On Thu, Jul 23, 2009 at 7:32 PM, Jordan Vaughan<jordan.vaug...@sun.com> wrote:
> Hello zones community members,
> I'm one of the engineers working on Solaris 10 Containers (S10Cs) for
> OpenSolaris (http://www.opensolaris.org/os/project/s10brand).  I'm currently
> evaluating networking requirements for S10Cs.  Our ultimate goal is to
> achieve networking feature parity with native Solaris 10 zones: we will want
> S10Cs to do everything that native Solaris 10 zones can do.
> I would appreciate any input you can provide regarding what you (or your
> customers) currently do with your native Solaris 10 zones (both exclusive-
> and shared-stack zones), especially the commands (arp, snoop, traceroute,
> etc.), protocols, and other features/services (SMA, Solstice, IPMP, NAT, IP
> Filter, DHCP client/server, IP tunnels, PPP, IPsec, etc.) that you use most
> frequently.  Your input will help us prioritize networking features and set
> realistic expectations for our product.

I'll assume that everything that works in a S10 non-global zone with a
shared stack will continue to work in a Solaris 10 container.  That
is, pretty much anything that doesn't need raw access just works.

In order to attract Solaris 10 non-global zones to being S10Cs, the
S10C needs to be able to leverage the capabilities of crossbow to get
a dedicated IP stack.  I don't care if I can us dladm to configure
vnics in an S10C or not.  I would need some way to tune IP, TCP, UDP,
etc. parameters.  Ideally this would be via nddconfig[1].


In order to attract Solaris 10 global zones to being S10Cs, a more
somewhat complete feature set is need.  A key barrier I would expect
to see to application installations is the need for ndd -get and ndd
-set to work as they do in Solaris 10 because is part of some
applications' pre-installation checks.  If Clearview IPMP is not able
to provide an IPMP'd interface to the zone that can be independently
tuned (e.g. ndd -set /dev/tcp ...) , then IPMP needs to be supported
within the S10C.

In all cases I need to be able to access tagged VLANs.  I don't care
much as to whether this happens by creating vnic's in the global zone
or some other method.

Mike Gerdts
zones-discuss mailing list

Reply via email to