Tuesday Apr 29, 2014

Solaris 11.2 Networking Overview: Application-Driven SDN and Beyond

Today we are excited to announce Solaris 11.2 (Solaris 11.2 Beta available here). This release introduces significant improvements to the Solaris networking stack, substantially expanding its built-in network virtualization and SLA features to provide a distributed virtual network infrastructure for your private cloud, and enabling application-driven SLAs. Together, these features are the foundation of the built-in Application-driven Software-Defined Networking (SDN) capabilities of Solaris 11.2.

As the Chief Architect for Solaris Core Networking, I am pleased to introduce this significant set of exciting new features and their benefits.

  • Elastic Virtual Switch (EVS): provides a built-in distributed virtual network infrastructure that can be used to deploy virtual switches across a collection of machines. EVS provides centralized management and observability for ease of use, and for the monitoring of resources across all the nodes in a single view. Control is performed through easy to use administration tools or OpenStack.

    EVS currently supports VXLAN and VLAN for maximum flexibility, and for easily integrating in your existing environment. Our architecture is fabric-independent, and can be extended in the future to support additional types of network fabrics. EVS manages network configuration across the compute nodes and the network for you automatically, and dynamically adapts to the location of your workload.

    EVS is tightly integrated with the newly introduced Solaris kernel zones as well as native zones, allowing a zone's VNIC to easily connect to an elastic virtual switch.

  • OpenStack Neutron Networking: Solaris 11.2 includes a full distribution of OpenStack, taking advantage of the stability, performance, and security of Solaris. For networking, Solaris 11.2 includes an OpenStack Neutron plugin layered on top of EVS. This plugin allows you to leverage the new Solaris distributed virtual networking capabilities from OpenStack transparently.

  • VXLAN: Extended VLANs allowing virtual segments to be layered on top of generic IP networks. VXLANs provide greater flexibility than VLANs which typically require switch configuration and limited to 4096 VLAN instances.

  • Datalink Multipathing Probing: DLMP was introduced in Solaris 11.1 to combine the benefits of link aggregation and IPMP. For instance, DLMP like IPMP does not require configuration of the switches, can implement failover between multiple switches without relying on switch vendor proprietary extensions. DLMP is implemented as a new mode of the link aggregation Solaris feature, which allows it to be easily combined with our network virtualization features, providing highly available VNICs to VMs and zones.

    Solaris 11.2 adds probe-based failure detection to DLMP, allowing the use of layer-3 IP probes to one or more target nodes on the network. IP address consumption is reduced through transitive probing between the members of a DLMP aggregation.

  • High-Priority Hardware-assisted Flows: This new feature extends the set of SLAs supported by Solaris to allow flows to be associated with a high or normal traffic priority. Packets belonging to flows with a high priority are processed more quickly through the network stack through dedicated kernel resources. When possible, high priority flows are segregated between multiple hardware rings in the NIC. The interrupt throttling settings of the underlying NIC are also dynamically adjusted if possible.

  • Application-Driven SLAs: In order to enable true application-driven SLAs, Solaris 11.2 provides new APIs allowing applications like Oracle RAC or JVMs to dynamically associate SLAs (bandwidth limit or priority) with a network sockets. Processing critical network traffic such as heartbeats at a higher priority improves system uptime, and bandwidth capping allow fine control of the bandwidth usage for better performance and isolation between different types of network traffic. Flows are dynamically created according to the configured SLAs, and they can be monitored with flowstat(1M).

  • NUMA IO performance improvements for latency-sensitive workloads: The NUMA IO framework, which we introduced in Solaris 11 to improve Solaris performance and allow it to scale on large machines such as the SPARC M5-32, was updated with this release to avoid latency spikes on loaded systems. Instead of binding kernel IO threads to specific CPUs, they are now bound to a subset of CPUs, allowing the NUMA IO locality optimizations to be preserved, while letting the dispatcher pick the best available CPU according to the current load. This reduces the risk for latency spikes on a loaded system, and also leads to a better distribution of IO-related CPU processing. These new bindings are pool optimized, meaning that the IO processing for a zone with its dedicated set of CPUs will be executed on the CPUs belonging to that zone for best isolation.

  • Network Monitoring: Network monitors are new in Solaris 11.2. They continuously monitor the network state and the system configuration for problems such as misconfiguration on the host or network. This allows common problems such as mismatching VLAN settings between switch and host, or misconfigured MTUs to be detected and reported early, minimizing down time.

  • Reflective Relay: One of the common use cases of virtualization is consolidation, where multiple physical machines are consolidated on a single server and run in virtual machines or zones. The Solaris build-in network virtualization provides a virtual software datapath between these VMs/zones. In some cases, the policies of the environment being consolidated requires the traffic to go through a centralized server for traffic isolation, accounting, etc. The Reflective Relay feature allows the software virtual switched to be bypassed, and all packets to be sent on the physical network infrastructure.

  • Precision Time Protocol: PTP enables the synchronization between hosts. By optionally leveraging hardware-assisted timestamping, PTP can achieve synchronization that is more precise than NTP.

  • SR-IOV VNICs: Single-Root IO Virtualization, or SR-IOV, virtualizes IO devices to allow direct access to hardware from virtual machines, avoiding costly hypervisor overhead. SR-IOV VNICs encapsulate SR-IOV virtual functions within VNICs, allowing SR-IOV to be managed and monitored as any a regular VNIC. Even when a SR-IOV virtual function is mapped into a guest for direct access, the corresponding VNIC remains present in the host operating system to allow for the control of the virtual function.

As you can see, Solaris 11.2 provides you with a significant set of new networking features and benefits, whether integrated within your existing infrastructure, or as the foundation of your next generation private cloud. The Solaris 11.2 Beta is now available for download; we are looking forward to your feedback!




« April 2014