>> On the current Nevada release, one can plumb interfaces in two >> different zones with the same interface name ip.tun0 without a >> problem. That matches what we think is optimal - link name should be >> per-zone instead of per-system. > > Whilst not disagreeing with this, you should note that your proposal > doesn't actually provide "link name is per-zone instead of per-system" > in the general sense (at least, I don't think that it does). > Do you mean the case that when the global zone administrator assigns a link to an exclusive zone? The link name is still per-zone (but the same object shares the same name) in that case, and I don't think it is not possible that one could use "dladm rename-link" in an exclusive zone in the future.
One thing I am not sure is that whether removing that specific link name from the global zone's link namespace is in the scope of Clearview. >> a) prefix the link name with zonename >> b) not export the links created inside a zone to the global zone. >> >> b) means that if the local zone administrators create links in there >> local zones, those links will not be seen in the global zone. We think >> this option might be the optimal way to go, and leave us some space if >> we want to evolve the model. Again, today, "ifconfig -a" in a global >> zone cannot show those ip tunnels created within a zone, so that it is >> consistent with what we'd like to propose. >> >> we also discussed about dladm operation within a zone and think there >> are still lots of questions need to be answerer. At this time, we'd >> rather not to include that in the scope of the Clearview project, that >> we just support implicit iptun creation to preserve the backward >> compatibility with current Nevada. > > Is the proposal that IP tunnel links would be "special", in that they > are the only links that are per-zone rather than per-system? I agree the essential difference between iptun and other type of links is that iptun doesn't associated with any physical hardware. But even considering other types of links, the name spaces of each local zone should be independent, so that I don't agree those links are per-system. Thanks - Cathy
