Sunay Tripathi wrote: > Darren Reed wrote: > ... >> And by architecture, I mean the big picture, not just whether dladm >> (or something else) should be used to control all of the layer 2 >> features. >> >> My understanding is that this path is being pursued because proper >> layer 2 filtering is perceived as being "too hard" to do correctly >> (or at least that's the feeling I get from the current state of things.) >> >> And because that's too hard, we're looking to do something simpler. > > Partly. But also from talking to customers and users in the > virtualization and network computing space. They expect our layer > 2 to function similar to other hypervisors in allowing layer 2 > protection and ACLs. Using ipfilter when IP is not even involved > (for a virtual machine) is considered *architecturally bad* by > most users in this space.
Well, I suppose that's the trump card, isn't it? Darren
