Hi, I am just played a bit with crossbow and build 46 and I am just impressed ! - On my system (with bge0) I creted a vnic1 interface with a zone. This was was plumbed and configured from the local zone during boot. With ifconfig -a I can no longer see from the global zone that there is this new vnic plumbed. - vnic has used dhcp to get all the ip config (address, nameserver, router) - I can also snoop from the global zone the vnic traffic. - I can snoop from the local zone network traffic. But I can not snoop from the local zone the global zone traffic.cool ! - Each zone (global and local) has as expected his own arp-cache and routing table. Questions: How can I see from the global zone which interfaces are plumbed in the local zones, which addresses are in use and how many stacks have been created ? I would like to see a zonecfg option to tell the zone explicite to use dhcp and not like today to use dhcp because no ip-address was configured. Detlef
Hi Detlef,> Hi, > I am just played a bit with crossbow and build 46 and I am > just impressed !Glad you like the bits. This is only about 50% of the functionality.> - On my system (with bge0) I creted a vnic1 interface with a > zone. This was was plumbed and configured from the local > zone during boot. With ifconfig -a I can no longer see from > the global zone that there is this new vnic plumbed. > > - vnic has used dhcp to get all the ip config (address, > nameserver, router) > > - I can also snoop from the global zone the vnic traffic. > > - I can snoop from the local zone network traffic. But I can > not snoop from the local zone the global zone traffic.cool ! > > - Each zone (global and local) has as expected his own > arp-cache and routing table. > > Questions: > How can I see from the global zone which interfaces are > plumbed in the local zones, which addresses are in use and > how many stacks have been created ?Not sure if those are already in the bits provided but if not, it would definitely be useful from the global zone. With the bits provided, you can use dladm show commands to see all the VNICs configured on a given NIC. We will also be adding support to show the mac addresses in use with each VNIC as well.> I would like to see a zonecfg option to tell the zone > explicite to use dhcp and not like today to use dhcp because > no ip-address was configured.OK. We will keep that in mind. Cheers, Sunay> > Detlef > > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://opensolaris.org/mailman/listinfo/crossbow-discuss >-- Sunay Tripathi Sr. Staff Engineer Solaris Core Networking Technologies Sun MicroSystems Inc. Solaris Networking: http://www.opensolaris.org/os/community/networking Project Crossbow: http://www.opensolaris.org/os/project/crossbow
Sunay Tripathi wrote:>Hi Detlef, > > >>Questions: >>How can I see from the global zone which interfaces are >>plumbed in the local zones, which addresses are in use and >>how many stacks have been created ? >> >> > >Not sure if those are already in the bits provided but if not, >it would definitely be useful from the global zone. With the >bits provided, you can use dladm show commands to see all >the VNICs configured on a given NIC. We will also be adding support >to show the mac addresses in use with each VNIC as well. > >and for the "how many stacks have been created" question, I suppose it can be useful to have new option, zonecfg list -e to display the zones with exclusive stacks. Alternatively, the output of zonecfg list can have an (*) in front of the name of a zone with an exclusive stack. Thoughts? preferences?> > >>I would like to see a zonecfg option to tell the zone >>explicite to use dhcp and not like today to use dhcp because >>no ip-address was configured >>I believe that''s the plan, through sysid.cfg. Kais.>>. >> >> > >OK. We will keep that in mind. > >Cheers, >Sunay > > > >>Detlef >> >>_______________________________________________ >>crossbow-discuss mailing list >>crossbow-discuss at opensolaris.org >>http://opensolaris.org/mailman/listinfo/crossbow-discuss >> >> >> > > > >
>>I would like to see a zonecfg option to tell the zone >>explicite to use dhcp and not like today to use dhcp because >>no ip-address was configured. > > > OK. We will keep that in mind.I strongly agree with Detlef. Without an explicit command to use DHCP, mis-configured zone(s) could consume DHCP address(es). A potential DoS. Also, a zone''s behavior should not be different from a standard install, i.e. global zone. No Solaris instant chooses, at least today, to be a DHCP client just because it was not given an IP address. Not sure if this is changing with Network Auto-Magic. Steffen> > Cheers, > Sunay > > >>Detlef >> >>_______________________________________________ >>crossbow-discuss mailing list >>crossbow-discuss at opensolaris.org >>http://opensolaris.org/mailman/listinfo/crossbow-discuss >> > > >
Kais Belgaied wrote On 09/01/06 13:57,:> Sunay Tripathi wrote: > >> Hi Detlef, >> >> >>> Questions: >>> How can I see from the global zone which interfaces are plumbed in >>> the local zones, which addresses are in use and how many stacks have >>> been created ? >>> >> >> >> Not sure if those are already in the bits provided but if not, >> it would definitely be useful from the global zone. With the >> bits provided, you can use dladm show commands to see all >> the VNICs configured on a given NIC. We will also be adding support >> to show the mac addresses in use with each VNIC as well. >> >> > > and for the "how many stacks have been created" question, I suppose it can > be useful to have new option, zonecfg list -e to display the zones with > exclusive stacks. > Alternatively, the output of zonecfg list can have an (*) in front of > the name of a zone with > an exclusive stack. > Thoughts? preferences?Neither. As more features are added (e.g. privilege delegation, more resource controls), they may each want to do something like this. It will lead to a lot of noise or confusing command line options with zonecfg, IMHO. Maybe a general option to zonecfg that returns all zones with a specific option set, a la ''zonecfg -l net:physical=*bge*'', or in this case ''zonecfg -l net:stacktype=excl*''. Or a zonelist, which will include those thing set dynamically (e.g. ifconfig ... zone <zonename>) instead of via the configuration files. Steffen
A clarification below... Kais Belgaied wrote On 09/01/06 13:57,:> Sunay Tripathi wrote: > >> Hi Detlef, >> >> >>> Questions: >>> How can I see from the global zone which interfaces are plumbed in >>> the local zones, which addresses are in use and how many stacks have >>> been created ? >>> >> >> >> Not sure if those are already in the bits provided but if not, >> it would definitely be useful from the global zone. With the >> bits provided, you can use dladm show commands to see all >> the VNICs configured on a given NIC. We will also be adding support >> to show the mac addresses in use with each VNIC as well. >> >> > > and for the "how many stacks have been created" question, I suppose it can > be useful to have new option, zonecfg list -e to display the zones with > exclusive stacks. > Alternatively, the output of zonecfg list can have an (*) in front of > the name of a zone with > an exclusive stack. > Thoughts? preferences?Neither. As more features are added (e.g. privilege delegation, more resource controls), they may each want to do something like this. It will lead to a lot of noise or confusing command line options with zonecfg, IMHO. Maybe a general option to zonecfg that returns all zones with a specific option set, a la ''zonecfg -l net:physical=*bge*'', or in this case ''zonecfg -l net:stacktype=excl*''. Or a zonelist, which will also include those thing set dynamically (e.g. ifconfig ... zone <zonename>) instead of just values set via the configuration files. Steffen
> Questions: > How can I see from the global zone which interfaces are > plumbed in the local zones, which addresses are in use and > how many stacks have been created ?Kais responded to the latter part of that question. For the earlier part, what you can do is zlogin <zonename> ifconfig -a Similarely, zlogin <zonename> netstat ... is useful. Note that this does IP address to hostname lookups using the name service that is configured for the non-global zone, and not what is in use in the global zone. That distinction is important, especially if you have multiple zones that use the same IP address space (e.g., multiple zones that use 10.0.0.0). Do you see a need to give a better overview of how the NICs/VNICs are used?> I would like to see a zonecfg option to tell the zone > explicite to use dhcp and not like today to use dhcp because > no ip-address was configured.Based on feedback from the PSARC discusion we will switch do the stack instances network configuration from within the zone. When that shows up (in the next crossbow build) you''d only specify physical=... in zonecfg, and do the rest using the normal tools (sysidtools, or a sysid.cfg deposited in the zone before it boots the first time.) Erik This message posted from opensolaris.org
On 09/01/06 20:35, Steffen Weiberle wrote:> Kais Belgaied wrote On 09/01/06 13:57,: > >> Sunay Tripathi wrote: >> >>> Hi Detlef, >>> >>> >>>> Questions: >>>> How can I see from the global zone which interfaces are plumbed in >>>> the local zones, which addresses are in use and how many stacks have >>>> been created ? >>>> >>> >>> >>> >>> Not sure if those are already in the bits provided but if not, >>> it would definitely be useful from the global zone. With the >>> bits provided, you can use dladm show commands to see all >>> the VNICs configured on a given NIC. We will also be adding support >>> to show the mac addresses in use with each VNIC as well. >>> >>> >> >> and for the "how many stacks have been created" question, I suppose it >> can >> be useful to have new option, zonecfg list -e to display the zones with >> exclusive stacks. >> Alternatively, the output of zonecfg list can have an (*) in front of >> the name of a zone with >> an exclusive stack. >> Thoughts? preferences? > > > Neither. As more features are added (e.g. privilege delegation, more > resource controls), they may each want to do something like this. It > will lead to a lot of noise or confusing command line options with > zonecfg, IMHO. > > Maybe a general option to zonecfg that returns all zones with a specific > option set, a la ''zonecfg -l net:physical=*bge*'', or in this case > ''zonecfg -l net:stacktype=excl*''.I like this idea from Steffen. Within this there would be a good chance to seach for special configurations. But zonecfg lists only the config, not the running zone. So an extension to "zoneadm list" or a special command to monitor/handle stackinstances would be required. I am not sure if dladm can make that. Possibly better is to extend zoneadm to keep the realated commands together and not spread to wide between different commands - so keep with zonecfg and zoneadm. Detlef> > Or a zonelist, which will include those thing set dynamically (e.g. > ifconfig ... zone <zonename>) instead of via the configuration files. > > Steffen > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://opensolaris.org/mailman/listinfo/crossbow-discuss-- Detlef Drewanz OS Ambassador Sun Microsystems GmbH Phone: (+49 30) 747096 856 Komturstrasse 18a Fax: (+49 30) 747096 878 D-12099 Berlin mailto:detlef.drewanz at sun.com http://blogs.sun.com/solarium
On 09/01/06 23:44, Erik Nordmark wrote:>> Questions: How can I see from the global zone which >> interfaces are plumbed in the local zones, which >> addresses are in use and how many stacks have been >> created ? > > > Kais responded to the latter part of that question. For > the earlier part, what you can do is zlogin <zonename> > ifconfig -a Similarely, zlogin <zonename> netstat ... is > useful. Note that this does IP address to hostname > lookups using the name service that is configured for the > non-global zone, and not what is in use in the global > zone. That distinction is important, especially if you > have multiple zones that use the same IP address space > (e.g., multiple zones that use 10.0.0.0).Ok, that''s a good idea, but it requires a login into each zone (maybe with scripting around to list e.g. 20 zones). So as my previous email a zoneadm list extension would be nice to get a "global" list. If you get the hostname lookups from the local zone, you get the "host-namespace" view from the local zone in the global zone which might be confusing for the global zone admin.> > Do you see a need to give a better overview of how the > NICs/VNICs are used?From my understanding the global zone admin should still be able to see "everything" from the local zones. So there should be an easy way to get an overview from the global zone about vnics and stack instances.> > >> I would like to see a zonecfg option to tell the zone >> explicite to use dhcp and not like today to use dhcp >> because no ip-address was configured. > > > Based on feedback from the PSARC discusion we will switch > do the stack instances network configuration from within > the zone. When that shows up (in the next crossbow build) > you''d only specify physical=... in zonecfg, and do the > rest using the normal tools (sysidtools, or a sysid.cfg > deposited in the zone before it boots the first time.)Ok, so that is than similar to what we do today in global zones. Detlef
Detlef Drewanz wrote:> Ok, that''s a good idea, but it requires a login into each > zone (maybe with scripting around to list e.g. 20 zones). So > as my previous email a zoneadm list extension would be nice > to get a "global" list. If you get the hostname lookups from > the local zone, you get the "host-namespace" view from the > local zone in the global zone which might be confusing for > the global zone admin.Maybe zoneadm list is a reasonable place. I have to go look at how trusted extensions approached getting more information out as well; whether or not trusted extended zoneadm list would be useful information on whether to extend it for stack instances. Erik