Go to main content

Creating and Using Oracle® Solaris Kernel Zones

Exit Print View

Updated: December 2018
 
 

Configuring Virtual LANs in Kernel Zones

Using Ethernet-based anets, you can create VNICs inside a kernel zone and configure them to be in their own virtual LAN (VLAN).

Use the vlan resource to add extra VLAN IDs (VIDs) to an existing anet resource to create new VLANs. See Configurable Resources and Properties for Zones in Oracle Solaris Zones Configuration Resources for more information about anet and vlan resources.

The vlan resource makes a kernel zone VLAN-aware. The host system forwards the packets meant for these VLANs without stripping the VLAN tag to the kernel zone. The kernel zone will then forward the packet to the right network client.

When transmitting data, packets from these VLANs are tagged by the kernel zone and passed on to the host. The host forwards the packets without stripping the tag, based on the destination MAC.

Note -  It is not required to specify a vlan-id (known as the port VID or PVID) for an anet before you can add extra VLANs for an anet. If there is no PVID set, all the untagged packets that match the zone's MAC addresses are passed on to the zone from the host.
Example 13  Configuring a Kernel Zone with Additional VLANs

Configure a zone kz0 with a mac-address of 0:1:2:3:4:5, PVID of 11, and two additional VIDs of 45 and 46.

global$ zonecfg -z kz0
zonecfg:kz0> create -t SYSsolaris-kz
zonecfg:kz0> select anet id=0
zonecfg:kz0:anet> set mac-address=0:1:2:3:4:5
zonecfg:kz0:anet> set vlan-id=11
zonecfg:kz0:anet> add vlan
zonecfg:kz0:anet:vlan> set vlan-id=45
zonecfg:kz0:anet:vlan> end
zonecfg:kz0:anet> add vlan
zonecfg:kz0:anet:vlan> set vlan-id=46
zonecfg:kz0:anet:vlan> end
zonecfg:kz0:anet> info vlan
    vlan 0:
        vlan-id: 45
    vlan 1:
        vlan-id: 46
zonecfg:kz0:anet> end
zonecfg:kz0> commit
zonecfg:kz0> exit

After the zone is installed and booted, the dladm show-vnic command shows the following:

global# dladm show-vnic
LINK            OVER           SPEED  MACADDRESS    MACADDRTYPE IDS
kz0/net0        net4           10000  0:1:2:3:4:5   fixed       VID:11,45,46

    The virtual-switch on the host system global is now configured to handle frames with following mac-address, vlan-id tuples:

  • 0:1:2:3:4:5, 11

  • 0:1:2:3:4:5, 45

  • 0:1:2:3:4:5, 46

Frames arriving with a 0:1:2:3:4:5, 11 tuple have the VID stripped by the system global and passed on to the kernel zone kz0, so kz0 never sees packets tagged with VID 11. Frames with 0:1:2:3:4:5, 45 and 0:1:2:3:4:5, 46 will be passed to kz0 with their tags VID 45 and 46.

Inside kz0, if there is a VLAN datalink vlan45 with VID of 45, the virtual switch in kz0 will strip VID 45 from the frame and pass the frame to vlan45. All the frames originating from vlan45 datalink inside kz0 will be tagged by the virtual-switch in kz0 and passed onto the anet in the host. The host anet will pass the frames directly to the NIC to be sent out.

Example 14  Display the List of VLAN IDs Supported in the Kernel Zone

Inside a kernel zone, use the dladm show-phys -v to determine the VLAN IDs that are supported on the physical datalinks.

global$ zlogin kz0
kz0# dladm show-phys -v
LINK    VID   INUSE  CLIENT
net0    40    yes    vnic0,vnic1
        20    no     --
        15    yes    vnic2
net1    32    no     --
        11    no     --
        10    no     --
Copyright © 2014, 2018, Oracle and/or its affiliates. All rights reserved. 
Previous
Next