Solaris 11 zone has no external network access (except to Global Zone)


 
Thread Tools Search this Thread
Operating Systems Solaris Solaris 11 zone has no external network access (except to Global Zone)
# 1  
Old 06-11-2019
Solaris 11 zone has no external network access (except to Global Zone)

Hi, hoping someone can help, its been a while since I used Solaris.
After creating a NGZ (non global zone), the NGZ can access the GZ (Global Zone) and the GZ can access the NGZ (using ssh, zlogin)
However, the NGZ cannot access any other netwqork devices, it can't even see the default router

I have tried different methods of creating the zone (Oracle Docs - How to Configure a Zone for the Virtual Network)
but each method has the exact same result (the zone can only access the GZ and nothing else)

Code:
GZ Config
----------------
GMS-SOl114_global> ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
lo0               loopback   ok           --         --
   lo0/v4         static     ok           --         127.0.0.1/8
   lo0/v6         static     ok           --         ::1/128
net0              ip         ok           --         --
   net0/v4        static     ok           --         10.100.216.12/24
   net0/v6        addrconf   ok           --         fe80::250:56ff:fe9a:d73a/10
GMS-SOl114_global>

GMS-SOl114_global> netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              10.100.216.1         UG       22     250653
10.100.216.0         10.100.216.12        U         9      22840 net0
127.0.0.1            127.0.0.1            UH        2      19058 lo0

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
::1                         ::1                         UH      2    5442 lo0
fe80::/10                   fe80::250:56ff:fe9a:d73a    U       2       0 net0


GMS-SOl114_global> route -p show
add persistent net -name route-1 default: gateway 10.100.216.1


GMS-SOl114_global> cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1             localhost
127.0.0.1       localhost loghost
10.100.216.12   GMS-SOL114
10.100.216.13   zone1

GMS-SOl114_global> cat /etc/resolv.conf

#
# _AUTOGENERATED_FROM_SMF_V1_
#
# WARNING: THIS FILE GENERATED FROM SMF DATA.
#   DO NOT EDIT THIS FILE.  EDITS WILL BE LOST.
# See resolv.conf(5) for details.

search  GMS.LOCAL
nameserver      10.100.216.110

The GZ can access any external device/server/website without issues 
This is using the router 10.100.216.1         

ZONE CREATION COMMAND
----------------------------------------
GMS-SOl114_global> zonecfg -z zone1
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
create: Using system default template 'SYSdefault'
zonecfg:zone1> set autoboot=true
zonecfg:zone1> set bootargs="-m verbose"
zonecfg:zone1> select anet linkname=net0
zonecfg:zone1:anet> set lower-link=net0
zonecfg:zone1:anet> set allowed-address=10.100.216.13/24
zonecfg:zone1:anet> set defrouter=10.100.216.1
zonecfg:zone1:anet> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit


GMS-SOl114_global> zoneadm -z zone1 install
Note - no need to specify any network info when configuring Zone1 as its already been specified

ZONE Information
---------------------------

GMS-SOl114_global>   zonecfg -z zone1 info
zonename: zone1
brand: solaris
autoboot: true
bootargs: -m verbose
anet:
        linkname: net0
        lower-link: net0
        allowed-address: 10.100.216.13/24
        configure-allowed-address: true
        defrouter: 10.100.216.1
        link-protection: "mac-nospoof, ip-nospoof"
        auto-mac-address: 2:8:20:ac:71:2d

GMS-SOl114_global> zonecfg -z zone1 info ip-type
ip-type: exclusive

ZONE Network Config
-----------------------------


GMS-SOl114_global>  dladm show-phys
LINK            MEDIA         STATE      SPEED  DUPLEX    DEVICE
net0            Ethernet      up         1000   full      e1000g0


root@zone1:~# ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
lo0               loopback   ok           --         --
   lo0/v4         static     ok           --         127.0.0.1/8
   lo0/v6         static     ok           --         ::1/128
net0              ip         ok           --         --
   net0/v4        inherited  ok           --         10.100.216.13/24


root@zone1:~# netstat -r

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              10.100.216.1         UGZ       2         37 net0
10.100.216.0         zone1                U         6        128 net0
zone1                zone1                UH        2         36 lo0

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
zone1                       zone1                       UH      2      44 lo0

Note that Zone1 cannot see the default gateway (10.100.216.1) 


root@zone1:~# dladm
LINK                CLASS     MTU    STATE    OVER
net0                vnic      1500   up       ?


root@zone1:~# dladm show-link
LINK                CLASS     MTU    STATE    OVER
net0                vnic      1500   up       ?

root@zone1:~#  ipadm show-if
IFNAME     CLASS    STATE    ACTIVE OVER
lo0        loopback ok       yes    --
net0       ip       ok       yes    --

root@zone1:~# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
net0/v4           inherited ok          10.100.216.13/24
lo0/v6            static   ok           ::1/128


root@zone1:~# netstat -i
Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue
lo0   8232 loopback      zone1          44     0     44     0     0      0
net0  1500 zone1         zone1          32479  0     248    0     0      0

Name  Mtu  Net/Dest                    Address                     Ipkts  Ierrs Opkts  Oerrs Collis
lo0   8252 zone1                       zone1                       44     0     44     0     0

root@zone1:~# route -p show
add persistent net -name route-1 default: gateway 10.100.216.1


root@zone1:~# ping  10.100.216.161
no answer from 10.100.216.161

Any advice or assistance is greatly appreciated
# 2  
Old 06-11-2019
Configuration looks fine, can you show output of :
Code:
dladm show-vnic

Question, are you running this on some virtualization solution (kvm/qemu, vmware, LDOM or alike) ?

Regards
Peasant.
This User Gave Thanks to Peasant For This Post:
# 3  
Old 06-11-2019
Hi and Many Thanks for replying.

This is running Solaris 11.4 (x86) on vSphere 6.5

details as requested

GZ
------------------
GMS-SOl114_global> dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
zone1/net0 net0 1000 2:8:20:ac:71:2d random VID:0
zone2/net0 net0 1000 2:8:20:50:bb:57 random VID:0
GMS-SOl114_global>

NGZ
---------
root@zone1:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
net0 ? 1000 2:8:20:ac:71:2d random VID:0

--- Post updated at 03:00 PM ---

Wow - Great Pointer...
Just seen that vSphere needs promiscous mode to be enabled !!!!
If I run a snoop on net0 - networking works - so could run this as a background task but
I'm looking for a better solution
This User Gave Thanks to GazinLincoln For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Solaris

Solaris 11 Global zone patching having Solaris 10 branded zone

I am planning to do solaris 11 global zone patching having solaris 10 branded zone. I have a doubts on step 8 specially Can someone clear my step 8 doubts or if anything wrong between step 1 to step 9 please correct that also as I have pretty good idea about Step 10 mean patching in solaris 10... (2 Replies)
Discussion started by: amity
2 Replies

2. Solaris

Solaris non-global zone network vlan

Have 2 nics on physical system net0 phys 1500 up -- net1 phys 1500 up -- 1. I want to create a link aggregation with LACP enabled with above 2 nics 2. Create port-group(Like we create on ESXi) with VLAN-ID 2141 3. And assign this... (0 Replies)
Discussion started by: Shirishlnx
0 Replies

3. Solaris

showing 2 different time zones in global zone and nonglobal zone

can some one help me out as it is showing 2 different time zones in global zone and nonglobal zone .In global zone it is showing in GMT while in nonglobal zone i it showing as PDT. System in running with solaris 10 (3 Replies)
Discussion started by: ravijanjanam12
3 Replies

4. Solaris

Solaris 10 local zone on Solaris 11 global zone

Hi, A quick question: Can Solaris 10 local zones be moved to a Solaris 11 global zone and work well? Thank you in advance! (5 Replies)
Discussion started by: aixlover
5 Replies

5. Solaris

how to add a default gateway in a zone of different VLAN of global zone

Hi Greetings... I have an issue in connecting the zone from outside the network and it is because of default gateway. I can ping default gateway from inside the zone and not able to ping from global zone due to different VLAN issue. If i add two different gateways and restart network services,... (2 Replies)
Discussion started by: vvpotugunta
2 Replies

6. Solaris

Unable to access serial port from non-global solaris zone on netra 240

I am trying to use a serial communications device that is connected to /dev/ttyb on a netra 240 server. This is a solaris zone configuration using solaris 10 0910. I am able to access /dev/ttyb from the global zone but not throught he non-global zone. I have enabled all of the tty devices in my... (0 Replies)
Discussion started by: disagreeable
0 Replies

7. Solaris

How to access ENV variables of non global zones in global zone???

Hi Guys, My requirement is I have file called /opt/orahome/.profile in non global zone. PATH=/usr/bin:/usr/ucb:/etc:/usr/sbin:/usr/local/bin:/usr/openwin/bin:. export PATH PS1="\${ORACLE_SID}:`hostname`:\$PWD$ " export PS1 EDITOR=vi export EDITOR ENV=/opt/orahome/.kshrc export ENV... (1 Reply)
Discussion started by: vijaysachin
1 Replies

8. Solaris

Solaris Zone : Non global Zone check failed

Hi All , I try to install some packages in my global zone... On the execution of the installion of the script it quits by saying the error "Non global zone check failed" Kindly help me in this regard Thanks in advance, jeganr (7 Replies)
Discussion started by: jegaraman
7 Replies

9. UNIX for Advanced & Expert Users

can not access global zone

hi , I am trying to access my machine at work with PuTTY and I keep obtaining "access denied"... and i can't access the global zone but i can login on any local zone and then from there i can login using "ssh -l root Ip command " command....... whats the problem , If anybody have idea about... (2 Replies)
Discussion started by: tahir23
2 Replies
Login or Register to Ask a Question