On 6/11/12 2:15 PM, Jim Klimov wrote:
SEB> shared-IP zones do indeed have better inter-zone networking
> performance (due to IP loopback and tcp-fusion).
> Exclusive-IP inter-zone performance could be improved, though,
> if it were made to take advantage of similar fast-paths.
Are you sure? I think its relative slowness was due to isolation
and, for example, different firewalling and requirement of an
external router (including a routing local zone) to connect two
IP subnets - in shared stack two zones from different subnets
can still communicate through the kernel (within the IP stack).
I don't think there is much fast-pathing to shave off, while
still keeping reached the goals of isolation. But the devs
would know better ;)
It depends on your isolation requirements indeed. Some administrators
would rather have all of their inter-zone packets leave the box and go
through an external device in order to apply filtering rules, and others
would rather not implement any such filtering and allow zones to
communicate to one-another directly for performance reasons. For the
latter, something could likely be done to shortcut the trip down to the
link-layer (and potentially out of the box).
SEB> It's not possible today, as there is quite a bit of code
> in the kernel that assumes and enforces the assumptions that
> the global zone stack is the stack that is shared by shared-IP
> zones, and that only global zone processes have the ability to
> manipulate configuration for that stack.
Is it very difficult to find to rewrite that code to use and
reference the ip_stack[0] instead? ;)
But, anyway, thanks to both of you for the discussion.
Everyone is still welcome to chime in ;)
It may not be "difficult", but it may be a voluminous amount of code to
have to modify and test.
-Seb
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
