Network Automagic, BrandZ, NAT and Skype

Building on Edward Pilatowicz's blog entry on how to use IPfilter's NAT capabitlies to have flexible networking for your BrandZ Linux Zone I have hooked it into the NWAM prototype. This was basically just scripting what Ed had already provided and placing it into the NWAM hooks intrastructure. The scripts will work even if you aren't using NWAM just run them manually as root.

First it will help if I describe the behaviour I want to achive. I only want my zones booted up if I have an active network connection. So my zones have the autoboot property set to false. Since I am using the NWAM prototype I can only have one interface active at a time - this is just fine on my laptop and is the behaviour I actually want.

Hooking the zone network configuration and startup into NWAM was really easy. All I needed to do was write a bringup and teardown script. The bit that adds to Ed's configuration is to create the zones with a vni(7D) interface in their config. The NWAM script uses zonecfg(1M) to change those vni entries to what ever physical interface we actually got an address on, the rest is just what Ed documented on his blog entry.

Add the following to /etc/inet/hosts:

10.11.12.0      lnetwork
10.11.12.1      lrouter
10.11.12.2      lhost
10.11.12.3      lzone1
10.11.12.4      lzone2
10.11.12.5      lzone3
10.11.12.6      lzone4
10.11.12.7      lbroadcast

Add the following (substituting what ever your wired/wireless interfaces are) to /etc/inet/ipnat.conf and ensure that svc:/network/ipfilter is enabled:

map bge0        10.11.12.0/29   -> 0
map ath0        10.11.12.0/29   -> 0

The bringup script looks like this:

INTERFACES=$(netstat -i | awk '$1 !~ /\^Name/ && $1 !~ /lo0/ { print $1}')

for i in $INTERFACES ; do
        addr=`ifconfig $i | grep inet | nawk '{print $2}'`
        if [ "$addr" != "0.0.0.0" ]; then
                intf=$i
                break;
        fi
done

# Make the zones physical interface the one we just brought up
# and boot them
ZONES=`zoneadm list -c | grep -v global`
for z in $ZONES ; do
        zoneaddr=`zonecfg -z $z info | nawk '/address/ {print $2}'`
        zoneintf=`zonecfg -z $z info | nawk '/physical/ {print $2}'`
        zonecfg -z $z < /dev/null
router_arp=`arp $router | nawk '{print $4}'`
arp -d $lrouter > /dev/null
arp -s $lrouter $router_arp
route add default lrouter

The teardown script is a little simpler and looks like this

# Make the zones physical interface vni and halt them
ZONES=`zoneadm list -c | grep -v global`
for z in $ZONES ; do
        zoneaddr=`zonecfg -z $z info | nawk '/address/ {print $2}'`
        zoneintf=`zonecfg -z $z info | nawk '/physical/ {print $2}'`
        zonecfg -z $z < /dev/null
route delete default lrouter

To use these with NWAM put the bringup script into /etc/nwam/ulp/zones/bringup and the teardown script into /etc/nwam/ulkp/zones/teardown. Now create a very simple one line shell script called /etc/nwam/ulp/check-conditions that just prints the single word zones.

Technorati Tags:

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Darrenmoffat-Oracle

Search

Categories
Archives
« March 2015
MonTueWedThuFriSatSun
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today