On Thu, 2009-07-23 at 17:32 -0700, Jordan Vaughan wrote: > Hello zones community members, > > I'm one of the engineers working on Solaris 10 Containers (S10Cs) for > OpenSolaris (http://www.opensolaris.org/os/project/s10brand). I'm > currently evaluating networking requirements for S10Cs. Our ultimate > goal is to achieve networking feature parity with native Solaris 10 > zones: we will want S10Cs to do everything that native Solaris 10 zones > can do. > > I would appreciate any input you can provide regarding what you (or your > customers) currently do with your native Solaris 10 zones (both > exclusive- and shared-stack zones), especially the commands (arp, snoop, > traceroute, etc.), protocols, and other features/services (SMA, > Solstice, IPMP, NAT, IP Filter, DHCP client/server, IP tunnels, PPP, > IPsec, etc.) that you use most frequently. Your input will help us > prioritize networking features and set realistic expectations for our > product. > > Thanks, > Jordan Vaughan > Solaris Zones > _______________________________________________ > zones-discuss mailing list > zones-discuss@opensolaris.org
At my site we rarely use exclusive stack zones. This is because interface consumption would become a problem. The shared stack interface is limiting. Not having bandwidth controls etc makes me nervous that someday I'll have a bandwidth utilization problem and not have any great solutions. I've also had non-global zone administrators ask to be able to run snoop. While this is possible with a shared stack its not secure. So the reason I'd want the S10Cs to support exclusive IP is because I'd want be able take advantage of crossbow to solve some of the limitations I have with shared stack Native Zones now. If exclusive IP for S10Cs isn't an option a work around might be to setup crossbow vnics for each zone I want to run and attach that zone exclusively to that interface as "shared". Having only limited experience with crossbow I'm not exactly sure if this would work and it would feel somewhat hackish. I'd also hate to see what my GlobalZone routing table would look like - I suspect I could cause myself an interesting network problem If I'm not careful. Thanks for the request for input. -Alex P.S. Will the Solaris 10 Containers support delegated zfs datasets? In my case this is a more important feature to have. _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
