A little complex: why my packet don't route?

Linusolaradm1 · November 20, 2018, 11:35am

I have solaris11 running in a kvm virtual machine,network works fine.
I can configure it with dhcp or static.
Of course packet forward in kvm machine is enabled
The solaris11 machine can ping external network.

I have setup a solaris10 zone inside the vm
the solaris 10 zone use exclusive ip and physical net is vnic0
I use those commands

dladm create-vnic vnic0 -l net0

zonecfg -z solaris10
set ip-type=exclusive
add net
set physical=vnic0
end
commit
exit

Now zlogin...

zlogin -z solaris10

The interface is here

ifconfig vnic0

I can configure ip..

ifconfig vnic0 192.168.0.11 netmask 255.255.255.0 up

route add default 192.168.0.1

On solaris11 routeadm say ipforward is enabled

routeadm 
              Configuration   Current              Current
                     Option   Configuration        System State
---------------------------------------------------------------
               IPv4 routing   enabled              enabled
               IPv6 routing   disabled             disabled
            IPv4 forwarding   enabled              enabled
            IPv6 forwarding   disabled             disabled

           Routing services   "route:default ripng:default"

Routing daemons:

                      STATE   FMRI
                   disabled   svc:/network/routing/legacy-routing:ipv4
                   disabled   svc:/network/routing/legacy-routing:ipv6
                   disabled   svc:/network/routing/ndp:default
                   disabled   svc:/network/routing/ripng:default
                     online   svc:/network/routing/route:default

and even ipadm say enabled

ipadm show-ifprop net0|grep forw
net0        forwarding      ipv4  rw   on         on         off        on,off

what is the problem?
The solaris zone can ping ONLY the solaris11 host..not the internal network(192.168.0.0/24) not internet!
What I miss?

p.s=no firewall enabled in solaris11

hicksd8 · November 20, 2018, 12:07pm

We had a very similar question asked recently when various of us tried to help.

May I suggest that you read ALL this thread first. The OP seemed to find his own solution by amending the zone configuration to specify a router ip.

If none of this works for you please do post back here.

Linusolaradm1 · November 20, 2018, 12:53pm

Solution found..vnic doesn't work good with this configuration.
So I use a virtual e1000,assigned to solaris10 zone
And works fine.
If someone need,this is the procedure to make the vm works with the zones

a)Install solaris11.4 on kvm(works..but only with intel cpu),install with TWO network e1000 cards,one is for your normal network,the other will be assigned to zone

So..
we use
net0 as network for "home"
net1 dedicated to solaris10 zone of solaris11 vm
in this guide I call solaris10 with hostname..solaris10
I use term "physical" for solaris10 but can be also a vm..

b)Configure network

ipadm create-ip net0
ipadm create-addr -T dhcp net0/v4

c)Create the solaris10 zone,you must have a working physical or virtualmachine solaris10
1)On solaris10 physical host collect those info's

hostname
hostid                  #important!
ifconfig                #ip!
prtconf|grep -i memor   #ram
cat /etc/release        #os version
zpool list              #pools
df -h                   #df
format                  #disks

2) On solaris10 physical

zonep2vchk -b      #test                                                             
zonep2vchk -c > /migration/sol10.cfg #config
vim /migration/sol10.cfg                                                        #edit and configure as you neesd
flarcreate -L cpio -S -n solaris10 -x /migration /migration/solaris10.flar      #for zfs rimove -x
share /migration    #share

3 )

#on solaris11 vm
zfs create zones/solaris10
mount solaris10:/migration /mnt
zonecfg -z solaris10 -f /mnt/sol10.cfg
zonecfg -z solaris10                                    #edit  brand,path,etc brand must be solaris10
zonecfg -z solaris10 info                               #control
zoneadm -z solaris10 install -a /mnt/solaris10.flar -p  #installi
zoneadm list -cv                                        #control

d)Now network on solaris 10 ZONE

zonecfg -z solaris10
remove anet
remove net
set ip-type=exclusive
add net
set physical=net1
end
commit
verify
exit

e)Now start solaris10 zone...

zoneadm -z solaris10 boot
zlogin -C solaris10

If you cannot see the network card follow this guide

On solaris10 zone

touch /etc/dhcp.net1 #this file must be empty
touch  /etc/hostname.net1 #this file contain the line inet yourhostnamenotfqdn
ifconfig net1 plumb
ifconfig net1 dhcp

Easy and nice!

------ Post updated at 12:53 PM ------

Thanks for answer,already solved.
The bad thing was the vnic..I don't know why on vm is isolated..is also impossible to ping a vnic configured from outside,probably using NAT works..

Peasant · November 20, 2018, 2:07pm

In global zone, a network interface (VNIC) is created on L2 (MAC layer), with unique MAC address.
That is created/assigned to a zone, during zone install/creation or can be done manually as you did in first example.

When using exclusive IP stack, global zone does nothing on IP layer (L3).
So you do not need or require those forwarding options on global zone, or anything really outside vnic definition for zone.

As for your original problem, i presume KVM virtual switch discards everything not coming from assigned interface MAC from options for solaris 11 guest.
For a lab enviroment you can probably a tcpdump or snoop on kvm hypervisor interface and global zone guest, then see if network works in non global zone when dumps are running.

Hope that helps
Regards
Peasant.