Sun Microsystems SOLARIS 10 User Manual

Version 3.1-en

Solaris 10 Container Guide - 3.1 5. Cookbooks

Effective: 30/11/2009

5.2.7.3. Zones in separate network segments using exclusive IP instances
[dd/ug] Two local zones, zone1 and zone2, are located in separated network segments and provide
services for these network segments.

•

Each local zone should have its own physical interface.

•

No additional network is connected to the network segment.

•

Routing is not used.

•

There should be no communication between the local zones.

•

Communication between the global zone and the local zones is not intended.

Implementation:

•

A separate GLDV3 interface (e.g. bge1 and bge2) is provided for each zone. These
interfaces must not be used elsewhere in the global zone.
zone1-zonecfg: add net physical=bge1
zone2-zonecfg: add net physical=bge2

•

The zone configuration for zone1 and zone2 is indicates the use of exclusive IP instances.
zonecfg: set ip-type=exclusive

•

The IP addresses are defined inside of the zones.
Zone 1: /etc/hostname.bge1
Zone 2: /etc/hostname.bge2

•

No routing entries in the zones.

•

Option: To enable communication between the global and the local zone, an interface that is
located in the network of the local zone must be configured in the global zone.

•

By the use of exclusive IP instances, communication between the zones or between the
zones and the global zone takes place only if corresponding routing entries exist in the zones
and if a physical network connection exists between the zone interfaces.

85

Figure 33: [dd] Zones in separate network segments using exclusive IP instances

192.168.201.0

Network

bge0 - 192.168.1.1

ip type: shared

Global Zone

bge2 - 192.168.202.1
ip type: exclusive

Zone 2

bge1 - 192.168.201.1
ip type: exclusive

Zone 1

192.168.1.0

Network

192.168.202.0

Network