Computer Hardware User Manual
Version 3.1-en Solaris 10 Container Guide - 3.1 5. Cookbooks Effective: 30/11/2009
5.2.7.7. Zones connected to independent customer networks using exclusive IP instances
[dd/ug] Two local zones, zone1 and zone2, are located in separated networks and provide services
for a variety of customers in their own networks.
• Each local zone should have its own physical interface .
• Additional customer networks are connected to the network segment.
• Allocation of addresses in the networks is not coordinated; an address can be allocated
multiple times (once per customer network). Considering today's customary use of private IP
addresses, this is somewhat probable.
• It should be possible to reach the zones zone1 and zone2 from other networks.
• Zones zone1 and zone2 cannot initiate any connections to other networks.
• There should be no communication between local zones.
• Communication between the global zone and the local zones is not intended.
Implementation:
• A separate GLDV3 interface (e.g. bg e1 and b g e2) is provided for each zone. These
interfaces must not be used elsewhere in the global zone.
zone 1 -zone cfg: a dd n e t phy sical =bge1
zone 2 -zone cfg: a dd n e t phy sical =bge2
• The zone configuration for zone1 and zone2 is converted to the use of exclusive IP instances.
zone c fg: s et ip - type = exclu sive
• IP addresses and the default router are specified in the zones in the usual way.
Zone 1: /e tc/ho s tnam e .bge1
Zone 2: /e tc/ho s tnam e .bge2
/etc / defau ltrou t er
• Communication between the zones or between the zones and the global zone takes place
only if corresponding routing entries exist. Additionally a physical network connection has to
exist between the interfaces of the zones.
• The default router is a NAT router that hides the IP address of the local zone from the
customer. On the customer's side, it is configured with an IP address from the customer's
network; thus, address conflicts can not occur.
90