Wednesday November 15, 2006
Network Automagic, BrandZ, NAT and Skype Building on Edward Pilatowicz's blog entry on how to use IPfilter's NAT capabitlies to have flexible networking for your BrandZ Linux Zone I have hooked it into the NWAM prototype. This was basically just scripting what Ed had already provided and placing it into the NWAM hooks intrastructure. The scripts will work even if you aren't using NWAM just run them manually as root.
First it will help if I describe the behaviour I want to achive. I only want my zones booted up if I have an active network connection. So my zones have the autoboot property set to false. Since I am using the NWAM prototype I can only have one interface active at a time - this is just fine on my laptop and is the behaviour I actually want.
Hooking the zone network configuration and startup into NWAM was really easy. All I needed to do was write a bringup and teardown script. The bit that adds to Ed's configuration is to create the zones with a vni(7D) interface in their config. The NWAM script uses zonecfg(1M) to change those vni entries to what ever physical interface we actually got an address on, the rest is just what Ed documented on his blog entry.
Add the following to /etc/inet/hosts:
10.11.12.0 lnetwork 10.11.12.1 lrouter 10.11.12.2 lhost 10.11.12.3 lzone1 10.11.12.4 lzone2 10.11.12.5 lzone3 10.11.12.6 lzone4 10.11.12.7 lbroadcast
Add the following (substituting what ever your wired/wireless interfaces are) to /etc/inet/ipnat.conf and ensure that svc:/network/ipfilter is enabled:
map bge0 10.11.12.0/29 -> 0 map ath0 10.11.12.0/29 -> 0
The bringup script looks like this:
INTERFACES=$(netstat -i | awk '$1 !~ /^Name/ && $1 !~ /lo0/ { print $1}')
for i in $INTERFACES ; do
addr=`ifconfig $i | grep inet | nawk '{print $2}'`
if [ "$addr" != "0.0.0.0" ]; then
intf=$i
break;
fi
done
# Make the zones physical interface the one we just brought up
# and boot them
ZONES=`zoneadm list -c | grep -v global`
for z in $ZONES ; do
zoneaddr=`zonecfg -z $z info | nawk '/address/ {print $2}'`
zoneintf=`zonecfg -z $z info | nawk '/physical/ {print $2}'`
zonecfg -z $z < /dev/null
router_arp=`arp $router | nawk '{print $4}'`
arp -d $lrouter > /dev/null
arp -s $lrouter $router_arp
route add default lrouter
The teardown script is a little simpler and looks like this
# Make the zones physical interface vni and halt them
ZONES=`zoneadm list -c | grep -v global`
for z in $ZONES ; do
zoneaddr=`zonecfg -z $z info | nawk '/address/ {print $2}'`
zoneintf=`zonecfg -z $z info | nawk '/physical/ {print $2}'`
zonecfg -z $z < /dev/null
route delete default lrouter
To use these with NWAM put the bringup script into /etc/nwam/ulp/zones/bringup and the teardown script into /etc/nwam/ulkp/zones/teardown. Now create a very simple one line shell script called /etc/nwam/ulp/check-conditions that just prints the single word zones.
Technorati Tags: OpenSolaris BrandZ
( Nov 15 2006, 02:19:30 PM GMT ) PermalinkComments are closed for this entry.
This is a personal weblog, I do not speak for my employer.
