Mike Gerdts writes: > On 8/20/07, James Carlson <[EMAIL PROTECTED]> wrote: > > > I *wish* I could tell Solaris what its primary interface is. This is > > > a common pain point when many physical and virtual interfaces exist > > > and authorization (firewall, NFS, etc.) is performed > > > by IP address. > > > > What would "primary" mean in this context? What would the system do > > differently? > > Primarily, I want the source address for NFS traffic to be > predictable.
Can you provide more detail? For instance, suppose you had a system with bge0 and hme1 connected to separate subnets. The bge0 interface is considered "primary." You then try to connect to an NFS server. The destination address maps (through the "netstat -nr" kernel forwarding table) to hme1. The system must send packets to a system via hme1 to reach that server. What source address did you want the system to use? Did you really want it to use bge0's source address? If so, then setting "usesrc bge0" when configuring hme1 (perhaps in the hostname.hme1 file) would do the trick. > To a lesser extent, I need this functionality for all > traffic that doesn't specifically bind to a particular interface. That's what "usesrc" and "vni" interfaces were designed to do. > For the NFS use case, the ideal situation would be the following to > allow me to specify that different NFS mounts should originate from > different source addresses. > > mount -F nfs -o srcaddr=192.168.23.45 server:/path /path That might be possible. It looks like an RFE for NFS instead of a "primary interface," though. > > Perhaps the ifconfig "usesrc" option might get you closer to what you > > want, but I don't think I understand what you're expecting from > > designated primary interface or IP address. > > That is roughly what I would like to do, but all the examples that I > see imply that you need to have a vni interface. That's actually not true. vni and usesrc are separate mechanisms. They were designed so that they can be used together to solve particular problems in a nice way, but they're independent. > My experimentation > when using a vni interface suggests that those that wish to talk to > the host have to have special routing table entries. Furthermore, > usesrc is incompatible with IPMP. Yes. If you're talking about the IPMP-related source address selection problems, then, well, "that's how it's _supposed_ to work." > > I suspect that the NWAM project might be interested in your needs here. > > I haven't found (or looked too hard for) the details of the > "enterprise" features of NWAM. I would love it to detect which VLANs > are available on various physical links and provide a means for easily > enabling the "best possible" service, presumably with a way to > log+alert when "best possible" doesn't meet my definition of "good > enough". It sounds like that's where they need to head. I think you should talk with them, particularly if you have specific needs or wishes in this area, or any information about deployment issues. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
