Configure Solaris zone on new network

sparcman · October 9, 2018, 12:57pm

Hi,

I have a Solaris 10 zone which I need to configure on a new network. I have configured the new IP on the zone itself and I can ping the interface from a node on the same network, but not from another network. Basically I need to know how to route the traffic from the zone to it's default gateway.

Example:

BGE0 - IP 192.168.1.1 - GW 192.168.1.254

BGE1 - IP 192.168.100.1 - GW 192.168.100.254

Zone IP: 192.168.100.2 - GW 192.168.100.254.

Default Gateway on the global zone is 192.168.1.254

I've looked up IPFilters and come up with the entry below. I'm just wondering would this entry work? I just want to be sure before enabling IPFilters and adding entries as I have a number of prod zones running on this global zone and don't want to break the networking.

pass out quick on bge0 to bge1:192.168.100.254 from 192.168.100.1 to any

Any help is greatly appreciated.

hicksd8 · October 9, 2018, 1:08pm

On Solaris 10 zones they are configured autonomously and are not aware of the global zone configuration which is independent of the local zone.

On Solaris 10 the default gateway is configured in /etc/defaultrouter which normally contains one single line with a left justified ip address of the gateway, for example:

192.168.1.204

and that's all there is in the file. It may be edited with your favorite editor and is then read at (zone) boot time.

So you can mess with this inside the local zone and not affect your global zone.

sparcman · November 7, 2018, 6:29am

Thanks for the reply Hicksd8, but I did find out what I needed to do. Configuring the /etc/defaultrouter doesn't seem to work within the child zone. I had to configure the 'set defrouter=X.X.X.X' within the zone config. That enabled the default route I needed in order for the child zone to use the new network configured on the global zone. This does bring a problem though on the global zone as there is now more than one default route configured on it. Oracle don't recommend you do it this way due to this problem, but don't offer an alternative really.
We can live with that though as the global zone is only hosting child zones and nothing else. The zones seem to be working fine now.

Sparcman

gull04 · November 7, 2018, 6:42am

Hi Sparcman,

Not always possible to go with a single default router when you have zones running!

e434069 on PROD cathsunvs04 # netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              10.9.185.254         UG        1   33946214
default              10.3.200.2           UG        1    8542007 igb3001
default              10.9.180.254         UG        1   61236230 igb180003
default              10.12.18.1           UG        1      61025
default              10.12.59.1           UG        1          0 ixgbe2059000
default              148.176.7.200        UG        1      43367 igb8001
default              148.176.4.200        UG        1       1920 igb8001
default              10.1.200.2           UG        1     611711 igb9001
default              10.2.200.2           UG        1     432279 igb2001
default              10.9.200.126         UG        1         82 igb202002
default              10.9.119.254         UG        1     997182 igb119002
default              10.5.200.2           UG        1       1892 igb5003
default              10.9.185.254         UG        1    4011231 igb185003
default              10.9.184.254         UG        1        158 igb184003
10.9.140.0           10.9.140.235         U         1        845 ixgbe140001
10.9.140.0           10.9.140.5           U         1          1 igb140000
10.9.185.0           10.9.185.130         U         1          7 igb185003
169.254.182.0        169.254.182.77       U         1      18688 usbecm0
224.0.0.0            10.9.185.130         U         1          0 igb185003
e434069 on PROD cathsunvs04 # zoneadm list -cv
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
  15 cathvs3-gtapp14  running    /zones/cathvs3-gtapp14         solaris8 shared
  20 cathvs2-isd250   running    /zones/cathvs2-isd250          native   shared
  25 cathvs-dbadev    running    /zones/cathvs-dbadev           native   shared
  26 cathvs-cathora7sun01 running    /zones/cathvs-cathora7sun01    solaris8 shared
  32 cathvs3-cathams  running    /zones/cathvs3-cathams         solaris8 shared
  34 cathvs-custdirdev running    /zones/cathvs-custdirdev       native   shared
  38 cathvs3-catccsrv02 running    /zones/cathvs3-catccsrv02      solaris9 shared
  45 cathvs2-canalysis1 running    /zones/cathvs2-canalysis1      solaris9 shared
  46 cathvs-fabman    running    /zones/cathvs-fabman           native   shared
  53 cathvs3-cathmars1 running    /zones/cathvs3-cathmars1       solaris9 shared
  58 cathvs3-cathmwm  running    /zones/cathvs3-cathmwm         solaris8 shared
  62 cathvs3-cathnidp running    /zones/cathvs3-cathnidp        solaris8 shared
  72 cathvs2-fabman   running    /zones/cathvs2-fabman          solaris8 shared
  78 cathvs3-phys-hhdc2 running    /zones/cathvs3-phys-hhdc2      solaris9 shared
  79 cathvs3-phys-hhdc1 running    /zones/cathvs3-phys-hhdc1      solaris9 shared
  83 cathvs2-cathnhhda-ooa running    /zones/cathvs2-cathnhhda-ooa   native   shared
  84 cathvs2-cathlaatp2 running    /zones/cathvs2-cathlaatp2      solaris8 shared
  97 fdbsphback01     running    /zones/fdbsphback01            native   shared
  99 cathvs2-cathnhhda-oas running    /zones/cathvs2-cathnhhda-oas   native   shared
   - cathvs3-erdrtest installed  /zones/cathvs3-erdrtest        native   shared

Regards

Gull04