OpenSolaris Network Virtualization and Resource Control
OpenSolaris network virtualization and resource control is a set of OpenSolaris features, currently under development by Oracle as an open source project. OpenSolaris provides an internal network virtualization and quality of service scenario, implemented through the features of the OpenSolaris Crossbow umbrella project.
Major features of the Crossbow project include:
- Virtual NIC (VNIC) pseudo-network interface technology
- Exclusive IP zones
- Bandwidth management and flow control on a per interface and per VNIC basis
The Crossbow project software, combined with next generation network interfaces like xge and bge, enable network virtualization and resource control for a single system. By combining VNICs with features such as exclusive IP zones or the Sun xVM hypervisor, system administrators can run applications on separate virtual machines to improve performance and provide security. Resource management and flow control features provide bandwidth management and quality of service for packet flows on separate virtual machines. You can allocate bandwidth amounts and manage data flows not only for the physical network interface but also for any containers configured on the interface. The Crossbow resource control features enable increased system efficiency and the ability to limit the amount of bandwidth consumed by a process or virtual machine.
Features of the Crossbow project
This section briefly describes the main features of the Crossbow network virtualization and resource control project. For further details on each feature, see the Crossbow Network Virtualization Architecture document available for download at the OpenSolaris Crossbow documentation page.
A VNIC is a pseudo network interface that is configured on top of a system's physical network adapter, also called a network interface (NIC). A physical interface can have more than one VNIC. Each VNIC operates like and appears to the system as a physical NIC. The individual VNIC is assigned a media access control address (MAC address), which can be configured to a value other than the default MAC address assigned to the physical NIC. You can use the resource control features of Crossbow to allocate separate bandwidths to the individual VNICs. Moreover, you can configure a virtual machine, such as an exclusive IP zone or xVM domain on top of a VNIC.
When the first VNIC is created on a system, a virtual switch is also created above the physical interface. Though not directly accessible to the user, the virtual switch provides connectivity between all VNICs configured on the same physical interface, enabling the virtual network in a box scenario. The virtual switch forwards packets between the system's VNICs. Thus, packets from an internal VNIC source never have to pass to the external network to reach an internal network destination.
Exclusive IP zones
An exclusive IP zone is a separate instance of a full TCP/IP stack, which functions as a non-global zone. Each exclusive IP zone is built upon a physical network interface and has its own IP-related state. IP instances support DHCPv4 and IPv6 address autoconfiguration. An exclusive IP zone can have its own routing table and routing protocols separate from the global zone on a system. Moreover, a system administrator can run the ifconfig command within an exclusive IP instance to set up a logical interface within the exclusive IP zone.
Modifications to the TCP/IP MAC layer
In OpenSolaris, the MAC layer is part of the larger data link layer of the TCP/IP protocol stack. The Crossbow project modifies this layer with several new features, including the MAC client interface. This virtual entity is a kernel data structure that is not externally visible to the system administrator. However, the MAC client interface along with the VNIC driver provides the VNIC functionality in OpenSolaris. Additionally, Crossbow modifications to the MAC layer enable a system administrator to assign a different MAC address to each VNIC on a system.
Resource management and flow control
The Crossbow project features provide bandwidth management and flow control on a per VNIC basis. A system administrator can configure different bandwidth allocations to the various VNICs on a host through the new Crossbow-related commands dladm.1m and flowadm.1m. Traffic through each VNIC can be classified and separated into individual flows, based on port number, destination IP address, and other parameters. These features can be used to improve system efficiency and enable differentiated services for separate VNICs.
Standard Solaris observability tools can be used to monitor the status of exclusive IP instances, VNICs, and virtual machines running on VNICs. For example, familiar tools such as ping and snoop can report status on the operations of a VNIC. Additionally, the netstat.1m command has been extended for Crossbow to report statistics on packet flows defined with the flowadm command.
Crossbow code availability
The exclusive IP zones feature is included in the Solaris 10 8/07 release. The first version of the Crossbow feature set was incorporated in OpenSolaris 2009.06. Source code can be downloaded from the sites of the derivatives of illumos (see illumos § Current distributions) as Oracle discontinued the OpenSolaris download sites after its purchase of Sun Microsystems.
- Belgaied, Kais and Lu, Roamer. “Crossbow Hardware Resources Management and Virtualization”
- Droux, Nicolas, "Crossbow Network Virtualization Architecture"
- Rami, Rosen, Virtualization in OpenSolaris
- System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
- Rami, Rosen, Open Solaris lecture (slides in pdf)
- Moellenkamp, Joerg Configuration of Crossbow Network Virtualisation
- Moellenkamp, Joerg Configuration of Crossbow Bandwidth Limiting and Accounting
- "OpenSolaris Project: Crossbow: Network Virtualization and Resource Control". Archived from the original on 2009-10-21. The project page for OpenSolaris Crossbow, which includes technical specifications, documentation and latest news about the project.
- dladm man pages. Links for the most current dladm man pages, which is one of the main tools used to manage virtual network resources.