[zones-discuss] ipfilter (ipf.conf) entries in zonecfg?

2008-11-07 Thread Tommy McNeely
Hello Zones experts, We are attempting to create a new data center architecture that favors virtualization with zones. Previously, if we wanted to have zones from different security contexts (front-end, back-end, internet, etc), they had to be in different physical machines (or LDOMS). Now

[zones-discuss] using load balancers with zones

2008-11-09 Thread Tommy McNeely
Continuing on my zones in different subnets theme, but starting a new thread to improve readability... The other problem I have been experiencing can be solved with the right ipf.conf incantation (I think). Lets pretend the host (zone) mail-fe-1 initiates a connection to dirsrv-lb (load

Re: [zones-discuss] Can't create an exclusive IP zone in Open Solaris snv_99

2008-11-09 Thread Tommy McNeely
You probably can't use bge0 because its being used in the global zone. Try plugging a cable into bge1 (net1) and use that. Exclusive means exclusive, it needs its own network interface. -- This message posted from opensolaris.org ___ zones-discuss

Re: [zones-discuss] Zones hosting providers?

2008-11-09 Thread Tommy McNeely
Sorry that I don't have an answer to your question, but I have some thoughts that might help :) I see zones hosting as two potentially different services... 1. Virtual Dedicated Solaris Server - You are provided a virtual dedicated server that runs (Open)Solaris. You know its a zone because

Re: [zones-discuss] static routes vs default routes (zones in different subnets)

2008-11-10 Thread Tommy McNeely
On Nov 10, 2008, at 7:09 AM, Paul Kraus wrote: On Sun, Nov 9, 2008 at 10:34 PM, Tommy McNeely [EMAIL PROTECTED] wrote: The problem I ran into this time was that static routes don't seem to use the same intelligence that default routes do. For example, in the snip At least

[zones-discuss] static routes vs default routes (zones in different subnets)

2008-11-09 Thread Tommy McNeely
Hello, As I previously mentioned, I am working on the possibility of putting zones from different security contexts (front-end, application, back- end) into the same physical server, which is effectively putting zones in more than one subnet. We also like to use a load balancer, at least

Re: [zones-discuss] ipfilter (ipf.conf) entries in zonecfg?

2008-11-12 Thread Tommy McNeely
Well, I forgot to mention that we were using S10u6, but the idea I had was to apply the filter rules in the global zone. As far as I can tell, crossbow is not integrated with NV or OS either :) It looks like we are going to need to somehow wrapper it, or put the entire ipf.conf for all zones

Re: [zones-discuss] chroot env into zone

2008-11-12 Thread Tommy McNeely
Start with a real minimal build of Solaris, build a sparse zone. The zones then take ~200MB. No, its not a CHROOT, but you can chroot apps that support it (named) within the zone so that there is absolutely nothing that can be accessed if it somehow is broken... but the minimal install should

Re: [zones-discuss] ipfilter (ipf.conf) entries in zonecfg?

2008-11-12 Thread Tommy McNeely
. (in other words, you cant have two internet zones on a single host). This might help you: http://www.sun.com/bigadmin/content/submitted/trusted_ext_corp.jsp Robert Bailey On Nov 7, 2008, at 12:13 PM, Tommy McNeely wrote: Hello Zones experts, We are attempting to create a new data center

[zones-discuss] can't unset defrouter ?

2009-04-16 Thread Tommy McNeely
Once a defrouter is set, there doesn't appear to be a way to unset it. I have added another (public) IP address to this zone, and with that public IP its own defroute. I want to keep this private one, but remove the defrouter attribute. There is no unset and you can't set it to .. I can

Re: [zones-discuss] can't unset defrouter ?

2009-04-17 Thread Tommy McNeely
/16 zonecfg:donald:net remove defrouter 10.2.0.1 zonecfg:donald:net info net: address: 10.2.140.150/16 physical: e1000g0 defrouter not specified zonecfg:donald:net end zonecfg:donald exit Konstantin Hugh McIntyre wrote: Tommy McNeely wrote: Once a defrouter is set

[zones-discuss] NV120 - IPv6 shared-ip zones

2009-08-10 Thread Tommy McNeely
Hi zones experts, I have a couple exclusive ip zones using IPv6. One is the router (tunnel host) and is dual stacked IPv4 and IPv6 running a 6 in 4 tunnel to Hurricane Electric, and the other is a simple web server. I am trying to create another simple web server that is on a shared-ip

Re: [zones-discuss] Cannot export EMCpower device to local zone

2010-04-29 Thread Tommy McNeely
folder, but make sure you understand what you are doing, and heed my above statement :) Tommy Tommy McNeely | Programmer Analyst-IT | +1.303.395.3361 Oracle Global IT - Service Design 500 Eldorado Blvd, Broomfield, CO 80021 On Apr 29, 2010, at 9:26 AM, Joe Balenzano wrote: Well according