I am reposting this in the crossbow discussion which might seem more appropriate... I have read all the documents at http://www.opensolaris.org/os/community/xen/docs and some outdated blog entries. I can''t seem to find current documentation on how xen networking is implemented on solaris. My solaris dom0 has only one physical network interface. I need to have each domU network interface bridged to a separate vnic with private IP addresses; this is similar to host-only network in vmware. I can do that on my linux dom0 using dummy interfaces. I can''t have them bridge to the same physical nic for security reasons. Also my ISP only knows about the MAC address of the physical nic and all my public IP addresses are only useable with that mac address; I will do full nat or port forwarding to connect the domUs to the internet if need be. I looked at the way vnic are created by xen (using /usr/lib/vna nic mac ) and it doesn''t seem to let me create a vnic that is not attached to a physical interface. I really need something like linux dummy interfaces. This message posted from opensolaris.org
I think you need the full VNIC implementation from Crossbow. It hasn''t delivered yet. The implementation of VNICs in Nevada today is more like "VNIC-lite". But stay tuned. -- Garrett Kugutsumen wrote:> I am reposting this in the crossbow discussion which might seem more appropriate... > > I have read all the documents at http://www.opensolaris.org/os/community/xen/docs and some outdated blog entries. I can''t seem to find current documentation on how xen networking is implemented on solaris. > > My solaris dom0 has only one physical network interface. > > I need to have each domU network interface bridged to a separate vnic with private IP addresses; this is similar to host-only network in vmware. I can do that on my linux dom0 using dummy interfaces. > > I can''t have them bridge to the same physical nic for security reasons. > > Also my ISP only knows about the MAC address of the physical nic and all my public IP addresses are only useable with that mac address; I will do full nat or port forwarding to connect the domUs to the internet if need be. > > > > I looked at the way vnic are created by xen (using /usr/lib/vna nic mac ) and it doesn''t seem to let me create a vnic that is not attached to a physical interface. I really need something like linux dummy interfaces. > > > This message posted from opensolaris.org > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss >
Garrett D''Amore wrote:> I think you need the full VNIC implementation from Crossbow. It hasn''t > delivered yet. The implementation of VNICs in Nevada today is more like > "VNIC-lite". But stay tuned. >yep. See also anchor vnics in the virtual switching doc: http://opensolaris.org/os/project/crossbow/Docs/virtualswitch.pdf Kais.> -- Garrett > > Kugutsumen wrote: > >> I am reposting this in the crossbow discussion which might seem more appropriate... >> >> I have read all the documents at http://www.opensolaris.org/os/community/xen/docs and some outdated blog entries. I can''t seem to find current documentation on how xen networking is implemented on solaris. >> >> My solaris dom0 has only one physical network interface. >> >> I need to have each domU network interface bridged to a separate vnic with private IP addresses; this is similar to host-only network in vmware. I can do that on my linux dom0 using dummy interfaces. >> >> I can''t have them bridge to the same physical nic for security reasons. >> >> Also my ISP only knows about the MAC address of the physical nic and all my public IP addresses are only useable with that mac address; I will do full nat or port forwarding to connect the domUs to the internet if need be. >> >> >> >> I looked at the way vnic are created by xen (using /usr/lib/vna nic mac ) and it doesn''t seem to let me create a vnic that is not attached to a physical interface. I really need something like linux dummy interfaces. >> >> >> This message posted from opensolaris.org >> _______________________________________________ >> crossbow-discuss mailing list >> crossbow-discuss at opensolaris.org >> http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss >> >> > > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss > >
>yep. > >See also anchor vnics in the virtual switching doc: >http://opensolaris.org/os/project/crossbow/Docs/virtualswitch.pdf > >Kais.Anchor VNICs is exactly what I need. Is it only available in the crossbow bits? What about b75? I read more crossbow have been brought in the xVM putback. In Xen Drop b66, I can see the vnic created by the xen script dladm show-link e1000g1 type: non-vlan mtu: 1500 device: e1000g1 vnic900 type: non-vlan mtu: 1500 device: vnic900 is there any way to route to that interface directly? for example my domU has IP2 and dom0 has IP1 I want to set a direct route to IP2 but the route command requires an IP address to the iface argument; so I have to do route add -host IP2 -iface IP1 ... I would prefer if packets destined to IP2 would be sent directly to the vnic interface. This message posted from opensolaris.org
On Oct 19, 2007, at 3:19 AM, Kugutsumen wrote:>> yep. >> >> See also anchor vnics in the virtual switching doc: >> http://opensolaris.org/os/project/crossbow/Docs/virtualswitch.pdf >> >> Kais. > > Anchor VNICs is exactly what I need. Is it only available in the > crossbow bits? What about b75? I read more crossbow have been > brought in the xVM putback.Currently they exist only in one of my workspaces. I should be able to integrate them for our next Crossbow release, which will also include the merge with Xen.> In Xen Drop b66, I can see the vnic created by the xen script > > dladm show-link > e1000g1 type: non-vlan mtu: 1500 device: e1000g1 > vnic900 type: non-vlan mtu: 1500 device: vnic900 > > is there any way to route to that interface directly? for example > my domU has IP2 and dom0 has IP1 > > I want to set a direct route to IP2 but the route command requires > an IP address to the iface argument; so I have to do route add - > host IP2 -iface IP1 ... I would prefer if packets destined to IP2 > would be sent directly to the vnic interface.As long as the VNIC is created on top of e1000g1 and dom0 plumbs e1000g1, they will share the same virtual switch of e1000g1, and the packets will be sent to the VNICs using their assigned MAC addresses. So this will not satisfy the requirement you stated in your first email: "I can''t have them bridge to the same physical nic for security reasons." To build your private network you need an anchor VNIC, or until that''s available another NIC which you can dedicate to that private network. Nicolas.> > > This message posted from opensolaris.org > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss-- Nicolas Droux - Solaris Core OS - Sun Microsystems, Inc. droux at sun.com - http://blogs.sun.com/droux
any progress in recent builds? My ISP is locking me out because they think I am spoofing IP addresses, all this traffic is coming out from unregistered mac address... they think I am arp spoofing... I really need to be able to use anchor vnic or I will have to switch back to linux and dummy interfaces. This message posted from opensolaris.org
On 27 Nov 2007, at 5:35pm, Kugutsumen wrote:> any progress in recent builds? > > My ISP is locking me out because they think I am spoofing IP > addresses, all this traffic is coming out from unregistered mac > address... they think I am arp spoofing... > > I really need to be able to use anchor vnic or I will have to > switch back to linux and dummy interfaces.Is it possible that you could put an otherwise unused network card into your machine? You can then use it as an anchor for the VNICs, rather than your normal interface (at which point you should be able to NAT). dme. -- David Edmondson, Solaris Engineering, http://dme.org
unfortunately I can''t. This is a dedicated hosting and have standard hardware for their customers. I asked them if they could add a network card and they refused. Linux and *BSD have had dummy interfaces forever. Why is it such an issue to have something similar in Solaris. This message posted from opensolaris.org
On 28 Nov 2007, at 7:30am, Kugutsumen wrote:> unfortunately I can''t. This is a dedicated hosting and have > standard hardware for their customers. I asked them if they could > add a network card and they refused. > > Linux and *BSD have had dummy interfaces forever. Why is it such an > issue to have something similar in Solaris.It''s not - someone just has to write the (relatively small) amount of code. If you wanted to do it we could provide help (and perhaps even a sample to work from). dme. -- David Edmondson, Solaris Engineering, http://dme.org
On 28 Nov 2007, at 7:47am, K wrote:> sure, although Roux said in this thread he already wrote the code. > I also read the documentation for these anchor interfaces. > > Roux mentioned a putback and merge with Xen which already used > parts from the crossbow project.The bits of Crossbow that were putback in nv75 (with the Solaris on Xen port) don''t include the anchor vnic support. That should arrive when Crossbow itself integrates, which I believe is due in cq1 2008. dme. -- David Edmondson, Solaris Engineering, http://dme.org
We are doing a merge of Crossbow with a more recent build of Nevada, so we should have new "pre-release" archives which include both Crossbow and Xen in around mid-December. I should be able to integrate the anchor VNIC functionality by then. The distribution will be through a pre-integration bfu archive until Crossbow putback next year. Nicolas. Kugutsumen wrote:> any progress in recent builds? > > My ISP is locking me out because they think I am spoofing IP addresses, all this traffic is coming out from unregistered mac address... they think I am arp spoofing... > > I really need to be able to use anchor vnic or I will have to switch back to linux and dummy interfaces. > > > This message posted from opensolaris.org > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss-- Nicolas Droux - Solaris Core OS - Sun Microsystems, Inc. droux at sun.com - http://blogs.sun.com/droux