Sun Microsystems 10 用户手册
Version 3.1-en
Solaris 10 Container Guide - 3.1 5. Cookbooks
Effective: 30/11/2009
5.2.7.2. Zones in separate network segments using the shared IP instance
[dd/ug] Two local zones, zone1 and zone2, are located in separated network segments and provide
services for these network segments.
[dd/ug] Two local zones, zone1 and zone2, are located in separated network segments and provide
services for these network segments.
•
Each local zone should have its own physical interface in the network segment.
•
No other network is connected to the network segment.
•
Routing is not used.
•
There should be no communication between local zones.
•
Communication between the global zone and the local zones is not intended.
Implementation:
•
The network interface provided for the local zone (e.g. bge1) must not be used elsewhere in
the global zone.
the global zone.
•
To activate the interface for the local zones, the interface must be plumbed (but not enabled):
ifconfig bge1 plumb down
The interface has the address 0.0.0.0 but is not active.
ifconfig bge1 plumb down
The interface has the address 0.0.0.0 but is not active.
•
No routing entries are made.
•
Option: To enable communication between the global and a local zone, the corresponding
interface with an address that is located in the network of the local zone must be configured in
the global zone.
interface with an address that is located in the network of the local zone must be configured in
the global zone.
84
Figure 32: [dd] Zones in separate network segments using the shared IP instance
192.168.201.0
Network
bge0 - 192.168.1.1
bge1 - 0.0.0.0
bge2 - 0.0.0.0
bge2 - 0.0.0.0
Global Zone
bge2:2 - 192.168.202.1
Zone 2
bge1:1 - 192.168.201.1
Zone 1
192.168.1.0
Network
192.168.202.0
Network