K wrote: > 1/ Anchor vNic, the equivalent of linux dummy interfaces, we need more > flexibility in the way we setup xen networking. What is sad is that > the code is already available in the unreleased crossbow bits... but > it won't appear in nevada until Q1 2008 :( > > This is a real blocker for me as my ISP just started implementing port > security and locks my connection everytime it sees a foreign mac > address using one of the IP addresses that were originally assigned to > my dom0. On linux, I can setup a dummy interface and create a bridge > with it for a domU but on Solaris I need a physical NIC per bridge !$!! > @#$! > > For this particular feature, I am ready to give a few hundred dollars > as booty if anyone has a workaround.
work in progress.. Highly unlikely we will wait until Crossbow is integrated before we have this functionality. > 2/ Pci passthru, this is really useful so you can let a domU access a > PCI card. It comes really handy if you want to virtualize a PBX that > is using cheap zaptel FXO cards. Again on linux, xen pci passthru has > been available for a while. Last time I mention this on the xen > solaris discussion, I received a very dry reply. This has been low on our priority list. We do plan on doing it relatively soon, but to date, not a lot of customers have asked for it (for use in a production environment). We'll probably start on Solaris domU pass through support within a month or two and then do dom0 support after that. It just comes down to when folks free up from other xVM related work to do the code. > 3/ Problem with DMA under Xen ... e.g. my areca raid cards works > perfect on a 8GB box without xen but because of the way xen allocates > memory... I am forced to allocate only 1 or 2 gig for the dom0 or the > areca drivers will fail miserably trying to do DMA above the first 4G > address space. This very same problem affected xen under linux over a > year ago and seems to have been addressed. Several persons on the ZFS > discuss list who complain about poor ZFS IO performance are affected > by this issue. This should be relatively easy to fix assuming I can get access to similar H/W. Do you get any error messages? We do have a bug in contig alloc (allocs too much memory) which was recently found which is affecting nv_sata based systems. It may be related to that or something that the driver could be doing better. Can you send me more details around your setup (card your using, what's connected to it, where you got the driver and what version you have), behavior and perf on metal, behavior and perf on xVM. > 4/ Poor exploit mitigation under Solaris. In comparaison, OpenBSD, > grsec linux and Windows => XP SP2 have really good exploit > mitigation.... It is a shame because solaris offered a non-exec stack > before nearly everyone else... but it stopped there... no heap > protection, etc... > > The only thing that is preventing me from switching back to linux (no > zfs), freebsd (no xen) or openbsd (no xen and no zfs), right now is > ZFS and it is the same reason I switched to Solaris in the first place. I'll let the security folks handle this :-) MRJ _______________________________________________ xen-discuss mailing list [email protected]
