SYSTEM ARCHITECTURE COUNCIL
Platform Software ARC
---------------------------------
PSARC Regular Meeting time: Wednesdays 10:00-1:00pm in MPK17-3507.
09-30-2009 MEETING MINUTES
============================================================================
Send CORRECTIONS, additions, deletions to psarc-coord at sun.com.
Minutes are archived in sac.Eng:/sac/export/sac/Minutes/PSARC.
Co-Chair(s):
Sebantien Roy: Yes
Tim Marsland: no
ATTENDEES - Members: (6 active members)
Kais Belgaied: Yes
Mark Carlson: Yes
Richard Matthews: no
Darren Moffat: no (on sabbatical)
Garrett D'Amore: no
Glenn Skinner: Yes
Bill Sommerfeld: no (on sabbatical)
Gary Winiger: Yes (on sabbatical)
STAFF -
Asa Romberger (PM): Yes
ATTENDEES - Interns:
Frank Che no
James Falkner: no (on sabbatical)
Daniel Hain: no
Michael Haines: no
Alan Hargreaves: no
Phil Harman: no
Wyllys Ingersoll: no
Darren Reed: no
Dean Roehrich no
Ienup Sung: no
Phi Tran no
Brian Utterback: no
James Walker Yes
Suhasini Peddada Yes
Calum Mackay Yes
Mark Martin Yes (external)
Don Cragun Yes (external)
Guests:
-- GUESTS --
Girish Moodalbail
Vasumathi Sundaram
Sowmini Varadhan
Mark Musante
David Chieu
Pete Dennis
Prasad Singamsetty
Tim Haley
Not all names are captured. Please send email to Asa.Romberger at Sun.com, if
you attended the meeting and your name is missing from the list.
---------------------------------------------------------------------------
MEETING SUMMARY:
================
AGENDA
09/30/2009
10:00-10:10 Open ARC Business (use open dial in above)
10:10-10:55 Commitment: Brussels II - ipadm and libipadm (2009/306)
Submitter: Girish Moodalbail
Owner: Sebastien Roy
Exposure: open
---------------------------------------------------------------------------
Case Anchors: <br>
<A HREF="#case1">Brussels II - ipadm and libipadm (2009/306)</A> <br>
===========================================================================
Fast Tracks:
============
Case (Timeout) Exposure Title
2009/499 (09/24/09) open iBus integration
extend to 10/7/2009
2009/501 (09/25/09) open Dynamic Ring Grouping on NICs
approved
2009/503 (09/28/09) open usr/lib links for OpenSSL
approved
2009/505 (09/28/09) open IRM Framework Extension(s)
approved
2009/507 (09/29/09) open FIPS Capable OpenSSL
approved
2009/508 (09/29/09) open ettcp
approved
2009/510 (09/30/09) open ZFS received properties
approved
2009/511 (10/31/09) open zpool split
approved
2009/513 (09/29/09) open Changes to IPsec ESP to support Combined
mode ciphers
approved
2009/514 (10/02/09) open CUPS as the default print service
approved
2009/515 (10/02/09) open fragmentation controls for ping and
traceroute approved
2009/516 (10/02/09) open Timezone cache renewal
let it run
2009/519 (10/02/09) open audioemu10k device driver
approved
Next Meeting:
=============
10/07/2009
10:00-10:10 Open ARC Business (use open dial in above)
10:10-10:55 Inception: Solaris ATCA IPMI Driver (2009/467)
Submitter: Kevin Song
Owner: Garrett D'Amore
Intern: Jim Walker
Exposure: open
-----------------------------------------------------------------------
-----------------------------------------------------------------------
2009/306
Name: Brussels II - ipadm and libipadm
Submitter: Girish Moodalbail
Owner: Sebastien Roy
Status: inception held 06/03/2009
Exposure: open
SUMMARY
=======
There are two problems with Administrative utilities for
networking that are addressed by this project:
(i) As documented in CR 6215036, the ndd(1m) tool lacks Stable
interfaces and a well-defined mechanism for applying
settings persistently across reboot. This project will
introduce a tool, ipadm(1m) that will allow system
administrators to persistently set TCP/IP tunables and will
have a user- and library-interface that is consistent with
corresponding dladm(1m) interfaces that are in use for
Layer 2 of the networking stack.
(ii) As was already noted many years ago in the ON SAC opinion
for PSARC 1997/184,
" .. the already complex ifconfig utility. The committee
feels this project is making an already serious ease of
use problem even worse. The steering committees are
advised to initiate a project to create a new easier to
use network interface configuration utility."
This project introduce the recommended interface via
ipadm(1m).
ISSUES
=======
PSARC/2009/306 Brussels II - ipadm and libipadm
Submitter: Girish Moodalbail
Owner: Sebastien Roy
Issues for inception 06/03/2009
gw-1 20 questions #5 / Brussels II - ipamd and libipamd Rev 1.7 14.1
* What is the rationale for /etc/ipadm/ipadm.conf?
Why shouldn't smf properties be used?
dladm isn't a good example since dladm needs to store "secret"
information /etc/dladm/secobj.conf
* a new user "ipadm" or "netadm"? N.B. "dladm" seems to be the
only current user. (Could the new "netadm" user be used by the ILB
project? Will the "dladm" user be converted to "netadm"?)
* file_dac_write could be eliminated with smf properties
* what new authorizations are proposed?
* proc_audit means ipadm is generating audit records. What is being
audited? Contracts are needed here. It's likely that smf properties
could eliminate the need to audit.
jdc-1 3.1.1: why doesn't create-if automatically do what up-if does?
Doesn't that defeat the purpose of having a permanent store?
(If "create-if" is done implicitly by some of the other
commands, such as "create-addr", does this mean that "up-if"
is skipped? Or does it implicitly do both?)
jdc-2 What is the difference between "delete-if -t foo0" and
"down-if foo0"?
jdc-3 4.1: why do temporary addresses on permanent interfaces
generate a warning? Isn't that the most likely usage?
(Similar comment in 4.2 about deleting a temporary address on
a permanent interface.)
jdc-4 4.1: how do I manipulate static addresses that are configured
in symbolic (name) form?
jdc-5 4.1: if I don't use "/n" (CIDR notation), what happens? Error
or netmask lookup?
jdc-6 Is create-ipv6addrs for IPv6 and create-dhcp for IPv4 really
the best factoring? How would IPv4 link locals fit into such
a scheme? Why is DHCPv6 not administered using the *-dhcp
commands?
jdc-7 5.1: why not have labels for both static and automatic
addresses?
jdc-8 It would be good to see some more worked examples. I *think*
that in order to create an IPv6 static address, I need to do
something like this:
ipadm create-if -f inet6 bge0
ipadm up-if -f inet6 bge0
ipadm create-ipv6addrs -i bge0 myv6local
ipadm create-addr -i bge0 2005::1/64
rather than this:
ifconfig bge0 inet6 plumb up
ifconfig bge0 inet6 addif 2005::1/64 up
Is that right?
jdc-9 What's the difference between "tentative" and "optimistic"
DAD? And where do the IFA_* flags come from?
jdc-10 I love the idea of getifaddrs(), but object to putting it in
libipadm. We don't need that barrier to portability. This
belongs in libsocket/libxnet or (feeling optimistic for the
future) libc. Plus, a Committed interface floating in the
middle of a Consolidation Private library sounds like a
mistake.
(In the description of this call, you say ~IFF_UP, but I think
you mean that only IFF_UP addresses are returned.)
jdc-11 How will the overlap between 'ipmpstat' and 'ipadm show-ipmp'
be handled?
jdc-12 14.2: why not just have persistent data loaded automatically
(per jdc-1) and allow legacy methods (if used at all) to
override? The conditional logic described here sounds hard to
use (and implement).
jdc-13 How does DR interface with this? (Is there a DR rewrite?)
What becomes of "ifconfig configinfo"?
jdc-14 Is there a separate project to update Sun Cluster to use the
new interfaces?
jdc-15 The new "state" property seems to involve partial success and
partial failure semantics. What happens if I set "up" but not
all of the addresses come up? If some or all have failed DAD,
what state do I see when I read that property? (This looks
like an attempt to recapture BSD semantics, but I'm unsure if
it works ...)
jdc-16 Using the name "routing" for the IP forwarding control is very
confusing. Either use "router" (to align with IFF_ROUTER) or
use "forwarding" (to align with routeadm). (I prefer the
latter, but pick one.)
jdc-17 How does "icmp_respond" work? Can I control just one type or
are there multiple instances of this parameter on an
interface? (If there are multiple instances, then how do I
refer to each instance?)
jdc-18 Why are some parameters (forward{,6}_src_routed) broken out
for v4 and v6, while others (icmp_err_interval) are not?
jdc-19 I suggest leaving out "multidata_outbound" and "lso_outbound"
as examples of those corner case tweaks that needn't be in the
committed set of properties. "Real" LSO should just work, and
shouldn't need administrative fiddling. Such fiddling is
really an internal design matter, and not (as with the other
controls) a matter of on-the-wire behavior.
jdc-99 Nit: subcommands listed in 20q don't seem to match design
document.
djr-1 Refering to the umbrella document and the list of APIs...
A proper programming interface that handles network addresses
should be capable of handling both IPv4 and IPv6 addresses
without special names - c.f. bind(), connect(), etc. Thus
there should be no need for ipadm_create_addr() and a separate
ipadm_create_ipv6addr(). Just because the command line is
different does not mean the programming interface needs to
be or should be.
djr-2 Further to djr-1, reading 4.1 makes some very explicit
references to section 5 and IPv6 configuration. This suggests
that further work needs to be done on designing the CLI.
Also see jdc-6 for comments about DHCP that are also
pertinent here.
djr-3 PSARC/2009/331 (IP Datapath refactoring) discusses changes to
system behavour with respect to removing addresses. How will
that impact the expected use/interfaces for this project?
kb-98 old habits die hard. It would be helpful for sys-admins transitioning
from the ndd / hostname.if* / ifconfig etc to have summary
table showing the old way on one side and the equivalent
ipadm on the the other.
kb-99 It would be really helpful to draw the state machine for the
new objects introduced here: 'if', 'addr', ipv6addr',
'dhcp' and 'ipmp'. Show how they stransition to new states
from the initial state (after create-*), get loaded to kernel,
get added in the persistant storage, get deleted either temporarily or
permanently.
Issues for committment 09/30/2009
gcs-1 From its description, /sbin/netstart ought to be /lib/netstart.
seb-1 One cannot tell where "addrconf" addresses came from in the
show-addr output (at least not in the example shown in section
5.1 of the design document). For a single "addrconf" address
object, it would be crucial to know which ones are DHCPv6
addresses, which are statelessly autoconfigured, etc.
VOTE
====
Approve - Sebastien Roy, GLenn Skinner, Kais Belgaied, Mark Carlson
Deny -
Abstain -
Not Participating (NP) -
THE NEXT STEP
=============
Approved
