Sun Microsystems 10 User Manual
Version 3.1-en
Solaris 10 Container Guide - 3.1 5. Cookbooks
Effective: 30/11/2009
5.2.7.8. Connection of zones via external routers using the shared IP instance
[dd/ug] A web server in zone1 is contacted from the internet and needs the application server in
zone2 to fulfill the orders.
[dd/ug] A web server in zone1 is contacted from the internet and needs the application server in
zone2 to fulfill the orders.
•
Zone1 should be connected to the internet through a separate network.
•
The connection from zone1 to zone2 should take place through an external load
balancing router. For reasons of clarity, no additional instances for web and application
servers are contained here.
balancing router. For reasons of clarity, no additional instances for web and application
servers are contained here.
•
Direct communication between the local zones should not be possible, but rather through the
external router instead.
external router instead.
•
Communication between the global zone and the local zones is not intended.
Implementation:
•
The network interfaces provided for the local zones (bge1, bge2 and bge3) must not
be used elsewhere in the global zone.
be used elsewhere in the global zone.
•
To prepare for local zones, the interfaces must be plumbed (but not enabled); thereby, the
interfaces receive the address 0.0.0.0:
ifconfig bge1 plumb down
ifconfig bge2 plumb down
ifconfig bge3 plumb down
interfaces receive the address 0.0.0.0:
ifconfig bge1 plumb down
ifconfig bge2 plumb down
ifconfig bge3 plumb down
•
The network configuration of the zones is established by setting the zones to the ready
status.
zoneadm -z zone1 ready
zoneadm -z zone2 ready
The addresses listed in the zone configuration are now active.
(zone1: 192.168.201.1,192.168.200.1 and zone2:192.168.202.1)
status.
zoneadm -z zone1 ready
zoneadm -z zone2 ready
The addresses listed in the zone configuration are now active.
(zone1: 192.168.201.1,192.168.200.1 and zone2:192.168.202.1)
•
A default route is specified for communication of the zone zone1 to the internet.
zonecfg:set defrouter=192.168.200.2
In addition, a route is required to the apparent address of zone2 behind the NAT router.
route add 192.168.102.0 192.168.201.2
zonecfg:set defrouter=192.168.200.2
In addition, a route is required to the apparent address of zone2 behind the NAT router.
route add 192.168.102.0 192.168.201.2
91
Figure 37: [dd] Zones connected to independent customer networks using exclusive IP instances
bge0 - 192.168.1.1
ip type: shared
Global Zone
bge2 - 192.168.202.1
Def router - 192.168.202.2
Def router - 192.168.202.2
ip type: exclusive
Zone 2
bge1 - 192.168.201.1
Def router - 192.168.201.2
Def router - 192.168.201.2
ip type: exclusive
Zone 1
192.168.1.0
Network
192.168.101.0
Customer Network
A
NAT
router
router
192.168.101.201
192.168.201.2
192.168.102.0
Customer Network
B
NAT
router
router
192.168.102.201
192.168.202.2