2 Replies Latest reply on Nov 18, 2011 2:55 AM by 820693

    Setting up static routes for sparse root containers

           We have a solaris 10 server running 2 sparse root containers. Container 1 is running siteminder and container 2 is running LDAP.
      Client A talks to siteminder via default route. The same client A needs to talk to LDAP via F5 BIGIP vip.
      My problem is I need to set up a static route for client A to talk to LDAP via BIGIP. You set up the routes in the global zone.
      But if I do that it will break siteminder connectivity. Both container 1 and container 2 share the same physical interface.
      Is there any way to set the static route per container that will enable client A to talk to both containers without affecting each other?

      Hope I explained it clear enough. Let me know if you need additional information for a possible fix.

        • 1. Re: Setting up static routes for sparse root containers
          Mike Gerdts-Oracle
          In order to do what you are trying to do, you will need to use ip-type=exclusive instead of shared (the default). Then, you will be able to configure routing as needed in each exclusive zone. The down side of this with Solaris 10 is that you will need to have a physical nic to dedicate to each exclusive net.

          In Solaris 11, this changes. The default is to have exclusive IP stacks which sit on top of vnics. You can have an arbitrary number of vnics on each physical nic. If changing completely to Solaris 11 is too much work right now, you can use Solaris 10 Containers (solaris10 branded zones) to run a virtualized instance of Solaris 10 on Solaris 11. Solaris 10 Containers can be used at no additional cost.
          • 2. Re: Setting up static routes for sparse root containers
            Thanks for your response. Unfortunately, I don't have any dedicated NIC available to use and going Solaris 11 at time is not possible. I am working with the network team to make a BIGIP pass through for one of the containers or use SNAT on the BIGIP. Hope one of those options will resolve my issue.