Monday Oct 22, 2007

What's new in Solaris Networking

Current work in Solaris Networking[Read More]

Thursday May 17, 2007

Solaris 10U4 is IPv6 ready

S10U4 is now IPv6 certified.[Read More]

Monday Feb 19, 2007

CrossBow and Neptune

All the stars seem to be lining up: Sun's T1000 and T2000 Chip Multi Threaded machines, the Neptune 10Gb NICs and CrossBow Network Virtualization and Resource Control: With CrossBow, Solaris will take full advantage of the the new virtualization functionality that Neptune 10 Gb NIC offers like hardware classification, multiple Receive/Transmit rings and DMA channels. This means the networking stack in Solaris is fully aligned with the networking hardware.

Crossbow features include:

\*- Ability to create Virtual NIC (VNIC) which is built on top of dedicated resources like Rx/Tx rings, DMA channels, kernel queues and threads and CPUs. On systems like Niagara and other hardware, this allows multiple Solaris Containers or Virtual machines to share the available B/W and host networking resources based on policies or resource partitioning without any performance impact due to virtualization.

- Parallelizing the networking workload across multiple Niagara threads and cores using Neptune classifier to spread traffic to multiple Receive and transmit rings while maintaining affinity between Rx/Tx rings, Niagara threads, kernel threads and queues.

- Ability to separate out services and protocols and providing dedicated resources (like Neptune Rx/Tx rings, DMA channels, kernel threads and queues, and Niagara threads and cores) and dedicated bandwidth (both limits and guarantees) over a common NIC without any performance penalties. Provides Quality of service to services that need it.

CrossBow on OpenSolaris:

Crossbow is one of the leading projects on OpenSolaris and has a large community around it. The source code and binaries are available today via the OpenSolaris ( CrossBow will be available in Solaris by the end of this year.

Pretty cool stuff! And with the upcoming next generation of Niagara chips the NIC will even be included on the board itself. This will give us additional performance boost.

Monday Jan 22, 2007

IP Instances - Network Virtualization for Solaris Containers, aka. zones

The IP Instance project just integrated into the Solaris Nevada code base and is supposed to be available in a Solaris 10 update later this year. Donghai Han, Yukun Zhang, Zhijun Fu and Erik Nordmark worked really hard on the development side to make this happen, George Yao and Alex Peng did the same on the test development side. IP Instances provides Solaris customers the option of assigning seperate IP stacks to Containers thus providing much more flexibility. IP Instances addresses a long list of customer enhancement requests and takes networking in Solaris Containers to the next level: With IP Instances you get full separation of the networking stack between Containers. With project Crossbow we'll extend network virtualization into the device driver layer and provide a industry-leading network virtualization solution. Crossbow is still in the works, but a beta version is already available on OpenSolaris. We are planning on starting a formal beta program in the next couple of weeks.

Friday Jan 19, 2007

Looking for college hires and interns

Interested in working on cutting edge networking technology? Interested in defining the future of network virtualization? We are currently looking for top students who can help shape the future of next-generation networking infrastructure, both as full-time employees or interns. Interested? Just send me your resume at: -Markus

Monday Oct 23, 2006

Solaris is ready for IPv6

We just go the news from the UNH Interoperability lab, that we have passed the phase I IPv6 compliance tests with Solaris Nevada, see:

This means Solaris is leading in the IPv6 space. Given the convergence of the different types of communication traffic like data, Voice and streaming video onto IP I'd expect a much greater need for IPv6 in the next few years. Initially it looked like the government mandate for IPv6 was going to drive its deployment, but right now it looks like the telco space is going to lead that change.


Thursday Aug 10, 2006

Solaris for security ISVs and network appliances

With the recent and enhancements in the Solaris networking stack Solaris has become a very interesting player for ISVs and appliance vendors in the security appliance space.

First of all the fact that Solaris is open source and lets ISVs and appliance vendors link their proprietary modules with the OpenSolaris source code without distributing the source code of these proprietary modules or having to worry about legal concerns is a big plus over other OSes

Secondly, the recent and ongoing enhancements really put Solaris into the driver seat:

Solaris has made a huge step forward in the network performance space:
  • With FireEngine and Nemo the Solaris networking performance has gone up by some 50%
  • The arrival of the packet filtering APIs that Darren Reed is work on will be improving the firewall performance on Solaris by about 20% (This is the number we are getting with ipfilter)
  • Project Surya which is about to integrate into Solaris will greatly improve the forwarding performance

    There are a lot of new cool features in Solaris or coming out soon:
  • Ongoing virtualization of the stack through Stack Instances as well as CrossBow will provide a much better control over the networking stack
  • A prototype for Ethernet Bridging is already available through OpenSolaris. Pretty soon will be integrating a more advanced version based on the CrossBow virtual NIC concept
  • Quagga is providing very cool routing functionality

    You can expect a lot more really cool stuff out of the Solaris networking group in the near future! Let me know if you are interested in participating!
  • Wednesday May 31, 2006

    CrossBow prototype available

    NIC virtualization and network bandwidth control are becoming a reality: My team just finished a prototype of the CrossBow project which creates that capability.[Read More]

    Tuesday Jan 17, 2006

    New features for ipfilter

    After a few discussions within the development team, with our marketing folks and with several customers I came to the conclusion that these are the features that we have to add to ipfilter:
    • Enabling ipfilter within Solaris Containers: This will allow the user of a Solaris Container to set their own fire wall rules just like if they were running their own machine. That way the user has full control over their fire wall settings.
    • Stealth firewall: This would allow filtering bridging traffic. Bridging is a feature that we are currently implementing.
    • Comprehensive set of APIs into ipfilter: We have several customer requests for this right already. The right thing to do here is to come up with a comprehensive set rather than doing a number of one-offs. Lots of customers and ISVs would greatly benefit from this.
    • ipf performance: We need to have a look at this one to see whether we can do further improvements in this department.
    • RPC proxy support
    • Improve usability, e.g. sample rule files

    Aside from that we really need to write a comprehensive white paper. All that's available right now on bigadmin is the following:


    Tuesday Sep 06, 2005

    Job opening - looking for talented engineers

    I am currently looking for a talented engineer to work on network virtualization technologies: Virtualization is becoming more and more important for the data center. This poses completely new challenges for Solaris networking. It is quite a paradigm shift to go from what happens in a real network into a virtual network that is hosted on a single machine. For more details please check out: Markus

    Wednesday Aug 03, 2005

    Ethernet Bridging

    Most recently my team has started to look into Ethernet Bridging. Michael Lim and Mike Ditto are currently working on a prototype. Ethernet Bridging would give people who need to change their network topology rapidly a lot of flexibility. It would allow them to add new machines into an existing network without having to reconfigure all of the routers. More to follow... Markus

    Sunday May 15, 2005

    Solaris Core Technologies - Networking

    My team is working on a number of cool networking technologies like IP Filter, IPv6 and DHCP. We are just finishing work on IPv6 support for IP Filter and we are now starting out with a new project called Whitney that will define packet filtering hooks in Solaris for both IP Filter as well as 3rd party fire wall and intrusion detection software. Whitney provide a number of advantages like: - Enabling IP Filter between zones - Minimize the performance hit of packet filtering - Provide cleaner interface for packet filtering Another very ambitious project is looking at creating a read-only root file system. This would allow Solaris to make inroads into the appliance market. It also offers a number of security advantages. We are currently trying to scope the project. Stay tuned for updates. Markus



    « April 2014