Login or Register to Ask a Question and Join Our Community


Solaris

A little complex: why my packet don't route?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris A little complex: why my packet don't route?
# 1  
Old 11-20-2018
A little complex: why my packet don't route?
I have solaris11 running in a kvm virtual machine,network works fine.
I can configure it with dhcp or static.
Of course packet forward in kvm machine is enabled
The solaris11 machine can ping external network.

I have setup a solaris10 zone inside the vm
the solaris 10 zone use exclusive ip and physical net is vnic0
I use those commands


Code:
dladm create-vnic vnic0 -l net0


Code:
zonecfg -z solaris10
set ip-type=exclusive
add net
set physical=vnic0
end
commit
exit


Now zlogin...


Code:
zlogin -z solaris10


The interface is here


Code:
ifconfig vnic0



I can configure ip..


Code:
ifconfig vnic0 192.168.0.11 netmask 255.255.255.0 up

Code:
route add default 192.168.0.1







On solaris11 routeadm say ipforward is enabled


Code:
routeadm 
              Configuration   Current              Current
                     Option   Configuration        System State
---------------------------------------------------------------
               IPv4 routing   enabled              enabled
               IPv6 routing   disabled             disabled
            IPv4 forwarding   enabled              enabled
            IPv6 forwarding   disabled             disabled

           Routing services   "route:default ripng:default"

Routing daemons:

                      STATE   FMRI
                   disabled   svc:/network/routing/legacy-routing:ipv4
                   disabled   svc:/network/routing/legacy-routing:ipv6
                   disabled   svc:/network/routing/ndp:default
                   disabled   svc:/network/routing/ripng:default
                     online   svc:/network/routing/route:default


and even ipadm say enabled
Code:
ipadm show-ifprop net0|grep forw
net0        forwarding      ipv4  rw   on         on         off        on,off


what is the problem?
The solaris zone can ping ONLY the solaris11 host..not the internal network(192.168.0.0/24) not internet!
What I miss?



p.s=no firewall enabled in solaris11
# 2  
Old 11-20-2018
We had a very similar question asked recently when various of us tried to help.

Configure Solaris zone on new network

May I suggest that you read ALL this thread first. The OP seemed to find his own solution by amending the zone configuration to specify a router ip.

If none of this works for you please do post back here.
Last edited by hicksd8; 11-20-2018 at 01:14 PM..
# 3  
Old 11-20-2018
Solution found..vnic doesn't work good with this configuration.
So I use a virtual e1000,assigned to solaris10 zone
And works fine.
If someone need,this is the procedure to make the vm works with the zones


a)Install solaris11.4 on kvm(works..but only with intel cpu),install with TWO network e1000 cards,one is for your normal network,the other will be assigned to zone


So..
we use
net0 as network for "home"
net1 dedicated to solaris10 zone of solaris11 vm
in this guide I call solaris10 with hostname..solaris10 Smilie
I use term "physical" for solaris10 but can be also a vm..



b)Configure network
Code:
ipadm create-ip net0
ipadm create-addr -T dhcp net0/v4

c)Create the solaris10 zone,you must have a working physical or virtualmachine solaris10
1)On solaris10 physical host collect those info's



Code:
hostname
hostid                  #important!
ifconfig                #ip!
prtconf|grep -i memor   #ram
cat /etc/release        #os version
zpool list              #pools
df -h                   #df
format                  #disks

2) On solaris10 physical
Code:
zonep2vchk -b      #test                                                             
zonep2vchk -c > /migration/sol10.cfg #config
vim /migration/sol10.cfg                                                        #edit and configure as you neesd
flarcreate -L cpio -S -n solaris10 -x /migration /migration/solaris10.flar      #for zfs rimove -x
share /migration    #share


3 )
Code:
#on solaris11 vm
zfs create zones/solaris10
mount solaris10:/migration /mnt
zonecfg -z solaris10 -f /mnt/sol10.cfg
zonecfg -z solaris10                                    #edit  brand,path,etc brand must be solaris10
zonecfg -z solaris10 info                               #control
zoneadm -z solaris10 install -a /mnt/solaris10.flar -p  #installi
zoneadm list -cv                                        #control




d)Now network on solaris 10 ZONE
Code:
zonecfg -z solaris10
remove anet
remove net
set ip-type=exclusive
add net
set physical=net1
end
commit
verify
exit

e)Now start solaris10 zone...
Code:
zoneadm -z solaris10 boot
zlogin -C solaris10

If you cannot see the network card follow this guide


On solaris10 zone


Code:
touch /etc/dhcp.net1 #this file must be empty
touch  /etc/hostname.net1 #this file contain the line inet yourhostnamenotfqdn
ifconfig net1 plumb
ifconfig net1 dhcp

Easy and nice!

------ Post updated at 12:53 PM ------

Quote:
Originally Posted by hicksd8
We had a very similar question asked recently when various of us tried to help.

Configure Solaris zone on new network

May I suggest that you read ALL this thread first. The OP seemed to find his own solution by amending the zone configuration to specify a router ip.

If none of this works for you please do post back here.
Thanks for answer,already solved.
The bad thing was the vnic..I don't know why on vm is isolated..is also impossible to ping a vnic configured from outside,probably using NAT works..
Last edited by Linusolaradm1; 11-20-2018 at 01:50 PM..
# 4  
Old 11-20-2018
In global zone, a network interface (VNIC) is created on L2 (MAC layer), with unique MAC address.
That is created/assigned to a zone, during zone install/creation or can be done manually as you did in first example.

When using exclusive IP stack, global zone does nothing on IP layer (L3).
So you do not need or require those forwarding options on global zone, or anything really outside vnic definition for zone.

As for your original problem, i presume KVM virtual switch discards everything not coming from assigned interface MAC from options for solaris 11 guest.
For a lab enviroment you can probably a tcpdump or snoop on kvm hypervisor interface and global zone guest, then see if network works in non global zone when dumps are running.

Hope that helps
Regards
Peasant.
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. IP Networking

Packet going out of wrong interface due to OS automatically added cache route with lower metric

RHEL 7.0, IPV6 Scenario: I have routed specific network using network scripts. 1. "ip -6 route show" shows that route has been added. ( with metric 1024) 2. Ping of the specific IP through that route is successful. 3. Now after few days, for some reason, we see that cache route appears for... (3 Replies)
Discussion started by: msr1981
3 Replies

2. UNIX for Dummies Questions & Answers

iptables / ip route packet routing with multiple gateways

Hi all. Linux noob here. I was hoping someone could help me with configuring some routing rules on my router, an Asus AC68. The router is connected to two gateways, wan0_gateway and wan1_gateway. I have rules set up in the router gui that will push all traffic from every IP other than my own... (0 Replies)
Discussion started by: Bishi
0 Replies

3. AIX

Packet loss coming with big packet size ping

(5 Replies)
Discussion started by: Vishal_dba
5 Replies

4. Cybersecurity

filter packet

Exercise: Protection of WEB and DNS servers using the context-free rules for packet filtering: - Protect your WEB-server, so that would be for him can be accessed by browsers, and could go to dns. - Protect your primary DNS-server so that it could be to contact clients and secondary servers.... (1 Reply)
Discussion started by: numeracy
1 Replies

5. Programming

packet capture

can anyone tell me how can i capture the packets. i have tried ethernet software to capture them but its not doing what i want it to do it (1 Reply)
Discussion started by: dazdseg
1 Replies

6. IP Networking

Software/tool to route an IP packet to proxy server and capture the Proxy reply as an

Hi, I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies

7. IP Networking

Seeing IP packet

Hi, Is there any way that i can directly take out the IP packet and see its contents. Waiting for your answer .............. Bye (4 Replies)
Discussion started by: manjunath
4 Replies
Login or Register to Ask a Question