Managing Network Virtualization and Network Resources in Oracle^® Solaris 11.3

Planning for the Private Virtual Network Setup

How to Configure a Private Virtual Network (Use Case)

The global zone performs routing and NAT, so you need to connect the global zone to both the private virtual network and the physical NIC. You connect the global zone to the physical NIC by configuring the primary interface in the global zone. You connect the global zone to the private virtual network by creating vnic0 over the etherstub ether0.

1. Become an administrator.
2. Create the etherstub ether0.

   # dladm create-etherstub ether0

3. Create the VNIC vnic0 over ether0 and configure 192.0.2.33/27 as the IP address for vnic0.

   # dladm create-vnic -l ether0 vnic0
   # ipadm create-ip vnic0
   # ipadm create-addr -a 192.0.2.33/27 vnic0

   The VNIC vnic0 acts as the default router for the zones.

4. Create the zone zone1 with the VNIC anet resource and set ether0 as the lower link. Configure zone1 with the IP addresses that are displayed in Figure 2, Table 2, IP Addresses Configured for the Zones in the Private Virtual Network Setup.

   global# zonecfg -z zone1
   Use 'create' to begin configuring a new zone.
   zonecfg:zone1> create -t SYSsolaris
   zonecfg:zone1> select anet linkname=net0
   zonecfg:zone1:anet> set lower-link=ether0
   zonecfg:zone1:anet> set allowed-address=192.0.2.34/27
   zonecfg:zone1:anet> set defrouter=192.0.2.33/27
   zonecfg:zone1:anet> end
   zonecfg:zone1> commit
   zonecfg:zone1> exit

5. Install and boot zone1.

   global# zoneadm -z zone1 install
   global# zoneadm -z zone1 boot

6. Log in to zone1 and complete the zone configuration.

   global# zlogin -C zone1

7. Reconfigure zone2 with an anet resource and set ether0 as the lower link. Configure zone2 with the IP addresses that are displayed in Figure 2, Table 2, IP Addresses Configured for the Zones in the Private Virtual Network Setup.

   global# zonecfg -z zone2
   zonecfg:zone2> select anet linkname=net0
   zonecfg:zone2:anet> set lower-link=ether0
   zonecfg:zone2:anet> set allowed-address=192.0.2.35/27
   zonecfg:zone2:anet> set defrouter=192.0.2.33/27
   zonecfg:zone2:anet> end
   zonecfg:zone2> commit
   zonecfg:zone2> exit

8. Reboot and log in to the zone zone2.

   global# zoneadm -z zone2 reboot
   global# zlogin zone2

9. Use Live Zone Reconfiguration to reconfigure zone3 and set ether0 as the lower link.

   global# zonecfg -z zone3
   zonecfg:zone3> select anet linkname=net0
   zonecfg:zone3:anet> set lower-link=ether0
   zonecfg:zone3:anet> end
   zonecfg:zone3> commit
   zonecfg:zone3> exit
   

10. Configure the IP address and default gateway manually for zone3 because Live Zone Reconfiguration does not support the setting of the allowed-address property. Configure zone3 with the IP addresses that are displayed in Figure 2, Table 2, IP Addresses Configured for the Zones in the Private Virtual Network Setup.

    global# zoneadm -z zone3 apply
    global# zlogin zone3
    zone3# ipadm create-ip net0
    zone3# ipadm create-addr -a 192.0.2.36/27 net0/v4
    zone3# route -p add default 192.0.2.33/27

How to Enable IP Forwarding and NAT (Use Case)

You can enable the private virtual network to send network traffic outside the system by enabling IP forwarding and network address translation (NAT) in the global zone.

1. Enable IP forwarding in the global zone.

   global# ipadm set-ifprop -p forwarding=on -m ipv4 net0
   global# ipadm set-ifprop -p forwarding=on -m ipv4 vnic0

2. From the global zone, configure NAT in the /etc/ipnat.conf file for the primary interface.

   global# cat /etc/ipf/ipnat.conf
   map net0 192.0.2.0/2 -> 0/32  portmap tcp/udp auto
   map net0 192.0.2.0/27 -> 0/32
   

3. Start the IP filter service to enable NAT.

   global# svcadm enable network/ipfilter

4. (Optional) Check whether you can send the network traffic outside the system by pinging the default router of the system from any of the zones.

   # ping 192.0.2.1/27