Table of Contents
Advertisement
Version 3.1-en
Solaris 10 Container Guide - 3.1 5. Cookbooks
In order to avoid communication between the local zones through the shared TCP/IP stack,
reject routes must be set in the global zone that prevent communication between the IP
addresses of the two zones (or the use of ipfilter).
ro ute a d d 1 9 2 . 1 6 8 . 2 0 1 . 1 19 2 .1 68 . 20 2. 1 - in t er fa c e -r e je ct
ro ute a d d 1 9 2 . 1 6 8 . 2 0 2 . 1 19 2 .1 68 . 20 1. 1 - in t er fa c e -r e je ct
ro ute a d d 1 9 2 . 1 6 8 . 2 0 0 . 1 19 2 .1 68 . 20 2. 1 - in t er fa c e -r e je ct
ro ute a d d 1 9 2 . 1 6 8 . 2 0 2 . 1 19 2 .1 68 . 20 0. 1 - in t er fa c e -r e je ct
Zones can now be booted up for operation:
zo nea d m - z z o n e 1 b o o t , z on e ad m - z zo n e2 b o ot
The reject route leads to the complete prevention of communication between zone1 and
zone2 which, however, is required in this scenario according to the above specifications.
Therefore, the configured default router must support NAT. It must convert the address
19 2.1 6 8 . 1 0 2 . 1 into the address 19 2 .1 68 . 20 2. 1 .
Communication via the NAT router thereby bypasses the reject routes.
Option: To allow communication between the global and the local zone, an interface that is
located in the logical network of the local zone must be configured in the global zone.
The procedure is as follows:
An HTTP request is made to zone zone1 from the outside.
It is able to process parts of the request by itself but another part must come from the
application server that is addressed via the address 192.168.102.1.
This address is routed via the NAT router which converts the address into the address
192.168.202.1 on the other side.
This is the address of zone zone2 which carries the application server that processes the
missing parts of the request and sends them back through the existing connection.
192.168.200.2
Addressing
zone 2 as
192.168.102.1
192.168.201.2
NAT
router
192.168.201.0
Network
bge1:1 - 192.168.201.1
bge3:1 - 192.168.200.1
bge2:2 - 192.168.202.1
Def router - 192.168.200.2
Zone 1
bge0 - 192.168.1.1
bge1 - 0.0.0.0
bge2 - 0.0.0.0
bge3 - 0.0.0.0
reject route 192.168.201.1 ↔ 192.168.202.1
reject route 192.168.200.1 ↔ 192.168.202.1
Global Zone
192.168.1.0
Network
NAT: 192.168.102.1 --> 192.168.202.1
192.168.202.2
192.168.202.0
Network
Zone 2
Effective: 30/11/2009
92
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Sun Microsystems SOLARIS 10
Related Products for Sun Microsystems SOLARIS 10
- Sun Microsystems StorEdge A3000
- Sun Microsystems 2005Q2
- Sun Microsystems GlassFish 3
- Sun Microsystems GlassFish Enterprise Server
- Sun Microsystems Installation Assistant 2.2
- Sun Microsystems iPlanet Integration Server 3.0
- Sun Microsystems J2ME
- Sun Microsystems Java System Application Server Enterprise Edition 8.1 2005Q2
Need help?
Do you have a question about the SOLARIS 10 and is the answer not in the manual?