Solaris 10 VLAN

How setup VLAN on Solaris 10. Server have hme0 interface. When i make new file hostname.ce123000 for vlan 123 and plumb this interface, ifconfig say no such interface. How right setup vlans on this machine?It looks like you're slightly confused regarding the naming convention for the hostname.* files. You say that your system has hme0, but your hostname.* file is using a ce (Cassini Ethernet) interface. That's why it's not working and returning the "no such interface" message. Do you have any CE NICs in that system? The way you have the hostname.ce123000 file configured suggests you're trying to configure ce0 on VLAN ID 123.
The HME NIC is a very old interface and the driver doesn't support VLANs so you may need to update to a GLDv3 driver and NIC, something like CE, BGE, e1000g, etc. I believe in Solaris 11 the driver was updated to support GLDv3 so it may work.
What kernel rev are you running? Please provide "uname -a". If you can also provide a "prtdiag -v" we should be able to see what other NICs you have installed in the system (if any).
If you're running Solaris 10 3/05 and above refer to http://download.oracle.com/docs/cd/E19253-01/816-4554/fpjve/index.html
If you're running Solaris 10 3/05 and earlier, refer to http://download.oracle.com/docs/cd/E19253-01/816-4554/bbjfdeij/index.html
Regards,
Steve

Similar Messages

Setup vlan on solaris

i have 3 servers which are run on windows server 2003 and solaris 10...So, i need to setup vlan in each server. Our network will used ipv6 and ipv4 protocols..
The problem is i really dunno how to setup the network and interconnect between ipv4 and ipv6..The setup for vlan must done in server that run on solaris....tq for helping

Thanks for the update, We would love to have such a feature will greatly help in traffic isolation while still on the same vlan.

Solaris 10 X2100 VLAN config

What are my options for configuring a virtual interface on an x2100 server with Sol10 Because the interface shows up as the type " nge0" I am assuming
that the hardware does not support it per the info below. Is there another alternative or a software workaround ?
-john
The Solaris OS now supports VLANs on the following interface types:
ce
bge
xge
e1000g

Looks like I just had the wrong VLAN config syntax.. and miss read the documentation. this works !
bash-3.00# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 128.111.207.230 netmask ffffff00 broadcast 128.111.207.255
ether 0:e0:81:5c:d3:6
nge829000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
inet 10.0.0.62 netmask ffffff00 broadcast 10.0.0.255
ether 0:e0:81:5c:d3:6

Vlan stopped working after Solaris 11.1 upgrade

Sorry for the long post.
I upgraded a test server to Solaris 11.1 from 11/11 a few days ago. After I did the upgrade my one VLAN-based network connection stopped working. I've been messing with it for days and am a bit baffled.
Note that everything was up and working just before the upgrade. This is not a switch configuration problem or a cables issue.
All of the other networking survived the upgrade just fine...
The link that stopped working is a VLAN running on top of a two-link LAG. The untagged link running over the same LAG works just fine.
So here's the strange part. As I was trying to get underneath it all today I fired up wireshark to see if I could figure it out. As soon as I put wireshark up on the interface (in its default promiscuous mode) the link started working. All the packets in the trace looked normal. All was good. As soon as I stopped the trace the link was dead again. Start a trace - link in promiscuous mode - and all is good again. Stop and it stops...
If I bring bring up wireshark on the link without promiscuous mode the link does NOT start working. If I initiate a ping that should go out on the broken VLAN I see a series of ARP requests but no answers (running wireshark on the machine being ping'd I see all of the ARP request come in and the answers go out, but the Solaris machine never sees the answers).
So - did Oracle manage to break VLANs in 11.1? Any ideas how to get it working again?
A few bits on info from the machine. The only thing that looks odd/wrong I've highlighted below.
Phil@TEST:~$ dladm show-link
LINK CLASS MTU STATE OVER
e1000g1 phys 1500 up --
e1000g0 phys 1500 up --
ixgbe0 phys 9000 up --
ixgbe1 phys 9000 up --
aggr2 aggr 9000 up ixgbe0 ixgbe1
aggr2vlan5 vlan 9000 up aggr2
Phil@TEST:~$ dladm show-vlan
LINK VID OVER FLAGS
aggr2vlan5 5 aggr2 -----
Phil@SE11_SAN:~$ ipadm show-addr aggr2vlan5
ADDROBJ TYPE STATE ADDR
aggr2vlan5/v4 dhcp ok 192.168.5.101/24
Phil@TEST:~$ dladm show-linkprop aggr2vlan5
LINK PROPERTY PERM VALUE DEFAULT POSSIBLE
aggr2vlan5 autopush rw -- -- --
aggr2vlan5 zone rw -- -- --
aggr2vlan5 state r- unknown up up,down
aggr2vlan5 mtu rw 9000 1500 1500-9000
aggr2vlan5 maxbw rw -- -- --
aggr2vlan5 cpus rw -- -- --
aggr2vlan5 cpus-effective r- 0-7 -- --
aggr2vlan5 rxfanout rw -- 8 --
aggr2vlan5 rxfanout-effective r- 16 -- --
aggr2vlan5 pool rw -- -- --
aggr2vlan5 pool-effective r- -- -- --
aggr2vlan5 priority rw high high low,medium,high
aggr2vlan5 forward rw 1 1 1,0
aggr2vlan5 protection rw -- -- mac-nospoof,
restricted,
ip-nospoof,
dhcp-nospoof
aggr2vlan5 mac-address r- 0:1b:21:6b:23:98 0:1b:21:6b:23:98 --
aggr2vlan5 allowed-ips rw -- -- --
aggr2vlan5 allowed-dhcp-cids rw -- -- --
aggr2vlan5 rxrings r- -- -- --
aggr2vlan5 rxrings-effective r- -- -- --
aggr2vlan5 txrings r- -- -- --
aggr2vlan5 txrings-effective r- -- -- --
aggr2vlan5 txrings-available r- 0 -- --
aggr2vlan5 rxrings-available r- 0 -- --
aggr2vlan5 rxhwclnt-available r- 0 -- --
aggr2vlan5 txhwclnt-available r- 0 -- --
aggr2vlan5 vsi-mgrid rw -- -- --
aggr2vlan5 etsbw-lcl rw -- 0 --
aggr2vlan5 etsbw-lcl-effective r- -- -- --
aggr2vlan5 etsbw-rmt-effective r- -- -- --
aggr2vlan5 etsbw-lcl-advice r- -- -- --
aggr2vlan5 cos rw -- 0 --
Edit/Delete Message

Fixed. Don't know exactly how/why, but fixed.
When I came home this afternoon I deleted the all of the IPs associated with the VLAN and the LAG. I deleted the VLAN itself and deleted the LAG. Basically tore down all of the datalink and IP layers leaving only the raw interface cards. Rebuilt the LAG, rebuilt the VLAN and reinstalled the IPs. And like magic, the whole thing is happy.
Something in the configs of the LAG or the VLAN must have been corrupted during the upgrade. But now its all fat, dumb and happy again.
Very odd.

Configuring Solaris 10 NICs in a VLAN?

Hello
Let's assume the scenario: VLAN 100 with subnet 10.1.100.0/24 is reserved by Solaris servers only.
Lets take an arbitrary server that has an interface bge0.
This server's NIC should have IP 10.1.100.10 / 24
Should I configure the NIC with the following:
ifconfig bge0 plumb 10.1.100.10 + netmask 255.255.255.0 up
or with the following
ifconfig bge100000 plumb 10.1.100.10 + netmask 255.255.255.0 up
Generally speaking, if a NIC must participate in a VLAN, must it be configured to be VLAN aware?
If the VLAN is configured only in the switch, wouldn't that be enough?

It depends on how the VLAN is presented.
The simplest method for the host is to have the network administrator assign a single VLAN to a switch port. There's no host-side configuration necessary to use the VLAN.
Another method is that you can present multiple VLANs on a port using 802.1q addressing. That's what you're asking about with the syntax. It allows the card to associate itself with one of multiple VLANs on the link.
If the card/server/configuration are not 802.1q aware, then they can only talk to VLAN0 on the link. If that's the correct VLAN, then yes that is enough.
Darren

LMS 3.2 on Solaris 10 - Cannot tftp vlan.dat to server

Hi All,
I've read several posts and could not find one that would resolve my issue.
I get the partially successful on several switches. I understand that is because of LMS not being able to tftp vlan.dat back to server.
I tried it directly on a switch and the transfer only works if the filename is already created in the tftp directory. Is there a way to change that?
Thanks
Jose Ribeiro

Hi Joseph,
The ciscoworks server has full access to the switch as per below. Neither access nor credentials seem to be the issue here.
I've read a few posts where it was stated the need to create a 'dummy' vlan.dat file so that the device would not show as partially successful on the RME job. Is this the case here? If so this is a very strange solution.
Thanks,
Jose
-bash-3.00$ ssh [email protected]
[email protected]'s password:
CC
WARNING: This system is for authorized use only. Any or all access to or
uses of this system may be monitored and recorded and subject to audit.
Use of this system is expressed consent to such monitoring and recording.
Unauthorized or improper use of this system is prohibited and is subject
to criminal and civil penalties.
ctspotdcemsw302>ena
Password:
ctspotdcemsw302#
ctspotdcemsw302#sh ver
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-ENTSERVICESK9_WAN-M), Version 12.2(18)SXF1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Tue 20-Dec-05 19:11 by kellmill
Image text-base: 0x40101040, data-base: 0x42D60000
ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)
BOOTLDR: s72033_rp Software (s72033_rp-ENTSERVICESK9_WAN-M), Version 12.2(18)SXF1, RELEASE SOFTWARE (fc1)
ctspotdcemsw302 uptime is 3 years, 28 weeks, 3 hours, 16 minutes
Time since ctspotdcemsw302 switched to active is 3 years, 28 weeks, 3 hours, 35 minutes
System returned to ROM by power cycle at 17:32:48 UTC Wed Jan 11 2006 (SP by power on)
System restarted at 05:35:07 EST Sun Feb 25 2007
System image file is "disk0:/s72033-entservicesk9_wan-mz.122-18.SXF1.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco WS-C6509-E (R7000) processor (revision 1.1) with 458720K/65536K bytes of memory.
Processor board ID SMG0832N2ZV
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from power-on
SuperLAT software (copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
Bridging software.
TN3270 Emulation software.
15 Virtual Ethernet/IEEE 802.3 interfaces
266 Gigabit Ethernet/IEEE 802.3 interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
ctspotdcemsw302#exit
Connection to 10.86.109.3 closed by remote host.
Connection to 10.86.109.3 closed.
-bash-3.00$

Solaris 11 express LACP + multiple vNic + vLan problem.

I am trying to setup LACP (link aggregation), then create vNic's with vLan tagging on top of the aggregation.
Whatever configuration I triad only one vNic/Vlan worked and the other not, below are the configuration I used any help is greatly appreciated.
dladm create-aggr -l igb0 -l igb1 -L active -P L4 aggr1
dladm create-vnic -l aggr1 -v 2000 SrvNet2000001
ipadm create-addr -T static -a 10.50.2.50/22 aggr2104001/v4static
dladm create-vnic -l aggr1 -v 2104 CncNet2104001
ipadm create-addr -T static -a 10.50.105.50/21 CncNet2104001/v4static
dladm show-aggr
LINK POLICY ADDRPOLICY LACPACTIVITY LACPTIMER FLAGS
aggr1 L2,L3,L4 auto active short -----
dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
SrvNet2000001 aggr1 1000 2:8:20:77:e2:d2 random 2000
CncNet2104001 aggr1 1000 2:8:20:c7:83:8 random 2104
ipadm show-if
IFNAME STATE CURRENT PERSISTENT
lo0 ok -m-v------46 ---
SrvNet2000001 ok bm--------46 -46
CncNet2104001 ok bm--------46 -46
ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
SrvNet2000001/v4static static ok 10.50.2.50/22
CncNet2104001/v4static static ok 10.50.105.50/21
lo0/v6 static ok ::1/128

I found these notes from a network engineer.
"you can not use the dladm command on any interfaces that are plumbed up. You have to, "ipadm delete-ip aggrX" before you can use dladm set-prop on aggrX. "
"Do not change MTU on a configured interface, this has to be done as the first step before the aggr is created."

Aggregates, VLAN's, Jumbo-Frames and cluster interconnect opinions

Hi All,
I'm reviewing my options for a new cluster configuration and would like the opinions of people with more expertise than myself out there.
What I have in mind as follows:
2 x X4170 servers with 8 x NIC's in each.
On each 4170 I was going to configure 2 aggregates with 3 nics in each aggregate as follows
igb0 device in aggr1
igb1 device in aggr1
igb2 device in aggr1
igb3 stand-alone device for iSCSI network
e1000g0 device in aggr2
e1000g1 device in aggr2
e1000g2 device in aggr3
e1000g3 stand-alone device of iSCSI network
Now, on top of these aggregates, I was planning on creating VLAN interfaces which will allow me to connect to our two "public" network segments and for the cluster heartbeat network.
I was then going to configure the vlan's in an IPMP group for failover. I know there are some questions around that configuration in the sense that IPMP will not detect a nic failure if a NIC goes offline in the aggregate, but I could monitor that in a different manner.
At this point, my questions are:
[1] Are vlan's, on top of aggregates, supported withing Solaris Cluster? I've not seen anything in the documentation to mention that it is, or is not for that matter. I see that vlan's are supported, inluding support for cluster interconnects over vlan's.
Now with the standalone interface I want to enable jumbo frames, but I've noticed that the igb.conf file has a global setting for all nic ports, whereas I can enable it for a single nic port in the e1000g.conf kernel driver. My questions are as follows:
[2] What is the general feeling with mixing mtu sizes on the same lan/vlan? Ive seen some comments that this is not a good idea, and some say that it doesnt cause a problem.
[3] If the underlying nic, igb0-2 (aggr1) for example, has 9k mtu enabled, I can force the mtu size (1500) for "normal" networks on the vlan interfaces pointing to my "public" network and cluster interconnect vlan. Does anyone have experience of this causing any issues?
Thanks in advance for all comments/suggestions.

For 1) the question is really "Do I need to enable Jumbo Frames if I don't want to use them (neither public nore private network)" - the answer is no.
For 2) each cluster needs to have its own seperate set of VLANs.
Greets
Thorsten

How to configure Solaris 10 IPMP for Oracle VDI 3.3.2

Hi,
Does anyone have an indication on how to configure Solaris 10 IPMP in a manner that supports Oracle VDI?
We have setup two servers with 2 test addresses on physical and 1 logical for the hostname of the box, but when we configure VDI the VDI database does not come up on the 2nd box. We have also tried configuring IPMP without test addresses, but it doesn't make any difference - the DB still doesn't go into the up state after configuration on the 2nd server.
Solaris 10 u9 with patches
Two physical NICs on management VLAN via 2 switches
Two physical NIcs on VDI VLAN via 2 switches
VDI 3.3.2
All hostnames are in DNS and resolve for short name, FQDN and also reverse IP lookup
The is a proposal pdf on Oracle website that mentions IPMP, so someone has done it. Just could do with a hint on how it was done so that it works.
( http://www.oracle.com/us/technologies/virtualization/vdi-design-proposal-1401195.pdf )
Thanks
Paul

OK, updating this with what was causing the issue.
Not an IPMP problem this was a DNS problem. The VDI servers have access to two DNS environments, so had a DNS search path that had the domain where the VMs where going to go and another for management of the box with two DNS servers listed in /etc/resolv.conf.
We configured VDI using the FQDN for the management DNS, however the vda-config script takes the hostname of the box adds the first DNS domain from /etc/resolv.conf search entry and configures using (it seams to ignore what you put into the vda-config). When the config script comes to configuring MySQL because the names didn't match (FQDN it created by adding hostname to the 1st entry in DNS search path & FQDN that you put into vda-config command), it decides that it is configuring a "Client MySQL" instance rather than a "Slave MySQL" instance, which means the VDA DB never comes up in the out of vda-center status.
So the fix is to:
1) configure IPMP without test addresses (so traffic comes out of the correct IP and can be reverse looked up in DNS by the other host)
2) if you have multiple DNS search entries, configure VDI using the first entry in your search path as its FQDN
Paul

Network error since moving Essbase server into new VLAN

We just moved a Solaris zone containing an Essbase server into another VLAN and now I am seeing strange problems with network timeouts. When EAS runs "query database" commands in MAXL (when you click on a database, for example), it can hang for ten minutes and then timeout. If I run this locally on the server via essmsh:
MAXL> query database <Db> get estimated size;
I get, after ten minutes:
ERROR - 1056213 - message from server [Network error [145]: Unable to connect to [chr7z037:1423]. The client timed out waiting to connect to Analytic Services Agent using TCP/IP. Check your network connections. Also make sure that server and port values are correct].
THe server isn't down and I can connect to it via EAS and HSS.
I am not sure what service is reporting this error - must be APS or HSS (which run on a seperate windows box)?
Also EAS data previews are painfully slow and/or timeout with the same network error as above.
The essbase server is in HSS mode.

Hi Philip,
As CL said ,even I had faced the similar issue. In our case , it was the concept of DMZ ( they were in 2 different DMZ's ) and not able to communicate and gave the error ( which you mentioned in your post).
Try to open up the ports ( Try to telnet also to check)
Sandeep Reddy Enti
HCC
http://hyperionconsultancy.com/

Solaris 10 Sparc T2000/T1000 slow scp/sftp between hosts

We have 4 x t2000 and 2 x t1000 sun servers all running solaris 10 sparc edition and when uploading an agent to all these servers I was unable to maintain a connection faster than 6MB. All our OEL 6.3 hosts on the same vlans/network/swithes are able to copy the same files around at 85MB/s.
Our entire network is GB and have been trouble shooting along the way and have got down to two sun hosts on the same switch and vlan to rule out firewalling and other factors.
The switchports on the cisco show no errors and no errors are seen on the solaris servers and training up at the GB speed as configured.
So I'm faily certain there is something on the solaris hosts OS wise that is affecting perfomance that is causing some of our backup jobs to be quite long but I'm not sure at what to do now.
I've seen some online articles relating to tuning and adjusting certain tcp options but unsure as to what would be best.
Has anyone else experienced issues such a this and if so what was done to resolve it, thanks.

Hi,
this is just a guess, but the T1000 and T2000 are really slow when doing single-thread cpu stuff. When you do scp, a single thread or process on each machine has to do all the encryption and this is most likely what is slowing you down. To analyze this further, look at the output of prstat (or top). If I am right, you will see one scp/ssh process using all cpu time of one of your cores/threads. In a T2000 with 8 cores, 32threads, this will be shown in prstat as 6.7% utilization.
Bjoern

Solaris 11.2 Zones

Hi All,
I've been battling with creating/installing a zone.
I've setup all my zone configs but when I try to install the my zone. this is the error message I get:
'NoneType' object has no attribute 'bind'
And when I check the install log, this is what I see:
[Wednesday, October 8, 2014 12:37:21 PM SAST] ==== Starting: /usr/lib/brand/solaris/pkgcreatezone -Z test2 -R /zoneroots/earth11 ====
[Wednesday, October 8, 2014 12:37:21 PM SAST] Progress being logged to /var/log/zones/zoneadm.20141008T103721Z.test2.install
[Wednesday, October 8, 2014 12:37:22 PM SAST]        Image: Preparing at /zoneroots/earth11/root.
[Wednesday, October 8, 2014 12:37:23 PM SAST]   setting ZFS property zoned=on on earth11/rpool
[Wednesday, October 8, 2014 12:37:23 PM SAST]   setting ZFS property canmount=on on earth11/rpool
[Wednesday, October 8, 2014 12:37:23 PM SAST]   setting ZFS property mountpoint=/rpool on earth11/rpool
[Wednesday, October 8, 2014 12:37:23 PM SAST] Running auto-install: '/usr/bin/auto-install -z test2 -Z earth11/rpool -m /tmp/manifest.xml.10aG8B -c /usr/share/auto_install/sc_profiles/enable_sci.xml'
[Wednesday, October 8, 2014 12:37:23 PM SAST] ERROR: auto-install failed.
[Wednesday, October 8, 2014 12:37:23 PM SAST] Exiting with exit code 255
[Wednesday, October 8, 2014 12:37:23 PM SAST] ==== Completed: /usr/lib/brand/solaris/pkgcreatezone -Z test2 -R /zoneroots/earth11 ====
Now, I noticed this install is running an 'auto-install' and it trying to use the profile xml.
This is new for me, I've been running Solaris 11.1 without any issues, I've tried looking for docs online on how to create a zone, because I thought there might be some new features and change on Solaris 11.2 and all I got is Installing using the AI Manifest and nothing else.
Has Oracle thrashed the old way the zones were created and are now forcing us to use AI Manifests only??
And also, is there a way of getting/downloading the old version Solaris 11.1 anywhere (Please give me a link), because this new version is getting on my nerves now.
Thanks in advance.
Regards,
Phumlani

Hi rmanus,
I doubt this is a network issue, but I may never know...
One thing I didn't mention though is that I'm using a local Repo, and one of the articles I came across with the same problem, mentioned that they had to update their repo with the latest SRUs at that time. That might be worth a shot?
Here is the output you requested:
# dladm
LINK                CLASS     MTU    STATE    OVER
net1                phys      1500   up       --
net3                phys      1500   unknown --
net0                phys      1500   up       --
net2                phys      1500   unknown --
aggr1               aggr      1500   up       net0 net1
aggr170             vlan      1500   up       aggr1
aggr169             vlan      1500   up       aggr1
# ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
aggr169           ip         down         --         --
aggr170           ip         ok           --         --
aggr170/v4     static     ok           --         1**.**.***.**/24
lo0               loopback   ok           --         --
lo0/v4         static     ok           --         127.0.0.1/8
lo0/v6         static     ok           --         ::1/128
sppp0             ip         ok           --         --
# zonecfg -z earth11 info
zonename: earth11
zonepath: /earth11_pool/earth11
brand: solaris
autoboot: false
bootargs:
file-mac-profile:
pool: earth11_pool
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
anet:
        linkname: net0
        lower-link: auto
        allowed-address not specified
        configure-allowed-address: true
        defrouter not specified
        allowed-dhcp-cids not specified
        link-protection: mac-nospoof
        mac-address: random
        mac-prefix not specified
        mac-slot not specified
        vlan-id not specified
        priority not specified
        rxrings not specified
        txrings not specified
        mtu not specified
        maxbw not specified
        rxfanout not specified
        vsi-typeid not specified
        vsi-vers not specified
        vsi-mgrid not specified
        etsbw-lcl not specified
        cos not specified
        pkey not specified
        linkmode not specified

Solaris 10 x86 ipfilter aggr problem

Hi, all.
I have Solaris 10 x86 machine
Kernel Patch: 142910-17
IP patch: 143593-05
The problem shortly:
I am using two network LACP interfaces
aggr125030 contains e1000g1 interface
aggr150031 contains e1000g2 interface
Aggregation 31 was created by:
dladm create-aggr -P L3 -l active -T short -d e1000g2 31
and works fine.
If I add policy based routing rule:
pass out quick on aggr125030 to aggr150031:y.y.y.y proto tcp from x.x.x.x/32 to any port = 25 keep state
traffic matches the rule (it is observed through ipfstat -inohv command) but the rule doesn't work.
How did I decide? I have also ipnat rule
map aggr150031 <skipped>
so if PBR works, the ipnat rule is working too.
If I remove the second aggregation interface aggr150031 and pass the physical interface explicitly, the rule works:
pass out quick on aggr125030 to e1000g2:y.y.y.y proto tcp from x.x.x.x/32 to any port = 25 keep state
as well as the ipnat's one.
x.x.x.x is IP address of e1000g2 interface (or aggr150031)
y.y.y.y is IP address of router for x.x.x.x IP address
It seems that PBR for Ipfilter doesn't support aggregation interfaces for outbound.
Also if you combine vlans 125 and 150 withing one LACP (aggr150031 is replaced by aggr150030 and one physical interface is used for both vlans trunking), the PBR rule doesn't work too.
What shall I do?

The problem was caused by the ipfilter behavior - ignorance of interface alias. My ipnat rule was:
map aggr150031:1 ...
I have changed into:
map aggr150031 ...
and the things began to work.
Sorry for the noise.

Solaris 10 u11 : Is it possible to mix IPMP with vertual network interface

Hi
I have a system with 4 Ethernet interfaces , I'd like to try to have virtual network interface on two of them . then configure IPMP between each two.
- Is it possible to mix IPMP and VNIC ?
- online , I found posts about having vnic on solaris by creating additional interface file (ex, /etc/hostname.bge0:1 ) and also the IPMP create such interface?
- How can I know which IPMP version installed on the system ? and how to know I'm reading the right configuration guide?
- on what basis should i choose the type of IPMP for my system (Link-based or Probe-based)
Thanks in advance
HEBA

Hi.
IPMP can coexist with VNIC.
IPMP - part of Solaris. So you not need check version of IPMP. Just read Docs for Solaris.
http://docs.oracle.com/cd/E23823_01/html/816-4554/ipmptm-1.html#scrolltoc
It's not clear what Vnic you plan use. Is it VLAN or just additional IP on interface ?
For test address of IPMP you should configure interface like bge0:1 with additional options.
Regards.

Registration issues.... Solaris 10 - 06/06

Having issues registering my V440 running Solaris 10 06/06. I have posted the error below and them some system information below that. any help is appreciated.
sysax /: /usr/sbin/sconadm register -a -r /usr/lib/breg/data/RegistrationProfile.properties
sconadm is running
Authenticating user ...
Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
at $Proxy1.getInstanceName(Unknown Source)
at com.sun.scn.client.SCNClientSession.login(SCNClientSession.java:371)
at com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter.loginAccount(ClientLoginCacaoAdapter.java:209)
at com.sun.cns.basicreg.BasicRegCLI.authenticateUser(BasicRegCLI.java:1079)
at com.sun.cns.basicreg.BasicRegCLI.run(BasicRegCLI.java:669)
at com.sun.cns.basicreg.BasicRegCLI.main(BasicRegCLI.java:562)
Caused by: javax.management.InstanceNotFoundException: com.sun.scn:name=SCNBaseServiceFactory,assetSubProfile=Factory,host=sysax.consolidated.com,assetProfile=Factory,scnType=ServiceFactory,Vendor=Sun Microsystems Inc
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(DefaultMBeanServerInterceptor.java:1010)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getClassLoaderFor(DefaultMBeanServerInterceptor.java:1349)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getClassLoaderFor(JmxMBeanServer.java:1300)
at com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.getClassLoaderFor(DefaultMBeanServerInterceptor.java:285)
at com.sun.cacao.agent.DispatchInterceptor.getClassLoaderFor(DispatchInterceptor.java:474)
at com.sun.cacao.agent.auth.impl.AccessControlInterceptor.getClassLoaderFor(AccessControlInterceptor.java:427)
at com.sun.jdmk.JdmkMBeanServerImpl.getClassLoaderFor(JdmkMBeanServerImpl.java:1130)
at com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.getClassLoaderFor(InstrumDefaultForwarder.java:153)
at javax.management.remote.rmi.RMIConnectionImpl$4.run(RMIConnectionImpl.java:1306)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.getClassLoaderFor(RMIConnectionImpl.java:1303)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:766)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
at sun.rmi.transport.Transport$1.run(Transport.java:153)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:595)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:126)
at com.sun.jmx.remote.internal.PRef.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnectionImpl_Stub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:969)
at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:201)
... 6 more
sysax /: cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
sysax /: cat /var/sadm/system/admin/CLUSTER
CLUSTER=SUNWCall
sysax /: java -version
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Server VM (build 1.5.0_06-b05, mixed mode)
sysax /: smpatch get
patchpro.backout.directory - ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://getupdates1.sun.com/
patchpro.patchset - current
patchpro.proxy.host - ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
sysax /: cat /usr/lib/breg/data/RegistrationProfile.properties
# CLI registration profile template version 1.0
# ******** WARNING ********
# This profile contains sensitive data: passwords and subscription
# keys. You should take care in how you handle it, ensuring that it
# is always adequately protected (mode 400 or 600, owned by root)
# and not stored on insecure file systems like those exported through
# standard NFS.
# Sun Online account information. A new account can be created by visiting
# http://updates.sun.com
userName=**************
password=***********
# Name (label) of this machine as you would like it to appear on the Sun Connection
# portal. If left blank hostname will be used
hostName=devdbs01
# Service Plan / contract number with Sun. For more information on this topic
# please visit http://www.sun.com/service/warrantiescontracts/ . NOTE - a
# subscription key is required to use the Sun Connection Portal.
subscriptionKey=***************
# Allow this host to be managed by the Sun Connection Portal. If set to true,
# a subscription key is required.
portalEnabled=true
# HTTPS proxy information needed to connect to Sun for registration and patch
# updates.
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=

The error message I received was from the Sun Update Connection GUI. Once the patches I attempted to apply failed.
sysax /tmp: ./suc.sh.2
$USER:
$LOGNAME: root
Sat Feb 24 13:37:07 CST 2007
sysax
smpatch get:
patchpro.backout.directory - ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://getupdates1.sun.com/
patchpro.patchset - current
patchpro.proxy.host - ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
smpatch analyze:
119252-15 SunOS 5.10: System Administration Applications Patch
119081-25 SunOS 5.10: CD-ROM Install Boot Image Patch
124630-03 SunOS 5.10: System Administration Applications, Network and Core Libraries Patch
124188-02 SunOS 5.10: Trusted Solaris Attributes Patch
119315-07 SunOS 5.10: Solaris Management Applications Patch
121308-08 SunOS 5.10: Solaris Management Console Patch
119313-10 SunOS 5.10: WBEM Patch
119534-10 SunOS 5.10: Flash Archive Patch
119254-34 SunOS 5.10: Install and Patch Utilities Patch
119963-08 SunOS 5.10: Shared library patch for C++
120753-03 SunOS 5.10: Microtasking libraries (libmtsk) patch
123494-03 X11 6.6.2: fontconfig patch
119812-02 X11 6.6.2: Freetype patch
125014-02 SunOS 5.10: IP filter patch
120780-03 SunOS 5.10: ixgb patch
119764-05 SunOS 5.10 : ipmitool patch
124258-01 SunOS 5.10: ufs and nfs driver patch
124252-01 SunOS 5.10: nfssrv patch
120812-15 OpenGL 1.5: OpenGL Patch for Solaris
123839-04 SunOS 5.10: Fault Manager Patch
124204-04 SunOS 5.10: zfs patch
122911-02 SunOS 5.10: Apache 1.3 Patch
120543-08 SunOS 5.10: Apache 2 Patch
117463-04 SunOS 5.10: passwdutil Patch
118890-03 SunOS 5.10: llib-lc patch
125024-01 SunOS 5.10: basic audit reporting tool patch
123908-01 SunOS 5.10: ar patch
120887-06 SunOS 5.10: cdrw patch
119580-05 SunOS 5.10: libcpc Patch
124244-01 SunOS 5.10: /usr/bin/rm patch
119685-10 SunOS 5.10: svc.startd patch
124997-01 SunOS 5.10: /usr/bin/tip patch
121081-06 SunOS 5.10: Connected Customer Agents 1.1.0
120845-04 SunOS 5.10: auditd patch
124235-01 SunOS 5.10: libpam.so.1 patch
120050-05 SunOS 5.10: usermod patch
122525-03 SunOS 5.10: Sun Fire V445 patch
124614-01 SunOS 5.10: sconadm proxy: UnknownHostException
120986-10 SunOS 5.10: mkfs and newfs patch
125040-01 SunOS 5.10: /usr/lib/inet/in.mpathd patch
122517-03 SunOS 5.10: Sun Fire V215/V245 platmod patch
125035-01 SunOS 5.10: libinetsvc.so.1 patch
123334-04 SunOS 5.10: e1000g_transition patch
122660-07 SunOS 5.10: zones patch
119998-02 SunOS 5.10: arp, ip, ipsecah drivers patch
125026-01 SunOS 5.10: message queue patch
118371-08 SunOS 5.10: elfsign Patch
123328-01 SunOS 5.10: expr patch
123520-01 SunOS 5.10: basename & dirname patch
123915-01 SunOS 5.10: libcfgadm.so.1 patch
125018-02 SunOS 5.10: scsi_vhci driver patch
123912-02 SunOS 5.10: ppriv patch
118367-04 SunOS 5.10: csh Patch
125016-01 SunOS 5.10: audit and init patch
119824-02 SunOS 5.10: prstat patch
123910-01 SunOS 5.10: platform_sun4v.xml patch
122255-04 SunOS 5.10: etc/flash/precreation/caplib patch
123319-01 SunOS 5.10: sysacct patch
118557-07 SunOS 5.10: platform/sun4u/kernel/drv/sparcv9/su patch
123271-01 SunOS 5.10: iwscn patch
124922-02 SunOS 5.10: ld.so.1 patch
123301-01 SunOS 5.10: i2c_svc patch
124325-01 SunOS 5.10: rcm modules patch
121561-04 SunOS 5.10: keymap patch
124918-02 SunOS 5.10: devfsadm, devlinks, drvconfig patch
122032-04 SunOS 5.10: Update timezones patch
124916-03 SunOS 5.10: sd, ssd drivers patch
121002-03 SunOS 5.10: pax patch
123252-01 SunOS 5.10: platform/SUNW,Netra-T2000 patch
122412-01 SunOS 5.10: ipseckey patch
122408-01 SunOS 5.10: libmtmalloc patch
120473-02 SunOS 5.10: nss_compat patch
124254-02 SunOS 5.10: sockfs patch
124250-03 SunOS 5.10: rpcmod patch
122752-04 SunOS 5.10: FMA snmp patch
124999-01 SunOS 5.10: mc-us3 driver patch
125319-01 SunOS 5.10: rmc_comm patch
125028-02 SunOS 5.10: pcipsy patch
118879-02 SunOS 5.10: dhcp daemon patch
118815-05 SunOS 5.10: awk nawk patch
121286-04 SunOS 5.10: libfru.so.1 and libfrureg.so.1 patch
122363-02 SunOS 5.10: fru_container.conf and libfruaccess.so.1 patch
119974-07 SunOS 5.10: fp plug-in for cfgadm
120222-15 SunOS 5.10: Emulex-Sun LightPulse Fibre Channel Adapter driver
119130-33 SunOS 5.10: Sun Fibre Channel Device Drivers
120182-05 SunOS 5.10: Sun Fibre Channel Host Bus Adapter Library
120346-06 SunOS 5.10: Common Fibre Channel HBA API Library
124943-01 SunOS 5.10: SunFreeware gzip man pages patch
122675-01 SunOS 5.10 : SunFreeware samba man pages patch
123809-01 SunOS 5.10: rpcsec_gss patch
121239-02 SunOS 5.10: libgss patch
120719-02 SunOS 5.10 : SunFreeware gzip patch
118925-05 SunOS 5.10: unistd header file patch
124208-01 SunOS 5.10: Trusted Extensions header files patch
124280-01 SunOS 5.10: libkdb.so.1 patch
120469-05 SunOS 5.10: kerberos patch
121006-02 SunOS 5.10: libkadm5 and kadmind patch
124991-01 SunOS 5.10: llc2 driver patch
124286-01 SunOS 5.10: chkey core dump
123186-02 SunOS 5.10: NIS yp utilities patch
124987-01 SunOS 5.10: ldap_cachemgr patch
119470-10 SunOS 5.10: Sun Enterprise Network Array firmware and utilities
122404-01 SunOS 5.10: xntpd patch
124990-01 SunOS 5.10: Sun-Blade-100 libprtdiag_psr.so.1 patch
121944-02 SunOS 5.10: libpsvcpolicy and libpsvcpolicy_psr patch
122537-02 SunOS 5.10: libpiclenvmon.so.1 patch
123590-02 SunOS 5.10: PostgresSQL patch
120629-05 SunOS 5.10: libpool patch
124993-01 SunOS 5.10: in.ndpd patch
125011-01 SunOS 5.10: sendmail patch
125022-01 SunOS 5.10: usr/sbin/sar patch
122376-01 SunOS 5.10: prex patch
120068-03 SunOS 5.10: in.telnetd patch
124995-01 SunOS 5.10: ehci driver patch
121010-05 SunOS 5.10: rpc.metad patch
124256-01 SunOS 5.10: md_mirror patch
125075-01 SunOS 5.10: svc-volfs patch
125073-01 SunOS 5.10: vold patch
119555-04 SunOS 5.10: Software to support QLogic Ultra3 SCSI host bus adapters
119090-22 SunOS 5.10: Sun iSCSI Device Driver and Utilities
120272-06 SunOS 5.10: SMA patch
124463-02 SunOS sparc : cacao 2.0 patch 02
119213-11 NSS_NSPR_JSS 3.11.4: NSPR 4.6.4 / NSS 3.11.4 / JSS 4.2.4
118666-11 J2SE 5.0: update 11 patch (5.0u11)
118667-11 J2SE 5.0: update 11 patch (5.0u11), 64bit
122119-05 SunOS 5.10: Patch for Arabic Fonts
119703-08 SunOS 5.10: Patch for localeadm issues
123003-02 SunOS 5.10: dependency issue with SUNWopenssl-include
123630-01 SunOS 5.10: HTTP proxy settings patch
123005-05 SunOS 5.10: Basic Registration Update
123011-01 SunOS 5.10: BR desktop icon patch
119648-03 SunOS 5.10: vlan driver patch
118777-08 SunOS 5.10: Sun GigaSwift Ethernet 1.0 driver patch
121118-11 SunOS 5.10: Sun Update Connection System Client 1.0.9
118712-13 SunOS 5.10: Sun XVR-100 Graphics Accelerator Patch
120410-17 SunOS 5.10: Internet/Intranet Input Method Framework patch
121734-05 SunOS 5.10: patch to support addition of new UTF-8 locales
119810-03 SunOS 5.10: International Components for Unicode Patch
120099-07 APOC 1.2: Sun Java(tm) Desktop System Configuration Shared Libraries
119546-07 APOC 1.2: APOC Configuration Agent Patch
124393-02 CDE 1.6: Dtlogin smf patch
123611-02 X11 6.6.2: Trusted Extensions patch
119280-10 CDE 1.6: Runtime library patch for Solaris 10
119278-12 CDE 1.6: dtlogin patch
124405-01 CDE1.6: sdtfprop patch
124403-01 CDE1.6: dtstyle patch
124401-01 CDE1.6: dtpad patch
124399-01 CDE1.6: dtfile patch
125279-01 CDE1.6: dtsession patch
121977-02 CDE 1.6: dtlogin resources patch
124397-02 CDE1.6: libDtWidget patch
124395-01 CDE1.6: dtaction patch
119117-29 Evolution 1.4.6 patch
123938-01 GNOME 2.6.0: GNU Transport Layer Security Library Patch
119418-03 GNOME 2.6.0: Gnome On-screen Keyboard Patch
119414-13 GNOME 2.6.0: Gnome Accessibility Libraries Patch
119598-08 GNOME 2.6.0: Gnome Screen Reader and Magnifier Patch
120454-02 GNOME 2.6.0: Gnome Apoc GConf Adapter Patch
120460-10 GNOME 2.6.0: Gnome libs Patch
120284-04 GNOME 2.6.0: GNOME CORBA ORB and component framework
122212-17 GNOME 2.6.0: GNOME Desktop Patch
119410-05 GNOME 2.6.0: Gnome Applets Patch
119540-05 GNOME 2.6.0: Gnome Dtlogin configuration Patch
119548-07 GNOME 2.6.0: Gnome Multi-protocol instant messaging client Patch
123162-02 GNOME 2.6.0: Gnome Java Run Time Patch
120739-03 GNOME 2.6.0: GNOME PDF Viewer based on Xpdf
119368-05 GNOME 2.6.0: Printing Technology Patch
121606-02 GNOME 2.6.0: Python patch
120288-03 GNOME 2.6.0: Gnome terminal Patch
119906-08 Gnome 2.6.0: Virtual File System Framework patch
119538-10 GNOME 2.6.0: Window Manager Patch
119115-23 Mozilla 1.7 patch
122958-02 GNOME 2.6.0: RealPlayer media application
119903-02 OpenWindows 3.7.3: Xview Patch
119059-21 X11 6.6.2: Xsun patch
125045-01 X11 6.6.2: Xft patch
124457-01 X11 6.6.2: xdm patch
showrev -p
119788-07
120335-04
121081-05
121118-06
121118-08
121118-10
121453-02
122231-01
java -version:
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Server VM (build 1.5.0_06-b05, mixed mode)
/etc/release:
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
/var/sadm/system/admin/CLUSTER:
CLUSTER=SUNWCall
/usr/lib/cc-ccr/bin/ccr -g cns.assetid:
1917645754
patchsvr setup -l
Patch source URL: https://getupdates1.sun.com/
Cache location: /var/sadm/spool/patchsvr
sysax /tmp: ps -ef | grep cc
root 2006 2003 0 Feb 22 ? 0:17 /usr/lib/cc-cfw/platform/transport/bin/cctransport
root 2022 2017 0 Feb 22 ? 0:01 /usr/lib/cc-cfw/platform/fwagent/bin/ccfwagent
root 2003 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/transpo
root 2013 2010 0 Feb 22 ? 0:01 /usr/lib/cc-cfw/platform/ccragent/bin/ccccragent
root 2010 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/ccragen
root 2017 1 0 Feb 22 ? 0:00 /bin/sh /usr/lib/cc-cfw/framework/lib/watchdog /usr/lib/cc-cfw/platform/fwagent
noaccess 1898 1 0 Feb 22 ? 1:02 /usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilation -Djava.
root 8884 5284 0 13:39:27 console 0:00 grep cc
sysax /tmp:

Solaris 10 VLAN

Similar Messages

Maybe you are looking for