All Bow To OpenSolaris Crossbow


Published on

My presentation at the H4ck3rz Due conference, it was sponsored by EGOSUG

  • Be the first to comment

All Bow To OpenSolaris Crossbow

  1. 1. All bow to OpenSolaris CrossBow Abd4llA EGOSUG
  2. 2. Overview • Crossbow (The Name) • The Past • The Future is Present • Past is Full of Problems • CrossBow Architecture • Demo
  3. 3. CrossBow (The Name) • Crossbow was invented in 314 B.C in China • They prevailed in middle ages when steel was used in them • Crossbows are easier to learn and more effective than normal bows • QoS mechanisms are the same as normal bows, requires long time to master.
  4. 4. The Past • Without QoS, life can turn into hell • QoS mechanisms are – Complex – Come with a performance penalty • The interrupt based delivery mechanism for inbound packets and the QoS are implemented by a separate layer • Packets are already delivered to the host memory by means of interrupts before QoS takes place
  5. 5. The Future is Present • Crossbow Crossbow completes Network Virtualization – Network Virtualization – Resource Control – Live Monitoring • Networking Virtualization is essential in today's Virtual World
  6. 6. The Future is Present • You can split physical NICs into multiple VNICs • A VNIC: a virtual network device with the same data-link interface as a physical interface. • VNICs can have their own resources “DMA channel, MAC, kernel threads and queues” • Each VNIC is implicitly connected to a virtual switch that corresponds to the physical interface. • Virtual Machines on the same host can communicate through Virtual Switches
  7. 7. Past is Full of Problems • Interrupt driven packet delivery model precludes any kind of policy enforcement and fair sharing. • Most of the time, the processing of a critical packet is interrupted to deal with the arrival of a non critical packet. • The cost of dropping unwanted packets is too high • Common queues and common threads make enforcing policies based on traffic type very difficult. • Pseudo NICs has no way of knowing about the hardware capabilities of the real hardware
  8. 8. Crossbow's Architecture • Integrates network virtualization and resource control as part of the stack architecture. • Pushes the classification of packets based on services, protocols or virtual machines as far below as possible. – Rx/Tx Rings -> CPU -> Squeue • Rx/Tx ring, its DMA channel, MSI-X interrupt, the Squeue, the CPU, and processing threads are unique for the service, protocol or virtual machine • It can be assigned a VNIC in case of Virtual Machines
  9. 9. Crossbow's Architecture • If classification has already been done by the NIC to a particular Rx ring the entire data link layer is bypassed unless in promiscuous • In case, the NIC hardware does not have classification capability, soft rings are used in Data-link layer “Pseudo Hardware Layer” • The entire layered architecture is built on function pointers known us 'upcall_func' and 'downcall_func'
  10. 10. Demo Our demo has a vmachine on which we wanna create a vnic for it, and put alimit on the total nic ssh traffic
  11. 11. Demo • Create the vnic: root@A0059:~# dladm create-vnic -l e1000g0 f11-vnic1 • Assign the vnic to your vmachine • Add the flow: root@A0059:~# flowadm add-flow -l e1000g0 -a transport=TCP,local_port=22 ssh-policy • Set maximum bandwidth: root@A0059:~# flowadm set-flowprop -p maxbw=50M ssh-policy
  12. 12. Thank you Join Us EGOSUG Ahmed Abdalla