So you suspect there is no need to shut down the global NIC, if the zone uses exclusive IP and it is on a separate subnet and there is no routing between the zones?
Ok, that is an interesting thought. What do you other people say? In that case a local zone can not ping (reach) the global zone? I was thinking that the only way to reach internet, would be through a local zone. The global zone should be completely isolated from the rest of the world (zones, internet) and have no working NIC. The question is, in that case, how can I ssh into a local zone if the global zone has no outside connection?? (BTW, I dont know how to do what you suggest, as I am a Solaris noob. I just planned to create exclusive-ip vnic and a vswitch and connect them - have I done what you described then? Are they on a separate subnet? Or do I need to do some additional configuration?) -- This message posted from opensolaris.org _______________________________________________ zones-discuss mailing list firstname.lastname@example.org