Solaris Crossbow Virtual Wire: Network in a Box

Solaris Crossbow Virtual Wire: Network in a Box

Abstract:

For 8 years, Sun has been re-developing the TCP/IP stack under Solaris. Nicolas Droux is involved as one of the core architects in Solaris in the process of re-architecting the TCP/IP stack. At the 23'rd Large Installation System Administration Conference (LISA-09), Nicolas presented over a short session describing the new features in Solaris TCP/IP from Project Crossbow.

Problems

• Host Virtualilzation
  
• Service Virtualization
  

Key Issues to Solve

• Virtualizing Hardware NIC's
• Zones Sharing a NIC
• Maintain Performance
• The desire is to allow the virtualized network stack to use as much of the hardware as possible.
• Allow the Virtual Machines to understand how much bandwidth they are allowed to use, to keep zones from stepping on one another.
• Management integrated into the stack itself, to avoid users having to look at multiple man pages.
• Security to ensure badly behaved applications are not injecting bad packets on a shared network

8 Years of Development

• Old code based upon Steams of solutions to resolve
  
• closer integration of IP to TCP layers
• data link, mac to IP
• new interface to device drivers (Project Nemo)
• IP QoS integrated, simplified, and made more efficient
  
• Crossbow integrated at MAC layer
• Requested more modern NIC features from hardware more hardware rings buffers, DMA Channels, and rich classifiers... building new features into the TCP/IP stack
  

Enablers & Key Opportunities

• Server and Network Consolidation
  
• Open Networking
• Cloud Computing
  

Features

• Hardware Lanes, to assign traffic to virtual NIC's, buffers, kernel threads, interrupts, the CPU threads, Zones, and/or Virtual Machines!
• Stack adjusts flow based upon server load or traffic load, with ability to adjust interrupts, so large chains of packets can be pulled from the NIC without an interrupt per packet penalty
• Virtual NIC's, pseudo-MAC instances, can be configured with bandwidth, priorities, and link aggregation, and assign V-NIC's on top
• Bind: VLAN and Priority Flow Control to a V-NIC; hardware lan to a Switch
  
• Virtual switch built automatically whenever 2 VNIC's are assigned to a Data Link
• Virtual Switch can be built on EtherStubs, isolated from real hardware
• Assigning a CPU Pool to a VNIC is coming

Implications to Hardware

• Zones can replace real machines in a model in a Solaris model on a laptop
  
• Virtual Switches can replace real switches in a Solaris model on a laptop
  
• Virtual Routers can replace real routers in a Solaris model on a laptop
• The configuration can be deployed in a production data center

Implications to Services: Crossbow Flows

• Flows describes a type of traffic moving through a network
• Flows can be described by: Services, Transport, Port Number, etc.
  
• Properties can be attached to flows: Bandwidth, CPU, Priorities, etc.
  
• Flows can be created on NIC's an V-NIC's
  

Question & Answers

• Bandwidth can be assigned to a NIC, Bandwidth Guarantees to allow bursting was on the roadmap in 2009.