On Fri, Feb 27, 2009 at 09:57:06PM -0500, Sebastien Roy wrote: > On Fri, 2009-02-27 at 17:06 -0800, Edward Pilatowicz wrote: > > > > if a zone has an exclusive network stack, and it is assigned a network > > interface, then from within the zone it should have complete control > > over all the parameters associated with that interface. > > > > so if i grant a zone access to bge0, it should be able to modify any > > parameters associated with that interface. obviously there are limits > > on this, like i can't assign my interrupt resources to cpu's not > > associated with my zone, but in general, a non-global zone should be > > able to do everything the global zone can do, once it's been granted > > access to a resource. > > > > so here's one additional idea i'd like to throw out. perhaps it would > > simplify things if we could move away from giving zones access to > > physical networking resources. would it be helpfull (or simplify > > things) if when we create an exclusive stack zone with access to bge1, > > instead of putting bge1 into that zone, we instead automatically create > > a vnic on top of bge1 and add that to the zone? doing something like > > this might allow us to eliminate the concept of changes in data link > > ownership. instead data links could associated with an owner at > > creation time and then that owner would never change. > > Yes, getting rid of the whole concept of assigning a link to a zone > seems like the right way to do this. It's slightly out of scope for > this project, but I don't believe anything I'm doing here would preclude > us from doing this in the future. > > The namespace issue is one that would be good to nail down from the > beginning. I initially proposed not making links created from within > non-global zones part of the global zone namespace so that we can make > incremental progress. First by adding the ability to create links from > non-global zones, and later adding the ability to observe these from the > global zone. > > If the general feeling is that it would be more desirable to make these > visible from the global zone using a <zone-name> prefix of some sort, > then this is easy enough to implement. I'd like to hear some ideas of > what to do with the "loaned" links, however, keeping in mind that > changing the mechanism with which links are assigned to non-global zones > isn't in scope at this point (i.e, at this point, I'm not changing the > mechanism whereby setting the "zone" link property of a link allows the > zone to use that named link from within the zone). >
given that the current data link namespace will be partially overlapping, there needs to be some way to easily see what link a zone is in. i'd say that the dladm show-link output should either list the zone a link is in by default (probably preferable), or assuming that a non-global zone data link can't be modified from the global zone, you could modify the data link name to be <zone-name>:<data-link-name>? ed
