Using Ethernet-based anets, you can create VNICs inside a kernel zone and configure them to be in their own virtual LAN (VLAN).
Use the vlan resource to add extra VLAN IDs (VIDs) to an existing anet resource to create new VLANs. See Configurable Resources and Properties for Zones in Oracle Solaris Zones Configuration Resources for more information about anet and vlan resources.
The vlan resource makes a kernel zone VLAN-aware. The host system forwards the packets meant for these VLANs without stripping the VLAN tag to the kernel zone. The kernel zone will then forward the packet to the right network client.
When transmitting data, packets from these VLANs are tagged by the kernel zone and passed on to the host. The host forwards the packets without stripping the tag, based on the destination MAC.
Configure a zone kz0 with a mac-address of 0:1:2:3:4:5, PVID of 11, and two additional VIDs of 45 and 46.
global$ zonecfg -z kz0 zonecfg:kz0> create -t SYSsolaris-kz zonecfg:kz0> select anet id=0 zonecfg:kz0:anet> set mac-address=0:1:2:3:4:5 zonecfg:kz0:anet> set vlan-id=11 zonecfg:kz0:anet> add vlan zonecfg:kz0:anet:vlan> set vlan-id=45 zonecfg:kz0:anet:vlan> end zonecfg:kz0:anet> add vlan zonecfg:kz0:anet:vlan> set vlan-id=46 zonecfg:kz0:anet:vlan> end zonecfg:kz0:anet> info vlan vlan 0: vlan-id: 45 vlan 1: vlan-id: 46 zonecfg:kz0:anet> end zonecfg:kz0> commit zonecfg:kz0> exit
After the zone is installed and booted, the dladm show-vnic command shows the following:
global# dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE IDS kz0/net0 net4 10000 0:1:2:3:4:5 fixed VID:11,45,46
The virtual-switch on the host system global is now configured to handle frames with following mac-address, vlan-id tuples:
Frames arriving with a 0:1:2:3:4:5, 11 tuple have the VID stripped by the system global and passed on to the kernel zone kz0, so kz0 never sees packets tagged with VID 11. Frames with 0:1:2:3:4:5, 45 and 0:1:2:3:4:5, 46 will be passed to kz0 with their tags VID 45 and 46.
Inside kz0, if there is a VLAN datalink vlan45 with VID of 45, the virtual switch in kz0 will strip VID 45 from the frame and pass the frame to vlan45. All the frames originating from vlan45 datalink inside kz0 will be tagged by the virtual-switch in kz0 and passed onto the anet in the host. The host anet will pass the frames directly to the NIC to be sent out.Example 14 Display the List of VLAN IDs Supported in the Kernel Zone
Inside a kernel zone, use the dladm show-phys -v to determine the VLAN IDs that are supported on the physical datalinks.
global$ zlogin kz0 kz0# dladm show-phys -v LINK VID INUSE CLIENT net0 40 yes vnic0,vnic1 20 no -- 15 yes vnic2 net1 32 no -- 11 no -- 10 no --