User Tools
snipets:solaris:smartos-ipv6
Differences
This shows you the differences between two versions of the page.
|
snipets:solaris:smartos-ipv6 [2014/07/26 20:56] sjorge [example configuration for zone] |
snipets:solaris:smartos-ipv6 [2014/10/09 22:02] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== Introduction ===== | ||
| - | While doing my migration from ESXi @ Kimsufi to SmartOS @ SyS I noticed I had a full IPv6 /64 available for me. | ||
| - | Sounds like a good idea to drop my current tunneled setup. Below is how to make your GZ IPv6 reachable and a template to do the same for zones. | ||
| - | |||
| - | ===== SmartOS Global Zone Configuration ===== | ||
| - | ==== network helper ==== | ||
| - | A helper script to setup IPv6 in the GZ and do some other things also. | ||
| - | |||
| - | :?: can't figure out the default gateway? Head [[http://www.gestioip.net/cgi-bin/subnet_calculator.cgi|here]] enter YOUR:IP:V6:BLOCK::1/56 grab the end address of your 'network range' and change the last 4 ffff entries to ff and your should have your gateway. | ||
| - | |||
| - | <file bash /opt/custom/bin/net-setup> | ||
| - | #!/usr/bin/sh | ||
| - | |||
| - | . /lib/svc/share/smf_include.sh | ||
| - | |||
| - | ## enable ipv6 | ||
| - | ipadm create-addr -t -T addrconf e1000g0/v6a | ||
| - | ipadm create-addr -t -T static -a YOUR:IP:V6:BLOCK::1 e1000g0/v6s | ||
| - | route add -inet6 YOUR:IP:V6:BLOCK::1/56 YOUR:IP:V6:BLOCK::1 -interface | ||
| - | route add -inet6 default YOUR:IP:V6:BLOff:ff:ff:ff:ff | ||
| - | |||
| - | ## clear firewall rules | ||
| - | [ -e /etc/ipf/ipf.conf ] && rm /etc/ipf/ipf.conf | ||
| - | |||
| - | ## firewall rules | ||
| - | echo "# Default policies" >> /etc/ipf/ipf.conf | ||
| - | echo "pass out all keep state" >> /etc/ipf/ipf.conf | ||
| - | echo "block in all" >> /etc/ipf/ipf.conf | ||
| - | echo "block return-rst in log first proto tcp all" >> /etc/ipf/ipf.conf | ||
| - | echo "block return-icmp(host-unr) in log proto udp all" >> /etc/ipf/ipf.conf | ||
| - | echo "# Allow Loopback" >> /etc/ipf/ipf.conf | ||
| - | echo "pass in quick on lo0 all" >> /etc/ipf/ipf.conf | ||
| - | echo "pass out quick on lo0 all" >> /etc/ipf/ipf.conf | ||
| - | echo "# Allow ICMP" >> /etc/ipf/ipf.conf | ||
| - | echo "pass out quick proto icmp all keep state" >> /etc/ipf/ipf.conf | ||
| - | echo "pass in quick proto icmp all keep state" >> /etc/ipf/ipf.conf | ||
| - | echo "# Allow SSH" >> /etc/ipf/ipf.conf | ||
| - | echo "pass in quick proto tcp from any to any port = 22 flags S/FSRPAU keep state keep frags" >> /etc/ipf/ipf.conf | ||
| - | |||
| - | ## enable firewall | ||
| - | /usr/sbin/ipf -E -Fa -v -f /etc/ipf/ipf.conf | ||
| - | |||
| - | exit $SMF_EXIT_OK | ||
| - | </file> | ||
| - | |||
| - | Don't forget to make this file executable! ''chmod +x /opt/custom/bin/net-setup'' | ||
| - | |||
| - | ==== smf manifest to run net-setup at boot ==== | ||
| - | <file xml /opt/custom/smf/net-setup.xml> | ||
| - | <?xml version="1.0"?> | ||
| - | <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> | ||
| - | |||
| - | <service_bundle type='manifest' name='site:net-setup'> | ||
| - | <service name='site/net-setup' type='service' version='1'> | ||
| - | <create_default_instance enabled='true' /> | ||
| - | <single_instance /> | ||
| - | <dependency name='net-physical' grouping='require_all' restart_on='none' type='service'> | ||
| - | <service_fmri value='svc:/network/physical'/> | ||
| - | </dependency> | ||
| - | <dependency name='filesystem' grouping='require_all' restart_on='none' type='service'> | ||
| - | <service_fmri value='svc:/system/filesystem/local'/> | ||
| - | </dependency> | ||
| - | |||
| - | <exec_method type='method' name='start' exec='/opt/custom/bin/net-setup' timeout_seconds='0' /> | ||
| - | <exec_method type='method' name='stop' exec=':true' timeout_seconds='0' /> | ||
| - | |||
| - | <property_group name='startd' type='framework'> | ||
| - | <propval name='duration' type='astring' value='transient' /> | ||
| - | </property_group> | ||
| - | |||
| - | <stability value='Unstable' /> | ||
| - | </service> | ||
| - | </service_bundle> | ||
| - | </file> | ||
| - | **<fc #FF0000>make sure to remove the first set of indetations that happens when copying from this wiki!</fc>** | ||
| - | |||
| - | After a reboot check your connectivity using ''ipadm show-addr'' and ''ping -A inet6 google.com'' | ||
| - | |||
| - | ===== example configuration for zone ===== | ||
| - | <code json> | ||
| - | { | ||
| - | "brand": "joyent", | ||
| - | "image_uuid": "d34c301e-10c3-11e4-9b79-5f67ca448df0", | ||
| - | "hostname": "<fqdn>", | ||
| - | "alias": "<name>", | ||
| - | "autoboot": true, | ||
| - | "nowait": false, | ||
| - | "quota": 25, | ||
| - | "cpu_shares": 100, | ||
| - | "max_physical_memory": 512, | ||
| - | "zfs_io_priority": 100, | ||
| - | "zfs_root_compression": "lz4", | ||
| - | "resolvers": [ "8.8.8.8", "8.8.4.4" ], | ||
| - | "nics": [ | ||
| - | { | ||
| - | "nic_tag": "admin", | ||
| - | "mac": "<mac>", | ||
| - | "ip": "<ip4_block>.<host>", | ||
| - | "netmask": "255.255.255.255", | ||
| - | "allow_ip_spoofing": true, | ||
| - | "primary": true | ||
| - | } | ||
| - | ], | ||
| - | "customer_metadata": { | ||
| - | "user-script": | ||
| - | "route add <ip4_block>.0/24 5.135.127.99 -interface ; route add default <gateway-from-server> ; ipadm create-addr -t -T addrconf net0/v6a ; ipadm create-addr -t -T static -a <ip6_block>::<host> net0/v6s ; route add -inet6 <ip6_block>::/56 <ip6_block>::<host> -interface ; route add -inet6 default <ip6_block_part>ff:ff:ff:ff:ff" | ||
| - | } | ||
| - | } | ||
| - | </code> | ||
snipets/solaris/smartos-ipv6.txt · Last modified: 2014/10/09 22:02 (external edit)
Page Tools
