Re: [zones-discuss] Can not ping between zones and internal network
On 09/07/2011 11:28 PM, James Carlson wrote: carlopmart wrote: On 09/07/2011 10:08 PM, "Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D." wrote: may be you need a defrouter I have setup default router using route (-p) command on zone system. Yes; that much was obvious from the "netstat -nr" output that you'd originally included. I don't know what that previous poster was on about. Do you refer to setup defroter under xml config zone's file?? maybe, but Can I do this using exclude as a ip-type option?? And I see something strange. If I put vnic on zone system in promiscous mode (using snoop), all works ok. Strange?? That sounds like a system bug. For some reason, the Ethernet interface is not properly receiving packets for the second MAC address that you've configured. That's something that should just be automatic, and the apparent fact that it's not doing that is a bug. Since this zone and the global zone are on the same subnet, one possible option here is to go with shared IP stack rather than exclusive. Or, as another possible work-around, you could put that interface into promiscuous mode at a pretty low level by configuring bridging and adding the global zone's interface to a bridge. Thanks James. And yes, If I use shared IP as ip-type all works ok out-of-the-box. And as you say, it seems a bug. Where can I find samples about doing a bridge between physical interface host and vnic?? -- CL Martinez carlopmart {at} gmail {d0t} com ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
carlopmart wrote: > On 09/07/2011 10:08 PM, "Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D." wrote: >> may be you need a defrouter >> > > I have setup default router using route (-p) command on zone system. Yes; that much was obvious from the "netstat -nr" output that you'd originally included. I don't know what that previous poster was on about. > Do > you refer to setup defroter under xml config zone's file?? maybe, but > Can I do this using exclude as a ip-type option?? > > And I see something strange. If I put vnic on zone system in promiscous > mode (using snoop), all works ok. Strange?? That sounds like a system bug. For some reason, the Ethernet interface is not properly receiving packets for the second MAC address that you've configured. That's something that should just be automatic, and the apparent fact that it's not doing that is a bug. Since this zone and the global zone are on the same subnet, one possible option here is to go with shared IP stack rather than exclusive. Or, as another possible work-around, you could put that interface into promiscuous mode at a pretty low level by configuring bridging and adding the global zone's interface to a bridge. -- James Carlson 42.703N 71.076W ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
On 09/07/2011 10:08 PM, "Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D." wrote: may be you need a defrouter I have setup default router using route (-p) command on zone system. Do you refer to setup defroter under xml config zone's file?? maybe, but Can I do this using exclude as a ip-type option?? And I see something strange. If I put vnic on zone system in promiscous mode (using snoop), all works ok. Strange?? -- CL Martinez carlopmart {at} gmail {d0t} com ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
may be you need a defrouter On 9/7/2011 4:00 PM, carlopmart wrote: On 09/07/2011 08:27 PM, carlopmart wrote: Hi all, I have installed a new OpenIndiana host oi_151 to use zones. I have installed as a test one zone: root@oitst01:~# zoneadm list -iv ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared 11 proxysrv running /zones/proxysrv ipkg excl Using ip exclude option, from zone to network ping doesn't works, but between global zone and proxysrv zone, ping works. OI host can ping to all hosts on my network. On global zone I have setup a virtual nic: root@oitst01:~# dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE VID vnic0 e1000g0 1000 2:8:20:87:3c:db random 0 And zone xml file is: Ip config on zone is: oot@proxy:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 vnic0/_a static ok 172.25.50.21/27 lo0/v6 static ok ::1/128 and routing table: root@proxy:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 172.25.50.1 UG 1 0 127.0.0.1 127.0.0.1 UH 2 0 lo0 172.25.50.0 172.25.50.21 U 3 23 vnic0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --- --- - --- --- - ::1 ::1 UH 2 0 lo0 Ip config on global is: root@oitst01:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 e1000g0/v4static static ok 172.25.50.26/27 lo0/v6 static ok ::1/128 and routing table: root@caradhras:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 172.25.50.1 UG 2 1106 e1000g0 127.0.0.1 127.0.0.1 UH 2 216 lo0 172.25.50.0 172.25.50.26 U 6 15435 e1000g0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --- --- - --- --- - ::1 ::1 UH 2 0 lo0 What am I doing wrong?? Please, any help?? <>___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can not ping between zones and internal network
On 09/07/2011 08:27 PM, carlopmart wrote: Hi all, I have installed a new OpenIndiana host oi_151 to use zones. I have installed as a test one zone: root@oitst01:~# zoneadm list -iv ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared 11 proxysrv running /zones/proxysrv ipkg excl Using ip exclude option, from zone to network ping doesn't works, but between global zone and proxysrv zone, ping works. OI host can ping to all hosts on my network. On global zone I have setup a virtual nic: root@oitst01:~# dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE VID vnic0 e1000g0 1000 2:8:20:87:3c:db random 0 And zone xml file is: Ip config on zone is: oot@proxy:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 vnic0/_a static ok 172.25.50.21/27 lo0/v6 static ok ::1/128 and routing table: root@proxy:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 172.25.50.1 UG 1 0 127.0.0.1 127.0.0.1 UH 2 0 lo0 172.25.50.0 172.25.50.21 U 3 23 vnic0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --- --- - --- --- - ::1 ::1 UH 2 0 lo0 Ip config on global is: root@oitst01:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 e1000g0/v4static static ok 172.25.50.26/27 lo0/v6 static ok ::1/128 and routing table: root@caradhras:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 172.25.50.1 UG 2 1106 e1000g0 127.0.0.1 127.0.0.1 UH 2 216 lo0 172.25.50.0 172.25.50.26 U 6 15435 e1000g0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --- --- - --- --- - ::1 ::1 UH 2 0 lo0 What am I doing wrong?? Please, any help?? -- CL Martinez carlopmart {at} gmail {d0t} com ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Can not ping between zones and internal network
Hi all, I have installed a new OpenIndiana host oi_151 to use zones. I have installed as a test one zone: root@oitst01:~# zoneadm list -iv ID NAME STATUS PATH BRAND IP 0 global running/ ipkg shared 11 proxysrv running/zones/proxysrvipkg excl Using ip exclude option, from zone to network ping doesn't works, but between global zone and proxysrv zone, ping works. OI host can ping to all hosts on my network. On global zone I have setup a virtual nic: root@oitst01:~# dladm show-vnic LINK OVER SPEED MACADDRESSMACADDRTYPE VID vnic0e1000g0 1000 2:8:20:87:3c:db random 0 And zone xml file is: "file:///usr/share/lib/xml/dtd/zonecfg.dtd.1"> brand="ipkg" ip-type="exclusive"> Ip config on zone is: oot@proxy:~# ipadm show-addr ADDROBJ TYPE STATEADDR lo0/v4static ok 127.0.0.1/8 vnic0/_a static ok 172.25.50.21/27 lo0/v6static ok ::1/128 and routing table: root@proxy:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 172.25.50.1 UG1 0 127.0.0.1127.0.0.1UH2 0 lo0 172.25.50.0 172.25.50.21 U 3 23 vnic0 Routing Table: IPv6 Destination/MaskGateway Flags Ref Use If --- --- - --- --- - ::1 ::1 UH 2 0 lo0 Ip config on global is: root@oitst01:~# ipadm show-addr ADDROBJ TYPE STATEADDR lo0/v4static ok 127.0.0.1/8 e1000g0/v4static static ok 172.25.50.26/27 lo0/v6static ok ::1/128 and routing table: root@caradhras:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - - -- - default 172.25.50.1 UG2 1106 e1000g0 127.0.0.1127.0.0.1UH2216 lo0 172.25.50.0 172.25.50.26 U 6 15435 e1000g0 Routing Table: IPv6 Destination/MaskGateway Flags Ref Use If --- --- - --- --- - ::1 ::1 UH 2 0 lo0 What am I doing wrong?? -- CL Martinez carlopmart {at} gmail {d0t} com ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] ERROR: the zonepath must be a ZFS dataset.
On Wed 07 Sep 2011 at 07:42AM, Paul Kraus wrote: > On Tue, Sep 6, 2011 at 5:11 PM, Mike Gerdts wrote: > > >> 3)zfs dataset requirement > > > > How does this negatively impact you or other users? As of Solaris 11 > > Express, this requirement means that you have to run 'zfs create' once > > to create a ZFS filesystem that will be the parent of an arbitrry number > > of zones. > > > > I personally would not advocate a configuration where each zone is not > > on its own file system because a disk hog in one zone can deny service > > to other zones. > > Be very careful here. If you allocate all of your Zones from a > single zpool and do NOT use quotas (and reservations) you can have one > Zone run the others out of disk space. Does the automatic (under the > covers) zfs create in Solaris 11 also automate setting reasonable > quotas and reservations ? > > I don't want folks who are less familiar with ZFS to make that mistake. Very good point - thanks for making it. > > > While I was working for a Fortune 10 company and > > introduced zones early in Solaris 10's life, I ensured that every zone > > had its own file system on a SVM soft partition. This approach worked > > well for many years, but took a significant amount of effort to > > automate. The integration of ZFS and Zones simplifies this type of > > architecture greatly. > > We have used almost exclusively sparse root zones; for the space > efficiency, the global patching model, and the security of a read only > OS. I will be sorry to see the option of a sparse root zone go away. I understand your concerns here and I look forward to the day that I can talk about what Solaris 11 has to offer to address them. -- Mike Gerdts Solaris Core OS / Zones ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] ERROR: the zonepath must be a ZFS dataset.
this is old but interesting blog on sparse zone in opensolaris / solaris 11 http://www.eecis.udel.edu/~bmiller/blog/2010/03/15/sparse-zones-not-supported-in-opensolaris/ Sent from my iPad Hung-Sheng Tsao ( LaoTsao) Ph.D On Sep 7, 2011, at 7:42, Paul Kraus wrote: > On Tue, Sep 6, 2011 at 5:11 PM, Mike Gerdts wrote: > >>> 3)zfs dataset requirement >> >> How does this negatively impact you or other users? As of Solaris 11 >> Express, this requirement means that you have to run 'zfs create' once >> to create a ZFS filesystem that will be the parent of an arbitrry number >> of zones. >> >> I personally would not advocate a configuration where each zone is not >> on its own file system because a disk hog in one zone can deny service >> to other zones. > >Be very careful here. If you allocate all of your Zones from a > single zpool and do NOT use quotas (and reservations) you can have one > Zone run the others out of disk space. Does the automatic (under the > covers) zfs create in Solaris 11 also automate setting reasonable > quotas and reservations ? > >I don't want folks who are less familiar with ZFS to make that mistake. > >> While I was working for a Fortune 10 company and >> introduced zones early in Solaris 10's life, I ensured that every zone >> had its own file system on a SVM soft partition. This approach worked >> well for many years, but took a significant amount of effort to >> automate. The integration of ZFS and Zones simplifies this type of >> architecture greatly. > >We have used almost exclusively sparse root zones; for the space > efficiency, the global patching model, and the security of a read only > OS. I will be sorry to see the option of a sparse root zone go away. > > -- > {1-2-3-4-5-6-7-} > Paul Kraus > -> Senior Systems Architect, Garnet River ( http://www.garnetriver.com/ ) > -> Sound Designer: Frankenstein, A New Musical > (http://www.facebook.com/event.php?eid=123170297765140) > -> Sound Coordinator, Schenectady Light Opera Company ( > http://www.sloctheater.org/ ) > -> Technical Advisor, RPI Players ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] ERROR: the zonepath must be a ZFS dataset.
On Tue, Sep 6, 2011 at 5:11 PM, Mike Gerdts wrote: >> 3)zfs dataset requirement > > How does this negatively impact you or other users? As of Solaris 11 > Express, this requirement means that you have to run 'zfs create' once > to create a ZFS filesystem that will be the parent of an arbitrry number > of zones. > > I personally would not advocate a configuration where each zone is not > on its own file system because a disk hog in one zone can deny service > to other zones. Be very careful here. If you allocate all of your Zones from a single zpool and do NOT use quotas (and reservations) you can have one Zone run the others out of disk space. Does the automatic (under the covers) zfs create in Solaris 11 also automate setting reasonable quotas and reservations ? I don't want folks who are less familiar with ZFS to make that mistake. > While I was working for a Fortune 10 company and > introduced zones early in Solaris 10's life, I ensured that every zone > had its own file system on a SVM soft partition. This approach worked > well for many years, but took a significant amount of effort to > automate. The integration of ZFS and Zones simplifies this type of > architecture greatly. We have used almost exclusively sparse root zones; for the space efficiency, the global patching model, and the security of a read only OS. I will be sorry to see the option of a sparse root zone go away. -- {1-2-3-4-5-6-7-} Paul Kraus -> Senior Systems Architect, Garnet River ( http://www.garnetriver.com/ ) -> Sound Designer: Frankenstein, A New Musical (http://www.facebook.com/event.php?eid=123170297765140) -> Sound Coordinator, Schenectady Light Opera Company ( http://www.sloctheater.org/ ) -> Technical Advisor, RPI Players ___ zones-discuss mailing list zones-discuss@opensolaris.org