System Administration Guide: Network Interfaces and Network Virtualization

Planning and Designing a Virtual Network

This section describes two different scenarios for configuring a virtual network. Look over the scenarios to help determine which most closely fits the needs of your site. Then use that scenario as the basis for designing your specific virtualization solution. The scenarios include:

Basic virtual network of two zones, especially useful for consolidating network services from the local network onto a single host.
Private virtual network, useful for a development environment where you isolate applications and services from the public network.

Basic Virtual Network on a Single System

Figure 10–1 shows the basic virtual network, or “network in a box” that is used in examples throughout the section Configuring a Basic Virtual Network.

Figure 10–1 Virtual Network on a Single Host

The figure is described in the following context.

This virtual network consists of the following:

A single GLDv3 network interface e1000g0. This interface connects to the public network 192.168.3.0/24. Interface e1000g0 has the IP address 192.168.3.70.
A virtual switch, which is automatically configured when you create the first VNIC.
Two VNICs. vnic1 has the IP address 192.168.3.20, and vnic2 has the IP address 192.168.3.22.
Two exclusive IP zones. zone1 is configured over vnic1, and zone2 is configured over vnic2.

Note –
Though the example uses exclusive IP zones, you can also use other types of virtual machines such as LDOMS in this scenario.

The VNICs and zones in this configuration allow access to the public. Therefore, the zones can pass traffic beyond the e1000g0 interface. Likewise, users on external networks can reach applications and services offered by the zones.

Best Uses for the Basic Virtual Network

The network in a box scenario enables you to isolate processes and applications into individual virtual machines or zones on a single host. Furthermore, this scenario is expandable to include many containers, each of which could run a completely isolated set of applications. The scenario improves a system's efficiency and, by extension, the efficiency of the local network. Therefore, this scenario is ideal for the following users:

Network consolidators and others who want to consolidate the services of a LAN onto a single system.
Any site that rents out services to customers. You can rent out individual zones or virtual machines, observe traffic, and take statistics for performance measuring or for billing purposes on each zone in the virtual network.
Any administrator who wants to isolate processes and applications to separate containers to improve system efficiency .

For More Information

For tasks that implement the basic virtual network, go to Configuring a Basic Virtual Network.
For examples that show how to configure the virtual network shown in this section, go to Configuring a Basic Virtual Network.
For conceptual information about VNICs and virtual networks, go to Network Virtualization and Virtual Networks.
For conceptual information about zones, go to Chapter 16, Introduction to Solaris Zones, in System Administration Guide: Virtualization Using the Solaris Operating System.

Private Virtual Network on a Single System

Figure 10–2 shows a single system with a private network behind packet filtering software that performs network address translation (NAT). This figure illustrates the scenario that is built in Example 11–7.

Figure 10–2 Private Virtual Network on a Single Host

The figure is explained in the next context.

The topology features a single system with a public network, including a firewall, and a private network built on an etherstub pseudo-interface. The public network runs in the global zone and consists of the following elements:

GLDv3 network interface e1000g0 with the IP address 192.168.3.70.
A firewall implemented in the IP Filter software. For an introduction to IP Filter, refer to Introduction to Solaris IP Filter in System Administration Guide: IP Services.
etherstub0, a pseudo-interface upon which the virtual network topology is built. Etherstubs provide the ability to create a virtual network on a host. That network is totally isolated from the external network.

The private network consists of the following elements:

A virtual switch which provides packet forwarding among the VNICs of the private network.
vnic0, which is the VNIC for the global zone, and has the IP address 192.168.0.250.
vnic1 with the IP address 192.168.0.200 and vnic2 with the IP address 192.168.0.220. All three VNICs are configured over etherstub0.
zone1, which is configured over vnic1, and zone2, which is configured over vnic2.

Best Uses for a Private Virtual Network

Consider creating a private virtual network for a host that is used in a development environment. Using the etherstub framework, you can totally isolate software or features under development to the containers of the private network. Moreover, you can use firewalling software for network address translation of outgoing packets that originate in the containers of the private network. The private network is a smaller version of the eventual deployment environment.

For More Information

For tasks for implementing the private virtual network, go to Configuring a Private Virtual Network
For the example that shows how to configure the private virtual network shown in this section, go toExample 11–7.
For conceptual information about VNICs and virtual networks, go to Network Virtualization and Virtual Networks.
For conceptual information about zones, go to Chapter 16, Introduction to Solaris Zones, in System Administration Guide: Virtualization Using the Solaris Operating System.
For information about Solaris IP Filter, go to Introduction to Solaris IP Filter in System Administration Guide: IP Services.