Crossbow is a network virtualization and resource control architecture that aims to address problems with interrupt-driven packet delivery and lack of policy enforcement in traditional networking stacks. It classifies packets as low as possible and assigns unique resources like rings, interrupts, and threads per service, protocol, or virtual machine. This allows for policies to be enforced based on traffic type. The demo shows creating a virtual network interface for a virtual machine, adding a flow policy to limit SSH traffic to 50Mbps on that interface.
2. Overview
• Crossbow (The Name)
• The Past
• The Future is Present
• Past is Full of Problems
• CrossBow Architecture
• Demo
3. CrossBow (The Name)
• Crossbow was invented in 314 B.C in China
• They prevailed in middle ages when steel was used
in them
• Crossbows are easier to learn and more effective
than normal bows
• QoS mechanisms are the same as normal bows,
requires long time to master.
4. The Past
• Without QoS, life can turn into hell
• QoS mechanisms are
– Complex
– Come with a performance penalty
• The interrupt based delivery mechanism for inbound
packets and the QoS are implemented by a separate layer
• Packets are already delivered to the host memory by
means of interrupts before QoS takes place
5. The Future is Present
• Crossbow Crossbow completes
Network Virtualization
– Network Virtualization
– Resource Control
– Live Monitoring
• Networking Virtualization is
essential in today's Virtual
World
6. The Future is Present
• You can split physical NICs into multiple
VNICs
• A VNIC: a virtual network device with the
same data-link interface as a physical
interface.
• VNICs can have their own resources “DMA
channel, MAC, kernel threads and
queues”
• Each VNIC is implicitly connected to a
virtual switch that corresponds to the
physical interface.
• Virtual Machines on the same host can
communicate through Virtual Switches
7. Past is Full of Problems
• Interrupt driven packet delivery model precludes any kind of
policy enforcement and fair sharing.
• Most of the time, the processing of a critical packet is
interrupted to deal with the arrival of a non critical packet.
• The cost of dropping unwanted packets is too high
• Common queues and common threads make enforcing
policies based on traffic type very difficult.
• Pseudo NICs has no way of knowing about the hardware
capabilities of the real hardware
8. Crossbow's Architecture
• Integrates network virtualization and resource control
as part of the stack architecture.
• Pushes the classification of packets based on services,
protocols or virtual machines as far below as possible.
– Rx/Tx Rings -> CPU -> Squeue
• Rx/Tx ring, its DMA channel, MSI-X interrupt, the
Squeue, the CPU, and processing threads are unique for
the service, protocol or virtual machine
• It can be assigned a VNIC in case of Virtual Machines
9. Crossbow's Architecture
• If classification has already been done by the NIC to a
particular Rx ring the entire data link layer is bypassed
unless in promiscuous
• In case, the NIC hardware does not have classification
capability, soft rings are used in Data-link layer “Pseudo
Hardware Layer”
• The entire layered architecture is built on function
pointers known us 'upcall_func' and 'downcall_func'
10. Demo
Our demo has a vmachine on which we
wanna create a vnic for it, and put
alimit on the total nic ssh traffic
11. Demo
• Create the vnic:
root@A0059:~# dladm create-vnic -l e1000g0 f11-vnic1
• Assign the vnic to your vmachine
• Add the flow:
root@A0059:~# flowadm add-flow -l e1000g0 -a
transport=TCP,local_port=22 ssh-policy
• Set maximum bandwidth:
root@A0059:~# flowadm set-flowprop -p maxbw=50M ssh-policy
12. Thank you
Join Us
EGOSUG
http://www.opensolaris.org/os/project/egosug/
Ahmed Abdalla
http://www.Abd4llA.com
Abd4llA@AhmedAbdalla.net