Thanks to Sun's Project Crossbow, which enables full virtualization of the Solaris network stack, network interface cards (NICs) can now be virtualized into one or more virtual NICs (VNICs). These VNICs can then be individually configured and tuned to take advantage of the physical NIC's in-hardware capabilities and workload needs. So writes Ben Rockwood in his article for Search DataCenter.com "Solaris Project Crossbow Offers Virtualized Network Management."

Rockwood goes on to say that the stack is even further virtualized by Etherstubs, with which users can create networks that act like real physical networks but exist entirely in software. One could, for example, create 100 Solaris Containers on a system, each with a VNIC connected to an Etherstub, forming a complete functioning network of virtual servers that looks and feels like a real network but is entirely in software on one box. With Etherstubs users can simulate complete network topologies on a single box. To use them, we simply create a new Ethersub and create VNICs, which bind to the Etherstub instead of a physical interface.

In addition to the capability of virtualizing network components, Crossbow has re-envisioned IP Quality of Service (IPQoS), Rockwood writes. Users can define "flows," for any interface that describe some type of traffic. A flow might be an entire interface or perhaps only HTTP and HTTPS traffic, for example. Resource controls can be applied to these flows, such as traffic priority (low, medium, high), CPU binding and, most importantly, bandwidth limitations. Crossbow gives users the ability to limit an interface to only, say, 10 Mbps or perhaps limit only SMTP traffic to 40Mbps so it doesn't overwhelm a gigabit link. Moreover, these flows can also be audited (logged) for monitoring and reporting purposes, he notes.

A further enhancement that Crossbow delivers is the "dladm" command which handles data link administration and works to unburden the previously overtaxed "ifconfig" command. This new command is used for managing physical interfaces, creating VNICs and Etherstubs, Rockwood explains, creating and managing WiFi links or port aggregations ("trunking" or "teaming"), etc. The idea is that you create and manage data links with dladm and then interact with them as usual via ifconfig. Therefore, to use a VNIC, you use dladm to create a new VNIC from a physical NIC, then use ifconfig to plumb and assign IP information to the VNIC, just as you would any traditional NIC, he writes.

As part of his article Rockwood presents a simple Crossbow use case, replete with code samples, illustrating the ability to replace traditional virtual interfaces with VNICs. He points out that using dladm show-phys enables one to view all physical interfaces (NICs) and use those to create VNICs which are then configured using ifconfig just as though they were traditional network interfaces. Even though more commands are involved, consider how much cleaner the end result is, he points out, adding that each VNIC has its own MAC address, can be assigned an individual VLAN ID ("VID" above), etc.

Rockwood also writes about the new levels of control that Crossbow makes possible with the introduction of the concept of link properties. Using properties, users can set a maximum bandwidth limit (in megabits per second), assign its processing to specific CPUs, modify its processing priority or modify its tagging behavior. Again, the writer provides illustrative code samples and notes exactly how much more granular the levels of control are with the fladm command.

Rockwood shows how it is possible to create two flows to demonstrate the multiple levels of control over how data links are used to provide a fine-grained capability to partition network capacity. He adds that dladm and flowadm can work in harmony with the Solaris Extended Accounting facility to provide auditing data.

Finally, Rockwood turns to Crossbow's ability to virtualize network interfaces and control how those data links are used, noting that the solution really comes to its full potential when used in conjunction with virtualization technologies such as Solaris Containers, xVM (aka Xen) or VirtualBox. Unlike other operating systems, VNICs provide a single, uniform way to manage network virtualization for all three technologies. Because VNICs act like real network interfaces, users provide full network capabilities to each virtual environments while maintaining full auditing and resource control capabilities independent of the individual implementation.

The author points out how one can create multiple Etherstubs and route between them, using code samples to demonstrate how one could assign both vnic2 and vnic3 to an xVM instance and then enable routing to allow a Solaris Zone on vnic5 access to the public network.

More Information

OpenSolaris Project Crossbow Points the Way to the Cloud

Project Crossbow - Redefining the Nature of Network Virtualization

OpenSolaris

Crossbow Documentation [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter