Network / global zones (Solaris 10 / 8) config recommendations

UNIX Solaris
1

I have a few non-globa zones running in a 10.10.xx.xx network on a machine that is on a 192.168.xx.xx network.

My goal is to allow each of the non-global zones to communicate to each other while not communicating on the 192.168.xx.xx network.

I am using the current version of Solaris 10 in the global zone
The non-global zones are running the Solaris 8 branded zones.

I can tweak the settings without any issues within the global zones; however, I would like to keep the mods within the non-global zones to a minimum. This way every time I rebuild out a non-global zone I don't have to do a lot of re-customizatation.

My Long term I would like to join a few servers on the 192.168.xx.xx networks into a sub-network supporting a 10.10.xx.xx non-global zones.

So I am looking for pointers to accomplish this task.

2

Post output of zonecfg -z <name of the zone> export for two zones that can communicate with each other.

3

My /etc/zones/server1.xml file for the zones that I want to communicate with.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/shar
e/lib/xml/dtd/zonecfg.dtd.1">
<!--
    DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
-->
<zone name="server1" zonepath="/zpool2/server1" autoboot="false" brand="solaris8
">
  <network address="10.10.1.21/24" physical="bge0"/>
  <filesystem special="/install" directory="/install" type="lofs"/>
</zone>
---------------------------- second zone xml file --------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/shar
e/lib/xml/dtd/zonecfg.dtd.1">
<!--
    DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
-->
<zone name="server2" zonepath="/zpool2/server2" autoboot="false" brand="solaris8
">
  <network address="10.10.1.22/24" physical="bge0"/>
  <filesystem special="/install" directory="/install" type="lofs"/>
</zone>

All of the zones will be configured based on the above template xml file. I am looking for something simple; The "/install" is a shared location on the global zone for s/w installs.

global zone is configured on the 192.168.xx.xx network.

The bge1 interface is currently not used / plumbed.

:eek:Ahh - found my error for zones not talking between each other; I had a bad IP address in one of the xml files. This overides the non-global host /etc/inet/hosts file entry.

I now have the internal non-global zones talking to each other; the next step is to have two sets of servers configured with a similar zone.xml file (unique IP addresses). From what I remember the 10.10.xx.xx is a private network address so the router/switch will either drop the packets; or not be able to figure out the route to the other machine(s).

So now I have the zones talking to each other; so the next step is to get a few machines running this configuration.

Sever 1                                                   Server 2
 192.168.x.1     < switch/router>                        192.168.x.2
     10.10.1.1                                            10.10.1.2
     10.10.1.3                                            10.10.1.4
     10.10.1.20                                           10.10.1.40
4

Now post output of:

ifconfig -a
netstat -rn
5

ifconfig -a

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
 1
        inet 127.0.0.1 netmask ff000000 
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
        zone server1
        inet 127.0.0.1 netmask ff000000 
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
        zone server2
        inet 127.0.0.1 netmask ff000000 
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 192.168.20.77 netmask ffffff00 broadcast 192.168.20.255
bge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        zone server1
        inet 10.10.1.21 netmask ffffff00 broadcast 10.10.1.255
bge0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        zone server2
        inet 10.10.1.23 netmask ffffff00 broadcast 10.10.1.255

netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              192.168.20.241       UG        1       6458           
192.168.20.0         192.168.20.77        U         1        368 bge0      
224.0.0.0            192.168.20.77        U         1          0 bge0      
127.0.0.1            127.0.0.1            UH       48    1037223 lo0
6

I think specifying static routes for the zones on each server might work. Something like this:
On server 1 (global zone):

route -p add 10.10.1.2 192.168.x.2
route -p add 10.10.1.4 192.168.x.2
route -p add 10.10.1.40 192.168.x.2

On server 2 (global zone):

route -p add 10.10.1.1 192.168.x.1
route -p add 10.10.1.3 192.168.x.1
route -p add 10.10.1.20 192.168.x.1

What does netstat -rn look like inside a zone?

7

Is there a configuration file I can stuff this into so I can make it part of a delivery package?

If not; I can just build a list based on items found in the /etc/zones file and add the routes neccessary when the global zone is rebooted.

Thanks for making me find the error on the IP address defined in the zone configuration file. I had edited the zone configuration file; but I had failed to reboot the non-global zones so it would pick up my corrections.

8

I would first get this to work, then you can think about packaging it (probably as just a startup script).

1 Like