Login or Register to Ask a Question and Join Our Community


Solaris

Network / global zones (Solaris 10 / 8) config recommendations

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Network / global zones (Solaris 10 / 8) config recommendations
# 1  
Old 10-15-2013
Network / global zones (Solaris 10 / 8) config recommendations
I have a few non-globa zones running in a 10.10.xx.xx network on a machine that is on a 192.168.xx.xx network.

My goal is to allow each of the non-global zones to communicate to each other while not communicating on the 192.168.xx.xx network.

I am using the current version of Solaris 10 in the global zone
The non-global zones are running the Solaris 8 branded zones.

I can tweak the settings without any issues within the global zones; however, I would like to keep the mods within the non-global zones to a minimum. This way every time I rebuild out a non-global zone I don't have to do a lot of re-customizatation.

My Long term I would like to join a few servers on the 192.168.xx.xx networks into a sub-network supporting a 10.10.xx.xx non-global zones.

So I am looking for pointers to accomplish this task.
# 2  
Old 10-15-2013
Post output of zonecfg -z <name of the zone> export for two zones that can communicate with each other.
# 3  
Old 10-15-2013
My /etc/zones/server1.xml file for the zones that I want to communicate with.

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/shar
e/lib/xml/dtd/zonecfg.dtd.1">
<!--
    DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
-->
<zone name="server1" zonepath="/zpool2/server1" autoboot="false" brand="solaris8
">
  <network address="10.10.1.21/24" physical="bge0"/>
  <filesystem special="/install" directory="/install" type="lofs"/>
</zone>
---------------------------- second zone xml file --------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/shar
e/lib/xml/dtd/zonecfg.dtd.1">
<!--
    DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
-->
<zone name="server2" zonepath="/zpool2/server2" autoboot="false" brand="solaris8
">
  <network address="10.10.1.22/24" physical="bge0"/>
  <filesystem special="/install" directory="/install" type="lofs"/>
</zone>

All of the zones will be configured based on the above template xml file. I am looking for something simple; The "/install" is a shared location on the global zone for s/w installs.

global zone is configured on the 192.168.xx.xx network.

The bge1 interface is currently not used / plumbed.


SmilieAhh - found my error for zones not talking between each other; I had a bad IP address in one of the xml files. This overides the non-global host /etc/inet/hosts file entry.

I now have the internal non-global zones talking to each other; the next step is to have two sets of servers configured with a similar zone.xml file (unique IP addresses). From what I remember the 10.10.xx.xx is a private network address so the router/switch will either drop the packets; or not be able to figure out the route to the other machine(s).

So now I have the zones talking to each other; so the next step is to get a few machines running this configuration.

Code:
Sever 1                                                   Server 2
 192.168.x.1     < switch/router>                        192.168.x.2
     10.10.1.1                                            10.10.1.2
     10.10.1.3                                            10.10.1.4
     10.10.1.20                                           10.10.1.40

# 4  
Old 10-15-2013
Now post output of:
Code:
ifconfig -a
netstat -rn

# 5  
Old 10-15-2013
ifconfig -a
Code:
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
 1
        inet 127.0.0.1 netmask ff000000 
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
        zone server1
        inet 127.0.0.1 netmask ff000000 
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
        zone server2
        inet 127.0.0.1 netmask ff000000 
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 192.168.20.77 netmask ffffff00 broadcast 192.168.20.255
bge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        zone server1
        inet 10.10.1.21 netmask ffffff00 broadcast 10.10.1.255
bge0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        zone server2
        inet 10.10.1.23 netmask ffffff00 broadcast 10.10.1.255

netstat -rn
Code:
Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              192.168.20.241       UG        1       6458           
192.168.20.0         192.168.20.77        U         1        368 bge0      
224.0.0.0            192.168.20.77        U         1          0 bge0      
127.0.0.1            127.0.0.1            UH       48    1037223 lo0

Last edited by BradJM; 10-15-2013 at 05:10 PM.. Reason: missing info - fix server names
# 6  
Old 10-15-2013
I think specifying static routes for the zones on each server might work. Something like this:
On server 1 (global zone):
Code:
route -p add 10.10.1.2 192.168.x.2
route -p add 10.10.1.4 192.168.x.2
route -p add 10.10.1.40 192.168.x.2

On server 2 (global zone):
Code:
route -p add 10.10.1.1 192.168.x.1
route -p add 10.10.1.3 192.168.x.1
route -p add 10.10.1.20 192.168.x.1

What does netstat -rn look like inside a zone?
# 7  
Old 10-15-2013
Quote:
Originally Posted by bartus11
I think specifying static routes for the zones on each server might work. Something like this:
On server 1 (global zone):
Code:
route -p add 10.10.1.2 192.168.x.2
route -p add 10.10.1.4 192.168.x.2
route -p add 10.10.1.40 192.168.x.2

On server 2 (global zone):
Code:
route -p add 10.10.1.1 192.168.x.1
route -p add 10.10.1.3 192.168.x.1
route -p add 10.10.1.20 192.168.x.1


Is there a configuration file I can stuff this into so I can make it part of a delivery package?

If not; I can just build a list based on items found in the /etc/zones file and add the routes neccessary when the global zone is rebooted.

Thanks for making me find the error on the IP address defined in the zone configuration file. I had edited the zone configuration file; but I had failed to reboot the non-global zones so it would pick up my corrections.
Last edited by BradJM; 10-15-2013 at 05:54 PM.. Reason: added more info
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. Solaris

Solaris Global/Zones patching

Issue is : We have Solaris Global with 12 Zones and some have 15 Zones. All the OS version are10. Is it possible to apply patch at Zone level instead of patching at Global level? Please let me know. (10 Replies)
Discussion started by: baladelaware73
10 Replies

2. Solaris

Solaris 10 - rexplorer and Non-Global zones

Hi all - not really a problem as such, but just hoping someone can shed some light. We point rexplorer to multiple Global zones and it works as expected. However, each Non-Global zone get around a hundred of root su'ing to root messages, i.e.: SU 07/14 03:02 + ??? root-root SU 07/14 03:02 +... (5 Replies)
Discussion started by: dlam
5 Replies

3. Solaris

Solaris non-global zone network vlan

Have 2 nics on physical system net0 phys 1500 up -- net1 phys 1500 up -- 1. I want to create a link aggregation with LACP enabled with above 2 nics 2. Create port-group(Like we create on ESXi) with VLAN-ID 2141 3. And assign this... (0 Replies)
Discussion started by: Shirishlnx
0 Replies

4. Solaris

Advanced Sysconfig use when building non-global zones in Solaris 11

I'm in an LDOM. I'm building non-global IP exclusive zones. I am using manifests and profiles to configure the system after install so I don't have to tab through the sysconfig startup dialog everytime I boot a system the first time for settings that never change (DNS, regional data, NTP etc). I... (0 Replies)
Discussion started by: os2mac
0 Replies

5. Solaris

How to see global hostname by logging in non global zones?

Hi guru Could any one help me by letting me know, how to see global hostname by logging in non global zones Regards (2 Replies)
Discussion started by: girish.batra
2 Replies

6. Solaris

How to access ENV variables of non global zones in global zone???

Hi Guys, My requirement is I have file called /opt/orahome/.profile in non global zone. PATH=/usr/bin:/usr/ucb:/etc:/usr/sbin:/usr/local/bin:/usr/openwin/bin:. export PATH PS1="\${ORACLE_SID}:`hostname`:\$PWD$ " export PS1 EDITOR=vi export EDITOR ENV=/opt/orahome/.kshrc export ENV... (1 Reply)
Discussion started by: vijaysachin
1 Replies
Login or Register to Ask a Question