Raoul, On Tue, 2006-09-05 at 10:55 -0700, Raoul Carag wrote: > A write-up of IP Observability Devices has been posted for review in: > > http://www.opensolaris.org/os/project/clearview/docs > > The target audience for this document, and all other write-ups posted on > this page, are system administrators. As such, the document's final > version will be integrated into one of the System Administration Guides > to be published for a Solaris Express release. > > Your comments are welcome and much appreciated.
This is great. Here are some comments: 1. General Description * Users shouldn't care about the style of DLPI devices. * I believe these devices also give access to forwarded packets, broadcast, and multicast packets (all of which may not be associated with a local unicast address). The description needs to be tweaked to take that into account, since it currently states that you can only monitor packets with IP addresses assigned to the local system. 2. IP Observability and Zones * I'd combine the last two sentences of this paragraph to, "An administrator of a non-global zone can also observe traffic that is sent and received by that zone." 3. Changes to the snoop Command * The first paragraph could be more explicit and delve less into implementation. For example, "This option causes snoop to use the new IP layer devices rather than the underlying link-layer device to display traffic data." * What do you mean by the second paragraph? This could be more explicit, as "traffic flow" is a really nebulous concept without context. 4.1 Procedure * The comment about the "administratively-chosen name" is out of place here. The person running snoop has no control over the name of the interface he wishes to observe, and it's thus irrelevant that it was either administratively chosen or not when it was created. 4.2 Example * The structure of this section is awkward. You're sharing the configuration information of the system between two examples, but the configuration is only displayed in one of the sub-sections. If you're going to use a single system configuration across multiple examples, then I'd introduce the configuration in 4.2, then proceed to show snoop examples for different interfaces in each subsection. * We should add an example for an interface that has a combination of IPv4 and IPv6 addresses. * We should add an example of filtering for a specific zone from the global zone. 4.2.1 Traffic on the Loopback Interface * As I mention above, step 1 really belongs in 4.2 as an introduction to the system configuration used in all of your examples. * The example shown in step 2 is impossible, since neither IP address in the shown packet is local to the system, and you're snooping loopback. * If you're going to show two levels of verbosity, then show non verbose (no snoop options) and full verbose (-v). The -V option is not giving any useful information if you're also showing -v output. * I'd show more than just the IPNET header in the verbose output to show that IP packet being observed is in fact being looped back (because it would contain IP addresses that are locally assigned). Thanks, -Seb
