First Cut: Crossbow LKSF

c0t0d0s0.org

Quicksearch

Disclaimer

The individual owning this blog works for Oracle in Germany. The opinions expressed here are his own, are not necessarily reviewed in advance by anyone but the individual author, and neither Oracle nor any other party necessarily agrees with them.

Navigation
< Wie berichtet man von Katastrophen? | 2005 >

First Cut: Crossbow LKSF

Saturday, January 1. 2005

At the moment ZFS, DTrace or Zones are the poster box features of Solaris. But there will be a fourth feature soon. Since Build 105 itīs integrated (many people will already know which feature i want to describe in this artcle) into Solaris. This feature has the project name Crossbow. Itīs the new TCP/IP stack of Opensolaris and was developed with virtualisation in mind from ground up.

Concepts of Crossbow




The Virtualisation part


This part is heavily inspired by this blog entry of Ben Rockwood, but he ommited some parts in the course of his article, so i extended it a little bit.

Itīs really easy to create etherstubs and virtual nics.



At first we create two virtual switches. They are called etherstub0 and etherstub1
# dladm create-etherstub etherstub0
# dladm create-etherstub etherstub1

Okay, now we create virtual nics that are bound to the virtual switch etherstub0. These virtual nics are called vnic1 and vnic0.
# dladm create-vnic -l etherstub0 vnic1
# dladm create-vnic -l etherstub0 vnic2

Now we do the same with our second virtual switch:
# dladm create-vnic -l etherstub1 vnic3
# dladm create-vnic -l etherstub1 vnic4


# dladm showlink
LINK CLASS MTU STATE OVER
ni0 phys 1500 unknown --
etherstub0 etherstub 9000 unknown --
etherstub1 etherstub 9000 unknown --
vnic1 vnic 9000 up etherstub0
vnic2 vnic 9000 up etherstub0
vnic3 vnic 9000 up etherstub1
vnic4 vnic 9000 up etherstub1
vnic0 vnic 1500 up ni0


Yes, thatīs all ... but what can we do with it? For example simulating a complete network in your system. Letīs create a network with two networks, a router with a firewall and nat and a server in each of the network. Obviously we will use zones for this.

Prerequisites


A template zone


At first we create a template zone. This zone is just used for speeding up the creation of other zones. To enable zone creation based on ZFS snapshots, we have to create a filesystem for our zones and mount it at a nice position in your filesystem:
# zfs create rpool/zones
# zfs set compression=on rpool/zones
# zfs set mountpoint=/zones rpool/zones

Now we prepare a command file for the zone creation. The pretty much the standard for a sparse root zone. We donīt configure any network interfaces, as we never boot or use this zone. Itīs just a template as the name alreay states.
create -b
set zonepath=/zones/template
set ip-type=exclusive
set autoboot=false
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add inherit-pkg-dir
set dir=/opt
end
commit
Now we create the zone.
# zonecfg -z template -f template
# zoneadm -z template install
A ZFS file system has been created for this zone.
Preparing to install zone .
Creating list of files to copy from the global zone.
Copying <3488> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1507> packages on the zone.
Initialized <1507> packages on zone.
Zone is initialized.
The file contains a log of the zone installation.
#
We will not boot it as we donīt need it for our testbed.

site.xml


While waiting for the zone installation to end we can create a few other files. At first you should create a file called site.xml. This files controls which services are online after the first boot. You can think of it like an sysidcfg for the Service Management Framework. The file is rather long, so i wonīt post it in the article directly. You can download my version of this file here.

Zone configurations for the testbed


At first we have to create the zone configurations. The files are very similar. The differences are in the zonepath and in the network configuration. The zone servera is located in /zones/servera and uses the network interface vnic2
create -b
set zonepath=/zones/serverA
set ip-type=exclusive
set autoboot=false
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add inherit-pkg-dir
set dir=/opt
end
add net
set physical=vnic2
end
commit

The zone serverb uses the directory /zones/serverb and is configured to bind to the interface vnic4
create -b
set zonepath=/zones/serverB
set ip-type=exclusive
set autoboot=false
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add inherit-pkg-dir
set dir=/opt
end
add net
set physical=vnic4
end
commit


The configuration of the router zone is a little bit longer as we need more network interfaces:
create -b
set zonepath=/zones/router
set ip-type=exclusive
set autoboot=false
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add inherit-pkg-dir
set dir=/opt
end
add net
set physical=vnic5
end
add net
set physical=vnic1
end
add net
set physical=vnic3
end
commit

sysidcfg files


To speed up installation we create some sysidconfig files for our zones. Without this files, the installation would "go interactive" and you would have to use menus to provide the configuration informations. When you copy place such a file at /etc/sysidcfg the system will be initialized with the information provided in the file.

I will start with the sysidcfg file of router zone:
system_locale=C
terminal=vt100
name_service=none
network_interface=vnic5 {primary hostname=router1 ip_address=10.211.55.10 netmask=255.255.255.0 protocol_ipv6=no default_route=10.211.55.1}
network_interface=vnic1 {hostname=router1-a ip_address=10.211.100.10 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
network_interface=vnic3 {hostname=router1-b ip_address=10.211.101.10 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
nfs4_domain=dynamic
root_password=cmuL.HSJtwJ.I
security_policy=none
timeserver=localhost
timezone=US/Central

After this, we create a second sysidconfig file for our first server zone. I store the following content into a file called servera_sysidcfg:
system_locale=C
terminal=vt100
name_service=none
network_interface=vnic2 {primary hostname=server1 ip_address=10.211.100.11 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
nfs4_domain=dynamic
root_password=cmuL.HSJtwJ.I
security_policy=none
timeserver=localhost
timezone=US/Central

When you look closely at the network_interface line you will see, that i didnīt specified a default route. Please keep this in mind.

In a last step i create serverb_sysidcfg. Itīs the config file for our second server zone
system_locale=C
terminal=vt100
name_service=none
network_interface=vnic4 {primary hostname=server2 ip_address=10.211.101.11 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
nfs4_domain=dynamic
root_password=cmuL.HSJtwJ.I
security_policy=none
timeserver=localhost
timezone=US/Central


Firing up the zones


After creating all this configuration files, we use them to create some zones. The procedure is similar for all zone. At first we do the configuration. After this we clone the template zone. As we located the template zone in a ZFS filesystem, the cloning takes just a second. Before we boot the zone, we place our configuration files we prepared while waiting for the installation of the template zone.

# zonecfg -z router -f router
# zoneadm -z router clone template
Cloning snapshot rpool/zones/template@SUNWzone3
Instead of copying, a ZFS clone has been created for this zone.
# cp router_sysidcfg /zones/router/root/etc/sysidcfg
# cp site.xml /zones/router/root/var/svc/profile
# zoneadm -z router boot

We repeat the steps for servera.
# zonecfg -z servera -f serverA
# zoneadm -z servera clone template
Cloning snapshot rpool/zones/template@SUNWzone3
Instead of copying, a ZFS clone has been created for this zone.
# cp serverA_sysidcfg /zones/serverA/root/etc/sysidcfg
# cp site.xml /zones/serverA/root/var/svc/profile
# zoneadm -z servera boot

At last we repeat it for our zone serverb:
# zonecfg -z serverb -f serverB
# zoneadm -z serverb clone template
Cloning snapshot rpool/zones/template@SUNWzone3
Instead of copying, a ZFS clone has been created for this zone.
# cp serverb_sysidcfg /zones/serverB/root/etc/sysidcfg
# cp site.xml /zones/serverB/root/var/svc/profile
# zoneadm -z serverb boot

After completing the last step, we display the existing zones. 
# zoneadm list -v
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              native   shared
  13 router           running    /zones/router                  native   excl  
  15 servera          running    /zones/serverA                 native   excl  
  19 serverb          running    /zones/serverB                 native   excl

All zones are up and running.

Playing around with our simulated network



# ifconfig vnic2 plumb
vnic2 is used by non-globalzone: servera


Before we can play with our mini network, we have to activate forwarding and routing on our new router. Since Solaris 10 this is really easy. There is a command for it:
# routeadm -e ipv4-forwarding
# routeadm -e ipv4-routing
# routeadm -u
# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing enabled enabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled

Routing services "route:default ripng:default"

Routing daemons:

STATE FMRI
disabled svc:/network/routing/zebra:quagga
disabled svc:/network/routing/rip:quagga
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/ripng:quagga
disabled svc:/network/routing/ospf:quagga
disabled svc:/network/routing/ospf6:quagga
disabled svc:/network/routing/bgp:quagga
disabled svc:/network/routing/isis:quagga
disabled svc:/network/routing/rdisc:default
online svc:/network/routing/route:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
online svc:/network/routing/ndp:default


Now letīs look into the routing table of one of our server:
# netstat -nr

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.211.100.10 UG 1 0 vnic2
10.211.100.0 10.211.100.11 U 1 0 vnic2
127.0.0.1 127.0.0.1 UH 1 49 lo0

Do you remember, that iīve asked you to keep in mind, that we didnīt specified a default route in the sysidcfg? But why have we such an defaultrouter. There is some automagic in the initial boot routine. When a system with a single interfaces comes up without an defaultroute specified in /etc/defaultrouter or without being a dhcp client it automatically starts up the router discovery protocol as specified by RPC 1256. By using this protocol the hosts adds all available routers in the subnet as a defaultrouter.

The rdisc protocol is implemented by the in.routed daemon. It implements two different protocols. The first one is the already mentioned rdisc protocol. But it implements the RIP protocol as well. The RIP protocol part is automagically activated when a system has more than one network interface.

# ping 10.211.100.11
10.211.100.11 is alive
# traceroute 10.211.100.11
traceroute to 10.211.100.11 (10.211.100.11), 30 hops max, 40 byte packets
1 10.211.101.10 (10.211.101.10) 0.285 ms 0.266 ms 0.204 ms
2 10.211.100.11 (10.211.100.11) 0.307 ms 0.303 ms 0.294 ms
#

Building a more complex network



Letīs extend our example a little bit...

# dladm create-etherstub etherstub10
# dladm create-vnic -l etherstub1 routerb1
# dladm create-vnic -l etherstub10 routerb10
# dladm create-vnic -l etherstub10 serverc1
# dladm create-vnic -l etherstub1 routerc1
# dladm create-vnic -l etherstub10 routerc2

As you see, you are not bound to a certain numbering scheme. You can call a vnic as you want, as long itīs beginning with letters and ending with numbers.

create -b
set zonepath=/zones/routerB
set ip-type=exclusive
set autoboot=false
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add inherit-pkg-dir
set dir=/opt
end
add net
set physical=routerb1
end
add net
set physical=routerb10
end
commit


We donīt have to configure any default router in this sysidcfg. The system boots up with a router and will get itīs routing tables from the RIP protocol.
system_locale=C
terminal=vt100
name_service=none
network_interface=routerb1 {primary hostname=routerb ip_address=10.211.101.254 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
network_interface=routerb10 {hostname=routerb-a ip_address=10.211.102.10 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
nfs4_domain=dynamic
root_password=cmuL.HSJtwJ.I
security_policy=none
timeserver=localhost
timezone=US/Central

Okay, we can fire up the zone.
# zonecfg -z routerb -f routerb
# zoneadm -z routerb clone template
Cloning snapshot rpool/zones/template@SUNWzone4
Instead of copying, a ZFS clone has been created for this zone.
# cp routerb_sysidcfg /zones/routerb/root/etc/sysidcfg
# cp site.xml /zones/routerB/root/var/svc/profile/
# zoneadm -z routerb boot

Okay, the next zone is the routerc zone. We bind it to the matching vnics in the zone configuration.
create -b
set zonepath=/zones/routerc
set ip-type=exclusive
set autoboot=false
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add inherit-pkg-dir
set dir=/opt
end
add net
set physical=routerc1
end
add net
set physical=routerc2
end
commit

The same rules as for the routerb apply to the routerc. We will rely on the routing protocols to provide a defaultroute, so we can just insert NONE into the sysidcfg
# cat routerc_sysidcfg
system_locale=C
terminal=vt100
name_service=none
network_interface=routerc1 {primary hostname=routerb ip_address=10.211.102.254 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
network_interface=routerc2 {hostname=routerb-a ip_address=10.211.100.254 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
nfs4_domain=dynamic
root_password=cmuL.HSJtwJ.I
security_policy=none
timeserver=localhost
timezone=US/Central

Okay, i assume you already know the following steps. Itīs just the same just with other files.
# zonecfg -z routerc -f routerC
# zoneadm -z routerc clone template
Cloning snapshot rpool/zones/template@SUNWzone4
Instead of copying, a ZFS clone has been created for this zone.
# cp routerb_sysidcfg /zones/routerC/root/etc/sysidcfg
# cp site.xml /zones/routerC/root/var/svc/profile/
# zoneadm -z routerc boot

Okay, this is the zone configuration in my tutorial. Itīs the zone for serverc
# cat serverC
create -b
set zonepath=/zones/serverC
set ip-type=exclusive
set autoboot=false
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add inherit-pkg-dir
set dir=/opt
end
add net
set physical=serverc1
end
commit

Again ... no defaultroute ... as this is a single-interface system we leave it to the ICMP Router Discovery Protocol to find the routers.
system_locale=C
terminal=vt100
name_service=none
network_interface=serverc1 {primary hostname=server2 ip_address=10.211.102.11 netmask=255.255.255.0 protocol_ipv6=no default_route=NONE}
nfs4_domain=dynamic
root_password=cmuL.HSJtwJ.I
security_policy=none
timeserver=localhost
timezone=US/Central

Well ... itīs zone startup time again ...
# zonecfg -z serverc -f routerC
# zoneadm -z serverc clone template
Cloning snapshot rpool/zones/template@SUNWzone4
Instead of copying, a ZFS clone has been created for this zone.
# cp serverc_sysidcfg /zones/serverC/root/etc/sysidcfg
# cp site.xml /zones/serverC/root/var/svc/profile/
# zoneadm -z serverC boot


Obviously we have to login into the both routing zones and activating forwarding and routing. At first on routerb:
# routeadm -e ipv4-forwarding
# routeadm -e ipv4-routing
# routeadm -u
Afterwards on routerc. The command sequence is identical.
# routeadm -e ipv4-forwarding
# routeadm -e ipv4-routing
# routeadm -u



Now lets login into the console of our server:
servera# netstat -nr

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              10.211.100.10        UG        1          0 vnic2     
default              10.211.100.254       UG        1          0 vnic2     
10.211.100.0         10.211.100.11        U         1          0 vnic2     
127.0.0.1            127.0.0.1            UH        1         49 lo0

As you see, there are two default routers in the routing table. The host receives router advertisments from two routers, thus it adds both into the routing table.

Now letīs have a closer at the routing table of the routerb system.
routerb# netstat -nr 

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              10.211.101.10        UG        1          0 routerb1  
10.211.100.0         10.211.102.254       UG        1          0 routerb10 
10.211.101.0         10.211.101.254       U         1          0 routerb1  
10.211.102.0         10.211.102.10        U         1          0 routerb10 
127.0.0.1            127.0.0.1            UH        1         23 lo0
This system has more than one devices. Thus the in.routed starts up as a RIP capable routing daemon. After a short moment the in.routed has learned enough about the network and adds itīs routing table to the kernel.



The Flow part




Conclusion

Posted by Joerg Moellenkamp in English, General at 00:01 | Comments (0) | Trackbacks (0)
Defined tags for this entry:
Related entries by tags:
View as PDF: This entry | This month | Full blog
Bookmark First Cut: Crossbow LKSF at del.icio.us Digg First Cut: Crossbow LKSF Bloglines First Cut: Crossbow LKSF Technorati First Cut: Crossbow LKSF Fark this: First Cut: Crossbow LKSF Bookmark First Cut: Crossbow LKSF at YahooMyWeb Bookmark First Cut: Crossbow LKSF at Furl.net Bookmark First Cut: Crossbow LKSF at reddit.com Bookmark First Cut: Crossbow LKSF at blinklist.com Bookmark First Cut: Crossbow LKSF at Spurl.net Bookmark First Cut: Crossbow LKSF at NewsVine Bookmark First Cut: Crossbow LKSF at Simpy.com Bookmark First Cut: Crossbow LKSF at blogmarks Bookmark First Cut: Crossbow LKSF with wists wong it! Stumble It! Yigg It!

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Standard emoticons like :-) and ;-) are converted to images.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
 
 
View as PDF: This entry | This month | Full blog

Competition entry by David Cummins powered by Serendipity v1.0

+1

Facebook

Books

Recommended Sun and Solaris Books

The LKSF book

The book with the consolidated Less known Solaris Tutorials is available for download here

Web 2.0

Contact
  • mail: joerg@c0t0d0s0.org
  • icq: 144000169
Identy@Web

Networking
xing.com
LinkedIn
Facebook
My photos

Comments

Alan Hargreaves about Nanosecond
Wed, 23.05.2012 00:11
I remember this being drummed into us during Digital Design at Uni. It's important to cons ider it when laying out [...]
greg schulz about IOPS, capacity, bandwidth - and something new to explain to the people in purchasing
Mon, 21.05.2012 18:04
Hello Kevin, Im not surprised with what you are seeing or ha ve seen when attaching a SSD t o a USB2.0. USB3.0 helps [...]
Kevin Allan about IOPS, capacity, bandwidth - and something new to explain to the people in purchasing
Mon, 21.05.2012 04:44
Hi Greg, With regards to IO PS I have seen terrible result s using a 60GB SATA2 SSD with USB2.0 - USB2 really cho [...]
Joerg M. about ZFS Dedup Internals
Sat, 19.05.2012 09:50
There is no impact to boot/imp ort times, as the DDT is loade d as needed ... so the pool is imported as fast as wit [...]

Buttons

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Germany License
bibueblo logo

Get Firefox!



Blog Administration

Open login screen