[OpenIndiana-discuss] Advice for setting up a build zone with a different subnet than the main network interface

Till Wegmueller toasterson at gmail.com
Tue Feb 1 21:53:24 UTC 2022 

Huh?

Does this not show the etherstub layout?
 > GZ:
 > root at pegasus:~# dladm show-vnic
 > LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE 
  > VID
 > br0          ether0       0      2:8:20:da:ec:bb   random              0
 > vnic0        ether0       0      2:8:20:cb:7b:85   random              0
 >
 > NGZ:
 > root at build:~# dladm show-vnic
 > LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE 
  > VID
 > vnic0        ?            0      2:8:20:cb:7b:85   random              0

On OI CI in Hetzner my output looks like this.

root at oidc1:~# dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
oijenkins0   oinetint0    0      2:8:20:e0:f6:20   random              0
gzpublic0    public0      0      2:8:20:37:b7:54   random              0
oinetentry0  public0      0      2:8:20:3a:12:52   random              0
oinetentry1  oinetint0    0      2:8:20:67:a0:16   random              0

So I would expect your output to show at least VNIC0 and a VNIC1.
Also ip-type=exclusive must be set for it to work.

Greetings
Till

On 01.02.22 18:33, Aurélien Larcher wrote:
> On Tue, Feb 1, 2022 at 10:27 PM Till Wegmueller <toasterson at gmail.com>
> wrote:
> 
>> Hey Aurelian
>>
>> You need two VNIC's one for the Zone and one for the GZ. John names are
>> hard to differentiate but in the example he also uses two VNICS.
>>
> 
> That's exactly what I have done.
> 
> The vnic for the zone is not used in the GZ, not configured but fails to be
> recognized in the zone.
> 
> If I create a vnic without an etherstub then the vnic is seen in the zone.
> 
>>
>> Happy hacking
>> Till
>>
>> On 01.02.22 18:00, Aurélien Larcher wrote:
>>>>
>>>>
>>>> Do not use NWAM:
>>>> # svcadm enable svc:/network/physical:default
>>>> # ipadm create-addr -T dhcp bge0/v4
>>>>
>>>> Do create an etherstub for your build NGZ:
>>>> # dladm create-etherstub zonenet0
>>>> # dladm create-vnic -l zonenet0 gz0
>>>> # dladm create-vnic -l zonenet0 bz0
>>>>
>>>> Do assign a private network to your etherstub:
>>>> # ipadm create-addr -T static -a 192.168.0.1/24 gz0/v4
>>>>
>>>> # cat <<EOF| zonecfg -z build -f -
>>>> add net
>>>> set allowed-address="192.168.0.2/24"
>>>> set physical="bz0"
>>>> set defrouter="192.168.0.1"
>>>> end
>>>> EOF
>>>>
>>>> Do use ipnat and IP Forwarding to allow your build NGZ to connect
>>>> your university network:
>>>> # cat /etc/ipf/ipnat.conf
>>>> map bge0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
>>>> # routeadm -e ipv4-forwarding
>>>> # routeadm -u
>>>>
>>>>
>>> Dear John,
>>> thank you for your insightful suggestion and my apologies for the delay,
>> I
>>> have been busy with a handful of PhD students finishing soon...
>>>
>>> I have switched to network/physical:default and implemented your
>> suggestion
>>> with the etherstub.
>>>
>>> However I am very surprised that on both my systems this approach fails
>> as
>>> the network interface is not configured in the zone.
>>>
>>> Even stranger, it seems that the vnic is only partially exposed to the
>> zone.
>>>
>>> For example:
>>>
>>> GZ:
>>> root at pegasus:~# dladm show-vnic
>>> LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE
>>   VID
>>> br0          ether0       0      2:8:20:da:ec:bb   random              0
>>> vnic0        ether0       0      2:8:20:cb:7b:85   random              0
>>>
>>> NGZ:
>>> root at build:~# dladm show-vnic
>>> LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE
>>   VID
>>> vnic0        ?            0      2:8:20:cb:7b:85   random              0
>>>
>>> On the second machin the zone simply refused to boot and the zoneadm
>>> service is stuck, I cannot boot any other zone.
>>>
>>> My setup without the etherstub led to a configured interface, in this
>> case
>>> the vnic was linked to the physical interface directly.
>>>
>>> I wonder if we have some limitations in vanilla illumos which may have
>> been
>>> fixed in e.g. smartos.
>>>
>>>
>>> Kind regards,
>>>
>>> Aurélien
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>
>>>> Happy hacking,
>>>> John
>>>> groenveld at acm.org
>>>>
>>>> _______________________________________________
>>>> openindiana-discuss mailing list
>>>> openindiana-discuss at openindiana.org
>>>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>>>>
>>>
>>>
>>
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> https://openindiana.org/mailman/listinfo/openindiana-discuss
>>
> 
>

More information about the openindiana-discuss mailing list