[zones-discuss] Shared-ip routing and VNI interface
I'm having a problem figuring out why my ping replies never get sent. I have a Blade 1500 running Solaris 10 08/07 On it I have 2 active local zones, zone1 and zone2, their configs are: # zonecfg -z zone1 export create -b set zonepath=/zones/zone1 set autoboot=false set ip-type=shared add inherit-pkg-dir set dir=/lib end add inherit-pkg-dir set dir=/platform end add inherit-pkg-dir set dir=/sbin end add inherit-pkg-dir set dir=/usr end add net set address=192.168.200.50 set physical=vni0 end and # zonecfg -z zone2 export create -b set zonepath=/zones/zone2 set autoboot=false set ip-type=shared add inherit-pkg-dir set dir=/lib end add inherit-pkg-dir set dir=/platform end add inherit-pkg-dir set dir=/sbin end add inherit-pkg-dir set dir=/usr end add net set address=192.168.200.51 set physical=vni1 end The global zone has 192.168.200.14 configured on bge0 The default gateway is 192.168.200.4. If I configure a host route routing 192.168.200.50 to 192.168.200.14 on the router (192.168.200.4) and ping 192.168.200.50 I see echo request packets arrive on the bge0 interface but I never see any replies go out. 192.168.200.4 - 192.168.200.50 ICMP Echo request (ID: 27266 Sequence number: 744) 192.168.200.4 - 192.168.200.50 ICMP Echo request (ID: 27266 Sequence number: 745) 192.168.200.4 - 192.168.200.50 ICMP Echo request (ID: 27266 Sequence number: 746) The routing table shows: netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 192.168.200.4UG1 0 192.168.42.0 192.168.42.1 U 1 0 bge0:1 192.168.200.0192.168.200.14 U 1 5 bge0 224.0.0.0192.168.200.14 U 1 0 bge0 127.0.0.1127.0.0.1UH1 38 lo0 ifconfig -a shows : # ifconfig -a lo0: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 inet 127.0.0.1 netmask ff00 lo0:1: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 zone zone1 inet 127.0.0.1 netmask ff00 lo0:2: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 zone zone2 inet 127.0.0.1 netmask ff00 bge0: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index 2 inet 192.168.200.14 netmask ff00 broadcast 192.168.200.255 ether 0:3:ba:2f:c1:bb bge0:1: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index 2 inet 192.168.42.1 netmask ff00 broadcast 192.168.42.255 vni0: flags=20010100c0RUNNING,NOARP,NOXMIT,IPv4,VIRTUAL mtu 0 index 3 inet 0.0.0.0 netmask 0 vni0:1: flags=20010100c1UP,RUNNING,NOARP,NOXMIT,IPv4,VIRTUAL mtu 0 index 3 zone zone1 inet 192.168.200.50 netmask ff00 vni1: flags=20010100c0RUNNING,NOARP,NOXMIT,IPv4,VIRTUAL mtu 0 index 4 inet 0.0.0.0 netmask 0 vni1:1: flags=20010100c1UP,RUNNING,NOARP,NOXMIT,IPv4,VIRTUAL mtu 0 index 4 zone zone2 inet 192.168.200.51 netmask ff00 # Any ideas ? Paul ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Shared-ip routing and VNI interface
Paul, Have you done zlogin -C zonename, it will initialize the zone environment including the network. Chris Paul Van Der Zwan wrote: I'm having a problem figuring out why my ping replies never get sent. I have a Blade 1500 running Solaris 10 08/07 On it I have 2 active local zones, zone1 and zone2, their configs are: # zonecfg -z zone1 export create -b set zonepath=/zones/zone1 set autoboot=false set ip-type=shared add inherit-pkg-dir set dir=/lib end add inherit-pkg-dir set dir=/platform end add inherit-pkg-dir set dir=/sbin end add inherit-pkg-dir set dir=/usr end add net set address=192.168.200.50 set physical=vni0 end and # zonecfg -z zone2 export create -b set zonepath=/zones/zone2 set autoboot=false set ip-type=shared add inherit-pkg-dir set dir=/lib end add inherit-pkg-dir set dir=/platform end add inherit-pkg-dir set dir=/sbin end add inherit-pkg-dir set dir=/usr end add net set address=192.168.200.51 set physical=vni1 end The global zone has 192.168.200.14 configured on bge0 The default gateway is 192.168.200.4. If I configure a host route routing 192.168.200.50 to 192.168.200.14 on the router (192.168.200.4) and ping 192.168.200.50 I see echo request packets arrive on the bge0 interface but I never see any replies go out. 192.168.200.4 - 192.168.200.50 ICMP Echo request (ID: 27266 Sequence number: 744) 192.168.200.4 - 192.168.200.50 ICMP Echo request (ID: 27266 Sequence number: 745) 192.168.200.4 - 192.168.200.50 ICMP Echo request (ID: 27266 Sequence number: 746) The routing table shows: netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 192.168.200.4UG1 0 192.168.42.0 192.168.42.1 U 1 0 bge0:1 192.168.200.0192.168.200.14 U 1 5 bge0 224.0.0.0192.168.200.14 U 1 0 bge0 127.0.0.1127.0.0.1UH1 38 lo0 ifconfig -a shows : # ifconfig -a lo0: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 inet 127.0.0.1 netmask ff00 lo0:1: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 zone zone1 inet 127.0.0.1 netmask ff00 lo0:2: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu 8232 index 1 zone zone2 inet 127.0.0.1 netmask ff00 bge0: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index 2 inet 192.168.200.14 netmask ff00 broadcast 192.168.200.255 ether 0:3:ba:2f:c1:bb bge0:1: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index 2 inet 192.168.42.1 netmask ff00 broadcast 192.168.42.255 vni0: flags=20010100c0RUNNING,NOARP,NOXMIT,IPv4,VIRTUAL mtu 0 index 3 inet 0.0.0.0 netmask 0 vni0:1: flags=20010100c1UP,RUNNING,NOARP,NOXMIT,IPv4,VIRTUAL mtu 0 index 3 zone zone1 inet 192.168.200.50 netmask ff00 vni1: flags=20010100c0RUNNING,NOARP,NOXMIT,IPv4,VIRTUAL mtu 0 index 4 inet 0.0.0.0 netmask 0 vni1:1: flags=20010100c1UP,RUNNING,NOARP,NOXMIT,IPv4,VIRTUAL mtu 0 index 4 zone zone2 inet 192.168.200.51 netmask ff00 # Any ideas ? Paul ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Shared-ip routing and VNI interface
Paul Van Der Zwan writes: I'm having a problem figuring out why my ping replies never get sent. There's no way for any of your configured zones to transmit, so they don't. Vni is really not much different from lo0. You cannot transmit packets on vni -- it's just a place to hang a local IP address. That's why they say NOXMIT when you configure them. The global zone has 192.168.200.14 configured on bge0 You need to give your zones access to bge0 if you want them to transmit there. You give access by assigning an address on that interface. -- James Carlson, Solaris Networking [EMAIL PROTECTED] Sun Microsystems / 35 Network Drive71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Shared-ip routing and VNI interface
On 3 Dec 2007, at 12:49, James Carlson wrote: Paul Van Der Zwan writes: I'm having a problem figuring out why my ping replies never get sent. There's no way for any of your configured zones to transmit, so they don't. Vni is really not much different from lo0. You cannot transmit packets on vni -- it's just a place to hang a local IP address. That's why they say NOXMIT when you configure them. The global zone has 192.168.200.14 configured on bge0 You need to give your zones access to bge0 if you want them to transmit there. You give access by assigning an address on that interface. What I was trying to do was have the option of running multiple zones, on different hosts, configured with the same IP address on a VNI interface so a loadbalancer can balance between different zones, each with the same configuration as far as the application, running within the zone,is concerned. If I give each zone a unique address on the bge0 intf. and an application address on the vni, will the zone be able to route traffic out to the client? For example: service address=10.1.1.1 default gateway=192.168.1.254 zone1 on host1 has 192.168.1.1 on bge0 and 10.1.1.1 on vni0 zone1 on host2 has 192.168.1.2 on bge0 and 10.1.1.1 on vni0 The loadbalancer routes 10.1.1.1 traffic for session1 to 192.168.1.1 Would traffic from zone1 be able to go out to the internet using the default gateway 192.168.1.254 with a source of 10.1.1.1 or would the source become 192.168.1.1 ( even if the application binds to 10.1.1.1 ) ? Is there some documentation on the routing in Solaris 10 esp. in combination with zones ? TIA Paul ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Shared-ip routing and VNI interface
Paul van der Zwan writes: service address=10.1.1.1 default gateway=192.168.1.254 zone1 on host1 has 192.168.1.1 on bge0 and 10.1.1.1 on vni0 zone1 on host2 has 192.168.1.2 on bge0 and 10.1.1.1 on vni0 That looks like a variant on the original design target for vni, so I'd expect it to work. The loadbalancer routes 10.1.1.1 traffic for session1 to 192.168.1.1 Would traffic from zone1 be able to go out to the internet using the default gateway 192.168.1.254 with a source of 10.1.1.1 or would the source become 192.168.1.1 ( even if the application binds to 10.1.1.1 ) ? Yes, it should be able to reach that router because the configuration of bge0 in the zone gives it access to that subnet. No, the system never alters a chosen source address. The only time we ever pick a source address is when the application itself has not chosen one -- either it hasn't called bind() at all, or it has called bind() and supplied an all-zeros address. Is there some documentation on the routing in Solaris 10 esp. in combination with zones ? Besides the man pages and docs.sun.com, there's some useful information in the FAQ: http://www.opensolaris.org/os/community/zones/faq/#cfg_io -- James Carlson, Solaris Networking [EMAIL PROTECTED] Sun Microsystems / 35 Network Drive71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Shared-ip routing and VNI interface
On (11/30/07 08:25), Mike Gerdts wrote: The 10.1.1.100 address must not be reachable. The last time I tried this in Nevada it causes a panic. The last time I tried it on S10 it causes one kernel thread to spin (mpstat will show one CPU at 100% sys). Through bugs.opensolaris.org I opened a bug (6422863) but now I cannot see that bug through bugs.opensolaris.org. Anyone from Sun care to comment? That bug was fixed in SXDE 9/07 See also: http://unix.derkeiler.com/Newsgroups/comp.unix.solaris/2006-11/msg01251.html --Sowmini ___ zones-discuss mailing list zones-discuss@opensolaris.org
