/
How to configure NET on Virtual Machine for global zone with etherstub

How to configure NET on Virtual Machine for global zone with etherstub

Owned by Vitaly Shaburov (Unlicensed)
Last updated: Oct 13, 2023
4 min read

 

The procedure of installation and configuration network for real (hardware) machine is described here. But when you will try to it on Virtual Machine it can be slightly different. The structure of network configuration for global zone will look like this:

First of all, you won’t have real Ethernet adapter on your Virtual Machine but just a Virtual Adapter that will be connected to all other machines in the lab. Usually it has vmxnet3s0 name but you can examine it by entering ‘dladm show-phys’ command:

root@dilos:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE vmxnet3s0 Ethernet up 10000 full vmxnet3s0

Its address will be exactly that you entered when installing DilOS. For our example we will use 10.20.50.165 address that looks usable for our labs. However, you can check this address by entering the ‘ifconfig’ command like this:

root@dilos:~# ifconfig lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 vmxnet3s0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3 inet 10.20.50.165 netmask ffffff00 broadcast 10.20.50.255 ether 0:50:56:b2:71:ae lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1 inet6 ::1/128

It is supposed that your Internet is configured correctly and works fine till this point.

So, to work with zones correctly we will organize VPN inside our Virtual Machine and will connect our zones to this VPN. You can select any work address range for your VPN that is not crossed with external lab addresses (in our example external range is 10.20.50.XXX). Let's take 192.168.0.XXX range for our VPN.

For this purpose we will create a virtual software switch (etherstub) and name it, for example, vsw0:

dladm create-etherstub vsw0 dladm set-linkprop -p mtu=1500 vsw0

After that we have to create an interface (end point) for this etherstub in the form of VNIC instead of physical cable connected to a physical NIC and name it, for example, int0 and then connect it to the etherstub vsw0 and check that everything is created:

root@dilos:~# dladm create-vnic -l vsw0 int0 root@dilos:~# dladm show-link LINK CLASS MTU STATE BRIDGE OVER vmxnet3s0 phys 1500 up -- -- vsw0 etherstub 9000 up -- -- int0 vnic 9000 up -- vsw0

So, we see that etherstub is created and vnic int0 is connected to it (lines 5 and 6). All zone interfaces (as you will see a little bit later) will be connected to vsw0 as well inside our VPN.

You can configure int0 interface it manually like this:

root@dilos:~# ifconfig int0 plumb root@dilos:~# ifconfig int0 inet 192.168.0.254/24 up root@dilos:~# ifconfig int0 int0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 9000 index 3 inet 192.168.0.254 netmask ffffff00 broadcast 192.168.0.255 ether 2:8:20:85:3d:bf

Create /etc/hostname.int0 file and write there:

192.168.0.254 netmask 255.255.255.0 broadcast + up

And to forward packages outside VPN (to Internet) and back the NAT must be configured. It can be done with writing the following lines to the /etc/ipf/ipnat.conf file:

map vmxnet3s0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp map vmxnet3s0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto map vmxnet3s0 192.168.0.0/24 -> 0/32

It connects our vmxnet3s0 virtual adapter and our software switch 192.168.0.0.

Enable ipfilter if it is still disabled:

root@dilos:~# svcs ipfilter STATE STIME FMRI disabled 9:48:03 svc:/network/ipfilter:default root@dilos:~# svcadm enable ipfilter root@dilos:~# svcs ipfilter STATE STIME FMRI online 11:29:25 svc:/network/ipfilter:default

Examine packets ip forwarding as well:

root@dilos:~# routeadm Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 routing disabled disabled IPv6 routing disabled disabled IPv4 forwarding disabled disabled IPv6 forwarding disabled disabled Routing services "route:default ripng:default" Routing daemons: STATE FMRI disabled svc:/network/routing/ripng:default online svc:/network/routing/ndp:default disabled svc:/network/routing/legacy-routing:ipv4 disabled svc:/network/routing/legacy-routing:ipv6 disabled svc:/network/routing/rdisc:default disabled svc:/network/routing/route:default

IPv4 forwarding is disabled (line 7); enable it:

root@dilos:~# routeadm -u -e ipv4-forwarding root@dilos:~# routeadm Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 routing disabled disabled IPv6 routing disabled disabled IPv4 forwarding enabled enabled IPv6 forwarding disabled disabled Routing services "route:default ripng:default" Routing daemons: STATE FMRI disabled svc:/network/routing/ripng:default online svc:/network/routing/ndp:default disabled svc:/network/routing/legacy-routing:ipv4 disabled svc:/network/routing/legacy-routing:ipv6 disabled svc:/network/routing/rdisc:default disabled svc:/network/routing/route:default

Now it is enabled, configure the first zone to test the result. The full zone installation procedure is described here and you can do it. Below is just some significant points that should be done for network configuration:

root@dilos:~# zonecfg -z zone01 zone01: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone01> create zonecfg:zone01> set zonename=zone01 zonecfg:zone01> set zonepath=/zones/zone01 zonecfg:zone01> set autoboot=false zonecfg:zone01> set ip-type=exclusive zonecfg:zone01> add net zonecfg:zone01:net> set physical=iz1 zonecfg:zone01:net> set global-nic=vsw0 zonecfg:zone01:net> add property (name=ip,value="192.168.0.1") zonecfg:zone01:net> add property (name=gateway,value="192.168.0.254") zonecfg:zone01:net> add property (name=netmask,value="255.255.255.0") zonecfg:zone01:net> add property (name=primary,value="true") zonecfg:zone01:net> end zonecfg:zone01> add attr zonecfg:zone01:attr> set name=resolvers zonecfg:zone01:attr> set type=string zonecfg:zone01:attr> set value=8.8.8.8 zonecfg:zone01:attr> end zonecfg:zone01> verify zonecfg:zone01> commit zonecfg:zone01> exit

These points are:

  • in line 10 we give the name for our zone interface in VPN iz1

  • in line 11 we connect our interface to the etherstub vsw0

  • in line 12 we assign an IP address that we would like to assign for our zone 192.168.0.1

  • in line 13 we connect our zone trough our VPN interface int0 192.168.0.254

  • and in line 20 we assign an address of our name server (here this is a Google name server 8.8.8.8)

And now you can install and boot your zone like it is described in the instruction mentioned at the beginning of this page.

And if you do everything right you will see that your zone is created and connected to this VPN (lines 5 an 6):

root@dilos:~# dladm show-link LINK CLASS MTU STATE BRIDGE OVER vmxnet3s0 phys 1500 up -- -- vsw0 etherstub 9000 up -- -- int0 vnic 9000 up -- vsw0 iz1 vnic 9000 up -- vsw0

So, you can also add other zones and make test procedures according that instruction as well.

Good luck!

 

Related content