Patrick Georgi
2008-Oct-01 11:40 UTC
[crossbow-discuss] Crossbow availability and workaround for zones
Hi, As part of a university project I''m planning the migration of a vmware+linux system to solaris+zones. The system is a virtual computer lab for students to do IT (network) security experiments, where some of the exercises require access to the local firewall rules. It seems that, at this time, access to ipfilter in zones is only possible by using "exclusive IP" zones. Given that there might be 30-40 students (or more, if the system scales) at a time, giving each zone a real physical device is impossible. The system in question is a SPARC T2+ system. I see two options for pursuing this: vlans (which requires two physical devices, one which is split up between the zones, the other to route back all the vlans into the global zone, for further routing) or crossbow. The vlan approach is quite a hack, but would work today. Is there any schedule for crossbow, in terms of availability of a crossbow-equipped installer (the last iso is gone, and seems to be x86 only) or more recent BFU archive, or any estimate for a putback (even information about how long it will _not_ appear would be helpful)? Thanks, Patrick Georgi -- This message posted from opensolaris.org
Markus Flierl
2008-Oct-03 07:01 UTC
[crossbow-discuss] Crossbow availability and workaround for zones
Hi Patrick, We''ll update the OpenSolaris web site soon. We have made really good progress and with the code and will publish a new BFU archive in the next 2 weeks. We are also getting very close to integrating the Crossbow bits into the main Solaris gate, this should happen in the next couple of months if everything goes well. Stay tuned, you will hear from us soon. Markus Patrick Georgi wrote:> Hi, > > As part of a university project I''m planning the migration of a vmware+linux system to solaris+zones. > The system is a virtual computer lab for students to do IT (network) security experiments, where some of the exercises require access to the local firewall rules. > > It seems that, at this time, access to ipfilter in zones is only possible by using "exclusive IP" zones. Given that there might be 30-40 students (or more, if the system scales) at a time, giving each zone a real physical device is impossible. > > The system in question is a SPARC T2+ system. > > I see two options for pursuing this: vlans (which requires two physical devices, one which is split up between the zones, the other to route back all the vlans into the global zone, for further routing) or crossbow. > > The vlan approach is quite a hack, but would work today. > Is there any schedule for crossbow, in terms of availability of a crossbow-equipped installer (the last iso is gone, and seems to be x86 only) or more recent BFU archive, or any estimate for a putback (even information about how long it will _not_ appear would be helpful)? > > > Thanks, > Patrick Georgi > -- > This message posted from opensolaris.org > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss >-- --- Markus Flierl Sr. Manager, Solaris Core OS 17 Network Circle Menlo Park, CA 94025 phone: 650-786-2056 http://blogs.sun.com/roller/page/markusflierl