* j_e_anderson4 at yahoo.com [2009-05-18 17:47:50] > Is it possible to setup vlans/vnics where Dom0 does not have access to > some of the interfaces that a DomU can use? > > That is to say can I allow access to rge0 form Dom0 & DomU while only > allowing access to sfe0 from DomU?
You can not plumb any IP interfaces in dom0 on sfe0 yet still create VNICs on it for guest domains, yes. dom0 still has some access to sfe0 (you could snoop there in dom0, for example), but applications in dom0 won't see any traffic from it. Stronger separation is possible by allowing a single domU to directly drive sfe0. This isn't possible with OpenSolaris today, but we are working on it. dme. -- David Edmondson, Sun Microsystems, http://dme.org
