10:22:30 <marksmith> ptribble Thank you for the link, and your confirmation! That was exactly what I needed to get it working (once I remembered that I had to enable IP forwarding.)
11:15:12 <marksmith> I'd like to explore a new configuration: I have purchased a second IP address from Vultr, which I would like to use for the zone.
11:16:46 <marksmith> I've created a vnic (www1) over vioif0 and assigned that to the zone with the IP address (allowed-address) provided by Vultr. Alas, no connection from within the zone.
11:17:46 <marksmith> I think I'm probably missing a step. Do I need to use ipadm to configure the vnic (www1) outside of the zone as well?
11:22:22 <marksmith> One thing that is puzzling me is that when I assign an IP to a vnic (not using an etherstub) the state always seems to be duplicate. Is this likely to be a problem?
11:25:47 <marksmith> (Ok, scratch that; it makes sense in hindsight but if I configure the vnic in the global zone then it not available to be used in my non-global zone)
11:33:03 <marksmith> I've done this on OpenBSD using IP aliases before. Is that how you would approach the problem on illumos?
11:39:50 <ptribble> In this case think of this as a completely independent system.
11:40:53 <ptribble> The global zone presumably had its network fully configured by dhcp, but you'll probably have to manually configure routing and dns etc in the zone
18:17:16 <marksmith> It turns out that illumos makes this very easy: to use additional IP addresses on Vultr all you need to do is to create the second address on the primary interface (vioif0) with `ipadm create-addr -T static -a xx.xx.xx.xx/32 vioif0/ip2`. Then you use it like the primary IP address.
18:18:52 <marksmith> I have an etherstub with a single vnic. I'm going to see if I can do this without the the etherstub.
18:18:57 <andyf> marksmith - ah, so the difference is probably that you now have two IPs but a single MAC address. Putting the second IP address on a VNIC would use a distinct MAC address.
18:21:54 <marksmith> andyf I haven't been able to get it working using a VNIC with the second IP assigned yet, but I expect that I'm missing something simple.
18:22:14 <andyf> That VNIC will have a different MAC address to vioif0, and they may not like that
18:23:06 <andyf> If you only have a single MAC address, you will need to do some NAT or routing to the second IP
18:24:43 <marksmith> I'm using NAT to map a virtual network to the second IP address.
18:27:27 <marksmith> How would you typically configure a second IP address using a single vnic, without NAT? I'm typing to understand what should work in general and what is required on Vultr
18:28:40 <marksmith> The issue I had is that the second IP address is /32 and I couldn't create a route inside the zone.
18:30:09 <marksmith> So I used a ethstub to create a /24 virtual network and then configured NAT.
18:31:22 <marksmith> That is... more complicated than I hoped...
19:19:56 <marksmith> Please correct me if I'm wrong (or being stupid): if I set allowed-address to a /32 address, in exclusive ip mode, I should be allowed to set the ip address to that /32 address within the zone using ipadm.
19:20:56 <marksmith> I'm currently getting an error: ipadm: Could not create address: Operation not permitted on from-gz interface
19:29:10 <marksmith> I got the IP address set using the global-nic property; I'm still not able to set the default route, but making progress