ptribble Thank you for the link, and your confirmation! That was exactly what I needed to get it working (once I remembered that I had to enable IP forwarding.)

I'd like to explore a new configuration: I have purchased a second IP address from Vultr, which I would like to use for the zone.

I've created a vnic (www1) over vioif0 and assigned that to the zone with the IP address (allowed-address) provided by Vultr. Alas, no connection from within the zone.

I think I'm probably missing a step. Do I need to use ipadm to configure the vnic (www1) outside of the zone as well?

One thing that is puzzling me is that when I assign an IP to a vnic (not using an etherstub) the state always seems to be duplicate. Is this likely to be a problem?

(Ok, scratch that; it makes sense in hindsight but if I configure the vnic in the global zone then it not available to be used in my non-global zone)

I've done this on OpenBSD using IP aliases before. Is that how you would approach the problem on illumos?

In this case think of this as a completely independent system.

The global zone presumably had its network fully configured by dhcp, but you'll probably have to manually configure routing and dns etc in the zone

It turns out that illumos makes this very easy: to use additional IP addresses on Vultr all you need to do is to create the second address on the primary interface (vioif0) with `ipadm create-addr -T static -a xx.xx.xx.xx/32 vioif0/ip2`. Then you use it like the primary IP address.

I have an etherstub with a single vnic. I'm going to see if I can do this without the the etherstub.

marksmith - ah, so the difference is probably that you now have two IPs but a single MAC address. Putting the second IP address on a VNIC would use a distinct MAC address.

andyf I haven't been able to get it working using a VNIC with the second IP assigned yet, but I expect that I'm missing something simple.

That VNIC will have a different MAC address to vioif0, and they may not like that

If you only have a single MAC address, you will need to do some NAT or routing to the second IP

I'm using NAT to map a virtual network to the second IP address.

How would you typically configure a second IP address using a single vnic, without NAT? I'm typing to understand what should work in general and what is required on Vultr

The issue I had is that the second IP address is /32 and I couldn't create a route inside the zone.

So I used a ethstub to create a /24 virtual network and then configured NAT.

That is... more complicated than I hoped...

Please correct me if I'm wrong (or being stupid): if I set allowed-address to a /32 address, in exclusive ip mode, I should be allowed to set the ip address to that /32 address within the zone using ipadm.

I'm currently getting an error: ipadm: Could not create address: Operation not permitted on from-gz interface

I got the IP address set using the global-nic property; I'm still not able to set the default route, but making progress