On 11/27/06, Nicolas Dorfsman <[EMAIL PROTECTED]> wrote:
Hi,I need a config where I have a slave zone configured with a vlan interface (ceY00X) and ipmp failover/balancing capability set. The master zone SHOULDN'T be able to talk directly in this vlan In my mind, I can't due to the fact that ipmp test-adresses have to be configured in the master zone. Correct ? Any idea or workaround ?
You can use link-based IPMP failure detection. In this case, there are no IP address configured on the VLAN interfaces used by your zone(s). The problems you will run into are: 1) http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6457375 Workaround would be to configure vlan interfaces as follows: $ cat /etc/hostname.e1000g49000 group mygroup 172.16.0.49 netmask 255.255.255.0 broadcast + down $ cat /etc/hostname.e1000g49001 group mygroup 172.16.1.49 netmask 255.255.255.0 broadcast + down Note: in the above configuration 172.16.x.y/24 addresses are used because they are used nowhere else in my environment. Those interfaces *never* come up and the same addresses are used on all machines. The x in the above is the interface instance number (without vlan munging) and the y is the VLAN ID. I actually have slightly more complicated rules do deal with VLAN ID's greater than 254, but you get the point. 2) If the zone needs to communicate with hosts on a different subnet than the zone is one, you will need to add appropriate routes in the global zone. I have replaced the standard solaris zones SMF service with my own to be able to cope with this. Mike -- Mike Gerdts http://mgerdts.blogspot.com/ _______________________________________________ networking-discuss mailing list [email protected]
