Filter
Top Products
Version 3.1-en Solaris 10 Container Guide - 3.1 5. Cookbooks Effective: 30/11/2009
5.2.7.7. Zones connected to independent customer networks using exclusive IP instances
[dd/ug] Two local zones, zone1 and zone2, are located in separated networks and provide services
for a variety of customers in their own networks.
• Each local zone should have its own physical interface .
• Additional customer networks are connected to the network segment.
• Allocation of addresses in the networks is not coordinated; an address can be allocated
multiple times (once per customer network). Considering today's customary use of private IP
addresses, this is somewhat probable.
• It should be possible to reach the zones zone1 and zone2 from other networks.
• Zones zone1 and zone2 cannot initiate any connections to other networks.
• There should be no communication between local zones.
• Communication between the global zone and the local zones is not intended.
Implementation:
• A separate GLDV3 interface (e.g. bge1 and bge2) is provided for each zone. These
interfaces must not be used elsewhere in the global zone.
zone1-zonecfg: add net physical=bge1
zone2-zonecfg: add net physical=bge2
• The zone configuration for zone1 and zone2 is converted to the use of exclusive IP instances.
zonecfg: set ip-type=exclusive
• IP addresses and the default router are specified in the zones in the usual way.
Zone 1: /etc/hostname.bge1
Zone 2: /etc/hostname.bge2
/etc/defaultrouter
• Communication between the zones or between the zones and the global zone takes place
only if corresponding routing entries exist. Additionally a physical network connection has to
exist between the interfaces of the zones.
• The default router is a NAT router that hides the IP address of the local zone from the
customer. On the customer's side, it is configured with an IP address from the customer's
network; thus, address conflicts can not occur.
90