The Oracle Solaris 11 OS enables you to define virtual networks that consist of virtual network interface cards (VNICs), virtual switches, and etherstubs. Oracle Solaris Zones virtualize operating system services and provide isolated and secure environments for running applications within the same Oracle Solaris OS instance of a logical domain.
Oracle Solaris 11 improves on the Oracle Solaris 10 “shared IP” zone model in which zones inherit network properties from the global zone and cannot set their own network address or other properties. Now, by using zones with virtual network devices, you can configure multiple isolated virtual NICs, associate zones with each virtual network, and establish rules for isolation, connectivity, and quality of service (QoS).
For more information, see the networking books in the Oracle Solaris 11.4 information library (http://docs.oracle.com/cd/E37838_01/).
A virtual network device in a logical domain can support multiple Oracle Solaris 11 virtual NICs. The virtual network device must be configured to support multiple MAC addresses, one for each virtual NIC it will support. Oracle Solaris zones in the logical domain connect to the virtual NICs.
Within the domain1 domain are Oracle Solaris 11 zones: zone1 and zone2. Each zone is connected to the network by a virtual NIC based on the vnet0 virtual network device.
Figure 19 Virtual NICs on Virtual Network Devices
The following sections describe the configuring of virtual NICs on virtual network devices and the creating of zones in the domain with the virtual NICs:
For information about using virtual NICs on Ethernet SR-IOV virtual functions, see the following sections:
To configure virtual NICs on virtual network devices, the control domain must run at least Oracle Solaris 11.1 SRU 4 OS and the guest domain must run at least the Oracle Solaris 11.1 OS.
To configure a virtual network device to host multiple MAC addresses, use the ldm add-vnet or ldm set-vnet command to specify one or more comma-separated values for the alt-mac-addrs property. Valid values are an octet MAC address and auto. The auto value indicates that the system generates the MAC address.
For example, you can specify three system-generated alternate MAC addresses for a virtual network device in either of the following ways:
By using the ldm add-vnet command. The following ldm add-vnet command creates the vnet0 virtual network device on the domain1 domain and makes three system-generated MAC addresses available to the device.
primary# ldm add-vnet auto-alt-mac-addrs=3 vnet0 primary-vsw0 domain1 primary# ldm add-vnet alt-mac-addrs=auto,auto,auto vnet0 primary-vsw0 domain1
By using a combination of the ldm add-vnet and ldm set-vnet commands. The following ldm add-vnet and ldm set-vnet commands show how to create a virtual network device and subsequently assign more MAC addresses to the existing virtual network device.
The first command uses the ldm add-vnet command to create the vnet1 virtual network device on the domain1 domain. The second command uses the ldm set-vnet command to make three system-generated MAC addresses available to the vnet1 virtual network device.
primary# ldm add-vnet vnet0 primary-vsw0 domain1 primary# ldm set-vnet alt-mac-addrs=auto,auto,auto vnet0 domain1 primary# ldm set-vnet auto-alt-mac-addrs=3 vnet0 domain1
You can use the ldm set-vnet command to perform an update on the alternate MAC address of a virtual network device dynamically. You can make this change when the update increases the total number of alternate MAC addresses of the virtual network device.
Both of the following commands are examples of dynamically adding an alternate MAC address to the vnet1 virtual network device on the ldg1 domain:
primary# ldm set-vnet alt-mac-addrs=+auto vnet1 ldg1 primary# ldm set-vnet auto-alt-mac-addrs=+1 vnet1 ldg1
The following ldm list output shows the MAC addresses that are associated with the vnet0 virtual network device on the ldg1 domain. 00:14:4f:f9:8a:c2 is the primary MAC address for vnet0 and 00:14:4f:f8:1c:a5 and 00:14:4f:f8:2c:22 are its two alternate MAC addresses.
primary# ldm list -o network ldg1 NETWORK NAME SERVICE MACADDRESS PVID|PVLAN|VIDs ---- ------- ---------- --------------- vnet0 primary-vsw0@primary 00:14:4f:f9:8a:c2 1|--|-- 00:14:4f:f8:1c:a5 00:14:4f:f8:2c:22
If you log in to the ldg1 domain, you can use the dladm show-phys -m command to view the MAC addresses that are associated with the net0 network device.
ldg1# dladm show-phys -m LINK SLOT ADDRESS INUSE CLIENT net0 primary 0:14:4f:f9:8a:c2 yes net0 1 0:14:4f:f8:1c:a5 no -- 2 0:14:4f:f8:2c:22 no --
The dladm show-vnic command shows the alternate MAC address (00:14:4f:f8:2c:22) that is used to configure the virtual NIC:
ldg1# dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE IDS vnic1 net0 0 0:14:4f:f8:2c:22 fixed VID:0
While you can use the ldm set-vnet command to increase the number of alternate MAC addresses dynamically, you cannot update or remove existing alternate MAC addresses dynamically. If you modify or remove an alternate MAC address that is in use, the VNICs are left in an unusable state.
The following examples show the error you receive when attempting to dynamically remove or modify an existing alternate MAC addresses.
The following example shows that attempting to dynamically remove the 00:15:4f:f9:41:c4 alternate MAC address from vnet2 on the ldg1 domain fails with an error:
primary# ldm set-vnet alt-mac-addrs=-00:15:4f:f9:41:c4 vnet2 ldg1 Please perform the operation while the LDom is bound or inactive
The following example shows that attempting to modify an existing alternate MAC address with the auto value for vnet1 dynamically fails with an error:
primary# ldm set-vnet alt-mac-addrs=auto vnet1 ldg1 Please perform the operation while the LDom is bound or inactive
After creating the virtual NICs in Configuring Virtual NICs on Virtual Network Devices, create a zone that is associated with an available MAC address. For information about Oracle Solaris Zones, see Creating and Using Oracle Solaris Zones.
Use the zonecfg command to specify a MAC address to use for a zone:
zonecfg:zone-name> set mac-address=[MAC-address,auto]
You can either specify a value of auto to choose one of the available MAC addresses automatically or provide a specific alternate MAC address that you created with the ldm set-vnet command.