This section describes the networking features in this release. These features enhance the existing networking technology and software defined networking to build services that meet organizational performance requirements and to provide greater application agility and the flexibility you demand.
Oracle Solaris 11.3 provides support for Private Virtual LANs (PVLANs). PVLANs enable you to segment VLANs into an arbitrary number of sub-VLANs and provide the ability to meet network isolation requirements within a data center while using a shared network infrastructure. This support is useful to administrators, for example, when managing backups where all systems can reach the backup servers through PVLANs but no direct host-to-host communication is possible.
The advantage of using a PVLAN over simply creating another VLAN is administrative. You do not have to assign a new subnet for each PVLAN, and do not have the maintenance overhead (in some situations) of creating new Access Control Lists (ACLs).
Administrators can either create a PVLAN or configure a PVLAN VNIC to host the PVLAN traffic by using the dladm command.
To create a PVLAN, use the following command:
# dladm create-vlan pvlan-properties
To configure a PVLAN VNIC to host the PVLAN traffic, use the following command:
# dladm create-vnic pvlan-properties
For more information, see Managing Network Virtualization and Network Resources in Oracle Solaris 11.3 and the dladm(1M) man page.
A new resource management capability, bandwidth shares, applies to Oracle Solaris Kernel Zones running on a system using a NIC that supports SR-IOV PCIe virtual functions (VFs), for example, Intel's Fortville NIC.
Bandwidth shares are a better bandwidth management strategy than the traditional Oracle Solaris ability to set bandwidth limits, offered since the release of Oracle Solaris 11. Bandwidth limits prevent one connection from taking all the available bandwidth of a link, but the limits do not necessarily provide the best utilization of the link. Bandwidth limits limit how much bandwidth to use, even in the situation where bandwidth is available. In comparison, bandwidth shares allow specifying, for example, that a connection gets at least 30% of the bandwidth of the link. Assuming one other connection only is using the same link and it has a share of 70%, both connections then get at least what their share specifies, and can get more bandwidth if it is available. Bandwidth shares increase the utilization of the communications link while still ensuring utilization fairness through the allocation of shares by the administrator.
The capability is administered through the dladm(1M) command.
# dladm set-linkprop -p bwshare=1 vnic1 # dladm set-linkprop -p bwshare=2 vnic2
This example shows how to allocate 1/3 (at minimum) of the bandwidth to vnic1 and the rest (at minimum) to vnic2. If either of the VNICs used less than its minimum, the other could use the excess capacity.
For more information, see the dladm(1M) man page.
My Traceroute (mtr) is a network diagnostic tool that combines the information from the ping and traceroute commands in a single utility. mtr sends exploratory packets towards the requested host at regular intervals similar to ping –s. mtr can see each network hop between the current and the target host, similar to traceroute.
mtr maintains a record of the timings and displays the record on screen, constantly updating the display as new packets are sent out and the responses are returned.
For more information, see the mtr man page.
Network TCP performance, particularly for kernel zones, shows substantial performance improvements with the enhanced support for Large Receive Offload (LRO). LRO provides the capability to aggregate packets with similar source, destination, and port characteristics, and therefore more efficiently handle inbound traffic. Oracle Solaris 11.3 introduces LRO processing in the MAC layer without the need for direct support from the underlying NIC. The default is to turn LRO off.
For more information, see the dladm(1M) and zonecfg(1M) man pages. You can also see Managing Network Virtualization and Network Resources in Oracle Solaris 11.3.
The Oracle Solaris Elastic Virtual Switch (EVS) feature enables you to create and administer a virtual switch that spans one or more compute nodes. These compute nodes are the physical machines that host VMs. An elastic virtual switch is an entity that represents explicitly created virtual switches that belong to the same Layer 2 (L2) segment. An elastic virtual switch provides network connectivity between VMs connected to it from anywhere in the network. EVS has been enhanced in Oracle Solaris 11.3 to support a new flat (untagged) Layer 2 network type, multiple uplink ports per compute node, allocation pools, and also the ability to explicitly set link protection per port.
For more information, see Managing Network Virtualization and Network Resources in Oracle Solaris 11.3 and the evsadm(1M) man page.
Oracle Solaris 11.3 supports converged enhanced ethernet (CEE) data center bridging exchange (DCBX) in addition to IEEE. This enables Oracle Solaris fibre channel over ethernet (FcoE) to be deployed in environments with a diverse set of switches using data center bridging (DCB). Oracle Solaris CEE DCBX also supports priority-based flow control (PFC) and application type-length-value (TLV). You can set the dcbx-version property by using the lldpadm command to configure the DCBX protocol on a Link Layer Discovery Protocol (LLDP) agent to ieee, cee, or auto modes.
For more information, see the lldpadm(1M) man page and Managing Network Datalinks in Oracle Solaris 11.3.
The flowadm(1M) command has been enhanced to support setting a differentiated services code point (DSCP) field within network packets to help achieve quality of service (QoS) goals. This enhancement is an integral part of successfully prioritizing end-to-end communications when the source, destination, and intermediate switches and routers support DSCP.
For example, for a latency-sensitive connection, set the priority and the EF class DSCP value. Use EF class (DSCP 46) for latency-sensitive flows.
# flowadm add-flow -l net0 -a transport=tcp,local_port=123 -p priority=high,dscp=46 ntp-flow
In this example, ntp-flow is used for time protocol traffic.
For more information, see the flowadm(1M) man page.
The flowadm(1M) command has been enhanced to enable additional flexibility in flow configurations. Prior to this release, applications that created multiple flows were constrained in the variations that could be used. With this release, you can have concurrent flows with the following characteristics that allow:
Inbound-only or outbound-only flows
Any combination of flow attributes when creating a flow
Multiple flow classifiers and flow ranking
Multiple flow classifiers provide support for overlapping flows, where a single packet could be classified under different flows. To resolve that conflict, flow ranking is used.
For more information, see the flowadm(1M) man page.
Oracle Solaris 11.3 supports global enabling or disabling of virtual router redundancy protocol (VRRP) routers on the system or zone at the same time. This feature minimizes the internal delays and difference between the time for each VRRP router's state change, which might be critical in some circumstances.
For more information, see the vrrpadm(1M) man page. You can also see Configuring an Oracle Solaris 11.3 System as a Router or a Load Balancer.
Oracle Solaris 11.3 adds support for providing vanity names for datalinks during provisioning of a network boot environment through Ethernet and iSCSI. This feature greatly simplifies administration during pre-installation and post-installation, and also in iSCSI boot environments. This feature also facilitates moving application environments by removing dependencies on specific physical network devices.
For more information, see the dladm(1M) man page. You can also see Configuring and Managing Network Components in Oracle Solaris 11.3.
Oracle Solaris 11.3 enables administrators to create IPoIB VNICs by using an assigned partition key. This feature enables support for IPoIB VNIC migration and a consistent administrative experience for Ethernet and IP over InfiniBand datalinks.