all bow to opensolaris crossbow

of 12 /12
All bow to OpenSolaris CrossBow Abd4llA EGOSUG

Author: ahmed-abdalla

Post on 12-Jun-2015




2 download

Embed Size (px)


My presentation at the H4ck3rz Due conference, it was sponsored by EGOSUG


  • 1. All bow to OpenSolaris CrossBowAbd4llA EGOSUG

2. Overview Crossbow (The Name) The Past The Future is Present Past is Full of Problems CrossBow Architecture Demo 3. CrossBow (The Name) Crossbow was invented in 314 B.C in China They prevailed in middle ages when steel was used in them Crossbows are easier to learn and more effective than normal bows QoS mechanisms are the same as normal bows, requires long time to master. 4. The Past Without QoS, life can turn into hell QoS mechanisms are Complex Come with a performance penalty The interrupt based delivery mechanism for inbound packets and the QoS are implemented by a separate layer Packets are already delivered to the host memory by means of interrupts before QoS takes place 5. The Future is Present Crossbow Crossbow completesNetwork Virtualization Network Virtualization Resource Control Live Monitoring Networking Virtualization is essential in today's Virtual World 6. The Future is Present You can split physical NICs into multiple VNICs A VNIC: a virtual network device with the same data-link interface as a physical interface. VNICs can have their own resources DMA channel, MAC, kernel threads and queues Each VNIC is implicitly connected to a virtual switch that corresponds to the physical interface. Virtual Machines on the same host can communicate through Virtual Switches 7. Past is Full of Problems Interrupt driven packet delivery model precludes any kind of policy enforcement and fair sharing. Most of the time, the processing of a critical packet is interrupted to deal with the arrival of a non critical packet. The cost of dropping unwanted packets is too high Common queues and common threads make enforcing policies based on traffic type very difficult. Pseudo NICs has no way of knowing about the hardware capabilities of the real hardware 8. Crossbow's Architecture Integrates network virtualization and resource control as part of the stack architecture. Pushes the classification of packets based on services, protocols or virtual machines as far below as possible. Rx/Tx Rings -> CPU -> Squeue Rx/Tx ring, its DMA channel, MSI-X interrupt, the Squeue, the CPU, and processing threads are unique for the service, protocol or virtual machine It can be assigned a VNIC in case of Virtual Machines 9. Crossbow's Architecture If classification has already been done by the NIC to a particular Rx ring the entire data link layer is bypassed unless in promiscuous In case, the NIC hardware does not have classification capability, soft rings are used in Data-link layer Pseudo Hardware Layer The entire layered architecture is built on function pointers known us 'upcall_func' and 'downcall_func' 10. Demo Our demo has a vmachine on which we wanna create a vnic for it, and put alimit on the total nic ssh traffic 11. Demo Create the vnic: [email protected]:~# dladm create-vnic -l e1000g0 f11-vnic1 Assign the vnic to your vmachine Add the flow: [email protected]:~# flowadm add-flow -l e1000g0 -a transport=TCP,local_port=22 ssh-policy Set maximum bandwidth: [email protected]:~# flowadm set-flowprop -p maxbw=50M ssh-policy 12. Thank youJoin Us EGOSUG Abdalla [email protected]