Please review the following opinion and submit comments by COB on
06/12/2009. Note that the timer is set a bit short for personal
reasons.
Note also that the opinion reflects the materials as reviewed by the
ARC. For those who've participated in the design review, some things
(particularly /dev/bridge/) have changed since this ARC review was
completed, and those changes will be the subject of a fast-track to be
filed shortly.
sun
microsystems Systems Architecture Committee
_________________________________________________________________
Subject: Solaris Bridging
Submitted by: James Carlson
File: PSARC/2008/055/opinion.ms
Date: February 25th, 2009
Committee: James D. Carlson, Kais Belgaied, Richard
Matthews, Sebastien Roy.
Product Approval Committee:
Solaris PAC
solaris-pac at sun.com
1. Summary
This project provides Ethernet bridging functionality for
Solaris.
2. Decision & Precedence Information
The project is approved as specified in reference [1].
The project may be delivered in a Minor release of Solaris
or OpenSolaris.
3. Interfaces
The project exports the following interfaces.
____________________________________________________________________________
| Interfaces Exported |
|_____________________|_______________________|____________________________|
|Interface | Classification | Comments |
|_____________________|_______________________|____________________________|
|dladm *-bridge | Committed | new subcommands |
|field names | Committed | dladm show-bridge -o |
|link properties | Committed | dladm set-linkprop |
|show-link BRIDGE | Committed | new field |
|kstats | Volatile | Should be raised later |
|/dev/bridge/ | Committed | Observability node |
|control ioctls | Project Private | |
|/usr/lib/bridged | Project Private | Daemon executable |
|svc:/network/bridge | Committed | SMF URI |
|config/* | Project Private | SMF properties |
|_____________________|_______________________|____________________________|
PSARC/2008/055 Copyright 2009 Sun Microsystems
- 2 -
____________________________________________________________________________
| Interfaces Exported |
|_____________________|_______________________|____________________________|
|Interface | Classification | Comments |
|_____________________|_______________________|____________________________|
|bridge module | Project Private | Kernel bridging module |
|/var/run/bridge_door/| Project Private | Doors interface to daemons|
|librstp.so.1 | Project Private | RSTP implementation |
|mac, dls, dld | Consolidation Private| Kernel APIs |
|::dladm show-bridge | Volatile | mdb dcmd (debugging) |
|_____________________|_______________________|____________________________|
4. Opinion
This project was originally filed as a fast-track, but then
derailed for regular review due to the depth of the ques-
tions raised. At inception, the project team was advised to
consult with the Crossbow and IP Filtering teams to resolve
the connections between these projects. On completion of
those discussions, the ARC members were updated (see refer-
ence [2]), and a vote on the final materials was held during
ARC business.
4.1. IP Filter
The project team discussed filtering and bridging at length.
There are essentially two ways that layer two filtering
(L2F) can apply to bridges: it can apply on top of the
bridge, so that the links seen by L2F are the same as those
seen by IP, or it can apply below the bridge, so that the
links seen by L2F are the same as the physical links on the
system.
The former is expedient, but the latter will require new
interfaces, including a "bridge forwarding" hook that is
analogous to the existing "IP forwarding" hook. This work
is left to a future project to define.
4.2. Crossbow
The bridging project allows Crossbow's flows and virtual
interfaces to be used on top of bridges for control of
traffic sent and received by local endpoints, but does not
make use of Crossbow's classification functionality in the
bridge forwarding function. The project teams agree that it
would be better if this sort of integration were possible,
but the required functionality for bridge forwarding does
not currently exist in Crossbow, and retrofitting later
would be a seemless operation for users. Thus, the teams
agreed that this future work can continue in parallel, and
that bridging should be reworked when suitable Crossbow
interfaces are designed.
PSARC/2008/055 Copyright 2009 Sun Microsystems
- 3 -
4.3. Security
An ARC member noted several problems and complexities with
the originally proposed security mechanism. The design [3]
was updated to drive all configuration through the existing
SMF/SCF and dladm/dlmgmtd interfaces, so the project now
relies exclusively on existing security mechanisms and the
issues raised at inception are no longer present.
5. Minority Opinion(s)
None
6. Advisory Information
None
7. Appendices
7.1. Appendix A: Technical Changes Required
None
7.2. Appendix B: Technical Changes Advised
None
7.3. Appendix C: Reference Material
Unless stated otherwise, path names are relative to the case
directory PSARC/2008/055.
1. Bridging Architectural Specification
File: final.materials/bridging-spec.txt
2. ARC Update Summary
File: final.materials/bridging-arc-changes.txt
3. Bridging Design Document
File: final.materials/bridging-design.pdf
PSARC/2008/055 Copyright 2009 Sun Microsystems
