Crossbow NIC Virtualization
By ndroux on Apr 13, 2006
We recently opened Project Crossbow OpenSolaris.org. Crossbow enables network virtualization and resource control on Solaris. Virtual NICs (Virtual Network Interface Cards, or VNICs) are major components of the Crossbow architecture. Since I'm responsible for this part of the project, I wanted to give you a brief introduction to VNICs, and how they are used.
Virtualization in general is a very attractive proposition, and widely used today to consolidate hosts and services. Solaris Zones, which has been available since Solaris 10, is one method by which a Solaris instance can be partitioned into multiple runtimes sharing the same Solaris kernel. Xen is another virtualization project which allows multiple virtual machines, consisting of their own (possibly different) kernel, to run on the same hardware host.
VNICs allow carving up physical NICs, or aggregation of NICs, to form virtual NICs. These NICs behave just like any other network card for the rest of the system. They have MAC addresses, can be plumbed and configured from ifconfig, etc. VNICs can be assigned to zones or virtual machines (for example Xen domains) running on the machine.
One of the benefits of Crossbow is that VNICs can be assigned their own bandwidth limits or guarantees. These limits effectively allow assigning a part of the underlying NIC bandwidth to zones or virtual machines. The enforcement of that limit is done by the squeues which are assigned to the VNIC.
When the physical NIC provides hardware classification capabilities and multiple receive rings, these receive rings are assigned to VNICs directly, and the classifier is programmed to allow traffic received for a given VNIC to land directly on the hardware rings assigned to the VNIC. This allows VNIC to be implemented without performance penalty. When the underlying physical NIC doesn't provide these hardware capabilities, the MAC layer on top of the NIC driver does the software classification to the VNICs through software rings.
The following figure shows two VNICs defined on top of the same physical NIC, and assigned to two separate zones.
The figure above also shows another option of VNICs, which consists of assigning multiple hardware rings to a single VNIC. Some of these rings can then be assigned to separate services or protocols, and be given different bandwidth or priority requirements. In the example above, zone1 assigned its own ring to https traffic, for which it can assign a higher bandwidth.
As you can see, VNIC is a powerful construct and a pillar of Crossbow. If you are interested by project Crossbow, please read more about it on our OpenSolaris project page. Our discussion forum awaits your comments or questions.