Edward Pilatowicz wrote: > On Wed, Jan 30, 2008 at 09:27:07AM -0500, James Carlson wrote: > >> Erik Nordmark writes: >> >>> However, if the ngz's shares a subnet with some other zone, then the >>> current logic in the kernel isn't capable of supporting a different >>> default route for different zones. This is because the kernel check is >>> whether the gateway field in the default route is on the same subnet as >>> one of the zone's IP addresses. >>> >> There's another problem buried here, which is that the proposed >> feature doesn't delete the static routes when the zone is shut down. >> It doesn't delete them because it's trying to cover for the EEXIST >> case. >> >> I think the right thing to do is to remember when the "route add" >> attempt fails, and conditionally remove the route on zone shutdown. >> That potentially leaves a zone relying on a duplicate out in the cold, >> but since it's a misconfiguration anyway, it doesn't seem like a big >> problem. >> >> > > this seems sloppy. i think that when zones are shutdown they > should remote any default routes that they installed. > Currently the code in zoneadmd doesn't consult the zone configuration file when removing the network interfaces. Instead, it examines all the plumbed interfaces and removes those that belong to the zone. There wasn't a convenient place in the code to remove the route, but I'm not sure it can be done safely. > and if it's a misconfiguration to boot two zones with the same > default route then we shouldn't allow multiple zones to boot into > this state. instead when the user boots subsequent zones that would > have overlapping default routes we should generate an error message > telling the user that the configuration is incorrect. > If we're going to remove the route when the zone is halted, then we have to prevent the another zone from using the same route. However, I think that adding this complexity will not improve the customer experience. For example, I'm afraid that there may be race conditions between a zone that is booting and one that is shutting down with the same default route. The simpler solution seemed adequate to me.
--Glenn
