Managing Network Virtualization and Network Resources in Oracle® Solaris 11.2

Exit Print View

Updated: September 2014

Use Case: Configuring an Elastic Virtual Switch

Objective – This use case shows how to set up an elastic virtual switch (EVS1) across two compute nodes.

In this use case, you connect the VNIC vnic0 on CN1 and the VNIC anet of the zone z1 to the elastic virtual switch EVS1 so that they are a part of the same L2 segment and they can communicate with each other on a VLAN. The following figure shows the elastic virtual switch (EVS1) across two compute nodes.

Figure 6-2  Elastic Virtual Switch Configuration

image:The figure shows the configuration of an elastic virtual switch                             between two compute nodes.

The figure shows a network with four nodes that contains the following components:

  • Two compute nodes (CN1 and CN2)

  • Zone z1 on CN2 with the VNIC anet resource (z1/net0)

  • VNIC vnic0 on CN1

  • A node that acts as an EVS controller (

  • A node that acts as an EVS manager on which you need to run the evsadm command (MANAGER)

  • A VLAN to implement the elastic virtual switch EVS1

  • uplink-port, which specifies the datalink that is used for the VLAN

Note -  All the four nodes can be on a single machine. The EVS controller and EVS manager can be on the same machine.

Planning for the Elastic Virtual Switch Setup

  1. Install the mandatory EVS packages.

    For information about the required packages, see Mandatory Packages for Using EVS.

    Note -  The evsuser is a specific user that is created when you install the pkg:/service/network/evs package. The user, evsuser, is assigned with the Elastic Virtual Switch Administration rights profile. This profile provides all the required authorizations and privileges to perform EVS operations.
  2. Set up SSH authentication with the preshared public key for evsuser between the following components in the EVS setup:

    • The EVS manager and the EVS controller

    • Each EVS node and the EVS controller

    • The EVS controller and each EVS node

    For more information, see Setting Up SSH Authentication.

    Note -  This use case assumes that the controller property is set to ssh:// on the EVS node, EVS manager, and EVS controller.
  3. Configure the EVS controller.

    1. Specify a compute node as an EVS controller in your network and then set the EVS controller on each compute node so that the compute nodes can communicate with the EVS controller. Note that you can set the controller properties from any compute node that can communicate with the EVS controller. For more information, see Configuring Elastic Virtual Switches.

    2. Specify the properties l2-type, vlan-range, and uplink-port. Otherwise, you cannot create the elastic virtual switch.

  4. Create an elastic virtual switch. You must associate an IPnet and add a VPort to the elastic virtual switch.

  5. Create a temporary VNIC on CN1 and connect the VNIC to the VPort of the elastic virtual switch.

  6. Create a VNIC anet resource on the zone z1 and connect it to the elastic virtual switch.

EVS Manager Operations

  1. Set the EVS controller.

    MANAGER# evsadm set-prop -p controller=ssh://
  2. Set the EVS controller properties.

    1. Set the type of L2 topology that must be used for the elastic virtual switch.

      MANAGER# evsadm set-controlprop -p l2-type=vlan
    2. Set the VLAN range.

      MANAGER# evsadm set-controlprop -p vlan-range=200-300
    3. Specify the datalinks (uplink-port) that are used for the VLAN.

      MANAGER# evsadm set-controlprop -p uplink-port=net2
      MANAGER# evsadm set-controlprop -h CN2 -p uplink-port=net3

    Note -  You can configure the EVS controller from any node in the data center as long as you can connect to the EVS controller and have the required authorizations. For more information, see Security Requirements for Using EVS.
  3. Verify the controller properties.

    MANAGER# evsadm show-controlprop -p l2-type,vlan-range,uplink-port
    NAME                VALUE               DEFAULT             HOST
    l2-type             vlan                vlan                --
    vlan-range          200-300             --                  --
    uplink-port         net2                --                  --
    uplink-port         net3                --                  CN2
  4. Create an elastic virtual switch named EVS1.

    MANAGER# evsadm create-evs EVS1
  5. Add the IPnet EVS1_ipnet to EVS1.

    MANAGER# evsadm add-ipnet -p subnet= EVS1/EVS1_ipnet
  6. Add the VPort vport0 to EVS1.

    MANAGER# evsadm add-vport EVS1/vport0

    You do not need to always add a virtual port to an elastic virtual switch. When a VNIC is created, you can specify only the name of the elastic virtual switch to which the VNIC must connect. In such cases, the EVS controller generates a system virtual port. These virtual ports follow the naming convention sys-vportname, for example, sys-vport0. The system virtual port inherits the elastic virtual switch properties.

  7. Verify the elastic virtual switch that is created.

    MANAGER# evsadm
    NAME           TENANT           STATUS    VNIC      IP                      HOST
    EVS1           sys-global       --        --        EVS1_ipnet              --
       vport0      --               free      --        --

    Note -  Because the tenant name is not specified, the default tenant name, sys-global is used by the elastic virtual switch EVS1. You can specify the tenant name by using the –T option when you create an elastic virtual switch. For more information, see How to Configure an Elastic Virtual Switch.
  8. Check the MAC address and the IP address associated with EVS1/vport0.

    MANAGER# evsadm show-vportprop -p macaddr,ipaddr EVS1/vport0
    NAME          TENANT        PROPERTY  PERM   VALUE              DEFAULT   POSSIBLE
    EVS1/vport0   sys-global    ipaddr    r-   --        --
    EVS1/vport0   sys-global    macaddr   r-     2:8:20:3c:78:bd    --        --

    The VNIC that connects to vport0 will inherit the IP address and MAC address. The IP address that is assigned for vport0 is the next available IP address from the IPnet EVS1_ipnet and the MAC address is randomly generated for vport0.

  9. Check the VLAN ID associated with the elastic virtual switch EVS1.

    MANAGER# evsadm show-evs -L
    EVS          TENANT          VID   VNI
    EVS1         sys-global      200   --

Compute Node CN1 Operations

  1. Specify the EVS controller.

    CN1# evsadm set-prop -p controller=ssh://
  2. Create a temporary VNIC vnic0 and connect it to EVS1/vport0.

    CN1# dladm create-vnic -t -c EVS1/vport0 vnic0
  3. Verify the VNIC that is created.

    CN1# dladm show-vnic -c
    LINK     TENANT         EVS     VPORT       OVER     MACADDRESS        VIDS
    vnic0    sys-global     EVS1    vport0      net2     2:8:20:3c:78:bd   200

    The MAC address of vnic0 maps to the MAC address of the VPort.

  4. Check the allowed IP addresses for vnic0.

    CN1# dladm show-linkprop -p allowed-ips vnic0
    vnic0    allowed-ips   --        -- 

    The allowed-ips property is set to the IP address associated with the VPort. With this setting, you cannot create any other IP address on vnic0 other than

  5. Create an IP interface for vnic0 and assign as the IP address.

    # ipadm create-ip -t vnic0
    # ipadm create-addr -t -a vnic0

Compute Node CN2 Operations

  1. Specify the EVS controller.

    CN2# evsadm set-prop -p controller=ssh://
  2. Configure the VNIC anet resource for the zone z1 and connect it to the elastic virtual switch.

    CN2# zonecfg -z z1
    Use 'create' to begin configuring a new zone
    zonecfg:z1> create
    create: Using system default template 'SYSdefault'
    zonecfg:z1> set zonepath=/export/zones/z1
    zonecfg:z1> select anet linkname=net0
    zonecfg:z1:anet> set evs=EVS1
    zonecfg:z1:anet> end
    zonecfg:z1> commit
    zonecfg:z1> exit
  3. Install and boot the zone z1.

    CN2# zoneadm -z z1 install
    CN2# zoneadm -z z1 boot
  4. Log in to the zone z1 and complete the zone configuration.

    CN2# zlogin -C z1

    For more information about zone configuration, see Creating and Using Oracle Solaris Zones .

  5. Verify the VNIC anet that is created.

    CN2# dladm show-vnic -c
    LINK       TENANT       EVS    VPORT        OVER   MACADDRESS        VIDS
    z1/net0    sys-global   EVS1   sys-vport0   net2   2:8:20:1a:c1:e4   200

    Because the VPort was not specified when you created the VNIC anet resource, the EVS controller creates a system VPort, sys-vport0, for the VNIC anet resource.

  6. Display the information that is related to the VPort.

    CN2# evsadm show-vport -o all
    EVS1/sys-vport0 sys-global used   z1/net0 CN2  2:8:20:1a:c1:e4

    The VNIC anet resource is plumbed and assigned the VPort's IP address.

  7. Verify the IP address of the VNIC anet resource, z1/net0.

    CN2# zlogin z1 ipadm
    NAME              CLASS/TYPE    STATE        UNDER      ADDR
    lo0               loopback      ok           --         --
       lo0/v4         static        ok           --
       lo0/v6         static        ok           --         ::1/128
    net0              ip            ok           --         --
       net0/v4        inherited     ok           --