Solaris 10 zones - communication between zones

Solaris 10 zones - communication between zones

Post by jmikl » Wed, 27 Apr 2005 03:07:38



For example I have Sun server with quad FE card. I create 4 zones and each
zone is assigned specific FE port. Each zone has some specific default gw
configured to some real router. If I try to communicate from one zone to
another, will it go thru network via router like 2 different physical
machine or will they communicate virtually thru global zone without packets
ever leaving to NIC.
I would like to use Solaris containers for simulating lot of different pcs
in network.

thanks,
jm

 
 
 

Solaris 10 zones - communication between zones

Post by Andrew Gabri » Wed, 27 Apr 2005 04:14:37




Quote:> For example I have Sun server with quad FE card. I create 4 zones and each
> zone is assigned specific FE port. Each zone has some specific default gw

The routing table (and default gateway(s)) is per system, not per zone.
However, you might be able to achieve a default gateway per zone in
this case if each FE port is on a different network, with a default gw
per network (such that only one gateway would effectively be accessible
in each zone).

Quote:> configured to some real router. If I try to communicate from one zone to
> another, will it go thru network via router like 2 different physical
> machine or will they communicate virtually thru global zone without packets
> ever leaving to NIC.

It is virtually impossible to make Solaris route packets externally
which are destined for the same system. You would probably need to
do something hacky with IP-Filter and NAT.

Note that communication between zones in the same system doesn't go
"through the global zone" as you put it, it goes directly between
the zones involved, inside the IP stack in the kernel.

Quote:> I would like to use Solaris containers for simulating lot of different pcs
> in network.

--
Andrew Gabriel

 
 
 

Solaris 10 zones - communication between zones

Post by Steve S » Wed, 27 Apr 2005 05:03:05





>>For example I have Sun server with quad FE card. I create 4 zones and each
>>zone is assigned specific FE port. Each zone has some specific default gw

> The routing table (and default gateway(s)) is per system, not per zone.
> However, you might be able to achieve a default gateway per zone in
> this case if each FE port is on a different network, with a default gw
> per network (such that only one gateway would effectively be accessible
> in each zone).

>>configured to some real router. If I try to communicate from one zone to
>>another, will it go thru network via router like 2 different physical
>>machine or will they communicate virtually thru global zone without packets
>>ever leaving to NIC.

> It is virtually impossible to make Solaris route packets externally
> which are destined for the same system. You would probably need to
> do something hacky with IP-Filter and NAT.

> Note that communication between zones in the same system doesn't go
> "through the global zone" as you put it, it goes directly between
> the zones involved, inside the IP stack in the kernel.

>>I would like to use Solaris containers for simulating lot of different pcs
>>in network.

Another option (Depending on how many router ports you have available)
would be to assign each zone an ip with a subnet mask of /30
(255.255.255.252) - This will let force the packets to go through the
router to get to another zone.
 
 
 

Solaris 10 zones - communication between zones

Post by jmikl » Wed, 27 Apr 2005 07:45:01



Quote:> Another option (Depending on how many router ports you have available)
> would be to assign each zone an ip with a subnet mask of /30
> (255.255.255.252) - This will let force the packets to go through the
> router to get to another zone.

Don't get it. If I understand Andrew, it is not question of ip address each
zone has. Problem is that if 2 zones need to communicate between them,
althogh one should think that communication will be done regularly thru
network, in fact they will communicate directly thru ip stack of server.
I have some network setup, with lot of routers, switches etc - for test
purposes. In order to have some clients on that network, my idea was do
partition sun server into zones. Each zone should have ip address from
different ip subnet. Since server has QuadFE card, each zone could have its
ony physical NIC port. I.e
zone1 has ip address:192.168.1.10/24, DG 192.168.1.1, NIC qfe1
zone 2 has ip address 172.16.2.10/24, DG 172.16.2.1, NIC qfe2

If zone1 communicate to zone2, willit send packets to network or will it
recognize that these zones are on same server and route traffic directly
thru ip stack of sun server andpacket should never leave nic port. Which one
is it then ?

thanks,
jm

 
 
 

Solaris 10 zones - communication between zones

Post by Scott Howar » Wed, 27 Apr 2005 18:38:59



> Another option (Depending on how many router ports you have available)
> would be to assign each zone an ip with a subnet mask of /30
> (255.255.255.252) - This will let force the packets to go through the
> router to get to another zone.

No, it won't.

Solaris will _never_ let a packet which is destined to itself go onto the
wire.

  Scott.

 
 
 

1. solaris 10 zone / container question (or Solaris 9)

I begin to look at zoning in Solaris 10. I have not configured zones
yet but need some answers quite quick (tomorrow :-() and hope someone
can help

a.      My understanding of zoning is that it allows the SA to create
multiple zones in a single Solaris 10 instance. However, does there
exist any tools to allow the SA to allocate resources to each zone?
Say 1/10 of a CPU to one zone and ? of 1 CPU to a second zone. I think
I read about resource management center, is it possible?
b.      Are there any monitoring tools for each zone? Even if I were to use
vmstat, iostat, will the result shown be for the zone or for the
"real" machine?

I also read containers is also available on Solaris 9, does it mean
that I can configure zone using Solaris 9? Otherwise, how can I
partition a system for different applications in Solaris 9.

Thanks for the help

AC

2. Setting CDE to TrueColor

3. Networking, Zones, & Firewall Question w/ Solaris 10+

4. Dialin programs.

5. Problem installing oracle in Solaris 10 zone

6. queue_nr_requests needs to be selective

7. Hands off application installations on Solaris 10 zones

8. Getting from site information

9. Solaris 10: Running Xsun in a seperare zone...

10. Package exclude when creating a Solaris 10 Zone

11. Why are some packages installed in all zones for Solaris 10, but some packages are not ?

12. solaris 10 pkgadd in non-global zone cpio error

13. Solaris 10 zones /tmp occupation