Solaris 10 What's New

Chapter 2 What's New in the Solaris 10 5/09 Release

This chapter summarizes new features in the Solaris 10 5/09 release.

System Resources Enhancements

The following system resources features and enhancements have been added to the Solaris 10 5/09 release.

Support Added for Using ZFS Clones When Cloning a Zone

If the source and the target zonepaths reside on ZFS and both are in the same pool, a snapshot of the source zonepath is taken and the zoneadm clone uses ZFS to clone the zone.

You can specify to copy a ZFS zonepath instead of specifying to clone the ZFS. If neither the source nor the target zonepath is on ZFS, or if one is on ZFS and the other is not on ZFS, the clone process uses the existing copy technique.

In all cases, the system copies the data from a source zonepath to a target zonepath if using a ZFS clone is not possible.

For more information, see the following:

zoneadm attach -b Option

Use the -b option to specify official or Interim Diagnostics Relief (IDR) patches, to be backed out of a zone during the attach. This option applies only to zone brands that use SVr4 packaging.

For more information, see the following:

System Administration Enhancements

The following system administration features and enhancements have been added to the Solaris 10 5/09 release.

SMF Services for IPsec

IP security (IPsec) is now managed by the following Solaris Management Facility (SMF) services:

The SMF management brings all the SMF features to IPsec, for example, interface consistency, capability of restarting, and fault-tracking.

Security Enhancements

The following security features and enhancements have been added to the Solaris 10 5/09 release.

NAT-Traversal for IPsec Key Management Developers

The Solaris 10 5/09 release contains a public API for User Datagram Protocol (UDP) sockets that act as IPsec Network Address Translator (NAT) Traversal endpoints.

The UDP_NAT_T_ENDPOINT socket option, when enabled, has UDP traffic prefixed with a zero security parameters index (SPI) value of four bytes on outbound traffic and strips zero SPIs on inbound traffic. Inbound traffic bound for such a socket with a nonzero SPI is automatically transferred to IPsec's Encapsulating Security Payload (ESP) for ESP-in-UDP decapsulation. ESP-in-UDP encapsulation is determined by a property in the IPsec Security Association (SA).

This feature enables IPsec key management software developers to create key management protocols that can transit NAT devices. The Solaris IKE daemon in iked(1M) uses this facility and such sockets are displayed using the pfiles(1M) command.

Stronger Algorithms for IPsec

The Solaris 10 5/09 release introduces the following algorithms for IPsec and IKE:

SunSSH With OpenSSL PKCS#11 Engine Support

This feature enables the SunSSH server and client to use Solaris Cryptographic Framework through the OpenSSL PKCS#11 engine. SunSSH uses cryptographic framework for hardware crypto acceleration of symmetric crypto algorithms which is important to the data transfer speed. This feature is aimed at UltraSPARC® T2 processor platforms with n2cp(7D) crypto driver.

UltraSPARC T1 processor platforms are not affected by this feature since the ncp(7D) driver does not support symmetric crypto algorithms. Platforms without any hardware crypto plugins are not affected by this feature, regardless of the value set for the UseOpenSSLEngine option. The default value of the UseOpenSSLEngine option is set to on and the server and client SSH configuration files need not be updated.

SunSSH should be used with Sun Crypto Accelerator 6000 board software version 1.1 with the following patches installed:

Note –

No patch is available for the Sun Crypto Accelerator 6000 board software version 1.0. To workaround this issue, remove the AES counter modes from the Ciphers option keyword on both the server and the client side.

For more information, see the ssh_config(4) and sshd_config(4)

Device Management Enhancements

The following device management feature has been added to the Solaris 10 5/09 release.

x86: T-State Support for Intel Based Processors

This feature provides the basic CPU Advanced Configuration and Power Interface (ACPI) T-state support. T-state support enables the CPU driver to receive _TPC change notifications as a manner of controlling the processor speed. This is frequently done on some systems as a passive cooling mechanism along with the existing CPU ACPI P-States.

For more information, see

System Performance Enhancements

The following system performance features and enhancements have been added to the Solaris 10 5/09 release.

Large Segment Offload Support for Intel PCI Express 10Gb NIC Driver

This feature introduces Large Segment Offload (LSO) support for the ixgbe driver and some ixgbe driver bug fixes. LSO is an important feature for NIC, especially for 10-Gb NIC. LSO can offload the segmentation job on Layer 4 to the NIC driver. LSO improves transmit performance by decreasing CPU overhead. This feature is enabled by default.

Solaris Power Aware Dispatcher and Deep C-State Support

This feature includes the following enhancements:

Developer Tools Enhancements

The following developer tools features and enhancements have been added to the Solaris 10 5/09 release.

SunVTS 7.0 Patch Set 5

SunVTSTM 7.0 Patch Set 5 has the following enhancements:

x86: CPU Performance Counter Updates for Intel Processors

Modern microprocessors contain hardware performance counters that enable the measurement of many different hardware events related to CPU behavior. Hardware events include instruction and data cache misses as well as various internal states of the processor. Data from the performance counters can be used to analyze and tune the behavior of software on a particular type of processor. The Solaris 10 5/09 OS provides access to CPU Performance Counters (cpc) through the libcpc(3LIB) interface and through the cputrack(1) and cpustat(1M) utilities.

Driver Enhancements

The following driver features and enhancements have been added to the Solaris 10 5/09 release.

hermon Driver

This feature introduces a Solaris driver for the fourth generation of InifiniBand (IB) HCA chips from Mellanox, Ltd. The hermon driver provides IB support for SDR, DDR, and QDR chips for conventional HCAs, EMs, and NEMs for blade environments.

The hermon driver enables higher bandwidth and lower latency in IB transmissions, compared to previous generations of the IB product. The higher bandwidth and lower latency are most important in high-performance computing (HPC) applications, though the increase in performance is advantageous in all environments.

In addition, the uDAPL library, a critical underpinning of the MPI library, is updated to work with this driver, providing optimal performance with MPI-based applications.

iSCSI Target

Starting with the Solaris 10 5/09 release, iSCSI Target is upgraded to provide new features and functionality.

This iSCSI Target update includes the following performance, scalability, interoperability, and reliability improvements:

The Solaris iSCSI Target release now supports a wide variety of iSCSI initiators for the following operating systems:

x86: NetXen 10-GigE Device Driver

The ntxn(7D) is a new NIC driver that supports NetXen's PCI Express-based 10-Gigabit Ethernet network interface cards (NIC). Users can access the network through Solaris OS on platforms that have a NetXen NIC installed.

Intel ICH10 and Hartwell NIC Support in E1000g Driver

Starting with the Solaris 10 5/09 release, the ICH10 and Hartwell network interfaces are the default network interface cards (NIC) on some x64 and x86 machines. Users can access the network easily with these network interfaces.

xge Driver Can Enable Multiple Receive Rings and MSI-X

The xge driver enables multiple receive rings and MSI-X if the driver can allocate enough MSI-X vectors on platforms that support MSI-X.. The performance of the driver is enhanced by this feature. If the driver is unable to allocate enough MSI-X vectors, the driver continues to work as before in the legacy interrupt mode.

Language Support Enhancements

The following language support enhancement has been added to the Solaris 10 5/09 release.

New Locale Support for Kazakhstan and Ukraine

The Solaris 10 5/09 release now supports the Kazakhstan kk_KZ.UTF-8 and Ukraine uk_UA.UTF-8 locales.

Additional Software Enhancements

The following additional software feature has been added to the Solaris 10 5/09 release.

SPARC: Fp-scrubber Daemon

The Fp-scrubber is a user-level daemon that periodically runs nonintrusive tests to validate proper functioning of the floating-point unit (FPU) hardware. When an error is detected by the test, a fault management action is initiated by using the fmd(1M) command. The Fp-scrubber daemon supports only UltraSPARC III and UltraSPARC IV class of processors.