# What driver is suitable as virtual network interface?



## Unholy Saint (Feb 23, 2017)

Hello

I am migrating complex Linux setup. It has policy routing and NAT's over both BGP/bird and static routes, vlans, gre tunnel, vpn's, packet filtering, local services on xen domains (bridges), etc. Part of it's setup are pair of dummy interfaces, used as DMZ's with IP's from routed ranges (no ARP).

My question is: What driver must be used in FreeBSD to get same functionality as with dummy interfaces in Linux? From what i read until now vtnet and tap seem to be possible choices, however i can't figure which one is better. Also as i understand ng_eiface creates virtual interface, however i still can't figure if kernel routing works with netgraph when it is not bound to any physical interface (never used it before).

Just to note again. I an _not_ asking how to set alias/bridge/second mac/vlan/firewall forwarding/netgraph/etc., attached to one of the physical interfaces. What i need is virtual interface, completely independent from physical ones, with working routing to/from it. Possibility to bridge it to xen domains may be usable, but if impossible there are ways to go around.


----------



## SirDice (Feb 23, 2017)

vtnet(4) is not a "dummy" interface, it's a virtio interface used on virtual machines. The tap(4) interfaces are typically used for tunnels (OpenVPN for example) but vm(8) uses them to bridge VMs to virtual switches. If you want a real "dummy" interface you can clone lo(4).


----------



## Unholy Saint (Feb 23, 2017)

Thank you for the quick response. Just set (sample IP's of cause):


```
cloned_interfaces="lo1"
ifconfig_lo1_name="dummy0"
# 10.1.1.0/30 - staticaly routed to IP, set on one of the physical interfaces
ifconfig_dummy0_alias0="10.1.1.0/32"
ifconfig_dummy0_alias1="10.1.1.1/32"
ifconfig_dummy0_alias2="10.1.1.2/32"
ifconfig_dummy0_alias3="10.1.1.3/32"
# 10.1.2.0/24 - BGP announced to outside world and routed to layer3 switch
# 10.1.2.0 and 10.1.2.255 intercepted to be used for outgoing services (authoritative DNS for example)
ifconfig_dummy0_alias4="10.1.2.0/32"
ifconfig_dummy0_alias5="10.1.2.255/32"
```

The /30 works fine. BGP related stuff is far from set for now, but i suppose intercepting single routed IP's will work to.

-- edit

Confirming, BGP routed ranges from several FIB's work fine to.

Shame on me to ignore something so simple. Seems two years of routing with Linux were enough made me assume that replacing sparking plugs is supposed to be done via the exhaust tube...


----------

