creating a virtual network with OpenSolaris Build 105 and PÖroject crossbow

The project crossbow allows to create a virtual network. Network Interface cards and also switches can be virtualized.

The key command is dladm:

The first step is to create a virtual switch:

# dladm create-etherstub sw1
# dladm show-etherstub sw1
LINK
sw1



The next step is to create virtual network cards two for zones and one for the global zone which are connected to the virtual switch:

# dladm create-vnic -l sw1 vnic1
# dladm create-vnic -l sw1 vnic2
# dladm create-vnic -l sw1 vnic3
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnic1 sw1 0 2:8:20:8b:5d:49 random 0
vnic2 sw1 0 2:8:20:aa:fc:60 random 0
vnic3 sw1 0 2:8:20:57:87:c1 random 0


All network interfaces are connected to the virtual switch sw1.

The two zones are configure to use the interface in exclusive IP mode:

bash-3.2$ zonecfg -z virt1 info
zonename: virt1
zonepath: /zones/virt1
brand: ipkg
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
[cpu-shares: 10]
net:
address nicht angegeben
physical: vnic1
defrouter nicht angegeben
capped-memory:
physical: 300M
[swap: 500M]
rctl:
name: zone.max-swap
value: (priv=privileged,limit=524288000,action=deny)
rctl:
name: zone.cpu-shares
value: (priv=privileged,limit=10,action=none)
bash-3.2$ zonecfg -z virt2 info
zonename: virt2
zonepath: /zones/virt2
brand: ipkg
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
[cpu-shares: 10]
net:
address nicht angegeben
physical: vnic2
defrouter nicht angegeben
capped-memory:
physical: 300M
[swap: 500M]
rctl:
name: zone.max-swap
value: (priv=privileged,limit=524288000,action=deny)
rctl:
name: zone.cpu-shares
value: (priv=privileged,limit=10,action=none)


Now we boot the zones:

# zoneadm -z virt1 boot
# zoneadm -z virt2 boot


After logging in the zone:

# zlogin -C virt1
[Verbunden mit Konsole für Zone 'virt1']

Hostname: virt1
Reading ZFS config: done.
Mounting ZFS filesystems: (5/5)

virt1 console login:

root@virt1:~# ifconfig vnic1
vnic1: flags=201000843 mtu 9000 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 2:8:20:8b:5d:49


and now the second zone:

root@solewer:~# zlogin -C virt2
[Verbunden mit Konsole für Zone 'virt2']

virt2 console login: root
Password:
Jan 23 18:44:10 virt2 login: ROOT LOGIN /dev/console
Last login: Fri Jan 23 18:33:44 on console
Sun Microsystems Inc. SunOS 5.11 snv_105 November 2008
root@virt2:~# ifconfig vnic2
vnic2: flags=201000843 mtu 9000 index 2
inet 192.168.1.10 netmask ffffff00 broadcast 192.168.1.255
ether 2:8:20:aa:fc:60
we see the configured interfaces

And now in the global zone the vnic3 is configured and brought up:

bash-3.2$ su
Passwort:
# ifconfig vnic3 plumb
# ifconfig vnic3 router
# ifconfig vnic3 192.168.1.50
# ifconfig vnic3 up
# ping 192.168.1.1
192.168.1.1 is alive
# ping 192.168.1.10
192.168.1.10 is alive
# ping 192.168.1.50


Now in the global zone we map the data from the zone network to the external interface in the global zone:

# ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ipw0: flags=201104843 mtu 1500 index 2
inet 10.0.0.1 netmask ffffff00 broadcast 10.0.0.255
ether 0:c:f1:2d:e:1b
vnic3: flags=201100843 mtu 9000 index 4
inet 192.168.1.50 netmask ffffff00 broadcast 192.168.1.255
ether 2:8:20:57:87:c1
lo0: flags=2002000849 mtu 8252 index 1
inet6 ::1/128
# cat ipnat.conf
#
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
map ipw0 from 192.168.1.0/24 to any -> 10.0.0.1
# ipnat -f /etc/ipf/ipnat.conf
# ipnat -l
List of active MAP/Redirect filters:
map ipw0 from 192.168.1.0/24 to any -> 10.0.0.1/32

List of active sessions:


Now we add the default router in each zone by command or in the
/etc/defaulrouter file:

root@virt1:~# route add default 192.168.1.50
add net default: gateway 192.168.1.50

After this we can ping the WLAN-Router from the zone.
root@virt1:~# ping 10.0.0.138
10.0.0.138 is alive
root@virt1:~


This has now created two virtual hosts connect via a virtual switch and the
vnic3 ist the connected to the virtual switch and controlled in the global zone.
The IPnat allows packages to travel out of the internal network and is mapped, as they would appear from the global zone.