ipv6 in a Solaris zone

This is a continuation of my saga of Solaris zones. In this episode, you’ll be presented with a ipv6 routing problem on Solaris.

Looking for information about ipv6 in Solaris zones, you’ll be likely to get across this page. It will tell you, how to assign an ipv6 address to your zone: get into the global zone and use zonecfg.

netra / $ zonecfg -z wibble
Sorry, I don't know anything about your "screen" terminal.
netra / $ export TERM=vt100
netra / $ zonecfg -z wibble
zonecfg:wibble> add net
zonecfg:wibble:net> set address=2001:0:0:1::4/64
zonecfg:wibble:net> set physical=eri0
zonecfg:wibble:net> end
zonecfg:wibble> verify
zonecfg:wibble> commit
zonecfg:wibble> exit
netra / $ zoneadm -z wibble reboot

After zone reboot:

bash-3.00# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
eri0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.0.1.63 netmask ffffff00 broadcast 10.0.1.255
lo0:2: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
eri0:4: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
inet6 2001:0:0:1::4/64

Nice, we have an ipv6 address.

bash-3.00# ping ipv6.google.com
ICMPv6 No Route to Destination from gateway 2001:0:0:1::4
for icmp6 from 2001:0:0:1::4 to 2001:4860:0:1001::68
^C

The address resolves, but there’s no routing. The aforementioned page does actually say something about it:

Starting in the Solaris 10 8/07 release, the /etc/hosts and /etc/inet/ipnodes files are unified and are symbolic links to each other. Routing must be done in the global zone as is discussed in the Trusted Extensions and Zones forums.

The question is, what’s the URL to the relevant thread? I couldn’t find it. Maybe my Google seach-fu isn’t good enough. My friend and me found a way to make this work, although we have no idea whether this solution is correct. All we know is that is somehow… works.

If you look at the ipv6 routing table in the global zone, you’ll see something like this:

Routing Table: IPv6
Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
2001:0:0:1::/64             netra.home.blizinski.pl     U       1       6 eri0:1
fe80::/10                   fe80::203:baff:fe0b:fd4b    U       1       1 eri0
ff00::/8                    fe80::203:baff:fe0b:fd4b    U       1       0 eri0
default                     fe80::213:a9ff:fe80:43be    UG      1       1 eri0
localhost                   localhost                   UH      1       0 lo0

It seems like routing is done via a link-local type address. If you look at the correspoding table in your non-global zone, you’ll see:

Routing Table: IPv6
Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
2001:0:0:1::/64             2001:0:0:1::4               U       1       0 eri0:4
ff00::/8                    2001:0:0:1::4               U       1       0 eri0:4
localhost                   localhost                   UH      1       0 lo0:2

Apparently, there is no link-local address here. Normally, link-local addresses are derived from the MAC addresses of network cards. Here, we have just one network card, and one MAC address – hence one link-local address, and it’s already assigned to the global zone. We need one more link-local address here… why not make one up?

netra / $ ifconfig -a | ggrep -B1 fe80
eri0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
inet6 fe80::203:baff:fe0b:fd4b/10

We’ll just pick the next address.

netra / $ zonecfg -z wibble
zonecfg:wibble> add net
zonecfg:wibble:net> set address=fe80::213:a9ff:fe80:43c0/10
zonecfg:wibble:net> set physical=eri0
zonecfg:wibble:net> end
zonecfg:wibble> verify
zonecfg:wibble> commit
zonecfg:wibble> exit
netra / $ zoneadm -z wibble reboot

After logging (using ‘zlogin wibble’) to the zone:

netra / $ zlogin wibble
[Connected to zone 'wibble' pts/3]
Last login: Sat Aug 30 11:57:01 on pts/3
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
# bash -l
bash-3.00# ifconfig -a | /opt/csw/bin/ggrep -B1 fe80 # GNU grep FTW!
eri0:5: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
inet6 fe80::213:a9ff:fe80:43c0/10

We’ve got our address! It’s completely arbitrary and probably makes no sense. But the probability of collision is low and…

bash-3.00# ping ipv6.google.com
ipv6.google.com is alive

…it works!

UPDATE 2008-09-05: Another way of doing it is creating an IPv6 route on the global zone, using a global IPv6 address (as opposed to link-local).

About these ads

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

Join 474 other followers

%d bloggers like this: