1. Creating and Using Oracle Solaris Zones
  2. About Non-Global Zone Administration
  3. Networking in Exclusive-IP Non-Global Zones
  4. Exclusive-IP Zones Traffic, Traffic Security, and IPMP Configuration

Exclusive-IP Zones Traffic, Traffic Security, and IPMP Configuration

  • Traffic Between Zones – There is no internal loopback of IP packets between exclusive-IP zones. All packets are sent down to the datalink. Typically, this means that the packets are sent out on a network interface. Then, devices like Ethernet switches or IP routers can forward the packets toward their destination, which might be a different zone on the same system as the sender.

  • IPsec and IKE – You have the same IPsec and IKE functionality that you have in the global zone in an exclusive-IP zone. PF is also configured the same way in exclusive-IP zones and the global zone. See IPsec Reference in Securing the Network in Oracle Solaris 11.4.

  • Packet Filter Firewall – You have the same Packet Filter (PF) functionality that you have in the global zone in an exclusive-IP zone. PF is also configured the same way in exclusive-IP zones and the global zone. See Chapter 5, Configuring the Firewall in Oracle Solaris in Securing the Network in Oracle Solaris 11.4.

  • IP Network Multipathing (IPMP) – The datalink configuration is done in the global zone. First, multiple datalink interfaces are assigned to a zone by using the zonecfg command. The multiple datalink interfaces must be attached to the same IP subnet. IPMP can then be configured from within the exclusive-IP zone by the zone administrator.

    IPMP is used for physical interface failure detection and transparent network access failover for a system with multiple interfaces on the same IP link. IPMP also provides load spreading of packets for systems with multiple interfaces.