As I previously mentioned, I am working on the possibility of putting  
zones from different security contexts (front-end, application, back- 
end) into the same physical server, which is effectively putting zones  
in more than one subnet. We also like to use a load balancer, at least  
on the front-end net, and increasingly on the back-end nets as well.   
In order to use a load balancer, the general idea is that you set your  
default route on the "real server" to go through the load balancer. I  
am able to do this fine (s10u6), even without a "home brew" SMF  
service to add default routes after zones come up like I have had to  
use in the past.

The problem I ran into this time was that static routes don't seem to  
use the same intelligence that default routes do. For example, in the  
global zone I have 4 default routers, each pointing to the default  
router of a local subnet (,, and (4th is not important at the moment). Inside a local- 
zone with an interface on the network, it only sees the  
one default route that it can use ( That's perfect. The  
problem comes in when I start looking at the "admin" network. I don't  
want to setup a load balancer service for SSH into each zone, so I  
generally set a static route in to get to the admin network using a  
different gateway (hard-firewall)...

route -p add -net

... of course if I have multiple subnets, I also have...

route -p add -net
route -p add -net

.... this confuses zones in the .2 and .3 subnets, as they see all  
three routes and try to use the first one, even though they cannot  

I know this would be made simpler with vnic and private IP stack, but  
in my world, shared-ip is the only thing available (feasible).

Thanks in advance,

zones-discuss mailing list

Reply via email to