Hello Zones experts, We are attempting to create a new data center architecture that favors virtualization with zones. Previously, if we wanted to have zones from different security contexts (front-end, back-end, internet, etc), they had to be in different physical machines (or LDOMS). Now

Continuing on my zones in different subnets theme, but starting a new thread to improve readability... The other problem I have been experiencing can be solved with the right ipf.conf incantation (I think). Lets pretend the host (zone) mail-fe-1 initiates a connection to dirsrv-lb (load

You probably can't use bge0 because its being used in the global zone. Try plugging a cable into bge1 (net1) and use that. Exclusive means exclusive, it needs its own network interface. -- This message posted from opensolaris.org ___ zones-discuss

Sorry that I don't have an answer to your question, but I have some thoughts that might help :) I see zones hosting as two potentially different services... 1. Virtual Dedicated Solaris Server - You are provided a virtual dedicated server that runs (Open)Solaris. You know its a zone because

On Nov 10, 2008, at 7:09 AM, Paul Kraus wrote: On Sun, Nov 9, 2008 at 10:34 PM, Tommy McNeely [EMAIL PROTECTED] wrote: The problem I ran into this time was that static routes don't seem to use the same intelligence that default routes do. For example, in the snip At least

Hello, As I previously mentioned, I am working on the possibility of putting zones from different security contexts (front-end, application, back- end) into the same physical server, which is effectively putting zones in more than one subnet. We also like to use a load balancer, at least

Well, I forgot to mention that we were using S10u6, but the idea I had was to apply the filter rules in the global zone. As far as I can tell, crossbow is not integrated with NV or OS either :) It looks like we are going to need to somehow wrapper it, or put the entire ipf.conf for all zones

Start with a real minimal build of Solaris, build a sparse zone. The zones then take ~200MB. No, its not a CHROOT, but you can chroot apps that support it (named) within the zone so that there is absolutely nothing that can be accessed if it somehow is broken... but the minimal install should

. (in other words, you cant have two internet zones on a single host). This might help you: http://www.sun.com/bigadmin/content/submitted/trusted_ext_corp.jsp Robert Bailey On Nov 7, 2008, at 12:13 PM, Tommy McNeely wrote: Hello Zones experts, We are attempting to create a new data center

Once a defrouter is set, there doesn't appear to be a way to unset it. I have added another (public) IP address to this zone, and with that public IP its own defroute. I want to keep this private one, but remove the defrouter attribute. There is no unset and you can't set it to .. I can

/16 zonecfg:donald:net remove defrouter zonecfg:donald:net info net: address: physical: e1000g0 defrouter not specified zonecfg:donald:net end zonecfg:donald exit Konstantin Hugh McIntyre wrote: Tommy McNeely wrote: Once a defrouter is set

Hi zones experts, I have a couple exclusive ip zones using IPv6. One is the router (tunnel host) and is dual stacked IPv4 and IPv6 running a 6 in 4 tunnel to Hurricane Electric, and the other is a simple web server. I am trying to create another simple web server that is on a shared-ip

folder, but make sure you understand what you are doing, and heed my above statement :) Tommy