Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Solaris 11 Link Aggregation + VLAN Trunking: Different VLAN's for global zone and non-global zones

Bernd NiesMar 2 2017 — edited Mar 6 2017

Hi,

We have here a strange issue on an Enterprise M4000 running Solaris 11.3. Network is 2 x 1 Gb/s LACP link aggregation with VLAN trunking. We want separate VLAN's for the global zone and the non-global zones. The zones should have an exclusive IP stack. The problem is, when I boot a zone, I partially loose network connectivity. With "partial" I mean, that one can ping the IP addresses to and from each zone, but most times TCP or UDP based network traffic (e.g. ssh, nslookup, nfs, ldap) fail. I've done the same setup on other Sparc T servers, where it works fine. Solaris 11 and firmware are latest. Zone is a native Solaris 11 and a branded Solaris 10. Any ideas what I'm missing?

Global Zone Network Config

root@global:~# dladm show-aggr -Z

LINK ZONE MODE POLICY ADDRPOLICY LACPACTIVITY LACPTIMER FLAGS

aggr1 global trunk L3 auto active short -----

root@global:~# dladm show-aggr -x

LINK PORT SPEED DUPLEX STATE ADDRESS PORTSTATE

aggr1 -- 1000Mb full up 0:14:4f:b7:af:f2 --

net0 1000Mb full up 0:14:4f:b7:af:f2 attached

net1 1000Mb full up 0:14:4f:b7:af:f3 attached

root@global:~# dladm show-vlan

LINK VID SVID PVLAN-TYPE FLAGS OVER

aggr126001 126 -- -- ----- aggr1

aggr108001 108 -- -- ----- aggr1

root@global:~# ipadm

NAME CLASS/TYPE STATE UNDER ADDR

aggr126001 ip ok -- --

aggr126001/v4 static ok -- 1.2.3.4/24

lo0 loopback ok -- --

lo0/v4 static ok -- 127.0.0.1/8

lo0/v6 static ok -- ::1/128

sppp0 ip ok -- --

sppp0/? static ok -- 10.1.1.2->10.1.1.1

Non-Global Zone Config

root@global:~# zoneadm list -cv

ID NAME STATUS PATH BRAND IP

0 global running / solaris shared

- zone-s10 installed /zones01/zone-s10 solaris10 excl

- zone-s11 installed /zones01/zone-s11-dev solaris excl

root@global:~# zonecfg -z zone-s11 export

create -b

set brand=solaris

set zonepath=/zones01/zone-s11

set autoboot=true

set autoshutdown=shutdown

set bootargs="-m verbose"

set limitpriv=default

set scheduling-class=FSS

set ip-type=exclusive

add anet

set linkname=net0

set lower-link=aggr1

set configure-allowed-address=true

set link-protection=mac-nospoof

set mac-address=auto

set vlan-id=108

end

add capped-memory

set physical=4G

end

add rctl

set name=zone.max-swap

add value (priv=privileged,limit=8589934592,action=deny)

end

add rctl

set name=zone.cpu-shares

add value (priv=privileged,limit=5,action=none)

end

Switch Config

interface Port-channel1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 108,126

switchport mode trunk

spanning-tree portfast trunk

end

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 108,126

switchport mode trunk

spanning-tree portfast trunk

channel-protocol lacp

channel-group 1 mode active

end

interface GigabitEthernet2/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 108,126

switchport mode trunk

spanning-tree portfast trunk

channel-protocol lacp

channel-group 1 mode active

end

This post has been answered by Marcel Hofstetter JomaSoft on Mar 6 2017

Jump to Answer

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 3 2017

Added on Mar 2 2017

#oracle-solaris, #solaris-11

6 comments

1,641 views