Crossbow: Network Virtualization and Resource Control at OpenSolaris.org

You are not signed in. or register.

OpenSolaris Project: Crossbow: Network Virtualization and Resource Control

View the leaders for this project
Project Observers

Endorsing communities

Device Drivers
HPC Developer
Logical Domains
Networking
OS/Net (ON)
Performance
Xen

Update: Crossbow was integrated in Nevada build 105 on December 4th, 2008!

Introduction to Crossbow

Crossbow provides the building blocks for network virtualization and resource control by virtualizing the stack and NIC around any service (HTTP, HTTPS, FTP, NFS, etc.), protocol or Virtual machine.

Each virtual stack can be assigned its own priority and bandwidth on a shared NIC without causing any performance degradation. The architecture dynamically manages priority and bandwidth resources, and can provide better defense against denial-of-service attacks directed at a particular service or virtual machine by isolating the impact just to that entity. The virtual stacks are separated by means of H/W classification engine such that traffic for one stack does not impact other virtual stacks.

Project Crossbow is next step in the evolution of Solaris networking stack and brings bandwidth resource control and virtualization as part of the architecture itself instead of the usual add-on layers which have heavy overheads and complexity.

Functional Components

The Crossbow architecture consists of the following major components: Virtual NICs (VNICs), network resource control using the network stack squeues, and hardware support for flow classification. These components and their interaction are represented by the following figure:

Crossbow overview

Virtual NICs

A single physical NIC can be carved up into multiple VNICs, which can be assigned to different zones or Xen instances running on the same system. VNICs are managed using the dladm(1M) command line utility which was introduced by the Nemo project. The NIC hardware classifier steers inbound traffic to the hardware receive rings that are associated with the VNICs.

Flow Management

Crossbow creates the concept of a flow, which comprises a class of traffic and a handling policy (bandwidth limit, priority, etc.) A flow, for example, can correspond to a particular protocol, service, or virtual machine. The squeues that were introduced in Solaris 10 as part of FireEngine are extended to control the resources used by flows. This is done by replacing the interrupt-driven packet processing by a polling mechanism where the squeue fetches packets from the hardware.

Hardware Support for Flow Processing

Modern NIC hardware provides capabilities that allow network traffic to be classified according to packet contents such as IP addresses, MAC addresses, upper layer protocols port numbers, etc. This classification allows us to steer incoming network traffic to different hardware receive rings (aka DMA channels, FIFOs). These receive rings are then associated with flows, which correspond to services or virtual machines, and are controlled by squeues.

Administration Model

dladm(1M) is extended to configure VNICs in a manner very similar to current link devices (create, destroy, modify, show). flowadm(1M) is provided to configure flows (create, destroy, modify, show). Each flow is affiliated with exactly one VNIC. Each VNIC has one flow when it is created. One of our major goals is to make the administration of VNICs, flows, and resource usage polices as seamless as possible. When possible, these operations will be tightly integrated with the zone administration tools.

Announcements

10 Mar 2008	Crossbow Beta bits are available
14 Feb 2008	New Crossbow Beta Pre-Release Available
20 Feb 2007	Sun Multithreaded Networking 10Gbps Card and Project Crossbow
18 Sep 2006	The IP instances piece of crossbow is now ready for design rev
25 Aug 2006	Announcing the CrossBow early access bits on OpenSolaris

News

Sun Takes Another Swing at Cloud Computing | PCWorld | 12/09/2008

Having coined the phrase "the network is the computer" more than a decade ago Sun Microsystems could expect to be leading the march towards cloud computing, but in some ways it is still at the start line.

Crossbow in production | www.reliantsec.net | 08/12/2008

This press release describes how Reliant Security uses the Crossbow beta bits in their appliance to create a virtual network.

Sun Bets On Server-Storage Convergence | InformationWeek | 10/01/2007

CEO Jonathan Schwartz combines the company's storage and server product teams to package Sun's hardware products for data center administrators.

Solaris, Virtualization Combo Floats All Boats? | InformationWeek | 08/02/2007

Bundled virtualization features in Solaris 10 are bolstering the IT industry's server business and may even have a positive impact on the storage sector, if CEO Jonathan Schwartz is to be believed.

Pulling Back The Curtain At Sun Labs | InformationWeek | 04/27/2007

Sun is working on faster switches, more efficient servers, new programming languages, and 3-D virtual workplaces.

OpenSolaris