Darren J Moffat wrote: > Zhijun Fu wrote: >> Darren J Moffat wrote: >>> Why is layer2 filtering disabled by default ? >> This is to keep system behavior consistent with before by default. > > What would change in behaviour if layer2 filtering was on by default ? There will be performance impact, please see below > > So far I don't actually see any reason this needs to be configurable > at all. > > Are there existing rules that don't mention layer2 that would cause > different filtering decisions if layer2 filtering was always on ? No, the behavior of these rules will be the same whether or not layer2 filtering is enabled. > > Is there a performance impact from layer2 filtering always being on ? Yes. There will be performance impact if layer2 filtering is always on, even if there are no layer2 rules configured, because additional processing is needed when layer2 filtering is enabled.
This is similar to ipfilter, which is also disabled by default. Thanks, Zhijun -- #mdb -K [0]> eri.prc.sun.com::walk staff s|::print staff_t s_email| ::grep .== Zhijun.Fu at Sun.COM|::eval <s=K|::print staff_t Zhijun.Fu at Sun.COM, x84349 Network Virtualization & Performance Team, Solaris Core Operating Systems Since Jul 10,2006 [0]> :c
