Peter Memishian wrote:
> I've come up with a usage case where I'd like to allow VLANs to be
> plumbed and unplumbed from within a zone.
>
> Specifically, in order to enable a certain form of testing, which
> requires me to make a system "wide open" ('+ +' in /.rhosts!), I'd like
> to use a zone. Then I could use the system as a test peer, without
> requiring an actually separate piece of hardware, and without opening up
> a gaping whole on my primary system.
>
> One of the tests wants to plumb and unplumb a bunch of VLAN interfaces,
> in order to do validation of the VLAN support on the "system under test".
>
> The question is, can it be done? As far as I can tell,
> plumbing/unplumbing of VLANs has to be done on the global zone.
> Clearly, I don't want this to happen. Any chance we can get the ability
> to do this (perhaps as a tunable) in the non-global zone? I've already
> made the zone an IP-exclusive zone, and I've given it its own interface
> to own for the purposes of testing.
>
> Maybe this is on the roadmap, maybe it isn't. If it isn't, is there any
> technical reason to absolutely forbid the plumbing of separate VLAN
> devices in an IP-exclusive zone?
We've been talking about this (and general creation and deletion of links
in a zone) on clearview-discuss; see the "link names in an exclusive zone"
thread.
Hmm... I just found a way to do it. If I do "zone cfg add net" for
*each* (in this 4096 of 'em!) VLAN, it will work. I've only tested with
a couple of vlans. I wonder if I will hit any limits when I try to
allow the zone access to up to 4096 vlans.
I need to reboot and reinstall before I do this, but I'll report back.
-- Garrett
_______________________________________________
networking-discuss mailing list
[email protected]
