Mike Gerdts wrote On 03/17/07 10:33,: > On 3/15/07, Darren Dunham <dunhamd at pacbell.net> wrote: > >> (But you'd need to wait for some other changes to the networking >> before you can run a DHCP server in a zone. I don't think that's >> possible today). > > > In my lab, I have DHCP servers working in sparse non-global zones > today, even with S10U3. They keys to getting it to work are: > > 1. Add net_rawaccess and /dev/ip when configuring the zone. > 2. Remove privileges=all from the dhcp service > 3. Manually set the interface list in /etc/inet/dhcpsvc.conf > > I do have some concerns regarding the ability to update the ARP table > with this configuration, which will likely go away once each zone can > have its own IP stack. (Perhaps this is in Nevada now, I forget and > haven't had a chance to test the last ~10 builds.)
The IP Instances part of project crossbow deliver the feature to have a zone have its own view of the stack. It is available as a BFU on top of NV, but not yet integrated into NV. I'll have to see if you steps are easier in a zone with an exclusive IP instance. Steffen > > A more detailed tour of the steps for those that need a bit more > detail follows... > > When configuring the zone: > > set limitpriv = default,net_rawaccess > add device > set match=/dev/ip > > Inside the zone, remove "privileges='all'" from the start method of > /var/svc/manifest/network/dhcp-server.xml. You will then need to > notify SMF of this change. There is likely a shorter version of this, > but the following should definitely do it: > > svcadm disable network/dhcp-server > svccfg delete network/dhcp-server > svccfg import /var/svc/manifest/network/dhcp-server.xml > > Disclaimers apply (e.g. that file will be overwritten by patches, > etc.). In real life I create a different service in the > /var/svc/manifest/site directory and create dependencies that ensure > that my service and network/dhcp-server do not run at the same time. > > For dhcp-server to really run, you need to update > /etc/inet/dhcpsvc.conf to list the INTERFACES=. A good idea would be > to automatically update that on boot before dhcp-server starts so that > it has the right virtual interface in there across reboots when zones > may come up in different order. > > I have also noticed the following when the DHCP server gives out a lease: > > in.dhcpd[22624]: [ID 480883 daemon.error] ADD: Cannot modify ARP table > to add: 10.11.12.13 > > It seems as though the zone would require the sys_net_config privilege > to force entries into the ARP table. When serving addresses on the > same subnet, this seems to have no impact. I have not tried > cross-subnet DHCP services with this config yet. I don't fully > understand the impact of the comment at > http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.lib/in.dhcpd/interfaces.c#1402 > > > yet. > > Mike > >
