Go to main content

Creating and Using Oracle® Solaris Kernel Zones

Exit Print View

Updated: December 2018

Using Dynamic MAC Addresses and VLAN IDs in Kernel Zones

For most deployment cases, the MAC address and VLAN IDs used in a kernel zone can be statically configured before the zone is booted. However, in some cases you may not know ahead of time what values the kernel zone needs to use for MAC addresses and VLAN IDs of its VNICs. In this case you can specify prefixes of allowed MAC addresses and ranges of allowed VLAN IDs to enable the kernel zone to tell the host which MAC address and VLAN ID it needs to use when it boots. You can also enable the kernel zone to create a VNIC with any valid MAC address or VLAN ID.

Note -  You should use the default static configuration when you know the number of MAC addresses and VLAN IDs and their values ahead of time. Static configuration is also required for SR-IOV VF based anets.

To enable dynamic configuration, set the anet properties allowed-mac-address and allowed-vlan-ids as shown in the following procedure.

For more information about these properties, see Resource Type Properties in Oracle Solaris Zones Configuration Resources.

How to Use Dynamic MAC Addresses and VLAN IDs for Kernel Zone anet Configuration

  1. Become a zone administrator.

    You must also be assigned the Network Management rights profile to run the dladm command. The root role has all of these rights.

    For more information, see Assigning Rights to Non-Root Users to Manage Zones in Creating and Using Oracle Solaris Zones.

  2. Enable allowed-mac-address on an anet.

    Using zonecfg, add an anet device and a mac resource and enable allowed-mac-address on it.

    $ zonecfg -z kernel-zone
    zonecfg:kernel-zone> add anet
    zonecfg:kernel-zone:anet> add mac
    zonecfg:kernel-zone:anet:mac> add allowed-mac-address octet-prefix
    zonecfg:kernel-zone:anet:mac> end
  3. Enable dynamic-vlan-id on the anet.

    Using zonecfg, add a vlan resource and enable allowed-vlan-ids on it.

    zonecfg:kernel-zone:anet> add vlan
    zonecfg:kernel-zone:anet:vlan> add allowed-vlan-ids id-range
    zonecfg:kernel-zone:anet:vlan> end
    zonecfg:kernel-zone:anet> end
    zonecfg:kernel-zone> exit
  4. Boot the kernel zone.
    $ zoneadm -z kernel-zone boot
  5. Login to the kernel zone.
    $ zlogin kernel-zone
  6. Verify in the kernel zone the dynamic addresses and IDs.

    To determine which MAC prefixes and VLAN IDs are allowed, use the dladm show-phys command with the –o option:

    $ dladm show-phys -o link,media,device,allowed-addresses,allowed-vids

    For example, to verify on a zone called kzone1:

    global$ zlogin kzone1
    kzone1# dladm show-phys -o link,media,device,allowed-addresses,allowed-vids
    net0   Ethernet    zvnet0   fa:16:3f,           100-199,
                                fa:80:20:21:22      400-498,500