SYSTEM ARCHITECTURE COUNCIL
Platform Software ARC
---------------------------------
PSARC Regular Meeting time: Wednesdays 10:00-1:00pm in MPK17-3507.
06-03-2009 MEETING MINUTES
============================================================================
Send CORRECTIONS, additions, deletions to psarc-coord at sun.com.
Minutes are archived in sac.Eng:/sac/export/sac/Minutes/PSARC.
Co-Chair(s):
James Carlson: Yes
Tim Marsland: no
ATTENDEES - Members: (6 active members)
Kais Belgaied: Yes
Mark Carlson: Yes
Garrett D'Amore: Yes
Richard Matthews: no
Darren Moffat: no (on sabbatical)
Sebastien Roy: Yes
Glenn Skinner: Yes
Bill Sommerfeld: no (on sabbatical)
Gary Winiger: Yes (on sabbatical)
STAFF -
Asa Romberger (PM): Yes
ATTENDEES - Interns:
Frank Che no
David Chieu no
Charles Debardeleben: no
Peter Dennis: no
James Falkner: no (on sabbatical)
Daniel Hain: no
Michael Haines: no
Alan Hargreaves: no
Phil Harman: no
Cecilia Hu: no
Wyllys Ingersoll: no
Alec Muffett: no (on sabbatical)
Darren Reed: Yes
Dean Roehrich Yes
Ienup Sung: no
Phi Tran no
Brian Utterback: no
James Walker no
Mark Martin Yes (external)
Don Cragun Yes (external)
-- GUESTS --
Jordan Brown Yes
John Zolnowsky Yes
Girish Moodalbail Yes
Sowmini Varadhan Yes
Vasumathi Sundaram Yes
Not all names are captured. Please send email to Asa.Romberger at Sun.com,
if you attended the meeting and your name is missing from the list.
---------------------------------------------------------------------------
MEETING SUMMARY:
================
AGENDA
06/03/2009
10:00-10:10 Open ARC Business (use open dial in above)
10:10-10:55 Open Inception 2009/306 Brussels II - ipadm and libipadm
Submitter: Girish Moodalbail
Owner: Sebastien Roy
Exposure: open
11:00-11:10 Closed ARC Business (use closed dial in above)
---------------------------------------------------------------------------
Case Anchors: <br>
<A HREF="#case1">Brussels II - ipadm and libipadm(2009/306)</A> <br>
===========================================================================
Fast Tracks:
============
Case (Timeout) Exposure Title
2008/687 (06/04/09) open T11 Storage Management HBA API(SM-HBA)
let run to end of today
2009/308 (05/20/09) open Update BIND to 9.6.1
approved
2009/323 (06/04/09) open rpcgen error reporting
approved
2009/325 (06/04/09) open pylint
approved
2009/326 (06/04/09) open bvi
extend to 06/05/2009
2009/327 (06/05/09) open system_noshell
derailed
2009/328 (06/05/09) open nss_ldap should support AD-style
groups
let run
2009/329 (06/10/09) open HIDIOCKM[GS]DIRECT ioctls for the USB
HID driver
let run
2009/331 (06/09/09) open IP Datapath Refactoring
let run
2009/332 (07/10/09) open resource project for inetd
let run
2009/333 (06/10/09) open str_to_label() update
approved
2009/334 (06/10/09) open EOF of legacy bus mice
approved
2009/336 (06/10/09) open rtorrent & libtorrent
let run
Next Meeting:
=============
06/10/2009
Cancelled
IAM
======
Name: Brussels II - ipadm and libipadm
Submitter: Girish Moodalbail
Owner: Sebastien Roy
Status: submitted
Exposure: open
SUMMARY
=======
There are two problems with Administrative utilities for
networking that are addressed by this project:
(i) As documented in CR 6215036, the ndd(1m) tool lacks Stable
interfaces and a well-defined mechanism for applying
settings persistently across reboot. This project will
introduce a tool, ipadm(1m) that will allow system
administrators to persistently set TCP/IP tunables and will
have a user- and library-interface that is consistent with
corresponding dladm(1m) interfaces that are in use for
Layer 2 of the networking stack.
(ii) As was already noted many years ago in the ON SAC opinion
for PSARC 1997/184,
" .. the already complex ifconfig utility. The committee
feels this project is making an already serious ease of
use problem even worse. The steering committees are
advised to initiate a project to create a new easier to
use network interface configuration utility."
This project introduce the recommended interface via
ipadm(1m).
ISSUES
======
Issues for inception 06/03/2009
gw-1 20 questions #5 / Brussels II - ipamd and libipamd Rev 1.7 14.1
* What is the rationale for /etc/ipadm/ipadm.conf?
Why shouldn't smf properties be used?
dladm isn't a good example since dladm needs to store "secret"
information /etc/dladm/secobj.conf
* a new user "ipadm" or "netadm"? N.B. "dladm" seems to be the
only current user. (Could the new "netadm" user be used by
the ILB project? Will the "dladm" user be converted to
"netadm"?)
* file_dac_write could be eliminated with smf properties
* what new authorizations are proposed?
* proc_audit means ipadm is generating audit records. What is
being audited? Contracts are needed here. It's likely that
smf properties could eliminate the need to audit.
jdc-1 3.1.1: why doesn't create-if automatically do what up-if does?
Doesn't that defeat the purpose of having a permanent store?
(If "create-if" is done implicitly by some of the other
commands, such as "create-addr", does this mean that "up-if"
is skipped? Or does it implicitly do both?)
jdc-2 What is the difference between "delete-if -t foo0" and
"down-if foo0"?
jdc-3 4.1: why do temporary addresses on permanent interfaces
generate a warning? Isn't that the most likely usage?
(Similar comment in 4.2 about deleting a temporary address on
a permanent interface.)
jdc-4 4.1: how do I manipulate static addresses that are configured
in symbolic (name) form?
jdc-5 4.1: if I don't use "/n" (CIDR notation), what happens? Error
or netmask lookup?
jdc-6 Is create-ipv6addrs for IPv6 and create-dhcp for IPv4 really
the best factoring? How would IPv4 link locals fit into such
a scheme? Why is DHCPv6 not administered using the *-dhcp
commands?
jdc-7 5.1: why not have labels for both static and automatic
addresses?
jdc-8 It would be good to see some more worked examples. I *think*
that in order to create an IPv6 static address, I need to do
something like this:
ipadm create-if -f inet6 bge0
ipadm up-if -f inet6 bge0
ipadm create-ipv6addrs -i bge0 myv6local
ipadm create-addr -i bge0 2005::1/64
rather than this:
ifconfig bge0 inet6 plumb up
ifconfig bge0 inet6 addif 2005::1/64 up
Is that right?
jdc-9 What's the difference between "tentative" and "optimistic"
DAD? And where do the IFA_* flags come from?
jdc-10 I love the idea of getifaddrs(), but object to putting it in
libipadm. We don't need that barrier to portability. This
belongs in libsocket/libxnet or (feeling optimistic for the
future) libc. Plus, a Committed interface floating in the
middle of a Consolidation Private library sounds like a
mistake.
(In the description of this call, you say ~IFF_UP, but I think
you mean that only IFF_UP addresses are returned.)
jdc-11 How will the overlap between 'ipmpstat' and 'ipadm show-ipmp'
be handled?
jdc-12 14.2: why not just have persistent data loaded automatically
(per jdc-1) and allow legacy methods (if used at all) to
override? The conditional logic described here sounds hard to
use (and implement).
jdc-13 How does DR interface with this? (Is there a DR rewrite?)
What becomes of "ifconfig configinfo"?
jdc-14 Is there a separate project to update Sun Cluster to use the
new interfaces?
jdc-15 The new "state" property seems to involve partial success and
partial failure semantics. What happens if I set "up" but not
all of the addresses come up? If some or all have failed DAD,
what state do I see when I read that property? (This looks
like an attempt to recapture BSD semantics, but I'm unsure if
it works ...)
jdc-16 Using the name "routing" for the IP forwarding control is very
confusing. Either use "router" (to align with IFF_ROUTER) or
use "forwarding" (to align with routeadm). (I prefer the
latter, but pick one.)
jdc-17 How does "icmp_respond" work? Can I control just one type or
are there multiple instances of this parameter on an
interface? (If there are multiple instances, then how do I
refer to each instance?)
jdc-18 Why are some parameters (forward{,6}_src_routed) broken out
for v4 and v6, while others (icmp_err_interval) are not?
jdc-19 I suggest leaving out "multidata_outbound" and "lso_outbound"
as examples of those corner case tweaks that needn't be in the
committed set of properties. "Real" LSO should just work, and
shouldn't need administrative fiddling. Such fiddling is
really an internal design matter, and not (as with the other
controls) a matter of on-the-wire behavior.
jdc-99 Nit: subcommands listed in 20q don't seem to match design
document.
djr-1 Refering to the umbrella document and the list of APIs...
A proper programming interface that handles network addresses
should be capable of handling both IPv4 and IPv6 addresses
without special names - c.f. bind(), connect(), etc. Thus
there should be no need for ipadm_create_addr() and a separate
ipadm_create_ipv6addr(). Just because the command line is
different does not mean the programming interface needs to
be or should be.
djr-2 Further to djr-1, reading 4.1 makes some very explicit
references to section 5 and IPv6 configuration. This suggests
that further work needs to be done on designing the CLI.
Also see jdc-6 for comments about DHCP that are also
pertinent here.
djr-3 PSARC/2009/331 (IP Datapath refactoring) discusses changes to
system behavour with respect to removing addresses. How will
that impact the expected use/interfaces for this project?
kb-98 old habits die hard. It would be helpful for sys-admins
transitioning from the ndd / hostname.if* / ifconfig etc to have
summary table showing the old way on one side and the equivalent
ipadm on the the other.
kb-99 It would be really helpful to draw the state machine for the
new objects introduced here: 'if', 'addr', ipv6addr',
'dhcp' and 'ipmp'. Show how they stransition to new states
from the initial state (after create-*), get loaded to kernel,
get added in the persistant storage, get deleted either
temporarily or permanently.
THE NEXT STEP
=============
Return for commitment review
