[zones-discuss] Routing issue with zones installed
Hi. I've got a routing issue with Solaris 10 Update 5 and I don't know if I can solve it. Basically I've got a multihomed server: enr...@server0:~$ ifconfig -a lo0: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 inet 127.0.0.1 netmask ff00 lo0:1: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 zone zone1 inet 127.0.0.1 netmask ff00 bge0: flags=1100843UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4 mtu 1500 index 2 inet 192.168.1.50 netmask e000 broadcast 192.168.31.255 nge1: flags=1100843UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4 mtu 1500 index 3 inet 192.168.96.77 netmask e000 broadcast 192.168.127.255 nge1:1: flags=1100843UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4 mtu 1500 index 3 zone zone1 which also acts forwards packets between the two subnets and acts as a router: enr...@server0:~$ routeadm Configuration Current Current Option ConfigurationSystem State --- IPv4 routing enabled enabled IPv6 routing disabled disabled IPv4 forwarding enabled enabled IPv6 forwarding disabled disabled Routing services route:default ripng:default Routing daemons: STATE FMRI disabled svc:/network/routing/legacy-routing:ipv4 disabled svc:/network/routing/legacy-routing:ipv6 disabled svc:/network/routing/ndp:default disabled svc:/network/routing/rdisc:default disabled svc:/network/routing/ripng:default disabled svc:/network/routing/ripng:quagga online svc:/network/routing/route:default disabled svc:/network/routing/zebra:quagga disabled svc:/network/routing/rip:quagga disabled svc:/network/routing/ospf:quagga disabled svc:/network/routing/ospf6:quagga disabled svc:/network/routing/bgp:quagga bge0 is up on a subnet (192.168.0.0/19) and nge1 is up on another subnet (192.168.96.0/19). The routing table is: enr...@reacciona0:~$ netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 192.168.96.1 UG12682544 default 192.168.96.1 UG12680065 nge1 192.168.0.0 192.168.1.50 U 1 24343 bge0 192.168.96.0 192.168.96.77U 1 11327 nge1 224.0.0.0192.168.1.50 U 1 0 bge0 127.0.0.1127.0.0.1UH2 8810 lo0 Zones running on subnet 192.168.96.0/19 have no problem because they see the default route through gateway 192.168.96.1 such as, for example: enr...@server0:~$ ssh enr...@zone1 netstat -rn Password: Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 192.168.96.1 UG12682596 default 192.168.96.1 UG12680117 nge1 192.168.96.0 192.168.96.53U 1 58 nge1:1 224.0.0.0192.168.96.53U 1 0 nge1:1 127.0.0.1127.0.0.1UH4 44 lo0:1 The problem I have is when creating shared IP zones on another subnet, such as the 192.168.0.0/19: subnet 192.168.96.0/19 is unreachable and they cannot connet to the outside world through 192.168.96.1. I thought that there would be a way to accomplish this because server0 is acting as a router and packet forwarder between these two subnets but I found no way to configure the zones. Other workstations on the 192.168.0.0/19 subnet have indeed no problem using server0 as default gateway. Is there any way to use server0 as a router from inside the shared IP zone so that the global zone forwards packets from one subnet to the other and be able to reach 192.168.96.1? Thanks, Enrico -- Ελευθερία ή θάνατος Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. GPG key: 1024D/FD2229AF fpr: 9E07 D40E 33A5 5993 6FC5 09A8 5BCF B1F2 FD22 29AF ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Routing issue with zones installed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks Christine. Multi homing the router is an option we are considering and I'm waiting for it to be assessed but unfortunately is not that obvious for us to get it. server0 is the global zone, indeed, and I thought I could use somehow its packet-forwarding and routing services from the 192.168.0.0/19 zone: but, as you explained, it's not a viable option. Thanks for the info, Enrico. Christine Tran wrote: The problem I have is when creating shared IP zones on another subnet, such as the 192.168.0.0/19: subnet 192.168.96.0/19 is unreachable and they cannot connet to the outside world through 192.168.96.1. It can't work this way. Your zone on 192.168.0.0/19 will never see 192.168.96.1 because that gateway is not local to it. Your defaultrouter has to be on same segment. You can get around this if you set 192.168.96.1 up with another interface local to 192.168.0.0/19, multi-home your router. Then you'll have to add another default route on your global zone. If you're doing this on nge0, you'll also have to zone your switch. Is there any way to use server0 as a router from inside the shared IP zone so that the global zone forwards packets from one subnet to the other and be able to reach 192.168.96.1? Yes, you can do it as described above. I assume you mean server0 is your global zone. CT -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn3KwgACgkQW8+x8v0iKa8M1wCg3mdya3gjeTRWWZmLUDlmFKkk I1EAniwAAt+xVI4wFxYQ4LGvnZ5XEYN6 =Vtki -END PGP SIGNATURE- ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] routing issue
I am facing some routing issue with the local zone talking to outside network. Here is the setup that I have: Configured global zone (bge0) to 10.x.180.0 network Configured local zone (bge1:1) to 10.x.230.0 network local zone can talk to the systems in 10.x.230.0 network, but it cannot talk to any other network. I cannot add the default route for 10.x.230.0 network in global zone as it doesnt have any network interface plumbe up in that network. Is there any way I configure the default route for local zones so that they can talk to other networks too. Thanks ramesh This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] routing issue
Hi Ramesh, Ramesh Mudradi wrote On 05/11/07 02:54,: I am facing some routing issue with the local zone talking to outside network. Here is the setup that I have: Configured global zone (bge0) to 10.x.180.0 network Configured local zone (bge1:1) to 10.x.230.0 network local zone can talk to the systems in 10.x.230.0 network, but it cannot talk to any other network. I cannot add the default route for 10.x.230.0 network in global zone as it doesnt have any network interface plumbe up in that network. Is there any way I configure the default route for local zones so that they can talk to other networks too. The only (*unsupported*) way I know of getting this to work is to ifconfig an address for subnet 230 on bge1 (probably any interface in the GZ) and set up your default routes, and then to remove the IP address. This will set up the routing without leaving the subnet's IP address in the GZ. This will be addressed with IP Instances, already in NV and due in Solaris 10 7/07. You will need at least one interface (physical, VLAN, or aggregation) per zone until VNICs come out. See Network Virtualization and Flow Management at http://www.opensolaris.org/os/project/crossbow/ Steffen reply-to set to alias Thanks ramesh This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
