do we support hw vlan tag insertion/removal (and if so, is there a good driver for a model)?

i don't recall seeing anything w/ it, but not sure if i just missed it or not

jbk: Isn't that what the fancy NICs will do with rings/groups for vnic/vlan interfaces?

I suppose we probably don't ask the frame to be rewritten, just steered

Currently we only do steering, not insertion/removal.

hrm.. we should really change SD_UA_RETRY_COUNT

60 * 600 seems excessive

Hi :)

Hi

tsoome: is there a simple way in loader to pass cmdline arguments to the kernel, like disable-<module>=true?

boot -B disable-...=true

is it possible to use a zone with vnics on two different networks where it can get a global ipv6 address on net0 to enable hosts link-local to it on net1 to also get global ipv6 addresses from the upstream router reachable from net0?

thanks

yw

I already have the zone doing IPv4 NAT successfully.

nahamu: I believe so only because we're using v6 routing in our product with link locals being the forwarding points, but I think I'd need more specifics to give you an accurate summary.

I guess there are a bit more specifics about how addresses are being handed out and what you expect to happen there.

Ideally I'd like to consider the router handing out global ipv6 addresses as a black box. The zone in question can pick up an address with addrconf and can reach the ipv6 internet.

So how does that work for other zones that this is providing transit for?

That's the zone's net0. There's a net1 interface on a separate 10 gigabit network that currently only has one main client on it. Currently net1 has a separate ipv4 subnet and does NAT.

I guess, let me phrase it differently. Is net1 in that zone the only thing that should have IPv6 connectivity?

It sounded like you wanted to provide access for other zones / entities to go via this zone's net1 to the router and thus the Internet.

there's a machine called "desktop" that gets DHCP from the zone over net1 and gets NAT access to the internet via net0 and the upstream router.

ideally I'd like "desktop" to get global ipv6 access too somehow.

OK, so that suggests that you need prefix delegation from the upstream router.

if the upstream router can do prefix delegation, how would I configure the zone to request it?

And that this zone/net1 will be the gateway on your network and employ forwarding. But for that to work for desktop.

That I don't know!

But it doesn't do prefix delegation, then you basically have to nat.

I was hoping to avoid IPv6 NAT if possible.

does our ipnat even support ipv6 NAT?

Dunno. Just the only way to avoid that is prefix delegation.

And I'm not very familiar with that part of it, since we're not using it. Sorry.

Just that if you don't have a prefix delegated, there's no IP address that'll be able to get back to you without NAT. If that makes sense.

I wonder if anyone uses illumos as their main ipv6 router. That would probably point me in the right direction.

I suspect there probably needs to be some work on prefix delegation and tying that into ndp. But there may be other software that can do that in the interim.

hmmm.. So maybe something like quagga...

I don't think you'd need quagga for this.

At least, it's not really like there's dynamic routing.

that would be nice.

I thought, we don't do quagga any more

illumos.org/issues/4033 looks like we don't support prefix delegation. It appears that you could use ISC DHCP for it though based on the bug.

→ FEATURE 4033: implement IPv6 prefix delegation (New)

it's in pkgsrc and it's software I'm aware of. I don't want to have to use it.

Welp. That looks about right.

ok - I tought frrouting.org would be used nowadays

Neither should be required for this. As you're not participating in any dynamic routing protocols, IIUC.

and I guess I could also do some experiments with a Linux VM to see if I can even request a prefix delegation from the router.

Thanks for pointing me at #4033.

Sorry I can't give you more here.

hrm.. nice somehow managed to trigger a VERIFY in mac w/ the e1000 driver, but not sure how yet :)

nahamu: I've dinked around a bit with a prefix delegation client on illumos but I don't have anything production ready. architecturally a piece of it belongs in the dhcpv6 client.

but I have to run right now.

based on an experiment with a linux VM, I'm guessing that my router might not be able to further delegate any prefixes.

Some routers definitely need to be told how to and there are gotchas depending on the ISP.

But if it can't, then I'm afraid it's back to team NAT.

ptribble: in your lp-removal IPD, you say " All content would be removed and the packages marked obsolete." for compatibility-ucb - surely you just mean the lp files removed from it, not the rest, right?

alanc: yeah, richlowe pointed that out to, I've just rephrased that

we tried dumping the whole package for 11.4 but had to bring parts back by customer demand

For those interested: github.com/illumos/ipd/blob/master/ipd/0042/README.md

→ IPD 42: Sunset native printing (draft)

alanc: yeah, I actually mentioned it to Peter offlist to try to save it from turning into "customer demand"

for us, the hardest part of dumping the SVR4 lp system was porting the Trusted Extensions labeled banner stuff to CUPS

that is what has come up several times in the past, but the people who "use it" seem... theoretical at best.

and the main person I know who wants to use it would absolutely need that CUPS work done regardless.

Has anyone (besides myself) actually had illumos running in trusted mode?

What is the sn1 brand zone?

I think everything we did is published in github.com/oracle/solaris-userland/tree/master/components/cups

bahamat: It is a zone for testing brandz, that just sets the minor version to N-1

ptribble: I have long ago

especially patches/03-tx.patch

richlowe: Ok, that explains why I've never encountered it on a running system

I don't remember if there was anything on the ON side to do

[illumos-gate] 15215 SMB server discontiguous messages -- Gordon Ross <gordon.ross⊙tc>

alanc: in str*(3C) (gosh I hate that manual page), we have a rather thorough warning about constant strings. Is that to put a cap on a call generator, or?

I filed #15823 (fenix?) and noticed the `-xstrconst` mention.

BUG 15823: str*(3C) could be several, readable, manual pages (New)

↳ illumos.org/issues/15823

that surprisingly seems to be the only real studio-ism in our manual (that I can find), outside of standards(7)

and to be fair to standards(7), we never actually fixed sysconf

I cannot imagine anybody is actually using the trusted extensions, and that it could totally go away

I know of one entity who wishes to use them, and seemed to be making real enquiries about its obvious problems.

or possibly inquiries

definitely not equerries

An entity that might want to maintain some software? :D

but even then the correct answer is that they port the cups bits alan mentioned.