Project Crossbow is huge. So says Ben Rockwood in his blog, where he further contends that Crossbow "...is a monumental improvement to Solaris and continues to push the bar out of reach of its competitors."

In the simplest possible terms, Rockwood writes, Crossbow redefines the nature of network virtualization. Pretty unequivocal praise.

He demonstrates the limitations of traditional "virtual interfaces," noting that, unlike VNICs, they are not real interfaces. With virtual NICs, one can do anything that is possible with a real interface: You can snoop it, tune it, count on the stats, he writes. Combined with Solaris Containers Zones or Xen guests for virtualization, VNICs really shine, he insists because it is possible to hand off interfaces that are fully controllable from within the virtual environment without having to dedicate a physical NIC to each one. The result is virtualized environments that feel way more like real servers. The way things should be (or we would like them to be.)

Rockwood recommends familiarizing yourself with the dladm command (Data Link Administration). "For some time now its been used for managing WIFI, 802.11ad Link Aggregation ('teaming' or 'trunking,' depending on your pedigree), and more recently VLANs. It's even replacing the old (and crappy) ndd with dladm's "link properties"... a welcome improvement," he explains.

As of snv_105 several new options are available, namely sub-commands for creating VNICs and Etherstubs, limited in number, it seems, to 799. Users who need more than that can re-architect.

Etherstubs are in-software switches which can be used in concert with VNIC's to create entirely virtualized in-software networks, Rockwood writes. While a standard VNIC will be associated with a physical GLDv3 network adapter, it is possible to create a VNIC associated with an Etherstub to keep anything from ever touching the wire.

Is there a problem with this (a VNIC that uses a software switch) Rockwood ponders? On a traditional network you would create a DMZ with firewall and other goodies which routes to a private internal network. Now you can do that all inside a single system, and he shows, with code, how it's done, resulting in a variety of VNIC's that can be treated like regular interfaces, using ifconfig to plumb them and assign IP's.

"If you are using Solaris Containers these VNIC's would be given to a Zone as an "IP-Instance" (exclusive mode), a feature which was added some time ago but until now only usable by dedicating a physical interface," according to Rockwood, adding, "The same should apply to Xen or other virtualization tools."

Readers might be surprised that, after all this enthusiasm, Rockwood only now comes to his favorite Crossbow feature: a real network resource control capability that does not rely on IPQoS. And, these come in three types: max bandwidth (rate limiting), priority (relative to other traffic), and cpu's. These these controls are not cumulative, Rockwood points out, but rather apply to any given point in time, and they can be applied either to an entire link (NIC or VNIC) or alternatively to a particular network flow (a defined collection of network communication). Crossbow adds the new command flowadm to define and control network flows, which he demonstrates with code samples.

But wait, Rockwood concludes, extended accounting has been extended to incorporate accounting based on links or flows, but he promises to deal with that in a later post.

More Information

Project Crossbow: Network Virtualization and Resource Control

Complete text of Rockwood\'s blog [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter

Other articles in the OpenSolaris section of Volume 131, Issue 4: Project Crossbow - Redefining the Nature of Network Virtualization (this article) OpenSolaris and Solaris with Intel's New Core i7 Microarchitecture Processor See all archived articles in the OpenSolaris section.

Top 10 Most Popular Articles in Current Issue (Vol 150, Issue 4) Takes on the Upcoming Oracle Solaris 11 Inside the Sun Ray Oracle Enterprise Pack for Eclipse 11g Accelerates Java Development Oracle Makes the Case on Why Its Virtualization Portfolio Beats Other Vendors 'Exadata' or 'Database Machine'? Sun Certification Program to be Integrated with Oracle Ellison to Present Opening Keynote at JavaOne 2010 Some Background Information on Logzilla and Readzilla Scaling Web Services with MySQL Cluster Keeping Track of OpenSolaris Logins and Logouts Recent Blog Entries as of September 2, 2010, 7:09 pm Two New Sun Netra Servers Introduced Light Weight User Interface Toolkit (LWUIT) 1.4 is Now Available InfoWorld Announces Its Bossies Awards for 2010 Security Configuration Benchmark for Solaris 10 NetBeans IDE 6.10 Milestone 1 Available for Download The Line-up of Partner Events at Oracle OpenWorld 2010 Enabling Smart Card Access for Oracle Virtual Desktop Desktop Client Enterprise Java Cloud Strategies Virtual Conference 'GlassFish Security' Solving a Zone Attach Fail During a Zone Upgrade Blog RSS Feed