What does 'cloned_interfaces' in rc.conf accomplish?

cloned_interfaces is one of the several settings in rc.conf, rc.conf.local, et al. that control the setting up and shutting down of network interfaces. In the Mewburn rc system it is /etc/rc.d/netif that is mostly responsible for using these settings. With nosh system management the external formats import subsystem takes these settings and translates them into a suite of single-shot and long-running services in /var/local/sv.

Both systems at their bases run ifconfig a lot and run some long-running dæmons.

cloned_interfaces is almost the same as the network_interfaces setting in that it lists network interfaces to be brought up and shut down. The single difference between the twain is that network_interfaces describes network interfaces that pre-exist, because hardware detection (of network interface hardwares) has brought them into existence; whereas cloned_interfaces are network interfaces that are brought into existence by dint of these service startup and shutdown actions alone.

A bridge, tap, or epair network interface does not represent actual network interface hardware. Thus an extra step is necessary in startup and shutdown, the point where a new network interface is cloned and destroyed. This is done with, again, the ifconfig command. The first bridge network interface is cloned by running ifconfig bridge0 create, and destroyed with ifconfig bridge0 destroy. Listing bridge0 in the cloned_interfaces list causes this to happen and these commands to be run first and last; whereas listing it in network_interfaces would not, and the system would assume that there was an existing bridge0 device to be manipulated.

(Technically, the loopback interface is not hardware, either. It is cloned, too; hence the first cloned loopback interface being lo0, for those who have ever wondered about the name. But there is special casing for it because it is not optional as bridges, taps, and epairs are.)

Other than that, the two sets of interfaces are treated the same.

Further reading

  • Jonathan de Boyne Pollard (2017). "Networking". nosh Guide. Softwares.
  • Andrew Thompson. "Bridging". FreeBSD Handbook.
  • Brooks Davis (2004). The Challenges of Dynamic Network Interfaces.

With cloned_interfaces you can do multiple things, for example:

  • Adjusting FreeBSD Virtual LAN Configuration: VLAN is a group of hosts with a common set of requirements that communicate as if they were attached to the same wire, regardless of their physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same LAN segment. Network reconfiguration can be done through software instead of physically relocating devices. To make configuration persistence, open /etc/rc.conf:

    vi /etc/rc.conf

Append / modify as follows:

cloned_interfaces="vlan0"
ifconfig_vlan0="inet x.x.x.x netmask y.y.y.y vlan 2 vlandev em0"
  • Creating a permanent loopback interface (FreeBSD), by using ifconfig lo1 create, then adding the following to /etc/rc.conf:

cloned_interfaces="lo1"

ifconfig_lo1="inet a.b.c.d/netmask"

where a.b.c.d is the ip address.

  • Linking aggregation/bonding in FreeBSD using link aggregation control protocol LACP: to bond multiple ethernet links together in FreeBSD is fairly simple, for example use LACP which does require some switch configuration to work, then ensure the link aggregation module is started at boot, so edit /boot/loader.conf and add the following line:

    if_lagg_load=”YES”

Now configure the port… in this example we will bond igb0 and bge0 together into a two port LACP bundle. We will assign the IP 192.0.2.10/24 to the interface. Add the following to /etc/rc.conf:

cloned_interfaces=”lagg0″
ifconfig_igb0=”up”
ifconfig_bge0=”up”
ifconfig_lagg0=”laggproto lacp laggport igb0 laggport bge0 up”
ifconfig_lagg0_alias0=”inet 192.0.2.10/24″
  • FreeBSD Jail with Single IP, let's say we have the following scenario: you have a FreeBSD VPS with a single IP and you wish to create a FreeBSD jail for additional security and/or isolation. For this write up I’ll illustrate how you can use a single VPS with a jail create on an internal IP with both NAT access and port-forwarding to the jail for specific ports (web, ssh, etc). Then create the local interface as follows:

In your rc.conf clone the loopback interface to lo1 so that we can use the 192.168., 10., or 172.16.* for our private jail network.

cloned_interfaces="lo1"
ipv4_addrs_lo1="192.168.0.1-9/29"

The above will create a lo1 loopback device with 192.168.0.1 thru 192.168.0.9 created on that interface. From here we’ll create a jail with 192.168.0.2. Then we’ll configure PF to allow outbound traffic (NAT) from those local addresses as well as pass web (80) and SSH port to a specific jail IP.

  • Enabling the Bridge: In FreeBSD, if_bridge is a kernel module which is automatically loaded by ifconfig when creating a bridge interface. It is also possible to compile bridge support into a custom kernel by adding device if_bridge to the custom kernel configuration file. The bridge is created using interface cloning. To create the bridge interface:

    # ifconfig bridge create bridge0 # ifconfig bridge0

    bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 96:3d:4b:f1:79:7a id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0

When a bridge interface is created, it is automatically assigned a randomly generated Ethernet address. The maxaddr and timeout parameters control how many MAC addresses the bridge will keep in its forwarding table and how many seconds before each entry is removed after it is last seen. The other parameters control how STP operates.

Next, specify which network interfaces to add as members of the bridge. For the bridge to forward packets, all member interfaces and the bridge need to be up:

# ifconfig bridge0 addm fxp0 addm fxp1 up
# ifconfig fxp0 up
# ifconfig fxp1 up

The bridge can now forward Ethernet frames between fxp0 and fxp1. Add the following lines to /etc/rc.conf so the bridge is created at startup:

cloned_interfaces="bridge0"
ifconfig_bridge0="addm fxp0 addm fxp1 up"
ifconfig_fxp0="up"
ifconfig_fxp1="up"

If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces. The address can be set statically or via DHCP. This example sets a static IP address:

# ifconfig bridge0 inet 192.168.0.1/24

It is also possible to assign an IPv6 address to a bridge interface. To make the changes permanent, add the addressing information to /etc/rc.conf.

These are some of the applications of cloned_interfaces!!

More: 1, 2, 3, 4

Tags:

Configuration

Freebsd

Network Interface

Recent Posts