On 04/27/09 13:40, Vincent Boisard wrote:
Hi everyone,

I am wondering, as Crossbow is now integrated, does it still make sense to use Shared IP Zones or is it better to use exclusive-ip zones with a vnic for each of them. With a vnic, we can benefit from the bandwidth management and al, but they may be performance issues...

What do you think about it ?

Some cases need exclusive IP Instances, such as where you need to have isolation, force traffic in certain ways (static routes, preventing kernel from looping traffic back up [1]).

In those cases where you have a choice to use either, the primary reason I see going shared IP is that the global administrator manages the network. With exclusive IP, the non-global administrator can/must manage that. Maybe not a big deal, unless you give root privileges to the zones users, and they can then make changes with out any constraints, and that is something that is not desirable in your installation.

Steffen


[1] Two or more VNICs on the same NIC with IP addresses on the same subnet will *not* have traffic leave the system. Something to keep in mind. The destination MAC address must be on a different node on the network for it to go out the NIC. That node could be a VNIC on a different NIC, but not on the same VNIC. Underneath the VNICs is essentially a switch, to help create the picture. This is partially good--traffic between zones sharing a VNIC is slower than shared (not sure how much) and faster than going out on the wire. Yet you still have the other benefits.



Cheers,

Vincent


------------------------------------------------------------------------

_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to