On Fri, Mar 02, 2007 at 12:35:24PM -0500, Sebastien Roy wrote: > I have no problem with your original proposal of having separate > namespaces for each zone, and not allowing observability of those > namespaces in the global zone.
I instinctively recoiled from this, but maybe it's not so bad. In particular, IP tunnels are not really layer 2 entities, so an argument that says "these are layer 3 things and the zone has a local IP stack, so they are local to the zone and unobservable from outside" might be acceptable. Less easy to swallow would be the idea "these links were created by activity within a non-global zone and are therefore local to that non-global zone and unobservable from outside" because it runs into the "VLAN creation within a non-global zone clashes with VLAN creation in the global zone" flavour of problem. But the idea that some links live within a per-zone namespace and others don't _still_ seems wrong. dme.
