Sun Microsystems SOLARIS 10 User Manual

Version 3.1-en

Solaris 10 Container Guide - 3.1 5. Cookbooks

Effective: 30/11/2009

5.2.7.2. Zones in separate network segments using the shared IP instance
[dd/ug] Two local zones, zone1 and zone2, are located in separated network segments and provide
services for these network segments.

•

Each local zone should have its own physical interface in the network segment.

•

No other network is connected to the network segment.

•

Routing is not used.

•

There should be no communication between local zones.

•

Communication between the global zone and the local zones is not intended.

Implementation:

•

The network interface provided for the local zone (e.g. bge1) must not be used elsewhere in
the global zone.

•

To activate the interface for the local zones, the interface must be plumbed (but not enabled):
ifconfig bge1 plumb down
The interface has the address 0.0.0.0 but is not active.

•

No routing entries are made.

•

Option: To enable communication between the global and a local zone, the corresponding
interface with an address that is located in the network of the local zone must be configured in
the global zone.

84

Figure 32: [dd] Zones in separate network segments using the shared IP instance

192.168.201.0

Network

bge0 - 192.168.1.1

bge1 - 0.0.0.0
bge2 - 0.0.0.0

Global Zone

bge2:2 - 192.168.202.1

Zone 2

bge1:1 - 192.168.201.1

Zone 1

192.168.1.0

Network

192.168.202.0

Network