Erik Nordmark writes:
> > It depends on the administrator's mental model for the system.
> Agreed. My point is that the model for an exclusive-IP zone is different 
> in important aspects than the shared-IP zones.

And in other important aspects it's the same: it's still a single
shared kernel and a single set of hardware resources.

For that reason, I don't believe it's entirely wrong for users to want
to be able to answer questions such as "what addresses are being used
by this node?"

There's a fair argument to be had for a _fully_ virtualized
environment such as Domains or a paravirtualized one such as Xen that
the global view either doesn't exist or is "hard" to obtain.  I think
it's very much harder for that same argument to hold when we're
talking about a single instance of Solaris -- no matter how many
network stacks are involved.

Anyway, as I said at the beginning, I think making ifconfig work this
way would be very hard to do, and likely would not work well.  Though
users often think of ifconfig as the sole way to interact with
networking interfaces (because that's the way it works everywhere but
Solaris), I don't think that's reasonably doable here, even if it's
something that might be wanted.

> We could try to hide this by pretending that (parts of) ifconfig 
> behavior is the same, but I'm far from certain that is a good idea.
> But the suggestion (made at PSARC) to use dladm to both
>   - assign datalink names to zones
> and
>   - observe them (in e.g. show-link)
> is one which satisfies the consistency between manipulation and 
> observation. (And zonecfg can specify things as well; dladm can be used 
> to manipulate and observe the running state.)

Right.  The difference is that the zonecfg is just behaving as a
repository for configuration that properly "belongs" to some other
subsystem, rather than behaving as the configuration tool itself.

(Yeah, there's a fuzzy line here as well.)

