Networking

Project Crossbow

Project Crossbow is the centerpiece of Sun's most significant software networking technology contribution in this decade. Integrated into OpenSolaris 2009.06, Project Crossbow enables benefits around flexibility, management, and performance that can be realized in any data center environment from complex server virtualizations to dedicated purpose systems, from high end systems to single CPU industry standard computers. Deployers don't have to redesign their networking infrastructure or start from scratch- OpenSolaris enables putting an enterprise's applications or virtual guest systems in an environment to maximize the value from server virtualization, ensure applications can receive the resources they need to meet service level agreements, and provide a performance boost- particularly for those systems that are hitting a wall dealing with high volume, high bandwidth traffic.

OpenSolaris 2009.06 with Project Crossbow offers an impressive list of tangible benefits

Network Virtualization enhances opportunities for server consolidation
Other operating systems support server consolidation. OpenSolaris 2009.06 delivers network virtualization enabling server consolidation projects involving entire network topologies at vastly superior economics when compared to building out physical networks. Using the basic Virtual Wire building blocks of Virtual Network Interface Controllers (VNICs), virtual switches and interconnects, Virtual LANs (VLANs), and OpenSolaris open source routing and firewall features, allows consolidating an entire distributed application environment onto a single system for prototyping, testing and deployment purposes.

Resource Management enables applications that run as expected under all system loads
Networking vendors place the emphasis on network management capabilities. OpenSolaris up levels this to the real issue of importance- ensuring that an application can run in an environment to meet service level contracts. OpenSolaris network resource management allows organizations to meet quality of service goals for networking. These management capabilities allow setting bandwidth limits for physical and virtual interfaces as well setting traffic priorities and CPU resource limits for servicing those interfaces. But more important is controlling the application execution environment to enable application service level agreements. In conjunction with CPU and memory resource management facilities in OpenSolaris, it is possible to create environments where critical applications can be assigned resources, no matter what load the system is experiencing. OpenSolaris gives administrators the system resource management capabilities no other general purpose operating system can match.

Better throughput
OpenSolaris 2009.06 improves system networking performance. The best perfomance gains typically come with the latest generation intelligent Network Interface Controllers (NICs) with packet filtering and multiple ring buffers that Crossbow can manage. Even deploying OpenSolaris on older system can still pay benefits as the Crossbow architecture fully accomodates older interfaces as well. See the performance section for details.

OpenSolaris 2009.06 enhances secure deployment scenarios
OpenSolaris 2009.06 enables creating secure application environment. Virtual NICs are an inherently more secure operating system architecture component because they are built on a framework of full network stack isolation. The newest intelligent network interfaces can be programmed by OpenSolaris to provide traffic flow classification by the network interface hardware. A packet classified by the hardware will be placed in it's own private 'lane' to the application. Furthermore, common to virtualized environments from Sun is the capability to manage the Virtual NICs in a separate administrative domain. For example for Solaris Containers, network interface properties like bandwidth, traffic priorities and CPU resources can be handed down to the Container environment and be unalterable inside that environment. In addition, Virtual LANs allow creating end to end isolated communication lanes from application to service through switches and routers that support the VLAN construct. These capabilities allow creating execution environments that, even if compromised by a security breach, can limit the exposure to the breach. Continuing with the Solaris Container example, even having administrator access to the Container does not automatically enable snooping network traffic, routing packets out of the VLAN, using more resources than have been assigned to the network interfaces and so forth.

To learn more about secure deployments, and the networking aspects of those deployments, see the Immutable Service Containers web site.

Observability into virtual and physical network interfaces
OpenSolaris administration tools provide the capabilities for virtual network observation using the same tools available for observing physical networking interfaces. Monitoring capabilites are available to make resource management policy decisions. Before setting bandwidth policies, it is possible to observe VNIC bandwidth usage to understand trends. It is also possible to study historical data saved by the OpenSolaris kernel for post-event analysis.

Summary
OpenSolaris 2009.06 with Project Crossbow brings all the advantages of the benefits mentioned above to the broadest range of systems in the industry. OpenSolaris is the only operating system seen on high end multi-hundred core systems to the most competitively priced industry standard servers. It is the only operating system to fully rearchitect the network stack to realize the benefits of virtualization and resource management. It is the leading candidate operating system for the next generation network application.

Links

Download
Get OpenSolaris 2009.06

Videos
Open Networking with Crossbow (55 min) session talk at CommunityOne West.

Whitepapers
How-To Set Up a Virtual Network Environment with Solaris Containers
Project Crossbow Network Virtualization and Resource Management

Technical Conference Papers
Crossbow Wins Best Paper at Lisa '09
A paper on Project Crossbow that brought network virtualization and network resource management to OpenSolaris 2009.06 won best paper at LISA (Large Installation System Administration) 2009 conference in early November.
Read the paper
View the slides
LISA members can also view the video. See the conference web page.

Crossbow: From Hardware Virtualized NICs to Virtualized Networks
Crossbow: A Vertically Integrated QoS Stack

Documentation
Product documentation

Blogs from Crossbow Architects
sunay
droux
Many of the Crossbow developers blog. See OpenSolaris.org Crossbow blog page.

External Blogs
See the Community page

Other Links
OpenSolaris.org project page
See the Use section for practical How To guides for exploring Project Crossbow capabilities.