On 04/13/10 08:25, Jesper S?derlund wrote:> I came as far as having a zone running the ILB and target zones > running on a internal (crossbow) network and but ran into some IP > routing / forwarding issues that I weren''t able to resolve. I should > go into some of the OpenSolaris forums to try to get help resolving > that, but other things have taken over right now. > > I''m sort of waiting for the 2010.03 final release to happen but that > seems to have delayed, to make sure that I troubleshoot on a "golden" > release, do you know anything about the timing of 2010.03? > > The admin CLI interface was quite convenient and robust as far as I > can tell. ILB also load balanced the connections nicely. I ran it with > some load in establishing connections with a reasonable load for quite > some time and it seemed stable and cleaned up connections as expected. > > When running on lower load and watching streaming video. The video > stream started to come "choppy". Sort of experiencing temporary > "freezes" for the non ILB-traffic. Granted this is not a typical use > case for a server :) but it still points to the fact that the > crossbow-stack weren''t able to cope to well will resource management > in this situation. > > /JesperJesper, I am ccing the Crossbow mail alias, so that you can share your experience( and get resolution) Sangeeta
Jesper, am having problems very similar to yours, and can''t quite figure it out - I wish I were offering you a solution here! Like you, have had no problem setting up a virtual network, but cannot resolve the NAT rules to do port-based forwarding to our various zones - and, in some cases, to external hosts. In our case, we''ve got several vnics over one etherstub, to generate a private network. Using the ''stub as we need to do redirecting between subnets. Docs indicate we can''t do port-forwarding on the same subnet, as this constitutes ''mirroring''. We''re modeling based on Nicolas Droux'' very helpful article: http://blogs.sun.com/droux/entry/private_virtual_networks_for_solaris, but cannot seem to get this concept working: rdr rge0 192.168.42.100/32 port 5432 -> 192.168.0.105 port 5432 Can anyone shed some light on this? Thanks in advance. -- This message posted from opensolaris.org
This may help also: http://hub.opensolaris.org/bin/view/Community+Group+testing/crossbow Cheers, Jim Dr Lou wrote:> Jesper, > > am having problems very similar to yours, and can''t quite figure it out - I wish I were offering you a solution here! > > Like you, have had no problem setting up a virtual network, but cannot resolve the NAT rules to do port-based forwarding to our various zones - and, in some cases, to external hosts. > > In our case, we''ve got several vnics over one etherstub, to generate a private network. Using the ''stub as we need to do redirecting between subnets. Docs indicate we can''t do port-forwarding on the same subnet, as this constitutes ''mirroring''. > > We''re modeling based on Nicolas Droux'' very helpful article: http://blogs.sun.com/droux/entry/private_virtual_networks_for_solaris, but cannot seem to get this concept working: > > rdr rge0 192.168.42.100/32 port 5432 -> 192.168.0.105 port 5432 > > Can anyone shed some light on this? Thanks in advance. >
Jim, We''ve also tried exactly that model, since it''s pretty close to what we want to do - no joy. I''ll run through it again tomorrow... Thanks for getting back. Lou -- This message posted from opensolaris.org
Jim, Indeed, this is exactly a recipe we''ve tried in the past - ran through it again this morning. Right off the bat, getting a syntax error on the ''->'' options in [b]ipnat''s[/b] map command: # svcs -xv svc:/network/ipfilter:default (IP Filter) State: maintenance Reason: Start method exited with $SMF_EXIT_ERR_CONFIG. (syntax error error at "-&") Also - perhaps an aside - I didn''t have the reference to the loopback interface in our /etc/hosts file: 127.0.0.1 OurHostName But, when it''s added, can''t get svc network/physical:default to boot! OK, first things first: Am now mining ipfilter docs to see how to replace those ''-&'' options... Any ideas/shortcuts/insights? -- This message posted from opensolaris.org
On 04/17/10 08:36 AM, Dr Lou wrote:> Right off the bat, getting a syntax error on the ''->'' options in > [b]ipnat''s[/b] map command:Sorry about that (wiki conversion error). ''->'' == ''->'' For example: # cat /etc/ipf/ipnat.conf map nge0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp auto map nge0 192.168.1.0/24 -> 0.0.0.0/32 rdr nge0 192.99.105.33/32 port 20100 -> 192.168.1.100 port 22 Cheers, Jim