Shared-IP Zones Traffic, Traffic Security, and IPMP Configuration
-
Traffic Between Zones – A shared-IP zone can reach any given IP destination if there is a usable route for that destination in its routing table. To view the routing table, use the
netstat -r
command from within the zone. The IP forwarding rules are the same for IP destinations in other zones or on other systems. -
IPsec and IKE – IPsec relies on the Internet Key Exchange (IKE) protocol to manage keys. If you are configuring IPsec in a shared-IP zone, configure IKE in the global zone and use the source address that corresponds to the non-global zone that you are configuring. See IPsec Reference in Securing the Network in Oracle Solaris 11.4.
-
Packet Filter Firewall – PF can be enabled in non-global zones by turning on loopback filtering as described in Chapter 5, Configuring the Firewall in Oracle Solaris in Securing the Network in Oracle Solaris 11.4.
-
IP Network Multipathing (IPMP) – You configure IPMP in the global zone. Then, you extend the functionality to non-global zones. The functionality is extended by assigning one of the IPMP interface's data addresses to the zone. In a given non-global zone, only the interfaces associated with the zone are visible through the
ipadm
command.For further information, review the following: