

gyptazy

@gyptazy@gyptazy.com replied · 2 days ago

@jeroen@secluded.ch@stucchimax@social.secret-wg.org@BoxyBSD@bsd.cafe absolutely correct

Stefano Marinelli

@stefano@mastodon.bsd.cafe replied · 4 days ago

@gyptazy @BoxyBSD that's a great post. Thank you!

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.2.11 no JS en

Automatic federation enabled