Joanna.Zhou wrote:
if the local zone and global zone share the same arp table? The local
zone has the same ether address with the global zone, if I made an arp
reply to the ether address to answer an arp request (I plan to reply to
local zone) , how could the system differentiate which destinatio
Brad Diggs wrote:
Rob Fisher just asked an excellent question regarding making the
console login to a non-global zone instead of the global zone. I
have wanted to do something similar. I want to install the smallest
(e.g. minimized) global zone possible. The only way that I want a user
to be
The IP instances (formerly known as "Stack Instances") piece of crossbow
is now ready for design review comments.
There are two documents which describe the design
si-interfaces - a high-level design focusing on the problem the
project solves, and what the user-visible changes
Please follow up on crossbow-discuss.
Original Message
Subject: [crossbow-discuss] Design review of IP Instances part of Crossbow
Date: Mon, 18 Sep 2006 16:53:02 -0700
From: Erik Nordmark <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: netw
Original Message
Subject: Reminder: Design review of IP Instances part of Crossbow]
Date: Tue, 10 Oct 2006 14:21:59 -0700
From: Erik Nordmark <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
The deadline for design review comments is October 20th.
Erik
Or
[EMAIL PROTECTED] wrote:
Observation on NIC gives me:
[e1000g1] /opt/sfw/bin/tethereal -i e1000g1 -t ad host l.l.l.110 and host
c.c.c.186
[e1000g0] /opt/sfw/bin/tethereal -i e1000g0 -t ad host l.l.l.110 and host
c.c.c.186
[1] [e1000g1] 2006-10-06 09:25:11.329472 c.c.c.186 -> l.l.l.110 TCP 32
Roshan Perera wrote:
Hi all,
Appreciate if someone can help me with VLAN tagging on zones please.
Details below. Dummy example..
Global Zone IP address 10.10.10.5 (IPMP real)
ce0 10.10.10.6 (IPMP test)
ce1 10.10.10.7 (IPM
Edward Pilatowicz wrote:
hey erik,
some questions after reading the interface document. (and i apologize in
advance if some of the questions seem silly because i'm not a networking
expert.)
No problem - I explicitly want reviews from the zones perspective. And
I'm getting reviews from the net
Peter Memishian wrote:
> With regard to the third bullet, please see my concerns above about the
> introduction of "list -l". I think this should be part of a general
> zone status/health facility or perhaps something that dladm(1M) can
> print about the link names and how their assignment z
Peter Memishian wrote:
> > > With regard to the third bullet, please see my concerns above about the
> > > introduction of "list -l". I think this should be part of a general
> > > zone status/health facility or perhaps something that dladm(1M) can
> > > print about the link names and ho
Dan Price wrote:
'list -i' religiously follows this idiosyncratic approach ;-)
We have a plan to add 'zoneadm info' or some such to display all the
runtime attributes of running zones. Hopefully we'll get to that in the
next 12 months or so. I'd request that you hold off on adding list -l
un
Eric Enright wrote:
I just subscribed to this alias, apologies if I'm missing anything
from this thread...
Some of this was discussed a few months back.
I'd like to express interest in this as well. Just last week I came
across the need for this, and was disappointed to learn that it (or
som
[EMAIL PROTECTED] wrote:
Could "ifconfig" be modified to report all network interfaces that
are assigned to a zone?
I assume you mean in the global zone; ifconfig -a inside a zone (global
or not) does report all the network interfaces that are configured.
But that would be quite odd.
The r
[EMAIL PROTECTED] wrote:
Yes, that's one of the reasons I suggested having dladm(1M) be the
place to display this information since it's where links are
administered in general, even the ones that will be handed off to
exclusive-stack zones.
David,
If we want any form of internal consistency,
Edward Pilatowicz wrote:
[You brought up an issue with /etc/hostname.* etc being ignored when a
shared-IP zone is booted.]
perhaps some kind of warning message should be generated in this
scenario instead?
something like:
Ignoring zone network configuration specified: /etc/hostname.b
Edward Pilatowicz wrote:
hm. that's unfortunate.
so if a user wanted to use ip filters in an lx zone, how would we
support this?
Do we know what users might want in this space? Has anybody asked on the
brandz-discuss list?
Is the iptables syntax important? Or is IP Filter syntax ok?
Does
Jeff Victor wrote:
Here's one reason: consistency. All users in the GZ can see some
inforamtion about non-global zones (e.g. "ps"). Privileged GZ users can
see all info about non-global zones, and need to do so in order to
manage them.
But the exclusive-IP behavior is quite different from t
Darren Reed wrote:
- Original Message - From: "Erik Nordmark" <[EMAIL PROTECTED]>
[EMAIL PROTECTED] wrote:
Could "ifconfig" be modified to report all network interfaces that
are assigned to a zone?
I assume you mean in the global zone; ifconfig -a inside a
Eric Enright wrote:
I'd like to express interest in this as well. Just last week I came
across the need for this, and was disappointed to learn that it (or
something similar) is not there.
Would
zoneadm list -l
as specified (with example output) in
http://www.opensolaris.org/os/proje
James Carlson wrote:
I don't think that argument works on two counts. First, exclusive-IP
behavior does not offer complete IP isolation, because you can't (for
instance) install your own copy of Firewall-1 or Cisco VPN into a
non-global exclusive-IP zone.
Agreed you can't do that. But how do
[EMAIL PROTECTED] wrote:
If we want any form of internal consistency, wouldn't we also need to
change were we assign datalink names from zonecfg to dladm?
Thus no more 'net' resource in zonecfg for exclusive-IP zones, but
instead some
dladm set-zone zoneA bge1
Only having dladm show it,
James Carlson wrote:
Erik Nordmark writes:
But the key thing to me is the consistency between where things can be
observed and where they can be modified.
We already have RFEs filed against other utilities because they don't
show non-global zone activity (see, for example, CR 6369726
James Carlson wrote:
In some usage models, the global zone administrator "owns"
everything. Even if he can't directly control things from the global
zone (and must log into the non-global zone to turn services on and
off), he wants to see a view of the system that includes everything.
Do you h
Original Message
Subject: [crossbow-discuss] Code review for IP Instances
Date: Wed, 15 Nov 2006 01:32:31 -0800
From: Erik Nordmark <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
The IP Instances project is now soliciting code review comments.
You can access the webrev a
James Carlson wrote:
Jeff Victor writes:
Detlef Drewanz wrote:
I know dhcp-server and bootp-server were not possible to run in local
zones. So now with S10 11/06 we can configure some more privileges into
a zone. E.g. if I add the privilege net_raw_access to a zone, can I then
run dhcp-server
Detlef Drewanz wrote:
Erik,
thanks for this addition. I was going to ask this additional question,
so you answerred before I asked.
So with IP instances this might be available. James state that
sys_net_config priv is required in a zone to let dhcpd run. Will it
change with IP instances that
[EMAIL PROTECTED] wrote:
Erik,
Here are my belated comments on the IP Instances design.
And here are my belated responses. But we've already acted on the
comments that affect the design and code, and I'll make sure the Zones
documentation covers the other documentation items.
There are tw
Jerry Jelinek wrote:
Erik Nordmark wrote:
The IP Instances project is now soliciting code review comments.
I reviewed the zones portions of the webrev and my comments are
below.
Great. Thanks for your careful review.
Unless otherwise noted we've applied your suggested changes.
Resp
Daniel wrote:
The plot thickens
I've found a lot of good information touching on this subject at:
http://forum.java.sun.com,
but nothing seems to work!
I am however closer, but I'm getting a very strange routing error I can't figure out. Although I have a default route setup that does not s
Robert Thurlow wrote:
Glenn Faden wrote:
4) A bug currently prevents a client instance and a server instance
from being safe to use on the same box (apologies, can't quote the
bugid from here). How likely, in your use case, is it that this will
be a problem, i.e. will your boxes be in the posi
Steffen Weiberle wrote:
I'll have to see if you steps are easier in a zone with an exclusive IP
instance.
FWIW There wasn't anything extra I had to do when I tested the DHCP
server in an exclusive-IP zone a few months back.
Erik
___
zones-discu
Kevin Van Der Hart wrote:
When I telnet to any non-listening port on a global zone, I get
connection refused. When I telnet to any non-listening port on a
local zone that has a virtual address on the same NIC as the global
zone, I get connection refused. When I telnet to any non-listening
port on
is sent as if
originated from the global zone.
With your reject routes that packet would be dropped.
Erik
Thanks,
Kevin
-Original Message-
From: Erik Nordmark [mailto:[EMAIL PROTECTED]
Sent: Monday, April 02, 2007 1:24 PM
To: Van Der Hart, Kevin
Cc: zones-discuss@opensolaris.org
Tony Marshall wrote:
When the application servers and database servers start we are seeing a
large number of timeouts when the application tries to connect to the
localhost to check a service is up.
When a number of blackhole routes are removed these timeouts disappear.
Tony,
Has anybody tri
James Carlson wrote:
[EMAIL PROTECTED] writes:
I would like to have users on a zone, but we use pidentd to control some
network connections.
It seems that pidentd doesn not work on zones as it can't open kmem.
Is there any way to make it work ?
Essentially, no.
Opening /dev/kmem in the zone
Martin Man wrote:
Steffen Weiberle wrote:
Hi Martin, looking at your question again...
What are the requirements?
Do non-global zones need to get their address via DHCP?
yes, not necessarily from the non-global zone, the address can be
assigned and renewed periodically from the global zone,
James Carlson wrote:
Getting the DHCP data into a form where Linux can use it inside the
zone might be a challenge, but it's worth some thought.
I think it would also require emulation/translation of some additional
Linux ioctls; I don't think the ioctl to *set* the IP address and
netmask ar
LaoTsao (Dr. Tsao) wrote:
> try
>
> network_interface=e1000g2 {
> hostname=zox04-ipv6
>
> ip_address=2000::214:4fff:fe6a:b80f/64.
>
> protocol_ipv6=yes
> }
AFAIK the ipv6 support in sysidcfg is merely the "protocol_ipv6=yes"
thus it isn't possible to specify a static IPv6 address. Inste
Coy Hile wrote:
> When Sol10u4 comes out, I intend to move my non-global zones to exclusive IP
> instances so that I can route traffic through my NAT from the outside more
> easily (don't ask!). I do have a question, however. Say I have a machine
> with one physical link, e1000g0, which has no
Fixing the above CR requires changing how locking is done across the ZSD
callbacks. The new design is to determine what callbacks are needed
while holding the usual locks, but not hold any locks across the actual
callbacks.
This holds up under extreme stress testing where zones come and go at
Nicolas Williams wrote:
> Hmmm, someone commented (in the VSD case) that maybe we ought to have a
> common object-specific key facility. Here we have fixes to two
> different object-specific key facilities. I think a heads up to the RE
> for CR 6588504 is in order. And maybe we should think abo
Nicolas Williams wrote:
> On Wed, Aug 29, 2007 at 03:47:22PM -0700, Erik Nordmark wrote:
>> Comments?
>
> - $SRC/uts/common/sys/zone.h:483
> - $SRC/uts/common/sys/netstack.h:90
>
>s/looks/locks/
>
>
> - $SRC/uts/common/os/zone.c:321
&
Lewis Thompson wrote:
> Hi,
>
> I have a customer who has a basic IPMP config in his global zone:
>
>vnet0 & vnet1 [currently vnet0 has the 'floating' IP]
>
> In addition he has a zone with ip-type=shared where physical=vnet1
>
> When the zone boots the zone interface gets created on vnet0
Alain Durand wrote:
> Hi Ben,
>
> Thanks for your answer, there is indeed something different in the
> routing tables :
>
> - With the IP alias :
>
> Routing Table: IPv4
> Destination Gateway Flags Ref Use Interface
> ---
Alain Durand wrote:
> Thanks for your answer, I might be missing something obvious, but how
> can I add this route ?
>
> (global zone) # route add default xx.121.41.254
> add net default: gateway xx.121.41.254: Network is unreachable
I forgot about that part.
The common way is to add the route w
Alain Durand wrote:
> PS : On Solaris 10 Update 5 dladm cannot be used to create vlan's so I
> used "ifconfig vfe1000 plumb up" instead.
I haven't tested update 5 but in update 4 it worked fine as long as you
don't plumb it in the global zone. (No 'create-vlan' needed either.)
The use of the i
James Carlson wrote:
> Jeff Victor writes:
>> A NIC can be added to a running shared-IP zone by using the ifconfig
>> command its zone parameter.
>>
>> Can an unplumbed NIC be added to a running exclusive-IP zone usnig the
>> same method? (I don't have a system with enough NICs to test this.)
>
>
Patrick Pinchera wrote:
I'm working with a customer who wants to put 16 containers in an M8000
server. Each of these containers will have the need to have a "private
network" that they all share so that they can all talk to each other,
and the network traffic DOES NOT have to go outside of the
Running build 111a of opensolaris I created an exlusive-IP zone.
In the zone I try
r...@c1:~# routeadm -e ipv4-routing
Pattern 'route:default' doesn't match any instances
Comparing svcs -a | grep networking
in the global zone and the exclusive IP zone, there is a lot of
differen
Robert Hartzell wrote:
I have a host that's on two subnets:
10.0.0.0/24 (all external facing services through a firewall)
192.168.0.0/24 (internal lan)
I wish to move my external services into zones (dns, smtp, webstack) but
am having problems which I believe are caused by routing issues
On 01/25/10 02:29 AM, Tina wrote:
Hi all,
Can Zone work as a DHCP client? In my testing enviorment, all ip must be
assigned from a DHCP server, I have setup a solaris 10 (x86 version) and config
it as a DHCP client, now I tried to create a ZONE on it. How can I config the
ZONE as a DHCP clien
On 01/28/10 02:44 AM, Tina wrote:
Hi Erik,
Thanks for your suggestion. I have tried the way that run ifconfig bge0 zone
zoneA, it did not work. I'm a newer to solaris ZONE, I did not have a good idea
about how to troubleshooting it. :-) So I deceided to try IP-exclusive. Now I
install solaris
If I want to create zonenames that are known to be unique across a set
of nodes, one way to do this is to use fully qualified domain names as
the zonenames. But this might run into the current limit of the zonename
length.
Looking at the source I see:
/*
* The zone support infrastructure us
53 matches
Mail list logo