[OpenIndiana-discuss] KVM in Zones && networking
Jacques Hugo
jacques.hugo at threetwo.co.uk
Mon Feb 22 20:00:16 UTC 2016
Hi all,
Apologies for the late reply; work, life, etc ... Here are the answers to
your questions, if you need anything else please let me know:
The reason for running KVM in Zones is pretty much around security and a bit
more. You have the "layered virtualisation" approach, should your KVM
instance be compromised, the intruder will find himself on an empty Zone.
You also have the advantage of managing the KVM via standard Solaris Zone
commands including SMF. In a clustered environment (i.e.: VCS) we have the
capability of being able to "fail over" a Zone between nodes, and indeed to
DR even if the DR cluster is on another continent; works a treat.
Running KVM in the GZ is straight forward. Some info:
1. GZ:
# dladm show-phys
LINK MEDIA STATE SPEED DUPLEX
DEVICE
igb0 Ethernet up 1000 full
igb0
# dladm show-vnic
LINK OVER SPEED MACADDRESS
MACADDRTYPE VID
net0 igb0 1000 2:8:20:4:5e:e1 random
0
net1 igb0 1000 2:8:20:d:5b:d2 random
0
vnic0 igb0 1000 2:8:20:d8:c2:5d random
0
vnic1 igb0 1000 2:8:20:d8:ad:72 random
0
kvm1 igb0 1000 2:8:20:52:33:8e random
0
2. Current KVM in GZ:
GZ runs on net0, and KVM in GZ runs on net1 ... all good
there.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>
mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
net0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
index 3
inet 192.168.1.39 netmask ffffff00 broadcast 192.168.1.255
ether 2:8:20:4:5e:e1
net1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index
4
inet 0.0.0.0 netmask 0
ether 2:8:20:d:5b:d2
From the ifconfig output above, I *did not* have to plumb the net1
interface for the KVM instance, it appeared automatically.
3. Here's the Zone:
# zonecfg -z src export
create -b
set zonepath=/naspool/zones/src
set brand=ipkg
set autoboot=false
set ip-type=exclusive
add net
set physical=vnic1
end
add net
set physical=kvm1
end
add device
set match=/dev/kvm
end
add device
set match=/dev/zvol/rdsk/naspool/zones/src/kvm
end
add dataset
set name=naspool/zones/src/kvm
end
I have 2 x vnics presented to it ... vnic1 for the Zone, and kvm1
for the KVM
And this is what it looks like inside the Zone:
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE
VID
vnic1 ? 1000 2:8:20:d8:ad:72 random
0
kvm1 ? 1000 2:8:20:52:33:8e random
0
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>
mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnic1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
index 2
inet 192.168.1.41 netmask ffffff00 broadcast 192.168.1.255
ether 2:8:20:d8:ad:72
You can see both NIC instances:
# ls -l /dev/net/
total 0
crw-rw-rw- 1 root sys 265, 1024 Feb 21 18:24 kvm1
crw-rw-rw- 1 root sys 265, 1005 Feb 21 18:20 vnic1
When the KVM starts, it *does not* plumb the vnic assigned to it (kvm1).
Doing it manually it complains about the interface already in use.
I have seen various documentation in the INET describing this to work
perfectly, however I can't get the networking to work. Any help
appreciated.
Cheers,
Jacques
Jacques Hugo
Three Two Labs
Information Technology | Solaris Engineering 32L
Phone +44 7939 433701
jacques.hugo at threetwo.co.uk
-----Original Message-----
From: John D Groenveld [mailto:jdg117 at elvis.arl.psu.edu]
Sent: 22 February 2016 14:55
To: Discussion list for OpenIndiana <openindiana-discuss at openindiana.org>
Subject: Re: [OpenIndiana-discuss] KVM in Zones && networking
In message <56CB0D12.20503 at calin.de>, Calin Somoza writes:
>No Connection to/from kvm Solaris 11 Guest:
As Jon explained to Jacques, its probably because the interface you handed
to KVM is already plumbed.
John
groenveld at acm.org
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
More information about the openindiana-discuss
mailing list