Solaris containers on one host w/ multiple VLANs


1x Solaris 10 x86 server w/ 4 NICs.. 3 being used.  

First NIC(e1000g0) is on VLAn

Second NIC(e1000g1) is on VLAN

Third NIC(e1000g2) is on VLAN routed VLAN)

Fourth NIC is unused.
the 10.1.20 and 10.1.40 VLAN are firewalled from each other.

Default router config in the the Solaris Zone configs

Problem:  we have a test env w/ a load balancer between the 10.1.20 and 10.1.40 VLAN.  when we send from the container -->  to the VLAN by way of load balancer, we don't get a response from the server by way of the network/LB.  Instead, the packets go directly to the interface on by way of the global zone.

So the question is.. how do we force the containers to route all data over the NICs and bypass the Global Zone routing table?

is that possible?  

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian UtterbackPrinciple Software EngineerCommented:
What you want is an "exclusive IP" zone. Originally, all the zones shared a single IP stack and so packets that were to be sent from one zone to another never went out over the wire, they were simply passed between the zones. This meant that there were many combination of routing that simply wer enot possible. On the other hand, for the normal use cases it was much more efficient.

Later, the concept "exclusive IP" zones was added. With this option, each zone would get its own IP stack. This made the zones behave exactly as they would if they were separate machines. The downside to this is that each zone also had to have its own physical interface configured, but it sounds like you have this anyway.

You should read the man page for zonecfg. It talks about exclusive IP zones and how to set it up.

There is a discussion of this here:

JeffBethAuthor Commented:
That looks like the right direction.. THANK YOU!

Follow up.. do I have to have one network interface per zone to pull this off?  Or can I share one interface with many containers on the same VLAN?

I'll dig through the doc.. but figured it didn't hurt to ask! :-)

Again, THANKS!

Brian UtterbackPrinciple Software EngineerCommented:
One per zone.
Brian UtterbackPrinciple Software EngineerCommented:
I should mention that if you are using OpenSolaris rather than Solaris 10, the Crossbow feature allows you to do this with virtual interfaces, so you can essentially do what you want more easily.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.