Independent networking for Solaris zones
One of the new features in the Solaris 10 08/07 (update 4) release is that zones can be given their own network interfaces. In previous releases of Solaris, the only networking option for zones was to give the zone IP addresses on virtual interfaces, which meant that all routing and firewalling had to be configured in the global zone. In S10 08/07, when configuring a zone, you can now specify a property “ip-type” which can be shared or exclusive. A shared ip-type is the same configuration that was available in previous Solaris 10 releases and is the default. A zone configured with an ip-type of exclusive has the following properties:
- Separate IP stack (zone admin can add multiple IP addresses, configure routing, and run snoop)
- IP Filter can be used and administered inside the zone
- All network traffic between ip-type exclusive zones goes through physical network adapters (skipping the loopback path inside the kernel)
- IPMP can be configured if there are multiple interfaces assigned to the zone
Besides networking changes, there are also a bunch of additional new features for zones in S10 08/07 (much stronger resource controls, DTrace privileges can be added, boot options, etc). Check out the latest S10 Admin Guide or the Zones Community at opensolaris.org.