Discussion:
Solaris11 zone networking on VirtualBox
Deniz Rende
2011-11-15 04:46:24 UTC
Permalink
Hello Folks,

I installed Solaris 11 on VirtualBox and I created a zone named "zdev1" by
following the directions outlined here:

http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-092-s11-zones-intro-524494.html

Here is some information:

***@solaris11:~# uname -a
SunOS solaris11 5.11 11.0 i86pc i386 i86pc
***@solaris11:~# cat /etc/release
Oracle Solaris 11 11/11 X86
Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights
reserved.
Assembled 18 October 2011

***@solaris11:~# zoneadm list -civ
ID NAME STATUS PATH BRAND IP

0 global running / solaris
shared
1 zdev1 running /zones/zdev1 solaris
excl

But I can't get the zone networking to work for the life of me:

***@solaris11:~# zlogin zdev1
[Connected to zone 'zdev1' pts/2]
Oracle Corporation SunOS 5.11 11.0 November 2011
***@zdev1:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
net0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.13 netmask ffffff00 broadcast 192.168.1.255
ether 2:8:20:5:51:dc
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252
index 1
inet6 ::1/128
net0: flags=20002004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2
inet6 fe80::8:20ff:fe05:51dc/10
ether 2:8:20:5:51:dc

Trying to ping the defaultrouter ( 192.168.1.254 )

***@zdev1:~# ping 192.168.1.254
no answer from 192.168.1.254

ofcourse trying out is not gonna work:

***@zdev1:~# ping 173.194.64.103
no answer from 173.194.64.103

I can ping to my self:
***@zdev1:~# ping localhost
localhost is alive

The zone info:

***@solaris11:~# zonecfg -z zdev1 info
zonename: zdev1
zonepath: /zones/zdev1
brand: solaris
autoboot: true
bootargs: -m verbose
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
auto-mac-address: 2:8:20:5:51:dc
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified

I am not sure if this is VirtualBox related or if I am doing something
wrong here. Any feedback is appreciated. Please let me know if you need
more information.

-Deniz.
Mike Gerdts
2011-11-15 05:08:37 UTC
Permalink
Post by Deniz Rende
zonename: zdev1
zonepath: /zones/zdev1
brand: solaris
autoboot: true
bootargs: -m verbose
ip-type: exclusive
linkname: net0
lower-link: auto
It could be that this anet resource automatically picked the wrong
lower link. From the global zone, what do "dladm show-link" and
"ipadm show-addr" say?
--
Mike Gerdts
http://mgerdts.blogspot.com/
Deniz Rende
2011-11-15 05:25:17 UTC
Permalink
Post by Mike Gerdts
It could be that this anet resource automatically picked the wrong
lower link. From the global zone, what do "dladm show-link" and
"ipadm show-addr" say?
I get the following information:

***@solaris11:~# dladm show-link
LINK CLASS MTU STATE OVER
net0 phys 1500 up --
zdev1/net0 vnic 1500 up net0
***@solaris11:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok 192.168.1.20/24
lo0/v6 static ok ::1/128
net0/v6 addrconf ok fe80::a00:27ff:fe22:cf2f/10

I don't know if it worths to mention but the version of Solaris 11 is the
text install....I also don't have any trouble GZ networking:

***@solaris11:~# ping www.google.com
www.google.com is alive


-Deniz
Post by Mike Gerdts
Post by Deniz Rende
zonename: zdev1
zonepath: /zones/zdev1
brand: solaris
autoboot: true
bootargs: -m verbose
ip-type: exclusive
linkname: net0
lower-link: auto
It could be that this anet resource automatically picked the wrong
lower link. From the global zone, what do "dladm show-link" and
"ipadm show-addr" say?
--
Mike Gerdts
http://mgerdts.blogspot.com/
Mike Gerdts
2011-11-15 05:43:14 UTC
Permalink
Post by Mike Gerdts
It could be that this anet resource automatically picked the wrong
lower link.  From the global zone, what do "dladm show-link" and
"ipadm show-addr" say?
LINK                CLASS     MTU    STATE    OVER
net0                phys      1500   up       --
zdev1/net0          vnic      1500   up       net0
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
net0/v4           static   ok           192.168.1.20/24
lo0/v6            static   ok           ::1/128
net0/v6           addrconf ok           fe80::a00:27ff:fe22:cf2f/10
I don't know if it worths to mention but the version of Solaris 11 is the
www.google.com is alive
I suspect that what is happening is that the zdev1/net0 vnic thinks it
is OK to allocate another MAC (Ethernet) address but virtualbox isn't
happy with it and thinks something in the VM is trying to spoof
packets There may be a way within virtualbox to disable this
behavior, but I've not used virtualbox recently enough to remember.

Assuming you can't disable the vbox feature that seems to be getting
in the way, instead of using an anet resource which creates a vnic on
top of the global zone's net0, try one of the following:

Option 1: Use shared-stack

zonecfg -z zdev1
remove anet linkname=net0
set ip-type=shared
add net
set name=net0
set addr=192.168.1.13/24
set defrouter=192.168.1.254
end
exit
zoneadm -z zdev1 reboot

You will probably need to do some ipadm magic (ipadm delete-ip
net0/<something>?) to make the configuration for net0 go away, else
network/physical:default will probably be in maintenance.


Option 2: Allocate another network

In this option, you need to have virtualbox provide another NIC. That
is, shut down the VM, within the VirtualBox GUI, configure a second
network to look just like the first one, then boot the VM.

Once you are back in Solaris:

zonecfg -z zdev1
remove anet linkname=net0
add net
set physical=net1
end
exit
zoneadm -z zdev1 reboot

You will then need to transition your network configuration in the
zone from net0 to net1.
--
Mike Gerdts
http://mgerdts.blogspot.com/
Deniz Rende
2011-11-15 06:14:48 UTC
Permalink
Hi Mike,

Option 1: Use shared-stack


But that means that I am not going to be able to use all the goodies that
come with ip-excl. :(

You will then need to transition your network configuration in the

zone from net0 to net1.

Do you mean, sysconfig configure here or some othe procedure. Right now it
looks like this:

LINK CLASS MTU STATE OVER
net0 phys 1500 up --
net1 phys 1500 unknown --
zdev1/net1 phys 1500 unknown --

-Deniz.
Post by Mike Gerdts
Post by Deniz Rende
Post by Mike Gerdts
It could be that this anet resource automatically picked the wrong
lower link. From the global zone, what do "dladm show-link" and
"ipadm show-addr" say?
LINK CLASS MTU STATE OVER
net0 phys 1500 up --
zdev1/net0 vnic 1500 up net0
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok 192.168.1.20/24
lo0/v6 static ok ::1/128
net0/v6 addrconf ok fe80::a00:27ff:fe22:cf2f/10
I don't know if it worths to mention but the version of Solaris 11 is the
www.google.com is alive
I suspect that what is happening is that the zdev1/net0 vnic thinks it
is OK to allocate another MAC (Ethernet) address but virtualbox isn't
happy with it and thinks something in the VM is trying to spoof
packets There may be a way within virtualbox to disable this
behavior, but I've not used virtualbox recently enough to remember.
Assuming you can't disable the vbox feature that seems to be getting
in the way, instead of using an anet resource which creates a vnic on
Option 1: Use shared-stack
zonecfg -z zdev1
remove anet linkname=net0
set ip-type=shared
add net
set name=net0
set addr=192.168.1.13/24
set defrouter=192.168.1.254
end
exit
zoneadm -z zdev1 reboot
You will probably need to do some ipadm magic (ipadm delete-ip
net0/<something>?) to make the configuration for net0 go away, else
network/physical:default will probably be in maintenance.
Option 2: Allocate another network
In this option, you need to have virtualbox provide another NIC. That
is, shut down the VM, within the VirtualBox GUI, configure a second
network to look just like the first one, then boot the VM.
zonecfg -z zdev1
remove anet linkname=net0
add net
set physical=net1
end
exit
zoneadm -z zdev1 reboot
You will then need to transition your network configuration in the
Post by Deniz Rende
zone from net0 to net1.
--
Mike Gerdts
http://mgerdts.blogspot.com/
--
Mike Gerdts
2011-11-15 19:46:33 UTC
Permalink
Post by Deniz Rende
Hi Mike,
Post by Mike Gerdts
Option 1: Use shared-stack
But that means that I am not going to be able to use all the goodies that
come with ip-excl. :(
Agreed. :(
Post by Deniz Rende
Post by Mike Gerdts
 You will then need to transition your network configuration in the
zone from net0 to net1.
Do you mean, sysconfig configure here or some othe procedure. Right now it
LINK                CLASS     MTU    STATE    OVER
net0                phys      1500   up       --
net1                phys      1500   unknown  --
zdev1/net1          phys      1500   unknown  --
Whatever you do to reconfigure it, you need to do it in the zone. You
can use sysconfig configure, or use ipadm. I think the steps are
something along the lines of:

***@zone# ipadm delete-ip net0/<something>
***@zone# ipadm create-ip net1/v4
***@zone# ipadm create-addr -T static -a local=addr/mask net1/v4

My fingers are still learning the new magic, so there could be
something horribly wrong in my advice. If Seb gives conflicting
advice, he's probably right.
--
Mike Gerdts
http://mgerdts.blogspot.com/
Sebastien Roy
2011-11-15 20:00:26 UTC
Permalink
Post by Mike Gerdts
Post by Mike Gerdts
Post by Mike Gerdts
You will then need to transition your network configuration in the
zone from net0 to net1.
Do you mean, sysconfig configure here or some othe procedure. Right now it
LINK CLASS MTU STATE OVER
net0 phys 1500 up --
net1 phys 1500 unknown --
zdev1/net1 phys 1500 unknown --
Whatever you do to reconfigure it, you need to do it in the zone. You
can use sysconfig configure, or use ipadm. I think the steps are
My fingers are still learning the new magic, so there could be
something horribly wrong in my advice. If Seb gives conflicting
advice, he's probably right.
Since you brought it up... ;-) The objects that ipadm manipulates are
IP interfaces and addresses. In the above example, the delete-ip and
create-ip subcommands are manipulating IP interfaces, and the
create-addr subcommand is manipulating an IP address over one of those
interfaces. "net0" and "net1" are IP interface names. "net1/v4" is the
name of an IP address over the "net1" IP interface. So the sequence is:

# ipadm delete-ip net0
# ipadm create-ip net1
# ipadm create-addr -T static -a <addr>/<prefix-len> net1/v4

-Seb
Deniz Rende
2011-11-15 20:17:47 UTC
Permalink
Seb/Mike,

Thanks for your inputs, I also asked the same question in VirtualBox
forums. I'll retry this again tonight and see. I ended up having troubles
with reconfiguration. I am going to go ahead and do another scratch install
tonight!, I'll keep you guys posted.
Post by Deniz Rende
Post by Mike Gerdts
Post by Mike Gerdts
Post by Mike Gerdts
You will then need to transition your network configuration in the
zone from net0 to net1.
Do you mean, sysconfig configure here or some othe procedure. Right now it
LINK CLASS MTU STATE OVER
net0 phys 1500 up --
net1 phys 1500 unknown --
zdev1/net1 phys 1500 unknown --
Whatever you do to reconfigure it, you need to do it in the zone. You
can use sysconfig configure, or use ipadm. I think the steps are
My fingers are still learning the new magic, so there could be
something horribly wrong in my advice. If Seb gives conflicting
advice, he's probably right.
Since you brought it up... ;-) The objects that ipadm manipulates are IP
interfaces and addresses. In the above example, the delete-ip and
create-ip subcommands are manipulating IP interfaces, and the create-addr
subcommand is manipulating an IP address over one of those interfaces.
"net0" and "net1" are IP interface names. "net1/v4" is the name of an IP
# ipadm delete-ip net0
# ipadm create-ip net1
# ipadm create-addr -T static -a <addr>/<prefix-len> net1/v4
-Seb
--
Deniz Rende
Web: http://www.machine-unix.com
Sebastien Roy
2011-11-15 17:04:05 UTC
Permalink
Post by Mike Gerdts
Post by Deniz Rende
Post by Mike Gerdts
It could be that this anet resource automatically picked the wrong
lower link. From the global zone, what do "dladm show-link" and
"ipadm show-addr" say?
LINK CLASS MTU STATE OVER
net0 phys 1500 up --
zdev1/net0 vnic 1500 up net0
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok 192.168.1.20/24
lo0/v6 static ok ::1/128
net0/v6 addrconf ok fe80::a00:27ff:fe22:cf2f/10
I don't know if it worths to mention but the version of Solaris 11 is the
www.google.com is alive
I suspect that what is happening is that the zdev1/net0 vnic thinks it
is OK to allocate another MAC (Ethernet) address but virtualbox isn't
happy with it and thinks something in the VM is trying to spoof
packets There may be a way within virtualbox to disable this
behavior, but I've not used virtualbox recently enough to remember.
Perhaps try different virtualbox networking "modes" (I assume bridge
mode is being used)? In any case, I'd submit a bug against virtualbox.

-Seb
Deniz Rende
2011-11-15 17:27:52 UTC
Permalink
Hi Seb,
(I assume bridge mode is being used)?
Yes, that is correct, I'll try the other "modes" later on. I did a scratch
install of the zone, and I got the same results.

In any case, I'd submit a bug against virtualbox.


+1
Post by Mike Gerdts
Post by Mike Gerdts
It could be that this anet resource automatically picked the wrong
Post by Mike Gerdts
lower link. From the global zone, what do "dladm show-link" and
"ipadm show-addr" say?
LINK CLASS MTU STATE OVER
net0 phys 1500 up --
zdev1/net0 vnic 1500 up net0
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok 192.168.1.20/24
lo0/v6 static ok ::1/128
net0/v6 addrconf ok fe80::a00:27ff:fe22:cf2f/10
I don't know if it worths to mention but the version of Solaris 11 is the
www.google.com is alive
I suspect that what is happening is that the zdev1/net0 vnic thinks it
is OK to allocate another MAC (Ethernet) address but virtualbox isn't
happy with it and thinks something in the VM is trying to spoof
packets There may be a way within virtualbox to disable this
behavior, but I've not used virtualbox recently enough to remember.
Perhaps try different virtualbox networking "modes" (I assume bridge mode
is being used)? In any case, I'd submit a bug against virtualbox.
-Seb
--
Deniz Rende

Web: http://www.machine-unix.com
Loading...