Menno Lageman wrote:
Jeff Victor wrote:
Here we have a difficult non-technical decision to make. Which is
'better':
1) No "out-of-the-box" controls - the current situation. The
unsuspecting zone creator will unwittingly allow DoS attacks by zones
until it becomes clear that RM controls s
Jeff Victor wrote:
Here we have a difficult non-technical decision to make. Which is
'better':
1) No "out-of-the-box" controls - the current situation. The
unsuspecting zone creator will unwittingly allow DoS attacks by zones
until it becomes clear that RM controls should be used, either
Menno Lageman wrote:
Another option for RM templates would be that the template is a pointer
to a set of RM defaults instead of being used directly during zone
creation. This way, changing RM settings of existing zones would simply
entail changing the template in one place. Or, when moving a
Mads Toftum wrote:
On Fri, May 11, 2007 at 01:44:42PM -0400, Jeff Victor wrote:
I would choose 50%. For >3 zones, 75% doesn't accomplish enough. At 50%,
they will (hopefully) investigate the performance issue and be happily
surprised when they learn they've been using a default value...
I'
Jerry Jelinek wrote:
Jeff Victor wrote:
By default, Solaris Containers do not have resource controls. Up
through S10 11/06 you could add many resource controls to Containers,
directly or indirectly, but some of them were... 'challenging' to use.
;-)
S10 7/07 improves the situation greatly, m
On Fri, May 11, 2007 at 01:44:42PM -0400, Jeff Victor wrote:
> I would choose 50%. For >3 zones, 75% doesn't accomplish enough. At 50%,
> they will (hopefully) investigate the performance issue and be happily
> surprised when they learn they've been using a default value...
>
I'm not too keen
On Fri, May 11, 2007 at 11:37:03AM -0600, Jerry Jelinek wrote:
> Can you explain your concern? What if we fixed FSS so it works when
> you are running the windowing system (like IA)?
That's not the point here. FSS shares being relative to the total number
of shares. So, if you were to have 2 zone
Jeff Victor wrote:
Wouldn't this lead to a waste of resources on systems with only one
non-global zone? It may not be the most common setup, but still makes a
lot of sense for a higher level of security.
No, since this is only a cap, not a partitioning of resources, so
everything
is still sha
Jerry Jelinek wrote:
Mads Toftum wrote:
If we implement Dan's idea of a percentage for some of the resource
controls we could have physical memory and swap caps default to something like
50%-75% of the system total. Again, well-behaved zones shouldn't get close
to this (if they do, the system i
Mads Toftum wrote:
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system. You want to
be able to get on the global zone and clean up the misbehaving zone
and any other we
Mads Toftum wrote:
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system. You want to
be able to get on the global zone and clean up the misbehaving zone
and any other we
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
> The requirement for the RM defaults should be that a misbehaving
> zone can't effectively bring down the whole system. You want to
> be able to get on the global zone and clean up the misbehaving zone
> and any other well behaved non
Jeff Victor wrote:
With all of that, should default values be minima or maxima? The goal I
have in mind is default values that will protect a zone from DoS
attacks, or the equivalent symptom, caused by bad software.
Although we could assign default values to caps, they would be
arbitrary, an
Jerry Jelinek wrote:
Dan Price wrote:
On Thu 10 May 2007 at 04:21PM, Jerry Jelinek wrote:
of the other controls is trickier although I think Dan's idea of scaling
these based on the system makes it easier. We might also want to think
about scaling based on the number of running zones.
Anothe
Dan Price wrote:
On Thu 10 May 2007 at 04:21PM, Jerry Jelinek wrote:
of the other controls is trickier although I think Dan's idea of scaling
these based on the system makes it easier. We might also want to think
about scaling based on the number of running zones.
Another way to look at it (a
On Thu 10 May 2007 at 10:28PM, Mike Gerdts wrote:
> Providing open access to this information across Sun's product line
> and opening up the computation methods to allow others to "benchmark"
> other systems would be very helpful. Perhaps in the future ISV's
> would say more meaningful things like
On 5/10/07, Dan Price <[EMAIL PROTECTED]> wrote:
I think fundamentally we hear from two camps: those who want to
proportionally partition whatever resources are available, and those who
want to see the system as "virtual 512MB Ultra-2's" or "virtual 1GB,
1ghz PCs."
The typical scenario I see is
On Thu 10 May 2007 at 04:21PM, Jerry Jelinek wrote:
> of the other controls is trickier although I think Dan's idea of scaling
> these based on the system makes it easier. We might also want to think
> about scaling based on the number of running zones.
Another way to look at it (and I think what
Bob Netherton wrote:
I see where you are going with this Jeff, and there are some good ideas
behind all of this. I have a great desire to rephrase your question
without the reference to zones - how well is Solaris itself
protected against the various forms of DoS attack ? Do the controls
here
On Thu 10 May 2007 at 03:58PM, Bob Netherton wrote:
> On Thu, 2007-05-10 at 14:11 -0400, Jeff Victor wrote:
>
> > However, this model does not solve the problem that is documented in
> > Clarkson's paper: the "out-of-the-box" experience does not protect
> > well-behaved zones from poorly-behaved
On Thu, 2007-05-10 at 14:11 -0400, Jeff Victor wrote:
> However, this model does not solve the problem that is documented in
> Clarkson's paper: the "out-of-the-box" experience does not protect
> well-behaved zones from poorly-behaved zones, or a DoS attack.
I see where you are going with this
On Thu, May 10, 2007 at 02:11:12PM -0400, Jeff Victor wrote:
> Currently there isn't a setting which enables (or disables) RM. Are you
> suggesting that there should be one 'knob' which enables RM, and chooses
> sufficiently large default values until you override them?
>
Yes.
> >Perhaps it co
Mads Toftum wrote:
On Thu, May 10, 2007 at 11:23:18AM -0400, Jeff Victor wrote:
I would like to gather thoughts and opinions on this omission: should
Containers have default RM settings? Is there a better method to solve
this problem? If not, which settings should have defaults?
I really w
On Thu, May 10, 2007 at 11:23:18AM -0400, Jeff Victor wrote:
> I would like to gather thoughts and opinions on this omission: should
> Containers have default RM settings? Is there a better method to solve
> this problem? If not, which settings should have defaults?
>
I really wouldn't like ha
Jeff Victor wrote:
By default, Solaris Containers do not have resource controls. Up through
S10 11/06 you could add many resource controls to Containers, directly
or indirectly, but some of them were... 'challenging' to use. ;-)
S10 7/07 improves the situation greatly, moving many of the 'indi
By default, Solaris Containers do not have resource controls. Up through S10
11/06 you could add many resource controls to Containers, directly or
indirectly, but some of them were... 'challenging' to use. ;-)
S10 7/07 improves the situation greatly, moving many of the 'indirect'
controls (e.g
26 matches
Mail list logo