On 02/16/10 17:17, Christine Tran wrote:
On Tue, Feb 16, 2010 at 4:59 PM, Dombrowski, Neil
<neil.dombrow...@hp.com> wrote:

For an example, let's say zone1 has a default route using gateway 
and zone2 has a default router using gateway If I am logged into 
the global zone, and it needs to send a packet to, will it use one 
of the non-global-zone's default route?

It will round-robin between the two gateways IF it has interfaces
local to that network.  That is, you need something like this: assume
24-bit mask, e1000g0 and e1000g1 (the 10 is
just an example.)

If you only have one interface local to one gateway, it will use that
gateway.  What I'm guessing is that you have your zones plumbed on a
virtual interface, but nothing plumbed on the actual interface, from
the global zone's perspective.  In your ifconfig -a output, when
you've removed all the entries for zones, do you actually have an
interface that can reach a router?

To elaborate a little, if your global zone has an IP address on net0, and the other zones have IP address(es) on net1, net2, and net3, the only default route(s) the global will use are those related to net0. If a zone also has an IP address on net0, and it is on a different subnet than that/those used by the global zone, the global will still only use those related to it, not those added for the non-global zone. I had tested this a while back and had a discussion with an engineer around that.

The result was that while I generally suggest the non-global zones use different IP subnet(s) and different interfaces than the global zone, the minimum requirement is that the zones use different IP subnet(s), and default routing will be fine.

I believe in your case each zone will only use it's default route. You can verify this easily with the 'route get' command. It will list which interface is being used. Whether it is wise to have and on the same interface is a separate question. There is not enough information to make a guess at how your system is actually configured, and whether all the zones are sharing a single interface.

Its also not clear which build or update of OpenSolaris or Solaris is being used. My recent testing was with Solaris 10 10/09 and a recent Nevada build (IIRC). The above should apply to any update with at least with 'defrouter' zone configuration option (8/07 I believe).

