How to configure network for a Kernel Zone

Kernel Zones are mostly created using some form of automation which then will often also configure the network during the Zone installation. However sometimes you want delay the configuration of the network until after the installation phase. It could be that you for example have the need for multiple network connections but only want to configure one of these connections at installation.

This article explains how to manually configure a network after the installation of a Kernel Zone. Refer the following link for configuring and installing a Kernel Zone in Solaris 11.4: Creating and using Solaris kernel zones - Solaris11.4

Installation of a Kernel Zone provides an option for configuring the network. The choices given are:

1. Automatic Network Configuration
2. Manual Network Configuration

Either of these options can be used to configure the network at this point. Alternatively the network configuration can be entirely skipped during Kernel Zone installation and configured later. In this article, we will see how to configure the network after the Kernel Zone is installed and booted.

After the installation of Kernel Zone, login to the Kernel Zone and follow the below steps to configure the network (inside the Kernel Zone).

Note: Execute all the following steps from inside a Kernel Zone.

Step 1: Creating a network Interface

NOTE: For an Oracle Solaris 11.3 Kernel Zone, you may need to enable “ncp” as done below before creating the network interface. For an Oracle Solaris 11.4 Kernel Zone, ncp is no longer used. Hence this step can be skipped.

# netadm enable -p ncp DefaultFixed

Step 1a

Check for the network device:

# dladm show-phys
LINK              MEDIA         STATE      SPEED  DUPLEX    DEVICE
net0              Ethernet      up         1000   full      zvnet0

Step 1b

Create a new network interface on top of the device:

# ipadm create-ip net0

Step 1c:

Check newly created network interface:

# ipadm show-if
IFNAME     CLASS      STATE      ACTIVE      OVER
lo0        loopback   ok         yes         ---
net0       ip         down       no          ---

Step 2: Adding the Static IP Address

Now the interface is created we can go ahead and add a static IP address to it.

Step 2a

This is how to set the IP address for the new network interface:

# ipadm create-addr -T static -a local=10.163.209.107/20 net0

Step 2b

Now check the interface status:

# ipadm show-if
IFNAME     CLASS    STATE    ACTIVE   OVER
lo0        loopback ok       yes      --
net0       ip       ok       yes      --

Step 2c

Now check the configured IP address:

# ipadm show-addr
ADDROBJ       TYPE          STATE           ADDR
lo0/v4        static        ok              127.0.0.1/8
net0/v4a      static        ok              10.163.209.107/20
lo0/v6        static        ok              ::1/128

Step 2d

Finally you can see the full configuration:

# ipadm
NAME             CLASS/TYPE      STATE        UNDER      ADDR
lo0              loopback        ok           --         --
   lo0/v4        static          ok           --         127.0.0.1/8
   lo0/v6        static          ok           --         ::1/128
net0             ip              ok           --         --
   net0/v4a      static          ok           --         10.163.209.107/20

Step 3: Configure Routing, DNS client, and name server

Now we have the network configured the next the routing and DNS needs to be configured.

Important Note: To configure the name server, use the information of the /etc/resolv.conf of the global zone.

Step 3a:

Configure nameserver and domain search for DNS client:

# svccfg -s network/dns/client
svc:/network/dns/client> setprop config/search = astring: (<your_search_domains>)
svc:/network/dns/client> setprop config/nameserver = net_address: (<your_nameservers_list>)
svc:/network/dns/client> select network/dns/client:default
svc:/network/dns/client:default> refresh
svc:/network/dns/client:default> quit

Note: In case not clear replace <your_search_domains> and <your_nameservers_list> with your own information.

Step 3b:

Configure name-service to use DNS along with files:

# svccfg -s system/name-service/switch
svc:/system/name-service/switch> setprop config/host = astring: "files dns"
svc:/system/name-service/switch> select system/name-service/switch:default
svc:/system/name-service/switch:default> refresh
svc:/system/name-service/switch:default> quit

Step 3c:

Get the route information from the global zone and add it in the kernel zone:

# route -p show

Step 3d:

Add default route persistently:

# route -p add -inet default <your_router_address>

For adding non-persistent route:

# route add -inet default <your_router_address>

Step 3e:

Verify that the DNS client is enabled by using the following command:

# dig pkg.oracle.com

; <<>> DiG 9.10.6-P1 <<>> pkg.oracle.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45191
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pkg.oracle.com.            IN      A

...

;; Query time: 10 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Thu Apr 23 09:17:56 UTC 2020
;; MSG SIZE  rcvd: 497

Further references:

For more information on these topics here are some other useful blogs:

• customize-network-configuration-in-a-golden-image
• customize-network-configuration-with-solaris-automated-installs-v2