On Sat, Mar 03, 2007 at 12:48:25AM +0800, Peter Memishian wrote: > [...] > Issues such as these are why I liked Cathy's original proposal. > This is no doubt an interesting problem space (fodder for a future > project?), but I think this is beyond the scoped charter of > Clearview.
I went back to read the original proposal. Some more thoughts (perhaps just clarifications required): > we both feel strongly that local zone administration should not run > into random errors because link names are already used in other zones, > which the local zone doesn't have any knowledge of. Strongly agree. > On the current Nevada release, one can plumb interfaces in two > different zones with the same interface name ip.tun0 without a > problem. That matches what we think is optimal - link name should be > per-zone instead of per-system. Whilst not disagreeing with this, you should note that your proposal doesn't actually provide "link name is per-zone instead of per-system" in the general sense (at least, I don't think that it does). > If we decide the link name should be per-zone, then it brings up a > problem that how we represent the zone-local link name in a global > zone. We think it is is a bad idea to have those links to be > represented as the name, and use a zoneid to be a > differentiator. Because it could cause complexities in the > current IP stack. There leaves us two other options: > > a) prefix the link name with zonename > b) not export the links created inside a zone to the global zone. > > b) means that if the local zone administrators create links in there > local zones, those links will not be seen in the global zone. We think > this option might be the optimal way to go, and leave us some space if > we want to evolve the model. Again, today, "ifconfig -a" in a global > zone cannot show those ip tunnels created within a zone, so that it is > consistent with what we'd like to propose. > > we also discussed about dladm operation within a zone and think there > are still lots of questions need to be answerer. At this time, we'd > rather not to include that in the scope of the Clearview project, that > we just support implicit iptun creation to preserve the backward > compatibility with current Nevada. Is the proposal that IP tunnel links would be "special", in that they are the only links that are per-zone rather than per-system? As I said previously, I think that I could probably live with this (especially if it's a longer term goal to remove the restriction that it's only IP tunnels that are special), but the proposal is not clear. dme.
