L2 Cache

Behold the power of |!

User Tools

Site Tools


snipets:solaris:smartos-ipv6

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

snipets:solaris:smartos-ipv6 [2014/07/26 20:56]
sjorge [example configuration for zone]
snipets:solaris:smartos-ipv6 [2014/10/09 22:02]
Line 1: Line 1:
-===== Introduction ===== 
-While doing my migration from ESXi @ Kimsufi to SmartOS @ SyS I noticed I had a full IPv6 /64 available for me. 
-Sounds like a good idea to drop my current tunneled setup. Below is how to make your GZ IPv6 reachable and a template to do the same for zones. 
- 
-===== SmartOS Global Zone Configuration ===== 
-==== network helper ==== 
-A helper script to setup IPv6 in the GZ and do some other things also. 
- 
-:?: can't figure out the default gateway? Head [[http://​www.gestioip.net/​cgi-bin/​subnet_calculator.cgi|here]] enter YOUR:​IP:​V6:​BLOCK::​1/​56 grab the end address of your '​network range' and change the last 4 ffff entries to ff and your should have your gateway. 
- 
-<file bash /​opt/​custom/​bin/​net-setup>​ 
-#​!/​usr/​bin/​sh 
- 
-. /​lib/​svc/​share/​smf_include.sh 
- 
-## enable ipv6 
-ipadm create-addr -t -T addrconf e1000g0/v6a 
-ipadm create-addr -t -T static -a YOUR:​IP:​V6:​BLOCK::​1 e1000g0/v6s 
-route add -inet6 YOUR:​IP:​V6:​BLOCK::​1/​56 YOUR:​IP:​V6:​BLOCK::​1 -interface 
-route add -inet6 default YOUR:​IP:​V6:​BLOff:​ff:​ff:​ff:​ff 
- 
-## clear firewall rules 
-[ -e /​etc/​ipf/​ipf.conf ] && rm /​etc/​ipf/​ipf.conf 
- 
-## firewall rules 
-echo "# Default policies"​ >> /​etc/​ipf/​ipf.conf 
-echo "pass out all keep state" >> /​etc/​ipf/​ipf.conf 
-echo "block in all" >> /​etc/​ipf/​ipf.conf 
-echo "block return-rst in log first proto tcp all" >> /​etc/​ipf/​ipf.conf 
-echo "block return-icmp(host-unr) in log proto udp all" >> /​etc/​ipf/​ipf.conf 
-echo "# Allow Loopback"​ >> /​etc/​ipf/​ipf.conf 
-echo "pass in quick on lo0 all" >> /​etc/​ipf/​ipf.conf 
-echo "pass out quick on lo0 all" >> /​etc/​ipf/​ipf.conf 
-echo "# Allow ICMP" >> /​etc/​ipf/​ipf.conf 
-echo "pass out quick proto icmp all keep state" >> /​etc/​ipf/​ipf.conf 
-echo "pass in quick proto icmp all keep state" >> /​etc/​ipf/​ipf.conf 
-echo "# Allow SSH" >> /​etc/​ipf/​ipf.conf 
-echo "pass in quick proto tcp from any to any port = 22 flags S/FSRPAU keep state keep frags" >> /​etc/​ipf/​ipf.conf 
- 
-## enable firewall 
-/​usr/​sbin/​ipf -E -Fa -v -f /​etc/​ipf/​ipf.conf 
- 
-exit $SMF_EXIT_OK 
-</​file>​ 
- 
-Don't forget to make this file executable! ''​chmod +x /​opt/​custom/​bin/​net-setup''​ 
- 
-==== smf manifest to run net-setup at boot ==== 
-<file xml /​opt/​custom/​smf/​net-setup.xml>​ 
-<?xml version="​1.0"?>​ 
-<​!DOCTYPE service_bundle SYSTEM "/​usr/​share/​lib/​xml/​dtd/​service_bundle.dtd.1">​ 
- 
-<​service_bundle type='​manifest'​ name='​site:​net-setup'>​ 
-<service name='​site/​net-setup'​ type='​service'​ version='​1'>​ 
-        <​create_default_instance enabled='​true'​ /> 
-        <​single_instance /> 
-            <​dependency name='​net-physical'​ grouping='​require_all'​ restart_on='​none'​ type='​service'>​ 
-        <​service_fmri value='​svc:/​network/​physical'/>​ 
-        </​dependency>​ 
-        <​dependency name='​filesystem'​ grouping='​require_all'​ restart_on='​none'​ type='​service'>​ 
-            <​service_fmri value='​svc:/​system/​filesystem/​local'/>​ 
-        </​dependency>​ 
- 
-        <​exec_method type='​method'​ name='​start'​ exec='/​opt/​custom/​bin/​net-setup'​ timeout_seconds='​0'​ /> 
-        <​exec_method type='​method'​ name='​stop'​ exec=':​true'​ timeout_seconds='​0'​ /> 
- 
-        <​property_group name='​startd'​ type='​framework'>​ 
-                <propval name='​duration'​ type='​astring'​ value='​transient'​ /> 
-        </​property_group>​ 
- 
-        <​stability value='​Unstable'​ /> 
-</​service>​ 
-</​service_bundle>​ 
-</​file>​ 
-**<fc #​FF0000>​make sure to remove the first set of indetations that happens when copying from this wiki!</​fc>​** 
- 
-After a reboot check your connectivity using ''​ipadm show-addr''​ and ''​ping -A inet6 google.com''​ 
- 
-===== example configuration for zone ===== 
-<code json> 
-{ 
-  "​brand":​ "​joyent",​ 
-  "​image_uuid":​ "​d34c301e-10c3-11e4-9b79-5f67ca448df0",​ 
-  "​hostname":​ "<​fqdn>",​ 
-  "​alias":​ "<​name>",​ 
-  "​autoboot":​ true, 
-  "​nowait":​ false, 
-  "​quota":​ 25, 
-  "​cpu_shares":​ 100, 
-  "​max_physical_memory":​ 512, 
-  "​zfs_io_priority":​ 100, 
-  "​zfs_root_compression":​ "​lz4",​ 
-  "​resolvers":​ [ "​8.8.8.8",​ "​8.8.4.4"​ ], 
-  "​nics":​ [ 
-    { 
-      "​nic_tag":​ "​admin",​ 
-      "​mac":​ "<​mac>",​ 
-      "​ip":​ "<​ip4_block>​.<​host>",​ 
-      "​netmask":​ "​255.255.255.255",​ 
-      "​allow_ip_spoofing":​ true, 
-      "​primary":​ true 
-    } 
-  ], 
-  "​customer_metadata":​ { 
-    "​user-script":​ 
-      "route add <​ip4_block>​.0/​24 5.135.127.99 -interface ; route add default <​gateway-from-server>​ ; ipadm create-addr -t -T addrconf net0/v6a ; ipadm create-addr -t -T static -a <​ip6_block>::<​host>​ net0/v6s ; route add -inet6 <​ip6_block>::/​56 <​ip6_block>::<​host>​ -interface ; route add -inet6 default <​ip6_block_part>​ff:​ff:​ff:​ff:​ff"​ 
-  } 
-} 
-</​code>​ 
  
snipets/solaris/smartos-ipv6.txt · Last modified: 2014/10/09 22:02 (external edit)