Monday Jan 12, 2009

Project Crossbow - Introducing data structures

Crossbow is now available in OpenSolaris (build 105 upwards)!

The following text provides a high-level overview of some of the data structures that define the major crossbow components and how they tie together. The files mentioned in the text below can be viewed using OpenSolaris Source Browser. Design documents describing details can be found at Crossbow Documents.

At the topmost level is the mac_impl_t, which contains information that is specific to a device. There exists a mac_impl_t for every physical NIC as also for virtual NIC, aggregation and etherstub. The mac_impl_t for a device is created when the device registers with the MAC layer using mac_register(). The main fields in the mac_impl_t are:

  • Device info (name, type, media etc.)
  • Driver callbacks (start, stop etc.)
  • Unicast address
  • Notification callback functions.
  • Receive and Transmit group information.
  • MAC Classification Flow table
  • Virtualization Readiness
  • List of MAC clients
  • Cached Resources (bandwidth limit, CPU bindings etc.)
  • Statistics
Refer to usr/src/uts/common/sys/mac_impl.h for the complete definition. (See usr/src/uts/common/sys/mac_provider.h for information about Virtualization readiness - MAC_VIRT_NONE etc.)


The Receive and Transmit ring grouping is provided initially by the driver, and may be dynamically modified subsequently, if supported by the driver. A group - mac_group_t - contains one or more rings - mac_ring_t. See usr/src/uts/common/sys/mac_impl.h for the definition.

The MAC's Classification Flow table is used when classifying inbound packets (using the unicast address) in software. Non-unicast packets are always classified using this table.

A MAC client is associated with each link. The mac_impl_t contains a list of all the MAC clients that are created on the corresponding MAC. A MAC client is represented by mac_client_impl_t and contains the description of the MAC client and its associated resources. The main fields in the mac_client_impl_t include:

  • Flow entry associated with the MAC client
  • Underlying MAC for this client (if any).
  • Receive callback function and args.
  • Promiscuous list for this MAC client.
  • Hybrid I/O specific information.
  • List of VLANs on this MAC client.
  • List of subflows configured on this MAC client.
  • Statistics
Refer to usr/src/uts/common/sys/mac_client_impl.h for the complete definition.


The flow entry - flow_entry_t - contains information that describes the MAC client and resources associated with it. The main fields include:

  • Flow descriptor
  • Resources (bandwidth, CPU etc.) configured for this MAC client
  • Receive side SRS and related information
  • Transmit side SRS and related information
  • Receive callback function.
  • Statistics
Refer to usr/src/uts/common/sys/mac_flow_impl.h for the complete definition.


The flow descriptor is a generic structure that includes, for a MAC client, the unicast address and the VLAN ID. This is used when classifying incoming packets for a MAC client.

A VLAN id could be associated with a MAC client as a result of creating a VLAN using dladm create-vlan ... or dladm create-vnic -v .... A MAC client may have multiple VLANs associated with it in which case each VLAN will be represented by a flow_entry_t (this means all the VLANs share the same MAC unicast address, but a different VLAN id).

The subflow table contains classification information for any L3 and above flows created on the MAC client (using flowadm(1m)). Subflows are dicussed later in this text.

The resources (in flow_entry_t or mac_impl_t) essentially contains the following information:

  • Bandwidth Limit
  • Priority
  • CPU bindings
These are specified via a mac_resource_props_t structure defined in usr/src/uts/common/sys/mac_flow.h.

SRS (Soft Ring Set) - mac_soft_ring_set_t - forms the heart of packet processing on the receive and transmit side. On the transmit side a MAC client has an SRS, while on the receive side it may have more than one SRS. The main fields for a mac_soft_ring_set_t are:

  • SRS type
  • SRS state
  • Soft Ring list (if any)
  • Drain function
  • Worker and Poll thread.
  • Receive side SRS.
  • Transmit side SRS.
See usr/src/uts/common/sys/mac_soft_ring.h for the complete definition.

Transmit side SRS is responsible for accepting packets from the upper layer, applying policies such as bandwidth limit, and sending it to one of the transmit rings to be sent out (packets that are destined to MAC clients on the same MAC are just looped back). The main fields specific to transmit side SRS - mac_srs_tx_t are:

  • SRS mode
  • Trasmit function and args
  • Flow control information
  • Statistics
See usr/src/uts/common/sys/mac_soft_ring.h for the complete definition.


Receive side SRS is responsible for polling, if supported, applying policies such as bandwidth limit, and sending the packet to the upper layer. If the MAC client is hardware classified and is assigned a group with multiple receive rings, there will be an SRS for each of the receive ring in that group.The main fields specific to transmit side SRS - mac_srs_rx_t are:

  • Receive function and args
  • Polling information
  • Statistics
See usr/src/uts/common/sys/mac_soft_ring.h for the complete definition.


If there is a bandwidth limit configured on a MAC client, then the SRSs (receive and transmit) use the resource information in the MAC client's flow_entry_t to enforce the limit. If there are multiple receive SRSs for a MAC client, they all share the same bandwidth structure - mac_bw_ctl_t - to enforce the bandwidth limit for that MAC client.

Both Receive and Transmit SRSs use soft rings - mac_soft_ring_t - to fan out to the upper layer or to one of the transmit rings of the underlying driver. The soft rings may be bound to CPUs /9for distributing processing among multiple processors) if there is a CPU binding specified for the MAC client. The main fields of the mac_soft_ring_t are:

  • Callback function and args
  • Flow control information
  • Drain function
  • Worker thread
See usr/src/uts/common/sys/mac_soft_ring.h for the complete definition.


Subflows are added using flowadm(1m). These are flows that have classification parameters that include L3 and above information (IP address, protocol, port etc.). When a subflow is added on a MAC client, a flow_entry_t is created and added to the MAC clients subflow table. The flow_entry_t is the same structure that is used to represent a MAC client, except that the flow descriptor field now contains additional information based on the classifying parameters (IP address, ports etc) for that subflow.

Given that the same flow_entry_t is used to represent subflows, SRS etc. apply equally to subflows. Subflows are currently always classified in the software, i.e once the packet is classified for a MAC client (either in the hardware or software), we use that MAC client's subflow table to determine the appropriate subflow, if one exists. Processing for the packet continues in the context of the subflow's SRS.

Posted on: Jan 12, 2009

Posted by: Venugopal Iyer

Category: Sun

Permanent link to this entry | Comments [1]

Friday Mar 21, 2008

Project Crossbow beta release (contd.)

Crossbow Administration via Webmin

Crossbow beta bits can be now obtained from Download. The new features in this release are listed in What's New.

In the previous entry I touched upon additions to Webmin to work with crossbow components - VNIC and Flow. In this entry I am going to walk through the different crossbow-related administrative tasks that can be carried out using Webmin. Note that the modules that have been added to Webmin are prototype modules and are not available in the Webmin packages that are installed with any Solaris release (including OpenSolaris) or obtained from other sources. The Crossbow-aware Webmin packages are only available from the Crossbow download site

Starting Webmin
For detailed instructions refer to Webmin URL above. Briefly, you can start webmin as:
      # cd /usr/sfw/lib/webmin
      # ./setup.sh
This starts up webmin on port 10000 by default. It also uses root as the admin login and also root's passwd. You can check that the service is online using:
      # svcs -a | grep webmin
       online 21:47:30 svc:/application/management/webmin:default
Login to the webmin server from a browser using http://hostname:10000 (remotely) or http://localhost:10000 (locally), where hostname or localhost is the crossbow system being administered.
From the main menu select Network Virtualization and Resource Management - Project Crossbow from the Networking section. The following screen show up:
(To view the images clearly, you should be able to right-click on the image, select View Image and click on the resulting image to magnify. If I can update the images to a better resolution, I'll follow-up.)

image0



Crossbow Introduction
Clicking on the crossbow icon provides a summary of the features provided by Crossbow and pointers for obtaining further information. The screen looks like

image1



Crossbow Virtual NIC (VNIC)
Clicking on the VNIC icon from the main page provides a list of devices and VNICs on the system, e.g.

image2



Creating a Virtual NIC (VNIC)
Click on the device on which the VNIC needs to be created. A VNIC creation screen is brought up which prompts for information that can be specified for the new VNIC. The following screen shows an example of creating a VNIC on bge1 with a bandwidth of 500 Mbps

image3

Clicking on Create creates the VNIC on bge1 with an automatically generated MAC address and the specified bandwidth as
image4



Modifying VNIC property
Click on the bandwidth value for the VNIC which brings up the following screen that prompts for a new value

image5

Clicking on Update after entering the new value updates the VNIC's bandwidth, in this case to 200 Mbps
image6

CPU bindings for a VNIC can be modified in the same manner (i.e. by clicking on the value and providing a new one.)



Displaying a VNIC information
Once a VNIC is created it can be plumbed using ifconfig(1M) just as configuring a NIC. In this example we plumb and assign an address to vnic1
      # ifconfig vnic1 plumb 10.10.11.1/24 broadcast + up
Clicking on vnic1 from the VNIC main page will show this information as:

image7



Creating an Etherstub
Clicking on Create Ethernet Stub creates an etherstub as

image8

A VNIC can be created on this etherstub by clicking on the etherstub and providing information for the new VNIC, in this example we create a VNIC on etherstub1without specifying any properties
image9

Clicking on Create creates the VNIC and adds it to the list of VNICs anchored by etherstub1 as
image10



Deleting a Virtual NIC (VNIC)
Click on the VNIC that needs to be deleted (only a VNIC that is not plumbed can be deleted). In this example clicking on vnic2 brings up

image11

Clicking on Delete deletes vnic2 as seen in
image12



Deleting an Etherstub
Once all the VNICs that are anchored on an etherstub are deleted, the etherstub can be deleted by clicking on it. Since we have deleted vnic2, clicking on etherstub1 brings up

image13

Clicking on Delete Ethernet Stub deletes etherstub1 as seen in
image14



Flows
Clicking on Flows from the main page lists all the links on the system along with any existing flows

image15



Adding a Flow
Clicking on the link on which a flow needs to be created shows up the following to collect information about the flow, i.e. attributes and properties, if any . Clicking on bge0 to add a TCP flow

image16

Clicking on vnic1 to add a UDP flow
image17

As a result we have two flows as seen in
image18



Modifying properties for a Flow
This is similar to modifying properties for a VNIC, click on the value and input the new value in the resulting screen and Update.


Displaying and Deleting a Flow
Clicking on a flow name displays its attributes and properties. Additionally, it also provides the option to delete the flow. In this example clicking on udp_flow shows

image19

Clicking on Delete Flow deletes udp_flow as seen in
image20



Statistics and Logging
Clicking on Logging from the main page displays current cumulative statistics for all the links and flows, e.g

image21



Enable Logging
Logging statistics for links and flows can be enabled by clicking on Enable Logging. This prompts for the log file to be used

image22

In this example we are providing /var/tmp/lfile as the log file.



Displaying historical statistics
By clicking on a link or flow we can see historical information gathered in a log file for that entity. E.g if we select bge0 we are prompted for the log file which we need to look at (by default it is the log file we specified when enabling logging as mentioned above),

image23

Having selected the log file we then can specify the date (from a drop down list) we are interested in, i.e
image24

following this we can specify a time range (start time and end time from drop down lists) available for the selected date from
image25

After selecting the time range, a graph will be plotted (in this example we select information about bge0 on 3/20/2008 from 21:38:08 to 21:57:46) such as:
image26

Similarly, graphs can be plotted for VNICs and Flows. The graph is plotted using gnuplot and pnmtojpeg. By default, the plotting scripts look for gnuplot in /opt/sfw/bin and for pnmtojpeg in /opt/sfw/netpbm/bin, if you have these in a different location, update /usr/sfw/lib/webmin/netvirt/netvirt.conf to modify the path. If you don't have these utilities, you can get them by adding SFWgplot and SFWnpbm packages (these two also require SFWgcmn and SFWgcc34l). These additional packages should be available from Sun's freeware site or from the iso images available from the crossbow download site.



Disable Logging
Logging statistics for links and flows can be disabled by clicking on Disable Logging from the main logging page, which disables logging after confirming with

image22



Future Work
This is just to demonstrate the use of Webmin to administer crossbow. Apart from integrating these modules to the Webmin package (after productizing the modules), there is a lot that can be done in this space including graphical interface (with click and drop) to create vnics (virtual machines, in general), flows etc. and integrating statistics for VNICs and flows into monitoring tools among others. If folks are interested in contributing towards this please send ideas, proposals etc. to crossbow-discuss@opensolaris.org

Posted on: Mar 21, 2008

Posted by: Venugopal Iyer

Category: Sun

Permanent link to this entry | Comments [1]

Monday Mar 10, 2008

Project Crossbow beta release

Crossbow Flows - Update from the pre-beta Release

Crossbow beta bits can be now obtained from Download. The new features in this release are listed in What's New.

In the previous entry I talked about flow administration and some restrictions on flow properties with the pre-beta release bits. In this brief entry, I'll talk about changes to these restrictions. For more information about this release refer to Release Notes

The following are changes from the pre-beta release (Feb 2008) w.r.t properties on flows (this is based on the notes at the end of my blog entry on 02/17/2008):

  1. Flows with a bandwidth limit can now be added to a VNIC. Additionally, the limit on a flow need not be less than the limit of its underlying link, in the sense the limit is taken just to mean an upper limit.

  2. If a link has flows with limits, the link's bandwidth limit can be modified without having to reset the limits on its flows.

  3. If a physical NIC has a CPU list specified, flows on that NIC can have a CPU list that is equal to or a subset of the NIC's CPU list. If a physical NIC doesn't have a CPU list specified, flows on the NIC do not have any restrictions for their CPU list.

  4. If a physical NIC has a flow with CPU list specified, the NIC's CPU list cannot be modified. Before modifying the NIC's CPU list, all the flows on the NIC must have their CPU list reset

  5. The issue about modifying bandwidth limit of a flow on a link without a limit is fixed.

The following notes are still relevant to the beta release:

  1. flowadm(1m) cannot be used in a non-global zone.

  2. CPU list cannot be specified for flows on a VNIC.

  3. For correct behavior, flows should be added only to links that are plumbed.

  4. After a reboot properties, if any, on a flow are not retained.

In the next entry I'll try to touch upon the additional webmin modules we have included to administer VNIC and flows.

Posted on: Mar 10, 2008

Posted by: Venugopal Iyer

Category: Sun

Permanent link to this entry | Comments [0]

Sunday Feb 17, 2008

Project Crossbow pre-beta release

[Read More]

Posted on: Feb 17, 2008

Posted by: Venugopal Iyer

Category: Sun

Permanent link to this entry | Comments [0]

This blog copyright 2009 by Venugopal Iyer