Computer Hardware User Manual
Version 3.1-en Solaris 10 Container Guide - 3.1 5. Cookbooks Effective: 30/11/2009
5.2.7.8. Connection of zones via external routers using the shared IP instance
[dd/ug] A web server in zone1 is contacted from the internet and needs the application server in
zone2 to fulfill the orders.
• Zone1 should be connected to the internet through a separate network.
• The connection from zone1 to zone2 should take place through an external load
balancing router. For reasons of clarity, no additional instances for web and application
servers are contained here.
• Direct communication between the local zones should not be possible, but rather through the
external router instead.
• Communication between the global zone and the local zones is not intended.
Implementation:
• The network interfaces provided for the local zones (bg e 1, b g e2 and bg e 3) must not
be used elsewhere in the global zone.
• To prepare for local zones, the interfaces must be plumbed (but not enabled); thereby, the
interfaces receive the address 0.0.0.0:
ifco n fig b ge1 p l umb d own
ifco n fig b ge2 p l umb d own
ifco n fig b ge3 p l umb d own
• The network configuration of the zones is established by setting the zones to the read y
status.
zone a dm -z zone 1 rea d y
zone a dm -z zone 2 rea d y
The addresses listed in the zone configuration are now active.
(zone1 : 192 . 168.2 01.1, 192.1 6 8.20 0 .1 and z one2: 1 92.1 6 8.202 .1)
• A default route is specified for communication of the zone zone1 to the internet.
zone c fg:se t def r oute r =192. 168.2 00.2
In addition, a route is required to the apparent address of zone2 behind the NAT router.
rout e add 192.1 6 8.10 2 .0 19 2.168 .201. 2
91
Figure 37: [dd] Zones connected to independent customer networks using exclusive IP instances
bge0 - 192.168.1.1
ip type: shared
Global Zone
bge2 - 192.168.202.1
Def router - 192.168.202.2
ip type: exclusive
Zone 2
bge1 - 192.168.201.1
Def router - 192.168.201.2
ip type: exclusive
Zone 1
192.168.1.0
Network
192.168.101.0
Customer Network
A
NAT
router
192.168.101.201
192.168.201.2
192.168.102.0
Customer Network
B
NAT
router
192.168.102.201
192.168.202.2