Re: [OpenIndiana-discuss] Advice for setting up a build zone with a different subnet than the main network interface

Tue, 01 Feb 2022 13:27:22 -0800 

Hey Aurelian
You need two VNIC's one for the Zone and one for the GZ. John names are hard to differentiate but in the example he also uses two VNICS. 

Happy hacking
Till

On 01.02.22 18:00, Aurélien Larcher wrote:



Do not use NWAM:
# svcadm enable svc:/network/physical:default
# ipadm create-addr -T dhcp bge0/v4

Do create an etherstub for your build NGZ:
# dladm create-etherstub zonenet0
# dladm create-vnic -l zonenet0 gz0
# dladm create-vnic -l zonenet0 bz0

Do assign a private network to your etherstub:
# ipadm create-addr -T static -a 192.168.0.1/24 gz0/v4

# cat <<EOF| zonecfg -z build -f -
add net
set allowed-address="192.168.0.2/24"
set physical="bz0"
set defrouter="192.168.0.1"
end
EOF

Do use ipnat and IP Forwarding to allow your build NGZ to connect
your university network:
# cat /etc/ipf/ipnat.conf
map bge0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
# routeadm -e ipv4-forwarding
# routeadm -u



Dear John,
thank you for your insightful suggestion and my apologies for the delay, I
have been busy with a handful of PhD students finishing soon...

I have switched to network/physical:default and implemented your suggestion
with the etherstub.

However I am very surprised that on both my systems this approach fails as
the network interface is not configured in the zone.

Even stranger, it seems that the vnic is only partially exposed to the zone.

For example:

GZ:
root@pegasus:~# dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
br0          ether0       0      2:8:20:da:ec:bb   random              0
vnic0        ether0       0      2:8:20:cb:7b:85   random              0

NGZ:
root@build:~# dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
vnic0        ?            0      2:8:20:cb:7b:85   random              0

On the second machin the zone simply refused to boot and the zoneadm
service is stuck, I cannot boot any other zone.

My setup without the etherstub led to a configured interface, in this case
the vnic was linked to the physical interface directly.

I wonder if we have some limitations in vanilla illumos which may have been
fixed in e.g. smartos.


Kind regards,

Aurélien












Happy hacking,
John
groenv...@acm.org

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss






_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss






















					Reply via email to