Zones in Solaris 10 are configured with IP type as shared by default whereas in case of Solaris 11 the default IP type is exclusive but that's a completely different story.
In Solaris 10 zones can have one of two IP types:
Shared-ip:
In this type of network setup the zone shares a network interface or data link with the global zone. When the zone boots a logical interface is created on top of the physical interface with the IP address we specify in the zonecfg configuration for the net resource. This logical interface stays as long as the zone is running and is removed once the zone halts and is re-created at next boot and so forth. In this way the zone itself doesn't really control it's networking stack.
Exclusive-ip:
In this setup the zone is given dedicated control of a physical network interface. We set the IP address and default route from within the zone and not through the zone's configuration done via zonecfg.
Here are some of the features bestowed upon the non-global zone through this method of zone networking:
Now getting to the actual purpose of the article. The conversion of a zone network configuration from shared-ip to exclusive-ip.
So, here we have a zone configured with shared-ip networking:
root@sandbox:/# zonecfg -z auto-zone info
zonename: auto-zone
zonepath: /zones/auto-zone
brand: native
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.87.144/24
physical: e1000g0
defrouter: 192.168.87.2
In Solaris 10 zones can have one of two IP types:
Shared-ip:
In this type of network setup the zone shares a network interface or data link with the global zone. When the zone boots a logical interface is created on top of the physical interface with the IP address we specify in the zonecfg configuration for the net resource. This logical interface stays as long as the zone is running and is removed once the zone halts and is re-created at next boot and so forth. In this way the zone itself doesn't really control it's networking stack.
Exclusive-ip:
In this setup the zone is given dedicated control of a physical network interface. We set the IP address and default route from within the zone and not through the zone's configuration done via zonecfg.
Here are some of the features bestowed upon the non-global zone through this method of zone networking:
- DHCPv4 and IPv6 stateless address autoconfiguration
- IP Filter, including network address translation (NAT) functionality
- IP Network Multipathing (IPMP)
- IP routing
- ndd for setting TCP/UDP/SCTP as well as IP/ARP-level knobs
- IP security (IPsec)
Now getting to the actual purpose of the article. The conversion of a zone network configuration from shared-ip to exclusive-ip.
So, here we have a zone configured with shared-ip networking:
root@sandbox:/# zonecfg -z auto-zone info
zonename: auto-zone
zonepath: /zones/auto-zone
brand: native
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.87.144/24
physical: e1000g0
defrouter: 192.168.87.2
To modiy the IP type, enter the configuration menu/setup by typing zonecfg -z <zone_name> and type:
zonecfg:auto-zone> set ip-type=exclusive
I tried to modify the existing net resource to make it exclusive-ip but it didn't work.
zonecfg:auto-zone> select net address=192.168.87.144/24
zonecfg:auto-zone:net> info
net:
address: 192.168.87.144/24
physical: e1000g0
defrouter: 192.168.87.2
zonecfg:auto-zone:net> remove defrouter 192.168.87.2
zonecfg:auto-zone:net> set physical=e1000g1
I couldn't get rid of the address property therefore I removed the net resource and added it again.
zonecfg:auto-zone> remove net address=192.168.87.144/24
zonecfg:auto-zone> info ip-type
ip-type: exclusive
zonecfg:auto-zone> add net
zonecfg:auto-zone:net> set physical=e1000g1
zonecfg:auto-zone:net> end
zonecfg:auto-zone> info
zonename: auto-zone
zonepath: /zones/auto-zone
brand: native
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address not specified
physical: e1000g1
defrouter not specified
zonecfg:auto-zone> verify
zonecfg:auto-zone> commit
zonecfg:auto-zone> exit
to verify that the NIC e1000g1 is indeed exclusively assigned to the zone we can use the following command to verify:
oot@sandbox:/# dladm show-linkprop
LINK PROPERTY VALUE DEFAULT POSSIBLE
e1000g0 zone -- -- --
e1000g0 tagmode vlanonly vlanonly vlanonly,normal
e1000g1 zone auto-zone -- --
e1000g1 tagmode vlanonly vlanonly vlanonly,normal
e1000g2 zone -- -- --
e1000g2 tagmode vlanonly vlanonly vlanonly,normal
root@sandbox:/#
Next we login to the zone and configure the IP address on the interface:
bash-3.00# ifconfig e1000g1 plumb
bash-3.00# ifconfig e1000g1 192.168.87.144 netmask 255.255.255.0 up
bash-3.00# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.87.144 netmask ffffff00 broadcast 192.168.87.255
ether 0:c:29:59:30:ba
bash-3.00# route -p add default 192.168.87.2
add net default: gateway 192.168.87.2
add persistent net default: gateway 192.168.87.2
bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.87.2 UG 1 0
192.168.87.0 192.168.87.144 U 1 0 e1000g1
127.0.0.1 127.0.0.1 UH 5 126 lo0
bash-3.00#
Let's verify the correctness of our setup by attempting to get a successful ping off the default route:
bash-3.00# ping 192.168.87.2
192.168.87.2 is alive
Everything appears to be in order.
Let's try to connect to the zones' IP from outside the zone.
[user.DESKTOP-4NUE93O] ➤ ssh 192.168.87.144
Warning: Permanently added '192.168.87.144' (RSA) to the list of known hosts.
user@192.168.87.144's password:
Looks good. Now let's make the IP address configuration persistent followed by a reboot and verification.
bash-3.00# echo "192.168.87.144" > /etc/hostname.e1000g1
bash-3.00# cat /etc/hostname.e1000g1
192.168.87.144
bash-3.00# init 6
bash-3.00#
[Connection to zone 'auto-zone' pts/4 closed]
root@sandbox:/# zlogin auto-zone
[Connected to zone 'auto-zone' pts/4]
Last login: Fri Oct 6 22:11:27 on pts/4
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
# bash
bash-3.00# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.87.144 netmask ffffff00 broadcast 192.168.87.255
ether 0:c:29:59:30:ba
bash-3.00#
No comments:
Post a Comment