Re: [OpenIndiana-discuss] Isolating networks for zones

Sun, 30 Oct 2011 14:59:48 -0700 

On 10/30/2011 12:29 PM, Jeppe Toustrup wrote:

On Sun, Oct 30, 2011 at 09:27, carlopmart<carlopm...@gmail.com>  wrote:

Thanks Jeppe. I don't have configured a etherstub. current config is:

root@oihost:~# dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
dmzlan0      e1000g1      1000   2:8:20:dc:48:d9   random              0

and dladm show-phys:

root@oihost:~# dladm show-phys
LINK         MEDIA                STATE      SPEED  DUPLEX    DEVICE
e1000g0      Ethernet             up         1000   full      e1000g0
e1000g1      Ethernet             up         1000   full      e1000g1
e1000g2      Ethernet             unknown    0      half      e1000g2

But one question: how can I associate certail physical interface to a
etherstub?? Do I need to create a bridge with only one interface??


Right, that means your dmzlan0 vnic is basically connected to the same
network as e1000g1. If you only want to get traffic to the zone which
is meant for it, then you should not use a vnic, but instead set
"ip-type=shared" in the zone configuration and set the physical
interface to "e1000g1", then the zone will only get traffic intended
for it while being connected to the same network as e1000g1.

Alternatively, you can use an etherstub as previously mentioned. That
does however require you to set up routing of packages in the global
zone, in order for packages to get from the physical network to the
etherstub network. Packages will then basically go like this:

Physical network ->  Physical network interface (global zone) ->  VNIC
(active on global zone) ->  Etherstub ->  VNIC (belonging to zone).

--
Many thanks Jeppe. I am reconfiguring this zone to use ip-type=shared instead of exlusive. My zone config is: 

zonename: dnssrvdmz
zonepath: /zones/dnssrvdmz
brand: ipkg
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
fs-allowed:
net:
        address: 172.25.80.5
        allowed-address not specified
        physical: e1000g1
        defrouter: 172.25.80.1

But when I try to boot this new zone, console returns me this error:
"WARNING: skipping network interface 'e1000g1' which may not be present/plumbed in the global zone." 

Do I need to "ifconfig up" this physical interface before zone boots??

Thanks.


--
CL Martinez
carlopmart {at} gmail {d0t} com

_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Reply via email to