Baixe o app para aproveitar ainda mais
Leia os materiais offline, sem usar a internet. Além de vários outros recursos!
D78415GC10_ag
Compartilhar
Prévia do material em texto
Oracle Solaris 11 Network Administration Activity Guide D78415GC10 Edition 1.0 February 2013 D80912 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Disclaimer This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle. The information contained in this document is subject to change without notice. If you find any problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not warranted to be error-free. Restricted Rights Notice If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United States Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract. Trademark Notice Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Authors Uma Sannasi, Pardeep Kumar Sharma Technical Contributors and Reviewers Rajesh Rajasekharan, Venu Iyer, Nicolas Droux, Kenneth Corum. Satish Murugesan, Venu Poddar, Geetha Nazare, Sreejith Mohan, Todd Lowry, John Hathaway, Rosemary Martinak, Shripad Patki, Raoul Carag, Paul Johnson, Darren Moffat, Shubha Girish, Pranamya Jain, Priyesh Vakayil, Joy Kiran, Murugan Annamalai, Vijetha Malkai, Pushkar Kothavade, Sravan Kumar Guntamadugu This book was published using: Oracle Tutor O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Table of Contents Practices for Lesson 1: Course Introduction ........................................................................................... 1-1 Practices for Lesson 1: Overview ............................................................................................................. 1-2 Practice 1-1: Getting Familiar with the Practice Environment .................................................................... 1-5 Practices for Lesson 2: Networking Fundamentals ................................................................................. 2-1 Practices for Lesson 2: Overview ............................................................................................................. 2-2 Practice 2-1: Scenario-Based Learning and Implementation ..................................................................... 2-3 Practices for Lesson 3: Configuring a Virtual Network ............................................................................ 3-1 Practices for Lesson 3: Overview ............................................................................................................. 3-2 Practice 3-1: Initializing the Network Setup .............................................................................................. 3-4 Practice 3-2: Creating the zgateway Zone ................................................................................................ 3-11 Practice 3-3: Creating the bestub and festub Etherstubs........................................................................... 3-18 Practice 3-4: Configuring the zrouter and zweb1 Zones ............................................................................ 3-20 Practice 3-5: Reconfiguring the zgateway and zrouter Zones for Communication ...................................... 3-28 Practices for Lesson 4: Configuring High Availability ............................................................................. 4-1 Practices for Lesson 4: Overview ............................................................................................................. 4-2 Practice 4-1: Configuring IPMP in the zgateway Zone .............................................................................. 4-4 Practice 4-2: Configuring Link Aggregation in the Global Zone .................................................................. 4-8 Practice 4-3: Configuring ILB in the zgateway Zone.................................................................................. 4-13 Practices for Lesson 5: Configuring Services.......................................................................................... 5-1 Practices for Lesson 5: Overview ............................................................................................................. 5-2 Practice 5-1: Configuring ISC DHCP ........................................................................................................ 5-4 Practice 5-2: Configuring DNS ................................................................................................................. 5-12 Practice 5-3: Configuring LDAP ............................................................................................................... 5-21 Practice 5-4: Configuring CIFS SMB ........................................................................................................ 5-38 Practices for Lesson 6: Managing Network Resources ........................................................................... 6-1 Practices for Lesson 6: Overview ............................................................................................................. 6-2 Practice 6-1: Regulating Bandwidth by Using Datalink Properties ............................................................. 6-4 Practice 6-2: Regulating Bandwidth by Using Flow ................................................................................... 6-17 Practices for Lesson 7: Implementing Network Security ......................................................................... 7-1 Practices for Lesson 7: Overview ............................................................................................................. 7-2 Practice 7-1: Configuring the IP Filter to Secure the Network .................................................................... 7-4 Practices for Lesson 8: Observability and Troubleshooting ................................................................... 8-1 Practices for Lesson 8: Overview ............................................................................................................. 8-2 Practice 8-1: Troubleshooting Host Name Resolution Between the Client and Server ................................ 8-4 Practice 8-2: Troubleshooting VNICs Allocation Issue .............................................................................. 8-13 Practices for Lesson 9: Information Exchange Mechanisms ................................................................... 9-1 Practices for Lesson 9: Overview ............................................................................................................. 9-2 O ra cl e U ni ve rs ity a nd (Ora cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 1 Practices for Lesson 1: Course Introduction Chapter 1 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 2 Practices for Lesson 1: Overview Practices Overview This practice introduces you to your course assignment and the infrastructure, which you will use for performing the practices. The practices map to the respective lessons. Practices Infrastructure This section presents an architectural overview of the infrastructure required for the practices. Your lab environment is based on the Oracle Virtual Machine (VM) VirtualBox virtualization software. The VirtualBox software is a cross-platform virtualization application. It comprises two VMs, s11-server and s11-client. These VMs are configured on a private internal network, 192.168.10. Figure 1 shows the configured VMs in the VirtualBox environment. Note: Internet access is not available to these VMs. Figure 1: Configured Oracle VirtualBox VMs The VirtualBox environment consists of the following VMs: Name of the VM Description s11-server This is the Oracle Solaris 11.1 guest OS image in which the student performs the practice tasks. This is the primary VM. The s11-server VM is configured as an IPS Repository server. During the course of these practices, you will create eight non- global zones to perform the various tasks described. These zones are as follows: O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 3 • zgateway • zrouter • zweb1 • zweb2 • zdhcp • zdns • zldap • zbackup s11-client This is the Oracle Solaris 11.1 guest OS image that acts as a client machine. The student uses this system to perform tasks on the remote s11-server VM. The VMs are further configured to communicate with the Oracle Solaris 10 host machine through the shared directory. The shared directories are listed in the following table: Resource Name Location Description Host share directory /opt/ora Is the shared directory that is mapped to the host system Student files /opt/ora/course_files Contains lab bundle content The details of the shared directories can be verified in the respective VM settings. The following are the user credentials for accessing the s11-server and s11-client VMs. VM Credentials s11-server Username: oracle Password: oracle1 s11-client Username: oracle Password: oracle1 Note: As an oracle user, use su to switch to the primary administrator (root) role. The password is oracle1. root is configured as a role by default in Oracle Solaris 11. Note that the first username created in the system during installation is the initial privileged user who can assume the primary administrator role. This can be verified in the /etc/user_attr file. Best Practices • When required, always shut down the system with the correct procedure. If the system contains zones, ensure that you shut down all the zones before proceeding with the system or VM shutdown procedure. To shut down a zone, use the command, zoneadm –z zonename shutdown. To understand how to perform a normal system shutdown, read instructions in step # 13. • (Optional) If you need to preserve the current state of the system, it is suggested that you use the virtual box’s snapshot feature. With snapshots, you can save a particular state of a virtual machine for later use. To learn more about this feature, click the Help menu in the O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 4 Virtual Box window, use <CTRL + F>, and then type snapshot in the search window. You can follow the practice of taking a snapshot of the VM at the end of each practice. If you choose to follow this practice, make sure to delete the older snapshot while taking a new snapshot. This will help in limiting system storage usage to the minimum. • (Optional) Your system performance depends on the network speed and network load. If you find your VM too slow to proceed with, it is suggested that you restart the VM, following correct procedure mentioned in step # 13. • Follow the instructions in the practices for a smooth learning experience. • Close all the terminals in the s11-client VM after completing the individual practices. • In s11-client, you can set a terminal title corresponding to the exact VM or zone. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 5 Practice 1-1: Getting Familiar with the Practice Environment Tasks 1. On your host system, start the Oracle VM VirtualBox Manager by double-clicking its icon on your desktop. 2. In the Oracle VM VirtualBox Manager window, double-click the s11-server VM to start it. Alternatively, you can select the s11-server VM and click the Start button. Figure 2: Oracle VirtualBox VMs Note: s11-server is configured with 6 GB base memory and s11-client is configured with 4 GB base memory. Ignore any warning messages and continue. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 6 3. After the s11-server VM is powered on, at the command prompt, log in as user oracle with the password, oracle1. 4. To switch to the primary administrator role, use the su – command. The password is again oracle1. s11-server console login: oracle Password: oracle1 Last login: Mon Jan 28 04:51:14 on console Oracle Corporation SunOS 5.1111.1 September 2012 oracle@s11-server:~$ su – Password: oracle1 Jan 28 05:50:27 s11-server su: ‘su root’ succeeded for oracle on /dev/console Oracle Corporation SunOS 5.11 11.1 September 2012 root@s11-server:~# O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 7 5. Start the s11-client VM. If you receive any notice or a warning message or an Information dialog box, click OK and continue. 6. When the Username login screen appears, enter oracle as the username and click the Log In button. Note: It will take a few minutes for the Username login screen to appear. 7. When the Password login screen appears, enter the password oracle1 and click the Log In button. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 8 8. To open a terminal window, right-click the desktop and select Open Terminal. The default login prompt will have oracle as the user. Alternatively, you can also open a terminal window by clicking the terminal icon (highlighted in red) at the top of the window. 9. To assume administrator privileges, switch to the root role by running the su - command. The password is oracle1. oracle@s11-client:~$ su – Password: oracle1 Oracle Corporation SunOS 5.11 11.1 September 2012 You have new mail. root@s11-client:~# O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 9 10. To close a terminal, click the crossed red box as shown in the following screenshot: Note: Alternatively, you can use the exit command to exit the terminal session. 11. To log in to s11-server from the s11-client VM, confirm that the s11-server VM is up and running, and then perform the following steps: a. Establish a secure remote connection with the s11-server VM (192.168.10.10) by using ssh and switch to the root role. oracle@s11-client:~$ ssh oracle@s11-server The authenticity of host 's11-server (192.168.10.10) can't be established. RSA key fingerprint is 76:04:3d:43:30:c5:89:6c:e3:f3:b0:7d:7e:b0:d4:3f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 's11-server' (RSA) to the list of known hosts. Password: oracle1 Last login: Mon Jan 28 16:28:58 2013 Oracle Corporation SunOS 5.11 11.1 September 2012 oracle@s11-server:~$ Note: When you establish the ssh connection for the first time, you are asked to authenticate the host, s11-server VM. Reply with a yes to the question, “Are you sure you want to continue connecting (yes/no)?” This adds the host, s11-server permanently to the list of known hosts. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 10 b. Run the su - command to assume primary administrator privileges. oracle@s11-server:~$ su – Password: oracle1 Oracle Corporation SunOS 5.11 11.1 September 2012 12. Now you can practice setting up a terminal title that corresponds to the exact VM or zone. a. In the current terminal, which is running the s11-server session, go to the Terminal menu and click Set Title. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 11 b. In the corresponding Set Title dialog box, enter the title name as s11-server and click the OK button. c. This sets the terminal title as s11-server, which will help in providing quick access or recognition of the corresponding terminal while performing specific tasks or commands. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 12 13. At times, you may need to power off a VM and close its window. You can practice shutting down the s11-client VM. To shut down this VM, click the System menu and select the Shut Down option. 14. The Shut Down dialog box opens. Click the Shut Down button. This will initiate the VM shutdown procedure. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 13 15. If a dialog box with the following message appears, ignore the message and continue by clicking the Shutdown Anyway button. 16. Alternatively, you can shut down this VM by clicking the close button (X) on the top-right corner of the VM window. This is indicated by a red arrow in the following screenshot: O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 14 17. When the Close Virtual Machine dialog box appears, select Send the shutdown signal and click OK. 18. To verify that the VM is shut down, check the status that appears under the VM’s name in the Oracle VM VirtualBox Manager. The status for the s11-client VM should be Powered Off. The status for the s11-server should be Running. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S ELF ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 15 19. Now you can practice the s11-server VM shutdown procedure. Click the (X) button on the extreme right corner of the window, highlighted with a red arrow in the following screenshot: O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 16 20. This will open the Close Virtual Machine dialog box. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 17 21. Click OK to proceed. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 1: Course Introduction Chapter 1 - Page 18 22. In a few seconds or minutes, the Virtual Machine window disappears. To confirm, switch to the Oracle VM VirtualBox Manager window. The status for the s11-server VM should be Powered Off. This completes your initiation into the start state of the practices in this course. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 2: Networking Fundamentals Chapter 2 - Page 1 Practices for Lesson 2: Networking Fundamentals Chapter 2 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 2: Networking Fundamentals Chapter 2 - Page 2 Practices for Lesson 2: Overview Practices Overview To be able to realize the full potential of any solution, it must necessarily align with the needs of a customer. Identifying the needs of a customer can often be the most challenging task but one that is worth spending time and resources on. In this practice, we introduce you to the scenario- based learning and implementation modality that will allow you to appreciate the application of a solution to the problem-statement of a customer. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 2: Networking Fundamentals Chapter 2 - Page 3 Practice 2-1: Scenario-Based Learning and Implementation Overview For the purpose of this course, you will learn from the situation and experience of those who practice, implement, and deploy networking solutions on the field. Tasks In this practice, you are introduced to the following: 1. Guidelines for planning a network deployment 2. Identifying stakeholders 3. Identifying customer requirements 4. Analyzing customer requirements 5. Implementing a solution Task 1/5 1. Guidelines for Planning a Network Deployment Planning is one of the most critical phases in the lifecycle of any project. A well thought out plan can help you to successfully deploy solutions in an organized and cost-effective manner. Some general guidelines and directions that you should consider as you plan to deploy any solution are as follows: • Know your stakeholders. • Identify their requirements. • Study the existing infrastructure. • Analyze the problem-solution equation. • Architect the solution. • Identify the resources to implement the solution. • Complete your pre-production checklist. • Implement the solution in phases. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 2: Networking Fundamentals Chapter 2 - Page 4 Task 2/5 2. Identifying Stakeholders Athena Inc. is a transnational third-party solution provider with its headquarters in California, USA and regional offices in Asia Pacific (APAC) and Europe, the Middle East, and USA (EMEA). It is the most skilled and experienced Oracle partner in the Solaris domain, and has successfully deployed and supported Oracle Solaris in various medium-sized to large enterprises. Athena boasts of having specialized teams that have core competencies in implementing networking, server, storage, and security solutions. Much of Athena’s networking team is currently engaged in deploying networking solutions for one of their most prized clients, Tarang Inc. A communication conglomerate based in New York, Tarang Inc. regularly considers consolidating and converging its IT infrastructure to meet the pressing demands of the industry. Around three years ago, Tarang had engaged Athena in their storage and server virtualization efforts. As a logical extension, Tarang has again sought Athena’s expertise in undertaking an enterprise-wide network virtualization project to maximize network resource utilization in a cloud environment. In a nut shell, Tarang wants network-in-a-box. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 2: Networking Fundamentals Chapter 2 - Page 5 Task 3/5 3. Identifying Customer Requirements Before you are presented with the network requirements of Tarang, here is a small exercise. What do you think might be Tarang’s network requirements, given that it is a cross-continental organization and operates in a time-critical industry? O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e used O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 2: Networking Fundamentals Chapter 2 - Page 6 Task 4/5 4. Analyzing Customer Requirements The requirements analysis by the networking team at Athena helped them to capture the information displayed in the following table. In addition, the team also studied Tarang’s existing infrastructure to identify gaps, as well as areas that could be leveraged. Tarang Inc. Athena Inc. Requirements Planning Implementation Handoff Centralized network infrastructure Network-in-a-box vnics zones Etherstubs Virtual router IP Forwarding Scalable network Favorable cost-benefit value Minimal hardware redundancies Minimal dysfunctional networking units Isolated networks Failure proof network or HA IP failover IPMP Link failover Trunk aggregation DLMP Load balancing ILB Router failover VRRP Centralized database for granting IP addresses Leasing IP addresses DHCP Centralized database for host name resolution Naming services DNS Centralized data store for user authentication Authenticating user credentials LDAP Accessibility to archives maintained on a Windows system File sharing between Windows- Oracle Solaris systems CIFS SMB Priority-based bandwidth allocation Allocation of designated bandwidth Datalink properties Regulation of traffic Control of bandwidth based on IP traffic Flow Prevention of network spoofing attacks Network security against spoofing attacks Link protection: DHCP- nospoof,ip- nospoof, MAC- nospoof, restricted Except services, blocking of the internal network Firewall IP Filter Hardware Specifications: Sun x86 Servers, Sun Blade x86 Servers, Sun Netra x86 Servers., Sparc T-Series, Sparc M-Series O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 2: Networking Fundamentals Chapter 2 - Page 7 Task 5/5 5. Implementing a Solution After studying the comprehensive list of requirements that Tarang wants addressed, Athena engineers draft a high-level implementation of the solutions. In the practices that follow, observe how Athena engineers deconstruct the architecture displayed in the preceding schematic representation and address each section of the architecture in modules as they implement the larger solution for Tarang. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 2: Networking Fundamentals Chapter 2 - Page 8 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 1 Practices for Lesson 3: Configuring a Virtual Network Chapter 3 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 2 Practices for Lesson 3: Overview Practices Overview Now that you have learned the concepts behind network virtualization, observe how the Implementation column has been filled out by Athena engineers. Using the basic building blocks of VNICs, virtual switches, etherstubs, and routing functionality, it is possible to consolidate an entire distributed computing environment on a single system for prototyping, testing, and deployment scenarios without the restriction of the physical network devices attached to the system. Tarang Inc. Athena Inc. Requirements Planning Implementation Handoff Centralized network infrastructure Network-in-a-box • VNICs • Zones • Etherstubs • Virtual router • IP Forwarding Scalable network Favorable cost-benefit value Minimal hardware redundancies Minimal dysfunctional networking units Isolated networks O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 3 A schematic representation of the tasks that you will accomplish in these practices is as follows: Assumptions • You need to perform all the following actions in the root role, unless mentioned otherwise. • Some command output or values may vary across systems. • Both VMs, s11-server and s11-client, are running. • All tasks, except where mentioned, are associated with the s11-server VM, and are performed via secure (ssh) login from the s11-client VM. • To accommodate complete command output, the font size of the output is reduced in a few places. Tasks In these practices, you will perform the following tasks: • Identify the base network environment. • Configure the zgateway zone. • Configure the bestub and festub etherstubs. • Configure the zrouter and zweb1 zones. • Reconfigure the zgateway and zrouter zones to establish communication. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 4 Practice 3-1: Initializing the Network Setup Overview Before setting up the network environment at Tarang, let us do a recce and gather some fundamental details about the platform that is available for establishing the network infrastructure. Apart from identifying the substrate network fabric, you will use some basic commands to acquaint yourself with the start state of the VMs in the environment. Tasks In this practice, you will perform the following tasks: 1. Identify the network configuration of the s11-server VM. 2. Identify the network configuration of the s11-client VM. 3. Identify the active network configuration profiles. 4. Identify the available network interface. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nly. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 5 Task 1/4 1. Identify the network configuration of the s11-server VM. a. Verify that the s11-client and s11-server VMs are running. b. Log in to the s11-client VM as the oracle user with the password, oracle1. c. Establish a secure remote connection with the s11-server VM (192.168.10.10) by using ssh and switch to the root role. oracle@s11-client:~$ ssh oracle@s11-server Password: oracle1 Last login: Wed Nov 14 16:28:58 2012 Oracle Corporation SunOS 5.11 11.1 September 2012 oracle@s11-server:~$ d. Run the su - command to assume primary administrator privileges. oracle@s11-server:~$ su – Password: oracle1 Oracle Corporation SunOS 5.11 11.1 September 2012 e. Set the terminal title as s11-server. In the current terminal, which is running the s11- server session, go to the Terminal menu and click Set Title. In the corresponding Set Title dialog box, enter the title name as s11-server and click the OK button. Notice s11-server as the terminal title. Note: Refer to Practice 1 for details about the preceding step e. f. Display information about the physical attributes of the datalinks currently on the s11- server VM. root@s11-server:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 1000 full e1000g0 net1 Ethernet unknown 0 unknown e1000g1 net2 Ethernet unknown 0 unknown e1000g2 net3 Ethernet unknown 0 unknown e1000g3 Observation: The s11-server VM has the following: • It has four physical network interface cards, which are net0, net1, net2, and net3. • Only net0 is configured. • The hardware-based link name is net0. • Media is Ethernet. • Device state is up. • Data transfer speed is 1000 Mb. • Duplex state is full, which means that there can be two-way data transmission. • Device type is e1000g0, which refers to the Intel gigabit controller type device. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 6 g. Find the active network configuration profile by using the netadm command. root@s11-server:~# netadm list TYPE PROFILE STATE ncp Automatic disabled ncp DefaultFixed online loc Automatic offline loc NoNet offline loc DefaultFixed online h. Display the address information of the interface by using the ipadm command. root@s11-server:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net0/v4 static ok 192.168.10.10/24 lo0/v6 static ok ::1/128 net0/v6 addrconf ok fe80::a00:27ff:fe46:7201/10 Observation: The IP version used in this network is IPv4. The IP address assigned to the system is 192.168.10.10 and is static. Task 2/4 2. Identify the network configuration of the s11-client VM. a. Open a new terminal in the s11-client VM. The default user is oracle and the password is oracle1. b. Set the terminal title as “s11-client.” In the current terminal, which is running the s11- client session, go to the Terminal menu and click Set Title. In the corresponding Set Title dialog box, enter the title name as s11-client and click the OK button. Notice s11-client as the terminal title. Note: Refer to Practice 1 for details about the preceding step b. c. Run the su - command to assume primary administrator privileges. oracle@s11-client:~$ su – Password: oracle1 Oracle Corporation SunOS 5.11 11.1 September 2012 root@s11-client:~# d. Display information about the physical attributes of the datalinks on the s11-client VM. root@s11-client:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 1000 full e1000g0 net1 Ethernet unknown 0 unknown e1000g1 net2 Ethernet unknown 0 unknown e1000g2 net3 Ethernet unknown 0 unknown e1000g3 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 7 e. Find the active network configuration profile by using the netadm command. root@s11-client:~$ netadm list TYPE PROFILE STATE ncp Automatic disabled ncp DefaultFixed online loc Automatic offline loc NoNet offline loc DefaultFixed online f. Display the address information of the network interfaces. root@s11-client:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net0/v4 static ok 192.168.10.20/24 lo0/v6 static ok ::1/128 Observation: The IP version used in this network is IPv4. The IP address assigned to the system is 192.168.10.20 and is static. Task 3/4 3. Identify the active network configuration profiles (NCPs). Having identified the basic systems in this setup, you start by using the NCPs to initialize the network. In Oracle Solaris 11, NCPs manage the system’s network configuration. Note that at any given time, only one NCP can be active on a system. In this task, you identify the active NCP on the system and perform the steps to change the active NCP from DefaultFixed to reactive. a. List the profiles and their states in the s11-client VM. root@s11-client:~# netadm list TYPE PROFILE STATE ncp Automatic disabled ncp DefaultFixed online loc Automatic offline loc NoNet offline loc DefaultFixed online Observation: The active NCP is DefaultFixed. b. You can switch between the profile types. For example, to switch from a fixed to a reactive profile, enter the following command: root@s11-client:~# netadm enable -p ncp Automatic Enabling ncp 'Automatic' c. Verify that the network/physical:default service has restarted and is online. root@s11-client:~# svcs -xv network/physical:default svc:/network/physical:default (physical network interface configuration) State: online since Wed Nov 14, 2012 17:30:25 PM IST O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 8 See: man -M /usr/share/man -s 1M ipadm See: man -M /usr/share/man -s 5 nwam See: man -M /usr/share/man -s 1M dladm See: /var/svc/log/network-physical:default.log Impact: None. Note: The NWAM facility is provided by the network/physical:default SMF service. NWAM configuration management is enabled if the netcfg/active_ncp property is set to the name of a reactive NCP. Alternatively, traditional network configuration is performed if the netcfg/active_ncp property is set to DefaultFixed. d. To confirmthat the active profile type is reactive, type following command: root@s11-client:~# netadm list TYPE PROFILE STATE ncp Automatic online ncu:phys net0 online ncu:phys net2 online ncu:phys net3 online ncu:phys net1 online ncu:ip net0 offline* ncu:ip net2 offline* ncu:ip net3 offline* ncu:ip net1 offline* ncp DefaultFixed disabled loc Automatic offline loc NoNet online loc DefaultFixed offline Observation: The DefaultFixed ncp is switched to disabled state and the Automatic profile is online. e. In the next task, you will configure an additional static IP in s11-client. Therefore, you switch back to the fixed profile by using the following command: root@s11-client:~# netadm enable -p ncp DefaultFixed Enabling ncp 'DefaultFixed' f. Verify that the network/physical:default service has restarted and is online. root@s11-client:~# svcs -xv network/physical:default svc:/network/physical:default (physical network interface configuration) State: online since Tue Nov 14, 2012 17:35:30 PM IST See: man -M /usr/share/man -s 1M ipadm See: man -M /usr/share/man -s 5 nwam See: man -M /usr/share/man -s 1M dladm See: /var/svc/log/network-physical:default.log Impact: None. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 9 g. Now, verify that the DefaultFixed ncp is active. root@s11-client:~# netadm list TYPE PROFILE STATE ncp Automatic disabled ncp DefaultFixed online loc Automatic offline loc NoNet offline loc DefaultFixed offline Observation: The DefaultFixed ncp is back to online state and the Automatic ncp is switched back to disabled. This means that currently the DefaultFixed ncp is active. Now, you can proceed to the next task of assigning a new static IP to the system. Task 4/4 4. Configure a network interface with a static IP address. a. In this step, you display the physical network interface card (NIC) information. root@s11-client:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 1000 full e1000g0 net2 Ethernet unknown 1000 full e1000g2 net3 Ethernet unknown 1000 full e1000g3 net1 Ethernet unknown 1000 full e1000g1 Observation: Currently, only net0 is configured and is up. b. You will use net2, which is mapped to the e1000g0 link to configure and assign an additional IP to this system. Create the interface net2 by using the create-ip subcommand. root@s11-client:~# ipadm create-ip net2 c. Confirm the status of the interface by using the show-phys command. root@s11-client:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 1000 full e1000g0 net2 Ethernet up 1000 full e1000g2 net3 Ethernet unknown 1000 full e1000g3 net1 Ethernet unknown 1000 full e1000g1 Observation: The net2 interface is up now. d. Display the link status by using the show-link subcommand. root@s11-client:~# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -- net2 phys 1500 up -- net3 phys 1500 unknown -- net1 phys 1500 unknown -- e. Now configure the IP interface with a valid IP address by using the create-addr subcommand. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 10 root@s11-client:~# ipadm create-addr -a 192.168.10.21/24 net2 net2/v4 f. Display information about the IP interface that was just configured. root@s11-client:~# ipadm show-addr net2 ADDROBJ TYPE STATE ADDR net2/v4 static ok 192.168.10.21/24 Observation: The net2 interface is configured with ipv4, and has been assigned another IP address, 192.168.10.21. g. In this step, you will remove the net2 interface from the s11-client VM. To confirm, run the show-addr command. root@s11-client:~# ipadm delete-ip net2 root@s11-client:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net0/v4 static ok 192.168.10.20/24 lo0/v6 static ok ::1/128 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 11 Practice 3-2: Creating the zgateway Zone Overview In this practice, you create a non-global zone called zgateway and configure a network inside the zone. The zgateway zone is the entry point to the network-in-a-box setup from the external world. This implies that all communication from the external network to every single zone in the box will happen through zgateway. Tasks In this practice, you will perform the following tasks: 1. Create a file system for the zone root file system. 2. Configure the zgateway zone. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 12 Task 1/2 1. Create a file system for the zone root file system. Before configuring the zgateway zone, you need to create a file system for the zone root file system. To begin with, establish a secure remote connection from the s11-client VM to the s11- server VM. Note: You can ignore the following step if you are already logged in to s11-server from the s11- client terminal from the previous session. a. Verify that the s11-client and s11-server VMs are running. b. Log in to the s11-client VM as the oracle user with the password, oracle1. c. Establish a secure remote connection with the s11-server VM (192.168.10.10) by using ssh. oracle@s11-client:~$ ssh oracle@s11-server Password: oracle1 Last login: Wed Nov 14 18:28:58 2012 Oracle Corporation SunOS 5.11 11.1 September 2012 oracle@s11-server:~$ d. Switch to the root role by using the su – command. oracle@s11-server:~$ su - Password: oracle1 Oracle CorporationSunOS 5.11 11.1 September 2012 root@s11-server:~# Note: If you are already working in the s11-server terminal in the s11-client VM, ignore the preceding step and switch to the s11-server terminal. e. List all the running or active zones by using the zoneadm command. root@s11-server:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared Observation: The preceding output indicates that there is no non-global zone configured in this system yet. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 13 f. (Optional) Identify the disk to be used for creating the zone root file system, which contains the zfs pool that will manage the storage for all the zones in this system. Note: You can use the format command to identify the disk for the zfs pool. Disk c7t4d0 is the chosen disk for creating the zfs pool. root@s11-server:~# format Searching for disks...done AVAILABLE DISK SELECTIONS: 0. c7t0d0 <ATA-VBOX HARDDISK-1.0-32.00GB> /pci@0,0/pci8086,2829@d/disk@0,0 1. c7t2d0 <ATA-VBOX HARDDISK-1.0-32.00GB> /pci@0,0/pci8086,2829@d/disk@2,0 2. c7t3d0 <ATA-VBOX HARDDISK-1.0 cyl 4175 alt 2 hd 255 sec 63> /pci@0,0/pci8086,2829@d/disk@3,0 3. c7t4d0 <ATA-VBOX HARDDISK-1.0 cyl 4175 alt 2 hd 255 sec 63> /pci@0,0/pci8086,2829@d/disk@4,0 Specify disk (enter its number): 3 …. …. To quit from the format command, type ‘q’ Format> q root@s11-server:~# g. Create a new zfs pool named zones in the global zone by using the zpool create command. Verify the available pools by using the zpool list command. root@s11-server:~# zpool create zones c7t4d0 root@s11-server:~# zpool list NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT ipspool 31.8G 6.07G 25.7G 19% 1.00x ONLINE - rpool 31.5G 12.5G 19.0G 39% 1.00x ONLINE - zones 31.8G 85K 31.7G 0% 1.00x ONLINE - Task 2/2 2. Configure the zgateway zone. a. Configure the zgateway zone by using the zonecfg command. root@s11-server:~# zonecfg -z zgateway Use ‘create’ to being configuring a new zone. zonecfg:zgateway> create create: Using system default template ‘SYSdefault’ zonecfg:zgateway> set zonepath=/zones/zgateway O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 14 zonecfg:zgateway> add net zonecfg:zgateway:net> set physical=net1 zonecfg:zgateway:net> set configure-allowed-address=false zonecfg:zgateway:net> end zonecfg:zgateway> add net zonecfg:zgateway:net> set physical=net2 zonecfg:zgateway:net> set configure-allowed-address=false zonecfg:zgateway:net> end zonecfg:zgateway> exit Observation: The two network interfaces, net1 and net2, have been assigned to the zgateway zone. These interfaces will be required for configuring IP Multipathing (IPMP) in the subsequent practice. b. Remove the net0 interface from the zone configuration entry. root@s11-server:~# zonecfg -z zgateway ‘remove anet linkname=net0’ Note: By default, every zone has an automatic network interface, net0, which is added from the SYSdefault template. You can verify this by reading the file, /etc/zones/zgateway.xml. However, you need to remove the net0 interface so that you can customize it to perform your tasks in this practice. c. Confirm that the zgateway zone is configured and listed. root@s11-server:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - zgateway configured /zones/zgateway solaris excl d. To install the zgateway zone, verify by using the pkg publisher command that the s11-server VM can contact the IPS server. root@s11-server:~# pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris origin online F http://192.168.10.10/ e. Install the zgateway zone by using the zoneadm command. root@s11-server:~# zoneadm -z zgateway install The following ZFS file system(s) have been created: /zones/zgateway Progress being logged to /var/log/zones/zoneadm.20121114T080627Z.zgateway.install Image: Preparing at /zones/zgateway/root. AI Manifest: /tmp/manifest.xml.0saqke SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml Zonename: zgateway Installation: Starting ... O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 15 Creating IPS image Startup linked: 1/1 done Installing packages from: solaris origin: http://192.168.10.10/ DOWNLOAD PKGS FILES XFER (MB) SPEED Completed 183/183 33556/33556 222.2/222.2 210k/s PHASE ITEMS Installing new actions 46825/46825 Updating package state database Done Updating image state Done Creating fast lookup database Done Installation: Succeeded Note: Man pages can be obtained by installing pkg:/system/manual done. Done: Installation completed in 1919.199 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. Log saved in non-global zone as /zones/zgateway/root/var/log/zones/zoneadm.20121114T080627Z.zgat eway.install Note: The installation process may take several minutes depending on the network speed. f. Now check the status of the zgateway zone. root@s11-server:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - zgateway installed /zones/zgateway solaris excl Observation: The zgateway zone is in installed state. g. Start the zgateway zone and check its status again. root@s11-server:~# zoneadm -z zgateway boot root@s11-server:~# zoneadm list -cv O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 16 ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 1 zgateway running /zones/zgateway solaris excl h. Log in to the zgateway zone console by using the zlogin –C command. root@s11-server:~# zlogin -C zgateway Note: If it takes a lot of time for the console screen to appear, pressthe <Enter> key and use the <ESC + 2> key combination. i. When prompted, provide the following information to set up the zgateway zone. Item Value Computer name Zgateway Networking Manually Manual network configuration net1 IP Address 192.168.10.30 DNS Do not configure DNS Alternate name service None Time zone Choose appropriately Time zone locations Choose appropriately Password oracle1 Note: You can skip the option to create a user account and press ESC-2_Continue. Press ESC-2_Apply (Press Escape + 2 + Enter simultaneously) to apply the settings. Now allow the zgateway zone to restart. SC profile successfully generated. Exiting System Configuration Tool. Log is available at: /system/volatile/sysconfig/sysconfig.log.3539 Hostname: zgateway zgateway console login: j. Log in to the zgateway zone as the root user. zgateway console login: root Password: oracle1 Nov 14 19:22:33 zgateway login: ROOT LOGIN /dev/console Oracle Corporation SunOS 5.11 11.1 September 2012 root@zgateway:~# k. Verify that the network is configured on the zgateway zone. root@zgateway:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net1/v4 static ok 192.168.10.30/24 lo0/v6 static ok ::1/128 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 17 net1/v6 addrconf ok fe80::a00:27ff:fe23:4870/10 l. Log out of the console by pressing the ~. characters on the keyboard. root@zgateway:~# ~. Connection to s11-server closed. oracle@s11-client:~$ Note: ~. is represented as tilde (~) followed by the dot (.) key. This will disconnect you from the s11-server VM. m. Now access the zgateway zone from the s11-client VM. oracle@s11-client:~$ ping 192.168.10.30 192.168.10.30 is alive Observation: The s11-client VM can communicate with the non-global zone that is residing in the s11-server VM. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 18 Practice 3-3: Creating the bestub and festub Etherstubs Overview You have successfully created and configured the zgateway zone. You now require additional zones to configure the various applications. In addition, these zones need to be protected from the larger network and the outside world. Recall that etherstubs help to create private virtual networks. In this practice, you create two private switches, bestub (back-end etherstub) and festub (front-end etherstub). Tasks In this practice, you will connect to the s11-server VM and create private switches. Task 1/1 1. Connect to the s11-server VM and create private switches. a. In the s11-server terminal window (running in the s11-client VM), establish a secure remote connection with the s11-server VM by using the ssh command and switch to the root profile. oracle@s11-client:~$ ssh oracle@s11-server Password: oracle1 Last login: Wed Nov 14 19:48:58 2012 Oracle Corporation SunOS 5.11 11.1 September 2012 oracle@s11-server:~$ su - Password: oracle1 Oracle Corporation SunOS 5.11 11.1 September 2012 O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 19 root@s11-server:~# b. Create a back-end etherstub, bestub0, in the global zone. root@s11-server:~# dladm create-etherstub bestub0 c. Create a front-end etherstub, festub0, in the global zone. root@s11-server:~# dladm create-etherstub festub0 d. Verify that the etherstubs have been created by using the show-etherstub subcommand. root@s11-server:~# dladm show-etherstub -Z LINK ZONE bestub0 global festub0 global Observation: The bestub0 and festub0 etherstubs have been created in the global zone. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 20 Practice 3-4: Configuring the zrouter and zweb1 Zones Overview Having created festub0 and bestub0, you now create two additional zones on bestub0. The zrouter zone is configured as a router to establish communication between internal networks. The zweb1 zone is configured as an application server that will host Tarang’s media applications. Tasks In this practice, you will perform the following tasks: 1. Configure the zrouter zone for establishing communication between internal networks. 2. Configure the zweb1 zone. 3. Start the zrouter and zweb1 zones. 4. Verify that vnics have been created on the bestbu0 etherstub. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 21 Task 1/4 1. Configure the zrouter zone for establishing communication between internal networks. a. Verify that the s11-client VM is running. b. Log in to the s11-client VM as the oracle user with the password, oracle1. c. Establish a secure remote connection with the s11-server VM by using ssh and switch to the root profile. oracle@s11-client:~$ ssh oracle@s11-server Password: oracle1 Last login: Wed Nov 14 19:57:36 2012 Oracle Corporation SunOS 5.11 11.1 September 2012 oracle@s11-server:~$ su - Password: oracle1 Oracle Corporation SunOS 5.11 11.1 September 2012 root@s11-server:~# Note: You can ignore the preceding steps if you are already working in the s11-server terminal window, which is running in the s11-client VM, from the previous task. d. Configure the zrouter zone by using the zonecfg command. root@s11-server:~# zonecfg -z zrouter Use ‘create’ to being configuring a new zone. zonecfg:zrouter> create create: Using system default template ‘SYSdefault’ zonecfg:zrouter> set zonepath=/zones/zrouter zonecfg:zrouter> add anet zonecfg:zrouter:anet> set linkname=bevnic0 zonecfg:zrouter:anet> set lower-link=bestub0 zonecfg:zrouter:anet> set configure-allowed-address=false zonecfg:zrouter:anet> end zonecfg:zrouter> exit e. Remove the default net0 entry as explained in task 1. root@s11-server:~# zonecfg -z zrouter ‘remove anet linkname=net0’ f. Confirm that the zrouter zoneis configured and listed. root@s11-server:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 1 zgateway running /zones/zgateway solaris excl - zrouter configured /zones/zrouter solaris excl Observation: The zrouter zone is listed and configured. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 22 Task 2/4 2. Configure the zweb1 zone. You can create the zweb1 zone by reusing the zrouter zone configuration. This is possible by using the cloning feature in Oracle Solaris 11, which allows you to create a new zone by duplicating the configuration of an existing zone. Cloning saves the time and effort that is involved in zone creation. a. Export the configuration of the zrouter zone to create the zweb1 zone. root@s11-server:~# zonecfg -z zrouter export -f /zweb1.txt b. Edit and save the zweb1.txt file to accommodate any changes in the configuration of the zweb1 zone compared to the cloned zone. root@s11-server:~# vi /zweb1.txt create -b set brand=solaris set zonepath=/zones/zweb1 set autoboot=false set ip-type=exclusive add anet set linkname=bevnic1 set lower-link=bestub0 set configure-allowed-address=false set link-protection=mac-nospoof set mac-address=random end :wq c. Now create the zweb1 zone based on the updated configuration in the zweb1.txt file. root@s11-server:~# zonecfg -z zweb1 -f /zweb1.txt d. Verify that the zrouter and zweb1 zones are configured. root@s11-server:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 1 zgateway running /zones/zgateway solaris excl - zrouter configured /zones/zrouter solaris excl - zweb1 configured /zones/zweb1 solaris excl e. Install the zrouter zone by using the zoneadm command. root@s11-server:~# zoneadm -z zrouter install The following ZFS file system(s) have been created: zones/zrouter Progress being logged to /var/log/zones/zoneadm.20121114T083103Z.zrouter.install Image: Preparing at /zones/zrouter/root. O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 23 AI Manifest: /tmp/manifest.xml.CQaGql SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml Zonename: zrouter Installation: Starting ... Creating IPS image Startup linked: 1/1 done Installing packages from: solaris origin: http://192.168.10.10/ DOWNLOAD PKGS FILES XFER (MB) SPEED Completed 183/183 33556/33556 222.2/222.2 905k/s PHASE ITEMS Installing new actions 46825/46825 Updating package state database Done Updating image state Done Creating fast lookup database Done Installation: Succeeded Note: Man pages can be obtained by installing pkg:/system/manual done. Done: Installation completed in 571.823 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. Log saved in non-global zone as /zones/zrouter/root/var/log/zones/zoneadm.20121114T083103Z.zrout er.install f. Verify that the zrouter zone is installed. root@s11-server:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 1 zgateway running /zones/zgateway solaris excl O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 24 - zrouter installed /zones/zrouter solaris excl - zweb1 configured /zones/zweb1 solaris excl g. Clone the zweb1 zone by using the zrouter zone. Note that the source zone, zrouter, should be in installed state. root@s11-server:~# zoneadm -z zweb1 clone zrouter The following ZFS file system(s) have been created: zones/zweb1 Progress being logged to /var/log/zones/zoneadm.20121114T089056Z.zweb1.clone Log saved in non-global zone as /zones/zweb1/root/var/log/zones/zoneadm.20121114T089056Z.zweb1.c lone h. Verify that the cloned zone, zweb1, is installed. root@s11-server:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 1 zgateway running /zones/zgateway solaris excl - zrouter installed /zones/zrouter solaris excl - zweb1 installed /zones/zweb1 solaris excl Task 3/4 3. Start the zrouter and zweb1 zones. In this task, you provide system and network details to the zrouter and zweb1 zones. This ensures network connectivity between them. For the zrouter zone: a. Start the zrouter zone. root@s11-server:~# zoneadm -z zrouter boot b. Confirm that the current status of the zrouter zone is running. root@s11-server:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 1 zgateway running /zones/zgateway solaris excl 3 zrouter running /zones/zrouter solaris excl - zweb1 installed /zones/zweb1 solaris excl c. Log in to the zrouter zone. root@s11-server:~# zlogin -C zrouter Note: If it takes a lot of time for the console screen to appear, press the <Enter> key. Follow the instructions on the screen. d. Use the following information to set up the zone: Item Value Computer Name Zrouter O ra cl e U ni ve rs ity a nd (O ra cl e C or po ra tio n) u se o nl y. Th es e eK it m at er ia ls a re to b e us ed O N LY b y yo u fo r t he e xp re ss p ur po se S EL F ST U D Y. S H AR IN G T H E FI LE IS S TR IC TL Y PR O H IB IT ED . Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Practices for Lesson 3: Configuring a Virtual Network Chapter 3 - Page 25 Networking Manually Manual Network Configuration bevnic0 IP Address 192.168.30.254 DNS Do not configure DNS Alternate Name Service None Time Zone Choose Appropriately Time Zone Locations Choose Appropriately Password oracle1 Note: You can skip the option to create a user account and press F2_Continue. Press F2_Apply to apply the settings. Allow the zone to restart. SC profile successfully generated. Exiting System Configuration Tool. Log is available at: /system/volatile/sysconfig/sysconfig.log.8421 Hostname: zrouter zrouter console login: e. Log in to the zrouter zone. zrouter console login: root Password: oracle1 Nov 14 20:37:59 zrouter login: ROOT LOGIN /dev/console Oracle Corporation SunOS 5.11 11.1 September 2012 root@zrouter:~# f. Verify that the network is configured on the zrouter zone.
Continue navegando
Perguntas relacionadas
Compartilhar