仮想ネットワークの設定
L2スイッチと仮想NIC
# dladm create-etherstub vsw1
# dladm create-vnic -l vsw1 vnic10
# dladm create-vnic -l vsw1 vnic11
# dladm create-vnic -l vsw1 vnic12
# dladm create-vnic -l vsw1 vnic13
# dladm create-etherstub vsw2
# dladm create-vnic -l vsw2 vnic20
# dladm create-vnic -l vsw2 vnic21
# dladm create-vnic -l vsw2 vnic22
# dladm create-vnic -l vsw2 vnic23
# dladm
LINK CLASS MTU STATE OVER
net0 phys 1500 up --
vsw1 etherstub 9000 unknown --
vnic10 vnic 9000 up vsw1
vnic11 vnic 9000 up vsw1
vnic12 vnic 9000 up vsw1
vnic13 vnic 9000 up vsw1
vsw2 etherstub 9000 unknown --
vnic20 vnic 9000 up vsw2
vnic21 vnic 9000 up vsw2
vnic22 vnic 9000 up vsw2
vnic23 vnic 9000 up vsw2
# ipadm create-ip net0
# ipadm create-addr -T static -a 192.168.0.35 net0/v4
zone作成
# zonecfg -z zone01 'create; set zonepath=/zones/zone01'
# zonecfg -z zone02 'create; set zonepath=/zones/zone02'
# zonecfg -z zone03 'create; set zonepath=/zones/zone03'
# zoneadm -z zone01 install
# zoneadm -z zone02 clone zone01
# zoneadm -z zone03 clone zone01
# zonecfg -z zone01
zonecfg:zone01> remove anet
zonecfg:zone01> add net
zonecfg:zone01:net> set physical=vnic12
zonecfg:zone01:net> end
zonecfg:zone01> info
zonename: zone01
zonepath: /zones/zone01
brand: solaris
autoboot: false
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic12
defrouter not specified
zonecfg:zone01> commit
zonecfg:zone01> exit
# zonecfg -z zone02
zonecfg:zone02> remove anet
zonecfg:zone02> add net
zonecfg:zone02:net> set physical=vnic11
zonecfg:zone02:net> end
zonecfg:zone02> add net
zonecfg:zone02:net> set physical=vnic20
zonecfg:zone02:net> end
zonecfg:zone02> info
zonename: zone02
zonepath: /zones/zone02
brand: solaris
autoboot: false
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic11
defrouter not specified
net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic20
defrouter not specified
zonecfg:zone01> commit
zonecfg:zone01> exit
# zonecfg -z zone03
zonecfg:zone01> remove anet
zonecfg:zone01> add net
zonecfg:zone01:net> set physical=vnic22
zonecfg:zone01:net> end
zonecfg:zone01> info
zonename: zone03
zonepath: /zones/zone03
brand: solaris
autoboot: false
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic22
defrouter not specified
zonecfg:zone01> commit
zonecfg:zone01> exit
zone01(プロキシ2)設定
# zlogin -C zone01
(以下は手動で設定する場合)
# ipadm create-ip vnic12
# ipadm create-addr -T static -a 172.16.0.10 vnic12/v4
# ipadm create-addr -T addrconf vnic12/v6
# dladm
LINK CLASS MTU STATE OVER
vnic12 vnic 9000 up ?
# ipadm
NAME CLASS/TYPE STATE UNDER ADDR
lo0 loopback ok -- --
lo0/v4 static ok -- 127.0.0.1/8
lo0/v6 static ok -- ::1/128
vnic12 ip ok -- --
vnic12/v4 static ok -- 172.16.0.10/24
vnic12/v6 addrconf ok -- fe80::8:20ff:fe0c:a730/10
zone02(NAT BOX)設定
# zlogin -C zone02
(以下は手動で設定する場合)
# ipadm create-ip vnic11
# ipadm create-addr -T static -a 172.16.0.1 vnic11/v4
# ipadm create-addr -T addrconf vnic11/v6
# ipadm create-ip vnic20
# ipadm create-addr -T static -a 10.0.0.254 vnic20/v4
# ipadm create-addr -T addrconf vnic20/v6
# dladm
LINK CLASS MTU STATE OVER
vnic11 vnic 9000 up ?
vnic20 vnic 9000 up ?
# ipadm
NAME CLASS/TYPE STATE UNDER ADDR
lo0 loopback ok -- --
lo0/v4 static ok -- 127.0.0.1/8
lo0/v6 static ok -- ::1/128
vnic11 ip ok -- --
vnic11/v4 static ok -- 172.16.0.1/24
vnic11/v6 addrconf ok -- fe80::8:20ff:fe18:5eaa/10
vnic20 ip ok -- --
vnic20/v4 static ok -- 10.0.0.254/24
vnic20/v6 addrconf ok -- fe80::8:20ff:fecb:6733/10
zone03(端末)設定
# zlogin -C zone03
(以下は手動で設定する場合)
# ipadm create-ip vnic22
# ipadm create-addr -T static -a 10.0.0.35 vnic22/v4
# ipadm create-addr -T addrconf vnic22/v6
# dladm
LINK CLASS MTU STATE OVER
vnic22 vnic 9000 up ?
# ipadm
NAME CLASS/TYPE STATE UNDER ADDR
lo0 loopback ok -- --
lo0/v4 static ok -- 127.0.0.1/8
lo0/v6 static ok -- ::1/128
vnic22 ip ok -- --
vnic22/v4 static ok -- 10.0.0.35/24
vnic22/v6 addrconf ok -- fe80::8:20ff:fe5e:351a/10
ルーティング(NAT)の設定
solaris11(172.16.0.X=>192.168.0.X)変換の設定
動的経路制御は無効にして経路は手動で設定したほうがよい(有効でも動くけど)。
# routeadm -u -d ipv4-routing
# routeadm -u -e ipv4-forwarding
# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/route:default
online svc:/network/routing/ndp:default
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
送信元が172.16.0.0/16のパケットを、0/32(実際には192.168.0.35)に変換してnet0へ転送する
# cat /etc/ipf/ipnat.conf
map net0 172.16.0.0/16 -> 0/32 portmap tcp/udp auto
map net0 172.16.0.0/16 -> 0/32
# svcadm enable network/ipfilter
# svcs -l network/ipfilter
fmri svc:/network/ipfilter:default
name IP Filter
enabled true
state online
next_state none
state_time 2013年02月21日 08時42分14秒
logfile /var/svc/log/network-ipfilter:default.log
restarter svc:/system/svc/restarter:default
contract_id 67
manifest /lib/svc/manifest/network/ipfilter.xml
manifest /lib/svc/manifest/network/network-location.xml
dependency optional_all/none svc:/network/location:default (online)
dependency require_all/none svc:/system/filesystem/minimal (online)
dependency require_all/restart svc:/network/physical:default (online)
dependency require_all/restart svc:/system/identity:node (online)
dependency require_all/restart svc:/system/identity:domain (online)
# netstat -rn -f inet
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.0.1 UG 2 225 net0
127.0.0.1 127.0.0.1 UH 2 254 lo0
172.16.0.0 172.16.0.254 U 4 35 vnic10
192.168.0.0 192.168.0.35 U 5 9380 net0
zone02(10.0.0.X=>172.16.10.X)設定
# routeadm -u -d ipv4-routing
# routeadm -u -e ipv4-forwarding
# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/route:default
online svc:/network/routing/ndp:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
disabled svc:/network/routing/ripng:default
送信元が10.0.0/24のパケットを、0/32(実際には172.16.0.1)に変換してvnic11へ転送する
# cat /etc/ipf/ipnat.conf
map vnic11 10.0.0.0/24 -> 0/32 portmap tcp/udp auto
map vnic11 10.0.0.0/24 -> 0/32
# svcadm enable network/ipfilter
# svcs -l network/ipfilter
fmri svc:/network/ipfilter:default
name IP Filter
enabled true
state online
next_state none
state_time 2013年02月21日 08時47分42秒
logfile /var/svc/log/network-ipfilter:default.log
restarter svc:/system/svc/restarter:default
contract_id 322
manifest /lib/svc/manifest/network/ipfilter.xml
manifest /lib/svc/manifest/network/network-location.xml
dependency optional_all/none svc:/network/location:default (online)
dependency require_all/none svc:/system/filesystem/minimal (online)
dependency require_all/restart svc:/network/physical:default (online)
dependency require_all/restart svc:/system/identity:node (online)
dependency require_all/restart svc:/system/identity:domain (online)
# netstat -rn -f inet
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 172.16.0.254 UG 2 41 vnic11
10.0.0.0 10.0.0.254 U 3 41 vnic20
127.0.0.1 127.0.0.1 UH 2 64 lo0
172.16.0.0 172.16.0.1 U 4 25 vnic11
