[OpenIndiana-discuss] [discuss] Is it possible to do shared networking for LZ different from IP stack in GZ?

Mon Jun 11 18:15:00 UTC 2012

2012-06-11 18:19, Dan McDonald wrote:
2012-06-11 18:47, Sebastien Roy wrote:

DAN> The fundamental question is always:  What problem are you really 
trying to solve?

And as always (or often), it is a valid question.
Technically, there is no immediate problem that I'd solve only
this way, or, likely, that can't be solved by etherstubs and
exclusive VNICs. While writing the Wikidoc I seemingly found a
blind spot not catered for, and wanted to confirm the finding :)

Nevertheless, if someone were to take upon this task, benefits
could be found (I'm not pushing anyone to do it - I don't really
have a usecase so far)...

DAN> Are you trying to increase performance of inter-zone, but 
intra-machine, communication?

Yes, this might be a worthy goal.

SEB> shared-IP zones do indeed have better inter-zone networking
 > performance  (due to IP loopback and tcp-fusion).
 > Exclusive-IP inter-zone performance could be improved, though,
 > if it were made to take advantage of similar fast-paths.

Are you sure? I think its relative slowness was due to isolation
and, for example, different firewalling and requirement of an
external router (including a routing local zone) to connect two
IP subnets - in shared stack two zones from different subnets
can still communicate through the kernel (within the IP stack).

I don't think there is much fast-pathing to shave off, while
still keeping reached the goals of isolation. But the devs
would know better ;)

DAN> Again... what problem are you really trying to solve?
 >  Your theoretical construct of breaking stack instances apart
 >  from zones (or allowing multiple zones on a given stack instance)
>  is interesting theoretically, but I'm not grasping what problem
 >  you're trying to solve.

When you get a hammer, everything would look like a nail ;)

I can try to invent some usecases or "customer stories", but
I have little doubt that if this feature gets imlemented,
people will find problems which are otherwise difficult
or clumsy or under-performant to solve with current methods.

Also, if this is a success, it may be a differentiator from
Oracle Solaris ;)

>>   This is not an RFE per se, but rather food for thought and
>> discussion - did anyone ponder about this? Are there reasons
>> not to do it?
>
DAN> The sheer complexity of implementing, and worse, testing, such
 > a generalization makes it difficult to recommend attempting it, IMHO.

Why? After they made CrossBow and zones and stuff, and actually
made the concept of several IP stacks? Letting several zones
use one common stack now would be, I think, a nearly bite-size
problem in comparison to what has already been achieved.
To me (though a non-developer), it seems like most of the
building blocks are already there.

Basically, if this feature is completed, then the difference
between shared and exclusive stacks would become ephemeral -
with one or more zones using a certain IP stack, and either
dedicated (V)NICs with configs provisioned by the zone, or
aliases of one or more (V)NIC provisioned by zoneadm/zonecfg.
While the GZ would still have the authority to configure the
networking configs of such shared stacks, it would not
necessarily use (be attached to and routed by) one of them
itself.

SEB> It's not possible today, as there is quite a bit of code
 > in the kernel that assumes and enforces the assumptions that
 > the global zone stack is the stack that is shared by shared-IP
 > zones, and that only global zone processes have the ability to
 > manipulate configuration for that stack.

Is it very difficult to find to rewrite that code to use and
reference the ip_stack[0] instead? ;)

But, anyway, thanks to both of you for the discussion.
Everyone is still welcome to chime in ;)
//Jim Klimov