[OpenIndiana-discuss] Advice for setting up a build zone with a different subnet than the main network interface

Till Wegmueller toasterson at gmail.com
Tue Feb 1 21:26:53 UTC 2022 

Hey Aurelian

You need two VNIC's one for the Zone and one for the GZ. John names are 
hard to differentiate but in the example he also uses two VNICS.

Happy hacking
Till

On 01.02.22 18:00, Aurélien Larcher wrote:
>>
>>
>> Do not use NWAM:
>> # svcadm enable svc:/network/physical:default
>> # ipadm create-addr -T dhcp bge0/v4
>>
>> Do create an etherstub for your build NGZ:
>> # dladm create-etherstub zonenet0
>> # dladm create-vnic -l zonenet0 gz0
>> # dladm create-vnic -l zonenet0 bz0
>>
>> Do assign a private network to your etherstub:
>> # ipadm create-addr -T static -a 192.168.0.1/24 gz0/v4
>>
>> # cat <<EOF| zonecfg -z build -f -
>> add net
>> set allowed-address="192.168.0.2/24"
>> set physical="bz0"
>> set defrouter="192.168.0.1"
>> end
>> EOF
>>
>> Do use ipnat and IP Forwarding to allow your build NGZ to connect
>> your university network:
>> # cat /etc/ipf/ipnat.conf
>> map bge0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
>> # routeadm -e ipv4-forwarding
>> # routeadm -u
>>
>>
> Dear John,
> thank you for your insightful suggestion and my apologies for the delay, I
> have been busy with a handful of PhD students finishing soon...
> 
> I have switched to network/physical:default and implemented your suggestion
> with the etherstub.
> 
> However I am very surprised that on both my systems this approach fails as
> the network interface is not configured in the zone.
> 
> Even stranger, it seems that the vnic is only partially exposed to the zone.
> 
> For example:
> 
> GZ:
> root at pegasus:~# dladm show-vnic
> LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
> br0          ether0       0      2:8:20:da:ec:bb   random              0
> vnic0        ether0       0      2:8:20:cb:7b:85   random              0
> 
> NGZ:
> root at build:~# dladm show-vnic
> LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
> vnic0        ?            0      2:8:20:cb:7b:85   random              0
> 
> On the second machin the zone simply refused to boot and the zoneadm
> service is stuck, I cannot boot any other zone.
> 
> My setup without the etherstub led to a configured interface, in this case
> the vnic was linked to the physical interface directly.
> 
> I wonder if we have some limitations in vanilla illumos which may have been
> fixed in e.g. smartos.
> 
> 
> Kind regards,
> 
> Aurélien
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>>
>> Happy hacking,
>> John
>> groenveld at acm.org
>>
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>>
> 
>

More information about the openindiana-discuss mailing list