On 6/11/12 9:59 AM, Jim Klimov wrote:
Hello all,
In OpenSolaris and its descendants it is possible to create
local zones (LZ) which share an IP stack with the global zone
(GZ) or have an exclusive IP stack. While exclusive stacks
have better separation between zones, the shared stacks may
yield higher performance comparable to loopback links.
shared-IP zones do indeed have better inter-zone networking performance
(due to IP loopback and tcp-fusion). Exclusive-IP inter-zone
performance could be improved, though, if it were made to take advantage
of similar fast-paths.
I wondered if it is possible (now, or technically feasible
through an RFE) to go a step beyond, and either:
1) Have a number of LZs with a shared IP stack, while the GZ
uses an exclusive IP stack, or
2) Define a number of IP stacks and bind certain zones to one
or another stack (and perhaps allow creation of routing
zones which can route/firewall between the two, although
several zones connected by an etherstub could do that).
Separate stacks shared by several zones might combine the
best of two worlds - groups of related zones would have
faster and more intimate interlinks, while unrelated zones
(and groups thereof) would be well isolated.
(actually, option 1 is a subset of option 2's capabilities)
For example, now I was documenting how to pass several LZs
with a host-only networked connection (exclusive stacks on
an etherstub) to Internet through NAT on their GZ. This is,
apparently, not a way to go for zones with a shared stack -
because the GZ's stack would have a hard time defining itself
as the default route for those local zones (if the GZ is used
as a router and not some routing LZ with an exclusive stack).
This is not an RFE per se, but rather food for thought and
discussion - did anyone ponder about this? Are there reasons
not to do it?
It's not possible today, as there is quite a bit of code in the kernel
that assumes and enforces the assumptions that the global zone stack is
the stack that is shared by shared-IP zones, and that only global zone
processes have the ability to manipulate configuration for that stack.
-Seb
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
