This has already been reported in https://bugs.freenas.org/issues/3321
Currently a jail's network interface can only be bound to the interface that connects to the default route (for the host not the jail). As far as I've been able to ascertain it searches for the interface and then adds the epair interface to the same bridge as the physical interface.
First, let me commend FreeNAS. It's a great job and manages to simplify administration of a FreeBSD system extremely well and in most aspects is a good enterprise product. However (and of course this is a however) it currently only manages to be a small business class product as regards multiple interfaces for jails.
For an enterprise the main attraction of Jails are delegation and demarcation of responsibility and security. It is routine to segment subnets to achieve this aim and so one type of system will only be allowed on one subnet etc..
VLANs go some way to achieve this but physical separation is much better in protecting data from the prying eyes of network support (the assumption is the no one part of an organisation can be trusted to see everything).
While LACP solves the issue of using available network interfaces to their utmost performance capabilities, it does not handle the security requirements of an enterprise.
This should be a relatively simple fix, either some gui dropdown, a command line configuration to warden or an automatic binding to a physical interface depending on configured default route. The last one is my preferred option but it does imply less flexibility.
I hope that you consider this important. I think that though this won't speed up adoption in enterprises, it should at least remove a potential negative for TrueNAS etc....
Currently a jail's network interface can only be bound to the interface that connects to the default route (for the host not the jail). As far as I've been able to ascertain it searches for the interface and then adds the epair interface to the same bridge as the physical interface.
First, let me commend FreeNAS. It's a great job and manages to simplify administration of a FreeBSD system extremely well and in most aspects is a good enterprise product. However (and of course this is a however) it currently only manages to be a small business class product as regards multiple interfaces for jails.
For an enterprise the main attraction of Jails are delegation and demarcation of responsibility and security. It is routine to segment subnets to achieve this aim and so one type of system will only be allowed on one subnet etc..
VLANs go some way to achieve this but physical separation is much better in protecting data from the prying eyes of network support (the assumption is the no one part of an organisation can be trusted to see everything).
While LACP solves the issue of using available network interfaces to their utmost performance capabilities, it does not handle the security requirements of an enterprise.
This should be a relatively simple fix, either some gui dropdown, a command line configuration to warden or an automatic binding to a physical interface depending on configured default route. The last one is my preferred option but it does imply less flexibility.
I hope that you consider this important. I think that though this won't speed up adoption in enterprises, it should at least remove a potential negative for TrueNAS etc....
