The trusted virtual network feature extends privileges to trusted guest domains to assign custom alternate MAC addresses and alternate VLAN IDs to the vnet device dynamically. These MAC addresses and VLAN IDs are used to configure virtual devices. Prior to the introduction of this feature, you could make such assignments only from the Logical Domains Manager. Moreover, the alternate MAC addresses assignment also required that the domain hosting the virtual network device be in the bound state. This feature enables the dynamic creation of virtual devices such as VNICs and VLANs on top of virtual network devices.
To use the trusted virtual network feature on a vnet device, you must create or configure the device in trusted mode by using the Logical Domains Manager. By default, a vnet device is created with trusted mode disabled.
The trusted virtual network feature seamlessly supports the live migration, service domain reboot, and multiple service domain features.
You can configure a trusted virtual network by using the ldm add-vnet and ldm set-vnet commands to set the custom=enable property. Note that you should provide values for the custom/max-mac-addrs and custom/max-vlans properties to ensure that the number of custom MAC addresses and VLAN are limited for the specified virtual network device. Both property values are set to 4096 by default.
The trusted virtual network feature requires at least the Oracle Solaris 11.3 SRU 8 OS.
Both guest domain that has the custom virtual network device and the service domain that has the corresponding virtual switch device require that latest level of the supported system firmware.
To configure a trusted virtual network, you must specify the following information:
custom – Enable or disable the trusted virtual network feature. This feature enables a trusted entity to add custom alternate VLAN IDs and custom alternate MAC addresses dynamically.
custom/max-mac-addrs – Specify the maximum number of custom alternate MAC addresses to be configured on a particular trusted virtual network device.
custom/max-vlans – Specify the maximum number of custom alternate VLAN IDs to be configured on a particular trusted virtual network device.
The following restrictions are for the trusted virtual network feature:
You cannot use the Logical Domains Manager to configure alternate MAC addresses or VLAN IDs on a given trusted virtual network.
To modify custom or existing alternate MAC addresses, the domain must be in the bound state.
You can increase the custom/max-mac-addrs and custom/max-vlans property values dynamically. However, the domain must be in the bound state to reduce these property values.
Also, set custom=disable on the virtual network device before using the ldm set-vnet command to reduce the number of maximum VLAN IDs and MAC addresses for the custom virtual network device.
Caution - The effective use of this feature is to limit and control these properties. |
Ensure that any VNIC and VLAN devices that have been created are removed before you reduce the number of custom VLAN IDs or custom alternate MAC addresses. Otherwise, the guest domain will have VNICs that cannot be configured and must be removed manually.
The dladm show-vnic -m command shows the MAC addresses and VLAN IDs that are configured on the specified virtual network. The dladm show-vnic -m command shows the alternate MAC addresses and VLAN IDs in use on the guest domain. This is a departure from older releases where in all alternate MAC addresses and VLAN IDs were preconfigured on the virtual switch.
The trusted virtual network feature is mutually exclusive with the PVLAN feature.
The Logical Domains Manager attempts to validate the guest domain and service domain support for this feature before enabling the custom feature. If the guest domain is not running, you can enable this feature if the service domain supports it. However, if the guest domain does not support the feature you must set custom=disabled before you re-enable non-custom alternate MAC addresses and VLAN IDs.
You can perform a live migration of a domain with trusted virtual networks only if the target service domain supports the trusted virtual network feature.
This section includes tasks that show how to create trusted virtual networks and how to obtain information about trusted virtual networks.
You can configure a trusted virtual network by setting the custom property value by using the ldm add-vnet or ldm set-vnet command. See the ldm(1M) man page.
Example 48 Creating a Trusted Virtual NetworkYou can use the following commands to create a trusted virtual network ldg1_vnet0 on the primary-vsw0 virtual switch in the ldg1 domain. The custom/max-mac-addrs and custom/max-vlans property values use the default values of 4096.
primary# ldm add-vnet custom=enable ldg1_vnet0 primary-vsw0 ldg1 primary# ldm list -o network ldg1 ... NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- ldg1-vnet0 primary-vsw0@primary 00:14:4f:fa:d7:5e 1|--|-- DEVICE :network@1 ID :1 LINKPROP :phys-state MTU :1500 MAXBW :-- MODE :-- CUSTOM :enable MAX-CUSTOM-MACS:4096 MAX-CUSTOM-VLANS:4096 PRIORITY :-- COS :-- PROTECTION :--Example 49 Enabling the Trusted Virtual Network Feature on an Existing Virtual Network
The following example shows how to enable the trusted virtual network feature by setting custom=enable for the ldg1_vnet0 virtual network device in the ldg1 domain. The custom/max-mac-addrs and custom/max-vlans property values use the default values of 4096.
primary# ldm set-vnet custom=enabled ldg1_vnet0 ldg1 primary# ldm list -o network ldg1 ... NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- ldg1-vnet0 primary-vsw0@primary 00:14:4f:fa:d7:5e 1|--|-- DEVICE :network@1 ID :1 LINKPROP :phys-state MTU :1500 MAXBW :-- MODE :-- CUSTOM :enable MAX-CUSTOM-MACS:4096 MAX-CUSTOM-VLANS:4096 PRIORITY :-- COS :-- PROTECTION :--Example 50 Setting the custom/max-mac-addrs and custom/max-vlans Properties
The following example sets the custom/max-vlans property value to 12 and the custom/max-mac-addrs property value to 13.
Because these new property values are lower than the previous values, you cannot change these settings dynamically. You can make these changes only to a bound or inactive domain.
primary# ldm stop ldg1 primary# ldm set-vnet custom/max-vlans=12 custom/max-mac-addrs=13 ldg1_vnet0 ldg1 primary# ldm list -o network ldg1 ... NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- ldg1-vnet0 primary-vsw0@primary 00:14:4f:fa:d7:5e 1|--|-- DEVICE :network@1 ID :1 LINKPROP :phys-state MTU :1500 MAXBW :-- MODE :-- CUSTOM :enable MAX-CUSTOM-MACS:13 MAX-CUSTOM-VLANS:12 PRIORITY :-- COS :-- PROTECTION :--Example 51 Resetting the custom/max-mac-addrs and custom/max-vlans Properties
The following example shows how to reset the custom/max-mac-addrs property value to its default of 4096 by specifying a null value.
When custom=enabled, you can reset the custom/max-vlans property value, the custom/max-mac-addrs property value, or both.
primary# ldm set-vnet custom/max-mac-addrs= ldg1_vnet0 ldg1 primary# ldm list -o network ldg1 ... NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- ldg1-vnet0 primary-vsw0@primary 00:14:4f:fa:d7:5e 1|--|-- DEVICE :network@1 ID :1 LINKPROP :phys-state MTU :1500 MAXBW :-- MODE :-- CUSTOM :enable MAX-CUSTOM-MACS:4096 MAX-CUSTOM-VLANS:12 PRIORITY :-- COS :-- PROTECTION :--Example 52 Changing the custom/max-mac-addrs and custom/max-vlans Property Values
The following example shows how to increase the custom/max-vlans property value and decrease the custom/max-mac-addrs property value. You can increase the custom/max-vlans property value to 24 dynamically, because 24 is larger than the previous value of 12. However, because you are reducing the maximum value for custom/max-mac-addrs from 4096 to 11, you must first stop the domain.
primary# ldm set-vnet custom/max-vlans=24 ldg1_vnet0 ldg1 primary# ldm stop ldg1 primary# ldm set-vnet custom/max-mac-addrs=11 ldg1_vnet0 ldg1 primary# ldm list -o network ldg1 ... NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- ldg1-vnet0 primary-vsw0@primary 00:14:4f:fa:d7:5e 1|--|-- DEVICE :network@1 ID :1 LINKPROP :phys-state MTU :1500 MAXBW :-- MODE :-- CUSTOM :enable MAX-CUSTOM-MACS:11 MAX-CUSTOM-VLANS:24 PRIORITY :-- COS :-- PROTECTION :--Example 53 Disabling the Trusted Virtual Network Feature
The following example shows how to disable the custom property for the ldg1_vnet0 virtual network device in the ldg1 domain.
primary# ldm set-vnet custom=disabled ldg1_vnet0 ldg1 ... NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- ldg1-vnet0 primary-vsw0@primary 00:14:4f:fa:d7:5e 1|--|-- DEVICE :network@1 ID :1 LINKPROP :phys-state MTU :1500 MAXBW :-- MODE :-- CUSTOM :disable PRIORITY :-- COS :-- PROTECTION :--
You can obtain information about trusted virtual network settings by using several of the Logical Domains Manager list subcommands. See the ldm(1M) man page.
The following examples use the ldm list-domain -o network, ldm list-bindings, and ldm list-constraints commands to show information about a trusted virtual network configuration.
The following example shows how to use the ldm list-domain command to view trusted virtual network configuration information for the ldg1 domain:
primary# ldm list-domain -o network ldg1 ... NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- ldg1-vnet0 primary-vsw0@primary 00:14:4f:fa:d7:5e 1|--|-- DEVICE :network@1 ID :1 LINKPROP :phys-state MTU :1500 MAXBW :-- MODE :-- CUSTOM :enable MAX-CUSTOM-MACS:11 MAX-CUSTOM-VLANS:24 PRIORITY :-- COS :-- PROTECTION :--
The following examples shows how to use the ldm list-domain command to view trusted virtual network configuration information in a parseable form for the ldg1 domain:
primary# ldm list-domain -o network -p ldg1 VERSION 1.19 DOMAIN|name=ldg1| MAC|mac-addr=00:14:4f:f9:4b:d0 VNET|name=ldg1-vnet0|dev=network@1|service=primary-vsw0@primary|mac-addr=00:14:4f:fa:d7:5e|mode=|pvid=1|vid=|mtu=1500|linkprop=phys-state|id=1|alt-mac-addrs=|maxbw=|pvlan=|protection=|priority=|cos=|custom=enable|max-mac-addrs=11|max-vlans=24
The following examples shows how to use the ldm list-bindings command to view trusted virtual network configuration information for the ldg1 domain:
primary# ldm list-bindings -e -o network ldg1 ... NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- ldg1-vnet0 primary-vsw0@primary 00:14:4f:fa:d7:5e 1|--|-- DEVICE :network@1 ID :1 LINKPROP :phys-state MTU :1500 MAXBW :-- MODE :-- CUSTOM :enable MAX-CUSTOM-MACS:11 MAX-CUSTOM-VLANS:24 PRIORITY :-- COS :-- PROTECTION :-- PEER MACADDRESS PVID|PVLAN|VIDs ---- ---------- --------------- primary-vsw0@primary 00:14:4f:f9:08:28 1|--|-- LINKPROP :-- MTU :1500 MAXBW :-- LDC :0x5 MODE :--
The following examples shows how to use the ldm list-bindings command to view trusted virtual network configuration information in a parseable form for the ldg1 domain:
primary# ldm list-bindings -p ldg1 ... VNET|name=ldg1-vnet0|dev=network@1|service=primary-vsw0@primary|mac-addr=00:14:4f:fa:d7:5e|mode=|pvid=1|vid=|mtu=1500|linkprop=phys-state|id=1|alt-mac-addrs=|maxbw=|pvlan=|protection=|priority=|cos=|custom=enable|max-mac-addrs=11|max-vlans=24 |peer=primary-vsw0@primary|mac-addr=00:14:4f:f9:08:28|mode=|pvid=1|vid=|mtu=1500|maxbw=
The following example shows how to generate XML by running the ldm list-constraints -x command:
primary# ldm list-constraints -x ldg1 ... <Section xsi:type="ovf:VirtualHardwareSection_Type"> <Item> <rasd:OtherResourceType>network</rasd:OtherResourceType> <rasd:Address>auto-allocated</rasd:Address> <gprop:GenericProperty key="vnet_name">ldg1-vnet0</gprop:GenericProperty> <gprop:GenericProperty key="service_name">primary-vsw0</gprop:GenericProperty> <gprop:GenericProperty key="pvid">1</gprop:GenericProperty> <gprop:GenericProperty key="linkprop">phys-state</gprop:GenericProperty> <gprop:GenericProperty key="custom">enable</gprop:GenericProperty> <gprop:GenericProperty key="max-mac-addrs">11</gprop:GenericProperty> <gprop:GenericProperty key="max-vlans">24</gprop:GenericProperty> <gprop:GenericProperty key="device">network@1</gprop:GenericProperty> <gprop:GenericProperty key="id">1</gprop:GenericProperty> </Item> </Section>