> Doing partial L2 inside a zone would require some care. For instance, if > zoneA has been given bge1 and bge2 could it safely use dladm to create > an aggregation of bge1 and bge2? Not if that creates /dev/aggr0 in the > global zone.
It wouldn't do that, but it could create a /dev/net/aggr0 in the local zone that was not visible from the global zone. This seems consistent to me, since bge1 and bge2 would also not be visible from the global zone's /dev/net namespace (in this theoretical world). > FWIW "stack instances" is better named "exclusive IP zones"; it is IP > that is separated, which includes the pieces that are part of IP (IPsec, > IP filter) as well as those that do direct function calls into IP (TCP, > etc). Got it. -- meem
