Steffen Weiberle wrote:
This new rctl is part of the overall zones/rm improvement project
we have been working on for a while now.


Thanks, Jerry! I am waiting with open arms :) for this, and memory sets, and swap sets, and IP instances! Oh, and CPU caps.

Wait, does this replace swap sets? Or is this a control to limit shared swap only? Maybe I can update that bullet item in my presentations!!

So, in addition to security concerns, this customer was also asking about DoS prevention or minimization, and these will all contribute to that ability.

The new rctl does not replace swap sets.  The memory & swap sets project
is still being working on, but is still under development, so it is hard
to say when it will be done.  The best way think about this is that
swap sets, memory sets and processor sets all partition the resources
on the system.  On the other hand the rctls (max-swap & cpu-caps), as
well as the new rcapd support for zones, set an upper limit on the
usage but the resources are still shared.

I think capping is more flexible since you still share your resources
and can over-provision the system.  However, there are various use
cases where partitioning is also useful.  For processors, you might
have licensing issues where psets solve that problem.  For memory,
memory & swap sets give you a reservation, which you don't get with
caps.

This is the diagram we used in the design doc:

                       dedicated |  capped
               ---------------------------------
               cpu    |  psets   |  cpu-caps
               memory |  msets   |  rcapd & max-swap

Jerry
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to