Routing in solaris zones
807559Jul 27 2006 — edited Aug 7 2006Hello
I have some questions about routing in solaris zones.
We have one Sun Fire with two physical interfaces - bge0 and bge1
---
#uname -a
SunOS bellatrix 5.10 Generic_118844-26 i86pc i386 i86pc
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 83.242.139.37 netmask ffffff80 broadcast 83.242.139.127
ether 0:9:3d:13:af:8b
---
The task is to assign on the second interface (bge1) addresses from other network (other then on bge0), and
use these addresses in several zones. For tests (see below) we are using /27 networks, but in the future
on production configuration we are planning to use /30 networks (four addresses).
Test N1
---------
We assign address on bge1 interface and see the results
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 35
inet 83.242.156.8 netmask ffffffe0 broadcast 83.242.156.31
ether 0:9:3d:13:af:8c
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
83.242.156.0 83.242.156.8 U 1 2 bge1
83.242.139.0 83.242.139.37 U 1 4737 bge0
224.0.0.0 83.242.139.37 U 1 0 bge0
default 83.242.139.1 UG 1 3964
127.0.0.1 127.0.0.1 UH 4 77 lo0
All looks as expected
Checking from host 83.242.156.2 (another physical machine) in 83.242.156.0/27 network
ping -s 83.242.156.8
PING 83.242.156.8: 56 data bytes
64 bytes from 83.242.156.8: icmp_seq=0. time=0.604 ms
64 bytes from 83.242.156.8: icmp_seq=1. time=0.441 ms
^C
----83.242.156.8 PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 0.441/0.522/0.604/0.12
%traceroute -n 83.242.156.8
traceroute to 83.242.156.8 (83.242.156.8), 30 hops max, 40 byte packets
1 83.242.156.8 0.493 ms 0.366 ms 0.223 ms
All works as expected
Test N2
---------
Very similar to test N1 but with one exception - we assign network address on alias interface, leaving bge1 without address
#ifconfig bge1 addif 83.242.156.8/27 up
#ifconfig -a
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 37
inet 0.0.0.0 netmask ff000000
ether 0:9:3d:13:af:8c
bge1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 37
inet 83.242.156.8 netmask ffffffe0 broadcast 83.255.255.255
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
83.242.156.0 83.242.156.8 U 1 0 bge1:1
83.242.139.0 83.242.139.37 U 1 4738 bge0
224.0.0.0 83.242.139.37 U 1 0 bge0
default 83.242.139.1 UG 1 3966
127.0.0.1 127.0.0.1 UH 4 77 lo0
%ping -s 83.242.156.8
PING 83.242.156.8: 56 data bytes
64 bytes from 83.242.156.8: icmp_seq=0. time=0.610 ms
64 bytes from 83.242.156.8: icmp_seq=1. time=0.502 ms
^C
----83.242.156.8 PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 0.502/0.556/0.610/0.076
Glue %traceroute -n 83.242.156.8
traceroute to 83.242.156.8 (83.242.156.8), 30 hops max, 40 byte packets
1 83.242.156.8 0.514 ms 0.349 ms 0.208 ms
All looks and works as expected
Test N3 (most intresting)
---------
Very similar to test N2 but with one exception - we assign network address on alias and put this alias into zone
#zoneadm -z zone_vlan32 boot
#ifconfig bge1 addif 83.242.156.8/27 zone zone_vlan32 up
Created new logical interface bge1:1
#ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone mysql
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone tt
inet 127.0.0.1 netmask ff000000
lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone zone_vlan32
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 83.242.139.37 netmask ffffff80 broadcast 83.242.139.127
ether 0:9:3d:13:af:8b
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 37
inet 0.0.0.0 netmask ff000000
ether 0:9:3d:13:af:8c
bge1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 37
zone zone_vlan32
inet 83.242.156.8 netmask ffffffe0 broadcast 83.255.255.255
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
83.242.139.0 83.242.139.37 U 1 4737 bge0
224.0.0.0 83.242.139.37 U 1 0 bge0
default 83.242.139.1 UG 1 3965
127.0.0.1 127.0.0.1 UH 4 77 lo0
Ooops! Where the route to 83.242.156.0/27 network?
Checking from host 83.242.156.2
%ping -s 83.242.156.8
PING 83.242.156.8: 56 data bytes
64 bytes from 83.242.156.8: icmp_seq=0. time=1.01 ms
64 bytes from 83.242.156.8: icmp_seq=1. time=0.484 ms
^C
----83.242.156.8 PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 0.484/0.747/1.01/0.37
%traceroute -n 83.242.156.8
traceroute to 83.242.156.8 (83.242.156.8), 30 hops max, 40 byte packets
1 83.242.139.37 0.986 ms 0.457 ms 0.501 ms
Ooops! Packets come back from another interface (bge0, another network!) i.e via default route
BTW, zone "zone_vlan32" have required route
#zlogin zone_vlan32
[Connected to zone 'zone_vlan32' pts/3]
Last login: Fri Jul 21 18:05:19 on pts/7
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
# zsh
zone-vlan32# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
83.242.156.0 83.242.156.8 U 1 2 bge1:1
127.0.0.1 127.0.0.1 UH 4 13 lo0:3
This situation can be fixed by assigning address from 83.242.156.0/27 on bge1,
but this doesn't conform initial conditions (using /30 networks)
Why when alias is inside a zone and base interface doesn't have any address, in global zone doesn't appear route to 83.242.156.0/27 netwok, like this
83.242.156.0 83.242.156.8 U 1 0 bge1:1