Re: [zones-discuss] Can not ping between zones and internal network
admin guide http://download.oracle.com/docs/cd/E19963-01/html/821-1458/index.html Sent from my iPad Hung-Sheng Tsao ( LaoTsao) Ph.D On Sep 8, 2011, at 8:26, James Carlson carls...@workingcode.com wrote: carlopmart wrote: Thanks James. And yes, If I use shared IP as ip-type all works ok out-of-the-box. And as you say, it seems a bug. Where can I find samples about doing a bridge between physical interface host and vnic?? I think something like this should work: dladm create-bridge -l e1000g0 mybridge The man page for 'dladm' has more information. I'm pretty sure we wrote a chapter for the administrator's guide, but I'm no longer sure how to find that. Note that this is just a hack. What you really should be looking for is a fixed e1000g driver that handles the multiple unicast slots properly, or one that at least allows you to disable the slots so that the VNIC logic is forced to use promiscuous mode itself. You might try crossbow-disc...@opensolaris.org. They may have other ideas. -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Can not ping between zones and internal network
Hi all,
I have installed a new OpenIndiana host oi_151 to use zones. I have
installed as a test one zone:
root@oitst01:~# zoneadm list -iv
ID NAME STATUS PATH BRAND
IP
0 global running/ ipkg
shared
11 proxysrv running/zones/proxysrvipkg
excl
Using ip exclude option, from zone to network ping doesn't works, but
between global zone and proxysrv zone, ping works. OI host can ping to
all hosts on my network.
On global zone I have setup a virtual nic:
root@oitst01:~# dladm show-vnic
LINK OVER SPEED MACADDRESSMACADDRTYPE VID
vnic0e1000g0 1000 2:8:20:87:3c:db random 0
And zone xml file is:
?xml version=1.0 encoding=UTF-8?
!DOCTYPE zone PUBLIC -//Sun Microsystems Inc//DTD Zones//EN
file:///usr/share/lib/xml/dtd/zonecfg.dtd.1
!--
DO NOT EDIT THIS FILE. Use zonecfg(1M) instead.
--
zone name=proxysrv zonepath=/zones/proxysrv autoboot=false
brand=ipkg ip-type=exclusive
network physical=vnic0/
/zone
Ip config on zone is:
oot@proxy:~# ipadm show-addr
ADDROBJ TYPE STATEADDR
lo0/v4static ok 127.0.0.1/8
vnic0/_a static ok 172.25.50.21/27
lo0/v6static ok ::1/128
and routing table:
root@proxy:~# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
- - -- -
default 172.25.50.1 UG1 0
127.0.0.1127.0.0.1UH2 0 lo0
172.25.50.0 172.25.50.21 U 3 23 vnic0
Routing Table: IPv6
Destination/MaskGateway Flags Ref Use
If
--- --- - ---
--- -
::1 ::1 UH 2
0 lo0
Ip config on global is:
root@oitst01:~# ipadm show-addr
ADDROBJ TYPE STATEADDR
lo0/v4static ok 127.0.0.1/8
e1000g0/v4static static ok 172.25.50.26/27
lo0/v6static ok ::1/128
and routing table:
root@caradhras:~# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
- - -- -
default 172.25.50.1 UG2 1106 e1000g0
127.0.0.1127.0.0.1UH2216 lo0
172.25.50.0 172.25.50.26 U 6 15435 e1000g0
Routing Table: IPv6
Destination/MaskGateway Flags Ref Use
If
--- --- - ---
--- -
::1 ::1 UH 2
0 lo0
What am I doing wrong??
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
On 09/07/2011 08:27 PM, carlopmart wrote:
Hi all,
I have installed a new OpenIndiana host oi_151 to use zones. I have
installed as a test one zone:
root@oitst01:~# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / ipkg shared
11 proxysrv running /zones/proxysrv ipkg excl
Using ip exclude option, from zone to network ping doesn't works, but
between global zone and proxysrv zone, ping works. OI host can ping to
all hosts on my network.
On global zone I have setup a virtual nic:
root@oitst01:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnic0 e1000g0 1000 2:8:20:87:3c:db random 0
And zone xml file is:
?xml version=1.0 encoding=UTF-8?
!DOCTYPE zone PUBLIC -//Sun Microsystems Inc//DTD Zones//EN
file:///usr/share/lib/xml/dtd/zonecfg.dtd.1
!--
DO NOT EDIT THIS FILE. Use zonecfg(1M) instead.
--
zone name=proxysrv zonepath=/zones/proxysrv autoboot=false
brand=ipkg ip-type=exclusive
network physical=vnic0/
/zone
Ip config on zone is:
oot@proxy:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
vnic0/_a static ok 172.25.50.21/27
lo0/v6 static ok ::1/128
and routing table:
root@proxy:~# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
- - -- -
default 172.25.50.1 UG 1 0
127.0.0.1 127.0.0.1 UH 2 0 lo0
172.25.50.0 172.25.50.21 U 3 23 vnic0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--- --- - ---
--- -
::1 ::1 UH 2 0 lo0
Ip config on global is:
root@oitst01:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
e1000g0/v4static static ok 172.25.50.26/27
lo0/v6 static ok ::1/128
and routing table:
root@caradhras:~# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
- - -- -
default 172.25.50.1 UG 2 1106 e1000g0
127.0.0.1 127.0.0.1 UH 2 216 lo0
172.25.50.0 172.25.50.26 U 6 15435 e1000g0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--- --- - ---
--- -
::1 ::1 UH 2 0 lo0
What am I doing wrong??
Please, any help??
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
may be you need a defrouter On 9/7/2011 4:00 PM, carlopmart wrote: On 09/07/2011 08:27 PM, carlopmart wrote: Hi all, I have installed a new OpenIndiana host oi_151 to use zones. I have installed as a test one zone: root@oitst01:~# zoneadm list -iv ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared 11 proxysrv running /zones/proxysrv ipkg excl Using ip exclude option, from zone to network ping doesn't works, but between global zone and proxysrv zone, ping works. OI host can ping to all hosts on my network. On global zone I have setup a virtual nic: root@oitst01:~# dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE VID vnic0 e1000g0 1000 2:8:20:87:3c:db random 0 And zone xml file is: ?xml version=1.0 encoding=UTF-8? !DOCTYPE zone PUBLIC -//Sun Microsystems Inc//DTD Zones//EN file:///usr/share/lib/xml/dtd/zonecfg.dtd.1 !-- DO NOT EDIT THIS FILE. Use zonecfg(1M) instead. -- zone name=proxysrv zonepath=/zones/proxysrv autoboot=false brand=ipkg ip-type=exclusive network physical=vnic0/ /zone Ip config on zone is: oot@proxy:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 vnic0/_a static ok 172.25.50.21/27 lo0/v6 static ok ::1/128 and routing table: root@proxy:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 172.25.50.1 UG 1 0 127.0.0.1 127.0.0.1 UH 2 0 lo0 172.25.50.0 172.25.50.21 U 3 23 vnic0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --- --- - --- --- - ::1 ::1 UH 2 0 lo0 Ip config on global is: root@oitst01:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 e1000g0/v4static static ok 172.25.50.26/27 lo0/v6 static ok ::1/128 and routing table: root@caradhras:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 172.25.50.1 UG 2 1106 e1000g0 127.0.0.1 127.0.0.1 UH 2 216 lo0 172.25.50.0 172.25.50.26 U 6 15435 e1000g0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --- --- - --- --- - ::1 ::1 UH 2 0 lo0 What am I doing wrong?? Please, any help?? attachment: laotsao.vcf___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
On 09/07/2011 10:08 PM, Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D. wrote:
may be you need a defrouter
I have setup default router using route (-p) command on zone system. Do
you refer to setup defroter under xml config zone's file?? maybe, but
Can I do this using exclude as a ip-type option??
And I see something strange. If I put vnic on zone system in promiscous
mode (using snoop), all works ok. Strange??
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
carlopmart wrote: On 09/07/2011 10:08 PM, Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D. wrote: may be you need a defrouter I have setup default router using route (-p) command on zone system. Yes; that much was obvious from the netstat -nr output that you'd originally included. I don't know what that previous poster was on about. Do you refer to setup defroter under xml config zone's file?? maybe, but Can I do this using exclude as a ip-type option?? And I see something strange. If I put vnic on zone system in promiscous mode (using snoop), all works ok. Strange?? That sounds like a system bug. For some reason, the Ethernet interface is not properly receiving packets for the second MAC address that you've configured. That's something that should just be automatic, and the apparent fact that it's not doing that is a bug. Since this zone and the global zone are on the same subnet, one possible option here is to go with shared IP stack rather than exclusive. Or, as another possible work-around, you could put that interface into promiscuous mode at a pretty low level by configuring bridging and adding the global zone's interface to a bridge. -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
On 09/07/2011 11:28 PM, James Carlson wrote:
carlopmart wrote:
On 09/07/2011 10:08 PM, Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D. wrote:
may be you need a defrouter
I have setup default router using route (-p) command on zone system.
Yes; that much was obvious from the netstat -nr output that you'd
originally included. I don't know what that previous poster was on about.
Do
you refer to setup defroter under xml config zone's file?? maybe, but
Can I do this using exclude as a ip-type option??
And I see something strange. If I put vnic on zone system in promiscous
mode (using snoop), all works ok. Strange??
That sounds like a system bug. For some reason, the Ethernet interface
is not properly receiving packets for the second MAC address that you've
configured. That's something that should just be automatic, and the
apparent fact that it's not doing that is a bug.
Since this zone and the global zone are on the same subnet, one possible
option here is to go with shared IP stack rather than exclusive.
Or, as another possible work-around, you could put that interface into
promiscuous mode at a pretty low level by configuring bridging and
adding the global zone's interface to a bridge.
Thanks James. And yes, If I use shared IP as ip-type all works ok
out-of-the-box. And as you say, it seems a bug.
Where can I find samples about doing a bridge between physical interface
host and vnic??
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
zones-discuss mailing list
zones-discuss@opensolaris.org
