On 04/28/09 06:09, Vincent Boisard wrote:
Thanks for your help,
Let me summarize this:
- Shared IP has the advantage that the global zone fully administers the
network: zone don't have to (and even CAN'T) bother with it. There may
be a slight advantage performance wise.
Yes. I would expect lower latency between zones using shared IP.
- Exclusive IP with VNIC is needed for some features and enables
bandwidth management between the network and zones (Does it make sense
to try to manage bandwidth between zones ?)
Does you application benefit from it? Would there be a difference if you
moved the zone to a different system and wanted bandwidth limit then?
The only reason I can think of to limit when co-located is so that when
not co-located *and* bandwidth limits are in place, performance is about
the same (if you are concerned about setting expectations of the users
and meeting them later).
Keep in mind minimum bandwidth is 1.2Mbps, so for most applications that
already seems to be a lot (thinking ssh and others like that and maybe
Db access for a client, not web traffic on a major site).
I am curious about others' experiences and uses!
Steffen
Cheers,
Vincent
On Mon, Apr 27, 2009 at 11:58 PM, Steffen Weiberle
<steffen.weibe...@sun.com <mailto:steffen.weibe...@sun.com>> wrote:
On 04/27/09 13:40, Vincent Boisard wrote:
Hi everyone,
I am wondering, as Crossbow is now integrated, does it still
make sense to use Shared IP Zones or is it better to use
exclusive-ip zones with a vnic for each of them.
With a vnic, we can benefit from the bandwidth management and
al, but they may be performance issues...
What do you think about it ?
Some cases need exclusive IP Instances, such as where you need to
have isolation, force traffic in certain ways (static routes,
preventing kernel from looping traffic back up [1]).
In those cases where you have a choice to use either, the primary
reason I see going shared IP is that the global administrator
manages the network. With exclusive IP, the non-global administrator
can/must manage that. Maybe not a big deal, unless you give root
privileges to the zones users, and they can then make changes with
out any constraints, and that is something that is not desirable in
your installation.
Steffen
[1] Two or more VNICs on the same NIC with IP addresses on the same
subnet will *not* have traffic leave the system. Something to keep
in mind. The destination MAC address must be on a different node on
the network for it to go out the NIC. That node could be a VNIC on a
different NIC, but not on the same VNIC. Underneath the VNICs is
essentially a switch, to help create the picture. This is partially
good--traffic between zones sharing a VNIC is slower than shared
(not sure how much) and faster than going out on the wire. Yet you
still have the other benefits.
Cheers,
Vincent
------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org <mailto:zones-discuss@opensolaris.org>
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
