I may be wrong on this as I haven't looked for quite a long
while now (and things change rapidly) but....
Exclusive stack zones means you get a separate IP stack and, therefore,
a separate routing table. This means that we don't know anything about
interfaces which are 'local' to other zones on the node. In a shared-stack
zone, we know whether the destination is local or not (as we can look up the
IRE_LOCAL for the destination as it's in the same stack).
ip_restrict_interzone_loopback only affects shared stack zones for this
reason. Even then, when it is 'on', it is only enforced if the source
and destination ills are different(to detect an L2 loopback). I'm pretty
sure that this was how things were when this integrated. Zones with an
exclusive stack are more like virtual machines.
> Unless ip_restrict_interzone_loopback is 0 (the default is 1 on OS).
> You can have zones of type exclusive-ip plumbed on different
> interfaces but not cabled up if this parameter is set to 0.
Where is this documented?
> This is what I gleaned from reading what little there is about this
> param. Otherwise ... how could you ever have traffic going from
> zone1:e1000g1 to zone2:e1000g2 without a cable?
With exclusive stack zones, I don't _think_ you can. Perhaps someone will
correct me if this is possible.
> If you can describe exactly how I can get traffic from zone1:e1000g1
> to zone2:e1000g2 without cabling up the interfaces, that would solve
> my problem.
You definitely can with shared stack zones.
> zones-discuss mailing list
Solaris Revenue Product Engineering
Sun Microsystems Inc.
SPARC House (UK)
Tel: ++44 (0)1252 421 868
Mob: ++44 (0)7747 180 910
zones-discuss mailing list