headers
ryan nelson | 4 May 2012 08:08
Favicon
Gravatar

Re: how to create private net between zones

You don't have a default route there, which suggests that maybe your
nics sections in your zone-definition.json file weren't in the right
order.  The first nic specified (in the array of nice in the config
file) will be the default router for a defined zone.

Can you share your json files for the zones you're setting up?

Saying you "can't route past the global zone's IP" isn't relevant… the
global zone isn't a router (at layer 3) for tcp traffic… it often
doesn't even have an interface on the networks that the zones (and
their vnics) do.  The global zone just creates the vnics for the
zones, which each have their own tcp stack.

If you're using an etherstub, however, that's just a virtual switch
inside the global zone, connecting zones to each other within the box
(it's an "island") … you'll need some nics to be on real, connected
physical nics.

I created a test host with:

- a nic labeled "admin" , with an IP address bound to it
- a nic labeled "external" with an IP address bound to it , with the
global zone's gateway on that
- a nic labeled "other" , with no IP in the global zone
- an etherstub definition named "stubnet0"

… on there, i created a zone with a nic on each of these network
segments, and the default route on the first one defined.

My configs are online at
http://www.evernote.com/shard/s2/sh/fcd50289-93c1-4512-91d2-28c3df5a2008/f89b261fab46559a5d864a8859269863

… I'll try to get 'em on the wiki soon.

On Thu, May 3, 2012 at 7:49 PM, Rod Morison <rod@...> wrote:
> Thanks Daniel, really helpful. The only thing that didn't work is the
> gateway "to the outside". In zone[12] I can't ping he gateway, or route
> traffic anywhere past the global zone's ip.
>
> Does this route table look right for a zone? I'm not used to Solaris
> conventions...in Linux I'd expect a route to 0.0.0.0 with the gateway
> address:
>
> [root <at> dda07569-77eb-43d6-a5f7-5a21f0dd351f ~]# netstat -rn
>
> Routing Table: IPv4
>  Destination           Gateway           Flags  Ref     Use     Interface
> -------------------- -------------------- ----- ----- ---------- ---------
> 10.0.0.0             10.0.1.2             U         3          1 net1
> 127.0.0.1            127.0.0.1            UH        2          0 lo0
> 192.168.66.0         192.168.66.92        U         2          0 net0
>
> (Though smartos is in a virtualbox VM with a bridged adapter, with
> promiscuous turned on, I admit it's possible it "just doesn't work" in a
> vbox VM...though the docs imply it should.)
>
>
>
> On 05/01/2012 02:09 AM, Daniel Malon wrote:
>>
>> Create a etherstub (or add it to /usbkey/config with etherstub="switch0"
>> and reboot)
>>
>> create the two zones - i created them with two nics (one global on the
>> admin network and one on the etherstub)
>>
>> from here you're done … i think
>>
>> I gisted my configs, GZ network info and the ping commands from inside the
>> zones
>>
>> https://gist.github.com/e18d343cde4509afaa51
>>
>> (All done in vmware - so if really needed i could also package that up)
>> the
>
>
>
> -------------------------------------------
> smartos-discuss
> Archives: https://www.listbox.com/member/archive/184463/=now
> RSS Feed:
> https://www.listbox.com/member/archive/rss/184463/21482896-b87d2f10
> Modify Your Subscription:
> https://www.listbox.com/member/?&
> Powered by Listbox: http://www.listbox.com

-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/22274025-bb028611
Modify Your Subscription: https://www.listbox.com/member/?member_id=22274025&id_secret=22274025-875711e2
Powered by Listbox: http://www.listbox.com
Permalink | Reply |

Gmane