Mads Toftum wrote:
On Fri, May 11, 2007 at 01:44:42PM -0400, Jeff Victor wrote:
I would choose 50%. For 3 zones, 75% doesn't accomplish enough. At 50%,
they will (hopefully) investigate the performance issue and be happily
surprised when they learn they've been using a default value...
Menno Lageman wrote:
Another option for RM templates would be that the template is a pointer
to a set of RM defaults instead of being used directly during zone
creation. This way, changing RM settings of existing zones would simply
entail changing the template in one place. Or, when moving a
Jeff Victor wrote:
Here we have a difficult non-technical decision to make. Which is
'better':
1) No out-of-the-box controls - the current situation. The
unsuspecting zone creator will unwittingly allow DoS attacks by zones
until it becomes clear that RM controls should be used, either
Menno Lageman wrote:
Jeff Victor wrote:
Here we have a difficult non-technical decision to make. Which is
'better':
1) No out-of-the-box controls - the current situation. The
unsuspecting zone creator will unwittingly allow DoS attacks by zones
until it becomes clear that RM controls
On Fri, May 11, 2007 at 11:37:03AM -0600, Jerry Jelinek wrote:
Can you explain your concern? What if we fixed FSS so it works when
you are running the windowing system (like IA)?
That's not the point here. FSS shares being relative to the total number
of shares. So, if you were to have 2 zones
On Fri, May 11, 2007 at 01:44:42PM -0400, Jeff Victor wrote:
I would choose 50%. For 3 zones, 75% doesn't accomplish enough. At 50%,
they will (hopefully) investigate the performance issue and be happily
surprised when they learn they've been using a default value...
I'm not too keen to
Jerry Jelinek wrote:
Dan Price wrote:
On Thu 10 May 2007 at 04:21PM, Jerry Jelinek wrote:
of the other controls is trickier although I think Dan's idea of scaling
these based on the system makes it easier. We might also want to think
about scaling based on the number of running zones.
Jeff Victor wrote:
With all of that, should default values be minima or maxima? The goal I
have in mind is default values that will protect a zone from DoS
attacks, or the equivalent symptom, caused by bad software.
Although we could assign default values to caps, they would be
arbitrary,
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system. You want to
be able to get on the global zone and clean up the misbehaving zone
and any other well behaved
Mads Toftum wrote:
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system. You want to
be able to get on the global zone and clean up the misbehaving zone
and any other
Mads Toftum wrote:
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system. You want to
be able to get on the global zone and clean up the misbehaving zone
and any other
Jerry Jelinek wrote:
Mads Toftum wrote:
If we implement Dan's idea of a percentage for some of the resource
controls we could have physical memory and swap caps default to something like
50%-75% of the system total. Again, well-behaved zones shouldn't get close
to this (if they do, the system
Jeff Victor wrote:
Wouldn't this lead to a waste of resources on systems with only one
non-global zone? It may not be the most common setup, but still makes a
lot of sense for a higher level of security.
No, since this is only a cap, not a partitioning of resources, so
everything
is still
Jeff Victor wrote:
By default, Solaris Containers do not have resource controls. Up through
S10 11/06 you could add many resource controls to Containers, directly
or indirectly, but some of them were... 'challenging' to use. ;-)
S10 7/07 improves the situation greatly, moving many of the
On Thu, May 10, 2007 at 11:23:18AM -0400, Jeff Victor wrote:
I would like to gather thoughts and opinions on this omission: should
Containers have default RM settings? Is there a better method to solve
this problem? If not, which settings should have defaults?
I really wouldn't like
Mads Toftum wrote:
On Thu, May 10, 2007 at 11:23:18AM -0400, Jeff Victor wrote:
I would like to gather thoughts and opinions on this omission: should
Containers have default RM settings? Is there a better method to solve
this problem? If not, which settings should have defaults?
I really
On Thu, May 10, 2007 at 02:11:12PM -0400, Jeff Victor wrote:
Currently there isn't a setting which enables (or disables) RM. Are you
suggesting that there should be one 'knob' which enables RM, and chooses
sufficiently large default values until you override them?
Yes.
Perhaps it could
On Thu, 2007-05-10 at 14:11 -0400, Jeff Victor wrote:
However, this model does not solve the problem that is documented in
Clarkson's paper: the out-of-the-box experience does not protect
well-behaved zones from poorly-behaved zones, or a DoS attack.
I see where you are going with this
Bob Netherton wrote:
I see where you are going with this Jeff, and there are some good ideas
behind all of this. I have a great desire to rephrase your question
without the reference to zones - how well is Solaris itself
protected against the various forms of DoS attack ? Do the controls
On Thu 10 May 2007 at 04:21PM, Jerry Jelinek wrote:
of the other controls is trickier although I think Dan's idea of scaling
these based on the system makes it easier. We might also want to think
about scaling based on the number of running zones.
Another way to look at it (and I think what
On 5/10/07, Dan Price [EMAIL PROTECTED] wrote:
I think fundamentally we hear from two camps: those who want to
proportionally partition whatever resources are available, and those who
want to see the system as virtual 512MB Ultra-2's or virtual 1GB,
1ghz PCs.
The typical scenario I see is that
21 matches
Mail list logo