Sun Microsystems SOLARIS 10 User Manual

Version 3.1-en

Solaris 10 Container Guide - 3.1 5. Cookbooks

Effective: 30/11/2009

5.2.7.7. Zones connected to independent customer networks using exclusive IP instances
[dd/ug] Two local zones, zone1 and zone2, are located in separated networks and provide services
for a variety of customers in their own networks.

•

Each local zone should have its own physical interface .

•

Additional customer networks are connected to the network segment.

•

Allocation of addresses in the networks is not coordinated; an address can be allocated
multiple times (once per customer network). Considering today's customary use of private IP
addresses, this is somewhat probable.

•

It should be possible to reach the zones zone1 and zone2 from other networks.

•

Zones zone1 and zone2 cannot initiate any connections to other networks.

•

There should be no communication between local zones.

•

Communication between the global zone and the local zones is not intended.

Implementation:

•

A separate GLDV3 interface (e.g. bge1 and bge2) is provided for each zone. These
interfaces must not be used elsewhere in the global zone.
zone1-zonecfg: add net physical=bge1
zone2-zonecfg: add net physical=bge2

•

The zone configuration for zone1 and zone2 is converted to the use of exclusive IP instances.
zonecfg: set ip-type=exclusive

•

IP addresses and the default router are specified in the zones in the usual way.
Zone 1: /etc/hostname.bge1
Zone 2: /etc/hostname.bge2
/etc/defaultrouter

•

Communication between the zones or between the zones and the global zone takes place
only if corresponding routing entries exist. Additionally a physical network connection has to
exist between the interfaces of the zones.

•

The default router is a NAT router that hides the IP address of the local zone from the
customer. On the customer's side, it is configured with an IP address from the customer's
network; thus, address conflicts can not occur.

90