Hi Seb, Meem and I had a discussion about the link name zone administration yesterday, and here is a summary:
we both feel strongly that local zone administration should not run into random errors because link names are already used in other zones, which the local zone doesn't have any knowledge of. On the current Nevada release, one can plumb interfaces in two different zones with the same interface name ip.tun0 without a problem. That matches what we think is optimal - link name should be per-zone instead of per-system. If we decide the link name should be per-zone, then it brings up a problem that how we represent the zone-local link name in a global zone. We think it is is a bad idea to have those links to be represented as the name, and use a zoneid to be a differentiator. Because it could cause complexities in the current IP stack. There leaves us two other options: a) prefix the link name with zonename b) not export the links created inside a zone to the global zone. b) means that if the local zone administrators create links in there local zones, those links will not be seen in the global zone. We think this option might be the optimal way to go, and leave us some space if we want to evolve the model. Again, today, "ifconfig -a" in a global zone cannot show those ip tunnels created within a zone, so that it is consistent with what we'd like to propose. we also discussed about dladm operation within a zone and think there are still lots of questions need to be answerer. At this time, we'd rather not to include that in the scope of the Clearview project, that we just support implicit iptun creation to preserve the backward compatibility with current Nevada. One question we talked about is that when the global zone assigns a physical link to a exclusive local zone, say zone a, does that mean that in zone a, one can create VLANs and aggregations over this physical link? Note that today, the global zone can assign a VLAN over the same physical link to another exclusive zone, say zone b. Because of this, the administrator in zone a might see random errors when creating VLANs aggregations in that local zone. There surely are some questions that need some more thoughts. For example, do we start linkmgmtd in each exlusive local zone? and if so, how to manage the link id name spaces etc. But I think this discussion can be a start. Thanks - Cathy
