> But how could that be ... shared-stack zone with IP address on
> different interface?  This thing cannot exist?

You can add multiple physicals to a shared stack zone, they are
just added as logicals. You need the underlying interface plumbed
in the global zone though. An exclusive stack doesn't know anything
about other zones' network configuration.

> Here it is.  I need exclusive stack so I can snoop traffic when bad
> things happen.  When bad things are not happening, traffic must not be
> snoopable, sayeth the people in charge.  I have this brilliant idea
> (based on what I read) that I can conviently shunt traffic to the NIC
> or internally, at will, using this nifty param.  Bad things happen,
> shunt it outside to observe.  Bad things go away, shunt it back
> inside, remove the cable.  This cannot work, you say?  This is S10U5,
> OS is not an option.

You can have shared stack zones with ip_restrict_interzone_loopback
disabled. When you have 'problems' you can enable this to shunt
traffic outside the box. This means it will need to be cabled up
to a switch though at these times - you seem to indicate this won't
be an issue. One issue would be if the ill for source and destination
was the same then we would still send via loopback. You should be
able to avoid this if the zone IP addresses are configured on
different physical interfaces.

> CT

        Jon Anderson

        Solaris Revenue Product Engineering
        Sun Microsystems Inc.
        SPARC House (UK)
        Tel: ++44 (0)1252 421 868
        Mob: ++44 (0)7747 180 910
zones-discuss mailing list

Reply via email to