Changing MTU for local-zone
I'm getting ready to go to gigabit jumbo frame (MTU 9000) network, but I'm not there yet.
I have some nice Intel NICs, and I set them so they can do a MTU 16128 but fix the MTU at 1500 until I make the change.
But the local-zones interface won't change with the global:
e1000g1: flags=1001000803<UP,BROADCAST,MULTICAST,IPv4,FIXEDMTU> mtu 1500 index 3
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
ether 0:e:c:c4:48:a8
e1000g1:1: flags=1000803<UP,BROADCAST,MULTICAST,IPv4> mtu 16128 index 3
zone test-zone
inet 10.0.0.191 netmask ffffff00 broadcast 10.0.0.255
I would like the local-zone's virtual interface to have a MTU of 1500 just like it's proud parent.
I've tried a /etc/hostname.e1000g1:1 with 'mtu 1500'. That creates a virtual interface with the proper MTU, but the zone's interface becomes e1000g1:2 still with a MTU of 16128.
How can I set the MTU of the local-zone?
Thanks.
Its now a few months since i last played with networking in zones, but i don't think you can do that. IIRC there are only a limited set of options which can be set to a shared interface which belongs to a zone.
I think that in order for this to work you would have to dedicate an interface to the zone (i.e. 'exclusive mode'), then you can probably change the MTU from inside the zone.
However this is my guess, i haven't tested or verified it..
.7/M.
Similar Messages
-
Last status change time for local-zone
hello
I want to know the time when my local-zone went to "INstalled State" last time ? No information found in any of the message logs.
OS version " Solaris 10 9/10 s10s_u9wos_14a SPARC".
thanks in advance
SubhrajitIt took me an hour but, of course, as soon as I posted this question I found it. I needed table JCDS.
Thanks,
Davis -
Solaris 10U1 needs to be to patched to SunUC 1.0.4 for local zones support
The version of Sun UC integrated into S10u1 does not support systems with local zones configured. This has since been fixed but you first need to patch the system to upgrade to Sun UC 1.0.4. This can be done on a SPARC system as follows:
$ smpatch download -i 121118-06
$ smpatch add -i 121118-06
For X86 the patch is 121119-06.This implies that ODP.NET does NOT need to be installed on a client. However, I cannot find OraOPs9.dll on a machine with Client Release 9.2 installed. Should OraOps?.dll automatically come with a Client installation of 9.2 or higher?
ODP.NET needs to be installed on the client. OraOps9.dll is part of ODP.NET, not the Oracle Client.
Also, if an application is built with the 10g ODP.NET, can it be run from a machine with OraOps9.dll?
If an application is built with 10g ODP.NET, it can be run with 9.2 ODP.NET as long as you do not use any 10g APIs. The new features in 10g ODP.NET are included in the doc and the ODP.NET FAQ for your reference. -
Change MTU for just one Site-to-Site VPN between ASAs?
Hi -
I'm setting up a Site-to-Site Cisco VPN between ASAs. I'm being told by the remote site engineer to set the maximum MTU at 1362.
Is it possible to set the MTU for one specific site-to-site VPN on my ASA 5510 Security Plus to MTU 1362? I see my interfeces are all set at 1500.
If not, would you recommend I setup a subinterface on my inside network router and a subinterface on the ASA with an MTU of 1362 to get around this issue? Then use this subinterface for traffic from my inside network to transverse through prior to hitting the VPN.
Thank you.I would not worry too much about UDP traffics. I rather concentrate on TCP traffics because almost all of the issues will be TCP.
Therefore, I would set the MSS value to 1362 or may be like 1300: sysopt connection tcp-mss 1300
That will solve most of your issues. -
Disable prompt to change password for local non-admin account
Hi there, I have a special-case laptop image running Windows 7 Enterprise. This one will not be on the domain--configured as a standalone workgroup only. I have three local accounts on it:
1) Tech account with admin privs and password protected
2) Teacher account with admin privs and password protected
3) Kindergarten student account with regular user privs and no password at all
For some reason, after Sysprep, when the student and teacher clicks their icon to logon, Windows always prompts them to change the password. I want to disable that. I have the following in my unattend.xml file which should take care of this, based on what
I've read here. Still getting prompted to change password though. Any ideas what's missing?
Thanks,
Sir_Timbit
<component name="Microsoft-Windows-Shell-Setup" .....
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>wmic useraccount where "name='Student'" set PasswordExpires=FALSE</CommandLine></CommandLine>
<Description>Student password never expires...</Description>
<Order>2</Order>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>net accounts /maxpwage:unlimited</CommandLine>
<Description>Disable expired local user account passwords</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>wmic useraccount where "name='Staff'" set PasswordExpires=FALSE</CommandLine></CommandLine>
<Description>Staff password never expires</Description>
<Order>1</Order>
</SynchronousCommand>
</FirstLogonCommands>For some reason my paste garbled up the unattend.xml file. It should read:
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>wmic path Win32_UserAccount WHERE name="Student" set PasswordExpires=FALSE</CommandLine>
<Description>Student password never expires...</Description>
<Order>2</Order>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>net accounts /maxpwage:unlimited</CommandLine>
<Description>Disable expired local user account passwords</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>wmic path Win32_UserAccount WHERE name="Staff" set PasswordExpires=FALSE</CommandLine>
<Description>Staff password never expires</Description>
<Order>1</Order>
</SynchronousCommand>
</FirstLogonCommands>
Now, I let Sysprep complete and logged on as Staff. I went to the command prompt and ran the wmic command above to configure the student account to never expire. It failed when I ran it from a regular command prompt, but worked (and prevents the student
password from expiring--what I want!) when I ran the command prompt as administrator, and paste the above. I was under the impression sysprep would be processing the unattend file with administrative privs. So I'm a bit closer here, but still unsure how to
get it to run the above wmic command as administrator. -
Lion Server DNS service not working for locally created zones. Caching working fine.
OS Lion Server DNS service not working for local zones. Was fine under Snow leopard server but Lion server upgrade has severely broken my DNS and web sites. Zones look fine under Server Admin but keep getting "query failed (SERVFAIL) for xxxx at /SourceCache/bind9/bind9-42/bind9/bin/named/query.c:3921" in the logs. BTW - Server Admin cant seem to see the log file either.
Surely someone actually tested that DNS still worked on Lion?I upgraded from Snow Leopard Server to Lion Server on day 01. I hit the same issue where, after the upgrade, my Lion Server stopped serving names for my private local domain.
I finally took a few minutes to figure out what was wrong. After turning on debug logging and looking through the logs, I found my particular issue, now resolved.
The issue I had was, when the domain initially was setup when I installed Snow Leopard Server, for some reason it created a zone just for the server (in my case, something like zone "s-01.mydomain.priv"), and a separate zone for all the other machines (zone "mydomain.priv", containing all the private IPs for my local domain). I never messed with it because it worked, but generally I would have put all of them in the same zone.
My zone "mydomain.priv" had a nameserver and mail exchanger entry for my server, s-01.mydomain.priv. I could see this in the Server Admin app on the DNS bubble, Zones tab, mydomain.priv selected, and the General Info panel. This was fine in Snow Leopard. This was failing the zone load in the updated bind for Lion Server, though. The issue was that the "mydomain.priv" zone was referencing the s-01.mydomain.priv server, which was not defined in the "mydomain.priv" zone but rather in the "s-01.mydomain.priv" zone.
My fix:
1. In Server Admin, add the server to the zone "mydomain.priv". I put an A record (Add Machine) in the "mydomain.priv" zone for my server named s-01.mydomain.priv.
2. shut down DNS on the OS X Lion Server (hit the Stop DNS button on Server Admin).
3. edit /etc/named.conf by hand, removing the specialized zones that contianed just the server. In this case, it would be the section titled 'zone "s-01.mydomain.priv"' and the section titled 'zone "3.10.1.10.in-addr.arpa"'. Your in-addr.arpa zone name will change based on whatever your server IP address was. My internal one happened to have s-01.mydomain.priv mapped to 10.1.10.3.
4. Once the specialized zones for just the server were removed, I started the DNS up again. Instead of serving four zones as it had in OS X Snow Leopard Server, it now servers two zones. And, now, it is resolving my local machines for the mydomain.priv zone.
YMMV. I did note that it wasn't totally necessary to do step 3, but I never really understood the need for the specialized domain, and keeping it around would have a copy of data that would just confuse things.
Hope that helps. That's been the only hiccup I've noticed updating to OS X Lion Server thus far. -
Network access from local zones on a Solaris 10 router
I'm kind of stuck at an interesting problem.
I have a Solaris 10u6 system which is itself a router between a number of networks.
It has several dozen routes to different networks via different next-hop gateways,
just one of which is a default route to the ISP to internet.
I thought of setting up local zones to securely run infrastructure services (BIND,
Squid, Mail relay) on this machine, with only a single dedicated public IP address
(from our delegated address space) per such zone. Zones use a shared-IP stack
on one of the machine's VLAN interfaces (the LAN part with public IP addresses).
The problem is - since this machine is the gateway for the subnet used for the
local zones, they don't inherit any default route. The one default we have to the
ISP is on another interface's subnet.
[root@ns8 /]# netstat -rn | grep default
[root@ns8 /]# netstat -rn | wc -l
50
On a side note, these zones do inherit dozens of other routes (50 above) with
next-hop routers not on the local zone's subnet - so these are also not accessible.
I think such useless routes should also be filtered away - as "mismatching" default
routes are.
Due to all this the zone has no networking outside its subnet/mask: it doesn't
even try to send anything, since there is not a single route with a matching next
hop router, i.e.
[root@ns8 /]# traceroute -nI 194.87.0.50
traceroute to 194.87.0.50 (194.87.0.50), 30 hops max, 40 byte packets
1 xx.yy.zz.8 0.102 ms !H 0.032 ms !H 0.027 ms !H
To reiterate, this setup is different from that of the numerous replays of "How to
set up internet for zones with virtual IP addresses?"
That recipe suggests to add a fake router and maintain its ARP address to be
that of the real default gateway, and set up NAT to rewrite private IP addresses
to the global zone's public IP. While I've also used the recipe a number of times,
it does not seem feasible in this router's case - there are too many next-hop
routers (and learned with a dynamic routing protocol), not just one default-gw.
I can of course go back to running services in the global zone and binding them
to these dedicated public IP addresses via configuration files - and this works
since the global zone has access to any needed routers having IP addresses
in relevant subnets - but I hoped to secure the system a bit more and separate
routing from infrastructure tasks...
So the question is: how can I set up networking for local zones in this case
when they are running on a router? Is it possible?
Thanks,
//JimYou can set the Airport Extreme in "Bridge" mode, and then it will just extend the existing subnet.
Airport Utility -> Airport Extreme -> Internet -> Connection Sharing -> Off (bridge mode) -
Using dtrace to tap into local-zone console output?
Was wondering if anyone has experimented with dtrace to capture zlogin console output for local zones. (all in the global ofcourse)
(I don't want to run zlogin and capture its output to a file, since that would interfere with normal "zlogin" operation.)
The idea would be to try and use dtrace to attach to some sort of centralized "zlogin construct/object" and then capure ALL zlogin console-output for ALL local zones, with dtrace, and then having that parsed out to log-files for each local zone.
Might sound a little far-fetched, but until a standard interface for zone-console logging is created, this may be the base we can do?
If you can think of alternatives, please share them.
thanks,
-- MikeEFor the record: http://blogs.sun.com/roller/page/menno/20050525
Menno -
How to dynamically set max-rss size for a local zone?
Running solaris 10 05/08.
Following situation: Three local zones in a Veritas cluster. The zones
can fail over but normally not all three are on the same physical box.
I want to be able to restrict physical memory usage for the zones in
situations where certain combinations of them end up on the same
physical box. So, I need to be able to dynamically change memory
resources. I know how to do this with, for example locked memory:
prctl -n zone.max-locked-memory -r -v <mem> `pgrep -z <zone name>
init`
but i need to do this for physical memory and I can't see that there
is a zone resource for this? I thought this was added in 05/08?Hi
You can do this by using rcapd from the global zone
- start rcapd from the global zone:
svcadm enable svc:/system/rcap:default
- set a physical memory caping value for each zone
rcapadm -z your_zone -m max_rss_value
- check the memory use for all the zone capped
rcapstat -gz
You can set the rss capping value in the zone configuration:
# zonecfg -z your_zone
zonecfg:busi-app-prod> add capped-memory
zonecfg:busi-app-prod:capped-memory> set physical=900m
zonecfg:busi-app-prod:capped-memory> end
zonecfg:busi-app-prod> verify
zonecfg:busi-app-prod> commit
zonecfg:busi-app-prod> exit
This will be take in account at the next reboot of this zone.
Have a also a look to rcapadm to tune rcapd
Bye
Fred -
Can external users change their language, time zone, and locale settings?
Hi,
We’re migrating our hosts from WebEx cloud to our on-prem solution right now (CWMS 1.5.1.323.A).
We’ve learned that CWMS 1.5 does not provide an online address book where hosts could customize language, time zone, and locale settings for their external attendees.
Do external users have any chance at all to change their language, time zone and locale settings individually?
Thank you,
HelgeHi Dejan,
"external users" are those participants, who do not have an LDAP account in our deployment, since they are not intendet to act as hosts: our stakeholders, partners, customers, clients.
It looks, as if these people would stick to the systems' default language / time zone / locale.
We are wondering if there might be a CWMS-component like this:
https://artcom.webex.com/cmp0307l/webcomponents/widget/preference.do?serviceType=MC&siteurl=artcom&target=Page&backUrl=%2Fmw0307l%2Fmywebex%2Fdefault.do%3Fsiteurl%3Dartcom%26service%3D1
to allow those "extenal" participants to make their adjustments.
Thank you,
Helge -
Modify Ethernet driver settings for a local zone of exclusive ip-type
Hi there
A quick one. Have configured a local zone with ip-type set to exclusive for a physical interface fjgi1. How can I modify the fjgi driver settings for this local zone?
Should I edit /platform/SUNW,SPARC-Enterprise/kernel/drv/fjgi.conf under the global zone and reboot the global zone, or create and edit a new config file in the local zone and reboot it?
Thank you
SunnyDriver settings like this are shared by all zones. So you'd need to make the change in the global zone.
Darren -
Solaris 10 local zone setup requirement/steps for am/ps 7.0 installation
Hi,
Is there any document available on solaris 10 local zone creation/requirement for am server/ portal server 7.0 install? Any help/pointer is appreciated.
Thanks,I don't believe there is any specific documentation am/portal in a zone. And as far as I know there are no specific requirements either. I have successfully installed portal in a solaris zone.
A good starter tutorial on zones is here: http://partneradvantage.sun.com/protected/solaris10/adoptionkit/tech/zones/tutorial.html
Hi,
Is there any document available on solaris 10 local
zone creation/requirement for am server/ portal
server 7.0 install? Any help/pointer is
appreciated.
Thanks, -
Df error for lofs file system in local zone.
I 've a zone which is running oracle db instance. We have exported the SAN file system from the global zone as following
fs:
dir: /oradb
special: /oradb
raw not specified
type: lofs
options: []
from global zone
#df -h | grep oradb
/dev/dsk/emcpower174c 17G 5.1G 11G 31% /oradb/archa
/dev/dsk/emcpower177c 58G 3.3G 54G 6% /oradb/index1
/dev/dsk/emcpower172c 9.9G 610M 9.2G 7% /oradb/redob
/dev/dsk/emcpower176c 58G 30G 27G 53% /oradb/index2
/dev/dsk/emcpower180c 58G 35G 23G 61% /oradb/data1
Problem is from local zone if i do cd to /oradb/data1 and then df -h . , i get following error Is there anyway i get the usage or df o/p of lofs file system from the local zone itself
local_zone# df -h .
df: Could not find mount point for .
local_zone # pwd
/orad/data1
local_zone# df -h /oradbdb/data1
df: Could not find mount point for /oradbdb/data1
local_zone#Do you have amount point within the zone path for these oradb mounts?
You have to add a directory entry for /oradb in the zone's root directory, i.e. ``zone_path''/root/oradb -
SG300 cant change the Link Local address for an IPv6 interface
There seems to be no apparent way to change the Link Local address for an IPv6 interface
If I create more than one interface they all appear to have the same Link Local addressNever mind, I figured it out
By adding a Link Local address to an interface, it overides the existing one on the interface -
Install NetConnect in Global Zone of Solaris 10 x86 with 5 local zone fail
Problem:
Install NetConnect in Global Zone of Solaris 10 x86 with 5 local zone failed
But I didn't have any issue with the same pkg in Solaris 9
Steps taken:
# groupadd netcon
# useradd -d /export/home/netcon -g netcon -m netcon
# vi /etc/shadow
change LK to NP
# ./UninstallNetConnect.003.002.001.sh
# ./InstallNetConnect.003.002.001.sh
Enter the user account to use: netcon
Enter group: netcon
Installing Sun(SM) Net Connect Proxy Core as <SUNWsrspx>
## Installing part 1 of 1.
/etc/opt/SUNWsrspx/CustomerCert.pem
/etc/opt/SUNWsrspx/SRSCACert.pem
/etc/opt/SUNWsrspx/binaries
/etc/opt/SUNWsrspx/srsproxyconfig.cfg
/opt/SUNWsrspx/bin/srsexec
/opt/SUNWsrspx/bin/srsinstall
/opt/SUNWsrspx/bin/srsinstallmode
/opt/SUNWsrspx/bin/srsproxy
/opt/SUNWsrspx/bin/srspxrun
/opt/SUNWsrspx/bin/srspxstat
/opt/SUNWsrspx/bin/srspxtrace
/opt/SUNWsrspx/bin/srsuser
/opt/SUNWsrspx/bin/srsxfer
/opt/SUNWsrspx/lib/srsimapi.jar
/usr/lib/libsrsimapi.so.1
[ verifying class <none> ]
## Executing postinstall script.
copying initial install customer cert into place
copying initial install srs cert into place
copying initial install proxy config file into place
removing any existing uninstallscript before copying the correct one
copying uninstall script into place
/var/sadm/pkg/SUNWsrspx/install/postinstall: /opt/SUNWsrspx/bin/srspxrun: cannot execute
proxy queue initialization failed
pkgadd: ERROR: postinstall script did not complete successfully
Installation of <SUNWsrspx> failed.
ERROR: pkgadd failed for: SUNWsrspx
Please correct this situation and rerun the installation.
Exiting installation.
# cat /var/adm/messages
Oct 7 00:00:01 planet root: [ID 702911 daemon.error] ERROR: proxy queue initialization failed
Any clue, or it will only possible in Global zone that didn't have any local zone
thanks in advanceProblem:
Install NetConnect in Global Zone of Solaris 10 x86
with 5 local zone failed
But I didn't have any issue with the same pkg in
Solaris 9
Steps taken:
# groupadd netcon
# useradd -d /export/home/netcon -g netcon -m netcon
# vi /etc/shadow
change LK to NP
# ./UninstallNetConnect.003.002.001.sh
# ./InstallNetConnect.003.002.001.sh
Enter the user account to use: netcon
Enter group: netcon
Installing Sun(SM) Net Connect Proxy Core as
<SUNWsrspx>
## Installing part 1 of 1.
/etc/opt/SUNWsrspx/CustomerCert.pem
/etc/opt/SUNWsrspx/SRSCACert.pem
/etc/opt/SUNWsrspx/binaries
/etc/opt/SUNWsrspx/srsproxyconfig.cfg
/opt/SUNWsrspx/bin/srsexec
/opt/SUNWsrspx/bin/srsinstall
/opt/SUNWsrspx/bin/srsinstallmode
/opt/SUNWsrspx/bin/srsproxy
/opt/SUNWsrspx/bin/srspxrun
/opt/SUNWsrspx/bin/srspxstat
/opt/SUNWsrspx/bin/srspxtrace
/opt/SUNWsrspx/bin/srsuser
/opt/SUNWsrspx/bin/srsxfer
/opt/SUNWsrspx/lib/srsimapi.jar
/usr/lib/libsrsimapi.so.1
[ verifying class <none> ]
## Executing postinstall script.
copying initial install customer cert into place
copying initial install srs cert into place
copying initial install proxy config file into place
removing any existing uninstallscript before copying
the correct one
copying uninstall script into place
/var/sadm/pkg/SUNWsrspx/install/postinstall:
/opt/SUNWsrspx/bin/srspxrun: cannot execute
proxy queue initialization failed
pkgadd: ERROR: postinstall script did not complete
successfully
Installation of <SUNWsrspx> failed.
ERROR: pkgadd failed for: SUNWsrspx
Please correct this situation and rerun the
installation.
Exiting installation.
# cat /var/adm/messages
Oct 7 00:00:01 planet root: [ID 702911 daemon.error]
ERROR: proxy queue initialization failed
Any clue, or it will only possible in Global zone
that didn't have any local zone
thanks in advance
[I believe that it does not work in x86, watches with pkginfo - l SUNWsrspx, in the platform.
Willy Suarez
Sopport UNIX
Colombia/code]
Maybe you are looking for
-
Office 2013 local Click to Run deployment error
I have downloaded the x32 version of Office2013 to a local deployment share, making use of the Office Deployment tools. The download succeeded. Share is read access for everyone. When launching the installer from the share, on a x64 Win7 client, the
-
How do I update my IPAD to ios4?
-
Hi i have a apple cable it used to work fine i dont know why now to get the computer to detect it i have to put it in a special position, if i move it the slightest bit it disconnects. I tried different hubs, different laptops, i have iTouch 4G 32GB
-
IMac G5 17" Mac OS X 10.5.6 Install Problems
I go my hands on an old imac 17" G5. I know OS 10.5.6 or lower will only work with these older machines. I am trying install 10.5.6 iso install onto a SDHC 16gb card. I am having trouble though. I am making the SDHC as a boot up disc but when i boot
-
Alerts for Cash Deposit and Cash Withdrawal
Hi All, I've one requirement from my client, Whenever I post a cash deposit into bank of Rs. 10,000/- or more, an alert has to go to the authorizer. This is same for withdrawal also. Please advise how to achieve this in B1. Regards, Silpa