How to Control the Zone’s Network Bandwidth on Solaris 11?

Oracle has made a lot of changes in Solaris 11’s network architecture compare to Solaris 10. Solaris 11’s network virtualization and network resource control to the OS is absolutely brilliant. The biggest problem with Oracle Solaris 10 is that we have forced to use shared IP type for local zones , since exclusive IP type  required a dedicated NIC’s for each zone. In shared IP model, you can’t be able to separate the network traffic of local zones.For an example  if there is an issue with one local zone ,then you have to run snoop command from global zone to capture the network traffic. But in Solaris 11, you can able to run snoop command from local zone itself.
So you no need to capture the unnecessary traffic of global and other local zones.

How to install local zone on solaris 11 ? 
How to clone the local zone on Solaris 11 ?Goal:1 Setting the network bandwidth for each local zone’s VNIC,
           (Ex: Net0 – 300Mb/s – net0/uaz1 500Mb/s – net0/uaz2)
Goal:2 Setting speed control to specific IP. 
          (Ex:net0/uaz1 to remote IP speed – 100Mb/s)

root@UAAIS:~# zoneadm list -cv
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              solaris  shared
   4 uaz2             running    /export/zones/uaz2             solaris  excl
   5 uaz1             running    /export/zones/uaz1             solaris  excl
root@UAAIS:~#
root@UAAIS:~# zonecfg -z uaz2 info
zonename: uaz2
zonepath: /export/zones/uaz2
brand: solaris
autoboot: false
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
anet:
        linkname: net0
----Some of the output surpassed----
root@UAAIS:~# zonecfg -z uaz1 info
zonename: uaz1
zonepath: /export/zones/uaz1
brand: solaris
autoboot: false
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
anet:
        linkname: net0
----Some of the output surpassed----
root@UAAIS:~# dladm show-phys
LINK              MEDIA                STATE      SPEED  DUPLEX    DEVICE
net0              Ethernet             up         1000   full      e1000g0
net1              Ethernet             unknown    0      unknown   e1000g1
net2              Ethernet             unknown    1000   full      e1000g2
root@UAAIS:~#

Here is the network configuration of both the local zones.

root@UAAIS:~# zlogin uaz2 ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
lo0               loopback   ok           --         --
   lo0/v4         static     ok           --         127.0.0.1/8
   lo0/v6         static     ok           --         ::1/128
net0              ip         ok           --         --
   net0/v4        static     ok           --         192.168.2.52/24
   net0/v6        addrconf   ok           --         fe80::8:20ff:fe87:d288/10
root@UAAIS:~# zlogin uaz1 ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
lo0               loopback   ok           --         --
   lo0/v4         static     ok           --         127.0.0.1/8
   lo0/v6         static     ok           --         ::1/128
net0              ip         ok           --         --
   net0/v4        static     ok           --         192.168.2.51/24
   net0/v6        addrconf   ok           --         fe80::8:20ff:fe38:8d7c/10
root@UAAIS:~#

GOAL:1 
1.Checking the existing link speed for local zone uaz1.

root@UAAIS:~# zlogin uaz1 dladm show-vnic
LINK                OVER         SPEED  MACADDRESS        MACADDRTYPE       VID
net0                ?            1000   2:8:20:38:8d:7c   random            0
root@UAAIS:~#

2.Limit the network bandwidth to 300Mb/s for uaz1 local zone by modifying the zone’s configuration.  (maxbw=300M) maxbw- Maximum Bandwidth.

root@UAAIS:~# zonecfg -z uaz1
zonecfg:uaz1> select anet linkname=net0
zonecfg:uaz1:anet> info
anet:
        linkname: net0
        lower-link: auto
        allowed-address not specified
        configure-allowed-address: true
        defrouter not specified
        allowed-dhcp-cids not specified
        link-protection: mac-nospoof
        mac-address: random
        auto-mac-address: 2:8:20:38:8d:7c
        mac-prefix not specified
        mac-slot not specified
        vlan-id not specified
        priority not specified
        rxrings not specified
        txrings not specified
        mtu not specified
        maxbw not specified
        rxfanout not specified
        vsi-typeid not specified
        vsi-vers not specified
        vsi-mgrid not specified
        etsbw-lcl not specified
        cos not specified
        pkey not specified
        linkmode not specified
zonecfg:uaz1:anet> set maxbw=300M
zonecfg:uaz1:anet> info
anet:
        linkname: net0
        lower-link: auto
        allowed-address not specified
        configure-allowed-address: true
        defrouter not specified
        allowed-dhcp-cids not specified
        link-protection: mac-nospoof
        mac-address: random
        auto-mac-address: 2:8:20:38:8d:7c
        mac-prefix not specified
        mac-slot not specified
        vlan-id not specified
        priority not specified
        rxrings not specified
        txrings not specified
        mtu not specified
        maxbw: 300M
        rxfanout not specified
        vsi-typeid not specified
        vsi-vers not specified
        vsi-mgrid not specified
        etsbw-lcl not specified
        cos not specified
        pkey not specified
        linkmode not specified
zonecfg:uaz1:anet> end
zonecfg:uaz1> verify
zonecfg:uaz1> commit
zonecfg:uaz1> exit

3.Reboot the local zone and see the new setting take effect. Now the local zone uaz1 speed will be reduced to 300Mb/s.

root@UAAIS:~# zlogin uaz1 dladm show-vnic
LINK                OVER         SPEED  MACADDRESS        MACADDRTYPE       VID
net0                ?            1000   2:8:20:38:8d:7c   random            0
root@UAAIS:~# zoneadm -z uaz1 reboot
root@UAAIS:~#
root@UAAIS:~# zlogin uaz1 dladm show-vnic
LINK                OVER         SPEED  MACADDRESS        MACADDRTYPE       VID
net0                ?            300    2:8:20:38:8d:7c   random            0
root@UAAIS:~#

Note:You can also change the link speed on the fly by running dladm command.See my comments.

4.Now you can perform the same steps for second local zone as well.

root@UAAIS:~# zonecfg -z uaz2
zonecfg:uaz2> select anet linkname=net0
zonecfg:uaz2:anet> set maxbw=500M
zonecfg:uaz2:anet> end
zonecfg:uaz2> verify
zonecfg:uaz2> commit
zonecfg:uaz2> exit
root@UAAIS:~# zlogin uaz2 dladm show-vnic
LINK                OVER         SPEED  MACADDRESS        MACADDRTYPE       VID
net0                ?            1000   2:8:20:87:d2:88   random            0
root@UAAIS:~# zoneadm -z uaz2 reboot
root@UAAIS:~# zlogin uaz2 dladm show-vnic
LINK                OVER         SPEED  MACADDRESS        MACADDRTYPE       VID
net0                ?            500    2:8:20:87:d2:88   random            0
root@UAAIS:~#

To see currently implemented settings from global zone,

root@UAAIS:~# dladm show-vnic 
LINK                OVER         SPEED  MACADDRESS        MACADDRTYPE       VID
uaz1/net0           net0         300    2:8:20:38:8d:7c   random            0
uaz2/net0           net0         500    2:8:20:87:d2:88   random            0
root@UAAIS:~#

We have completed the Goal:1 successfully.

Goal:2
In Solaris 11, we can also restrict the speed to the remote IP. You may wonder, why you need to restrict the link speed to specific IP but it requires in some cases. For an example, backup jobs may  utilize the complete link speed and system may not able to communicate with public network or application server.

Here we are going to set the speed limit between backup server and uaz2.
Here assume uaz1 as backup server and uaz2 as database server.

1. Login to backup server uaz1 and list the exiting flow-control 

root@UAAIS:~# zlogin uaz1
[Connected to zone 'uaz1' pts/3]
Oracle Corporation      SunOS 5.11      11.1    September 2012
root@uaz1:~# flowadm show-flow
root@uaz1:~#

2.Add the flow control to remote IP address.

root@uaz1:~# flowadm add-flow -l net0 -a remote_ip=192.168.2.52 uaz2-flow-control
root@uaz1:~# flowadm show-flow
FLOW        LINK                IPADDR                   PROTO  LPORT   RPORT   DSFLD
uaz2-flow-control net0          RMT:192.168.2.52/32      --     --      --      --
root@uaz1:~#

3.List the flow property of uaz2-flow-control.

root@uaz1:~# flowadm show-flowprop
FLOW         PROPERTY        VALUE          DEFAULT        POSSIBLE
uaz2-flow-control maxbw      --             --             --
root@uaz1:~#

4.Set the maximum bandwidth to 100M for uaz2-flow-control.

root@uaz1:~# flowadm set-flowprop -p maxbw=100M uaz2-flow-control
root@uaz1:~# flowadm show-flowprop
FLOW         PROPERTY        VALUE          DEFAULT        POSSIBLE
uaz2-flow-control maxbw        100          --             --
root@uaz1:~#

We have completed the Goal :2 as well successfully. So the backup server can communicate with uaz2 on 100Mb/s speed only. So that uaz2 can prevent from the network bottleneck.

Hope this article explained about setting the bandwidth for the interface and making the limits in the data link layer by adding flow controls.

You can perform the real test by following this article.

Thank you for visiting UnixArena.