My reply to Steffen didn't got through mailman ..
> Hi Tobias,
> First impression would that this is a routing issue.
> What is the IP address of the global zone? Are you running IPMP?
The global zone is bound to 3 of the 4 interfaces:
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 18.104.22.168 netmask ffffffe0 broadcast 22.214.171.124
e1000g1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 126.96.36.199 netmask ffffffe0 broadcast 188.8.131.52
e1000g2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 184.108.40.206 netmask ffffffe0 broadcast 220.127.116.11
The non-global zone is bound to 1 of the 4 interfaces:
e1000g2:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 18.104.22.168 netmask ffffffe0 broadcast 22.214.171.124
No other non-global zones are bound to e1000g0.
Here's my setup:
[EMAIL PROTECTED]:/etc]$ cat /etc/hosts
# Internet host table
126.96.36.199 tavo1g loghost
[EMAIL PROTECTED]:/etc]$ cat /etc/netmasks
[EMAIL PROTECTED]:/etc]$ cat /etc/hostname.e1000g0
[EMAIL PROTECTED]:/etc]$ cat /etc/hostname.e1000g1
[EMAIL PROTECTED]:/etc]$ cat /etc/hostname.e1000g2
[EMAIL PROTECTED]:/etc]$ cat /etc/default/mpathd
#pragma ident "@(#)mpathd.dfl 1.2 00/07/17 SMI"
# Time taken by mpathd to detect a NIC failure in ms. The minimum time
# that can be specified is 100 ms.
# Failback is enabled by default. To disable failback turn off this option
# By default only interfaces configured as part of multipathing groups
# are tracked. Turn off this option to track all network interfaces
# on the system
[EMAIL PROTECTED]:/etc]$ ifconfig e1000g0 modlist
[EMAIL PROTECTED]:/etc]$ ifconfig e1000g1 modlist
[EMAIL PROTECTED]:/etc]$ ifconfig e1000g2 modlist
Whats IPMP? Is it IP multipathing? Did not know this exists until your
reply? I did nothing to either enable or disable IP multipathing.
Just read the chapter in the Sys Adm Guide .. from my understanding of
this, my configuration above is NOT a IPMP one.
Thanks for helping,
> Tobias Oberstein wrote On 05/08/06 16:43,:
>> After spending many hours looking at ipmon/ethereal logs, I believe I've
>> a explanation (a bug?) for the following strange behaviour (Solaris 10u1):
>> I've got a non-global zone with Apache2 with dedicated IP and bound to
>> interface e1000g2 of a Sun X4200 box. The global zone has a different
>> dedicated IP bound to a different interface e1000g0.
>> When I point a browser at the web site, the HTML page often comes up
>> immediately, but sometimes it will hang and only load when I press the
>> reload browser button one or multiple times. This is reproducible with
>> different browsers from different networks with or without DNS resolution.
>> It's reproducible with other non-local zones configured alike and running
>> different TCP based services (namely SSH or non-Apache HTTP).
>> This is what happens in a failing case (Ethereal client dump
>> "dump_failed.txt" and IPF log "att1.txt" lines 1-3 pp): the incoming TCP SYN
>> comes over interface e1000g2 (correct) and is passed by IPF. However, the
>> non-global zone sends the TCP SYN-ACK package back over interface e1000g0,
>> which is wrong and causes IPF to fail to build a correct state entry. Then,
>> afterwards, the response packets from the webserver will be filtered by IPF,
>> since it has no state entry.
>> In the success case (Ethereal client dump "dump_success.txt" and IPF log
>> "att1.txt" lines 19-21 pp), the incoming TCP SYN is answered correctly by a
>> TCP SYN-ACK both over interface e1000g2. IPF can build a state entry and all
>> subsequent packets from the webserver reach the client.
This message posted from opensolaris.org
zones-discuss mailing list