Verifying Virtual Network Connectivity

You can use standard network tools to verify your virtual network's connectivity. This section contains simple tasks to help you verify that the VNICs of your virtual network are correctly configured and have the expected network connectivity. Following is a list of the tools used in the tasks, along with links to their man pages.

• dladm(1M)

• ifconfig(1M)

• netstat(1M)

• ping(1M)

How to Verify the VNIC Configuration for the Global Zone

Before You Begin

The following task assumes that you have created a VNIC for the global zone of your system.

1. On the system with the virtual network, become superuser or assume the equivalent root role.

   To create and assign the root role, see How to Make root User Into a Role in System Administration Guide: Security Services.

2. Verify the state of the data links on the system.

   # dladm show-link

   Your output should resemble either of the following:

   • For a system that has a publicly accessible virtual network, such as the network that is configured in How to Create a Virtual Network Interface:

     # dladm show-link LINK CLASS MTU STATE OVER bge0 phys 1500 up bge0 vnic0 vnic 9000 up bge10

     In this output, both the physical network interface bge0 and the VNIC pseudo-interface vnic0 are configured as data links.

   • For a system with a private virtual network that cannot be accessed by external users, such as the network that is configured in How to Create Etherstubs and VNICs for the Private Virtual Network:

     # dladm show-link LINK CLASS MTU STATE OVER e1000g2 phys 1500 unknown -- e1000g0 phys 1500 up -- vnic0 vnic 9000 up etherstub0 vnic1 vnic 9000 up etherstub0

     The network interface e1000g0 is configured as a data link. The presence of etherstub0 indicates this is a private network. Two VNICs, vnic0 and vnic1, are successfully configured over the etherstub.

3. Verify that the VNIC is plumbed and running on the IP level of the TCP/IP protocol stack:

   # ifconfig -a

   You should receive output similar to the following:

   lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.8.50 netmask ffffff00 broadcast 192.168.8.255 ether 8:0:20:c8:f4:1d vnic0: flags=201000842<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2 inet 192.168.8.10 netmask ffffff00 broadcast 192.168.8.255 ether 2:8:20:54:f4:74

   Both the network interface bge0 and the VNIC vnic0 are plumbed and up.

How to Verify Configuration of a Virtual Network of Exclusive IP Zones

Before You Begin

The procedure assumes that you have created at least two VNICs and corresponding exclusive IP zones to form a virtual network. You also have configured and plumbed these VNICs while logged into their respective zones. The next task verifies the configuration of the virtual network created in Basic Virtual Network on a Single System.

1. On the system where you create the virtual network, become superuser or assume the equivalent root role in the global zone.

   To create and assign the root role, see How to Make root User Into a Role in System Administration Guide: Security Services.

2. Ensure that the VNICs are configured as data links in the global zone.

   # dladm show-vnic

   You should receive output similar to the following:

   LINK OVER SPEED MACADDRESS MACADDRTYPE vnic1 e1000g0 1000 Mbps 2:8:20:5f:84:ff random vnic2 e1000g0 1000 Mbps 2:8:20:54:f4:74 random

   In this example, both VNICs of the virtual network are configured as data links over network interface e1000g0.

3. Verify that any interfaces known to the global zone are plumbed and up.

   # ifconfig -a lo0: flags=2001000849<UP,UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2 inet 192.168.3.70 netmask ffffff00 broadcast 192.168.83.255 ether 0:14:4f:94:d0:40

   Only the network interface e1000g0 is plumbed for the global zone. This interface has the IP address 192.168.3.70 and connects the system to the external 192.168.3.0/24 network. For the virtual network configuration, ifconfig -a in the global zone should not report any VNICs.

4. Check the state of the configured zones.

   # zoneadm list -v ID NAME STATUS PATH BRAND IP 0 global running / native shared 5 zone2 running /export/home/zone2 native excl 7 zone1 running /export/home/zone1 native excl

   The STATUS column indicates that the zones are up and running. If the status of the zones indicates a condition other than “running,” you need to reboot the zone. For instructions, refer to Chapter 20, Installing, Booting, Halting, Uninstalling, and Cloning Non-Global Zones (Tasks), in System Administration Guide: Virtualization Using the Solaris Operating System.

5. Check the global zone's known routes.

   # netstat -rn

   You should receive output similar to the following:

   Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 192.168.3.1 UG 1 8 e1000g0 192.168.3.0 192.168.3.70 U 1 143 e1000g0 127.0.0.1 127.0.0.1 UH 1 13 lo0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --------------------------- --------------------------- ----- --- ------- ----- ::1 ::1 UH 1 22 lo0

   The global zone's default route to external networks is through the gateway 192.168.3.1. This is the IP address of the default router for network 192.168.3.0/24. The global zone also reports that the route to the gateway is through 192.168.3.70, the IP address of the system's e1000g0 interface.

6. Log in to one of the zones of the virtual network, for example, zone1, and ensure that the zone's VNIC is plumbed and up.

   # zlogin zone1 # ifconfig -a vnic1 vnic1: flags=201000842<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2 inet 192.168.3.20 netmask ffffff00 broadcast 192.168.3.255 ether 2:8:20:54:f4:74

7. Check the known routes between the local zone and the external network.

   # netstat -rn

   You should receive output similar to the following:

   Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 192.168.3.1 UG 1 0 vnic1 192.168.3.0 192.168.3.20 U 1 2 vnic1 127.0.0.1 127.0.0.1 UH 1 23 lo0

   The output verifies that the default route for zone1 is to the default router, 192.168.3.1. zone1 also knows to route packets through vnic1, 192.168.3.20. This traffic is then passed to the global zone, where the packets travel through the network interface e1000g0.

8. Verify the VNICs' connectivity.

   Perform these steps while logged into a local zone. The following steps assume that you are logged into zone1.

   1. Check the connectivity between the local zone's VNIC and the system's network interface.

      # ping network-interface-address

      For example, check that vnic1 can pass traffic to network interface e1000g0, IP address 192.168.3.70.

      # ping 192.168.3.70 192.168.3.70 is alive

   2. Check that the VNIC can pass traffic through the default router, IP address 192.168.3.1.

      # ping 192.168.3.1 192.168.3.1 is alive

   3. Check that the VNIC can pass traffic to another VNIC in the virtual network.

      # ping vnic-IP-address

      For example, to check that vnic1 can pass traffic to vnic2 (IP address192.168.3.22), run the following command.

      # ping 192.168.3.22 192.168.3.22 is alive

Next Steps

• If Steps 5–7 complete successfully in one exclusive IP zone, then repeat them for each exclusive IP zone in the virtual network.

• To observe packet flows and take statistics, go on to the procedure Observing Traffic on Virtual Networks.