Is it possible to setup vlans/vnics where Dom0 does not have access to some of the interfaces that a DomU can use? That is to say can I allow access to rge0 form Dom0 & DomU while only allowing access to sfe0 from DomU? I just can not seem to get it straight in my head if this will work or not. Thanks, Jordan -- This message posted from opensolaris.org
* j_e_anderson4 at yahoo.com [2009-05-18 17:47:50]> Is it possible to setup vlans/vnics where Dom0 does not have access to > some of the interfaces that a DomU can use? > > That is to say can I allow access to rge0 form Dom0 & DomU while only > allowing access to sfe0 from DomU?You can not plumb any IP interfaces in dom0 on sfe0 yet still create VNICs on it for guest domains, yes. dom0 still has some access to sfe0 (you could snoop there in dom0, for example), but applications in dom0 won''t see any traffic from it. Stronger separation is possible by allowing a single domU to directly drive sfe0. This isn''t possible with OpenSolaris today, but we are working on it. dme. -- David Edmondson, Sun Microsystems, http://dme.org
Jordan Anderson wrote:> Is it possible to setup vlans/vnics where Dom0 does not have access to some of the interfaces that a DomU can use? > > That is to say can I allow access to rge0 form Dom0 & DomU while only allowing access to sfe0 from DomU? > > I just can not seem to get it straight in my head if this will work or not. > > Thanks, > > Jordan >Hi Jordan, It seems your requirement is Direct IO or Direct Harware Access, which allows to assign a hardware to a Guest OS. This feature is still under development, and will be support in OpenSolaris.
David, Thanks for the help & direction. It does seem that Direct IO / Hardware access would be the best solution, but for now & for my purpose unplumb does just fine. Thanks, Jordan -- This message posted from opensolaris.org