Go to main content

Creating and Using Oracle® Solaris Kernel Zones

Exit Print View

Updated: August 2021

Using Dynamic MAC Addresses and VLAN IDs in Kernel Zones

    For most deployment cases, the MAC address and VLAN IDs used in a kernel zone can be statically configured before the zone is booted. However, in cases such as a cloud deployment, you might not know ahead of time what values the kernel zone needs to use for MAC addresses and the VLAN IDs of its VNICs. In such cases, you have two configuration options:

  • You can specify prefixes of allowed MAC addresses and ranges of allowed VLAN IDs.

  • You can enable the kernel zone to create a VNIC with any valid MAC address or VLAN ID.

Tip  -  Use the default static configuration when you know the number of MAC addresses and VLAN IDs and their values ahead of time. Static configuration is also required for SR-IOV VF based anet resources.

To enable dynamic configuration, set the anet resource type allowed-mac-address and allowed-vlan-ids as shown in the following procedure.

For more information about these properties, see anet Resource Type in Oracle Solaris Zones Configuration Resources.

How to Use Dynamic MAC Addresses and VLAN IDs for Kernel Zone anet Configuration

  1. Become a zone administrator.

    For more information, see Using Rights Profiles to Install and Manage Zones in Creating and Using Oracle Solaris Zones.

  2. Enable allowed-mac-address on an anet.

    Using zonecfg, add an anet device and a mac resource and enable allowed-mac-address on it.

    $ pfbash zonecfg -z kernel-zone
    zonecfg:kernel-zone> add anet
    zonecfg:kernel-zone:anet> add mac
    zonecfg:kernel-zone:anet:mac> add allowed-mac-address octet-prefix
    zonecfg:kernel-zone:anet:mac> end
  3. Enable allowed-vlan-ids on the anet.

    Using zonecfg, add a vlan resource and enable allowed-vlan-ids on it.

    zonecfg:kernel-zone:anet> add vlan
    zonecfg:kernel-zone:anet:vlan> add allowed-vlan-ids id-range
    zonecfg:kernel-zone:anet:vlan> end
    zonecfg:kernel-zone:anet> end ; exit
  4. Boot the kernel zone.
    $ zoneadm -z kernel-zone boot
  5. Log in to the kernel zone.
    $ zlogin kernel-zone
  6. Verify in the kernel zone the allowed addresses and IDs.

    To determine which MAC prefixes and VLAN IDs are allowed, use the dladm show-phys command with the –o option to specify output fields. For example, to verify for kzone1:

    global$ zlogin kzone1
    kzone1$ dladm show-phys -o link,media,id,allowed-addresses,allowed-vids
    net0            Ethernet      anet:0    fa:16:3f,         100-199,
                                            fa:80:20:21:22    400-498,500