Table of Contents
Advertisement
Version 3.1-en
Solaris 10 Container Guide - 3.1 5. Cookbooks
5.2.7.4. Zones in separate networks using the shared IP instance
[dd/ug] Two local zones, zone1 and zone2, are located in separated networks and provide services
for other networks.
Each local zone should have its own physical interface in the network.
Additional networks are connected to the network segment.
Routing is used.
There should be no communication between the local zones.
Communication between the global zone and the local zones is not intended.
Implementation:
The network interface intended for the local zone (e.g. b ge 1) must not be used
elsewhere in the global zone.
To prepare for local zones, the interface for a local zone must be plumbed (but not
enabled):
i fc o n f i g b g e 1 p l u m b d o wn
Thereby, the interface gets the address 0.0.0.0 but is not active.
The network configuration of the zones is established by setting the zones to the r ea d y
status.
z on e a d m - z z o n e 1 r e a d y
z on e a d m - z z o n e 2 r e a d y
The addresses listed in the configuration (zo ne 1 : 19 2 .1 68 . 20 1. 1 and zo n e2 :
1 92 . 1 6 8 . 2 0 2 . 1 ) are now active.
The routes of the local zones are specified with z on e cf g: se t d ef r ou te r .
s et d e f r o u t e r = 1 9 2 . 1 6 8 . 20 1. 2
s et d e f r o u t e r = 1 9 2 . 1 6 8 . 20 2. 2
In order to avoid communication between the local zones through the shared TCP/IP
stack, reject routes must be set in the global zone that prevent communication between
two IP addresses (or the use of ipfilter).
r ou t e a d d 1 9 2 . 1 6 8 . 2 0 1 . 1 19 2 .1 68 . 20 2. 1 - in t er fa c e -r e je ct
r ou t e a d d 1 9 2 . 1 6 8 . 2 0 2 . 1 19 2 .1 68 . 20 1. 1 - in t er fa c e -r e je ct
Alternatively the interzone loopback can be restricted:
ndd -set /dev/ip ip_restrict_interzone_loopback 1
The zones can now be booted for operation:
z on e a d m - z z o n e 1 b o o t
z on e a d m - z z o n e 2 b o o t
Option: To allow communication between the global and the local zone, an interface
which is located in the logical network of the local zone must be configured in the global
zone.
192.168.201.0
Network
Figure 34: [dd] Zones in separate networks using the shared IP instance
bge2:2 - 192.168.202.1
bge1:1 - 192.168.201.1
Def router - 192.168.202.2
Def router - 192.168.201.2
Zone 1
bge0 - 192.168.1.1
bge1 - 0.0.0.0
bge2 - 0.0.0.0
reject route 192.168.201.1
Global Zone
192.168.1.0
Network
Zone 2
192.168.202.1
Effective: 30/11/2009
192.168.202.0
Network
86
Advertisement
Table of Contents
Related Manuals for Sun Microsystems SOLARIS 10
Related Products for Sun Microsystems SOLARIS 10
- Sun Microsystems StorEdge A3000
- Sun Microsystems 2005Q2
- Sun Microsystems GlassFish 3
- Sun Microsystems GlassFish Enterprise Server
- Sun Microsystems Installation Assistant 2.2
- Sun Microsystems iPlanet Integration Server 3.0
- Sun Microsystems J2ME
- Sun Microsystems Java System Application Server Enterprise Edition 8.1 2005Q2
Need help?
Do you have a question about the SOLARIS 10 and is the answer not in the manual?