Clearview IP Tunneling in OpenSolaris

I integrated Clearview IP Tunneling (the final component of the Clearview project) into the ON consolidation this week.  It will be included in OpenSolaris build 125 which will make its way to the dev repository in due time.  Thanks to all who participated including the Clearview project team (past and present), and members of various OpenSolaris communities who contributed by doing design and code reviews.  This brings a close to a project that Meem and I conceived years ago while doodling network interface requirements on his whiteboard.  We've now delivered every component that we initially identified as the solutions to meet our requirements.  That's something to be proud of.

With this integration, IP tunnel links can be created using dladm, be given meaningful names using link vanity naming, observed using traditional network observability tools such as snoop and wireshark, assigned to exclusive stack non-global zones, and created from within non-global zones.

This integration also enables the use of dladm in general from within exclusive stack non-global zones.  Aside from the IP tunnel subcommands which are supported from such zones, all of the show-\* subcommands now work in such zones, allowing administrators to view datalink configuration pertinent to the zone.  This is a first step towards gradually expanding the set of datalink features available in zones.

Enjoy, and feel free to communicate with us regarding this project at clearview-discuss@opensolaris.org.

Comments:

when for a (working) openvpn+TAP integration in the IPS base? =)

Posted by sickness on September 26, 2009 at 01:53 AM EDT #

With Clearview, will it finally be possible to do both AH and ESP over NAT?

Posted by UX-admin on September 27, 2009 at 02:22 PM EDT #

sickness, I don't know if anyone is working on OpenVPN, but now that there is not a "tun" STREAMS module in the source base, there will no longer be a conflict between it and the "tun" module that comes with tun/tap.

UX-admin, AH cannot possibly work with NAT by definition, and it never will on any platform. It includes the outer IP header in its hash computation, and NATs rewrite IP addresses in that header rendering the hash invalid. The protocols are outright incompatible.

Posted by Sebastien Roy on September 28, 2009 at 12:27 PM EDT #

Post a Comment:
Comments are closed for this entry.
About

user12618912

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
News
Blogroll

No bookmarks in folder