I am running into an issue with multiple zones on an M5000 with 2 NICs. The NICs are on separate VLANs. These zones are using the 2 NICs to communicate with other systems but when they need to communicate with a zone on the same system, but different NIC, the application fails. The network guys here indicate that no packets leave the origination NIC. And, when I run a traceroute from one zone (on NIC#1) to another zone (on NIC#2), the traceroute take 1 hop but never access the default gateway.
Here's some diag:
Code:
root@globalzone# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
...
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone zone2
inet 127.0.0.1 netmask ff000000
...
lo0:5: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone zone1
inet 127.0.0.1 netmask ff000000
nxge0: flags=1001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,FIXEDMTU> mtu 1500 index 2
inet 10.10.19.140 netmask ffffffe0 broadcast 10.10.19.159
ether 0:21:28:8b:e1:70
...
nxge0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone zone2
inet 10.10.19.132 netmask ffffffe0 broadcast 10.10.19.159
...
nxge4: flags=1001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,FIXEDMTU> mtu 1500 index 3
inet 10.10.19.114 netmask ffffffe0 broadcast 10.10.19.127
ether 0:21:28:8b:e2:50
...
nxge4:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
zone zone1
inet 10.10.19.104 netmask ffffffe0 broadcast 10.10.19.127
root@globalzone# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.10.19.126 UG 1 22619
default 10.10.19.158 UG 1 88877 nxge0
default 10.10.19.126 UG 1 35422 nxge4
10.1.1.2 10.1.1.3 UH 1 1 sppp0
10.10.19.96 10.10.19.114 U 1 57 nxge4
10.10.19.128 10.10.19.140 U 1 5 nxge0
224.0.0.0 10.10.19.114 U 1 0 nxge4
127.0.0.1 127.0.0.1 UH 12 4520 lo0
Here's the traceroute:
Code:
root@zone1# traceroute zone2
traceroute to zone2 (10.10.19.132), 30 hops max, 40 byte packets
1 zone2.mydomain.com (10.10.19.132) 0.135 ms 0.040 ms 0.035 ms
root@zone1# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.10.19.126 UG 1 22619
default 10.10.19.126 UG 1 35422 nxge4
10.10.19.96 10.10.19.104 U 1 16 nxge4:2
224.0.0.0 10.10.19.104 U 1 0 nxge4:2
127.0.0.1 127.0.0.1 UH 3 46 lo0:5
Notice the packets don't go through the default gateway.
This is a problem because the application on zone1 will not start due to a communication issue.
I'm trying to get the zone to send the packets to the default g/w so the app comes up.
Ping and traceroute are special on Solaris zones. Interaction between zones for ICMP packets is permitted.
Is there any way I can tell the zones "use the default gateway for all communication - don't communicate with the other zones internal to the global zone."
If you want zones to communicate through an external gateway, use exclusive IP zones, not shared IP ones. When using shared IP like you do, there is a single IP stack shared by all zones. That means there is no chance for a packet to leave the server if its destination address is local. This is by design and by standard.
If you want zones to communicate through an external gateway, use exclusive IP zones, not shared IP ones. When using shared IP like you do, there is a single IP stack shared by all zones. That means there is no chance for a packet to leave the server if its destination address is local. This is by design and by standard.
Passing all traffic between two zones through a network device, such as a router, is not supported at this time since inter-zone traffic never reaches a network interface card.
I'll try setting one zone to exclusive IP and test.
The white paper you quote predates exclusive-ip zones so isn't very helpful. As an update to what I previously wrote, if you want to stay with shared-IP zones and are using a recent enough Solaris release, you might also use the defrouter zone configuration parameter to overcome the previously mentioned restriction. see Using zonecfg defrouter with shared-IP zones - What the krowteN? for details.
Hello Admins,
My ask is how can I add two different subnet IPs to same box with two different gateways?
The issue is I can connect to the box when I am on ethernet LAN, but I am not able to connect to the same IP when I am on wifi. The server is RHEL 7 VM on vmware.
How can I get connected... (4 Replies)
Hi All
Kindly let me know how can I move Solaris 10 OS running update 10 on physical machine to another machine solaris zone running Solaris 10 update 11 (2 Replies)
Dear,
I hope you all will be ok.
I have an issue with Solaris box running on x86 Blade.
I am unable to ping a node neither traceroute. I am able to do traceroute from oce0:6 port which have IP and subnet of same type which oce0:1 has.
details are as follows:
Problem:
root@rinams02:/#... (3 Replies)
Dear All
I want tune my NIC's rps, rfs and xps value.
In my system I have two NIC (eth0, eth1) and I have a bond0 ( eth0, eth1).
Here is the question? Which device should I modify ?
eth0 and eth1? or just modify bond0 or modify all device (eth0, eth1, bond0)
Any advice is welcome.... (0 Replies)
Hi all,
I'm having some trouble identifying what route is being used to talk to a target host. I can figure it out by looking at the routing tables but I want to automate this and don't much feel like scripting the network mask logic when I'd think there'd be a way to have the OS do it for me.... (5 Replies)
I am new in squid proxy.
My question is how to (and if it's necessary) to set one NIC for inbound traffic (http requests) and one NIC for outbound traffic (http answers)?
Thank you in advance! (4 Replies)
I couldn't install my nic in solaris 10. I compiled and added
the driver but failed to attach the driver and ifconfig output
shows only loopback dev. Please see the following output and tell
me whether my nic has been detected and why the driver failed to
attach?
My nic is detected in linux... (0 Replies)
OS: AIX 6.1
The host has a dual port NIC installed and when I went to run `cfgmgr -v` to configure it I got an error showing device packages are missing from the install:
`cfgmgr -v` on 10.15.xx.xxx
cfgmgr: 0514-621 WARNING: The following device packages are required for device support but... (3 Replies)
Hi,
I have a problem with a server disconnecting from the network.
This is a SUN box with dual NIC's running Solaris 8.
We have a Nokia router that routes traffic but it's virtual address doesn't respond to pings. When the SUN box sends out a ping, if nothing comes back it will shut down... (5 Replies)
