Infrastructure Software

Hi all,

I'm having great difficulty with getting a non-global zone to use a tagged VLAN.  Our network team have recently trunked a new VLAN (VLAN 517 / 10.200.34.x) to the switch ports alongside the native VLAN.  I need to get both global and non-global zones re-addressed to use the new VLAN 517 10.200.34.x IP addresses (i.e. read the VLAN tag).

I have managed to get the global zone configured to work on VLAN 517 as follows:

root@slpunx01:~# dladm show-phys

LINK              MEDIA                STATE      SPEED  DUPLEX    DEVICE

net4              Ethernet             up         1000   full      e1000g4

net1              Ethernet             unknown    0      unknown   e1000g1

net2              Ethernet             unknown    0      unknown   e1000g2

net0              Ethernet             up         1000   full      e1000g0

net3              Ethernet             up         1000   full      e1000g3

net5              Ethernet             up         1000   full      e1000g5

root@slpunx01:~# dladm show-link

LINK                CLASS     MTU    STATE    OVER

net4                phys      1500   up       --

net1                phys      1500   unknown  --

net2                phys      1500   unknown  --

net0                phys      1500   up       --

net3                phys      9000   up       --

net5                phys      9000   up       --

dlmp0               aggr      1500   up       net0 net4

root@slpunx01:~# dladm show-aggr

LINK              MODE  POLICY   ADDRPOLICY           LACPACTIVITY LACPTIMER

dlmp0             dlmp  --       --                   --           --

I created a VLAN over the aggregate:

root@slpunx01:~# dladm create-vlan -l dlmp0 -v 517 vlan517

root@slpunx01:~# dladm show-vlan

LINK                VID  SVID PVLAN-TYPE  FLAGS  OVER

vlan517             517  --   --          -----  dlmp0

Then I created the IP address on the VLAN:

root@slpunx01:~# ipadm create-ip vlan517

root@slpunx01:~# ipadm create-addr -T static -a 10.200.34.15/24 vlan517/slpunx03

root@slpunx01:~# ipadm

NAME              CLASS/TYPE STATE        UNDER      ADDR

lo0               loopback   ok           --         --

   lo0/v4         static     ok           --         127.0.0.1/8

   lo0/v6         static     ok           --         ::1/128

net3              ip         ok           --         --

   net3/iscsi     static     ok           --         10.200.16.155/24

net5              ip         ok           --         --

   net5/iscsi     static     ok           --         10.200.16.156/24

vlan517           ip         ok           --         --

   vlan517/slpunx01 static   ok           --         10.200.34.15/24

Then added the route to the gateway:

route -p add default 10.200.34.1

This puts the global zone on VLAN 517 and I can ping the gateway and all other network resources as expected.  The problem comes when I try to get the equivalent configuration working on the non-global zones.   I first created a VNIC on VLAN517 for one of the zones to use as its network link:

root@slpunx01:~# dladm create-vnic -l dlmp0 -v 517 vnic0

root@slpunx01:~# dladm show-vnic

LINK            OVER           SPEED  MACADDRESS        MACADDRTYPE IDS

vnic0           dlmp0          1000   2:8:20:c:9a:d4    random      VID:517

Here is the config of the zone:

root@slpunx01:~# zonecfg -z stvora02 info

zonename: stvora02

zonepath: /zones/stvora02/root

brand: solaris

autoboot: false

autoshutdown: shutdown

bootargs:

file-mac-profile:

pool:

limitpriv:

scheduling-class:

ip-type: exclusive

hostid:

tenant:

fs-allowed:

fs:

        dir: /u01

        special: zones/stvora02/u01

        raw not specified

        type: zfs

        options: []

anet:

        linkname: vnic0

        lower-link: auto

        allowed-address not specified

        configure-allowed-address: true

        defrouter not specified

        allowed-dhcp-cids not specified

        link-protection: mac-nospoof

        mac-address: auto

        auto-mac-address: 2:8:20:f8:13:d2

        mac-prefix not specified

        mac-slot not specified

        vlan-id: 517

        priority not specified

        rxrings not specified

        txrings not specified

        mtu not specified

        maxbw not specified

        bwshare not specified

        rxfanout not specified

        vsi-typeid not specified

        vsi-vers not specified

        vsi-mgrid not specified

        etsbw-lcl not specified

        cos not specified

        pkey not specified

        linkmode not specified

        evs not specified

        vport not specified

dedicated-cpu:

        ncpus: 8

        cpus not specified

        cores not specified

        sockets not specified

dataset:

        name: stvora02_u07/u07

        alias: u07

dataset:

        name: stvora02_u08/u08

        alias: u08

Inside the zone, the link shows as vnic0:

root@stvora02:~# dladm show-link

LINK                CLASS     MTU    STATE    OVER

vnic0               vnic      1500   up       ?

...so I configured an IP address on it:

root@stvora02:~# ipadm create-ip vnic0

root@stvora02:~# ipadm create-addr -T static -a 10.200.34.16/24 vnic0/v4

...then added a route to the default gateway:

root@stvora02:~# route -p add default 10.200.34.1

The final IP configuration within the zone looks like this:

root@stvora02:~# ipadm

NAME              CLASS/TYPE STATE        UNDER      ADDR

lo0               loopback   ok           --         --

   lo0/v4         static     ok           --         127.0.0.1/8

   lo0/v6         static     ok           --         ::1/128

vnic0             ip         ok           --         --

   vnic0/v4       static     ok           --         10.200.34.16/24

...which seems as it should to me.  However, I can ping the zone IP, but not the gateway or any other network resources.

root@stvora02:~# ping 10.200.34.16

10.200.34.16 is alive

root@stvora02:~# ping 10.200.34.1

no answer from 10.200.34.1

Can anyone tell me where I've gone wrong and how to get this working please?

Regards,

Stuart