In the operating system Solaris 10 manufactured by Sun Microsystems, Inc. of Santa Clara, Calif., it is possible to divide an operating system environment into multiple partitions. So divided, the general operating system (OS) environment is referred to as the global zone, and the partitions within the global zone are referred to as the non-global zones. Each zone provides a separate virtual operating environment. One of the purposes served by the zones (particularly the non-global zones) is to provide isolation. With the zones constructs, it is possible to isolate certain entities within certain zones. By isolating an entity within a zone, it is possible to prevent that entity from accessing or affecting other entities in other zones. It is also possible to prevent other entities in other zones from accessing or affecting that entity. In many implementations, such isolation is quite desirable. For example, if it is desirable to host applications and data having different security levels on the same computer, it may be desirable to use zones to isolate the applications and data so that sensitive information does not leak from one set of applications and data to another.
One of the types of entities that can be isolated within a zone is a logical network interface. By isolating a logical network interface within a zone, it is possible to restrict use of that logical network interface to just the entities within that zone. Put another way, only entities within that zone can bind to the logical network interface and use it to effect network communication. Currently, each zone may have zero or more logical network interfaces isolated therein.
Each logical network interface is assigned a unique network address. This network address may, for example, be an Internet Protocol (IP) address. This IP address enables packets to be directed to the zone in which the logical network interface is isolated. Given that each zone may have zero or more logical network interfaces isolated therein, and that each logical network interface requires a unique IP address, if there are many zones, then there will be many unique IP addresses that are needed. This can lead to problems. As is well known, a network administrator has only a limited number of unique IP addresses at his/her disposal. That being the case, the limit on the number of IP addresses may impose a limit on the number of logical network interfaces that can be isolated within zones. This in turn can limit the number of zones that can be implemented. As a result, the limit on the number of unique IP addresses can limit the scalability of the zones concept.