Re: [zones-discuss] Solaris Zones and Blackhole Routing

Mon, 16 Apr 2007 12:22:49 -0700 

Tony,
Would reject routes (instead of blackholes) be acceptable? If so, have you tried that? It would reduce or remove the need to wait for timeouts. 

Tony Marshall wrote:

Hi All,

We are providing a service to a customer using and E6900 as the platform
to the provision multiple Solaris zones to the customer for them to run
their application and database servers to their customers.

For the sake of this e-mail I will talk about customers as being the end
users of the application and database servers.

Currently we have about 58 zones running on the E6900, each customer
must not have access to another customers zones, the recommended way to
do this is to employ blackhole routes for each zone that is not allowed
to communicate.  Each customer has 2 zones which can communicate with
each other, there are a couple of administration zones that are allowed
to communicate with all zones but everything else must be blocked. We
end up with about 53 blackhole routes per zone, plus we need to block
the zones from talking to the global zone ip addresses.

When the application servers and database servers start we are seeing a
large number of timeouts when the application tries to connect to the
localhost to check a service is up.

When a number of blackhole routes are removed these timeouts disappear.

The system works with just over 2000 routes but we have just provisioned
another 8 zones to this system which has increased the number of
blackhole routes to just over 3000 and the application servers and
database servers start getting timeouts.

So is there a maximum number of routes that can be defined in the global
zones routing table? Is there another way of blocking zones from talking
to each other without having to use blackhole routes?  Have we reached
the maximum number of zones we can run on that system because of the
blackhole routes rather than using all of the capacity (CPU and Memory)
on the box?

Thanks

Tony

_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org


--
--------------------------------------------------------------------------
Jeff VICTOR              Sun Microsystems            jeff.victor @ sun.com
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:    http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org






















					Reply via email to