An exclusive-IP zone has its own IP-related state and tuning variables. The zone is assigned its own set of data-links when the zone is configured.
For information on features that can be used in an exclusive-IP non-global zone, see Solaris 10 8/07: Exclusive-IP Non-Global Zones. For information on tuning IP ndd variables, see Oracle Solaris Tunable Parameters Reference Manual.
Exclusive-IP zones have separate TCP/IP stacks, so the separation reaches down to the data-link layer. One or more data-link names, which can be a NIC or a VLAN on a NIC, are assigned to an exclusive-IP zone by the global administrator. The zone administrator can configure IP on those data-links with the same flexibility and options as in the global zone.
A data-link name must be assigned exclusively to a single zone.
The dladm show-link command can be used to display data-links assigned to running zones.
For more information, see dladm(1M)
There is no internal loopback of IP packets between exclusive-IP zones. All packets are sent down to the data-link. Typically, this means that the packets are sent out on a network interface. Then, devices like Ethernet switches or IP routers can forward the packets toward their destination, which might be a different zone on the same machine as the sender.
You have the same IP Filter functionality that you have in the global zone in an exclusive-IP zone. IP Filter is also configured the same way in exclusive-IP zones and the global zone.
IP network multipathing (IPMP) provides physical interface failure detection and transparent network access failover for a system with multiple interfaces on the same IP link. In addition to fault tolerance, IPMP also provides load spreading of packets for systems with multiple interfaces.
The data-link configuration is done in the global zone. First, multiple data-link interfaces are assigned to a zone using zonecfg. The multiple data-link interfaces must be attached to the same IP subnet. IPMP can then be configured from within the exclusive-IP zone by the zone administrator. Multiple IPMP groups can be assigned to a given exclusive-IP zone, but those IPMP groups cannot be shared with other zones.