SlideShare une entreprise Scribd logo

Osol Netadmin Solaris Administrator

Opeyemi Olakitan
Opeyemi Olakitan
1  sur  38
Télécharger pour lire hors ligne
Advances in OpenSolaris Network Administration Solaris Networking Sun Microsystems, Inc. September 2007
Overview • Make OpenSolaris a more compelling platform for developers, administrators, and users. • Reduce barriers to Solaris adoption by: > Making network configuration easier (Network Auto-Magic project) > Providing a uniform set of features on all network interfaces (project Clearview) > Simplifying NIC configuration and tuning (project Brussels) > Integrating virtualization & resource management into the network interface (project Crossbow) 2 Copyright 2007 Sun Microsystems, Inc.
Network Auto-Magic Automating Network Configuration 3 Copyright 2007 Sun Microsystems, Inc.
Background • It has long been painful to configure networking on Solaris. Mobility and security makes it harder: # ifconfig ath0 plumb # dladm scan-wifi LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED ath0 bar 0:18:1:e3:c2:30 wep good g 54Mb # dladm create-secobj -c wep foo provide value for 'foo': ********** confirm value for 'foo': ********** # dladm connect-wifi -e bar -k foo -s wep # ifconfig ath0 dhcp Copyright 2007 Sun Microsystems, Inc.
Why Can't This “Just Work”? Copyright 2007 Sun Microsystems, Inc.
Obviously... But why stop? • During their day Solaris users encounter many different environments. > Home > Coffee Shop > Work • And from each they might use... > VPNs > Varying security products > Varying name services • Why can't they just work also? Copyright 2007 Sun Microsystems, Inc.
NWAM • Network Auto-Magic is an OpenSolaris project to simplify and automate network configuration > Basic principle: network configuration just works > Networking should be easy to use from the moment Solaris is installed > System can automatically configure itself for networks as they become available > User has the choice to override default system behavior and set preferences Copyright 2007 Sun Microsystems, Inc.
When Configuration is Needed • Two areas of configuration: > Devices and interfaces: the Network > Services and their properties: the Environment • Can mix-and-match: a single Environment can be applied over different underlying Networks • The Network area can include dependencies: when a new link becomes available... > create a tunnel > run an arbitrary script Copyright 2007 Sun Microsystems, Inc.
What Users See By Default • System automatically chooses an interface and uses DHCP to configure IP • Wired is preferred over wireless • DHCP requests are done in parallel so that delays are minimized • If the nwam service is enabled, then /etc/hostname.<intf> files are ignored Copyright 2007 Sun Microsystems, Inc.
What You Can Do • Create Environments for the different places you go: > Home > Coffee Shop > Work • After doing some surfing at home with the Home Environment enabled, you decide to get some work done, and enable your VPN • The tunnel is detected, triggering a switch to the Work Environment Copyright 2007 Sun Microsystems, Inc.
NWAM: More Information • NWAM OpenSolaris Home > http://opensolaris.org/os/project/nwam/ • Mailing List > nwam-discuss@opensolaris.org Copyright 2007 Sun Microsystems, Inc.
Project Clearview Unified Set of Network Interface Features Copyright 2007 Sun Microsystems, Inc.
What is a Network Interface? IP Layer bge0 IP interface ifconfig S/W Data-Link Layer /dev/bge0 link snoop H/W Network Card bge card cfgadm 13 Copyright 2007 Sun Microsystems, Inc.
Project Clearview • Unify, simplify, and enhance the features provided by Solaris networking interfaces > “Network interfaces” as in ce, bge, tun, ... • Goals: > Unify network interface feature set > Simplify network interface administration > Enhance observability of network interfaces > Increase interoperability between networking features > Improve third-party network application capture 14 Copyright 2007 Sun Microsystems, Inc.
Network Interfaces: Complaints • 802.1q VLAN's work with an arbitrary subset of Ethernet networking interfaces. • 802.3ad Link Aggregation support is even worse: > Some links are aggregated with dladm(1M) > Others are aggregated with the unbundled nettr(1M) > Many cannot be aggregated at all! • Packets cannot be seen on all network interfaces > Cannot see traffic for loopback, tunnels, or IPMP groups • Network configuration is chipset-dependent > e.g., upgrading hme to bge means changing ipfilter rules 15 Copyright 2007 Sun Microsystems, Inc.
Network Interfaces: More Complaints • Only some data links are administered with dladm > Some – such as IP tunnels – are buried in ifconfig > Many cannot be directly administered at all. • Solaris IPMP – a key part of many high-availability networking deployments – often cannot be used because its odd network interface model breaks: > Dynamic routing daemons > IPsec IKE daemons > IPv6 autoconfiguration > DHCP clients > ... and countless third-party applications 16 Copyright 2007 Sun Microsystems, Inc.
Use VLANs on all Ethernet Links • If it's Ethernet, you can create a VLAN over it! # dladm create-vlan -l eri0 -v 14 blue0 # dladm show-vlan LINK VID OVER FLAGS blue0 14 eri0 ----- # ifconfig blue0 plumb 10.0.0.1 up # ifconfig blue0 blue0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3 inet 10.0.0.1 netmask ff000000 broadcast 10.255.255.255 ether 0:3:ba:44:44:2a 17 Copyright 2007 Sun Microsystems, Inc.
802.3ad Link Aggregations on any set of Ethernet Links • If it's Ethernet, you can aggregate! # dladm create-aggr -l bge0 -l ce0 customer3 # dladm show-link customer3 LINK CLASS MTU STATE OVER customer3 aggr 1500 unknown bge0 ce0 # dladm show-aggr LINK POLICY ADDRPOLICY LACPACTIVITY LACPTIMER FLAGS customer3 L4 auto off short ----- # ifconfig customer3 plumb 18 Copyright 2007 Sun Microsystems, Inc.
Give Interfaces Meaningful Names • System configuration containing interface names no longer tied to specific system or hardware • Assign meaningful names to > physical data-link interfaces > dladm rename-link bge0 admin3 > VLANs > Link Aggregations > IP tunnels > Crossbow VNICs > IPMP interfaces 19 Copyright 2007 Sun Microsystems, Inc.
Improved IPMP Administration • Represent an IPMP group as a network interface > Improves interoperability with other networking features such as dynamic routing and DHCP • New ipmpstat command: # ipmpstat -g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 outside ok 10000ms ce0 ce1 ipmp1 service degraded 20000ms qfe0 qfe3 (qfe2) [qfe1] $ ipmpstat -an ADDRESS GROUP STATE INBOUND OUTBOUND 129.146.17.55 ipmp0 up ce0 ce0 ce1 129.146.17.57 ipmp0 up ce1 ce0 ce1 128.0.0.100 ipmp1 up qfe0 qfe0 qfe3 128.0.0.101 ipmp1 up qfe3 qfe0 qfe3 128.0.0.102 ipmp1 down -- -- 20 Copyright 2007 Sun Microsystems, Inc.
Observe Packets Over any Interface • Clearview allows observability over interfaces previously not possible • Loopback > snoop -d lo0 • IP tunnel > snoop -d vpn3 • IPMP group interface > snoop -I ipmp2 21 Copyright 2007 Sun Microsystems, Inc.
Observe Packets Between Zones • Problems with zone networking observability today: > Cannot observe packets from a zone to another host > Cannot observe packets from a zone to another zone > Cannot observe packets flowing within a zone • Clearview enables such observability using tranditional network observability tools such as snoop, wireshark, etc. 22 Copyright 2007 Sun Microsystems, Inc.
Project Clearview: More Information • OpenSolaris Clearview Project > http://opensolaris.org/os/projects/clearview > Overview; design documents; links to design discussion • Mailing List > clearview-discuss@opensolaris.org 23 Copyright 2007 Sun Microsystems, Inc.
Brussels Project Simple NIC Configuration and Tuning 24 Copyright 2007 Sun Microsystems, Inc.
Brussels Project • NIC configuration and tuning is a mess: > /kernel/drv/*.conf > ndd(1M) > SPARC OBP > kstat(1M) • Methods of configuration for common features are different between drivers; confusing to administrators 25 Copyright 2007 Sun Microsystems, Inc.
Brussels Solution • All NIC configuration and tuning via dladm(1M) using “link properties”. • Common properties in scope: > Link MTU (including Jumbo Frame configuration) > Link Speed > Link Duplex > Hardware Checksum Offload > etc... 26 Copyright 2007 Sun Microsystems, Inc.
Example of Brussels Simplicity • Increasing the MTU of the bge1 interface to enable jumbo frames is done with a single dladm(1M) command: # dladm set-linkprop -p mac_default_mtu=9000 bge1 # dladm show-linkprop bge1 LINK PROPERTY VALUE DEFAULT POSSIBLE bge1 zone -- -- -- bge1 mac_duplex full full half, full bge1 mac_speed 1000 1000 10, 100,1000 bge1 mac_status up up up, down bge1 mac_autoneg 1 1 0, 1 bge1 mac_default_mtu 9000 1500 0 - 9000 27 Copyright 2007 Sun Microsystems, Inc.
Brussels: More Information • Brussels OpenSolaris Home > http://opensolaris.org/os/project/brussels/ • Mailing List > brussels-dev@opensolaris.org 28 Copyright 2007 Sun Microsystems, Inc.
Project Crossbow NIC Virtualization and Resource Management 29 Copyright 2007 Sun Microsystems, Inc.
Crossbow Features • NIC and network stack virtualization (VNICs) • Resource partitioning, QoS/Diffserv • Leverages hardware classification • Better defense against DDOS attacks • Real-time usage and history • Allows VNICs to be plumbed by Solaris zones or virtual machines running under Solaris 30 Copyright 2007 Sun Microsystems, Inc.
Virtualized Networking zoneA zoneB zoneC vnic0 vnic1 vnic2 vnic0 vnic1 vnic2 MAC/virtual switch aggr0 bge0 bge1 31 Copyright 2007 Sun Microsystems, Inc.
Virtualized Networking zoneA zoneB zoneC vnic0 vnic3 vnic1 vnic4 vnic2 vnic5 vnic0 vnic1 vnic2 vnic3 vnic4 vnic5 MAC/virtual switch MAC/virtual switch bge0 bge1 32 Copyright 2007 Sun Microsystems, Inc.
Example VNIC Usage • Creating VNICs is simple • Done using dladm(1M), as with other data-link interface administration # dladm create-vnic -l bge1 vnic1 # dladm create-vnic -l bge1 -m random -p maxbw=100M -p cpus=4,5,6 vnic2 # dladm show-vnic LINK OVER MACTYPE MACVALUE BANDWIDTH CPUS vnic1 bge1 factory 0:1:2:3:4:5 - - vnic2 bge1 random 2:5:6:7:8:9 max=100M 4,5,6 # zonecfg -z zone1 zonecfg:zone1> set ip-type=exclusive zonecfg:zone1> add net zonecfg:zone1:net> setphysical=vnic1 zonecfg:zone1:net> end 33 Copyright 2007 Sun Microsystems, Inc.
Bandwidth Partitioning & Accounting • Bandwidth limits and priorities can be assigned to NICs, VNICs, protocols, or services • Specified using dladm(1M) or flowadm(1M) • Finer grain accounting comes for free • Can track utilization of individual NICs and VNICs, services, and protocols • The Solaris extended accounting framework (exacc) maintains per flow and NIC accounting 34 Copyright 2007 Sun Microsystems, Inc.
Example Flow Creation • Flows are used to define packet classifications to which bandwidth limits and priorities may be applied • Below, we simply create a bandwidth-limited HTTP flow for the bge0 interface: # flowadm create-flow -l bge0 protocol=tcp local_port=443 http-1 # flowadm set-flowprop -l bge0 -p maxbw=100M http-1 35 Copyright 2007 Sun Microsystems, Inc.
Crossbow: More Information • Crossbow OpenSolaris Home > http://www.opensolaris.org/os/project/crossbow/ • Mailing List > crossbow-discuss@opensolaris.org 36 Copyright 2007 Sun Microsystems, Inc.
Related OpenSolaris Networking Projects • Quagga Routing Protocol Suite > http://www.opensolaris.org/os/project/quagga/ • RBridge (IETF TRILL) Support > http://www.opensolaris.org/os/project/rbridges/ • Virtual Network Machines > http://www.opensolaris.org/os/project/vnm/ • OpenSolaris Networking Community > http://www.opensolaris.org/os/community/networking/ 37 Copyright 2007 Sun Microsystems, Inc.
Advances in Solaris Network Administration networking-discuss@opensolaris.org

Recommandé

OpenSolaris Introduction
OpenSolaris IntroductionOpenSolaris Introduction
OpenSolaris Introduction
satyajit_t
 
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
Frank Munz
 
Novell Open Enterprise Server for Beginners
Novell Open Enterprise Server for BeginnersNovell Open Enterprise Server for Beginners
Novell Open Enterprise Server for Beginners
Novell
 
Integrating Apple Macs Using Novell Technologies
Integrating Apple Macs Using Novell TechnologiesIntegrating Apple Macs Using Novell Technologies
Integrating Apple Macs Using Novell Technologies
Novell
 
Lessons Learned: Novell Open Enterprise Server Upgrades Made Easy
Lessons Learned: Novell Open Enterprise Server Upgrades Made EasyLessons Learned: Novell Open Enterprise Server Upgrades Made Easy
Lessons Learned: Novell Open Enterprise Server Upgrades Made Easy
Novell
 
Novell Open Enterprise Server Architecture
Novell Open Enterprise Server ArchitectureNovell Open Enterprise Server Architecture
Novell Open Enterprise Server Architecture
Novell
 
Oracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedOracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings Attached
Fuad Arshad
 
Scale14x: Are today's foss security practices robust enough in the cloud era ...
Scale14x: Are today's foss security practices robust enough in the cloud era ...Scale14x: Are today's foss security practices robust enough in the cloud era ...
Scale14x: Are today's foss security practices robust enough in the cloud era ...
The Linux Foundation
 

Recommandé

OpenSolaris Introduction
OpenSolaris IntroductionOpenSolaris Introduction
OpenSolaris Introduction
satyajit_t
 
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
Frank Munz
 
Novell Open Enterprise Server for Beginners
Novell Open Enterprise Server for BeginnersNovell Open Enterprise Server for Beginners
Novell Open Enterprise Server for Beginners
Novell
 
Integrating Apple Macs Using Novell Technologies
Integrating Apple Macs Using Novell TechnologiesIntegrating Apple Macs Using Novell Technologies
Integrating Apple Macs Using Novell Technologies
Novell
 
Lessons Learned: Novell Open Enterprise Server Upgrades Made Easy
Lessons Learned: Novell Open Enterprise Server Upgrades Made EasyLessons Learned: Novell Open Enterprise Server Upgrades Made Easy
Lessons Learned: Novell Open Enterprise Server Upgrades Made Easy
Novell
 
Novell Open Enterprise Server Architecture
Novell Open Enterprise Server ArchitectureNovell Open Enterprise Server Architecture
Novell Open Enterprise Server Architecture
Novell
 
Oracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedOracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings Attached
Fuad Arshad
 
Scale14x: Are today's foss security practices robust enough in the cloud era ...
Scale14x: Are today's foss security practices robust enough in the cloud era ...Scale14x: Are today's foss security practices robust enough in the cloud era ...
Scale14x: Are today's foss security practices robust enough in the cloud era ...
The Linux Foundation
 
Solaris linux-administrator-resume-nj
Solaris linux-administrator-resume-njSolaris linux-administrator-resume-nj
Solaris linux-administrator-resume-nj
Vikas Pandey
 
Cloud Foundry and OpenStack
Cloud Foundry and OpenStackCloud Foundry and OpenStack
Cloud Foundry and OpenStack
vadimspivak
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
The Linux Foundation
 
Again music
Again musicAgain music
Again music
variable_orr
 
Solaris cluster roadshow day 1 technical presentation
Solaris cluster roadshow day 1 technical presentationSolaris cluster roadshow day 1 technical presentation
Solaris cluster roadshow day 1 technical presentation
xKinAnx
 
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -EucalyptusOpen Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -Eucalyptus
Sameer Naik
 
Mobility Solutions for Novell GroupWise
Mobility Solutions for Novell GroupWiseMobility Solutions for Novell GroupWise
Mobility Solutions for Novell GroupWise
Novell
 
Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides
marklucovsky
 
My sql roadmap 2008 2009
My sql roadmap 2008 2009My sql roadmap 2008 2009
My sql roadmap 2008 2009
xKinAnx
 
Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11
glynnfoster
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
Novell
 
Dell openstack boston meetup dell crowbar and open stack
Dell openstack boston meetup dell crowbar and open stackDell openstack boston meetup dell crowbar and open stack
Dell openstack boston meetup dell crowbar and open stack
DellCloudEdge
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
Simon Haslam
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
The Linux Foundation
 
Win2k8 cluster kaliyan
Win2k8 cluster kaliyanWin2k8 cluster kaliyan
Win2k8 cluster kaliyan
Kaliyan S
 
Presentation cloud orchestration
Presentation cloud orchestrationPresentation cloud orchestration
Presentation cloud orchestration
xKinAnx
 
Managing Oracle Solaris Systems with Puppet
Managing Oracle Solaris Systems with PuppetManaging Oracle Solaris Systems with Puppet
Managing Oracle Solaris Systems with Puppet
glynnfoster
 
Using Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell ApplicationsUsing Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell Applications
Novell
 
Oda as an enterprise solution at walgreens oow 2012 v7
Oda as an enterprise solution at walgreens oow 2012 v7Oda as an enterprise solution at walgreens oow 2012 v7
Oda as an enterprise solution at walgreens oow 2012 v7
Fuad Arshad
 
Open solaris customer presentation
Open solaris customer presentationOpen solaris customer presentation
Open solaris customer presentation
xKinAnx
 
Illumos la-jan11
Illumos la-jan11Illumos la-jan11
Illumos la-jan11
Evan Powell
 
XS Boston 2008 OpenSolaris
XS Boston 2008 OpenSolarisXS Boston 2008 OpenSolaris
XS Boston 2008 OpenSolaris
The Linux Foundation
 

Contenu connexe

Tendances

Cloud Foundry and OpenStack
Cloud Foundry and OpenStackCloud Foundry and OpenStack
Cloud Foundry and OpenStack
vadimspivak
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
The Linux Foundation
 
Solaris cluster roadshow day 1 technical presentation
Solaris cluster roadshow day 1 technical presentationSolaris cluster roadshow day 1 technical presentation
Solaris cluster roadshow day 1 technical presentation
xKinAnx
 
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -EucalyptusOpen Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -Eucalyptus
Sameer Naik
 
My sql roadmap 2008 2009
My sql roadmap 2008 2009My sql roadmap 2008 2009
My sql roadmap 2008 2009
xKinAnx
 
Dell openstack boston meetup dell crowbar and open stack
Dell openstack boston meetup dell crowbar and open stackDell openstack boston meetup dell crowbar and open stack
Dell openstack boston meetup dell crowbar and open stack
DellCloudEdge
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
The Linux Foundation
 
Using Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell ApplicationsUsing Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell Applications
Novell
 
Oda as an enterprise solution at walgreens oow 2012 v7
Oda as an enterprise solution at walgreens oow 2012 v7Oda as an enterprise solution at walgreens oow 2012 v7
Oda as an enterprise solution at walgreens oow 2012 v7
Fuad Arshad
 
Open solaris customer presentation
Open solaris customer presentationOpen solaris customer presentation
Open solaris customer presentation
xKinAnx
 

Tendances (20)

Solaris linux-administrator-resume-nj
Solaris linux-administrator-resume-njSolaris linux-administrator-resume-nj
Solaris linux-administrator-resume-nj
 
Cloud Foundry and OpenStack
Cloud Foundry and OpenStackCloud Foundry and OpenStack
Cloud Foundry and OpenStack
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
 
Again music
Again musicAgain music
Again music
 
Solaris cluster roadshow day 1 technical presentation
Solaris cluster roadshow day 1 technical presentationSolaris cluster roadshow day 1 technical presentation
Solaris cluster roadshow day 1 technical presentation
 
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -EucalyptusOpen Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -Eucalyptus
 
Mobility Solutions for Novell GroupWise
Mobility Solutions for Novell GroupWiseMobility Solutions for Novell GroupWise
Mobility Solutions for Novell GroupWise
 
Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides
 
My sql roadmap 2008 2009
My sql roadmap 2008 2009My sql roadmap 2008 2009
My sql roadmap 2008 2009
 
Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
 
Dell openstack boston meetup dell crowbar and open stack
Dell openstack boston meetup dell crowbar and open stackDell openstack boston meetup dell crowbar and open stack
Dell openstack boston meetup dell crowbar and open stack
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
 
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, CitrixOSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix
 
Win2k8 cluster kaliyan
Win2k8 cluster kaliyanWin2k8 cluster kaliyan
Win2k8 cluster kaliyan
 
Presentation cloud orchestration
Presentation cloud orchestrationPresentation cloud orchestration
Presentation cloud orchestration
 
Managing Oracle Solaris Systems with Puppet
Managing Oracle Solaris Systems with PuppetManaging Oracle Solaris Systems with Puppet
Managing Oracle Solaris Systems with Puppet
 
Using Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell ApplicationsUsing Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell Applications
 
Oda as an enterprise solution at walgreens oow 2012 v7
Oda as an enterprise solution at walgreens oow 2012 v7Oda as an enterprise solution at walgreens oow 2012 v7
Oda as an enterprise solution at walgreens oow 2012 v7
 
Open solaris customer presentation
Open solaris customer presentationOpen solaris customer presentation
Open solaris customer presentation
 

En vedette

Illumos la-jan11
Illumos la-jan11Illumos la-jan11
Illumos la-jan11
Evan Powell
 
OpenSolaris Clusters And Clouds From Your Laptop
OpenSolaris Clusters And Clouds From Your LaptopOpenSolaris Clusters And Clouds From Your Laptop
OpenSolaris Clusters And Clouds From Your Laptop
bogdanv
 
Open Solaris Introduction: How to make it feel like home
Open Solaris Introduction: How to make it feel like homeOpen Solaris Introduction: How to make it feel like home
Open Solaris Introduction: How to make it feel like home
Ahmed Saeed
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
Brendan Gregg
 

En vedette (12)

Illumos la-jan11
Illumos la-jan11Illumos la-jan11
Illumos la-jan11
 
XS Boston 2008 OpenSolaris
XS Boston 2008 OpenSolarisXS Boston 2008 OpenSolaris
XS Boston 2008 OpenSolaris
 
Introducción a OpenSolaris
Introducción a OpenSolarisIntroducción a OpenSolaris
Introducción a OpenSolaris
 
OpenSolaris Web Stack MySQL BOF
OpenSolaris Web Stack MySQL BOFOpenSolaris Web Stack MySQL BOF
OpenSolaris Web Stack MySQL BOF
 
OpenSolaris Clusters And Clouds From Your Laptop
OpenSolaris Clusters And Clouds From Your LaptopOpenSolaris Clusters And Clouds From Your Laptop
OpenSolaris Clusters And Clouds From Your Laptop
 
Open Solaris Introduction: How to make it feel like home
Open Solaris Introduction: How to make it feel like homeOpen Solaris Introduction: How to make it feel like home
Open Solaris Introduction: How to make it feel like home
 
OpenSolaris On EeePc at Osc Spring
OpenSolaris On EeePc at Osc SpringOpenSolaris On EeePc at Osc Spring
OpenSolaris On EeePc at Osc Spring
 
OpenSolaris School OS Beginners Guide
OpenSolaris School OS Beginners GuideOpenSolaris School OS Beginners Guide
OpenSolaris School OS Beginners Guide
 
OpenSolaris 2009.06 Workshop
OpenSolaris 2009.06 WorkshopOpenSolaris 2009.06 Workshop
OpenSolaris 2009.06 Workshop
 
Solaris vs Linux
Solaris vs LinuxSolaris vs Linux
Solaris vs Linux
 
What Linux can learn from Solaris performance and vice-versa
What Linux can learn from Solaris performance and vice-versaWhat Linux can learn from Solaris performance and vice-versa
What Linux can learn from Solaris performance and vice-versa
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 

Similaire à Osol Netadmin Solaris Administrator

Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
robertguerra
 
08 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 13082808 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 130828
Mason Mei
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SAMeh Zaghloul
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
Brad Eckert
 

Similaire à Osol Netadmin Solaris Administrator (20)

IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013IBM System Networking Overview - Jul 2013
IBM System Networking Overview - Jul 2013
 
3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud3 Ways to Connect to the Oracle Cloud
3 Ways to Connect to the Oracle Cloud
 
2596 - Integrating PureApplication System Into Your Network
2596 - Integrating PureApplication System Into Your Network2596 - Integrating PureApplication System Into Your Network
2596 - Integrating PureApplication System Into Your Network
 
Networking Concepts and Tools for the Cloud
Networking Concepts and Tools for the CloudNetworking Concepts and Tools for the Cloud
Networking Concepts and Tools for the Cloud
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
Open Networking for Your OpenStack
Open Networking for Your OpenStackOpen Networking for Your OpenStack
Open Networking for Your OpenStack
 
OpenFlow: What is it Good For?
OpenFlow: What is it Good For? OpenFlow: What is it Good For?
OpenFlow: What is it Good For?
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization Overlays
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
 
Introduction to Software-defined Networking
Introduction to Software-defined NetworkingIntroduction to Software-defined Networking
Introduction to Software-defined Networking
 
08 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 13082808 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 130828
 
OpenStack Tokyo 2015: Connecting the Dots with Neutron
OpenStack Tokyo 2015: Connecting the Dots with NeutronOpenStack Tokyo 2015: Connecting the Dots with Neutron
OpenStack Tokyo 2015: Connecting the Dots with Neutron
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStack
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfv
 
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 

Osol Netadmin Solaris Administrator

  • 1. Advances in OpenSolaris Network Administration Solaris Networking Sun Microsystems, Inc. September 2007
  • 2. Overview • Make OpenSolaris a more compelling platform for developers, administrators, and users. • Reduce barriers to Solaris adoption by: > Making network configuration easier (Network Auto-Magic project) > Providing a uniform set of features on all network interfaces (project Clearview) > Simplifying NIC configuration and tuning (project Brussels) > Integrating virtualization & resource management into the network interface (project Crossbow) 2 Copyright 2007 Sun Microsystems, Inc.
  • 3. Network Auto-Magic Automating Network Configuration 3 Copyright 2007 Sun Microsystems, Inc.
  • 4. Background • It has long been painful to configure networking on Solaris. Mobility and security makes it harder: # ifconfig ath0 plumb # dladm scan-wifi LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED ath0 bar 0:18:1:e3:c2:30 wep good g 54Mb # dladm create-secobj -c wep foo provide value for 'foo': ********** confirm value for 'foo': ********** # dladm connect-wifi -e bar -k foo -s wep # ifconfig ath0 dhcp Copyright 2007 Sun Microsystems, Inc.
  • 5. Why Can't This “Just Work”? Copyright 2007 Sun Microsystems, Inc.
  • 6. Obviously... But why stop? • During their day Solaris users encounter many different environments. > Home > Coffee Shop > Work • And from each they might use... > VPNs > Varying security products > Varying name services • Why can't they just work also? Copyright 2007 Sun Microsystems, Inc.
  • 7. NWAM • Network Auto-Magic is an OpenSolaris project to simplify and automate network configuration > Basic principle: network configuration just works > Networking should be easy to use from the moment Solaris is installed > System can automatically configure itself for networks as they become available > User has the choice to override default system behavior and set preferences Copyright 2007 Sun Microsystems, Inc.
  • 8. When Configuration is Needed • Two areas of configuration: > Devices and interfaces: the Network > Services and their properties: the Environment • Can mix-and-match: a single Environment can be applied over different underlying Networks • The Network area can include dependencies: when a new link becomes available... > create a tunnel > run an arbitrary script Copyright 2007 Sun Microsystems, Inc.
  • 9. What Users See By Default • System automatically chooses an interface and uses DHCP to configure IP • Wired is preferred over wireless • DHCP requests are done in parallel so that delays are minimized • If the nwam service is enabled, then /etc/hostname.<intf> files are ignored Copyright 2007 Sun Microsystems, Inc.
  • 10. What You Can Do • Create Environments for the different places you go: > Home > Coffee Shop > Work • After doing some surfing at home with the Home Environment enabled, you decide to get some work done, and enable your VPN • The tunnel is detected, triggering a switch to the Work Environment Copyright 2007 Sun Microsystems, Inc.
  • 11. NWAM: More Information • NWAM OpenSolaris Home > http://opensolaris.org/os/project/nwam/ • Mailing List > nwam-discuss@opensolaris.org Copyright 2007 Sun Microsystems, Inc.
  • 12. Project Clearview Unified Set of Network Interface Features Copyright 2007 Sun Microsystems, Inc.
  • 13. What is a Network Interface? IP Layer bge0 IP interface ifconfig S/W Data-Link Layer /dev/bge0 link snoop H/W Network Card bge card cfgadm 13 Copyright 2007 Sun Microsystems, Inc.
  • 14. Project Clearview • Unify, simplify, and enhance the features provided by Solaris networking interfaces > “Network interfaces” as in ce, bge, tun, ... • Goals: > Unify network interface feature set > Simplify network interface administration > Enhance observability of network interfaces > Increase interoperability between networking features > Improve third-party network application capture 14 Copyright 2007 Sun Microsystems, Inc.
  • 15. Network Interfaces: Complaints • 802.1q VLAN's work with an arbitrary subset of Ethernet networking interfaces. • 802.3ad Link Aggregation support is even worse: > Some links are aggregated with dladm(1M) > Others are aggregated with the unbundled nettr(1M) > Many cannot be aggregated at all! • Packets cannot be seen on all network interfaces > Cannot see traffic for loopback, tunnels, or IPMP groups • Network configuration is chipset-dependent > e.g., upgrading hme to bge means changing ipfilter rules 15 Copyright 2007 Sun Microsystems, Inc.
  • 16. Network Interfaces: More Complaints • Only some data links are administered with dladm > Some – such as IP tunnels – are buried in ifconfig > Many cannot be directly administered at all. • Solaris IPMP – a key part of many high-availability networking deployments – often cannot be used because its odd network interface model breaks: > Dynamic routing daemons > IPsec IKE daemons > IPv6 autoconfiguration > DHCP clients > ... and countless third-party applications 16 Copyright 2007 Sun Microsystems, Inc.
  • 17. Use VLANs on all Ethernet Links • If it's Ethernet, you can create a VLAN over it! # dladm create-vlan -l eri0 -v 14 blue0 # dladm show-vlan LINK VID OVER FLAGS blue0 14 eri0 ----- # ifconfig blue0 plumb 10.0.0.1 up # ifconfig blue0 blue0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3 inet 10.0.0.1 netmask ff000000 broadcast 10.255.255.255 ether 0:3:ba:44:44:2a 17 Copyright 2007 Sun Microsystems, Inc.
  • 18. 802.3ad Link Aggregations on any set of Ethernet Links • If it's Ethernet, you can aggregate! # dladm create-aggr -l bge0 -l ce0 customer3 # dladm show-link customer3 LINK CLASS MTU STATE OVER customer3 aggr 1500 unknown bge0 ce0 # dladm show-aggr LINK POLICY ADDRPOLICY LACPACTIVITY LACPTIMER FLAGS customer3 L4 auto off short ----- # ifconfig customer3 plumb 18 Copyright 2007 Sun Microsystems, Inc.
  • 19. Give Interfaces Meaningful Names • System configuration containing interface names no longer tied to specific system or hardware • Assign meaningful names to > physical data-link interfaces > dladm rename-link bge0 admin3 > VLANs > Link Aggregations > IP tunnels > Crossbow VNICs > IPMP interfaces 19 Copyright 2007 Sun Microsystems, Inc.
  • 20. Improved IPMP Administration • Represent an IPMP group as a network interface > Improves interoperability with other networking features such as dynamic routing and DHCP • New ipmpstat command: # ipmpstat -g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 outside ok 10000ms ce0 ce1 ipmp1 service degraded 20000ms qfe0 qfe3 (qfe2) [qfe1] $ ipmpstat -an ADDRESS GROUP STATE INBOUND OUTBOUND 129.146.17.55 ipmp0 up ce0 ce0 ce1 129.146.17.57 ipmp0 up ce1 ce0 ce1 128.0.0.100 ipmp1 up qfe0 qfe0 qfe3 128.0.0.101 ipmp1 up qfe3 qfe0 qfe3 128.0.0.102 ipmp1 down -- -- 20 Copyright 2007 Sun Microsystems, Inc.
  • 21. Observe Packets Over any Interface • Clearview allows observability over interfaces previously not possible • Loopback > snoop -d lo0 • IP tunnel > snoop -d vpn3 • IPMP group interface > snoop -I ipmp2 21 Copyright 2007 Sun Microsystems, Inc.
  • 22. Observe Packets Between Zones • Problems with zone networking observability today: > Cannot observe packets from a zone to another host > Cannot observe packets from a zone to another zone > Cannot observe packets flowing within a zone • Clearview enables such observability using tranditional network observability tools such as snoop, wireshark, etc. 22 Copyright 2007 Sun Microsystems, Inc.
  • 23. Project Clearview: More Information • OpenSolaris Clearview Project > http://opensolaris.org/os/projects/clearview > Overview; design documents; links to design discussion • Mailing List > clearview-discuss@opensolaris.org 23 Copyright 2007 Sun Microsystems, Inc.
  • 24. Brussels Project Simple NIC Configuration and Tuning 24 Copyright 2007 Sun Microsystems, Inc.
  • 25. Brussels Project • NIC configuration and tuning is a mess: > /kernel/drv/*.conf > ndd(1M) > SPARC OBP > kstat(1M) • Methods of configuration for common features are different between drivers; confusing to administrators 25 Copyright 2007 Sun Microsystems, Inc.
  • 26. Brussels Solution • All NIC configuration and tuning via dladm(1M) using “link properties”. • Common properties in scope: > Link MTU (including Jumbo Frame configuration) > Link Speed > Link Duplex > Hardware Checksum Offload > etc... 26 Copyright 2007 Sun Microsystems, Inc.
  • 27. Example of Brussels Simplicity • Increasing the MTU of the bge1 interface to enable jumbo frames is done with a single dladm(1M) command: # dladm set-linkprop -p mac_default_mtu=9000 bge1 # dladm show-linkprop bge1 LINK PROPERTY VALUE DEFAULT POSSIBLE bge1 zone -- -- -- bge1 mac_duplex full full half, full bge1 mac_speed 1000 1000 10, 100,1000 bge1 mac_status up up up, down bge1 mac_autoneg 1 1 0, 1 bge1 mac_default_mtu 9000 1500 0 - 9000 27 Copyright 2007 Sun Microsystems, Inc.
  • 28. Brussels: More Information • Brussels OpenSolaris Home > http://opensolaris.org/os/project/brussels/ • Mailing List > brussels-dev@opensolaris.org 28 Copyright 2007 Sun Microsystems, Inc.
  • 29. Project Crossbow NIC Virtualization and Resource Management 29 Copyright 2007 Sun Microsystems, Inc.
  • 30. Crossbow Features • NIC and network stack virtualization (VNICs) • Resource partitioning, QoS/Diffserv • Leverages hardware classification • Better defense against DDOS attacks • Real-time usage and history • Allows VNICs to be plumbed by Solaris zones or virtual machines running under Solaris 30 Copyright 2007 Sun Microsystems, Inc.
  • 31. Virtualized Networking zoneA zoneB zoneC vnic0 vnic1 vnic2 vnic0 vnic1 vnic2 MAC/virtual switch aggr0 bge0 bge1 31 Copyright 2007 Sun Microsystems, Inc.
  • 32. Virtualized Networking zoneA zoneB zoneC vnic0 vnic3 vnic1 vnic4 vnic2 vnic5 vnic0 vnic1 vnic2 vnic3 vnic4 vnic5 MAC/virtual switch MAC/virtual switch bge0 bge1 32 Copyright 2007 Sun Microsystems, Inc.
  • 33. Example VNIC Usage • Creating VNICs is simple • Done using dladm(1M), as with other data-link interface administration # dladm create-vnic -l bge1 vnic1 # dladm create-vnic -l bge1 -m random -p maxbw=100M -p cpus=4,5,6 vnic2 # dladm show-vnic LINK OVER MACTYPE MACVALUE BANDWIDTH CPUS vnic1 bge1 factory 0:1:2:3:4:5 - - vnic2 bge1 random 2:5:6:7:8:9 max=100M 4,5,6 # zonecfg -z zone1 zonecfg:zone1> set ip-type=exclusive zonecfg:zone1> add net zonecfg:zone1:net> setphysical=vnic1 zonecfg:zone1:net> end 33 Copyright 2007 Sun Microsystems, Inc.
  • 34. Bandwidth Partitioning & Accounting • Bandwidth limits and priorities can be assigned to NICs, VNICs, protocols, or services • Specified using dladm(1M) or flowadm(1M) • Finer grain accounting comes for free • Can track utilization of individual NICs and VNICs, services, and protocols • The Solaris extended accounting framework (exacc) maintains per flow and NIC accounting 34 Copyright 2007 Sun Microsystems, Inc.
  • 35. Example Flow Creation • Flows are used to define packet classifications to which bandwidth limits and priorities may be applied • Below, we simply create a bandwidth-limited HTTP flow for the bge0 interface: # flowadm create-flow -l bge0 protocol=tcp local_port=443 http-1 # flowadm set-flowprop -l bge0 -p maxbw=100M http-1 35 Copyright 2007 Sun Microsystems, Inc.
  • 36. Crossbow: More Information • Crossbow OpenSolaris Home > http://www.opensolaris.org/os/project/crossbow/ • Mailing List > crossbow-discuss@opensolaris.org 36 Copyright 2007 Sun Microsystems, Inc.
  • 37. Related OpenSolaris Networking Projects • Quagga Routing Protocol Suite > http://www.opensolaris.org/os/project/quagga/ • RBridge (IETF TRILL) Support > http://www.opensolaris.org/os/project/rbridges/ • Virtual Network Machines > http://www.opensolaris.org/os/project/vnm/ • OpenSolaris Networking Community > http://www.opensolaris.org/os/community/networking/ 37 Copyright 2007 Sun Microsystems, Inc.
  • 38. Advances in Solaris Network Administration networking-discuss@opensolaris.org