Version 3.1-en Solaris 10 Container Guide - 3.1 5. Cookbooks Effective: 30/11/2009
5.2.7.5. Zones in separate networks using exclusive I P instances
[dd] Two local zones, zone1 and zone2, are located in separated networks and provide services for
other networks.
−Each local zone should have its own physical interface in the network.
−Additional networks are connected to the network segment.
−Routing is used.
−There should be no communication between local zones.
−Communication between the global zone and the local zones is not intended.
Implementation:
• A separate GLDV3 interface (e.g. bge1 and bge2) is provided for each zone. These
interfaces must not be used elsewhere in the global zone.
zone1-zonecfg: add net physical=bge1
zone2-zonecfg: add net physical=bge2
• The zone configuration for zone1 and zone2 is converted to the use of exclusive IP
instances.
zonecfg: set ip-type=exclusive
• In the zones, the IP addresses and the default router are specified in the usual way.
Zone 1: /etc/hostname.bge1
Zone 2: /etc/hostname.bge2
/etc/defaultrouter
• Through the exclusive IP instances, communication between the zones or between the
zones and the global zone takes place only if corresponding routing entries exist in the zones
and if a physical network connection exists between the zone interfaces.
87
Figure 35: [dd] Zones in separate networks using exclusive IP instances
192.168.201.0
Network
bge0 - 192.168.1.1
ip type: shared
Global Zone
bge2 - 192.168.202.1
Def router - 192.168.202.2
ip type: exclusive
Zone 2
bge1 - 192.168.201.1
Def router - 192.168.201.2
ip type: exclusive
Zone 1
192.168.1.0
Network
192.168.202.0
Network