[OpenIndiana-discuss] Advice for setting up a build zone with a different subnet than the main network interface

Aurélien Larcher aurelien.larcher at gmail.com
Tue Feb 1 21:00:58 UTC 2022 

>
>
> Do not use NWAM:
> # svcadm enable svc:/network/physical:default
> # ipadm create-addr -T dhcp bge0/v4
>
> Do create an etherstub for your build NGZ:
> # dladm create-etherstub zonenet0
> # dladm create-vnic -l zonenet0 gz0
> # dladm create-vnic -l zonenet0 bz0
>
> Do assign a private network to your etherstub:
> # ipadm create-addr -T static -a 192.168.0.1/24 gz0/v4
>
> # cat <<EOF| zonecfg -z build -f -
> add net
> set allowed-address="192.168.0.2/24"
> set physical="bz0"
> set defrouter="192.168.0.1"
> end
> EOF
>
> Do use ipnat and IP Forwarding to allow your build NGZ to connect
> your university network:
> # cat /etc/ipf/ipnat.conf
> map bge0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
> # routeadm -e ipv4-forwarding
> # routeadm -u
>
>
Dear John,
thank you for your insightful suggestion and my apologies for the delay, I
have been busy with a handful of PhD students finishing soon...

I have switched to network/physical:default and implemented your suggestion
with the etherstub.

However I am very surprised that on both my systems this approach fails as
the network interface is not configured in the zone.

Even stranger, it seems that the vnic is only partially exposed to the zone.

For example:

GZ:
root at pegasus:~# dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
br0          ether0       0      2:8:20:da:ec:bb   random              0
vnic0        ether0       0      2:8:20:cb:7b:85   random              0

NGZ:
root at build:~# dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
vnic0        ?            0      2:8:20:cb:7b:85   random              0

On the second machin the zone simply refused to boot and the zoneadm
service is stuck, I cannot boot any other zone.

My setup without the etherstub led to a configured interface, in this case
the vnic was linked to the physical interface directly.

I wonder if we have some limitations in vanilla illumos which may have been
fixed in e.g. smartos.


Kind regards,

Aurélien










>
> Happy hacking,
> John
> groenveld at acm.org
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>


-- 
---
Praise the Caffeine embeddings

More information about the openindiana-discuss mailing list