Re: [zones-discuss] Survey of networking feature use in native Solaris 10 zones
On 07/23/09 20:32, Jordan Vaughan wrote: Hello zones community members, I'm one of the engineers working on Solaris 10 Containers (S10Cs) for OpenSolaris (http://www.opensolaris.org/os/project/s10brand). I'm currently evaluating networking requirements for S10Cs. Our ultimate goal is to achieve networking feature parity with native Solaris 10 zones: we will want S10Cs to do everything that native Solaris 10 zones can do. I would appreciate any input you can provide regarding what you (or your customers) currently do with your native Solaris 10 zones (both exclusive- and shared-stack zones), especially the commands (arp, snoop, traceroute, etc.), protocols, and other features/services (SMA, Solstice, IPMP, NAT, IP Filter, DHCP client/server, IP tunnels, PPP, IPsec, etc.) that you use most frequently. Your input will help us prioritize networking features and set realistic expectations for our product. Thanks, Jordan Vaughan Solaris Zones ___ zones-discuss mailing list zones-discuss@opensolaris.org Definitely all the low level tools, including arp, snoop, traceroute. DHCP client for sure, DHCP server probably. IP Tunnel for sure, especially if you mean IPsec. IPfilter, as it pertains to what a zone admin can do today to specify filter rules within the zone. (I have not come across anyone doing this, yet, so it might be lower priority on my end.) DLPI access, or whatever network provisioning tools might use. Here is the big one---NFS server :) (not that I see how this would be any different than a native S10 zone) IPMP 100% And all answers are shared and exclusive IP, in those cases where they also work with shared IP. VNICs is going to make exclusive IP accessible to a large number of users who haven't been able to use them so far. And it will allow lots of zones to share a few high speed NICs. Steffen ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Survey of networking feature use in native Solaris 10 zones
On Thu, Jul 23, 2009 at 7:32 PM, Jordan Vaughanjordan.vaug...@sun.com wrote: Hello zones community members, I'm one of the engineers working on Solaris 10 Containers (S10Cs) for OpenSolaris (http://www.opensolaris.org/os/project/s10brand). I'm currently evaluating networking requirements for S10Cs. Our ultimate goal is to achieve networking feature parity with native Solaris 10 zones: we will want S10Cs to do everything that native Solaris 10 zones can do. I would appreciate any input you can provide regarding what you (or your customers) currently do with your native Solaris 10 zones (both exclusive- and shared-stack zones), especially the commands (arp, snoop, traceroute, etc.), protocols, and other features/services (SMA, Solstice, IPMP, NAT, IP Filter, DHCP client/server, IP tunnels, PPP, IPsec, etc.) that you use most frequently. Your input will help us prioritize networking features and set realistic expectations for our product. I'll assume that everything that works in a S10 non-global zone with a shared stack will continue to work in a Solaris 10 container. That is, pretty much anything that doesn't need raw access just works. In order to attract Solaris 10 non-global zones to being S10Cs, the S10C needs to be able to leverage the capabilities of crossbow to get a dedicated IP stack. I don't care if I can us dladm to configure vnics in an S10C or not. I would need some way to tune IP, TCP, UDP, etc. parameters. Ideally this would be via nddconfig[1]. 1.http://src.opensolaris.org/source/xref/sst/gate/src/Files/etc/init.d/nddconfig In order to attract Solaris 10 global zones to being S10Cs, a more somewhat complete feature set is need. A key barrier I would expect to see to application installations is the need for ndd -get and ndd -set to work as they do in Solaris 10 because is part of some applications' pre-installation checks. If Clearview IPMP is not able to provide an IPMP'd interface to the zone that can be independently tuned (e.g. ndd -set /dev/tcp ...) , then IPMP needs to be supported within the S10C. In all cases I need to be able to access tagged VLANs. I don't care much as to whether this happens by creating vnic's in the global zone or some other method. -- Mike Gerdts http://mgerdts.blogspot.com/ ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Survey of networking feature use in native Solaris 10 zones
On Thu, 2009-07-23 at 17:32 -0700, Jordan Vaughan wrote: Hello zones community members, I'm one of the engineers working on Solaris 10 Containers (S10Cs) for OpenSolaris (http://www.opensolaris.org/os/project/s10brand). I'm currently evaluating networking requirements for S10Cs. Our ultimate goal is to achieve networking feature parity with native Solaris 10 zones: we will want S10Cs to do everything that native Solaris 10 zones can do. I would appreciate any input you can provide regarding what you (or your customers) currently do with your native Solaris 10 zones (both exclusive- and shared-stack zones), especially the commands (arp, snoop, traceroute, etc.), protocols, and other features/services (SMA, Solstice, IPMP, NAT, IP Filter, DHCP client/server, IP tunnels, PPP, IPsec, etc.) that you use most frequently. Your input will help us prioritize networking features and set realistic expectations for our product. Thanks, Jordan Vaughan Solaris Zones ___ zones-discuss mailing list zones-discuss@opensolaris.org At my site we rarely use exclusive stack zones. This is because interface consumption would become a problem. The shared stack interface is limiting. Not having bandwidth controls etc makes me nervous that someday I'll have a bandwidth utilization problem and not have any great solutions. I've also had non-global zone administrators ask to be able to run snoop. While this is possible with a shared stack its not secure. So the reason I'd want the S10Cs to support exclusive IP is because I'd want be able take advantage of crossbow to solve some of the limitations I have with shared stack Native Zones now. If exclusive IP for S10Cs isn't an option a work around might be to setup crossbow vnics for each zone I want to run and attach that zone exclusively to that interface as shared. Having only limited experience with crossbow I'm not exactly sure if this would work and it would feel somewhat hackish. I'd also hate to see what my GlobalZone routing table would look like - I suspect I could cause myself an interesting network problem If I'm not careful. Thanks for the request for input. -Alex P.S. Will the Solaris 10 Containers support delegated zfs datasets? In my case this is a more important feature to have. ___ zones-discuss mailing list zones-discuss@opensolaris.org
