1. Creating and Using Oracle Solaris Kernel Zones
  2. Configuring Oracle Solaris Kernel Zones
  3. About Managing Kernel Zone Resources
  4. Configuring Virtual LANs in Kernel Zones

Configuring Virtual LANs in Kernel Zones

By using Ethernet-based anet resources, you can create VNICs inside a kernel zone and configure them to be in their own virtual LAN (VLAN).

  • Use a vlan resource to add extra VLAN IDs (VIDs) to an existing anet resource to create new VLANs. See Configurable Resource Types and Global Properties in Oracle Solaris Zones Configuration Resources for more information about the anet and vlan resource types.

  • The vlan resource type makes a kernel zone VLAN-aware. The host system forwards to the kernel zone the packets that are meant for these VLANs without stripping the VLAN tag. The kernel zone will then forward the packet to the correct network client.

When transmitting data, packets from these VLANs are tagged by the kernel zone and passed on to the host. The host forwards the packets without stripping the tag, based on the destination MAC.

Note:

You are not required to specify a vlan-id (known as the port VID or PVID) for an anet before you can add extra VLANs for an anet. If there is no PVID set, all untagged packets that match the zone's MAC addresses are passed on to the zone from the host.

Example 2-15 Configuring a Kernel Zone with Additional VLANs

Configure a zone kzone0 with a mac-address of 0:1:2:3:4:5, PVID of 11, and two additional VIDs of 45 and 46. 

global$ pfbash zonecfg -z kzone0
zonecfg:kzone0> create -t SYSsolaris-kz
zonecfg:kzone0> select anet id=0
zonecfg:kzone0> set mac-address=0:1:2:3:4:5
zonecfg:kzone0:anet> set vlan-id=11
zonecfg:kzone0:anet> add vlan
zonecfg:kzone0:anet:vlan> set vlan-id=45
zonecfg:kzone0:anet:vlan> end
zonecfg:kzone0:anet> add vlan
zonecfg:kzone0:anet:vlan> set vlan-id=46
zonecfg:kzone0:anet:vlan> end
zonecfg:kzone0:anet> info vlan
    vlan 0:
        vlan-id: 45
    vlan 1:
        vlan-id: 46
zonecfg:kzone0:anet> end
zonecfg:kzone0> commit ; exit

After the zone is installed and booted, the dladm show-vnic command shows the following output: 

global$ dladm show-vnic
LINK               OVER     SPEED  MACADDRESS    MACADDRTYPE   IDS
kzone0/net0        net4     10000  0:1:2:3:4:5   fixed         VID:11,45,46

The virtual switch on the host system global is now configured to handle frames with following mac-address, vlan-id tuples:

  • 0:1:2:3:4:5, 11

  • 0:1:2:3:4:5, 45

  • 0:1:2:3:4:5, 46

Frames arriving with a 0:1:2:3:4:5, 11 tuple have the VID stripped by the system global and passed on to the kernel zone kzone0, so kzone0 never sees the VID 11 tag. Frames with 0:1:2:3:4:5, 45 and 0:1:2:3:4:5, 46 will be passed to kzone0 with their tags VID 45 and 46.

Inside kzone0, if there is a VLAN datalink vlan45 with VID of 45, the virtual switch in kzone0 will strip VID 45 from the frame and pass the frame to vlan45. All the frames originating from vlan45 datalink inside kzone0 will be tagged by the virtual switch in kzone0 and passed onto the anet in the host. The host anet will pass the frames directly to the NIC to be sent out.

Example 2-16 Display the List of VLAN IDs Supported in the Kernel Zone

Inside a kernel zone, use the dladm show-phys -v command to determine the VLAN IDs that are supported on the physical datalinks. 

global$ zlogin kzone0
kzone0$ dladm show-phys -v
LINK    VID   INUSE  CLIENT
net0    40    yes    vnic0,vnic1
        20    no     --
        15    yes    vnic2
net1    32    no     --
        11    no     --
        10    no     --