Re: [zones-discuss] Can not ping between zones and internal network

2011-09-08 Thread LaoTsao 
admin guide
http://download.oracle.com/docs/cd/E19963-01/html/821-1458/index.html

Sent from my iPad
Hung-Sheng Tsao ( LaoTsao) Ph.D

On Sep 8, 2011, at 8:26, James Carlson  wrote:

> carlopmart wrote:
>> 
>> Thanks James. And yes, If I use shared IP as ip-type all works ok
>> out-of-the-box. And as you say, it seems a bug.
>> 
>> Where can I find samples about doing a bridge between physical interface
>> host and vnic??
> 
> I think something like this should work:
> 
>dladm create-bridge -l e1000g0 mybridge
> 
> The man page for 'dladm' has more information.  I'm pretty sure we wrote
> a chapter for the administrator's guide, but I'm no longer sure how to
> find that.
> 
> Note that this is just a hack.  What you really should be looking for is
> a fixed e1000g driver that handles the multiple unicast slots properly,
> or one that at least allows you to disable the slots so that the VNIC
> logic is forced to use promiscuous mode itself.
> 
> You might try crossbow-disc...@opensolaris.org.  They may have other ideas.
> 
> -- 
> James Carlson 42.703N 71.076W 
> ___
> zones-discuss mailing list
> zones-discuss@opensolaris.org
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Can not ping between zones and internal network

2011-09-08 Thread James Carlson 
carlopmart wrote:
> 
> Thanks James. And yes, If I use shared IP as ip-type all works ok
> out-of-the-box. And as you say, it seems a bug.
> 
> Where can I find samples about doing a bridge between physical interface
> host and vnic??

I think something like this should work:

dladm create-bridge -l e1000g0 mybridge

The man page for 'dladm' has more information.  I'm pretty sure we wrote
a chapter for the administrator's guide, but I'm no longer sure how to
find that.

Note that this is just a hack.  What you really should be looking for is
a fixed e1000g driver that handles the multiple unicast slots properly,
or one that at least allows you to disable the slots so that the VNIC
logic is forced to use promiscuous mode itself.

You might try crossbow-disc...@opensolaris.org.  They may have other ideas.

-- 
James Carlson 42.703N 71.076W 
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Can not ping between zones and internal network

2011-09-07 Thread carlopmart 

On 09/07/2011 11:28 PM, James Carlson wrote:

carlopmart wrote:

On 09/07/2011 10:08 PM, "Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D." wrote:

may be you need a defrouter



I have setup default router using route (-p) command on zone system.


Yes; that much was obvious from the "netstat -nr" output that you'd
originally included.  I don't know what that previous poster was on about.


Do
you refer to setup defroter under xml config zone's file?? maybe, but
Can I do this using exclude as a ip-type option??

And I see something strange. If I put vnic on zone system in promiscous
mode (using snoop), all works ok. Strange??


That sounds like a system bug.  For some reason, the Ethernet interface
is not properly receiving packets for the second MAC address that you've
configured.  That's something that should just be automatic, and the
apparent fact that it's not doing that is a bug.

Since this zone and the global zone are on the same subnet, one possible
option here is to go with shared IP stack rather than exclusive.

Or, as another possible work-around, you could put that interface into
promiscuous mode at a pretty low level by configuring bridging and
adding the global zone's interface to a bridge.



Thanks James. And yes, If I use shared IP as ip-type all works ok 
out-of-the-box. And as you say, it seems a bug.


Where can I find samples about doing a bridge between physical interface 
host and vnic??




--
CL Martinez
carlopmart {at} gmail {d0t} com
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Can not ping between zones and internal network

2011-09-07 Thread James Carlson 
carlopmart wrote:
> On 09/07/2011 10:08 PM, "Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D." wrote:
>> may be you need a defrouter
>>
> 
> I have setup default router using route (-p) command on zone system.

Yes; that much was obvious from the "netstat -nr" output that you'd
originally included.  I don't know what that previous poster was on about.

> Do
> you refer to setup defroter under xml config zone's file?? maybe, but
> Can I do this using exclude as a ip-type option??
> 
> And I see something strange. If I put vnic on zone system in promiscous
> mode (using snoop), all works ok. Strange??

That sounds like a system bug.  For some reason, the Ethernet interface
is not properly receiving packets for the second MAC address that you've
configured.  That's something that should just be automatic, and the
apparent fact that it's not doing that is a bug.

Since this zone and the global zone are on the same subnet, one possible
option here is to go with shared IP stack rather than exclusive.

Or, as another possible work-around, you could put that interface into
promiscuous mode at a pretty low level by configuring bridging and
adding the global zone's interface to a bridge.

-- 
James Carlson 42.703N 71.076W 
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Can not ping between zones and internal network

2011-09-07 Thread carlopmart 

On 09/07/2011 10:08 PM, "Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D." wrote:

may be you need a defrouter



I have setup default router using route (-p) command on zone system. Do 
you refer to setup defroter under xml config zone's file?? maybe, but 
Can I do this using exclude as a ip-type option??


And I see something strange. If I put vnic on zone system in promiscous 
mode (using snoop), all works ok. Strange??



--
CL Martinez
carlopmart {at} gmail {d0t} com
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Can not ping between zones and internal network

2011-09-07 Thread Hung-Sheng Tsao (Lao Tsao 老曹) Ph.D. 

may be you need a defrouter


On 9/7/2011 4:00 PM, carlopmart wrote:

On 09/07/2011 08:27 PM, carlopmart wrote:

Hi all,

I have installed a new OpenIndiana host oi_151 to use zones. I have
installed as a test one zone:

root@oitst01:~# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / ipkg shared
11 proxysrv running /zones/proxysrv ipkg excl

Using ip exclude option, from zone to network ping doesn't works, but
between global zone and proxysrv zone, ping works. OI host can ping to
all hosts on my network.

On global zone I have setup a virtual nic:

root@oitst01:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnic0 e1000g0 1000 2:8:20:87:3c:db random 0

And zone xml file is:








Ip config on zone is:

oot@proxy:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
vnic0/_a static ok 172.25.50.21/27
lo0/v6 static ok ::1/128

and routing table:

root@proxy:~# netstat -rn

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
  - - -- 
-

default 172.25.50.1 UG 1 0
127.0.0.1 127.0.0.1 UH 2 0 lo0
172.25.50.0 172.25.50.21 U 3 23 vnic0

Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--- --- - ---
--- -
::1 ::1 UH 2 0 lo0

Ip config on global is:

root@oitst01:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
e1000g0/v4static static ok 172.25.50.26/27
lo0/v6 static ok ::1/128

and routing table:

root@caradhras:~# netstat -rn

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
  - - -- 
-

default 172.25.50.1 UG 2 1106 e1000g0

127.0.0.1 127.0.0.1 UH 2 216 lo0
172.25.50.0 172.25.50.26 U 6 15435 e1000g0

Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--- --- - ---
--- -
::1 ::1 UH 2 0 lo0

What am I doing wrong??


Please, any help??


<>___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Can not ping between zones and internal network

2011-09-07 Thread carlopmart 

On 09/07/2011 08:27 PM, carlopmart wrote:

Hi all,

I have installed a new OpenIndiana host oi_151 to use zones. I have
installed as a test one zone:

root@oitst01:~# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / ipkg shared
11 proxysrv running /zones/proxysrv ipkg excl

Using ip exclude option, from zone to network ping doesn't works, but
between global zone and proxysrv zone, ping works. OI host can ping to
all hosts on my network.

On global zone I have setup a virtual nic:

root@oitst01:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnic0 e1000g0 1000 2:8:20:87:3c:db random 0

And zone xml file is:








Ip config on zone is:

oot@proxy:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
vnic0/_a static ok 172.25.50.21/27
lo0/v6 static ok ::1/128

and routing table:

root@proxy:~# netstat -rn

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
  - - -- -
default 172.25.50.1 UG 1 0
127.0.0.1 127.0.0.1 UH 2 0 lo0
172.25.50.0 172.25.50.21 U 3 23 vnic0

Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--- --- - ---
--- -
::1 ::1 UH 2 0 lo0

Ip config on global is:

root@oitst01:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
e1000g0/v4static static ok 172.25.50.26/27
lo0/v6 static ok ::1/128

and routing table:

root@caradhras:~# netstat -rn

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
  - - -- -
default 172.25.50.1 UG 2 1106 e1000g0

127.0.0.1 127.0.0.1 UH 2 216 lo0
172.25.50.0 172.25.50.26 U 6 15435 e1000g0

Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--- --- - ---
--- -
::1 ::1 UH 2 0 lo0

What am I doing wrong??


Please, any help??


--
CL Martinez
carlopmart {at} gmail {d0t} com
___
zones-discuss mailing list
zones-discuss@opensolaris.org

[zones-discuss] Can not ping between zones and internal network

2011-09-07 Thread carlopmart 

Hi all,

 I have installed a new OpenIndiana host oi_151 to use zones. I have 
installed as a test one zone:


root@oitst01:~# zoneadm list -iv
  ID NAME STATUS PATH   BRAND 
  IP
   0 global   running/  ipkg 
  shared
  11 proxysrv running/zones/proxysrvipkg 
  excl


 Using ip exclude option, from zone to network ping doesn't works, but 
between global zone and proxysrv zone, ping works. OI host can ping to 
all hosts on my network.


 On global zone I have setup a virtual nic:

root@oitst01:~# dladm show-vnic
LINK OVER SPEED  MACADDRESSMACADDRTYPE VID
vnic0e1000g0  1000   2:8:20:87:3c:db   random  0

 And zone xml file is:


"file:///usr/share/lib/xml/dtd/zonecfg.dtd.1">


brand="ipkg" ip-type="exclusive">

  


Ip config on zone is:

oot@proxy:~# ipadm show-addr
ADDROBJ   TYPE STATEADDR
lo0/v4static   ok   127.0.0.1/8
vnic0/_a  static   ok   172.25.50.21/27
lo0/v6static   ok   ::1/128

and routing table:

root@proxy:~# netstat -rn

Routing Table: IPv4
  Destination   Gateway   Flags  Ref Use Interface
  - - -- -
default  172.25.50.1  UG1  0
127.0.0.1127.0.0.1UH2  0 lo0
172.25.50.0  172.25.50.21 U 3 23 vnic0

Routing Table: IPv6
  Destination/MaskGateway   Flags Ref   Use 
   If
--- --- - --- 
--- -
::1 ::1 UH  2 
0 lo0


Ip config on global is:

root@oitst01:~# ipadm show-addr
ADDROBJ   TYPE STATEADDR
lo0/v4static   ok   127.0.0.1/8
e1000g0/v4static  static   ok   172.25.50.26/27
lo0/v6static   ok   ::1/128

and routing table:

root@caradhras:~# netstat -rn

Routing Table: IPv4
  Destination   Gateway   Flags  Ref Use Interface
  - - -- -
default  172.25.50.1  UG2   1106 e1000g0

127.0.0.1127.0.0.1UH2216 lo0
172.25.50.0  172.25.50.26 U 6  15435 e1000g0

Routing Table: IPv6
  Destination/MaskGateway   Flags Ref   Use 
   If
--- --- - --- 
--- -
::1 ::1 UH  2 
0 lo0


 What am I doing wrong??
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
zones-discuss mailing list
zones-discuss@opensolaris.org