On Thu, Jun 25, 2009 at 4:53 PM, Jordan Vaughan<[email protected]> wrote:
> Hello networking experts,
>
> I'm one of two engineers working on Solaris 10 Containers (S10Cs), a project
> aimed at producing a zone brand that will emulate Solaris 10 user
> environments in OpenSolaris. (See
> http://opensolaris.org/os/project/s10brand for more information.) I'm going
> to start evaluating networking within S10Cs in order to discover which S10
> networking behaviors will break in S10Cs.
Since people that are moving so S10Cs expect a little bit of
disruption[1] anyway, would it be too onerous to say "the only type of
network device you get is a virtual nic and any fancy networking
configuration[2] is done in the global zone"? This makes it so that
there is a single thing that needs some sort of emulation, if any.
The key aspects that most administrators/users will care about will
seem to work without issue.
A simple vnic called foo0 is created.
# dladm create-vnic -l vnet0 foo0
# ifconfig foo0 plumb
# ifconfig foo0
foo0: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 0.0.0.0 netmask 0
ether 2:8:20:13:a2:70
Adding virtual IP's works just as it does in S10...
# ifconfig foo0 addif 10.2.3.4
Created new logical interface foo0:1
The old way of doing VLANs can be emulated
# dladm create-vnic -l vnet0 -v 99 foo99000
# ifconfig foo99000 plumb
According to
http://www.sun.com/bigadmin/features/articles/crossbow_net_virt.pdf,
ndd can still be used to configure IP, TCP, etc. within the zone.
1. This is part of the same set of things that makes a non-global zone
different from a global zone. Examples include NFS serving, looking
at /dev/kmem (like lsof does), etc. If they are moving from S10
unbranded zones on S10 to S10 branded zones on S11, there's a
reasonable chance that the reason they are doing so is to get
crossbow.
2. Fancy networking configuration include things like link
aggregation, getting access to new VLANs, and jumbo packets. In
general things that are configured by driver.conf and ndd are hardware
specific and should not be a core part of any reasonable application's
requirements. By not having something that is called "ce", or "hme",
you sidestep any application-specific instructions that say to
configure those NICs.
The key thing that is an open question is whether things that like to
push custom streams modules will work. I suspect that the number of
users of such functionality is sufficiently small (i.e. orders of
magnitude smaller than those that serve NFS) that imposing "no custom
streams modules may be pushed on the network stack" would be a big
problem. Of course, you may know of that one really big customer that
really needs custom streams modules on top of hme (shudder) interfaces
in S10Cs and they are the biggest backer of S10Cs.
--
Mike Gerdts
http://mgerdts.blogspot.com/
_______________________________________________
networking-discuss mailing list
[email protected]
