Trusted Virtual Network Requirements and Restrictions
You can configure a trusted virtual network by using the ldm add-vnet
and ldm set-vnet
commands to set the custom=enable
property. Note that you should provide values for the custom/max-mac-addrs
and custom/max-vlans
properties to ensure that the number of custom MAC addresses and VLAN are limited for the specified virtual network device. Both property values are set to 4096 by default.
The trusted virtual network feature requires at least the Oracle Solaris 11.3 SRU 8 OS.
Both guest domain that has the custom virtual network device and the service domain that has the corresponding virtual switch device require that latest level of the supported system firmware.
To configure a trusted virtual network, you must specify the following information:
-
custom
– Enable or disable the trusted virtual network feature. This feature enables a trusted entity to add custom alternate VLAN IDs and custom alternate MAC addresses dynamically. -
custom/max-mac-addrs
– Specify the maximum number of custom alternate MAC addresses to be configured on a particular trusted virtual network device. -
custom/max-vlans
– Specify the maximum number of custom alternate VLAN IDs to be configured on a particular trusted virtual network device.
The following restrictions are for the trusted virtual network feature:
-
You cannot use the Logical Domains Manager to configure alternate MAC addresses or VLAN IDs on a given trusted virtual network.
-
To modify custom or existing alternate MAC addresses, the domain must be in the bound state.
-
You can increase the
custom/max-mac-addrs
andcustom/max-vlans
property values dynamically. However, the domain must be in the bound state to reduce these property values.Note:
Reducing these property values might cause undesirable side effects. So, ensure that you delete any of the VNICs or VLANs created on the host that you do not need because you have no control over which MAC addresses or VLAN IDs the OS will retain. Also, setcustom=disable
on the virtual network device before using theldm set-vnet
command to reduce the number of maximum VLAN IDs and MAC addresses for the custom virtual network device.Caution:
The effective use of this feature is to limit and control these properties. -
Ensure that any VNIC and VLAN devices that have been created are removed before you reduce the number of custom VLAN IDs or custom alternate MAC addresses. Otherwise, the guest domain will have VNICs that cannot be configured and must be removed manually.
-
The
dladm show-vnic -m
command shows the MAC addresses and VLAN IDs that are configured on the specified virtual network. Thedladm show-vnic -m
command shows the alternate MAC addresses and VLAN IDs in use on the guest domain. This is a departure from older releases where in all alternate MAC addresses and VLAN IDs were preconfigured on the virtual switch. -
The trusted virtual network feature is mutually exclusive with the PVLAN feature.
-
The Logical Domains Manager attempts to validate the guest domain and service domain support for this feature before enabling the custom feature. If the guest domain is not running, you can enable this feature if the service domain supports it. However, if the guest domain does not support the feature you must set
custom=disabled
before you re-enable non-custom alternate MAC addresses and VLAN IDs. -
You can perform a live migration of a domain with trusted virtual networks only if the target service domain supports the trusted virtual network feature.