Thanks for your help,
Let me summarize this:
- Shared IP has the advantage that the global zone fully administers the
network: zone don't have to (and even CAN'T) bother with it. There may be a
slight advantage performance wise.
- Exclusive IP with VNIC is needed for some features and enables bandwidth
management between the network and zones (Does it make sense to try to
manage bandwidth between zones ?)
On Mon, Apr 27, 2009 at 11:58 PM, Steffen Weiberle <steffen.weibe...@sun.com
> On 04/27/09 13:40, Vincent Boisard wrote:
>> Hi everyone,
>> I am wondering, as Crossbow is now integrated, does it still make sense to
>> use Shared IP Zones or is it better to use exclusive-ip zones with a vnic
>> for each of them.
>> With a vnic, we can benefit from the bandwidth management and al, but they
>> may be performance issues...
>> What do you think about it ?
> Some cases need exclusive IP Instances, such as where you need to have
> isolation, force traffic in certain ways (static routes, preventing kernel
> from looping traffic back up ).
> In those cases where you have a choice to use either, the primary reason I
> see going shared IP is that the global administrator manages the network.
> With exclusive IP, the non-global administrator can/must manage that. Maybe
> not a big deal, unless you give root privileges to the zones users, and they
> can then make changes with out any constraints, and that is something that
> is not desirable in your installation.
>  Two or more VNICs on the same NIC with IP addresses on the same subnet
> will *not* have traffic leave the system. Something to keep in mind. The
> destination MAC address must be on a different node on the network for it to
> go out the NIC. That node could be a VNIC on a different NIC, but not on the
> same VNIC. Underneath the VNICs is essentially a switch, to help create the
> picture. This is partially good--traffic between zones sharing a VNIC is
> slower than shared (not sure how much) and faster than going out on the
> wire. Yet you still have the other benefits.
>> zones-discuss mailing list
zones-discuss mailing list