介绍 crossbow，好东东

sisi8408

from www.opensolaris.org/os/project/crossbow

Crossbow provides the building blocks for network virtualization and resource control by virtualizing the stack and NIC around any service (HTTP, HTTPS, FTP, NFS, etc.), protocol or Virtual machine.

Each virtual stack can be assigned its own priority and bandwidth on a shared NIC without causing any performance degradation. The architecture dynamically manages priority and bandwidth resources, and can provide better defense against denial-of-service attacks directed at a particular service or virtual machine by isolating the impact just to that entity. The virtual stacks are separated by means of H/W classification engine such that traffic for one stack does not impact other virtual stacks.

Project Crossbow is next step in the evolution of Solaris networking stack and brings bandwidth resource control and virtualization as part of the architecture itself instead of the usual add-on layers which have heavy overheads and complexity.

Each virtual stack can be assigned its own priority and bandwidth on a shared NIC without causing any performance degradation. The architecture dynamically manages priority and bandwidth resources,

virtual stack, 可以对应bonding in linux
priority and bandwidth, management of resource 这是cfq io scheduler的强项

and can provide better defense against denial-of-service attacks directed at a particular service or virtual machine by isolating the impact just to that entity.

DOS还可以这样玩，很象skipjack需要的分流，这个不难

The virtual stacks are separated by means of H/W classification engine such that traffic for one stack does not impact other virtual stacks.

这个不好处理

[ 本帖最后由 sisi8408 于 2007-8-14 20:52 编辑 ]

sisi8408

Virtual NICs

A single physical NIC can be carved up into multiple VNICs, which can be assigned to different zones or Xen instances running on the same system. VNICs are managed using the dladm(1M) command line utility which was introduced by the Nemo project. The NIC hardware classifier steers inbound traffic to the hardware receive rings that are associated with the VNICs.

please show ur comment, nice CUer

sisi8408

Flow Management

Crossbow creates the concept of a flow, which comprises a class of traffic and a handling policy (bandwidth limit, priority, etc.) A flow, for example, can correspond to a particular protocol, service, or virtual machine. The squeues that were introduced in Solaris 10 as part of FireEngine are extended to control the resources used by flows. This is done by replacing the interrupt-driven packet processing by a polling mechanism where the squeue fetches packets from the hardware.

welcome ur comment, CUer

sisi8408

Hardware Support for Flow Processing

Modern NIC hardware provides capabilities that allow network traffic to be classified according to packet contents such as IP addresses, MAC addresses, upper layer protocols port numbers, etc. This classification allows us to steer incoming network traffic to different hardware receive rings (aka DMA channels, FIFOs). These receive rings are then associated with flows, which correspond to services or virtual machines, and are controlled by squeues.

welcome ur comment, CUer

platinum

原帖由 sisi8408 于 2007-8-14 20:50 发表
能否就在白金的地盘上直接贴代码，implementing crossbow in linux,

老大，实在是惭愧啊，这个版主当得太不称职了，虽然你们讨论的东西我每贴都看，但都看不懂

sisi8408

Modern NIC hardware provides capabilities that allow network traffic to be classified according to packet contents such as IP addresses, MAC addresses, upper layer protocols port numbers, etc.

已经模的四层了，够Modern。
classifying，在linux有大名鼎鼎的CBQ。

This classification allows us to steer incoming network traffic to different hardware receive rings (aka DMA channels, FIFOs).

Intel给linux提供了client DMA，但须专用硬件，似乎linuxer的评价一般。
FIFO，在linux很常见。

These receive rings are then associated with flows,

linux 的 flow，大名鼎鼎，见rtable和IPsec。

which correspond to services or virtual machines,

如果services可以socket见，flow就好理解了。

and are controlled by squeues.

squeue，怎么就像CBQ on ingressQ?
如果traffic control(pid, gid, priority, socket.....) + cfq
不就是CBQ？
但ingressQ本身就是个空壳，把CBQ装进去，
clisifying,ring,fifo,flow基本都有了，
为何就空着？