Monday Mar 10, 2008

Crossbow beta

The beta version of Crossbow has just been released! At the same time Crossbow is already running Reliant's Managed PCI System ("MPS") at a retailer with 750 stores. [Read More]

Thursday Nov 29, 2007

Solaris at Oracle Open World 2014

Another busy Oracle Open World week is over: For me this one was the busiest and most successful one ever. We had a record number of Solaris and OpenStack sessions. I've personally set a new record for the number of customer, analyst and partner meetings. In a lot of the sessions we had customers and partners co-present on the benefits they are seeing with the latest Solaris 11.2 features.

It all started on Sunday with Larry Ellison's Keynote where he highlighted Oracle's focus on Cloud and the large portfolio of cloud offerings that Oracle now provides. Larry also provided a preview of the new features that the M7 processor is going to introduce next year. Aside from doubling the cores and increasing the clock speed it will also introduce a bunch of cutting edge Software in Silicon features which not only provide significant performance and efficiency gains for the Oracle DB, but also introduces the Application Data Integrity (ADI) feature which allows developers to write more stable code C and C++ code and also protects the Oracle DB as well as other applications from attacks like Heartbleed. This new capability in particular raised a lot of interest among customers and I got a lot of questions throughout the week.

In my General Session I started out by highlighting how Solaris has evolved from a Server OS to a comprehensive cloud platform which includes the OS, the virtualization, the Software-Defined Networking (SDN) as well as a full distribution of OpenStack. The increased investment that Oracle is putting into Solaris has allowed us to drastically increase the pace of our development. With Solaris 11.2 we are seeing customers deploying Solaris at a large scale achieving productivity gains up to 16x compared to equivalent Redhat environments. Solaris 11.2 also helps customers keep their environment in compliance and allows them to automate their compliance reporting. See our Solaris site for more details. I also talked about the rapid market share gain that we are now seeing vs. IBM: In Q2 of fiscal 2014 SPARC/ Solaris gained 6.1% market share measured in WW revenue in the RISC/ UNIX market while AIX/Power lost 4.6%. This was the 4th quarter in a row where we gained market share. Not only is SPARC/Solaris winning over AIX/Power, we are increasingly seeing customers moving their workloads over from RHEL/ x86 environments.

One of those customers is Morgan Stanley: I was very excited that Robert Milkowski from Morgan Stanley could join me and talked about their increased use of Solaris. He described how moving their OpenAFS environment over from Redhat to Solaris has allowed them to compress their data from 7 PB down to 2PB with huge savings for the firm. By taking advantage of the compression in ZFS they are able to reach compression rates between 3 and 20 while achieving better reliability and availability. He also described how the simplified life cycle management in Solaris 11 has allowed them to automate most of their patching. They have moved some of their in-house software into IPS resulting in additional simplification of their application life cycle management. They are also expanding the use of Solaris into their Sybase and KDB environment.

Not only are we seeing a lot of momentum with customers, we are also seeing the Solaris ecosystem expanding: At the end of my session I was joined by Robert Jenkins, CEO of CloudSigma who announced the launch of their Solaris IaaS offering on both SPARC as well as x86. CloudSigma is seeing a lot of interest from customers in Solaris-based IaaS given the unique security as well as compliance capabilities that Solaris now offers. Leveraging the new kernel zones virtualization in Solaris 11.2 allows them to provide the highest levels of performance, security, compliance and availability.

A lot of the other Solaris and OpenStack sessions also had customers and partners presenting. For instance, Chris Riggin from Verizon talked about their private cloud offering and their plans for OpenStack. Chris also described how their use of Solaris zones allows them to provide highly available Solaris IaaS at a significantly lower cost than RHEL/ VMware/ x86.

We no longer look at it as just a mere OS, we now look at it as a comprehensive cloud platform: OS + OS Virtualization + SDN + Storage Virtualization plus Cloud Management tools, configuration, compliance reporting etc. all in one! It doesn't make sense to compare Solaris against RHEL, that's like comparing a spare part vs. a full solution. Solaris is the ideal platform for any kind of SaaS, PaaS (Oracle DB, Oracle Middleware, Oracle Java) as well as IaaS.

I also shared some examples of what we are currently focusing on:
1. Kernel Zones: There are a number of enhancements that are currently in the works, e.g. live migration.
2. Zero Downtime Patching: This is very critical for customers who want to minimize their planned downtime. I frequently hear from customers that they are struggling to find the time to apply critical security fixes while meeting their uptime targets. We are working on enabling them to satisfy both of these requirements at the same time.
3. OpenStack: Solaris 11.2 provides all of the infrastructure required for IaaS. Our current focus is on going upstack and providing DBaaS as well as PaaS capabilities. In addition to that we are also working on additional automation of the undercloud deployment incl. configuration and authentication.
4. Cloud Analytics: As customers are moving from a first generation cloud environment which still required a lot of manual intervention to a next generation cloud which includes Software Defined Networking and Storage, it becomes absolutely critical to have rich analytics capabilities that provide both high-level views of their environment, but also allow them to dig deep into each of their sub components if necessary. This is something that we are heavily investing in currently.

Not to mention the 100s of other projects that I haven't listed here.

Solaris is on a mission to kick butt! More to come...


Monday Oct 22, 2007

What's new in Solaris Networking

Current work in Solaris Networking[Read More]

Thursday May 17, 2007

Solaris 10U4 is IPv6 ready

S10U4 is now IPv6 certified.[Read More]

Monday Feb 19, 2007

CrossBow and Neptune

All the stars seem to be lining up: Sun's T1000 and T2000 Chip Multi Threaded machines, the Neptune 10Gb NICs and CrossBow Network Virtualization and Resource Control: With CrossBow, Solaris will take full advantage of the the new virtualization functionality that Neptune 10 Gb NIC offers like hardware classification, multiple Receive/Transmit rings and DMA channels. This means the networking stack in Solaris is fully aligned with the networking hardware.

Crossbow features include:

\*- Ability to create Virtual NIC (VNIC) which is built on top of dedicated resources like Rx/Tx rings, DMA channels, kernel queues and threads and CPUs. On systems like Niagara and other hardware, this allows multiple Solaris Containers or Virtual machines to share the available B/W and host networking resources based on policies or resource partitioning without any performance impact due to virtualization.

- Parallelizing the networking workload across multiple Niagara threads and cores using Neptune classifier to spread traffic to multiple Receive and transmit rings while maintaining affinity between Rx/Tx rings, Niagara threads, kernel threads and queues.

- Ability to separate out services and protocols and providing dedicated resources (like Neptune Rx/Tx rings, DMA channels, kernel threads and queues, and Niagara threads and cores) and dedicated bandwidth (both limits and guarantees) over a common NIC without any performance penalties. Provides Quality of service to services that need it.

CrossBow on OpenSolaris:

Crossbow is one of the leading projects on OpenSolaris and has a large community around it. The source code and binaries are available today via the OpenSolaris ( CrossBow will be available in Solaris by the end of this year.

Pretty cool stuff! And with the upcoming next generation of Niagara chips the NIC will even be included on the board itself. This will give us additional performance boost.

Monday Jan 22, 2007

IP Instances - Network Virtualization for Solaris Containers, aka. zones

The IP Instance project just integrated into the Solaris Nevada code base and is supposed to be available in a Solaris 10 update later this year. Donghai Han, Yukun Zhang, Zhijun Fu and Erik Nordmark worked really hard on the development side to make this happen, George Yao and Alex Peng did the same on the test development side. IP Instances provides Solaris customers the option of assigning seperate IP stacks to Containers thus providing much more flexibility. IP Instances addresses a long list of customer enhancement requests and takes networking in Solaris Containers to the next level: With IP Instances you get full separation of the networking stack between Containers. With project Crossbow we'll extend network virtualization into the device driver layer and provide a industry-leading network virtualization solution. Crossbow is still in the works, but a beta version is already available on OpenSolaris. We are planning on starting a formal beta program in the next couple of weeks.

Friday Jan 19, 2007

Looking for college hires and interns

Interested in working on cutting edge networking technology? Interested in defining the future of network virtualization? We are currently looking for top students who can help shape the future of next-generation networking infrastructure, both as full-time employees or interns. Interested? Just send me your resume at: -Markus

Monday Oct 23, 2006

Solaris is ready for IPv6

We just go the news from the UNH Interoperability lab, that we have passed the phase I IPv6 compliance tests with Solaris Nevada, see:

This means Solaris is leading in the IPv6 space. Given the convergence of the different types of communication traffic like data, Voice and streaming video onto IP I'd expect a much greater need for IPv6 in the next few years. Initially it looked like the government mandate for IPv6 was going to drive its deployment, but right now it looks like the telco space is going to lead that change.


Thursday Aug 10, 2006

Solaris for security ISVs and network appliances

With the recent and enhancements in the Solaris networking stack Solaris has become a very interesting player for ISVs and appliance vendors in the security appliance space.

First of all the fact that Solaris is open source and lets ISVs and appliance vendors link their proprietary modules with the OpenSolaris source code without distributing the source code of these proprietary modules or having to worry about legal concerns is a big plus over other OSes

Secondly, the recent and ongoing enhancements really put Solaris into the driver seat:

Solaris has made a huge step forward in the network performance space:
  • With FireEngine and Nemo the Solaris networking performance has gone up by some 50%
  • The arrival of the packet filtering APIs that Darren Reed is work on will be improving the firewall performance on Solaris by about 20% (This is the number we are getting with ipfilter)
  • Project Surya which is about to integrate into Solaris will greatly improve the forwarding performance

    There are a lot of new cool features in Solaris or coming out soon:
  • Ongoing virtualization of the stack through Stack Instances as well as CrossBow will provide a much better control over the networking stack
  • A prototype for Ethernet Bridging is already available through OpenSolaris. Pretty soon will be integrating a more advanced version based on the CrossBow virtual NIC concept
  • Quagga is providing very cool routing functionality

    You can expect a lot more really cool stuff out of the Solaris networking group in the near future! Let me know if you are interested in participating!
  • Wednesday May 31, 2006

    CrossBow prototype available

    NIC virtualization and network bandwidth control are becoming a reality: My team just finished a prototype of the CrossBow project which creates that capability.[Read More]

    Tuesday Jan 17, 2006

    New features for ipfilter

    After a few discussions within the development team, with our marketing folks and with several customers I came to the conclusion that these are the features that we have to add to ipfilter:
    • Enabling ipfilter within Solaris Containers: This will allow the user of a Solaris Container to set their own fire wall rules just like if they were running their own machine. That way the user has full control over their fire wall settings.
    • Stealth firewall: This would allow filtering bridging traffic. Bridging is a feature that we are currently implementing.
    • Comprehensive set of APIs into ipfilter: We have several customer requests for this right already. The right thing to do here is to come up with a comprehensive set rather than doing a number of one-offs. Lots of customers and ISVs would greatly benefit from this.
    • ipf performance: We need to have a look at this one to see whether we can do further improvements in this department.
    • RPC proxy support
    • Improve usability, e.g. sample rule files

    Aside from that we really need to write a comprehensive white paper. All that's available right now on bigadmin is the following:


    Tuesday Sep 06, 2005

    Job opening - looking for talented engineers

    I am currently looking for a talented engineer to work on network virtualization technologies: Virtualization is becoming more and more important for the data center. This poses completely new challenges for Solaris networking. It is quite a paradigm shift to go from what happens in a real network into a virtual network that is hosted on a single machine. For more details please check out: Markus

    Wednesday Aug 03, 2005

    Ethernet Bridging

    Most recently my team has started to look into Ethernet Bridging. Michael Lim and Mike Ditto are currently working on a prototype. Ethernet Bridging would give people who need to change their network topology rapidly a lot of flexibility. It would allow them to add new machines into an existing network without having to reconfigure all of the routers. More to follow... Markus

    Sunday May 15, 2005

    Solaris Core Technologies - Networking

    My team is working on a number of cool networking technologies like IP Filter, IPv6 and DHCP. We are just finishing work on IPv6 support for IP Filter and we are now starting out with a new project called Whitney that will define packet filtering hooks in Solaris for both IP Filter as well as 3rd party fire wall and intrusion detection software. Whitney provide a number of advantages like: - Enabling IP Filter between zones - Minimize the performance hit of packet filtering - Provide cleaner interface for packet filtering Another very ambitious project is looking at creating a read-only root file system. This would allow Solaris to make inroads into the appliance market. It also offers a number of security advantages. We are currently trying to scope the project. Stay tuned for updates. Markus



    « July 2016