1 2 Previous Next 19 Replies Latest reply on Jan 6, 2020 9:50 PM by NeilPutnam-Oracle

    Solaris 11.3 zones and DAD Issue.

    4039808

      We encountered an issue we discovered while testing our new pure storage.  We were able to bring up both the production zone AND the HA zone; with BOTH having the same IP address.  From the production zone there was no indication of a conflict, and unlike in solaris 10, the zone started on the HA system (with Solaris 10, the zone would start, but the interface would be disabled); with Solaris 11 the zone started, it is able to ping the router; but there are definitely some communication issues.  I was looking online an there is discussion about Duplicate Address Detection (DAD) which seems to need configured for Solaris 11.  Can you please help ?? Thanks in adv.

        • 1. Re: Solaris 11.3 zones and DAD Issue.
          Nik

          Hi.

          According "Oracle Solaris Implementation Duplicate Address Detection (DAD) (Doc ID 1501384.1)"  DAD can not be disabled at Solaris.

          Can you clear you configuration ?  (  Zone use dedicated or shared NIC?  etc)

           

          Regards,

            Nik

          • 2. Re: Solaris 11.3 zones and DAD Issue.
            4039808

            But there should a notification isn't it ?

            If the Same  IP is up on both the zones should not be there a concurrency violation  ?

            • 3. Re: Solaris 11.3 zones and DAD Issue.
              4039808

              How to clear the configuration ? (  Zone use dedicated or shared NIC?  etc)

              Any Doc ?

              • 4. Re: Solaris 11.3 zones and DAD Issue.
                4039808

                FYI, we are using DLMP .

                I've tried to use a temp. IP on 2 zones and rebooted but didn't get any error and both zone's are up with same IP address !!

                Also i've tried using Reduce the _dup_recovery value to 10 seconds, but this also didn;t helped ...any thoughts ??

                Thanks in adv.

                • 5. Re: Solaris 11.3 zones and DAD Issue.
                  Nik

                  Hi.

                  You not provide any commands what you do, so it's dificult cmment any results.

                  Please show commands what you use for change IP address and change DAD parameters.

                  Command for show zone configuration:

                  zonecfg -z <zonename> info

                   

                  Docs about zones: https://docs.oracle.com/cd/E53394_01/html/E54752/index.html

                  Regards,

                  Nik

                  • 6. Re: Solaris 11.3 zones and DAD Issue.
                    4039808

                    I've used below command for Reduce the _dup_recovery value to 10 seconds.

                     

                     

                    ipadm set-prop -p _dup_recovery=10000 ip

                     

                     

                    ipadm show-prop -p _dup_recovery ip

                    PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE

                    ip    _dup_recovery         rw   10000        10000        300000       0-3600000

                     

                    [acme:root]/> zonecfg -z derby info

                    zonename: derby

                    zonepath: /zones/derby

                    brand: solaris

                    autoboot: false

                    autoshutdown: shutdown

                    bootargs: -m verbose

                    file-mac-profile:

                    pool:

                    limitpriv:

                    scheduling-class:

                    ip-type: exclusive

                    hostid:

                    tenant:

                    fs-allowed:

                    anet:

                            linkname: net0

                            lower-link: auto

                            allowed-address: 172.31.81.209/24

                            configure-allowed-address: true

                            defrouter: 172.17.81.1

                            allowed-dhcp-cids not specified

                            link-protection: "mac-nospoof, ip-nospoof"

                            mac-address: auto

                            auto-mac-address: 2:8:20:5b:23:71

                            mac-prefix not specified

                            mac-slot not specified

                            vlan-id not specified

                            priority not specified

                            rxrings not specified

                            txrings not specified

                            mtu not specified

                            maxbw not specified

                            bwshare not specified

                            rxfanout not specified

                            vsi-typeid not specified

                            vsi-vers not specified

                            vsi-mgrid not specified

                            etsbw-lcl not specified

                            cos not specified

                            pkey not specified

                            linkmode not specified

                            evs not specified

                            vport not specified

                    attr:

                            name: image-uuid

                            type: string

                            value: 1c9d2a7b-0e6a-4612-ba4f-6dcb79511944

                    [acme:root]/>

                    • 7. Re: Solaris 11.3 zones and DAD Issue.
                      4039808

                      Team.

                       

                      Any thoughts ?

                      • 8. Re: Solaris 11.3 zones and DAD Issue.
                        NeilPutnam-Oracle

                        This makes me wonder if the two zones are using interfaces that are truly in the same broadcast domain.   When Solaris brings up an IP address a gratuitous ARP is broadcast  - the zone with the duplicate IP address should respond - if it received that broadcast - causing the new zone's IP to be marked as a duplicate.  This is how DAD works, as well.

                         

                        Which lower link = auto we can't be sure what interface is being used by the zone above.   A "dladm show-link" run in the global zone should provide that information - for all running zones, at least.   

                         

                        Perhaps the zones are using lower-link interfaces that are not on the same broadcast domain?

                        • 9. Re: Solaris 11.3 zones and DAD Issue.
                          4039808

                          Global Zones O/P

                           

                          LINK       PORT           SPEED DUPLEX   STATE     ADDRESS            PORTSTATE

                          aggr10     --             10000Mb full   up        0:c0:dd:14:6f:76   --

                                     net3           10000Mb full   up        0:c0:dd:14:6f:76   attached

                                     net2           10000Mb full   up        0:c0:dd:14:6f:74   attached

                           

                           

                          --

                          dladm show-link

                          LINK                CLASS     MTU    STATE    OVER

                          net3                phys      1500   up       --

                          net0                phys      1500   down     --

                          net2                phys      1500   up       --

                          net1                phys      1500   unknown  --

                          aggr10              aggr      1500   up       net3 net2

                          derby/net0          vnic      1500   up       aggr10 ( Derby is the zone )

                          • 10. Re: Solaris 11.3 zones and DAD Issue.
                            NeilPutnam-Oracle

                            Although in that case - zones using lower-link interfaces in different broadcast domains -  I would expect at least one zone to not be able to communicate with it's assigned (duplicate) IP address.    

                             

                            Anyway,  a dladm show-link for the zones (there should be derby/net0  vnic  with the lower-link in the "OVER" column for the zone above) should help.

                            • 11. Re: Solaris 11.3 zones and DAD Issue.
                              4039808

                              [derby:root]/> dladm show-link

                              LINK                CLASS     MTU    STATE    OVER

                              net0                vnic      1500   up       ?

                              • 12. Re: Solaris 11.3 zones and DAD Issue.
                                4039808

                                [derby:root]/> dladm show-link

                                LINK                CLASS     MTU    STATE    OVER

                                net0                vnic      1500   up       ?

                                [derby:root]/> ipadm

                                NAME              CLASS/TYPE STATE        UNDER      ADDR

                                lo0               loopback   ok           --         --

                                   lo0/v4         static     ok           --         127.0.0.1/8

                                   lo0/v6         static     ok           --         ::1/128

                                net0              ip         ok           --         --

                                   net0/v4        inherited  ok           --         172.31.81.209/24 >>>

                                 

                                 

                                From other system's

                                 

                                Global

                                dladm show-link

                                LINK                CLASS     MTU    STATE    OVER

                                net6                phys      1500   unknown  --

                                net7                phys      1500   unknown  --

                                net4                phys      1500   unknown  --

                                net1                phys      1500   unknown  --

                                net8                phys      1500   unknown  --

                                net5                phys      1500   unknown  --

                                net0                phys      1500   up       --

                                net10               phys      1500   unknown  --

                                net11               phys      1500   unknown  --

                                net2                phys      1500   unknown  --

                                net9                phys      1500   unknown  --

                                net3                phys      1500   unknown  --

                                net12               phys      1500   up       --

                                aggr1               aggr      1500   up       net0

                                TestKZ1/net0        vnic      1500   up       aggr1

                                 

                                root@TestKZ1:~# dladm show-link

                                LINK                CLASS     MTU    STATE    OVER

                                net0                phys      1500   up       --

                                root@TestKZ1:~# ipadm

                                NAME              CLASS/TYPE STATE        UNDER      ADDR

                                lo0               loopback   ok           --         --

                                   lo0/v4         static     ok           --         127.0.0.1/8

                                   lo0/v6         static     ok           --         ::1/128

                                net0              ip         ok           --         --

                                   net0/v4        inherited  ok           --         172.31.81.209/24   >>> Same IP being used

                                   net0/v6        inherited  ok           --         fe80::8:20ff:febe:5e00/10

                                root@TestKZ1:~#

                                • 13. Re: Solaris 11.3 zones and DAD Issue.
                                  NeilPutnam-Oracle

                                  So, the TestKZ1 zone's net0 is over aggr1 -  but what about the dladm show-link from derby's global zone?    

                                   

                                  Then, the question is whether those physical interfaces (or aggregations) are able to communicate over the same VLAN (broadcast domain).    Even if the IP address is the same doesn't mean the switch ports involved are configured for the same VLANs.    That is a rather common issue, in fact.

                                  • 14. Re: Solaris 11.3 zones and DAD Issue.
                                    4039808

                                    [acme:root]/> dladm show-link

                                    LINK                CLASS     MTU    STATE    OVER

                                    net3                phys      1500   up       --

                                    net0                phys      1500   down     --

                                    net2                phys      1500   up       --

                                    net1                phys      1500   unknown  --

                                    aggr10              aggr      1500   up       net3 net2

                                    derby/net0          vnic      1500   up       aggr10

                                     

                                    That the o/p from derby's global

                                    1 2 Previous Next