Sun Microsystems 10 manual Zoneadm -z zone1 ready Zoneadm -z zone2 ready

bge0 - 192.168.1.1

ip type: shared

Global Zone

192.168.1.0

Network

Figure 37: [dd] Zones connected to independent customer networks using exclusive IP instances

5.2.7.8. Connection of zones via external routers using the shared IP instance

[dd/ug] A web server in zone1 is contacted from the internet and needs the application server in zone2 to fulfill the orders.

∙Zone1 should be connected to the internet through a separate network.

∙The connection from zone1 to zone2 should take place through an external load balancing router. For reasons of clarity, no additional instances for web and application servers are contained here.

∙Direct communication between the local zones should not be possible, but rather through the external router instead.

∙Communication between the global zone and the local zones is not intended.

Implementation:

∙The network interfaces provided for the local zones (bge1, bge2 and bge3) must not be used elsewhere in the global zone.

∙To prepare for local zones, the interfaces must be plumbed (but not enabled); thereby, the interfaces receive the address 0.0.0.0:

ifconfig bge1 plumb down ifconfig bge2 plumb down ifconfig bge3 plumb down

∙The network configuration of the zones is established by setting the zones to the ready status.

zoneadm -z zone1 ready

zoneadm -z zone2 ready

The addresses listed in the zone configuration are now active.

(zone1: 192.168.201.1,192.168.200.1 and zone2:192.168.202.1)

∙A default route is specified for communication of the zone zone1 to the internet. zonecfg:set defrouter=192.168.200.2

In addition, a route is required to the apparent address of zone2 behind the NAT router. route add 192.168.102.0 192.168.201.2

91