Telnet connection refused in non global zone
I have recently installed a new zone and I am trying to log into the new zone via telnet and I get the following error;
telnet: Unable to connect to remote host: Connection refused
when i check the services on the zone they are as follows;
# svcs -a
STATE STIME FMRI
legacy_run 12:25:02 lrc:/etc/rcS_d/S51installupdates
disabled 12:25:01 svc:/network/rpc/keyserv:default
disabled 12:25:01 svc:/network/rpc/nisplus:default
disabled 12:25:01 svc:/network/nis/server:default
disabled 12:25:01 svc:/network/nis/client:default
disabled 12:25:01 svc:/network/dns/client:default
disabled 12:25:01 svc:/network/ldap/client:default
disabled 12:25:01 svc:/network/nfs/cbd:default
disabled 12:25:01 svc:/network/nfs/mapid:default
disabled 12:25:01 svc:/network/inetd-upgrade:default
disabled 12:25:01 svc:/system/auditd:default
disabled 12:25:01 svc:/application/print/server:default
disabled 12:25:01 svc:/network/ntp:default
disabled 12:25:01 svc:/system/rcap:default
disabled 12:25:01 svc:/network/dhcp-server:default
disabled 12:25:01 svc:/network/nfs/server:default
disabled 12:25:01 svc:/network/rarp:default
disabled 12:25:01 svc:/network/rpc/bootparams:default
disabled 12:25:01 svc:/application/gdm2-login:default
disabled 12:25:01 svc:/application/management/webmin:default
disabled 12:25:02 svc:/network/dns/server:default
disabled 12:25:02 svc:/network/http:apache2
disabled 12:25:02 svc:/network/nis/passwd:default
disabled 12:25:02 svc:/network/nis/update:default
disabled 12:25:02 svc:/network/nis/xfr:default
disabled 12:25:02 svc:/network/security/kadmin:default
disabled 12:25:02 svc:/network/security/krb5kdc:default
disabled 12:25:02 svc:/network/slp:default
disabled 12:25:02 svc:/system/consadm:default
disabled 12:25:02 svc:/system/filesystem/volfs:default
disabled 12:25:02 svc:/system/sar:default
online 12:25:00 svc:/system/svc/restarter:default
online 12:25:01 svc:/network/physical:default
online 12:25:01 svc:/network/loopback:default
online 12:25:01 svc:/milestone/name-services:default
online 12:25:01 svc:/system/filesystem/root:default
online 12:25:01 svc:/milestone/network:default
online 12:25:01 svc:/system/identity:node
online 12:25:01 svc:/system/boot-archive:default
online 12:25:01 svc:/system/filesystem/usr:default
online 12:25:01 svc:/system/device/local:default
online 12:25:02 svc:/system/keymap:default
online 12:25:02 svc:/milestone/devices:default
online 12:25:02 svc:/system/filesystem/minimal:default
online 12:25:02 svc:/system/rmtmpfiles:default
online 12:25:02 svc:/system/cryptosvc:default
online 12:25:02 svc:/application/print/cleanup:default
online 12:25:02 svc:/system/name-service-cache:default
online 12:25:02 svc:/system/identity:domain
online 12:25:02 svc:/network/initial:default
online 12:25:02 svc:/network/service:default
online 12:25:02 svc:/system/manifest-import:default
online 12:25:02 svc:/milestone/single-user:default
online 12:25:02 svc:/system/filesystem/local:default
online 12:25:02 svc:/system/cron:default
online 12:25:02 svc:/application/font/fc-cache:default
online 12:25:02 svc:/system/coreadm:default
online 12:25:02 svc:/system/sysidtool:net
online 12:25:02 svc:/network/rpc/bind:default
online 12:25:03 svc:/network/nfs/status:default
online 12:25:03 svc:/network/nfs/nlockmgr:default
offline 12:25:01 svc:/system/utmp:default
offline 12:25:01 svc:/milestone/sysconfig:default
offline 12:25:01 svc:/network/inetd:default
offline 12:25:01 svc:/system/filesystem/autofs:default
offline 12:25:01 svc:/system/system-log:default
offline 12:25:01 svc:/system/console-login:default
offline 12:25:01 svc:/network/nfs/client:default
offline 12:25:01 svc:/network/smtp:sendmail
offline 12:25:01 svc:/milestone/multi-user:default
offline 12:25:01 svc:/network/ssh:default
offline 12:25:01 svc:/milestone/multi-user-server:default
offline 12:25:01 svc:/application/print/ipp-listener:default
offline 12:25:02 svc:/system/sac:default
offline* 12:25:02 svc:/system/sysidtool:system
uninitialized 12:25:01 svc:/network/rpc/gss:default
uninitialized 12:25:01 svc:/application/font/stfsloader:default
uninitialized 12:25:01 svc:/application/print/rfc1179:default
uninitialized 12:25:01 svc:/application/x11/xfs:default
uninitialized 12:25:01 svc:/network/apocd/udp:default
uninitialized 12:25:01 svc:/network/chargen:dgram
uninitialized 12:25:01 svc:/network/chargen:stream
uninitialized 12:25:02 svc:/network/comsat:default
uninitialized 12:25:02 svc:/network/daytime:dgram
uninitialized 12:25:02 svc:/network/daytime:stream
uninitialized 12:25:02 svc:/network/discard:dgram
uninitialized 12:25:02 svc:/network/discard:stream
uninitialized 12:25:02 svc:/network/echo:dgram
uninitialized 12:25:02 svc:/network/echo:stream
uninitialized 12:25:02 svc:/network/finger:default
uninitialized 12:25:02 svc:/network/ftp:default
uninitialized 12:25:02 svc:/network/login:eklogin
uninitialized 12:25:02 svc:/network/login:klogin
uninitialized 12:25:02 svc:/network/login:rlogin
uninitialized 12:25:02 svc:/network/nfs/rquota:default
uninitialized 12:25:02 svc:/network/rexec:default
uninitialized 12:25:02 svc:/network/rpc/ocfserv:default
uninitialized 12:25:02 svc:/network/rpc/rex:default
uninitialized 12:25:02 svc:/network/rpc/rstat:default
uninitialized 12:25:02 svc:/network/rpc/rusers:default
uninitialized 12:25:02 svc:/network/rpc/smserver:default
uninitialized 12:25:02 svc:/network/rpc/spray:default
uninitialized 12:25:02 svc:/network/rpc/wall:default
uninitialized 12:25:02 svc:/network/security/krb5_prop:default
uninitialized 12:25:02 svc:/network/security/ktkt_warn:default
uninitialized 12:25:02 svc:/network/shell:default
uninitialized 12:25:02 svc:/network/shell:kshell
uninitialized 12:25:02 svc:/network/talk:default
uninitialized 12:25:02 svc:/network/telnet:default
uninitialized 12:25:02 svc:/network/time:dgram
uninitialized 12:25:02 svc:/network/time:stream
uninitialized 12:25:02 svc:/network/tname:default
uninitialized 12:25:02 svc:/network/uucp:default
uninitialized 12:25:02 svc:/network/rpc-100235_1/rpc_ticotsord:default
uninitialized 12:25:02 svc:/network/rpc-100083_1/rpc_tcp:default
uninitialized 12:25:02 svc:/network/rpc-100068_2-5/rpc_udp:default
any suggestions? Thanks in advance.
After taking your suggestions, i found that there was no loghost defined in /etc/host. I defined one and now all of my services came up. I still don't have any ssh, it says
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 2. Could not load hostkey or GSS-API mechanisms
sshd: no hostkeys available -- exiting.
Any suggestions? Thanks for yur help, i will make sure to give you a star.
Harvey
Similar Messages
-
Hi,
I have a Solaris 11.1 T4 server. I created a 'flar' from a Solaris 10 (U7) server and created a Solaris 10 zone on the T4.
zonecfg has the IP address configured (can't copy and paste) correctly.
The global zone has net1:1 configured with the IP address, however net1 is 0.0.0.0.
I can ping the IP address, but attempts to ssh to the address receive the 'connection refused' error.
On the non-global zone I tried to start ssh unsuccessfully without errors...
What else am I missing?
Cheers
Craig.Hi.
Try connect to zone's console ( zlogin -C ) . Possible zone not fully installed.
Show result of :
svcs -xv
What errors or messages happens when you try start ssh service ?
Regards. -
Non-global zones and unix sockets
Hello, I have a problem with local zones and unix socket sharing. I've created directory in global zone for ex. /zones/shared. Added it to zones via 'add fs, type=lofs' . In one zone I'm putting mysql socket in it and I want that other local zones could use it. Is it possible to share socket between zones?
After all my experiments I'm always getting 'can't connect to mysql ... (146)' , 146 is 'connection refused' error.These services are off-line in the non-global zone, which is why non of the
rc2.d or rc3.d scripts are being run:
offline Dec_12 svc:/milestone/multi-user-server:default
offline Dec_12 svc:/milestone/multi-user:default
Any idea how to enable these, and why they are offline?
Michael
Created a non-global zone on a Solaris 10 box.
Boots up ok and I can login with zlogin.
It doesn't seem to run any of the scripts in
/etc/rc2.d or /etc/rc3.d
I know Solaris 10 uses "Service Management Facility"
for most services now,
but could still run legacy scripts in /etc/init.d ?
Also I can't get sshd to start on the non-global
zone.
# svcs -a |grep ssh2
offline 11:44:58 svc:/network/ssh:default
# svcadm enable -t svc:/network/ssh:default
# svcs -a |grep ssh2
offline 11:44:58 svc:/network/ssh:default
Anyone got any ideas?
Michael -
How to enable GUI in a non global zone in solaris11?
How to enable graphical logon in a non global zone in solaris11, so the zone can be login by Xmanager? Thanks!
This guide will cover how to setup a basic VNC connection to a Solaris 11 machine. There is also an optional step to allow for persistent VNC connections.
Step 1
Configure GDM to include ‘[security] DisallowTCP=false’ and ‘[xdmcp] Enable=true’.
$ sudo gedit /etc/gdm/custom.conf
# GDM configuration storage
[daemon]
[security]
DisallowTCP=false
[xdmcp]
Enable=true
[greeter]
[chooser]
[debug]
Step 2
Configure X-Server to accept remote connections.
# svccfg -s application/x11/x11-server
svc:/application/x11/x11-server> setprop options/tcp_listen = boolean: true
svc:/application/x11/x11-server> end
Step 3
Configure the VNC service (you could change the ‘-geometry 1280×720′ to whatever resolution you would like).
# svccfg -s xvnc-inetd
svc:/application/x11/xvnc-inetd> setprop inetd_start/exec = astring: "/usr/bin/Xvnc -desktop sol11:0 -geometry 1024x768 -inetd -query localhost -once securitytypes=none"
svc:/application/x11/xvnc-inetd> setprop inetd/wait = boolean: true
svc:/application/x11/xvnc-inetd> end
** The line highlighted red is optional – only do this if you want your VNC connection to persist (as well as any potential security issues)
or
# svccfg -s xvnc-inetd
svc:/application/x11/xvnc-inetd> editprop
search for # setprop inetd_start/exec = astring: "/usr/bin/Xvnc
copy the line, uncomment the copy, makethe changes above, write the file out.
svcadm refresh xvnc-inetd
Step 4
Disable and the re-enable the GDM and VNC-inetd services for the changes to take effect.
$ su root
Password:
# svcadm disable gdm xvnc-inetd; svcadm enable gdm xvnc-inetd
If still in maintenance, reboot (I had to, don't know why).
Step 5
Point your favourite VNC client at your Solaris server and test if it accepts your VNC connection – you should be presented with a Username/Password login screen.
If you performed the optional step to make your connections persist – close your favourite VNC client and then reconnect – if you remained logged in you have a persistent connections.
Greg on said:
After a fresh text install of Solaris-11 (11/11) both xvnc-inetd and gdm are not present. After installing them (# pkg install xvnc-inetd gdm) I can’t get gdm to start:
# svcadm enable gdm
# svcs gdm
offline 10:24:03 svc:/application/graphical-login/gdm:default
Any thoughts?
Ron on said:
You are missing some X packages. Do the following:
pkg install slim_install # installs 400+ packages
svcadm enable gdm && exit # gdm now works
pkg uninstall slim_install # uninstalls the installer package only -
Make non-global zone svcs persistant accross reboots
Q: Solaris 10 services such as telnet will need to be enabled after installation of non-glabal zones. Command "svcs enable telnet" did not leave telnet enabled after rebooting a non-global zone. Any suggestions? Thanks.
Did you do the "svcs enable telnet" while zlogin'ed to the zone.
If so it should have worked. -
*Missing utilities in Solaris11 Non global zone.*
Hi,
I created Non Global zone in Solaris 11, I found many utilities are missing in Non Global zone machine. For example in non global zone /usr/xpg4/bin contains only 2 utilities where as in global zone I have 68utilities. I copied few utilities from my global zone machine which ever is required for me(ex: id,grep,egrep....). I need to enable rlogin, telnet, ftp in my Solaris 11 non global zone machine. I installed pkg:/service/network/legacy-remote-utilities. But no luck. In some thread i found workaround to enable rlogin.
rlogin on zones in solaris 11 i found a workaround.
Need to copy 2 binaries and 2 .xml manifest from GZ to NGZ
cp /usr/sbin/in.rlogind
cp /lib/svc/manifest/network/login.xml
cp /usr/sbin/in.rshd
cp /lib/svc/manifest/network/shell.xml
Question1: how about other services?
Question2: As a concept It has to have all the utilities which is available in Global zone. Why these many utilities are missing? Am I doing any thing wrong or is it zone limitation? we are facing issue in only Solaris 11. where as in Solaris10 every thing works fine.What you observed is normal. The basic Solaris 11 zone install gives you a somewhat minimal install. If you want additional packages, you can install them. If you want the zone install to have what you would install from a CD I suppose you could do a the following:
pkg install slim_install
pkg uninstall slim_install
My understanding is that the slim_install package contains dependencies which loads all of the desktop software but doesn't contain any content itself - which is why you can (and should) remove it afterwards.
That said, normally one uses a zone for a particular purpose. A better approach might be to install only the software in the zone which is needed for that purpose. That would save space, limit security exposure and reduce maintenance overhead. If your purpose is to have a full user environment, that may be to include all the slim_install packages and maybe others as well.
I would recommend that you not install services by copying files. If you need a service find out what package contains that service and install the package in the zone. That way you won't break maintenance via pkg update.
So - your questions:
1. A Solaris 11 zone install is minimal, presumably to make it easy to set up simple single function zones. Additional packages can be added as needed using "pkg install" as needed to provide any necessary services.
2. Solaris 10 zones work differently and import most packages from the global zone. With Solaris 10 sparse zones, you actually use the same files from the global zone. Solaris 11 zones are different in that they are actually a separate install. The basic install is minimal, presumably to allow for small and simple single function zones. You are not doing anything wrong with respect to the basic install, this is just how things work. -
Non-global zone sending TCP SYN-ACK packet over wrong interface.
After spending many hours looking at ipmon/ethereal logs, I believe I've found
a explanation (a bug?) for the following strange behaviour (Solaris 10u1):
I've got a non-global zone with Apache2 with dedicated IP and bound to interface e1000g2 of a Sun X4200 box. The global zone has a different dedicated IP bound to a different interface e1000g0.
When I point a browser at the web site, the HTML page often comes up immediately, but sometimes it will hang and only load when I press the reload browser button one or multiple times. This is reproducible with different browsers from different networks with or without DNS resolution. It's reproducible with other non-local zones configured alike and running different TCP based services (namely SSH or non-Apache HTTP).
This is what happens in a failing case (Ethereal client dump "dump_failed.txt" and IPF log "att1.txt" lines 1-3 pp): the incoming TCP SYN comes over interface e1000g2 (correct) and is passed by IPF. However, the non-global zone sends the TCP SYN-ACK package back over interface e1000g0, which is wrong and causes IPF to fail to build a correct state entry. Then, afterwards, the response packets from the webserver will be filtered by IPF, since it has no state entry.
In the success case (Ethereal client dump "dump_success.txt" and IPF log "att1.txt" lines 19-21 pp), the incoming TCP SYN is answered correctly by a TCP SYN-ACK both over interface e1000g2. IPF can build a state entry and all subsequent packets from the webserver reach the client.
=====
The non-global zone has this setup:
zonecfg:ws1> info
...snip...
net:
address: 62.146.25.34
physical: e1000g2
zonecfg:ws1>
=====
The relevant (as of the IPF log) IPF rules are:
rule 1: block out log all
rule 16: pass in log quick proto tcp from any to 62.146.25.34 port = 80 keep state
=====
If I didn't miss an important point, I suspect this to be a bug in Zones and/or IPF.
Any hints?
Thx,
Tobias
"att1.txt":
LINE PACKET_DT PACKET_FS PACKET_IFC RULE_NUMBER RULE_ACTION SOURCE_IP SOURCE_PORT DEST_IP DEST_PORT PROTOCOL TCP_FLAGS
1 08.05.2006 21:24:09 786741 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp S
2 08.05.2006 21:24:09 786863 e1000g0 16 p 62.146.25.34 80 84.56.16.159 60693 tcp AS
3 08.05.2006 21:24:09 808218 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp A
4 08.05.2006 21:24:09 837170 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
5 08.05.2006 21:24:09 837189 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
6 08.05.2006 21:24:09 837479 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
7 08.05.2006 21:24:12 823801 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
8 08.05.2006 21:24:12 823832 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
9 08.05.2006 21:24:13 210039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
10 08.05.2006 21:24:18 839318 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
11 08.05.2006 21:24:18 839351 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
12 08.05.2006 21:24:19 970040 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
13 08.05.2006 21:24:24 840073 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AF
14 08.05.2006 21:24:30 870503 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
15 08.05.2006 21:24:30 870538 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
16 08.05.2006 21:24:33 480059 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
17 08.05.2006 21:24:45 347464 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AF
18 08.05.2006 21:24:45 347498 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
19 08.05.2006 21:24:47 857068 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp S
20 08.05.2006 21:24:47 857118 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AS
21 08.05.2006 21:24:47 878257 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
22 08.05.2006 21:24:47 907630 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AP
23 08.05.2006 21:24:47 907644 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
24 08.05.2006 21:24:47 907892 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AP
25 08.05.2006 21:24:47 976361 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AP
26 08.05.2006 21:24:47 976375 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
27 08.05.2006 21:24:47 976487 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AP
28 08.05.2006 21:24:48 127599 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
29 08.05.2006 21:24:54 932569 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AFP
30 08.05.2006 21:24:54 932595 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
31 08.05.2006 21:25:00 490052 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
32 08.05.2006 21:25:02 980057 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AF
33 08.05.2006 21:25:03 1890 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
34 08.05.2006 21:25:09 907916 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AF
35 08.05.2006 21:25:09 907949 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
36 08.05.2006 21:25:42 948502 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AFP
37 08.05.2006 21:25:42 948535 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
38 08.05.2006 21:25:54 500051 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
39 08.05.2006 21:26:54 510046 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
40 08.05.2006 21:27:54 520041 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
41 08.05.2006 21:28:54 530040 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
42 08.05.2006 21:29:54 540039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
43 08.05.2006 21:30:54 550039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
44 08.05.2006 21:31:54 560041 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
"dump_failed.txt":
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.101 62.146.25.34 TCP 1079 > http [SYN] Seq=0 Len=0 MSS=1460
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x0269 (617)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde9d [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 0, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
Window size: 65535
Checksum: 0x5c3c [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
2 0.022698 62.146.25.34 192.168.1.101 TCP http > 1079 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x002f (47)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ed8 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1079 (1079), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 1079 (1079)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
Window size: 49368
Checksum: 0xd017 [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
3 0.022749 192.168.1.101 62.146.25.34 TCP 1079 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x026a (618)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdea4 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xbdac]
No. Time Source Destination Protocol Info
4 0.022919 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
Frame 4 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x026b (619)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcfd [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
5 3.013084 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 5 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x0276 (630)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcf2 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
6 9.029003 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 6 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x027f (639)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdce9 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
7 21.060827 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 7 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x0284 (644)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdce4 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
8 35.561984 192.168.1.101 62.146.25.34 TCP 1079 > http [FIN, ACK] Seq=423 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x029a (666)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde74 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 423, Ack: 1, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xbc05]
"dump_success.txt":
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.101 62.146.25.34 TCP 1083 > http [SYN] Seq=0 Len=0 MSS=1460
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x02a3 (675)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde63 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 0, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
Window size: 65535
Checksum: 0x70ca [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
2 0.020553 62.146.25.34 192.168.1.101 TCP http > 1083 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x006b (107)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2e9c [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
Window size: 49368
Checksum: 0xb530 [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
3 0.020599 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x02a4 (676)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde6a [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xa2c5]
No. Time Source Destination Protocol Info
4 0.020746 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
Frame 4 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x02a5 (677)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcc3 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xb2be]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
5 0.071290 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=1 Ack=423 Win=49368 Len=0
Frame 5 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x006c (108)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ea3 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 423 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 49368
Checksum: 0xe046 [correct]
No. Time Source Destination Protocol Info
6 0.075838 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 200 OK (text/html)
Frame 6 (413 bytes on wire, 413 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 399
Identification: 0x006d (109)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2d3b [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 359
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 1 (relative sequence number)
Next sequence number: 360 (relative sequence number)
Acknowledgement number: 423 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 49368
Checksum: 0x29b8 [correct]
Hypertext Transfer Protocol
Line-based text data: text/html
No. Time Source Destination Protocol Info
7 0.095473 192.168.1.101 62.146.25.34 HTTP GET /favicon.ico HTTP/1.1
Frame 7 (407 bytes on wire, 407 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 393
Identification: 0x02aa (682)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdd03 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 423, Ack: 360, Len: 353
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 423 (relative sequence number)
Next sequence number: 776 (relative sequence number)
Acknowledgement number: 360 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65176
Checksum: 0x1b3d [incorrect, should be 0x1e0c]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
8 0.139786 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=360 Ack=776 Win=49368 Len=0
Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x006e (110)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ea1 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 360 (relative sequence number)
Acknowledgement number: 776 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 49368
Checksum: 0xdd7e [correct]
No. Time Source Destination Protocol Info
9 0.144850 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 404 Not Found (text/html)
Frame 9 (464 bytes on wire, 464 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 450
Identification: 0x006f (111)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2d06 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 410
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 360 (relative sequence number)
Next sequence number: 770 (relative sequence number)
Acknowledgement number: 776 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 49368
Checksum: 0x7a71 [correct]
Hypertext Transfer Protocol
Line-based text data: text/html
No. Time Source Destination Protocol Info
10 0.269307 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=776 Ack=770 Win=64766 [TCP CHECKSUM INCORRECT] Len=0
Frame 10 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x02af (687)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde5f [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 776, Ack: 770, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 776 (relative sequence number)
Acknowledgement number: 770 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 64766
Checksum: 0x19dc [incorrect, should be 0x9fbe]lev wrote:This performance regression renders openvpn with a tun adapter unusable if client and server use kernel 3.14 .
Thus I created a bug report: https://bugs.archlinux.org/task/40089
i actually noticed it to be an "either-or" type of thing; my Windows clients were seeing the same thing coming off a 3.14 openvpn server.
yeah, weird issue. like i noticed spurts of even-powers-of-2 sized packets
Client connecting to 10.10.10.6, TCP port 5001
TCP window size: 416 KByte
[ 3] local 10.10.10.1 port 40643 connected with 10.10.10.6 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 2.0- 4.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 4.0- 6.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 6.0- 8.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 8.0-10.0 sec 128 KBytes 524 Kbits/sec
[ 3] 10.0-12.0 sec 128 KBytes 524 Kbits/sec
[ 3] 12.0-14.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 14.0-16.0 sec 128 KBytes 524 Kbits/sec
[ 3] 16.0-18.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 18.0-20.0 sec 128 KBytes 524 Kbits/sec
[ 3] 20.0-22.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 22.0-24.0 sec 256 KBytes 1.05 Mbits/sec
[ 3] 24.0-26.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 26.0-28.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 28.0-30.0 sec 256 KBytes 1.05 Mbits/sec
[ 3] 30.0-32.0 sec 128 KBytes 524 Kbits/sec
[ 3] 32.0-34.0 sec 640 KBytes 2.62 Mbits/sec
[ 3] 34.0-36.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 36.0-38.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 38.0-40.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 40.0-42.0 sec 128 KBytes 524 Kbits/sec -
Adding remote printer to non-global zone
I have a non-global zone with a remote printer defined, and lpstat shows
# lpstat -lp abcdef
printer abcdef disabled since Thu Jun 06 13:18:43 2013. available.
Remote Name: abcdef
Remote Server: 192.168.x.x
On another non-global zone I want to print to the same printer. I referred to the Solaris Printing SAG, and I thought all I had to do is
lpadmin -p abcdef -s abcdefserver
but lpstat -lp abcdef gives
Failed to get printer info for abcdef: not-found
The zone is
SunOS myzone 5.10 Generic_142909-17 sun4u sparc SUNW,Sun-Fire-V490
and the destination (abcdefserver) is a Windows server with the LPD service installed.
What else do I have to do? I can ping and telnet abcdefserver:515, so the network part seems to be fine.Please follow the procedure that you can find there : http://docs.oracle.com/cd/E19082-01/819-7761/ertsp/index.html
-
Unexpected behavior: Solaris10 , vlan , ipmp, non-global zones
I've configured a System with several non-global zones.
Each of them has ip - connection via a seperate vlan (1 vlan for each nonglobal zone). The vlans are established by the global zone. They are additionally brought under control of ipmp.
I followed the instructions described at:
http://forum.sun.com/thread.jspa?threadID=21225&messageID=59653#59653
to create the defaultrouters for the non-global zones.
In addition to that, I've created the default route for the 2nd ipmp-interface. (to keep the route in the non-global Zone in case of ipmp-failover)
ie:
route add default 172.16.3.1 -ifp ce1222000
route add default 172.16.3.1 -ifp ce1222002Furthermore, i' ve put the 172.16.3.1 in the /etc/defaultrouter of the global zone, to ensure it will be the 1st entry in the routing table (because it's the defaultrouter for the global zone)
Here the unexpected:
Tried to reach a ip-target ouside the configured subnets, say 172.16.1.3 , via icmp. The router 172.16.3.1 knows the proper route to get it. The 1st tries (can't remember the exact number) went through ce1222000 and associated icmp-replies travelled back trough ce1222000. But suddenly the outgoing interface changed to ce1322000 or ce1122000 ! The defaultrouters configured on these vlans are not aware of the 172.16.1.3 (172.16.1.0/24), and there was no answer. The defaultroutes seemed to be "cycled" between the configured.
Furthermore the connection from the outside to the nonglobal-zones (wich do have only 1 defaultrouter configured: the one of the vlan the non-global Zone belongs to) was broken intermittent.
So, how to get the combination of VLAN ,IPMP, diff. defaultrouters, non-global Zones running?
Got the following config visible in the global zone:
(the 172.13.x.y are sc3.1u4 priv. interconnect)
netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
172.31.193.1 127.0.0.1 UH 1 0 lo0
172.16.19.0 172.16.19.6 U 1 4474 ce1322000
172.16.19.0 172.16.19.6 U 1 0 ce1322000:1
172.16.19.0 172.16.19.6 U 1 1791 ce1322002
172.31.1.0 172.31.1.2 U 1 271194 ce5
172.31.0.128 172.31.0.130 U 1 271158 ce1
172.16.11.0 172.16.11.6 U 1 8715 ce1122000
172.16.11.0 172.16.11.6 U 1 0 ce1122000:1
172.16.11.0 172.16.11.6 U 1 7398 ce1122002
172.16.3.0 172.16.3.6 U 1 4888 ce1222000
172.16.3.0 172.16.3.6 U 1 0 ce1222000:1
172.16.3.0 172.16.3.6 U 1 4236 ce1222002
172.16.27.0 172.16.27.6 U 1 0 ce1411000
172.16.27.0 172.16.27.6 U 1 0 ce1411000:1
172.16.27.0 172.16.27.6 U 1 0 ce1411002
192.168.0.0 192.168.0.62 U 1 24469 ce3
172.31.193.0 172.31.193.2 U 1 651 clprivnet0
172.16.11.0 172.16.11.6 U 1 0 ce1122002:1
224.0.0.0 192.168.0.62 U 1 0 ce3
default 172.16.3.1 UG 1 1454
default 172.16.19.1 UG 1 0 ce1322000
default 172.16.19.1 UG 1 0 ce1322002
default 172.16.11.1 UG 1 0 ce1122000
default 172.16.11.1 UG 1 0 ce1122002
default 172.16.3.1 UG 1 0 ce1222000
default 172.16.3.1 UG 1 0 ce1222002
127.0.0.1 127.0.0.1 UH 41048047 lo
#ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-BTO1-1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-BTO1-2
inet 127.0.0.1 netmask ff000000
lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-ITR1-1
inet 127.0.0.1 netmask ff000000
lo0:4: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-TDN1-1
inet 127.0.0.1 netmask ff000000
lo0:5: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-DRB1-1
inet 127.0.0.1 netmask ff000000
ce1: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500
index 10
inet 172.31.0.130 netmask ffffff00 broadcast 172.31.0.255
ether 0:3:ba:f:63:95
ce3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
inet 192.168.0.62 netmask ffffff00 broadcast 192.168.0.255
groupname ipmp0
ether 0:3:ba:f:68:1
ce5: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500
index 9
inet 172.31.1.2 netmask ffffff00 broadcast 172.31.1.127
ether 0:3:ba:d5:b1:44
ce1122000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
index 2
inet 172.16.11.6 netmask ffffff00 broadcast 172.16.11.127
groupname ipmp2
ether 0:3:ba:f:63:94
ce1122000:1:
flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
mtu 1500 index 2
inet 172.16.11.7 netmask ffffff00 broadcast 172.16.11.127
ce1122002:
flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 3
inet 172.16.11.8 netmask ffffff00 broadcast 172.16.11.127
groupname ipmp2
ether 0:3:ba:f:68:0
ce1122002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 3
inet 172.16.11.10 netmask ffffff00 broadcast 172.16.11.255
ce1122002:2: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 3
zone Z-ITR1-1
inet 172.16.11.9 netmask ffffff00 broadcast 172.16.11.255
ce1222000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
index 4
inet 172.16.3.6 netmask ffffff00 broadcast 172.16.3.127
groupname ipmp3
ether 0:3:ba:f:63:94
ce1222000:1:
flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
mtu 1500 index 4
inet 172.16.3.7 netmask ffffff00 broadcast 172.16.3.127
ce1222002:
flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 5
inet 172.16.3.8 netmask ffffff00 broadcast 172.16.3.127
groupname ipmp3
ether 0:3:ba:f:68:0
ce1222002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 5
zone Z-BTO1-1
inet 172.16.3.9 netmask ffffff00 broadcast 172.16.3.255
ce1222002:2: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 5
zone Z-BTO1-2
inet 172.16.3.10 netmask ffffff00 broadcast 172.16.3.255
ce1322000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
index 6
inet 172.16.19.6 netmask ffffff00 broadcast 172.16.19.127
groupname ipmp1
ether 0:3:ba:f:63:94
ce1322000:1:
flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
mtu 1500 index 6
inet 172.16.19.7 netmask ffffff00 broadcast 172.16.19.127
ce1322002:
flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 7
inet 172.16.19.8 netmask ffffff00 broadcast 172.16.19.127
groupname ipmp1
ether 0:3:ba:f:68:0
ce1322002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 7
zone Z-TDN1-1
inet 172.16.19.9 netmask ffffff00 broadcast 172.16.19.255
ce1411000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
index 12
inet 172.16.27.6 netmask ffffff00 broadcast 172.16.27.255
groupname ipmp4
ether 0:3:ba:f:63:94
ce1411000:1:
flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
mtu 1500 index 12
inet 172.16.27.7 netmask ffffff00 broadcast 172.16.27.255
ce1411002:
flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 13
inet 172.16.27.8 netmask ffffff00 broadcast 172.16.27.255
groupname ipmp4
ether 0:3:ba:f:68:0
ce1411002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 13
zone Z-DRB1-1
inet 172.16.27.9 netmask ffffff00 broadcast 172.16.27.255
clprivnet0:
flags=1009843<UP,BROADCAST,RUNNING,MULTICAST,MULTI_BCAST,PRIVATE,IPv4> mtu
1500 index 11
inet 172.31.193.2 netmask ffffff00 broadcast 172.31.193.255
ether 0:0:0:0:0:2 -
Not all non-global zones updated for DST
We have one server with Solaris 10 and four non-global zones. I installed patch 122032-03 to the global zone and it installed successfull, according to the log. With the DST change on 3/11, TWO of the non-global zones and the global zone updated correctly to daylight time, but the other TWO non-global zone DID NOT. Does anyone know what would cause this?
I have also tried to manually change the time on the two non-global zones and have not been able to; as root I get the message "not owner"
ainsworth:hughesm> su -
Password:
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have mail.
# date
Tue Mar 13 12:02:45 PST 2007
# date -u
Tue Mar 13 20:03:16 GMT 2007
# date
Tue Mar 13 12:04:31 PST 2007
# date 0313130007
date: Not owner
usage: date [-u] mmddHHMM[[cc]yy][.SS]
date [-u] [+format]
date -a [-]sss[.fff]
Fortunately, these were just test zones. They were set up by a previous admin to be used for pgpftp, so I'm wondering if there are some special configurations for security that is preventing the time change.Thanks for replying.
I rebooted from the global zone. All the zones have the same uptime as the global zone, except one that was rebooted more recently.
Quick question - how do I tell if it's a sparse zone or full zone?
One of the zones that the time change worked on:
$ zdump -v US/Pacific | grep 2007
US/Pacific Tue Mar 13 22:37:59 2007 UTC = Tue Mar 13 15:37:59 2007 PDT isdst=1
US/Pacific Sun Mar 11 09:59:59 2007 UTC = Sun Mar 11 01:59:59 2007 PST isdst=0
US/Pacific Sun Mar 11 10:00:00 2007 UTC = Sun Mar 11 03:00:00 2007 PDT isdst=1
US/Pacific Sun Nov 4 08:59:59 2007 UTC = Sun Nov 4 01:59:59 2007 PDT isdst=1
US/Pacific Sun Nov 4 09:00:00 2007 UTC = Sun Nov 4 01:00:00 2007 PST isdst=0
tsbackup:hughesm> cd /usr/share/lib/zoneinfo; ls -al | grep Pac
drwxr-xr-x 2 root bin 1024 Jan 19 11:19 Pacific
cathedral:hughesm> cd /usr/share/lib/zoneinfo; ls -al | grep Pac (the global zone)
drwxr-xr-x 2 root bin 1024 Jan 19 11:19 Pacific
One zone that didn't work: (the other one that did not work is the same)
# zdump -v US/Pacific | grep 2007
US/Pacific Tue Mar 13 22:45:33 2007 UTC = Tue Mar 13 14:45:33 2007 PST isdst=0
US/Pacific Sun Apr 1 09:59:59 2007 UTC = Sun Apr 1 01:59:59 2007 PST isdst=0
US/Pacific Sun Apr 1 10:00:00 2007 UTC = Sun Apr 1 03:00:00 2007 PDT isdst=1
US/Pacific Sun Oct 28 08:59:59 2007 UTC = Sun Oct 28 01:59:59 2007 PDT isdst=1
US/Pacific Sun Oct 28 09:00:00 2007 UTC = Sun Oct 28 01:00:00 2007 PST isdst=0
# uname -a
SunOS albina 5.10 Generic_118822-02 sun4u sparc SUNW,Ultra-4
# cd /usr/share/lib/zoneinfo (non-global zone that did not update)
# ls -al | grep Pac
drwxr-xr-x 2 root bin 1024 Apr 20 2005 Pacific
I was thinking of trying to apply the patch within the zone itself, but when I tried smpatch analyze, it didn't list it:
# smpatch analyze
120900-04 SunOS 5.10: libzonecfg Patch
121133-02 SunOS 5.10: zones library and zones utility patch
119254-27 SunOS 5.10: Install and Patch Utilities Patch
119574-02 SunOS 5.10: su patch
121453-02 SunOS 5.10: Sun Update Connection Client Foundation
121118-08 SunOS 5.10: Sun Update Connection System Client 1.0.8
121081-05 SunOS 5.10: Connected Customer Agents 1.1.0
122231-01 SunOS 5.10 Sun Connection agents, transport certificate update
I attempted to add the patch using smpatch, but I've never run it here before so it's probably not configured right:
# smpatch update -i 122032-03
122032-03 cannot be validated.
com.sun.patchpro.model.PatchProRuntimeException: Unexpected throwable
at com.sun.patchpro.cli.PatchServices.waitForThread(PatchServices.java:1284)
at com.sun.patchpro.cli.PatchServices.installPatches(PatchServices.java:1121)
at com.sun.patchpro.cli.PatchServices.main(PatchServices.java:510)
Caused by:
java.lang.Throwable: ERROR: Failed to validate the digital signature(s).
at com.sun.patchpro.model.PatchProModel$InnerDownloadPatchThread.downloadPatchFailed(PatchProModel.java:2855)
at com.sun.patchpro.server.GroupPatchDownloader.dispatchFailedEvent(GroupPatchDownloader.java:384)
at com.sun.patchpro.server.GroupPatchDownloader.downloadPatchFailed(GroupPatchDownloader.java:335)
at com.sun.patchpro.server.ServerPatchServiceProvider.dispatchFailedEvent(ServerPatchServiceProvider.java:2577
at com.sun.patchpro.server.ServerPatchServiceProvider.validatePatchBundle(ServerPatchServiceProvider.java:2196
at com.sun.patchpro.server.ServerPatchServiceProvider.requestDownload(ServerPatchServiceProvider.java:1780)
at com.sun.patchpro.server.ServerPatchServiceProvider.performDownloadPatches(ServerPatchServiceProvider.java:1
2)
at com.sun.patchpro.server.ServerPatchServiceProvider.downloadPatches(ServerPatchServiceProvider.java:860)
at com.sun.patchpro.server.PatchServerProxy.downloadPatches(PatchServerProxy.java:142)
at com.sun.patchpro.server.GroupPatchDownloader.downloadPatches(GroupPatchDownloader.java:124)
at com.sun.patchpro.model.PatchProModel.performPatchDownload(PatchProModel.java:1932)
at com.sun.patchpro.model.PatchProStateMachine$10.run(PatchProStateMachine.java:526)
at com.sun.patchpro.util.State.run(State.java:266)
at java.lang.Thread.run(Thread.java:595)
So then I attempted to add the patch using patchadd:
# patchadd 122032-03
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for installation.
Done!
Global patches.
0 Patch 122032-03 is for global zone only - cannot be installed on local zone.
No patches to install.
under /var/sadm/patch/122032-03 on the Global zone, the log shows:
-rw-r--r-- 1 root root 2666 Jan 19 11:19 log
This appears to be an attempt to install the same architecture and
version of a package which is already installed. This installation
will attempt to overwrite this package.
WARNING: /usr/share/lib/zoneinfo/Africa/Timbuktu <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/America/Argentina/ComodRivadavia <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/America/Indiana/Indianapolis <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/America/Indianapolis <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/America/Kentucky/Louisville <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/America/Louisville <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/CST6CDT <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/EST <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/EST5EDT <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/Europe/Belfast <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/HST <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/MST <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/MST7MDT <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/PST8PDT <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/Pacific/Yap <no longer a regular file>
Dryrun complete.
No changes were made to the system.
This appears to be an attempt to install the same architecture and
version of a package which is already installed. This installation
will attempt to overwrite this package.
WARNING: /usr/share/lib/zoneinfo/Africa/Timbuktu <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/America/Argentina/ComodRivadavia <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/America/Indiana/Indianapolis <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/America/Indianapolis <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/America/Kentucky/Louisville <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/America/Louisville <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/CST6CDT <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/EST <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/EST5EDT <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/Europe/Belfast <no longer a regular file>
WARNING: /usr/share/lib/zoneinfo/HST <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/MST <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/MST7MDT <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/PST8PDT <no longer a linked file>
WARNING: /usr/share/lib/zoneinfo/Pacific/Yap <no longer a regular file>
Installation of <SUNWcsu> was successful.
On the non-global zones, either there is nothing under /var/sadm/patch or there isn't even a patch directory under /var/sadm. Is there somewhere else to look?
Thanks. -
I'm in a zoning frenzy now and has created a zone that connects to a vlan interface "ceXXX000". The zone is reachable from within it's subnet but could not route traffic beyond the gateway (which cannot be set). Any ideas? I left the vlan interface as 0.0.0.0 since the global zone does not need to talk in that VLAN.
Also, while changing the IP of the non-global zone, I missed "zoneadm halt". That resulted in the zone not being able to boot (or do anything). Rebooting recovers the zone(s). Is there anyway to work around that? zoneadmd was running for the zone.
The machine is b63.I'm in a zoning frenzy now and has created a zone that
connects to a vlan interface "ceXXX000". The zone is
reachable from within it's subnet but could not route
traffic beyond the gateway (which cannot be set). Any
ideas? I left the vlan interface as 0.0.0.0 since
the global zone does not need to talk in that VLAN.You need to add the default gateway for the zone manually, in the global zone:
# route add default <gateway> -ifp ceXXX000You can only do this when the zone is in the "ready" state .This is not very convenient, we'll try to improve this in the future (not in the initial release of Solaris 10 though).
Also, while changing the IP of the non-global zone, I
missed "zoneadm halt". That resulted in the zone not
being able to boot (or do anything). Rebooting
recovers the zone(s). Is there anyway to work around
that? zoneadmd was running for the zone.Did you change the IP address in the zone configuration (using zonecfg) or directly using ifconfig? There is a known bug when you set the IP address in zonecfg to one that's already configured on another interface (this bug will be fixed in the next Solaris Express release). Otherwise, can you post the output of "pstack" on the zoneadmd process? Thanks.
Blaise -
Installing & booting non-global zones
Hi all,
I am having problems with installing and booting a non-global zones. My configurations are as follows :
zonepath: /export/small-zone
autoboot: true
pool:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.1.101
physical: hme0
There is no problems when I try to verify the zone. However, upon installing, I get the following errors :
<SUNWexplu SUNWexplo SUNWesr SUNWtftpr SUNWdtdmr SUNWmdu SUNWbsr .....(and many other pachages ) >
Despite all this, I am able to boot the new non-global zone. However when I do `zlogin -C -e\@ small-zone', I only get the message "[Connected to zone 'small-zone' console]" .I don't get the install sequence as expected. I am consequently unable to get the console login.
Can anyone please help me ?
Any help would be much appreciated.Hi swa.. it's Lucky... thanks for your time...
the out put of "df -hk /export/small-zone" is :
Filesystem size used avail capacity Mounted on
/dev/dsk/c0t0d0s0 9.6G 9.4G 118M 99% /
the out put of "zoneadm list -cv" is :
ID NAME STATUS PATH
0 global running /
6 small-zone running /export/small-zone
Now, I know it seems like its working, but it's not quite working properly. I tried a "zlogin -C small-zone" before I ever booted up. It just hangs with the message "[Connected to zone 'small-zone' console]"
Then upon booting up, I get :
"[NOTICE : zone booting up]
Sun OS Release 5.10 Version Generic 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved. Use is subject to licence terms.
INIT : can not open /etc/default/init. Environment not initialised.
INIT : can not stat inittab, errno:2.
INIT : Absent svc.startd entry a bad contract template. Not starting svc.startd.
Requesting maintenence mode
(see /lib/svc/share/README for additional information)
** Unable to retrieve 'root' entry in shadow password file ***
Entering maintainence mode
It seems that the initial configuration where you set up the username passwords has been totally bi-passed due to a failure. I have no idea why this is so.... Any help would be much appreciated.
Once again, thats for your help. -
Add tape device to non-global zone
Hi,
I have a SCSI attached Ultrium tape device attached and configured against the global zone.
The /dev/rmt/0* definitions in the global zone are links to ../../devices/pci@2*
I need to be able to use this tape device from the non-global zones.
To enable this, I have done the following:
zonecfg -z <zone name>
add device
set match=/dev/rmt/0
end
verify
commit
exit
I repeated the above for /dev/rmt/0m and /dev/rmt/0mn
Then I restarted the zone with the command:
zoneadm -z <zone name> reboot
After the reboot, I can see the device when using "mt -f /dev/rmt/0 status", but whenever I try to write a SAP brbackup to the new (initialised and not write protected) tape within the drive I get the following error:
BR0278E Command output of 'LANG=C cd /oracle/<SID>/sapbackup && /usr/sap/<SID>/SYS/exe/run/brtools -f detach LANG=C cpio -iuvB .tape
sh: /dev/rmt/0mn: cannot open
BR0280I BRBACKUP time stamp: 2012-04-04 08.21.41
BR0279E Return code from 'LANG=C cd /oracle/<SID>/sapbackup && /usr/sap/<SID>/SYS/exe/run/brtools -f detach LANG=C cpio -iuvB .tape.
BR0359E Restore of /oracle/<SID>/sapbackup/.tape.hdr0 from /dev/rmt/0mn failed due to previous errors
Have I created the device incorrectly, or does anyone have any ideas what could be the reason the write fails?
Any help appreciated.
Edited by: user11329299 on 04-Apr-2012 01:09Hi,
Just to bring you up to speed, I have now fixed the issue.
The resolution was all within the iniSID.sap file that the backup is using. I have changed a number of parameters within this file:
1. tape_copy_cmd = dd (was cpio)
2. rewind = "mt -f $ rew; sleep 30" (was " mt -f $ rew")
3. rewind_offline = "mt -f $ offline; sleep 30" (was "mt -f $ offline")
4. tape_pos_cmd = "mt -f $ fsf $: sleep 30" (was "mt -f $ fsf $")
5. tape_size = 500G (was 18000M)
After making those changes, the backup started from within DB13. I believe that the main culprit was the tape_copy_cmd, but the others were changed to allow the tape drive time to become online again after any query. -
PHP in Solaris 10 and Non-Global Zones: Problem of performance?
Hi friends
We are feeling a poor performance with applications developed with PHP in Solaris 10, with non-global and global zones, while Intel platform (Xeon and Pentium), performance is very good. Difference between both platforms is about 200% aprox, one second in Intel to 9, 12 or 20 seconds in Solaris depending of model.
Our tests were developed in:
1. SF T2000 server Solaris 10 global zone
2. SF T2000 server Solaris 10 non-global zone
3. SF280R server Solaris 10 non-global zone
4. V240 server with 1 GB memory, 1*US III-i 1.0 GHz and Solaris 9 (really this version for test and comparisons)
5. V240 server with 8GB memory, 2*US III-i 1.5Ghz and Solaris 9 (really this version for test and comparisons too)
Intel platforms were:
1. Intel Pentium 4 2GHz 2GB memory, Linux Fedora and PHP 4.4.4
2. Intel Xeon 2 core, 2.33GHz 2GB memory, Linux Fedora and PHP 4.4.3
Versions of products are:
1. Solaris 9 or Solaris 10
2. PHP 4.4.7 downloaded from http://www.php.net/downloads.php
3. Apache 2.0.59
4. MySQL 4.1.15-log
Our php compilation and installation were:
./configure --prefix=/usr/local/php-4.4.7 \
--with-pear \
--with-openssl=/usr/local/ssl \
--with-gettext \
--with-ldap=/usr/local \
--with-iconv \
--enable-ftp \
--with-dom \
--with-mime-magic \
--enable-mbstring \
--with-zlib \
--enable-track-vars \
--enable-sigchild \
--disable-ctype \
--disable-overload \
--disable-tokenizer \
--disable-posix \
--with-gd \
--with-apxs2=/usr/local/apache2.0.53/bin/apxs \
--with-mysql \
--with-pgsql \
--with-oci8=/oracle/product/9.2.0 \
--with-oracle=/oracle/product/9.2.0 \
--with-png-dir=/usr/local \
--with-zlib-dir=/usr/local \
--with-freetype-dir=/usr/local \
--with-jpeg-dir=/usr/local
make
make install
Questions:
Is there any problem of PHP with SunFire T2000 servers or 64-bits platforms?
Is there any flag of PHP would be use to compilarion PHP in 64-bits or multithread?
I wait for any comments or suggestions about our problem with PHP compilation and performance in Solaris 10. Thanks a lot.
Sergio.I presume you compiled php on the Sun server, was this done using gcc or the Sun One C compiler.
If the latter then you can also use the flag: --enable-nonportable-atomics when you run configure -
Lucreate not working with ZFS and non-global zones
I replied to this thread: Re: lucreate and non-global zones as to not duplicate content, but for some reason it was locked. So I'll post here... I'm experiencing the exact same issue on my system. Below is the lucreate and zfs list output.
# lucreate -n patch20130408
Creating Live Upgrade boot environment...
Analyzing system configuration.
No name for current boot environment.
INFORMATION: The current boot environment is not named - assigning name <s10s_u10wos_17b>.
Current boot environment is named <s10s_u10wos_17b>.
Creating initial configuration for primary boot environment <s10s_u10wos_17b>.
INFORMATION: No BEs are configured on this system.
The device </dev/dsk/c1t0d0s0> is not a root device for any boot environment; cannot get BE ID.
PBE configuration successful: PBE name <s10s_u10wos_17b> PBE Boot Device </dev/dsk/c1t0d0s0>.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment <patch20130408>.
Source boot environment is <s10s_u10wos_17b>.
Creating file systems on boot environment <patch20130408>.
Populating file systems on boot environment <patch20130408>.
Temporarily mounting zones in PBE <s10s_u10wos_17b>.
Analyzing zones.
WARNING: Directory </zones/APP> zone <global> lies on a filesystem shared between BEs, remapping path to </zones/APP-patch20130408>.
WARNING: Device <tank/zones/APP> is shared between BEs, remapping to <tank/zones/APP-patch20130408>.
WARNING: Directory </zones/DB> zone <global> lies on a filesystem shared between BEs, remapping path to </zones/DB-patch20130408>.
WARNING: Device <tank/zones/DB> is shared between BEs, remapping to <tank/zones/DB-patch20130408>.
Duplicating ZFS datasets from PBE to ABE.
Creating snapshot for <rpool/ROOT/s10s_u10wos_17b> on <rpool/ROOT/s10s_u10wos_17b@patch20130408>.
Creating clone for <rpool/ROOT/s10s_u10wos_17b@patch20130408> on <rpool/ROOT/patch20130408>.
Creating snapshot for <rpool/ROOT/s10s_u10wos_17b/var> on <rpool/ROOT/s10s_u10wos_17b/var@patch20130408>.
Creating clone for <rpool/ROOT/s10s_u10wos_17b/var@patch20130408> on <rpool/ROOT/patch20130408/var>.
Creating snapshot for <tank/zones/DB> on <tank/zones/DB@patch20130408>.
Creating clone for <tank/zones/DB@patch20130408> on <tank/zones/DB-patch20130408>.
Creating snapshot for <tank/zones/APP> on <tank/zones/APP@patch20130408>.
Creating clone for <tank/zones/APP@patch20130408> on <tank/zones/APP-patch20130408>.
Mounting ABE <patch20130408>.
Generating file list.
Finalizing ABE.
Fixing zonepaths in ABE.
Unmounting ABE <patch20130408>.
Fixing properties on ZFS datasets in ABE.
Reverting state of zones in PBE <s10s_u10wos_17b>.
Making boot environment <patch20130408> bootable.
Population of boot environment <patch20130408> successful.
Creation of boot environment <patch20130408> successful.
# zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 16.6G 257G 106K /rpool
rpool/ROOT 4.47G 257G 31K legacy
rpool/ROOT/s10s_u10wos_17b 4.34G 257G 4.23G /
rpool/ROOT/s10s_u10wos_17b@patch20130408 3.12M - 4.23G -
rpool/ROOT/s10s_u10wos_17b/var 113M 257G 112M /var
rpool/ROOT/s10s_u10wos_17b/var@patch20130408 864K - 110M -
rpool/ROOT/patch20130408 134M 257G 4.22G /.alt.patch20130408
rpool/ROOT/patch20130408/var 26.0M 257G 118M /.alt.patch20130408/var
rpool/dump 1.55G 257G 1.50G -
rpool/export 63K 257G 32K /export
rpool/export/home 31K 257G 31K /export/home
rpool/h 2.27G 257G 2.27G /h
rpool/security1 28.4M 257G 28.4M /security1
rpool/swap 8.25G 257G 8.00G -
tank 12.9G 261G 31K /tank
tank/swap 8.25G 261G 8.00G -
tank/zones 4.69G 261G 36K /zones
tank/zones/DB 1.30G 261G 1.30G /zones/DB
tank/zones/DB@patch20130408 1.75M - 1.30G -
tank/zones/DB-patch20130408 22.3M 261G 1.30G /.alt.patch20130408/zones/DB-patch20130408
tank/zones/APP 3.34G 261G 3.34G /zones/APP
tank/zones/APP@patch20130408 2.39M - 3.34G -
tank/zones/APP-patch20130408 27.3M 261G 3.33G /.alt.patch20130408/zones/APP-patch20130408I replied to this thread: Re: lucreate and non-global zones as to not duplicate content, but for some reason it was locked. So I'll post here...The thread was locked because you were not replying to it.
You were hijacking that other person's discussion from 2012 to ask your own new post.
You have now properly asked your question and people can pay attention to you and not confuse you with that other person.
Maybe you are looking for
-
Transfer problem: slow and error -53
Hi i have a problem with my IPod classic 120Gb. When i upload music ti my IIpod from ITunes, the first 7 songs are uploaded normally, but then the transfer gets very slow, then it freezes and in some cases i get an error -53.
-
Installing SQLDeveloper with Oracle Database Express Edition 11g Release 2
Hello, I have a problem with sqldeveloper in connecting to the database with the following message: *"java.lang.unsatisfiedlinkerror oracle.jdbc.driver.t2cconnection.t2csetsessiontimezone"* I can connect to the database via SQL / SQLPLUS. I cannot se
-
Clients Time-Out When Retrieving Large Files From Our PureFTPd Server
Hi, not sure if this is the right place to get help, but didn't know where else to look. And let me begin by saying I'm not a server admin by trade, but that is the role I've fell into at a design firm. So please bear with my lack of knowledge on som
-
A SINGLE Currency Dim for the AppSet: merged INPUT and RPT: Any Concerns??
hello BPC guys, We have been merging the INPUT and RPT-CURRENCY into a single CURRENY dimension in our app set. Using BPC 7.0 NW, we merged and stated: - the properties like ID, EVDESCRIPTION, REPORTING, MD, SCALE, ENTITY, CURRENCY_TYPE - Dim Type: C
-
Error in Display Condition Records
Dear All, I am getting the following error when I am trying to display the condition reocrds for a particular Condtion type. <b>Internal error: T IVAKE F IVAKE_INSERT I MV130F0I</b> Can any one tell me what could be the reason. Thanks in advance