How to configure a vnic on top of a Vlan Tagged Interface and assign the vnic to a Solaris 11 Zone By Devan

How to configure a vnic on top of a Vlan Tagged Interface and assign the vnic to a Solaris 11 Zone

This post discusses how to assign a vnic created on a vlan tagged interface and assign the vnic to an exclusive-ip zone in Solaris 11.

If you want a vnic on a vlan, you need to set the vlan option when you create the vnic. Note that the physical does not have to be on the vlan, but the external cisco switch connected to the physical does need to be vlan aware. Once you do create the vnic on a vlan and assign it to the NGZ, that doesn’t mean you will have communications to the GZ. The GZ will also need an interface on the same vlan/subnet.

Here goal is to create vnics over vlan tagged NIC and assign that to exclusive zones using ANET.

# zonecfg -z excluzone
Use 'create' to begin configuring a new zone.
zonecfg:excluzone> create
create: Using system default template 'SYSdefault'
zonecfg:excluzone> set zonepath=/zones/excluzone
zonecfg:excluzone> set autoboot=true
zonecfg:excluzone> set bootargs="-m verbose"
zonecfg:excluzone> set ip-type=exclusive
zonecfg:excluzone> add anet
zonecfg:excluzone:anet> set linkname=nic1----name of interface as it appears in the exclusive zone
zonecfg:excluzone:anet> set lower-link=net0---------Must be a physical NIC
zonecfg:excluzone:anet> set vlan-id=1803
zonecfg:excluzone:anet> end
zonecfg:excluzone> verify
zonecfg:excluzone> commit
zonecfg:excluzone> exit

Now if I create the following vnic in the GZ and put them both on the same subnet, the two can ping each other.

# dladm create-vnic  -l net0 -v1803  vnic10
# ipadm create-ip vnic10
# ipadm create-addr -T static -a local=10.152.230.159/24 vnic10

root@excluzone:~# ifconfig -a
lo0: flags=2001000849[UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL] mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
nic1: flags=100201000843[UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS,PHYSRUNNING] mtu 1500 index 2
        inet 10.152.230.160 netmask ffffff00 broadcast 10.152.230.255
        ether 2:8:20:6e:8d:3
lo0: flags=2002000849[UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL] mtu 8252 index 1
        inet6 ::1/128
nic1: flags=120202004841[UP,RUNNING,MULTICAST,DHCP,IPv6,CoS,PHYSRUNNING] mtu 1500 index 2
        inet6 fe80::8:20ff:fe6e:8d03/10
        ether 2:8:20:6e:8d:3

root@excluzone:~# ping 10.152.230.159
10.152.230.159 is alive

Note:Putting a physical interface on a vlan and then creating vnic on that physical will not put the vnic on the vlan. If you want a vnic on a vlan, you need to set the vlan option when you create the vnic. Note that the physical does not have to be on the vlan, but the external cisco switch connected to the physical does need to be vlan aware.