On Mon, Sep 8, 2008 at 1:29 PM, Erik Nordmark <[EMAIL PROTECTED]> wrote: > I think the shared-IP zones code needs to be more intelligent about > dealing with 127.0.0.1. We already have one outstanding issue in that > the tcp classifier doesn't look at the zoneid. This is what makes the > TCP responses come back as John observed. (It also makes it impossible > to have 127.0.0.1 connections in different zones that have a fixed > source port number; such connections would have the same laddr, faddr, > fport, and lport i.e., the only differ in the zoneid.)
I've seen this very issue. It resulted in weeks of misdirected pointing fingers and head scratching (in the odd moment the fingers weren't busy pointing to the wrong culprit). After Sun support worked the issue for 30 days, it was escalated to me and I found the problem. Of course, once I was able to reproduce with a few lines of perl I was told it was a known issue. If I would have seen this failure and Sun's inability to recognize it early in my work with zones it would likely have scared me away for quite some time. Given the number of people at Sun that spent time trying to diagnose the failure and the FUD it can cause, I suspect that there is a decent ROI in having a fix. Keep in mind that the number of calls logged against a bug is only accurate if support is able to properly diagnose root cause. If we would have said "forget it - we won't use zones" the case would have been closed without a proper RCA and one of the distinguishing features of Solaris would have gone unused. -- Mike Gerdts http://mgerdts.blogspot.com/ _______________________________________________ networking-discuss mailing list [email protected]
