FreeBSD VNET Jails Networking
a year ago
- #FreeBSD
- #Infrastructure
- #Networking
- Uxtly runs on two servers, each with three jails for databases, application servers, and reverse proxies.
- Each server has two virtual switches (ibridge for database replication and xbridge for traffic routing) and two network interfaces (internal and external).
- Seven virtual cables (epair) connect jails and bridges, with four encrypted tunnels (spiped) for secure communication.
- Load balancing is achieved via DNS round-robin with 'A' records for each server.
- Configuration files are identical across servers, reading server-specific settings from separate files.
- The firewall (pf) denies all traffic by default, allowing only necessary connections with rate limits and specific IP allowances.
- Jails have their own rc.conf files for boot-time configurations, including VNICs, gateways, and services.
- Backups and deployments are managed via rsync from an orchestration server.
- Bare-metal servers are cost-effective compared to cloud services once cloud bills exceed $240/month.
- Hardware failures can be mitigated with hot spares, especially for disk failures using ZFS mirroring.