Solaris 10 zone in Solaris 11

This page's purpose is to have notes about solaris 10 zones in solaris 11.

Currently, it is to hold a single problem resolution that I ran into.

Problem #1: anet didn't seem to work

I needed to set up a solaris 10 zone, and be in a VLAN, and have its own exclusive IP interface. The default template for solaris 10 "brand" zones, default to using 'anet' devices, so I thought, no problem.

Unfortunately... it didnt seem to work. No interface was automatically configured in the sol10 zone. I tried looking around the net for examples,but all full examples seemed to use "net", instead of "anet".

Problem #2: anet on top of vlan didn't seem to work

I didnt remember the new "vlan-id" anet property at first, so I initially created a global VLAN interface, for use as a physical device by the zone. This should work with normal zones. However, when I specifed "lower-link=(vlan-interface)" for the solaris 10 zone, booting up the zone then failed, with the following error:
"failed to create vnic for net0: invalid argument"

Interestingly, using the VLAN VNIC as a base worked fine if I specified an old-style "net" resource with "physical=vlanX". But then you lose the full virtualization of the network interface -- ie: the ability to use snoop in the zone. So this was not acceptible to me.

Resolution

Even though an IP address was not automatically configured, I noticed that I could manually do "ifconfig net0" in the zone. So that worked.

I tried to do the /etc/hostname.net0 approach, but that was failing too. Poking around /lib/svc/method/net-physical, turned up that it was tweaked for the zone, and quits if any link-protection-address is set. Which means, you cannot set "allowed-address", if you want a solaris 10 zone to use the hostname.net0 approach.
Thus, what worked in zonecfg is as follows:

brand: solaris10
ip-type: exclusive

anet:
	linkname: net0
	lower-link: auto
	allowed-address not specified
	link-protection mac-nospoof
	vlan-id: 1234
And then in the zone itself,
 
/etc/hostname.net0  (with usual contents)
/etc/netmasks       (if appropriate)
/etc/defaultrouter  (with usual contents)
This worked! I now have solaris 10 zones, theoretically in a vlan (although dladm does not seem to show it), and I can use snoop in the solaris 10 zone as well.

Warnings

The first time you boot the solaris 10-in-11 zone, it may not be fully understanding of its new network interface. Presumably, there is some fun conversion utils that need to run on first boot. When its all done booting, just clear svc:/network/physical and things should be happier.

Written by:Philip Brown
Bolthole Top - Back to Solaris 11 top - Search Bolthole.com