[OpenIndiana-discuss] Isolating networks for zones

carlopmart carlopmart at gmail.com
Sun Oct 30 21:59:15 UTC 2011 

On 10/30/2011 12:29 PM, Jeppe Toustrup wrote:
> On Sun, Oct 30, 2011 at 09:27, carlopmart<carlopmart at gmail.com>  wrote:
>> Thanks Jeppe. I don't have configured a etherstub. current config is:
>>
>> root at oihost:~# dladm show-vnic
>> LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
>> dmzlan0      e1000g1      1000   2:8:20:dc:48:d9   random              0
>>
>> and dladm show-phys:
>>
>> root at oihost:~# dladm show-phys
>> LINK         MEDIA                STATE      SPEED  DUPLEX    DEVICE
>> e1000g0      Ethernet             up         1000   full      e1000g0
>> e1000g1      Ethernet             up         1000   full      e1000g1
>> e1000g2      Ethernet             unknown    0      half      e1000g2
>>
>> But one question: how can I associate certail physical interface to a
>> etherstub?? Do I need to create a bridge with only one interface??
>
> Right, that means your dmzlan0 vnic is basically connected to the same
> network as e1000g1. If you only want to get traffic to the zone which
> is meant for it, then you should not use a vnic, but instead set
> "ip-type=shared" in the zone configuration and set the physical
> interface to "e1000g1", then the zone will only get traffic intended
> for it while being connected to the same network as e1000g1.
>
> Alternatively, you can use an etherstub as previously mentioned. That
> does however require you to set up routing of packages in the global
> zone, in order for packages to get from the physical network to the
> etherstub network. Packages will then basically go like this:
>
> Physical network ->  Physical network interface (global zone) ->  VNIC
> (active on global zone) ->  Etherstub ->  VNIC (belonging to zone).
>
> --

Many thanks Jeppe. I am reconfiguring this zone to use ip-type=shared 
instead of exlusive. My zone config is:

zonename: dnssrvdmz
zonepath: /zones/dnssrvdmz
brand: ipkg
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
fs-allowed:
net:
	address: 172.25.80.5
	allowed-address not specified
	physical: e1000g1
	defrouter: 172.25.80.1

But when I try to boot this new zone, console returns me this error:

"WARNING: skipping network interface 'e1000g1' which may not be 
present/plumbed in the global zone."

Do I need to "ifconfig up" this physical interface before zone boots??

Thanks.


-- 
CL Martinez
carlopmart {at} gmail {d0t} com

More information about the OpenIndiana-discuss mailing list