IT dragons tamed since 2006 (with 748 solutions and growing)

[login]
[join]

your IP[54.80.131.187]




If you thought this solution was helpfull, please login and vote. Not a member? click here

ID739
TitleHow to build zones that are in a different subnet/vlan than the global, and have them route correctly
Byjohn
Keywordsvlan tagging zones independant routing
CategorySolaris 10
Votes0
Views28
Score28
Date2017-04-12
Body
How to build zones that are in a differnt subnet/vlan than the global, and have them route correctly
====================================================================================================

AKA: vlan tagging, zones, and independant routing from the zones


================================
The IP details for this example.
================================

global dracko = 10.220.128.125 255.255.255.0 GW 10.220.128.11

zone dracko-zn1 = 10.220.44.20 255.255.255.0 GW 10.220.44.10 VLAN 44

zone dracko-zn2 = 10.220.43.20 255.255.255.0 GW 10.220.43.10 VLAN 43

====================================
1. add the netmasks to /etc/netmasks
====================================

dracko:/: cat /etc/netmasks
10.220.128.0    255.255.255.0
10.220.44.0     255.255.255.0
10.220.43.0     255.255.255.0

===================================
2. DO NOT add to /etc/defaultrouter
===================================

dracko:/: cat /etc/defaultrouter
10.220.128.11

==================
3. Plumb the VLANS
==================

the formula is adaptername[vlan * 1000][+ adapter number]

Our main NIC is e1000g0 so:

e1000g and 44 * 1000 + 0  for VLAN 44
e1000g and 43 * 1000 + 0  for VLAN 43

dracko:/: ifconfig e1000g44000 plumb up
dracko:/: ifconfig e1000g43000 plumb up

===============
4. Now we have:
===============

dracko:/: ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849 mtu 8232 index 1
zone dracko-zn1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849 mtu 8232 index 1
zone dracko-zn2
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843 mtu 1500 index 2
inet 10.220.128.125 netmask ffffff00 broadcast 10.220.128.255
ether 0:14:4f:7e:56:46
e1000g43000: flags=201000842 mtu 1500 index 4
inet 0.0.0.0 netmask 0
ether 0:14:4f:7e:56:46
e1000g44000: flags=201000842 mtu 1500 index 3
inet 0.0.0.0 netmask 0
ether 0:14:4f:7e:56:46

dracko:/: dladm show-link
e1000g0         type: non-vlan  mtu: 1500       device: e1000g0
e1000g44000     type: vlan 44   mtu: 1500       device: e1000g0
e1000g43000     type: vlan 43   mtu: 1500       device: e1000g0
e1000g1         type: non-vlan  mtu: 1500       device: e1000g1
e1000g2         type: non-vlan  mtu: 1500       device: e1000g2
e1000g3         type: non-vlan  mtu: 1500       device: e1000g3

=====================
5. Make it permanent:
=====================

touch /etc/hostname.e1000g44000
touch /etc/hostname.e1000g43000

DO NOT put anything in these files! They are just so the interfaces are plumbed on reboot

==========================
6. Modify each zone config
==========================

dracko:/: zonecfg -z dracko-zn1
zonecfg:dracko-zn1> remove net
zonecfg:dracko-zn1> add net
zonecfg:dracko-zn1:net> set physical=e1000g44000	<---- the VLAN device
zonecfg:dracko-zn1:net> set address=10.220.44.20
zonecfg:dracko-zn1:net> set defrouter=10.220.44.10	<---- set default route here, not in the global
zonecfg:dracko-zn1:net> end
zonecfg:dracko-zn1> verify
zonecfg:dracko-zn1> exit


Note: rinse and repeat for all zones

=================
7. boot the zones
=================

dracko:/: zoneadm -z dracko-zn1 boot
dracko:/: zoneadm -z dracko-zn2 boot

=================================================
8. Now lets look at the ifconfig from the global:
=================================================

dracko:/:  ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849 mtu 8232 index 1
zone dracko-zn1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849 mtu 8232 index 1
zone dracko-zn2
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843 mtu 1500 index 2
inet 10.220.128.125 netmask ffffff00 broadcast 10.220.128.255
ether 0:14:4f:7e:56:46
e1000g43000: flags=201000842 mtu 1500 index 4
inet 0.0.0.0 netmask 0
ether 0:14:4f:7e:56:46
e1000g43000:1: flags=201000843 mtu 1500 index 4
zone dracko-zn2
inet 10.220.43.20 netmask ffffff00 broadcast 10.220.43.255
e1000g44000: flags=201000842 mtu 1500 index 3
inet 0.0.0.0 netmask 0
ether 0:14:4f:7e:56:46
e1000g44000:1: flags=201000843 mtu 1500 index 3
zone dracko-zn1
inet 10.220.44.20 netmask ffffff00 broadcast 10.220.44.255
dracko:/:

===============================
9: Netstat -nr from the global:
===============================

dracko:/:  netstat -nr

Routing Table: IPv4
Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              10.220.128.11        UG        1         12
default              10.220.44.10         UG        1          0 e1000g44000
default              10.220.43.10         UG        1          0 e1000g43000
10.220.128.0         10.220.128.125       U         1          2 e1000g0
224.0.0.0            10.220.128.125       U         1          0 e1000g0
127.0.0.1            127.0.0.1            UH        1          0 lo0
dracko:/:

=================================
10: A network view from the zone:
=================================

dracko:/:  zlogin -C dracko-zn1
[Connected to zone 'dracko-zn1' console]

# bash
bash-3.2#
bash-3.2# ifconfig -a
lo0:1: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g44000:1: flags=201000843 mtu 1500 index 3
inet 10.220.44.20 netmask ffffff00 broadcast 10.220.44.255
bash-3.2# netstat -nr

Routing Table: IPv4
Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              10.220.44.10         UG        1          0 e1000g44000
10.220.44.0          10.220.44.20         U         1          1 e1000g44000:1
224.0.0.0            10.220.44.20         U         1          0 e1000g44000:1
127.0.0.1            127.0.0.1            UH        4        122 lo0:1
bash-3.2#
bash-3.2# ping 10.220.44.10
10.220.44.10 is alive     <-- woohoo!



SharediggDigg this solutiondel.icio.usPost to del.icio.usSlashdotSlashdot it!email to a friend
PrintPrint This Solution Print
If you thought this solution was helpfull, please login and vote. Not a member? click here


Latest News

Thanks to Dave for hosting this site!

Registered User Area

[login]
[new user]


Paying the Rent



Advanced Search:

Choose body, keywords, title, or all to include in search 
words to include in search 
and(+)

Choose body, keywords, title, or all to include in search 
additional words to include in search 
not(-)

Choose body, keywords, title, or all to exclude in search 
words to exclude from search 


catagory
order by






diggDigg Dracko
del.icio.usPost to del.icio.us
SlashdotSlashdot us!




Don't forget to vote!
Powered by John Core
Bye!

Dracko by John Core

me

View John Core's profile on LinkedIn


Certifications
security logo saber ccsa logo ccna-logo hbss veritas

Technologies
oracle_logo
solaris_logo linux-logo openstack_logo vbox_logo splunk storagetek_logo sun_logo oraclevm_logo brocade_logo bsd_logo

Languages
c-logo bash-logo php-logo

Employers
PlanetPayment Medecision AWi PennStateHershey DISA DLA cim Sun

Consulting
KMBS PNC FBI CCS PTD Sentinel