Solaris network virtualization and resource control

Solaris network virtualization and resource control is a set of features originally developed by Sun Microsystems as the OpenSolaris Crossbow umbrella project, providing an internal network virtualization and quality of service framework within the Solaris Operating System.[1] It also enables secure and efficient virtual network interfaces and zones, making it easier to manage network resources.[2]

Major features of the Crossbow project include:

  • Virtual NIC (VNIC) pseudo-network interface technology
  • Exclusive IP zones
  • Bandwidth management and flow control on a per interface and per VNIC basis

Description

The Crossbow project software, combined with next generation network interfaces like xge and bge, enable network virtualization and resource control for a single system. By combining VNICs with features such as exclusive IP zones or the Sun xVM hypervisor, system administrators can run applications on separate virtual machines to improve performance and provide security. Resource management and flow control features provide bandwidth management and quality of service for packet flows on separate virtual machines. You can allocate bandwidth amounts and manage data flows not only for the physical network interface but also for any containers configured on the interface. The Crossbow resource control features enable increased system efficiency and the ability to limit the amount of bandwidth consumed by a process or virtual machine.

Features of the Crossbow project

This section briefly describes the main features of the Crossbow network virtualization and resource control project. For further details on each feature, see the Oracle Solaris 11 Network Virtualization and Network Resource Management white paper.[2]

VNIC

A VNIC is a pseudo network interface that is configured on top of a system's physical network adapter, also called a network interface controller (NIC). A physical interface can have more than one VNIC. Each VNIC operates like and appears to the system as a physical NIC. The individual VNIC is assigned a media access control address (MAC address), which can be configured to a value other than the default MAC address assigned to the physical NIC. You can use the resource control features of Crossbow to allocate separate bandwidths to the individual VNICs. Moreover, you can configure a virtual machine, such as an exclusive IP zone or xVM domain on top of a VNIC.[3]

Virtual switch

When the first VNIC is created on a system, a virtual switch is also created above the physical interface. Though not directly accessible to the user, the virtual switch provides connectivity between all VNICs configured on the same physical interface, enabling the virtual network in a box scenario. The virtual switch forwards packets between the system's VNICs. Thus, packets from an internal VNIC source never have to pass to the external network to reach an internal network destination.[4]

Exclusive IP zones

An exclusive IP zone is a separate instance of a full TCP/IP stack, which functions as a non-global zone. Each exclusive IP zone is built upon a physical network interface and has its own IP-related state. IP instances support DHCPv4 and IPv6 address autoconfiguration. An exclusive IP zone can have its own routing table and routing protocols separate from the global zone on a system. Moreover, a system administrator can run the ifconfig command within an exclusive IP instance to set up a logical interface within the exclusive IP zone.

Modifications to the TCP/IP MAC layer

In Solaris, the MAC layer is part of the larger data link layer of the TCP/IP protocol stack. The Crossbow project modifies this layer with several new features, including the MAC client interface. This virtual entity is a kernel data structure that is not externally visible to the system administrator. However, the MAC client interface along with the VNIC driver provides the VNIC functionality in OpenSolaris. Additionally, Crossbow modifications to the MAC layer enable a system administrator to assign a different MAC address to each VNIC on a system.

Resource management and flow control

The Crossbow project features provide bandwidth management and flow control on a per VNIC basis. A system administrator can configure different bandwidth allocations to the various VNICs on a host through the new Crossbow-related commands dladm.1m and flowadm.1m. Traffic through each VNIC can be classified and separated into individual flows, based on port number, destination IP address, and other parameters. These features can be used to improve system efficiency and enable differentiated services for separate VNICs.[5]

Observability features

Standard Solaris observability tools can be used to monitor the status of exclusive IP instances, VNICs, and virtual machines running on VNICs. For example, familiar tools such as ping and snoop can report status on the operations of a VNIC. Additionally, the Netstat.1m command has been extended for Crossbow to report statistics on packet flows defined with the flowadm command.

Feature and code availability

The exclusive IP zones feature was first introduced in the Solaris 10 8/07 release. The first version of the Crossbow feature set was incorporated in OpenSolaris 2009.06. The full Crossbow feature set became part of Solaris with the 2011 release of Solaris 11.

Oracle discontinued the OpenSolaris download sites after its acquisition of Sun Microsystems, but source code for Crossbow can be downloaded from the sites of the derivatives of illumos (see illumos § Distributions).

See also

References

  1. ^ "OpenSolaris Project: Crossbow: Network Virtualization and Resource Control". Archived from the original on 2009-10-21.
  2. ^ a b "Oracle Solaris 11 Network Virtualization and Network Resource Management" (PDF). Oracle Corporation. November 2011. Retrieved 2017-10-27.
  3. ^ "Crossbow: From Hardware Virtualized NICs to Virtualized Networks" (PDF).
  4. ^ "Crossbow Virtual Wire: Network in a Box" (PDF).
  5. ^ "Crossbow: A Vertically Integrated QoS Stack" (PDF).