How to build zones that are in a different subnet/vlan than the global, and have them route correctly

How to build zones that are in a different subnet/vlan than the global, and have them route correctly

AKA: vlan tagging, zones, and independent routing from the zones

================================
The IP details for this example.
================================

global dracko = 10.220.128.125 255.255.255.0 GW 10.220.128.11

zone dracko-zn1 = 10.220.44.20 255.255.255.0 GW 10.220.44.10 VLAN 44

zone dracko-zn2 = 10.220.43.20 255.255.255.0 GW 10.220.43.10 VLAN 43

====================================
1. add the netmasks to /etc/netmasks
====================================

dracko:/: cat /etc/netmasks
10.220.128.0 255.255.255.0
10.220.44.0 255.255.255.0
10.220.43.0 255.255.255.0

===================================
2. DO NOT add to /etc/defaultrouter
===================================

dracko:/: cat /etc/defaultrouter
10.220.128.11

==================
3. Plumb the VLANS
==================

the formula is adaptername[vlan * 1000][+ adapter number]

Our main NIC is e1000g0 so:

e1000g and 44 * 1000 + 0 for VLAN 44
e1000g and 43 * 1000 + 0 for VLAN 43

dracko:/: ifconfig e1000g44000 plumb up
dracko:/: ifconfig e1000g43000 plumb up

===============
4. Now we have:
===============

dracko:/: ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849 mtu 8232 index 1
zone dracko-zn1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849 mtu 8232 index 1
zone dracko-zn2
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843 mtu 1500 index 2
inet 10.220.128.125 netmask ffffff00 broadcast 10.220.128.255
ether 0:14:4f:7e:56:46
e1000g43000: flags=201000842 mtu 1500 index 4
inet 0.0.0.0 netmask 0
ether 0:14:4f:7e:56:46
e1000g44000: flags=201000842 mtu 1500 index 3
inet 0.0.0.0 netmask 0
ether 0:14:4f:7e:56:46

dracko:/: dladm show-link
e1000g0 type: non-vlan mtu: 1500 device: e1000g0
e1000g44000 type: vlan 44 mtu: 1500 device: e1000g0
e1000g43000 type: vlan 43 mtu: 1500 device: e1000g0
e1000g1 type: non-vlan mtu: 1500 device: e1000g1
e1000g2 type: non-vlan mtu: 1500 device: e1000g2
e1000g3 type: non-vlan mtu: 1500 device: e1000g3

=====================
5. Make it permanent:
=====================

touch /etc/hostname.e1000g44000
touch /etc/hostname.e1000g43000

DO NOT put anything in these files! They are just so the interfaces are plumbed on reboot

==========================
6. Modify each zone config
==========================

dracko:/: zonecfg -z dracko-zn1
zonecfg:dracko-zn1> remove net
zonecfg:dracko-zn1> add net
zonecfg:dracko-zn1:net> set physical=e1000g44000 <---- the VLAN device zonecfg:dracko-zn1:net> set address=10.220.44.20
zonecfg:dracko-zn1:net> set defrouter=10.220.44.10 <---- set default route here, not in the global zonecfg:dracko-zn1:net> end
zonecfg:dracko-zn1> verify
zonecfg:dracko-zn1> exit

Note: rinse and repeat for all zones

=================
7. boot the zones
=================

dracko:/: zoneadm -z dracko-zn1 boot
dracko:/: zoneadm -z dracko-zn2 boot

=================================================
8. Now lets look at the ifconfig from the global:
=================================================

dracko:/: ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849 mtu 8232 index 1
zone dracko-zn1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849 mtu 8232 index 1
zone dracko-zn2
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843 mtu 1500 index 2
inet 10.220.128.125 netmask ffffff00 broadcast 10.220.128.255
ether 0:14:4f:7e:56:46
e1000g43000: flags=201000842 mtu 1500 index 4
inet 0.0.0.0 netmask 0
ether 0:14:4f:7e:56:46
e1000g43000:1: flags=201000843 mtu 1500 index 4
zone dracko-zn2
inet 10.220.43.20 netmask ffffff00 broadcast 10.220.43.255
e1000g44000: flags=201000842 mtu 1500 index 3
inet 0.0.0.0 netmask 0
ether 0:14:4f:7e:56:46
e1000g44000:1: flags=201000843 mtu 1500 index 3
zone dracko-zn1
inet 10.220.44.20 netmask ffffff00 broadcast 10.220.44.255
dracko:/:

===============================
9: Netstat -nr from the global:
===============================

dracko:/: netstat -nr

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
——————– ——————– —– —– ———- ———
default 10.220.128.11 UG 1 12
default 10.220.44.10 UG 1 0 e1000g44000
default 10.220.43.10 UG 1 0 e1000g43000
10.220.128.0 10.220.128.125 U 1 2 e1000g0
224.0.0.0 10.220.128.125 U 1 0 e1000g0
127.0.0.1 127.0.0.1 UH 1 0 lo0
dracko:/:

=================================
10: A network view from the zone:
=================================

dracko:/: zlogin -C dracko-zn1
[Connected to zone ‘dracko-zn1’ console]

# bash
bash-3.2#
bash-3.2# ifconfig -a
lo0:1: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g44000:1: flags=201000843 mtu 1500 index 3
inet 10.220.44.20 netmask ffffff00 broadcast 10.220.44.255
bash-3.2# netstat -nr

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
——————– ——————– —– —– ———- ———
default 10.220.44.10 UG 1 0 e1000g44000
10.220.44.0 10.220.44.20 U 1 1 e1000g44000:1
224.0.0.0 10.220.44.20 U 1 0 e1000g44000:1
127.0.0.1 127.0.0.1 UH 4 122 lo0:1
bash-3.2#
bash-3.2# ping 10.220.44.10
10.220.44.10 is alive <-- woohoo!