Solaris 10 shared-ip zone networking woe: connections get in (slowly) but they don't get out

Question

I'm having network problems with a Solaris shared-ip zone -- connections in are painfully slow; connections out fail (save that the pinging the global zone by IP address from the local zone gets one packet back.)

Here's the view of things from the global zone. I've substituted the impossible IP prefix 256.115.99 for the real (static, globally accessible) one to protect the innocent -- my apologies if the "256" is burning your eyeballs.

# uname -a
SunOS ucblibrary10t 5.10 Generic_142900-08 sun4u sparc SUNW,Sun-Fire-280R

# ifconfig -a4         
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        zone alpha
        inet 127.0.0.1 netmask ff000000 
ce0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 256.115.99.112 netmask ffffff00 broadcast 256.115.99.255
        ether 0:3:ba:95:ff:9d 
ce0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        zone alpha
        inet 172.16.27.27 netmask ffffff00 broadcast 172.16.27.255

# netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              256.115.99.1         UG        1      64672           
default              172.16.27.16         UG        1     130879 ce0       
256.115.99.0         256.115.99.112       U         1       7614 ce0       
224.0.0.0            256.115.99.112       U         1          0 ce0       
127.0.0.1            127.0.0.1            UH       11   19515531 lo0       

# ping alpha
alpha is alive
# ping -s alpha
PING alpha: 56 data bytes
64 bytes from alpha (172.16.27.27): icmp_seq=0. time=0.302 ms
64 bytes from alpha (172.16.27.27): icmp_seq=1. time=0.198 ms
64 bytes from alpha (172.16.27.27): icmp_seq=2. time=0.168 ms
64 bytes from alpha (172.16.27.27): icmp_seq=3. time=0.142 ms
64 bytes from alpha (172.16.27.27): icmp_seq=4. time=0.129 ms
64 bytes from alpha (172.16.27.27): icmp_seq=5. time=0.133 ms
^C
----alpha PING Statistics----

6 packets transmitted, 6 packets received, 0% packet loss
round-trip (ms)  min/avg/max/stddev = 0.129/0.179/0.302/0.066

# zonecfg -z alpha info
zonename: alpha
zonepath: /var/zones/alpha
brand: native
autoboot: false
bootargs: 
pool: 
limitpriv: 
scheduling-class: 
ip-type: shared
inherit-pkg-dir:
 dir: /lib
inherit-pkg-dir:
 dir: /platform
inherit-pkg-dir:
 dir: /sbin
inherit-pkg-dir:
 dir: /usr
net:
 address: 172.16.27.27/24
 physical: ce0
 defrouter: 172.16.27.16

# cat /etc/hosts

# Internet host table
#
#::1 localhost 
127.0.0.1 localhost 
256.115.99.112 mymachine.mydomain.com
172.16.27.27 alpha

# cat /etc/defaultrouter
172.16.27.16

# ssh -vvv alpha
debug: Connecting to alpha, port 22... (SOCKS not used)
debug: Ssh2Transport/trcommon.c:3665/ssh_tr_create: My version: SSH-1.99-3.2.3 SSH Secure Shell (non-commercial)
debug: client supports 3 auth methods: 'publickey,keyboard-interactive,password'
debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 256.115.99.112, local port = 61423
debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 172.16.27.27, remote port = 22
debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
debug: SshReadLine/sshreadline.c:2414/ssh_readline_eloop_initialize: Initializing ReadLine...
debug: Remote version: SSH-2.0-3.2.3 SSH Secure Shell (non-commercial)
debug: Major: 3 Minor: 2 Revision: 3
debug: Ssh2Transport/trcommon.c:1356/ssh_tr_negotiate: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1422/ssh_tr_negotiate: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1425/ssh_tr_negotiate: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:332/ssh_common_special: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:382/ssh_common_special: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,password'.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1742/ssh_client_auth_pubkey: Starting pubkey auth...
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1699/ssh_client_auth_pubkey_agent_open_complete: Agent is not running.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1497/ssh_client_auth_pubkey_agent_list_complete: Got 0 keys from the agent.
debug: SshConfig/sshconfig.c:2717/ssh2_parse_config_ext: Unable to open /root/.ssh2/identification
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1477/ssh_client_auth_pubkey_add_candidates: Trying 0 key candidates.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:931/ssh_client_auth_pubkey_try_this_candidate: All keys declined by server, disabling method.
debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,password'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password auth...
root's password: 

(When ssh-ing, it hangs for upwards of half a minute at "Initializing ReadLine...")

Here's the view within the zone:

bash-3.00# cat /etc/hosts
#
# Internet host table
#
::1     localhost       
127.0.0.1       localhost
172.16.27.27    alpha   loghost

bash-3.00# ifconfig -a4
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
ce0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 172.16.27.27 netmask ffffff00 broadcast 172.16.27.255
bash-3.00# netstat -ran

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              172.16.27.16         UG        1     130677 ce0       
172.16.27.0          172.16.27.27         U         1        226 ce0:1     
224.0.0.0            172.16.27.27         U         1          0 ce0:1     
0.0.0.0              172.16.27.27         UHB       1          0 ce0:1     
0.0.0.0              172.16.27.27         UHB       1          0 ce0:1     
172.16.255.255       172.16.27.27         UHB       1          0 ce0:1     
172.16.255.255       172.16.27.27         UHB       1          0 ce0:1     
172.16.27.255        172.16.27.27         UHB       1          0 ce0:1     
172.16.27.255        172.16.27.27         UHB       1          0 ce0:1     
172.16.27.0          172.16.27.27         UHB       1          0 ce0:1     
172.16.27.0          172.16.27.27         UHB       1          0 ce0:1     
172.16.27.27             --               UHL       7         80 ce0:1     
172.16.0.0           172.16.27.27         UHB       1          0 ce0:1     
172.16.0.0           172.16.27.27         UHB       1          0 ce0:1     
255.255.255.255      172.16.27.27         UHB       1          0 ce0:1     
255.255.255.255      172.16.27.27         UHB       1          0 ce0:1     
127.0.0.1            127.0.0.1            UH        4        127 lo0:1     
bash-3.00# ping 256.115.99.112
256.115.99.112 is alive
bash-3.00# ping -s 256.115.99.112
PING 256.115.99.112: 56 data bytes
^C
----256.115.99.112 PING Statistics----
6 packets transmitted, 1 packets received, 83% packet loss
round-trip (ms)  min/avg/max/stddev = 9.22e+15/0.00/0.00/NaN
bash-3.00# ping google.com
ping: unknown host google.com

I have "hosts: files dns" in /etc/nsswitch.conf and nameservers defined in /etc/resolv.conf, but ping gets no answer from the nameservers.

Any suggestions greatly appreciated, thanks.

Answer 1

You should have an IP in your global zone in the same network "172.16.27" than your non global one and use that one to communicate instead of the "256.115.99" one.