Re: [zones-discuss] Shared-IP zones - global network

[Matthew Taylor]

My apologies for the lateness of this summary - work has been interesting.

The solution on the routing side was to plumb and fully activate two nics in
the global zone for the two subnets the whole root zones would be active in.

For the zones themselves each nic assigned to a zone was plumbed with a null
address and gateway in the global zone and with the zone specific
information within the zone.  No routing was needed in the zones - the
global routing table is passed through to the zones.

This is suboptimal from a security standpoint as the global zone must be in
the public sphere if the working zones are.  It is also wasteful of nics.

The long term solution, budget allowing, would be to buy some newer nics.

Thank you to all who helped.

Matthew


On 4/2/08 8:49 PM, Steffen Weiberle [EMAIL PROTECTED] wrote:

 Matthew Taylor wrote:
 Thank you, and to those who replied off line as well.  I will try it out and
 report back on my success (or not) in the morning.
 
 It does strike me that this should be in the docs.  I have gone through
 817-1592-15, the Zones admin guide, and find little to nothing on what the
 configuration of the global zone should be to enable shared-ip.  I can't be
 the only one to want to use otherwise not in use physical nics.
 
 Its not in the docs because (AFAIK) it is not a test, and thus not
 supported, configuration. As I state or paraphrase it, because of the
 shared IP, the expectation is that the global and non-global zones are
 on the same subnet. Many deployments want to have the global, or system
 administrative, zone on a separate admin network, and the non-global
 zones on the service networks. The original implementation, and dare I
 say design [1], was not to that. And as I have been repeatedly told by
 folks who know the routing very well, trying to get routing to do the
 right thing and what users would like it to do may be very difficult in
 a single IP instance.
 
 IP Instances is in place to help address that, but as you have found
 out, unfortunately it does not work with all NICs (in Solaris and in
 OpenSolaris prior to b84).
 
 I have been reading the design doc recently and need to look back at the
 networking part to be sure.
 
 Steffen
 
 [1] http://www.opensolaris.org/os/community/arc/caselog/2002/174/
 
 This message posted from opensolaris.org
 ___
 zones-discuss mailing list
 zones-discuss@opensolaris.org
 

-- 
Matthew Taylor
Montgomery College
Office of Information Technology
240.567.3100
[EMAIL PROTECTED]



___
zones-discuss mailing list
zones-discuss@opensolaris.org

[zones-discuss] Shared-IP zones - global network config preconditions

[Matthew Taylor]

Apologies if my search-fu failed me and the answer is out there.

I have a box with 1 hme and 8 qfe interfaces.  I would normally used exclusive 
IP zones, but that is not possible with these non-gldv3 driven interfaces, so I 
am forced to use shared IP zones.  

hme0 is configured on the host with a 10.x.x.x address.  This is the only IP 
address to be used on the global zone.

Each shared-ip zone is to have two of the physical qfe addresses assigned to 
it, in two different subnets, one public, one the same 10.x.x.x as in the 
global.


I have searched, and can not find the answer to this question:

Do the qfe's all have to have to be plumbed and have an assigned IP address in 
the global zone separate from the IP address assigned in the non-global zone 
configuration?
 
 
This message posted from opensolaris.org
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Shared-IP zones - global network

[Matthew Taylor]

Do you know if plumbing all the qfe's without assigning an IP address will 
persist across reboots of the base system?  Never tried that on Solaris (works 
on LINUX iirc, but you have to enter the info in a script).
 
 
This message posted from opensolaris.org
___
zones-discuss mailing list
zones-discuss@opensolaris.org