How to Create a Private Network of Multiple Zones
This procedure summarizes the steps to set up a private network of zones.
Example 4-1 Setting Up a Private Network
This example goes through the process of setting zone0, zone1, and zone2 as a private network. The scenario consists of the following:
-
The global zone's IP address is 192.0.2.100
-
The private network of the zones is 192.0.1.0.
-
The zones (
zone0,zone1, andzone2) will be configured with VNICs (vnic0,vnic1, andvnic2, respectively).
This example assumes that the zones have already been created and installed.
For demonstration purposes, instead of using zonecfg interactively, zone configuration will be performed on the global zone as described in Performing Zone Configuration From the Global Zone. Likewise, IP configuration will be performed from the global zone instead of from within each zone, as described in Using the zlogin Command.
Prepare the etherstub and VNICs on the host. global$ dladm create-etherstub stub0 global$ dladm create-vnic -l stub0 vnic0 global$ dladm create-vnic -l stub0 vnic1 global$ dladm create-vnic -l stub0 vnic2 Set the zones' physical property. global$ zonecfg -z zone0 "add net;set physical=vnic0; end" global$ zonecfg -z zone1 "add net;set physical=vnic1; end" global$ zonecfg -z zone2 "add net;set physical=vnic2; end" Boot the zones. global$ zoneadm -z zone0 boot global$ zoneadm -z zone1 boot global$ zoneadm -z zone2 boot Configure the VNICs with IP addresses. global$ zlogin zone0 ipadm create-ip vnic0 global$ zlogin zone0 ipadm create-addr -a 192.0.1.100/24 vnic0 global$ zlogin zone1 ipadm create-ip vnic1 global$ zlogin zone1 ipadm create-addr -a 192.0.1.101/24 vnic0 global$ zlogin zone2 ipadm create-ip vnic2 global$ zlogin zone2 ipadm create-addr -a 192.0.1.102/24 vnic0 Display all the information. global$ dladm LINK CLASS MTU STATE OVER ... stub0 etherstub 9000 unknown -- vnic0 vnic 9000 up stub0 vnic1 vnic 9000 up stub0 vnic2 vnic 9000 up stub0 zone0/vnic0 vnic 9000 up stub0 zone1/vnic1 vnic 9000 up stub0 zone2/vnic2 vnic 9000 up stub0 global$ zlogin zone0 ipadm NAME CLASS TYPE/STATE UNDER ADDR ... vnic0 ip ok -- -- vnic0/v4 static ok -- 192.0.1.100/24 global$ zlogin zone1 ipadm NAME CLASS TYPE/STATE UNDER ADDR ... vnic1 ip ok -- -- vnic1/v4 static ok -- 192.0.1.101/24 global$ zlogin zone2 ipadm NAME CLASS TYPE/STATE UNDER ADDR ... vnic2 ip ok -- -- vnic2/v4 static ok -- 192.0.1.102/24
To enable communications between the private network (192.0.1.0) and the external network (192.0.2.0), configure one of the zones with another port that will provide the connectivity. Enable IP forwarding on that port. For this part of the example, interactive configuration is used.
global$ zonecfg -z zone2 zonecfg:zone2> add net zonecfg:zone2:net> set physical=net1 zonecfg:zone2:net> end zonecfg:zone2> exit global$ zoneadm -z zone2 apply Checking: Adding net physical=net1 Applying the changes global$ zlogin zone2 [Connected to zone 'zone2' pts/3] username@zone2:-$ ipadm create-ip net1 username@zone2:-$ ipadm create-addr -a 192.0.2.110 net1 username@zone2:-$ ipadm NAME CLASS TYPE/STATE UNDER ADDR ... net1 ip ok -- -- net1/v4 static ok -- 192.0.2.110/24 vnic2 ip ok -- -- vnic2/v4 static ok -- 192.0.1.102/24 username@zone2:-$ ipadm set-prop forwarding=on ipv4 username@zone2:-$ exit logout [Connection to zone 'zone2' pts/3 closed] global$ zoneadm -z zone2 reboot
Test the connections by pinging a zone from a system in the 192.0.2.0 network, or conversely, pinging the 192.0.2.0 network from inside a zone.