Full IP-level functionality is available in an exclusive-IP zone.
An exclusive-IP zone has its own IP-related state.
This includes the ability to use the following features in an exclusive-IP zone:
IP Filter, including network address translation (NAT) functionality
ndd for setting TCP/UDP/SCTP as well as IP/ARP-level knobs
IP security (IPsec) and Internet Key Exchange (IKE), which automates the provision of authenticated keying material for IPsec security association
An exclusive-IP zone is assigned its own set of data-links using the zonecfg command. The zone is given a data-link name such as xge0, e1000g1, or bge32001, using the physical property of the net resource. The address and the defrouter properties of the net resource are not set.
Note that the assigned data-link enables the snoop command to be used.
The dladm command can be used with the show-linkprop subcommand to show the assignment of data-links to running exclusive-IP zones. The dladm command can be used with the set-linkprop subcommand to assign additional data-links to running zones. See Administering Data-Links in Exclusive-IP Non-Global Zones for usage examples.
Inside a running exclusive-IP zone, the ifconfig command can be used to configure IP, which includes the ability to add or remove logical interfaces. The IP configuration in a zone can be set up in the same way as for the global zone, by using the sysidtools described in sysidcfg(4).
The IP configuration of an exclusive-IP zone can only be viewed from the global zone by using the zlogin command. An example follows.
| global# zlogin zone1 ifconfig -a |