L2 Cache

Behold the power of |!

User Tools

Site Tools


Sidebar

snipets:solaris:smartos-ipv6

SmartOS IPv6

While doing my migration from ESXi @ Kimsufi to SmartOS @ SyS I noticed I had a full IPv6 /64 available for me. Sounds like a good idea to drop my current tunneled setup. Below is how to make your GZ IPv6 reachable and a template to do the same for zones.

SmartOS Global Zone Configuration

network helper

A helper script to setup IPv6 in the GZ and do some other things also.

:?: can't figure out the default gateway? Head here enter YOUR:IP:V6:BLOCK::1/56 grab the end address of your 'network range' and change the last 4 ffff entries to ff and your should have your gateway.

/opt/custom/bin/net-setup
#!/usr/bin/sh
 
. /lib/svc/share/smf_include.sh
 
## enable ipv6
ipadm create-addr -t -T addrconf e1000g0/v6a
ipadm create-addr -t -T static -a YOUR:IP:V6:BLOCK::1 e1000g0/v6s
route add -inet6 YOUR:IP:V6:BLOCK::1/56 YOUR:IP:V6:BLOCK::1 -interface
route add -inet6 default YOUR:IP:V6:BLOff:ff:ff:ff:ff
 
## clear firewall rules
[ -e /etc/ipf/ipf.conf ] && rm /etc/ipf/ipf.conf
 
## firewall rules
echo "# Default policies" >> /etc/ipf/ipf.conf
echo "pass out all keep state" >> /etc/ipf/ipf.conf
echo "block in all" >> /etc/ipf/ipf.conf
echo "block return-rst in log first proto tcp all" >> /etc/ipf/ipf.conf
echo "block return-icmp(host-unr) in log proto udp all" >> /etc/ipf/ipf.conf
echo "# Allow Loopback" >> /etc/ipf/ipf.conf
echo "pass in quick on lo0 all" >> /etc/ipf/ipf.conf
echo "pass out quick on lo0 all" >> /etc/ipf/ipf.conf
echo "# Allow ICMP" >> /etc/ipf/ipf.conf
echo "pass out quick proto icmp all keep state" >> /etc/ipf/ipf.conf
echo "pass in quick proto icmp all keep state" >> /etc/ipf/ipf.conf
echo "# Allow SSH" >> /etc/ipf/ipf.conf
echo "pass in quick proto tcp from any to any port = 22 flags S/FSRPAU keep state keep frags" >> /etc/ipf/ipf.conf
 
## enable firewall
/usr/sbin/ipf -E -Fa -v -f /etc/ipf/ipf.conf
 
exit $SMF_EXIT_OK

Don't forget to make this file executable! chmod +x /opt/custom/bin/net-setup

smf manifest to run net-setup at boot

/opt/custom/smf/net-setup.xml
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
 
<service_bundle type='manifest' name='site:net-setup'>
<service name='site/net-setup' type='service' version='1'>
        <create_default_instance enabled='true' />
        <single_instance />
            <dependency name='net-physical' grouping='require_all' restart_on='none' type='service'>
        <service_fmri value='svc:/network/physical'/>
        </dependency>
        <dependency name='filesystem' grouping='require_all' restart_on='none' type='service'>
            <service_fmri value='svc:/system/filesystem/local'/>
        </dependency>
 
        <exec_method type='method' name='start' exec='/opt/custom/bin/net-setup' timeout_seconds='0' />
        <exec_method type='method' name='stop' exec=':true' timeout_seconds='0' />
 
        <property_group name='startd' type='framework'>
                <propval name='duration' type='astring' value='transient' />
        </property_group>
 
        <stability value='Unstable' />
</service>
</service_bundle>

make sure to remove the first set of indetations that happens when copying from this wiki!

After a reboot check your connectivity using ipadm show-addr and ping -A inet6 google.com

example configuration for zone

{
  "brand": "joyent",
  "image_uuid": "d34c301e-10c3-11e4-9b79-5f67ca448df0",
  "hostname": "<fqdn>",
  "alias": "<name>",
  "autoboot": true,
  "nowait": false,
  "quota": 25,
  "cpu_shares": 100,
  "max_physical_memory": 512,
  "zfs_io_priority": 100,
  "zfs_root_compression": "lz4",
  "resolvers": [ "8.8.8.8", "8.8.4.4" ],
  "nics": [
    {
      "nic_tag": "admin",
      "mac": "<mac>",
      "ip": "<ip4_block>.<host>",
      "netmask": "255.255.255.255",
      "allow_ip_spoofing": true,
      "primary": true
    }
  ],
  "customer_metadata": {
    "user-script":
      "route add <ip4_block>.0/24 5.135.127.99 -interface ; route add default <gateway-from-server> ; ipadm create-addr -t -T addrconf net0/v6a ; ipadm create-addr -t -T static -a <ip6_block>::<host> net0/v6s ; route add -inet6 <ip6_block>::/56 <ip6_block>::<host> -interface ; route add -inet6 default <ip6_block_part>ff:ff:ff:ff:ff"
  }
}
snipets/solaris/smartos-ipv6.txt · Last modified: 2014/10/09 22:02 (external edit)