Deploying Solaris 10 Zones and Choosing Network Configurations

Exactly how does one go about deploying a large number of zones on an M8000 Enterprise Server, especially given that twelve separate links would be needed for the different networks and twice that number for IPMP. In the course of answering this question for a customer, Steffen Weiberle came up with a number of suggestions in his blog Solaris 10 Zones and Networking -- Common Considerations.

Weiberle begins with an enumeration of the characteristics of zone networking configured both as shared and as exclusive, noting that it is possible to mix the two IP zones on a system. In such a configuration, all shared zones will be sharing the configuration and run time data (routes, ARP, IPsec) of the global zone while each exclusive zone will have its own configuration and run time data, which cannot be shared with the global zone or any other exclusive zones. He also covers the consequences of IP multipathing (IPMP) on both global and exclusive zones.

Normally, Weiberle writes, shared-IP zones use the same datalinks and the same IP subnet prefixes as the global zone, in which case the routing in the shared-IP zones is the same as in the global zone. The global zone can use static or dynamic routing to populate its routing table, that will be used by all the shared-IP zones.

In some cases different zones need different IP routing, however, he continues. In such a case, the approach Weiberle suggests is to make those zones exclusive-IP zones. If this is not possible, then one can use some limited support for routing differentiation across shared-IP zones. This limited support only handles static default routes, and only works reliably when the shared-IP zones use disjoint IP subnets, he reminds readers.

Weiberle also addresses the connections between routing and zones with observations on what conditions obtain when shared-IP zones use the same datalinks and the same IP subnet prefixes as the global zone, in which case the routing in the shared-IP zones is the same as in the global zone.

He notes, too, that all routing is managed by zone that owns the IP Instance and that different routing policies, routing daemons, and configurations can be used in each IP Instance.

The next consideration that Weiberle addresses is how users can restrict network traffic between non-global shared IP zones, of which he mentions three: the "loopback" parameter; use of a route(1M) action; and the use of the IP Filter.

Finally, Weiberle presents several considerations useful in choosing between link aggregation and IPMP. In closing, he advises readers that his suggestions apply to Solaris 10 and not to OpenSolaris.

More Information

Sun Blueprints Online: Sun SPARC Enterprise M-Series Servers Configuration Concepts

Tutorial on IP Multipathing (IPMP) [...read more...]

Keywords:

fullsource

Current

Profile

Archive

Blog

Generate newsletter

Other articles in the Solaris section of Volume 145, Issue 2:

Deploying Solaris 10 Zones and Choosing Network Configurations (this article)

See all archived articles in the Solaris section.

Top 10 Most Popular Articles in Current Issue (Vol 168, Issue 1)
Sun ZFS Storage Appliances Earn Highest Ratings for Enterprise and Midrange NAS Systems SPARC T4 Server Momentum Expands Demand for SPARC System Oracle Sun Ray 3 Series Clients Capture 2011 Good Design Award SPARC T4 Servers Find Favor with Telecommunications Service Providers Oracle Ships Over 1 Exabyte of Media for StorageTek T10000C Tape Drives	How to Manage the ZFS Storage Appliance with JavaScript: Three Approaches Exactly What Is Big Data? Building a Secure Cloud with Identity Management Oracle Secure Global Desktop Allows Simplified, Anywhere, Access to Applications Migrating from SUSE Linux to Oracle Linux 5.5