Darren.Reed at Sun.COM wrote: > See comments from Michael Shapiro: > http://www.opensolaris.org/jive/thread.jspa?messageID=54238#54238 > and Jim Carlson: > http://www.opensolaris.org/jive/thread.jspa?messageID=54183#54183 > > on why breaking up the SMF service, as originally suggested, was not > seen to be a good step forward.
Both of those messages commented basically commented on the granularity. Mike's message in particular mentioned fault boundaries. Personally I think that filtering and NAT are separate fault boundaries. Plus the fact that you have created an ipfadm command to restart NAT separate from filtering for me reenforces that. I'm not opposed to an ipfadm it is just that with the synopsis of the command you gave it looks a lot like you are separating the fault boundaries between filtering and NAT yet not providing separate SMF services so that SMF can do the restarting. Think about it like this, if you have one service and the nat daemon dies for some reason will your current proposal have that daemon restarted ? I'm not convinced that ipmon and ippool should be separate SMF services. IIRC ippool is used with filtering but not NAT so maybe it should be part of an ipfilter service. Personally I think there are two distinct services filtering and NAT. Now where ipmon would fit in I'm not sure, since IIRC you can have ipmon used with just NAT and no filtering rules - right ? -- Darren J Moffat
