[OpenIndiana-discuss] Isolating networks for zones
Jeppe Toustrup
openindiana at tenzer.dk
Sun Oct 30 11:29:40 UTC 2011
On Sun, Oct 30, 2011 at 09:27, carlopmart <carlopmart at gmail.com> wrote:
> Thanks Jeppe. I don't have configured a etherstub. current config is:
>
> root at oihost:~# dladm show-vnic
> LINK OVER SPEED MACADDRESS MACADDRTYPE VID
> dmzlan0 e1000g1 1000 2:8:20:dc:48:d9 random 0
>
> and dladm show-phys:
>
> root at oihost:~# dladm show-phys
> LINK MEDIA STATE SPEED DUPLEX DEVICE
> e1000g0 Ethernet up 1000 full e1000g0
> e1000g1 Ethernet up 1000 full e1000g1
> e1000g2 Ethernet unknown 0 half e1000g2
>
> But one question: how can I associate certail physical interface to a
> etherstub?? Do I need to create a bridge with only one interface??
Right, that means your dmzlan0 vnic is basically connected to the same
network as e1000g1. If you only want to get traffic to the zone which
is meant for it, then you should not use a vnic, but instead set
"ip-type=shared" in the zone configuration and set the physical
interface to "e1000g1", then the zone will only get traffic intended
for it while being connected to the same network as e1000g1.
Alternatively, you can use an etherstub as previously mentioned. That
does however require you to set up routing of packages in the global
zone, in order for packages to get from the physical network to the
etherstub network. Packages will then basically go like this:
Physical network -> Physical network interface (global zone) -> VNIC
(active on global zone) -> Etherstub -> VNIC (belonging to zone).
--
Venlig hilsen / Kind regards
Jeppe Toustrup (aka. Tenzer)
More information about the OpenIndiana-discuss
mailing list