Ip Filter Between Exclusive Ip Zones On A System; Zones, Networks And Routing; Global And Local Zone With Shared Network - Sun Microsystems SOLARIS 10 Manual

Container guide

Hide thumbs Also See for SOLARIS 10:

Reference implementation installation manual (20 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

page of 121

/ 121
Contents
Table of Contents
Bookmarks

Table of Contents

Version 3.1-en

Solaris 10 Container Guide - 3.1 5. Cookbooks

5.2.6. IP filter between exclusive IP zones on a system

[dd] The usual configuration rules for IP filters must be followed for the use of IP filters in exclusive IP

zones. This is possible since, for exclusive IP instances, the physical network port was assigned to

the zone.

After configuring the IP filter per zone, IP filter is activated in each zone to work independently in each

IP instance. The corresponding command is: s vc ad m e na b le i p fi lt e r

5.2.7. Zones, networks and routing

[dd/ug] The following sections describe scenarios in zones, networks and routing settings. The

following restrictions exist:

In the directly connected networks, the same IP address must not be assigned twice. If this is

unavoidable due to organizational circumstances, NAT routers (scenario 3) must be used for

partitioning.

Routing between the addresses of zones with shared IP occurs in the system. External routing

can only be forced by means of a NAT router or by inhibiting routing between zones with ndd:

ndd -set /dev/ip ip_restrict_interzone_loopback 1

The network separation s implemented in Solaris at the logical TCP/IP level. This is sufficient for

many cases of application.

If separation is required at the physical network level, it can be implemented by separate

systems, Solaris domains or – since Solaris 10 8/07 – by exclusive IP instances.

5.2.7.1. Global and local zone with shared network

[dd/ug] Two local zones, zone1 and zone2, are located in the same network segment as the global

zone.

Each local zone can use the same network interface as the global zone.

Routing set up for the global zone also applies to the local zones. All zones (global and local)

can communicate with each other.

Implementation:

Zones are set up with the network interface of the global zone; if this is b ge 0 , the setup

se t ph y s i c a l = b g e 0 is done with z on ec f g: a d d ne t .

Each local zone must receive an address from the network of the global zone.

Figure 31: [dd] Global and local zone with shared network

192.168.1.0

Network

bge0:1 - 192.168.1.201

bge0:2 - 192.168.1.202

Zone 1

bge0 - 192.168.1.1

Global Zone

Zone 2

Effective: 30/11/2009

Table of Contents

Need help?

Do you have a question about the SOLARIS 10 and is the answer not in the manual?

Ip Filter Between Exclusive Ip Zones On A System; Zones, Networks And Routing; Global And Local Zone With Shared Network - Sun Microsystems SOLARIS 10 Manual

5.2.6. IP filter between exclusive IP zones on a system

5.2.7. Zones, networks and routing

5.2.7.1. Global and local zone with shared network

Need help?

Questions and answers

Related Products for Sun Microsystems SOLARIS 10

Ip Filter Between Exclusive Ip Zones On A System; Zones, Networks And Routing; Global And Local Zone With Shared Network - Sun Microsystems SOLARIS 10 Manual

5.2.6. IP filter between exclusive IP zones on a system

5.2.7. Zones, networks and routing

5.2.7.1. Global and local zone with shared network

Need help?

Questions and answers

Related Manuals for Sun Microsystems SOLARIS 10

Related Products for Sun Microsystems SOLARIS 10

Table of Contents