Me, too. Can''t get ipfilter to redirect anything. Also on snv_134, and are trying to implement our first instance of a non-global zone-based ''software'' router. As a result, am having some trouble teasing out my own errors from what might be ''bugs'' or ''unimplemented features''. One of these questions surrounds nwam vs. manual network configuration. We do have a perfectly good, working nic configuration using nwam; however, cannot get the interface up using manual configuration at all. So, the real question: Before digging further into a rabbit hole, can we use all features of Crossbow and ipfilter using nwam (as long as we don''t use aggregates)? Various documents here suggest that crossbow and nwam are now fully integrated as of a few revs ago - with the exception that integration of aggregates has not been implemented. Can anyone here offer an authoritative position on this? Many thanks in advance. Lou -- This message posted from opensolaris.org
Michael Hunter
2010-Apr-07 01:42 UTC
[crossbow-discuss] ipnat does not redirect any packets.
On Tue, 06 Apr 2010 14:19:41 -0700 (PDT) Dr Lou <LouPicciano at comcast.net> wrote: [...]> One of these questions surrounds nwam vs. manual network configuration. We do have a perfectly good, working nic configuration using nwam; however, cannot get the interface up using manual configuration at all.Any chance that is because network/physical:nwam is enabled and you are trying to manipulate the configuration at the same time? That causes painful confusion.> > So, the real question: Before digging further into a rabbit hole, can we use all features of Crossbow and ipfilter using nwam (as long as we don''t use aggregates)? Various documents here suggest that crossbow and nwam are now fully integrated as of a few revs ago - with the exception that integration of aggregates has not been implemented. > > Can anyone here offer an authoritative position on this?[...] I wouldn''t really consider aggregations a specific feature of crossbow. So I''m just going to replace "Crossbow and ipfilter" in your question with "networking". Networking features that are not fully integrated with (you can''t configure with) nwam include vnics, vlans, aggregations, and ipmp (essentially "layered" network technologies). nwam attempt to not interfere with these technologies but in some cases that means you need to create an NCP that leaves the involved network objects out of the configuration. Michael
Lou Picciano
2010-Apr-07 02:46 UTC
[crossbow-discuss] ipnat does not redirect any packets.
Michael, Many thanks for your comments. I do appreciate your trying to work it through. OK, for starters, sounds like we should be focusing on physical:manual; specifically, disabling physical:nwam.> Any chance that is because network/physical:nwam is enabled and you are > trying to manipulate the configuration at the same time?No, have been very sure in various tests to enable/disable the unused service. Having started with openSolaris some time ago (and Solaris SPARC a _long_ time ago), can''t remember exactly what was going wrong in trying to set up an rge0 interface using physical:manual - perhaps a problem with the driver for the Realtek nic chip? Anyway, since nwam simply worked, we left it at that.> I wouldn''t really consider aggregations a specific feature of > crossbow. So I''m just going to replace "Crossbow and ipfilter" in your > question with "networking".I didn''t mean to suggest I thought it was. *Just that one comment we read indicated that all network features are fully integrated with nwam, with the exception of aggregation. In our case, a ggregates are not yet in the picture; later, perhaps... (nwam is kinda annoying anyway; anything with the word ''magic'' in its name doesn''t belong on a computer (sic)).> Networking features that are not fully integrated with (you can''t > configure with) nwam include vnics, vlans, aggregations, and ipmp > (essentially "layered" network technologies). nwam attempt to not > interfere with these technologies but in some cases that means you need > to create an NCP that leaves the involved network objects out of the > configuration.In short, what we''re trying to do: On a multi-zone openSolaris ''ZoneBox'', we''d like to set up one IP Address (VNIC interface?) as a DMZ address. We''d like to direct all traffic from an externally-facing gateway to this address, then use - I had assumed - IP Forwarding to manage traffic to other IP Address/VNICs/zones based on port, including some IP addresses external to ZoneBox. IE, DNS on one zone, http on another, database on a third, etc. Effectively, to build a software port-forwarding switch. Understanding that Crossbow is primarily intended as a MAC-level resource management mechanism, we may not really need it for a ''simple'' multi-zone vnic configuration, correct? What is the source you''d direct us to for setting up manual networking for our rge interface(s)? Using ''manual'' network configuration in the desktop GUI does not work. *I think one of the problems we''re having is ''version-izing'' the various comments and recipes we''re coming across. Some people are commenting on old iterations of Crossbow (I myself first got interested in it several years ago...) Others appear to be commenting on latest features, some as recent as in snv_134 Many thanks for your insights. Lou ----- Original Message ----- From: "Michael Hunter" <michael.hunter at oracle.com> To: "Dr Lou" <LouPicciano at comcast.net> Cc: crossbow-discuss at opensolaris.org Sent: Tuesday, April 6, 2010 9:42:55 PM GMT -05:00 US/Canada Eastern Subject: Re: [crossbow-discuss] ipnat does not redirect any packets. On Tue, 06 Apr 2010 14:19:41 -0700 (PDT) Dr Lou <LouPicciano at comcast.net> wrote: [...]> One of these questions surrounds nwam vs. manual network configuration. We do have a perfectly good, working nic configuration using nwam; however, cannot get the interface up using manual configuration at all.Any chance that is because network/physical:nwam is enabled and you are trying to manipulate the configuration at the same time? That causes painful confusion.> > So, the real question: Before digging further into a rabbit hole, can we use all features of Crossbow and ipfilter using nwam (as long as we don''t use aggregates)? Various documents here suggest that crossbow and nwam are now fully integrated as of a few revs ago - with the exception that integration of aggregates has not been implemented. > > Can anyone here offer an authoritative position on this?[...] I wouldn''t really consider aggregations a specific feature of crossbow. So I''m just going to replace "Crossbow and ipfilter" in your question with "networking". Networking features that are not fully integrated with (you can''t configure with) nwam include vnics, vlans, aggregations, and ipmp (essentially "layered" network technologies). nwam attempt to not interfere with these technologies but in some cases that means you need to create an NCP that leaves the involved network objects out of the configuration. Michael -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20100407/0ed71692/attachment.html>