How to Create an Exclusive IP Zone Over a VNIC

The following task explains how to create two exclusive IP zones for a virtual network. If you want to use zones as the containers for the virtual network, always use exclusive IP zones. You cannot create non–global shared IP zones over VNICs in a virtual network scenario.

As an alternative, you can useSun xVM domains as the containers in the virtual network. For information about configuring Sun xVM Server and its domains, refer to theSun xVM Server Information Wiki.

Before You Begin

This procedure assumes that you have already configured at least two VNICs over a data link, as shown in Example 11–1. The VNICs are named vnic0, vnic1, and vnic2.

1. On the system where you create the virtual network, become superuser or assume the equivalent root role.

   To create and assign the root role, see How to Make root User Into a Role in System Administration Guide: Security Services.

2. View the state of the VNICs on the system.

   # dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE vnic1 e1000g0 1000 Mbps 2:8:20:5f:84:ff random vnic2 e1000g0 1000 Mbps 2:8:20:54:f4:74 random

   The output indicates that vnic1 and vnic2 are currently configured over interface e1000g0.

3. Begin the creation process for the exclusive IP zone by running the zonecfg interactive utility.

   ---

   Tip –

   Alternatively, you can run zonecfg as a command with appropriate subcommands and options to create the zone. For more information, refer to How to Configure the Zone in System Administration Guide: Virtualization Using the Solaris Operating System and the zonecfg(1M) man page.

   ---

   # zonecfg -z zoneID

   where ID represents the number to identify the zone. For example, the following command creates “zone1.”

   # zonecfg -z zone1

   The zonecfg program runs and prompts for information about the new zone.

   zonecfg:zone1>

4. Start zone creation through the zonecfg interactive utility.

   zonecfg:zone1> create

   The remaining steps show how to create the exclusive IP zone and set other parameters. For a detailed description of parameters available for the zone, see How to Configure the Zone in System Administration Guide: Virtualization Using the Solaris Operating System.

5. Create the zone path by setting a home directory for the zone, and then enable automatic booting.

   zonecfg:zone1> set zonepath=zone-home-directory zonecfg:zone1> set autoboot=true

   For example, zone-home-directory might be /export/home/zone1.

   The global zone will include home directories for all zones that you create through zonecfg. Thus, the /export/home directory in the global zone must contain an entry for zone1.

6. Create the zone as exclusive IP.

   zonecfg:zone1> set ip-type=exclusive

7. Create the network interface for the zone.

   zonecfg:zone1> add net

   This response starts the network configuration subprogram of zonecfg.

8. Set the previously configured VNIC as the interface for the zone.

   zonecfg:zone1:net> set physical=vnic-data-link

   For example, you create vnic1 for zone1 as follows:

   zonecfg:zone1:net> set physical=vnic1

   ---

   Note –

   Although zonecfg has many options for describing a network interface, only use the set-physical parameter of add net for an IP exclusive zone.

   ---

9. Complete zone configuration and verify the results.

   zonecfg:zone1:net> end zonecfg:zone1> verify

   The verify command checks for any configuration errors. If you have received errors, fix the configuration. If verify does not respond, assume the configuration is correct and continue.

10. View information about the zone you just created.

    Use the info directive, as shown below:

    zonecfg:zone1> info zonename: zone1 zonepath: /export/home/zone1 brand: native autoboot: true . . net: address not specified physical: vnic1

    The message “address not specified” verifies that you have not specified an IP address for the zone. You create IP addresses for the zone's VNIC outside the zonecfg utility, as described in the upcoming procedure How to Configure an Exclusive IP Zone Over a VNIC Through the Zone Console.

    If info displays other incorrect information, you can modify the parameters, as explained in Using the zonecfg Command to Modify a Zone Configuration in System Administration Guide: Virtualization Using the Solaris Operating System. If the information is correct, continue to the next step.

11. Commit the zone and close zonecfg.

    zonecfg:zone1> commit zonecfg:zone1> exit

    Be sure to commit the zone before exiting zonecfg.

12. Create more zones, as needed, by following Steps 3 through 11.

Example 11–2 Creating an Exclusive IP Zone Over a VNIC

The following example contains the commands for creating a zone using the zonecfg utility. When the example is complete, the result is a zone called zone1 that is configured on vnic1. This example assumes that the VNIC is already created, as shown in Example 11–1. You can use this example for configuring as many exclusive IP zones over VNICs as you need for your virtual network. For an illustration of a basic virtual network, refer to Figure 10–1.

You must log in to the global zone of the system as superuser or equivalent role to run the next commands.

# dladm show-vnic

LINK        OVER             SPEED  MACADDRESS         MACADDRTYPE
vnic1       e1000g0      1000 Mbps  2:8:20:5f:84:ff    random
vnic2       e1000g0      1000 Mbps  2:8:20:54:f4:74    random

# zonecfg -z zone1

zonecfg:zone1> create
zonecfg:zone1> set zonepath=/export/home/zone1
zonecfg:zone1> set autoboot=true
zonecfg:zone1> set ip-type=exclusive
zonecfg:zone1> add net
zonecfg:zone1:net> set physical=vnic1
zonecfg:zone1:net> end
zonecfg:zone1> verify

zonecfg:zone1> info
zonename: zone1
zonepath: /export/home/zone1
brand: native
autoboot: true
.
.
net:
        address not specified
        physical: vnic1

zonecfg:zone1> commit
zonecfg:zone1> exit

Next Steps

• To continue with zone creation, go to How to Install the Exclusive IP Zone on a VNIC.

• For detailed information about the zonecfg command, refer to zonecfg(1M).