Network virtualization is one of the industry's hot topics. The potential to
reduce cost while increasing network flexibility easily justifies the investment
in time to understand the possibilities. This blog entry describes network
virtualization and some concepts. Future entries will show the steps to
create a virtual network.
Introduction to Network Virtualization
Network virtualization can be described as the process of creating a computer
network which does not match the physical topology of a physical network.
Usually this is achieved by using software tools of general-purpose computers or
by using features of network hardware.
A defining characteristic of a virtual network is the ability to re-configure
the topology without manipulating any physical objects: devices or cables.
Such a virtual network mimics a physical network. Some types of virtual networks, for example virtual LANs (VLANs), can be implemented using features of network switches and computers.
However, some other implementations do not require traditional network hardware such as routers and switches. All of the functionality of network hardware has been re-implemented in software, perhaps in the operating system.
Benefits of network virtualization (NV) include increased architectural flexibility, better bandwidth and latency characteristics, the ability to prioritize network traffic to meet desired performance goals, and lower cost from fewer devices, reduced total power consumption, etc.
The remainder of this blog entry will focus on a software-only implementation of NV.
A few years ago, networking engineers at Sun began working on a software project named "Crossbow." The goal was to create a comprehensive set of NV features within Solaris. Just like Solaris Zones, Crossbow would provide integrated features for creation and monitoring of general purpose virtual network elements that could be deployed in limitless configurations. Because
these features are integrated into the operating system, they automatically
take advantage of - and smoothly interoperate with - existing features.
This is most noticeable in the integration of Solaris NV features and Solaris
Zones. Also, because these NV features are a part of Solaris, future Solaris
enhancements will be integrated with Solaris NV where appropriate.
The core NV features were first released in OpenSolaris 2009.06. Since then, those core features have matured and more details have been added. The result is the ability to re-implement entire networks as virtual networks using Solaris 11 Express. Here is an example of a virtual network architecture:
As you can guess from that example, you can create virtually :-) any network topology as a virtual network...
NV does more than is described here. This content focuses on
the key features which might be used to consolidate workloads or
entire networks into a Solaris system, using zones and NV features.
Virtual Network Elements
Solaris 11 Express implements the following virtual network elements.
- NIC: OK, this isn't a virtual element, it's just on the list as a starting
For a very long time, Solaris has managed Network Interface Connectors
(NICs). Solaris offers tools to manage NICs, including bringing them up
and down, and assigning various characteristics to them, such as IP addresses,
assignment to IP Multipathing (IPMP) groups, etc. Note that up through Solaris
10, most of those configuration tasks were accomplished with theifconfig(1M) command, but in Solaris 11 Express thedladm(1M) and ipadm(1M) commands perform those
tasks, and a few more. You can monitor the use of NICs with dlstat(1M).
The term "datalink" is now used consistently to refer
to NICs and things like NICs, such as...
- A VNIC is a pseudo interface created on a datalink (a NIC or an etherstub,
Each VNIC has its own MAC address, which can be generated automatically,
but can be specified manually. For almost all purposes, a VNIC can be
can be managed like a NIC. The dladm command creates, lists, deletes,
and modifies VNICs. The dlstat command displays statistics about
VNICs. The ipadm(1M) command configures IP interfaces on VNICs.
Like NICs, VNICs have a number of properties that can be modified withdladm. These include the ability to force network processing of a VNIC
to a certain set of CPUs, setting a cap (maximum) on permitted bandwidth
for a VNIC, the relative priority of this VNIC versus other VNICs on the same
NIC, and other properties.
- Etherstubs are pseudo NICs, making internal networks possible. For a general
understanding, think of them as virtual switches. The command dladm
- A flow is a stream of packets that share particular attributes such as
source IP address or TCP port number. Once defined, a flow can be
managed as an entity, including capping bandwidth usage, setting relative
priorities, etc. The new flowadm(1M) command enables you to create and
manage flows. Even if you don't set resource controls, flows will benefit
from dedicated kernel resources and more predictable, consistent performance.
Further, you can directly observe detailed statistics on each flow,
improving your ability to understand these streams of packets and set proper
resource controls. Flows are managed with flowadm(1M) and monitored
- VLANs (Virtual LANs) have been around for a long time. For consistency,
the commands dladm, dlstat and ipadm now manage VLANs.
- InfiniBand partitions are virtual networks that use an InfiniBand fabric.
They are managed with the same commands as VNICs and VLANs: dladm,dlstat, ipadm and others.
Solaris 11 Express provides a complete set of virtual network components
which can be used to deploy virtual networks within a Solaris instance.
The next blog
will describe network resource management and security. Future entries will
provide some examples.