User Tools
snipets:solaris:net-etherstub
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
snipets:solaris:net-etherstub [2012/09/21 09:27] sjorge [Introduction] |
snipets:solaris:net-etherstub [2014/10/09 22:02] (current) |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| Etherstubs seem to confuse some people. Things usually get cleared up when I compare the to vSwitches. | Etherstubs seem to confuse some people. Things usually get cleared up when I compare the to vSwitches. | ||
| + | Take the following example:\\ | ||
| + | {{ :snipets:solaris:etherstub-example.png?200|}} | ||
| + | You have: | ||
| + | * 1 reverse proxy to filter traffic and do loadbalancing | ||
| + | * 2 applications servers | ||
| + | * 2 database servers | ||
| + | Say you run each component in either zone or KVM instance, | ||
| + | you can then give each a vnic that is linked to your main network interface. | ||
| + | But will put more traffic on your physical switch and also open up some security issues. You could ofcourse use VLAN's but that again adds more administrative complexity. | ||
| + | |||
| + | To solve this you can use an etherstub with vnics for the database and application servers. The proxy will also have a vnic on the etherstub and one on the physical interface. | ||
| + | |||
| + | This approuce will: | ||
| + | * **reduce the need for VLAN's,** this elminitating the extra complexity of your physical network. | ||
| + | * **eliminate the traffic on the physical switch** | ||
| + | * **security benifits**, the backend servers are not connected to the physical network. | ||
| + | |||
| + | Bellow I'll give some examples on how to create an etherstub and how to add vnics to it. | ||
| + | |||
| + | ===== Creating an etherstub ===== | ||
| + | <code>dladm create-etherstub vSwitch0</code> | ||
| + | |||
| + | ===== Adding/removing vnics to/from an etherstub ===== | ||
| + | Please see [[snipets:solaris:net-vnic|]], just provide the name of the etherstub instead of the physical interface/aggr/... after the ''-l'' flag. | ||
| + | |||
| + | ===== Displaying all etherstubs ===== | ||
| + | <code>dladm show-etherstub</code> | ||
| + | |||
| + | ===== Removing an etherstubs ===== | ||
| + | <code>dladm delete-etherstub vSwitch0</code> | ||
| + | |||
| + | ===== Example ===== | ||
| + | Here is an example for the setup displayed above. This creates the etherstub, 2 vnics for the proxy vm, 1 vnic for each database and application servers. | ||
| + | <code> | ||
| + | dladm create-etherstub vsw0 | ||
| + | dladm create-vnic -l trunk0 vpr0 | ||
| + | dladm create-vnic -l vsw0 vpr1 | ||
| + | dladm create-vnic -l vsw0 zdb0 | ||
| + | dladm create-vnic -l vsw0 zdb1 | ||
| + | dladm create-vnic -l vsw0 zapp0 | ||
| + | dladm create-vnic -l vsw0 zapp1 | ||
| + | dladm set-linkprop -p protection=mac-nospoof vpr0 | ||
| + | dladm set-linkprop -p protection=mac-nospoof vpr1 | ||
| + | dladm set-linkprop -p protection=mac-nospoof zdb0 | ||
| + | dladm set-linkprop -p protection=mac-nospoof zdb1 | ||
| + | dladm set-linkprop -p protection=mac-nospoof zapp0 | ||
| + | dladm set-linkprop -p protection=mac-nospoof zapp1 | ||
| + | </code> | ||
snipets/solaris/net-etherstub.1348212434.txt.gz · Last modified: 2014/10/09 22:02 (external edit)
Page Tools
