Networking in Exclusive-IP Non-Global Zones
For information on features that can be used in an exclusive-IP non-global zone, see Exclusive-IP Non-Global Zones. For information on tuning IP ndd variables, see Solaris Tunable Parameters Reference Manual.
Exclusive-IP Zone Partitioning
Exclusive-IP zones have separate TCP/IP stacks, so the separation reaches down to the data-link layer. One or more data-link names, which can be a NIC or a VLAN on a NIC, are assigned to an exclusive-IP zone by the global administrator. The zone administrator can configure IP on those data-links with the same flexibility and options as in the global zone.
Exclusive-IP Data-Link Interfaces
A data-link name must be assigned exclusively to a single zone.
The dladm show-link command can be used to display data-links assigned to running zones.
For more information, see dladm(1M)
IP Traffic Between Exclusive-IP Zones on the Same Machine
There is no internal loopback of IP packets between exclusive-IP zones. All packets are sent down to the data-link. Typically, this means that the packets are sent out on a network interface. Then, devices like Ethernet switches or IP routers can forward the packets toward their destination, which might be a different zone on the same machine as the sender.
Solaris IP Filter in Exclusive-IP Zones
You have the same IP Filter functionality that you have in the global zone in an exclusive-IP zone. IP Filter is also configured the same way in exclusive-IP zones and the global zone.
IP Network Multipathing in Exclusive-IP Zones
IP network multipathing (IPMP) provides physical interface failure detection and transparent network access failover for a system with multiple interfaces on the same IP link. IPMP also provides load spreading of packets for systems with multiple interfaces.
The data-link configuration is done in the global zone. First, multiple data-link interfaces are assigned to a zone using zonecfg. The multiple data-link interfaces must be attached to the same IP subnet. IPMP can then be configured from within the exclusive-IP zone by the zone administrator.