Crossbow: Network Virtualization and Resource Control at OpenSolaris.org

You are not signed in. or register.

OpenSolaris Project: Crossbow: Network Virtualization and Resource Control

View the leaders for this project
Project Observers

Endorsing communities

Device Drivers
HPC Developer
Logical Domains
Networking
OS/Net (ON)
Performance
Xen

* Crossbow Beta bits are available *

Crossbow beta bits were released for community testing on March 10, 2008. With these bits, you can begin to test key features of Crossbow such as VNICs, ethernet stubs, and flow administration. For a full list of features, click here.

Introduction to Crossbow

Crossbow provides the building blocks for network virtualization and resource control by virtualizing the stack and NIC around any service (HTTP, HTTPS, FTP, NFS, etc.), protocol or Virtual machine.

Each virtual stack can be assigned its own priority and bandwidth on a shared NIC without causing any performance degradation. The architecture dynamically manages priority and bandwidth resources, and can provide better defense against denial-of-service attacks directed at a particular service or virtual machine by isolating the impact just to that entity. The virtual stacks are separated by means of H/W classification engine such that traffic for one stack does not impact other virtual stacks.

Project Crossbow is next step in the evolution of Solaris networking stack and brings bandwidth resource control and virtualization as part of the architecture itself instead of the usual add-on layers which have heavy overheads and complexity.

Functional Components

The Crossbow architecture consists of the following major components: Virtual NICs (VNICs), network resource control using the network stack squeues, and hardware support for flow classification. These components and their interaction are represented by the following figure:

Crossbow overview

Virtual NICs

A single physical NIC can be carved up into multiple VNICs, which can be assigned to different zones or Xen instances running on the same system. VNICs are managed using the dladm(1M) command line utility which was introduced by the Nemo project. The NIC hardware classifier steers inbound traffic to the hardware receive rings that are associated with the VNICs.

Flow Management

Crossbow creates the concept of a flow, which comprises a class of traffic and a handling policy (bandwidth limit, priority, etc.) A flow, for example, can correspond to a particular protocol, service, or virtual machine. The squeues that were introduced in Solaris 10 as part of FireEngine are extended to control the resources used by flows. This is done by replacing the interrupt-driven packet processing by a polling mechanism where the squeue fetches packets from the hardware.

Hardware Support for Flow Processing

Modern NIC hardware provides capabilities that allow network traffic to be classified according to packet contents such as IP addresses, MAC addresses, upper layer protocols port numbers, etc. This classification allows us to steer incoming network traffic to different hardware receive rings (aka DMA channels, FIFOs). These receive rings are then associated with flows, which correspond to services or virtual machines, and are controlled by squeues.

Administration Model

dladm(1M) is extended to configure VNICs in a manner very similar to current link devices (create, destroy, modify, show). flowadm(1M) is provided to configure flows (create, destroy, modify, show). Each flow is affiliated with exactly one VNIC. Each VNIC has one flow when it is created. One of our major goals is to make the administration of VNICs, flows, and resource usage polices as seamless as possible. When possible, these operations will be tightly integrated with the zone administration tools.

Announcements

10 Mar 2008	Crossbow Beta bits are available
14 Feb 2008	New Crossbow Beta Pre-Release Available
20 Feb 2007	Sun Multithreaded Networking 10Gbps Card and Project Crossbow
18 Sep 2006	The IP instances piece of crossbow is now ready for design rev
25 Aug 2006	Announcing the CrossBow early access bits on OpenSolaris

News

Crossbow in production | www.reliantsec.net | 08/12/2008

This press release describes how Reliant Security uses the Crossbow beta bits in their appliance to create a virtual network.

Network Virtualization - Enter Project Crossbow | InfoWorld | 06/11/2006

How cool would it be to be able to divide your physical network interface card (NIC) into several virtual interface cards and have the ability to prioritize networking traffic as well as having full resource control? Well, it could be a reality as Sun researchers and project "Crossbow" attempt to solve networking problems by making sure each application gets a set amount of bandwidth.

Sun working on network virtualization for Solaris 10 | virtualization.info. | 06/09/2006

Sun is heavily working on several virtualization aspects in Solaris 10 (and related OpenSolaris). Among them an interesting one is the network virtualization, driven by the codename Crossbow project...

Sun working on network virtualization for Solaris 10 | V-Magazine The Virtue in Virtualization | 06/09/2006

Duplicate article of Virtualization.info

NICed and sliced | The Register | 06/06/2006

Closer to the heart of Solaris geeks is the "Crossbow" project to virtualize NICs.

OpenSolaris