Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
On Saturday 17 March 2007 08:47 am, [EMAIL PROTECTED] wrote: > >The IP Instances part of project crossbow deliver the feature to have a > > zone have its own view of the stack. It is available as a BFU on top of > > NV, but not yet integrated into NV. > > IP instances have integrated. (build 56 or something? Here's a presentation that Eric Nordmark did for SVOSUG, if anyone is interested. http://blogs.sun.com/aland/resource/ipinstances-svosug.pdf -- Alan DuBoff - Solaris x86 Engineering - IHV/OEM Group Advocate of insourcing at Sun - hire people that care about our company! ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
> My statement "At the beginning..." meant "When the first part(s) of > Crossbow are in Solaris 10." At this point, IP Instances will probably > be that "first part" and that is what I was talking about. OK. From an engineering perspective, I consider the projects complementary but independent. But maybe the I-Teams for those projects will disagree with me ;-) -- meem ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
Peter Memishian wrote: > > It might be nice to have a full list of the (otherwise Sun supported) > > NICs which don't work, if there isn't one already. I wasn't aware > > of this particular limitation. Do you know of such a list? > > At the beginning, Crossbow will only support GLDv3 NICs. Is there a > list of all NICs supported by Sun with Solaris 10? I don't follow. Crossbow is not currently in any release of S10. My statement "At the beginning..." meant "When the first part(s) of Crossbow are in Solaris 10." At this point, IP Instances will probably be that "first part" and that is what I was talking about. There are plans for Crossbow (once available) to make use of the softmac GLDv3 driver being provided by Clearview to allow any Solaris network driver to be used -- GLDv3 or otherwise. For a more definitive statement, please ask crossbow-discuss. Agreed. I got my info from Erik N., and I'm confident that he is on that alias. If you're talking about IP Instances, the restriction is not tied specifically to GLDv3, but rather on the DLPI styles offered by the network driver, as Jim previously described. -- -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
Steffen Weiberle wrote: I'll have to see if you steps are easier in a zone with an exclusive IP instance. FWIW There wasn't anything extra I had to do when I tested the DHCP server in an exclusive-IP zone a few months back. Erik ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
> > It might be nice to have a full list of the (otherwise Sun supported) > > NICs which don't work, if there isn't one already. I wasn't aware > > of this particular limitation. Do you know of such a list? > > At the beginning, Crossbow will only support GLDv3 NICs. Is there a > list of all NICs supported by Sun with Solaris 10? I don't follow. Crossbow is not currently in any release of S10. There are plans for Crossbow (once available) to make use of the softmac GLDv3 driver being provided by Clearview to allow any Solaris network driver to be used -- GLDv3 or otherwise. For a more definitive statement, please ask crossbow-discuss. If you're talking about IP Instances, the restriction is not tied specifically to GLDv3, but rather on the DLPI styles offered by the network driver, as Jim previously described. -- meem ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
Dan Price wrote: On Sat 17 Mar 2007 at 08:02PM, James Carlson wrote: Dan Price writes: - Currently must be tied to a physical NIC -- in other words you must dedicate a real NIC (not a logical interface) to each IP instance you want to run. This limitation is expected to be lifted when the Virtual NIC part of Crossbow is integrated. A physical DLPI Style 1 NIC -- Style 2 (such as hme and ce) won't work with it yet. (Clearview should fix this.) It might be nice to have a full list of the (otherwise Sun supported) NICs which don't work, if there isn't one already. I wasn't aware of this particular limitation. Do you know of such a list? At the beginning, Crossbow will only support GLDv3 NICs. Is there a list of all NICs supported by Sun with Solaris 10? -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
On Sat 17 Mar 2007 at 08:02PM, James Carlson wrote: > Dan Price writes: > > - Currently must be tied to a physical NIC -- in other words > > you must dedicate a real NIC (not a logical interface) > > to each IP instance you want to run. This limitation is > > expected to be lifted when the Virtual NIC part of Crossbow is > > integrated. > > A physical DLPI Style 1 NIC -- Style 2 (such as hme and ce) won't work > with it yet. (Clearview should fix this.) It might be nice to have a full list of the (otherwise Sun supported) NICs which don't work, if there isn't one already. I wasn't aware of this particular limitation. Do you know of such a list? Of interest to customers wishing to use this would likely be a list of some supported NICs whose drivers are DLPI style 1 (and especially those with >1 port). -dp -- Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
Dan Price writes: > - Currently must be tied to a physical NIC -- in other words > you must dedicate a real NIC (not a logical interface) > to each IP instance you want to run. This limitation is > expected to be lifted when the Virtual NIC part of Crossbow is > integrated. A physical DLPI Style 1 NIC -- Style 2 (such as hme and ce) won't work with it yet. (Clearview should fix this.) Also, you can't have your own private kernel modules inside the non-global zones (so, if you were expecting to run a separate instance of Firewall-1 there, that won't work), and the NFS server hasn't been virtualized (meaning that you can't yet have an NFS server in a non-global zone). -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
> - Currently must be tied to a physical NIC -- in other words > you must dedicate a real NIC (not a logical interface) > to each IP instance you want to run. Or you can dedicate a VLAN on that NIC. -- meem ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
On Sat 17 Mar 2007 at 04:47PM, [EMAIL PROTECTED] wrote: > > >The IP Instances part of project crossbow deliver the feature to have a zone > >have its own view of the stack. It is available as a BFU on top of NV, but > >not yet integrated into NV. This is slightly inaccurate: I allows each zone to have its *own* stack, not a view into a single centralized stack. > IP instances have integrated. (build 56 or something? In b57. The key things (I think) to know for IP Instances: - Configuration time choice for the administrator - A complete and tunable network stack per zone-- including DHCP client, IPsec, etc. - Provides much greater network configuration flexibility for zones - Less centralized control in the global zone - Currently must be tied to a physical NIC -- in other words you must dedicate a real NIC (not a logical interface) to each IP instance you want to run. This limitation is expected to be lifted when the Virtual NIC part of Crossbow is integrated. Thanks, -dp -- Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
> >The IP Instances part of project crossbow deliver the feature to have a zone > >have its own view of the stack. It is available as a BFU on top of NV, but > >not yet integrated into NV. > > IP instances have integrated. (build 56 or something? Build 57 (and it's mostly separate from Crossbow). -- meem ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
>The IP Instances part of project crossbow deliver the feature to have a zone >have its own view of the stack. It is available as a BFU on top of NV, but >not yet integrated into NV. IP instances have integrated. (build 56 or something? Casper ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [install-discuss] DHCP Server in zone, WAS: Install software from SXCE DVD?
Mike Gerdts wrote On 03/17/07 10:33,: On 3/15/07, Darren Dunham <[EMAIL PROTECTED]> wrote: (But you'd need to wait for some other changes to the networking before you can run a DHCP server in a zone. I don't think that's possible today). In my lab, I have DHCP servers working in sparse non-global zones today, even with S10U3. They keys to getting it to work are: 1. Add net_rawaccess and /dev/ip when configuring the zone. 2. Remove privileges=all from the dhcp service 3. Manually set the interface list in /etc/inet/dhcpsvc.conf I do have some concerns regarding the ability to update the ARP table with this configuration, which will likely go away once each zone can have its own IP stack. (Perhaps this is in Nevada now, I forget and haven't had a chance to test the last ~10 builds.) The IP Instances part of project crossbow deliver the feature to have a zone have its own view of the stack. It is available as a BFU on top of NV, but not yet integrated into NV. I'll have to see if you steps are easier in a zone with an exclusive IP instance. Steffen A more detailed tour of the steps for those that need a bit more detail follows... When configuring the zone: set limitpriv = default,net_rawaccess add device set match=/dev/ip Inside the zone, remove "privileges='all'" from the start method of /var/svc/manifest/network/dhcp-server.xml. You will then need to notify SMF of this change. There is likely a shorter version of this, but the following should definitely do it: svcadm disable network/dhcp-server svccfg delete network/dhcp-server svccfg import /var/svc/manifest/network/dhcp-server.xml Disclaimers apply (e.g. that file will be overwritten by patches, etc.). In real life I create a different service in the /var/svc/manifest/site directory and create dependencies that ensure that my service and network/dhcp-server do not run at the same time. For dhcp-server to really run, you need to update /etc/inet/dhcpsvc.conf to list the INTERFACES=. A good idea would be to automatically update that on boot before dhcp-server starts so that it has the right virtual interface in there across reboots when zones may come up in different order. I have also noticed the following when the DHCP server gives out a lease: in.dhcpd[22624]: [ID 480883 daemon.error] ADD: Cannot modify ARP table to add: 10.11.12.13 It seems as though the zone would require the sys_net_config privilege to force entries into the ARP table. When serving addresses on the same subnet, this seems to have no impact. I have not tried cross-subnet DHCP services with this config yet. I don't fully understand the impact of the comment at http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.lib/in.dhcpd/interfaces.c#1402 yet. Mike ___ zones-discuss mailing list zones-discuss@opensolaris.org