--- orig/zones.5.txt	Fri Oct 13 10:20:29 2006
+++ new/zones.5.txt	Mon Oct 30 15:19:25 2006
@@ -87,8 +87,7 @@
 
      READY                   Indicates that  the  "virtual  plat-
                              form"  for  the  zone has been esta-
-                             blished.  Network  interfaces   have
-                             been plumbed, file systems have been
+                             blished.  For instance, file systems have been
                              mounted, devices have  been  config-
                              ured,  but  no  processes associated
                              with the zone have been started.
@@ -209,12 +208,36 @@
      halted or rebooted.
 
   Networking
-     Zones can be assigned logical network interfaces, which  can
-     be  used  to  communicate over the network. These interfaces
-     are configured using the zonecfg(1M) utility. The  interface
-     is removed when the zone is halted or rebooted. Only logical
-     interfaces can be assigned to a zone.
+     A zone has its own port number space for TCP, UDP and SCTP
+     applications. [XXX and typically one or more separate IP addresses
+     but that isn't true for all TX configurations]
 
+     For the IP layer (IP routing, ARP, IPsec, IP Filter, etc) a zone
+     can either share the configuration and state with the global zone
+     (this is called a shared-IP zone), or have its distinct IP layer
+     configuration and state (an exclusive-IP zone).
+
+     If a zone is to be connected to the same datalink, that is, be on
+     the same IP subnet or subnets as the global zone, then it is appropriate
+     for the zone to use the shared IP instance.
+
+     If a zone needs to be isolated at the IP layer on the network, for
+     instance being connected to different VLANs or different LANs than the
+     global zone and other non-global zones, then for security reasons the
+     zone should have its exclusive IP.
+
+     The shared-IP zones are assigned one or more datalink names and IP 
+     addresses in zonecfg(1m). The datalink name(s) must also be configured
+     in the global zone.
+
+     The exclusive-IP zones are assigned one or more datalink names in
+     zonecfg(1m). The datalink names must be exclusively assigned to
+     that zone.
+
+     Note that the full IP-level functionality in the form of DHCP client,
+     IPsec and IP Filter, is available in exclusive-IP zones and not
+     in shared-IP zones.
+	
 ATTRIBUTES
      See attributes(5) for descriptions of the  following  attri-
      butes: