<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Bitstream Vera
Sans"><br>
Hello,<br>
<br>
I am trying to have dns <b>automatically</b> configured through
dhcp<br>
in a non-global zone that uses a vnic.<br>
<br>
The issue I have is that the /etc/resolv.conf file is not
automatically<br>
created and the /etc/hosts file is not modified either.<br>
<br>
I noticed that the network auto-magic service is not available on
my system.<br>
could it be the reason?<br>
<br>
Here is some detail about what I am doing.<br>
<br>
I created a VNIC vnic2 and a non-global zone.<br>
<br>
When creating the non-global zone I set the "ip-type" to
"exclusive"<br>
and used "add net" and "setphysical=vnic2" to specify
that the<br>
zone should be using vnic2 to access the network.<br>
<br>
Then, after zlogin into the non-global zone, I configure vnic2 to
use dhcp:<br>
<br>
# ifconfig vnic2 plumb<br>
# ifconfig vnic2 dhcp primary start<br>
<br>
Using "ifconfig -a" I check that vnic2 successfully acquired an IP
address.<br>
<br>
Yet, when using "nslookup" to resolve a remote hostname, I get
the<br>
message that "no dns server could be reached".<br>
<br>
The reason is that the file /etc/resolv.conf does not exist in the
non-global zone.<br>
Now if I look at /etc/default/dhcpagent in the non-global zone, dns
server & domain<br>
are specified as parameters to be acquired through dhcp.<br>
<br>
I am using the OpenSolaris bits from </font></font><a
class="moz-txt-link-freetext"
href="http://www.opensolaris.org/os/project/crossbow/snapshots/">http://www.opensolaris.org/os/project/crossbow/snapshots/</a><br>
<br>
Thanks,<br>
Thierry<br>
<font size="-1"><font face="Bitstream Vera
Sans"></font></font>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<title>signature</title>
<meta content="Thierry Manfe" name="author">
<style type="text/css" media="screen">
<!--
td {font-family: "Bitstream Vera Sans",Verdana,sans-serif}
td {font-size:10pt}
a {text-decoration:none}
a:link{color:#587993}
a:hover{color:#e76f00; font-weight:bold}
-->
</style>
<table style="width: 366px; height: 123px;" border="0"
cellpadding="0"
cellspacing="0">
<tbody>
<tr valign="top">
<td height="121" width="121"> <img
alt="" moz-do-not-send="true"
src="http://www.sun.com/emrkt/sigs/6g_top.gif"
style="border: 0px solid ; width: 121px; height: 116px;"
align="top"></td>
<td height="121" width="329">Thierry
Manfé<r>
Sun Microsystems<br>
ISV Engineering<br>
Phone: +33-1-34-03-01-64<br>
Mobile: +33-6-84-62-85-10<br>
<br>
<a
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a><br>
<a
href="http://opensolaris.org">http://opensolaris.org</a><br>
<a
href="http://netbeans.org">http://netbeans.org</a><br>
</r></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>
Thierry,
For some reason the configuration of the non global zone seems to be
requiring an IP address
all the time., Then only it allows to boot the zone and manually touch
/etc/dhcp.vnic1.
Even with that, I still the same problem which is the inability to get
/etc/resolv.conf
automatically.
/sbin/dhcpinfo can successfully retrieve DNSdmain and DNSserv needed to
populate
/etc/resolv.conf.
The problem is the SMF method invoked by network/service:default
(that is /lib/svc/method/net-svc) finds a wrong setting of some env
variable that finds "none" as the
naming service (set by smf_netstrategy) instead of dhcp.
We''ll file a bug to track this.
In the meantime, a work around is to manually create an /etc/resolv.conf
from the output of
/sbin/dhcpinfo {DNSdmain, DNSserv} run in the non global zone.
Merci,
Kais.
Thierry Manf? wrote:>
> Hello,
>
> I am trying to have dns *automatically* configured through dhcp
> in a non-global zone that uses a vnic.
>
> The issue I have is that the /etc/resolv.conf file is not
> automatically
> created and the /etc/hosts file is not modified either.
>
> I noticed that the network auto-magic service is not available on
> my system.
> could it be the reason?
>
> Here is some detail about what I am doing.
>
> I created a VNIC vnic2 and a non-global zone.
>
> When creating the non-global zone I set the "ip-type" to
"exclusive"
> and used "add net" and "setphysical=vnic2" to
specify that the
> zone should be using vnic2 to access the network.
>
> Then, after zlogin into the non-global zone, I configure vnic2 to
> use dhcp:
>
> # ifconfig vnic2 plumb
> # ifconfig vnic2 dhcp primary start
>
> Using "ifconfig -a" I check that vnic2 successfully acquired
an IP
> address.
>
> Yet, when using "nslookup" to resolve a remote hostname, I
get the
> message that "no dns server could be reached".
>
> The reason is that the file /etc/resolv.conf does not exist in the
> non-global zone.
> Now if I look at /etc/default/dhcpagent in the non-global zone,
> dns server & domain
> are specified as parameters to be acquired through dhcp.
>
> I am using the OpenSolaris bits from
> http://www.opensolaris.org/os/project/crossbow/snapshots/
>
> Thanks,
> Thierry
> --
> Thierry Manf? Sun Microsystems
> ISV Engineering
> Phone: +33-1-34-03-01-64
> Mobile: +33-6-84-62-85-10
>
> http://partneradvantage.sun.com
> http://opensolaris.org
> http://netbeans.org
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> crossbow-discuss mailing list
> crossbow-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss
>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Bitstream Vera
Sans"><br>
<br>
Thanks Kais for the quick reply.<br>
Thierry<br>
</font></font><br>
Kais Belgaied wrote:
<blockquote cite="mid:4797CEFF.1080003@Sun.COM"
type="cite">Thierry,
<br>
<br>
For some reason the configuration of the non global zone seems to be
requiring an IP address
<br>
all the time., Then only it allows to boot the zone and manually touch
/etc/dhcp.vnic1.
<br>
Even with that, I still the same problem which is the inability to get
/etc/resolv.conf
<br>
automatically.
<br>
/sbin/dhcpinfo can successfully retrieve DNSdmain and DNSserv needed to
populate
<br>
/etc/resolv.conf.
<br>
The problem is the SMF method invoked by network/service:default
<br>
(that is /lib/svc/method/net-svc) finds a wrong setting of some env
variable that finds "none" as the
<br>
naming service (set by smf_netstrategy) instead of dhcp.
<br>
<br>
We''ll file a bug to track this.
<br>
In the meantime, a work around is to manually create an
/etc/resolv.conf from the output of
<br>
/sbin/dhcpinfo {DNSdmain, DNSserv} run in the non global zone.
<br>
<br>
Merci,
<br>
<br>
Kais.
<br>
<br>
Thierry Manfé wrote:
<br>
<blockquote type="cite"><br>
Hello,
<br>
<br>
I am trying to have dns *automatically* configured through dhcp
<br>
in a non-global zone that uses a vnic.
<br>
<br>
The issue I have is that the /etc/resolv.conf file is not
automatically
<br>
created and the /etc/hosts file is not modified either.
<br>
<br>
I noticed that the network auto-magic service is not available on
my system.
<br>
could it be the reason?
<br>
<br>
Here is some detail about what I am doing.
<br>
<br>
I created a VNIC vnic2 and a non-global zone.
<br>
<br>
When creating the non-global zone I set the "ip-type" to
"exclusive"
<br>
and used "add net" and "setphysical=vnic2" to specify
that the
<br>
zone should be using vnic2 to access the network.
<br>
<br>
Then, after zlogin into the non-global zone, I configure vnic2 to
use dhcp:
<br>
<br>
# ifconfig vnic2 plumb
<br>
# ifconfig vnic2 dhcp primary start
<br>
<br>
Using "ifconfig -a" I check that vnic2 successfully acquired an IP
address.
<br>
<br>
Yet, when using "nslookup" to resolve a remote hostname, I get the
<br>
message that "no dns server could be reached".
<br>
<br>
The reason is that the file /etc/resolv.conf does not exist in the
non-global zone.
<br>
Now if I look at /etc/default/dhcpagent in the non-global zone, dns
server & domain
<br>
are specified as parameters to be acquired through dhcp.
<br>
<br>
I am using the OpenSolaris bits from
<a class="moz-txt-link-freetext"
href="http://www.opensolaris.org/os/project/crossbow/snapshots/">http://www.opensolaris.org/os/project/crossbow/snapshots/</a>
<br>
<br>
Thanks,
<br>
Thierry
<br>
-- <br>
Thierry Manfé Sun Microsystems
<br>
ISV Engineering
<br>
Phone: +33-1-34-03-01-64
<br>
Mobile: +33-6-84-62-85-10
<br>
<br>
<a class="moz-txt-link-freetext"
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a>
<br>
<a class="moz-txt-link-freetext"
href="http://opensolaris.org">http://opensolaris.org</a>
<br>
<a class="moz-txt-link-freetext"
href="http://netbeans.org">http://netbeans.org</a>
<br>
<br>
------------------------------------------------------------------------
<br>
<br>
_______________________________________________
<br>
crossbow-discuss mailing list
<br>
<a class="moz-txt-link-abbreviated"
href="mailto:crossbow-discuss@opensolaris.org">crossbow-discuss@opensolaris.org</a>
<br>
<a class="moz-txt-link-freetext"
href="http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss">http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<title>signature</title>
<meta content="Thierry Manfe" name="author">
<style type="text/css" media="screen">
<!--
td {font-family: "Bitstream Vera Sans",Verdana,sans-serif}
td {font-size:10pt}
a {text-decoration:none}
a:link{color:#587993}
a:hover{color:#e76f00; font-weight:bold}
-->
</style>
<table style="width: 366px; height: 123px;" border="0"
cellpadding="0"
cellspacing="0">
<tbody>
<tr valign="top">
<td height="121" width="121"> <img
alt="" moz-do-not-send="true"
src="http://www.sun.com/emrkt/sigs/6g_top.gif"
style="border: 0px solid ; width: 121px; height: 116px;"
align="top"></td>
<td height="121" width="329">Thierry
Manfé<r>
Sun Microsystems<br>
ISV Engineering<br>
Phone: +33-1-34-03-01-64<br>
Mobile: +33-6-84-62-85-10<br>
<a
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a><br>
<a
href="http://opensolaris.org">http://opensolaris.org</a><br>
<a
href="http://netbeans.org">http://netbeans.org</a><br>
</r></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Bitstream Vera
Sans"><br>
BTW, I tried to use /etc/sysidcfg to configure the non-global zone and
have it to use dhcp.<br>
I could not get it to work either.<br>
Thierry<br>
</font></font><br>
Thierry Manfé wrote:
<blockquote cite="mid:47984E3C.2060603@sun.com"
type="cite">
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
<font size="-1"><font face="Bitstream Vera
Sans"><br>
<br>
Thanks Kais for the quick reply.<br>
Thierry<br>
</font></font><br>
Kais Belgaied wrote:
<blockquote cite="mid:4797CEFF.1080003@Sun.COM"
type="cite">Thierry, <br>
<br>
For some reason the configuration of the non global zone seems to be
requiring an IP address <br>
all the time., Then only it allows to boot the zone and manually touch
/etc/dhcp.vnic1. <br>
Even with that, I still the same problem which is the inability to get
/etc/resolv.conf <br>
automatically. <br>
/sbin/dhcpinfo can successfully retrieve DNSdmain and DNSserv needed to
populate <br>
/etc/resolv.conf. <br>
The problem is the SMF method invoked by network/service:default <br>
(that is /lib/svc/method/net-svc) finds a wrong setting of some env
variable that finds "none" as the <br>
naming service (set by smf_netstrategy) instead of dhcp. <br>
<br>
We''ll file a bug to track this. <br>
In the meantime, a work around is to manually create an
/etc/resolv.conf from the output of <br>
/sbin/dhcpinfo {DNSdmain, DNSserv} run in the non global zone. <br>
<br>
Merci, <br>
<br>
Kais. <br>
<br>
Thierry Manfé wrote: <br>
<blockquote type="cite"><br>
Hello, <br>
<br>
I am trying to have dns *automatically* configured through dhcp <br>
in a non-global zone that uses a vnic. <br>
<br>
The issue I have is that the /etc/resolv.conf file is not
automatically <br>
created and the /etc/hosts file is not modified either. <br>
<br>
I noticed that the network auto-magic service is not available on
my system. <br>
could it be the reason? <br>
<br>
Here is some detail about what I am doing. <br>
<br>
I created a VNIC vnic2 and a non-global zone. <br>
<br>
When creating the non-global zone I set the "ip-type" to
"exclusive" <br>
and used "add net" and "setphysical=vnic2" to specify
that the <br>
zone should be using vnic2 to access the network. <br>
<br>
Then, after zlogin into the non-global zone, I configure vnic2 to
use dhcp: <br>
<br>
# ifconfig vnic2 plumb <br>
# ifconfig vnic2 dhcp primary start <br>
<br>
Using "ifconfig -a" I check that vnic2 successfully acquired an IP
address. <br>
<br>
Yet, when using "nslookup" to resolve a remote hostname, I get the
<br>
message that "no dns server could be reached". <br>
<br>
The reason is that the file /etc/resolv.conf does not exist in the
non-global zone. <br>
Now if I look at /etc/default/dhcpagent in the non-global zone, dns
server & domain <br>
are specified as parameters to be acquired through dhcp. <br>
<br>
I am using the OpenSolaris bits from
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.opensolaris.org/os/project/crossbow/snapshots/">http://www.opensolaris.org/os/project/crossbow/snapshots/</a>
<br>
<br>
Thanks, <br>
Thierry <br>
-- <br>
Thierry Manfé Sun Microsystems <br>
ISV Engineering <br>
Phone: +33-1-34-03-01-64 <br>
Mobile: +33-6-84-62-85-10 <br>
<br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a>
<br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://opensolaris.org">http://opensolaris.org</a>
<br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://netbeans.org">http://netbeans.org</a>
<br>
<br>
------------------------------------------------------------------------
<br>
<br>
_______________________________________________ <br>
crossbow-discuss mailing list <br>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:crossbow-discuss@opensolaris.org">crossbow-discuss@opensolaris.org</a>
<br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss">http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<title>signature</title>
<meta content="Thierry Manfe" name="author">
<style type="text/css" media="screen">
<!--
td {font-family: "Bitstream Vera Sans",Verdana,sans-serif}
td {font-size:10pt}
a {text-decoration:none}
a:link{color:#587993}
a:hover{color:#e76f00; font-weight:bold}
-->
</style>
<table style="width: 366px; height: 123px;" border="0"
cellpadding="0"
cellspacing="0">
<tbody>
<tr valign="top">
<td height="121" width="121"> <img
alt=""
moz-do-not-send="true"
src="http://www.sun.com/emrkt/sigs/6g_top.gif"
style="border: 0px solid ; width: 121px; height: 116px;"
align="top"></td>
<td height="121" width="329">Thierry
Manfé<r>
Sun Microsystems<br>
ISV Engineering<br>
Phone: +33-1-34-03-01-64<br>
Mobile: +33-6-84-62-85-10<br>
<a moz-do-not-send="true"
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a><br>
<a moz-do-not-send="true"
href="http://opensolaris.org">http://opensolaris.org</a><br>
<a moz-do-not-send="true"
href="http://netbeans.org">http://netbeans.org</a><br>
</r></td>
</tr>
</tbody>
</table>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<title>signature</title>
<meta content="Thierry Manfe" name="author">
<style type="text/css" media="screen">
<!--
td {font-family: "Bitstream Vera Sans",Verdana,sans-serif}
td {font-size:10pt}
a {text-decoration:none}
a:link{color:#587993}
a:hover{color:#e76f00; font-weight:bold}
-->
</style>
<table style="width: 366px; height: 123px;" border="0"
cellpadding="0"
cellspacing="0">
<tbody>
<tr valign="top">
<td height="121" width="121"> <img
alt="" moz-do-not-send="true"
src="http://www.sun.com/emrkt/sigs/6g_top.gif"
style="border: 0px solid ; width: 121px; height: 116px;"
align="top"></td>
<td height="121" width="329">Thierry
Manfé<r>
Sun Microsystems<br>
ISV Engineering<br>
Phone: +33-1-34-03-01-64<br>
Mobile: +33-6-84-62-85-10<br>
<a
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a><br>
<a
href="http://opensolaris.org">http://opensolaris.org</a><br>
<a
href="http://netbeans.org">http://netbeans.org</a><br>
</r></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
I have a single bge0 nic on my system.<br>
<br>
If I create a vnic - vnic1 - in the global zone, is it possible to
turn my system into a router:<br>
<br>
- bge0 is physically connected to one LAN (say 129.157.207)<br>
<br>
- vnic1 acts as a gateway for a second LAN (say 200.0.1).<br>
The hosts on this second LAN are in fact non-global zones<br>
<br>
Would this work?<br>
<br>
Thanks,<br>
Thierry<br>
<br>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<title>signature</title>
<meta content="Thierry Manfe" name="author">
<style type="text/css" media="screen">
<!--
td {font-family: "Bitstream Vera Sans",Verdana,sans-serif}
td {font-size:10pt}
a {text-decoration:none}
a:link{color:#587993}
a:hover{color:#e76f00; font-weight:bold}
-->
</style>
<table style="width: 366px; height: 123px;" border="0"
cellpadding="0"
cellspacing="0">
<tbody>
<tr valign="top">
<td height="121" width="121"> <img
alt="" moz-do-not-send="true"
src="http://www.sun.com/emrkt/sigs/6g_top.gif"
style="border: 0px solid ; width: 121px; height: 116px;"
align="top"></td>
<td height="121" width="329">Thierry
Manfé<r>
Sun Microsystems<br>
ISV Engineering<br>
Phone: +33-1-34-03-01-64<br>
Mobile: +33-6-84-62-85-10<br>
<a
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a><br>
<a
href="http://opensolaris.org">http://opensolaris.org</a><br>
<a
href="http://netbeans.org">http://netbeans.org</a><br>
</r></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>
Thierry, To do this properly, you need the newer bits that should get pushed out very soon. You create a anchor VNIC and create VNICs (say VNIC-A) on top of it for non-global zones and one for global zone. At this point, global zone can route between the bge0 and VNIC-A (and the local zones). Cheers, Sunay Thierry Manf? wrote:> > I have a single bge0 nic on my system. > > If I create a vnic - vnic1 - in the global zone, is it possible to > turn my system into a router: > > - bge0 is physically connected to one LAN (say 129.157.207) > > - vnic1 acts as a gateway for a second LAN (say 200.0.1). > The hosts on this second LAN are in fact non-global zones > > Would this work? > > Thanks, > Thierry > > > -- > Thierry Manf? Sun Microsystems > ISV Engineering > Phone: +33-1-34-03-01-64 > Mobile: +33-6-84-62-85-10 > http://partneradvantage.sun.com > http://opensolaris.org > http://netbeans.org > > > ------------------------------------------------------------------------ > > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss-- Sunay Tripathi Distinguished Engineer Solaris Core Operating System Sun MicroSystems Inc. Solaris Networking: http://www.opensolaris.org/os/community/networking Project Crossbow: http://www.opensolaris.org/os/project/crossbow
Yes, I have dones this in our product, it works very well.
-SPL
From: crossbow-discuss-bounces at opensolaris.org
[mailto:crossbow-discuss-bounces at opensolaris.org] On Behalf Of Thierry Manf?
Sent: Monday, January 28, 2008 1:10 PM
To: crossbow-discuss at opensolaris.org
Subject: [crossbow-discuss] VNIC and ipv4 forwarding
I have a single bge0 nic on my system.
If I create a vnic - vnic1 - in the global zone, is it possible to turn my
system into a router:
- bge0 is physically connected to one LAN (say 129.157.207)
- vnic1 acts as a gateway for a second LAN (say 200.0.1).
The hosts on this second LAN are in fact non-global zones
Would this work?
Thanks,
Thierry
--
<http://www.sun.com/emrkt/sigs/6g_top.gif>
Thierry Manf? Sun Microsystems
ISV Engineering
Phone: +33-1-34-03-01-64
Mobile: +33-6-84-62-85-10
http://partneradvantage.sun.com
http://opensolaris.org
http://netbeans.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20080128/bb7f0cf9/attachment.html>
I forgot to mention, the non-global zones for the most part need to have
exclusive IP stacks to work like this. (ip-exclusive)
(BTW, this is precisely the reason why we are using the XB "stuff" in
our product)
-SPL
From: crossbow-discuss-bounces at opensolaris.org
[mailto:crossbow-discuss-bounces at opensolaris.org] On Behalf Of Siobhan P.
Lynch
Sent: Monday, January 28, 2008 4:33 PM
To: Thierry Manf?; crossbow-discuss at opensolaris.org
Subject: Re: [crossbow-discuss] VNIC and ipv4 forwarding
Yes, I have dones this in our product, it works very well.
-SPL
From: crossbow-discuss-bounces at opensolaris.org
[mailto:crossbow-discuss-bounces at opensolaris.org] On Behalf Of Thierry Manf?
Sent: Monday, January 28, 2008 1:10 PM
To: crossbow-discuss at opensolaris.org
Subject: [crossbow-discuss] VNIC and ipv4 forwarding
I have a single bge0 nic on my system.
If I create a vnic - vnic1 - in the global zone, is it possible to turn my
system into a router:
- bge0 is physically connected to one LAN (say 129.157.207)
- vnic1 acts as a gateway for a second LAN (say 200.0.1).
The hosts on this second LAN are in fact non-global zones
Would this work?
Thanks,
Thierry
--
<http://www.sun.com/emrkt/sigs/6g_top.gif>
Thierry Manf? Sun Microsystems
ISV Engineering
Phone: +33-1-34-03-01-64
Mobile: +33-6-84-62-85-10
http://partneradvantage.sun.com
http://opensolaris.org
http://netbeans.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20080128/e4748d4a/attachment.html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Bitstream Vera
Sans"><br>
Siobhan, thanks!<br>
<br>
I have one more question:<br>
<br>
Which network/vnic topology did you use for the
non-global zone?<br>
<br>
1) Each non-global
zone uses a vnic that seats on top of an
anchor vnic that acts as a gateway.<br>
The anchor vnic itself seats on the
nic<br>
<br>
2) Or each
non-global zone uses a vnic that seats directly on
the physical nic, and in addition<br>
another vnic is created in the global zone that acts as a
gateway<br>
<br>
I tested 2) but I can''t have the
ip-forwarding to work so I suspect
there is something wrong with this topology.<br>
<br>
Thierry<br>
<br>
</font></font><br>
Siobhan P. Lynch wrote:
<blockquote
cite="mid:9F819487C44F0B4DBDB0CC0450824CEB07E68943@ehost005-2.exch005intermedia.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>signature</title>
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2
15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2
11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"Bitstream
Vera Sans";
        panose-1:2
11 6 3 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times
New Roman","serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#587993;
        text-decoration:none
none;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:none
none;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:8.5in
11.0in;
        margin:1.0in
1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73, 125);">I
forgot to mention, the non-global zones for the most part need
to have exclusive IP stacks to work like this.
(ip-exclusive)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);">(BTW,
this is precisely the reason why we are using the XB “stuff”
in our product)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);">-SPL<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223)
-moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium;
padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;">From:</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color: windowtext;">
<a class="moz-txt-link-abbreviated"
href="mailto:crossbow-discuss-bounces@opensolaris.org">crossbow-discuss-bounces@opensolaris.org</a>
[<a class="moz-txt-link-freetext"
href="mailto:crossbow-discuss-bounces@opensolaris.org">mailto:crossbow-discuss-bounces@opensolaris.org</a>]
<b>On Behalf Of </b>Siobhan
P. Lynch<br>
<b>Sent:</b> Monday, January 28, 2008 4:33 PM<br>
<b>To:</b> Thierry Manfé; <a
class="moz-txt-link-abbreviated"
href="mailto:crossbow-discuss@opensolaris.org">crossbow-discuss@opensolaris.org</a><br>
<b>Subject:</b> Re: [crossbow-discuss] VNIC and ipv4
forwarding<o:p></o:p></span></p>
</div>
</div>
<p
class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);">Yes,
I have dones this in our product, it works very
well.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);">-SPL<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family:
"Calibri","sans-serif"; color: rgb(31, 73,
125);"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223)
-moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium;
padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color:
windowtext;">From:</span></b><span
style="font-size: 10pt; font-family:
"Tahoma","sans-serif"; color: windowtext;">
<a class="moz-txt-link-abbreviated"
href="mailto:crossbow-discuss-bounces@opensolaris.org">crossbow-discuss-bounces@opensolaris.org</a>
[<a class="moz-txt-link-freetext"
href="mailto:crossbow-discuss-bounces@opensolaris.org">mailto:crossbow-discuss-bounces@opensolaris.org</a>]
<b>On Behalf Of </b>Thierry
Manfé<br>
<b>Sent:</b> Monday, January 28, 2008 1:10 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated"
href="mailto:crossbow-discuss@opensolaris.org">crossbow-discuss@opensolaris.org</a><br>
<b>Subject:</b> [crossbow-discuss] VNIC and ipv4
forwarding<o:p></o:p></span></p>
</div>
</div>
<p
class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:
12pt;"><br>
I have a single bge0 nic on my system.<br>
<br>
If I create a vnic - vnic1 - in the global zone,
is it
possible to turn my system into a router:<br>
<br>
- bge0 is physically
connected to one LAN (say
129.157.207)<br>
<br>
- vnic1 acts as a gateway
for a second LAN (say
200.0.1).<br>
The
hosts on this second LAN are in
fact non-global zones<br>
<br>
Would this work?<br>
<br>
Thanks,<br>
Thierry<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom: 12pt;">--
<o:p></o:p></p>
<table class="MsoNormalTable" style="width: 274.5pt;"
border="0"
cellpadding="0" cellspacing="0" width="366">
<tbody>
<tr style="height: 90.75pt;">
<td style="padding: 0in; width: 90.75pt; height: 90.75pt;"
valign="top" width="121">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Bitstream Vera
Sans","sans-serif";"><img
moz-do-not-send="true" id="_x0000_i1025"
src="http://www.sun.com/emrkt/sigs/6g_top.gif"><o:p></o:p></span></p>
</td>
<td style="padding: 0in; width: 246.75pt; height: 90.75pt;"
valign="top" width="329">
<p class="MsoNormal" style="margin-bottom:
12pt;"><span
style="font-size: 10pt; font-family: "Bitstream Vera
Sans","sans-serif";">Thierry
Manfé Sun Microsystems<br>
ISV Engineering<br>
Phone: +33-1-34-03-01-64<br>
Mobile: +33-6-84-62-85-10<br>
<a moz-do-not-send="true"
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a><br>
<a moz-do-not-send="true"
href="http://opensolaris.org">http://opensolaris.org</a><br>
<a moz-do-not-send="true"
href="http://netbeans.org">http://netbeans.org</a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="color:
windowtext;"><o:p> </o:p></span></p>
</div>
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
crossbow-discuss mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:crossbow-discuss@opensolaris.org">crossbow-discuss@opensolaris.org</a>
<a class="moz-txt-link-freetext"
href="http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss">http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<title>signature</title>
<meta content="Thierry Manfe" name="author">
<style type="text/css" media="screen">
<!--
td {font-family: "Bitstream Vera Sans",Verdana,sans-serif}
td {font-size:10pt}
a {text-decoration:none}
a:link{color:#587993}
a:hover{color:#e76f00; font-weight:bold}
-->
</style>
<table style="width: 366px; height: 123px;" border="0"
cellpadding="0"
cellspacing="0">
<tbody>
<tr valign="top">
<td height="121" width="121"> <img
alt="" moz-do-not-send="true"
src="http://www.sun.com/emrkt/sigs/6g_top.gif"
style="border: 0px solid ; width: 121px; height: 116px;"
align="top"></td>
<td height="121" width="329">Thierry
Manfé<r>
Sun Microsystems<br>
ISV Engineering<br>
Phone: +33-1-34-03-01-64<br>
Mobile: +33-6-84-62-85-10<br>
<a
href="http://partneradvantage.sun.com">http://partneradvantage.sun.com</a><br>
<a
href="http://opensolaris.org">http://opensolaris.org</a><br>
<a
href="http://netbeans.org">http://netbeans.org</a><br>
</r></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>
What we did was this:
We had a vnic bound to the physical NIC, in which we pointed the default
gateways to:
Lets say the network behind the vnic is 192.168.35.128/25 so vnic999 is on
192.168.35.129
And the network on bge0 is 192.168.35.0/25 so its on 192.168.35.1
We turned on ip forwarding, and had the non-global zones, all with exclusive IP
stacks on their own vnics, go out the IP of the global zone vnic999 above
The release we have, there was no anchor vnics available yet, you''re
within Sun, so I suspect you may have a newer "release" available.
-SPL
From: Thierry.Manfe at Sun.COM [mailto:Thierry.Manfe at Sun.COM]
Sent: Wednesday, January 30, 2008 4:32 AM
To: Siobhan P. Lynch
Cc: crossbow-discuss at opensolaris.org
Subject: Re: [crossbow-discuss] VNIC and ipv4 forwarding
Siobhan, thanks!
I have one more question:
Which network/vnic topology did you use for the non-global zone?
1) Each non-global zone uses a vnic that seats on top of an anchor vnic
that acts as a gateway.
The anchor vnic itself seats on the nic
2) Or each non-global zone uses a vnic that seats directly on the
physical nic, and in addition
another vnic is created in the global zone that acts as a gateway
I tested 2) but I can''t have the ip-forwarding to work so I suspect
there is something wrong with this topology.
Thierry
Siobhan P. Lynch wrote:
I forgot to mention, the non-global zones for the most part need to have
exclusive IP stacks to work like this. (ip-exclusive)
(BTW, this is precisely the reason why we are using the XB "stuff" in
our product)
-SPL
From: crossbow-discuss-bounces at opensolaris.org
[mailto:crossbow-discuss-bounces at opensolaris.org] On Behalf Of Siobhan P.
Lynch
Sent: Monday, January 28, 2008 4:33 PM
To: Thierry Manf?; crossbow-discuss at opensolaris.org
Subject: Re: [crossbow-discuss] VNIC and ipv4 forwarding
Yes, I have dones this in our product, it works very well.
-SPL
From: crossbow-discuss-bounces at opensolaris.org
[mailto:crossbow-discuss-bounces at opensolaris.org] On Behalf Of Thierry Manf?
Sent: Monday, January 28, 2008 1:10 PM
To: crossbow-discuss at opensolaris.org
Subject: [crossbow-discuss] VNIC and ipv4 forwarding
I have a single bge0 nic on my system.
If I create a vnic - vnic1 - in the global zone, is it possible to turn my
system into a router:
- bge0 is physically connected to one LAN (say 129.157.207)
- vnic1 acts as a gateway for a second LAN (say 200.0.1).
The hosts on this second LAN are in fact non-global zones
Would this work?
Thanks,
Thierry
--
Thierry Manf? Sun Microsystems
ISV Engineering
Phone: +33-1-34-03-01-64
Mobile: +33-6-84-62-85-10
http://partneradvantage.sun.com
http://opensolaris.org
http://netbeans.org
________________________________
_______________________________________________
crossbow-discuss mailing list
crossbow-discuss at opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss
--
Thierry Manf? Sun Microsystems
ISV Engineering
Phone: +33-1-34-03-01-64
Mobile: +33-6-84-62-85-10
http://partneradvantage.sun.com
http://opensolaris.org
http://netbeans.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20080130/01c134c0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL:
<http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20080130/01c134c0/attachment.jpe>