[networking-discuss] Basic Virtual Network on Single System

Sun, 11 Apr 2010 20:35:56 -0700 

Guys, I wonder if I may ask for a quick sanity check on what we're trying to 
do...

Have set up a 'Basic' Virtual net on a single system, in an effort to 
consolidate several machines.  Idea is to isolate specific services (DNS, 
database, http), each in its own zone, and each on its own virtual IP address.  
Got the basics down, apparently, as all IP addresses on this single-system 
virtual net can see (ping) each other, and back-and-forth from other machines 
on this subnet also works.

Started with the 'Basic' vnet setup, as we do need these services visible, and 
speaking, to 'external' machines.  It isn't meant to be a completely isolated 
'private' virtual network.

Ultimate goal is to direct all traffic from external sources to one address on 
this box, then redirect it - [i]based on port[/i] - to the correct zone; dns, 
http(s), etc.  Presumably traffic should be directed to vnic0 - in the global 
zone - in the configuration below?  I'd like it to be the 'switch' - I think - 
for all traffic within all zones on this box.  Simple enough, right?

Have been using Solaris Virtual Networks document (819-6990) as a general 
recipe, which in various places variously suggests (and in others doesn't even 
mention) that the 'global' zone should also be assigned a vnic. so, I've 
assigned vnic0 to the global zone.

# dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
vnic0        rge0         1000   2:8:20:56:9:a1    random              0        
    <- for global zone
vnic1        rge0         1000   2:8:20:13:14:8    random              0        
    <- for zone1
vnic2        rge0         1000   2:8:20:95:dc:d1   random              0        
    <- for zone2

# dladm show-link
LINK        CLASS     MTU    STATE    BRIDGE     OVER
rge0        phys      1500   up       --         --
vnic0       vnic      1500   up       --         rge0
vnic1       vnic      1500   up       --         rge0
vnic2       vnic      1500   up       --         rge0

Q1: Is what we're trying even feasible using this 'basic' setup, or is an 
etherstub-based approach required?  IE, do we really need a 'private' network 
here?
Q2: From here, I understand we must use IPfilter to grab and redirect ports, 
true?  
Q3: If we need IPfilter, don't we need at least one etherstub?  IE, doesn't 
this suggest that this 'basic' setup cannot be used in our case?

Looking for a few expert suggestions here - any ideas?
-- 
This message posted from opensolaris.org
_______________________________________________
networking-discuss mailing list
[email protected]

Reply via email to