The reason is that ifconfig in the global is not involved in configuring IP for the exclusive-IP zones; that is done by ifconfig running inside the exclusive-IP zones. This is by design different than the IP configuration for the shared-IP zones; those are both configurable as well as observable using ifconfig in the global zone.

Furthermore, since the primary purpose of IP Instances is IP-level isolation (between different zones that are connected to different LANs or different VLANs), the design is to have no IP-level sharing. Having ifconfig "leak" information from non-global zones to the global zone might at least make it appear that some leakage is possible.

Yes, that's one of the reasons I suggested having dladm(1M) be the
place to display this information since it's where links are
administered in general, even the ones that will be handed off to
exclusive-stack zones.

zones-discuss mailing list

Reply via email to