JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Network Interfaces and Network Virtualization     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Part I Network Auto-Magic

1.  Introduction to NWAM

2.  NWAM Configuration and Administration (Overview)

3.  NWAM Profile Configuration (Tasks)

4.  NWAM Profile Administration (Tasks)

5.  About the NWAM Graphical User Interface

Part II Administering Single Interfaces

6.  Overview of the Networking Stack

7.  Datalink Configuration and Administration

8.  Configuring an IP Interface

About IP Interface Configuration

IP Interface Configuration (Tasks)

SPARC: How to Ensure That the MAC Address of an Interface Is Unique

The ipadm Command

Configuring IP Interfaces

How to Configure an IP Interface

Setting IP Address Properties

How to Set the Property of an IP Address

Setting IP Interface Properties

Enabling Packet Forwarding

Administering Protocol Properties

Setting TCP/IP Properties

How to Restrict a Port's Access to root User Only

How to Implement Symmetric Routing on Multihomed Hosts

Monitoring IP Interfaces and Addresses

How to Obtain Information About Network Interfaces

Comparison Tables: ipadm Command and Other Networking Commands

ifconfig Command Options and ipadm Command Options

ndd Command Options and ipadm Command Options

9.  Configuring Wireless Interface Communications on Oracle Solaris

Part III Administering Interface Groups

10.  Administering Bridges

11.  Administering Link Aggregations

12.  Administering VLANs

13.  Introducing IPMP

14.  Administering IPMP

Part IV  Network Virtualization and Resource Management

15.  Introducing Network Virtualization and Resource Control (Overview)

16.  Planning for Network Virtualization and Resource Control

17.  Configuring Virtual Networks (Tasks)

18.  Using Link Protection in Virtualized Environments

19.  Managing Network Resources

20.  Monitoring Network Traffic and Resource Usage

Glossary

Index

Configuring IP Interfaces

The ipadm command performs the same functionalities as the ifconfig command and will eventually replace the ifconfig command for all IP interface-related tasks. For an overview of the ipadm command and its benefits, see The ipadm Command.


Note - Typically, IP interface configuration and datalink configuration occur together. Thus, where applicable, procedures that follow include datalink configuration steps with the use of the dladm command. For more information about using the dladm command to configure and administer datalinks, see Chapter 7, Datalink Configuration and Administration.


How to Configure an IP Interface

The following procedure provides an example of performing a basic configuration of an IP interface.

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. (Optional) Display information about the physical attributes of datalinks currently on the system.
    # dladm show-phys

    This command shows the physical network cards that are installed on your system and some of their properties. For more information about this command, see How to Display Information About Physical Attributes of Datalinks.

  3. Display information about datalinks currently on the system.
    # dladm show-link

    This command shows the datalinks and certain properties that have been set for them, including the physical cards over which the links have been created.

  4. If you intend to rename a datalink, then make sure that the link is not opened by any application.

    For example, if the IP interface over the link is created, then remove the interface.

    1. To determine whether a link is being used by any application, examine the output of either the dladm show-link syntax or the ipadm show-if syntax.
      • If a datalink is in use, then STATE field in the output of the dladm show-link will indicate that the link is up.

        # dladm show-link
        LINK     CLASS     MTU     STATE     BRIDGE   OVER
        bge0     phys      1500    up        --       --
      • If the datalink is in use, then the IP interface over that link will be included in the output of the ipadm show-if syntax.

        # ipadm show-if
        IFNAME     STATE    CURRENT       PERSISTENT
        lo0        ok       -m-v-----46   ---
        bge0       down     bm-------46   -46

        Note - Even if the output displays a down status, the datalink is still in use because an IP interface exists over the link.


    2. Remove the IP interface.
      # ipadm delete-if interface

      where interface specifies the IP interface that is created over the link.

  5. (Optional) Assign a meaningful name to the datalink.
    # dladm rename-link old-linkname new-linkname
    old-linkname

    Refers to the current name of the datalink. When a NIC is installed for the first time, by default, the NIC's link name is hardware-based, such as bge0.

    new-linkname

    Refers to the name that you want to assign to the datalink. For rules for assigning link names, refer to Rules for Valid Link Names.


    Note - Although this step is optional, assigning a customized name to a link offers certain advantages. For more information, see Working With Flexible Link Names.


  6. Configure the IP interface over the link with a valid IP address.

    The following syntax assigns a static address to an interface. Refer to the ipadm(1M) man page for other options for assigning IP addresses.

    # ipadm create-addr -T address-type -a address/prefixlen addrobj
    -T address-type

    Specifies the type of IP address that is assigned to the interface, which is one of the following: static, dhcp, or addrconf. Addrconf refers to automatically generated IPv6 addresses.

    -a

    Specifies the IP address to configure on the interface. You can specify either just a local address, or both a local address and a remote address in the case of tunnel configuration. Typically, you assign only a local address. In this case, you specify the address directly with the -a option, such as: -a address. The address is automatically considered a local address.

    If you are configuring tunnels, you might be required to provide both the local address of the system and the remote address of the destination system. In this case, you must specify local and remote to distinguish the two addresses, as follows: -a local=local-addr,remote=remote-addr. For more information about configuring tunnels, see Chapter 7, Configuring IP Tunnels, in System Administration Guide: IP Services.

    If you are using a numeric IP address, use the format address/prefixlen for addresses in CIDR notation, for example, 1.2.3.4/24. See the explanation for the prefixlen option.

    Optionally, you can specify a host name for address instead of a numeric IP address. Using a host name is valid if a corresponding numeric IP address is defined for that host name in the /etc/hosts file. If no numeric IP address is defined in the file, then the numeric value is uniquely obtained by using the resolver order that is specified for hosts or ipnodes in the /etc/nsswitch.conf. If multiple entries exist for a given host name, then an error is generated.


    Note - During the boot process, the creation of IP addresses precedes naming services being brought online. Therefore you must ensure that any host name that is used in the network configuration must be defined in the /etc/hosts file.


    /prefixlen

    Specifies the length of the network ID that is part of the IPv4 address when you use CIDR notation. In the address 12.34.56.78/24, 24 is the prefixlen. If you do not include prefixlen, then the netmask is computed according to the sequence listed for netmasks in the /etc/nsswitch.conf file or by using classful address semantics.

    addrobj

    Specifies an identifier for the unique IP address or set of addresses that is used in the system. The addresses can be either IPv4 or IPv6 types. The identifier uses the format interface/user_specified_string.

    The interface refers to the IP interface to which the address is assigned. The interface variable must reflect the name of the datalink on which the IP interface is configured.

    user-specified-string refers to a string of alphanumeric characters that begins with an alphabet letter and has a maximum length of 32 characters. Subsequently, you can refer to the addrobj instead of the numeric IP address when you use any ipadm subcommand that manages addresses in the system, such as ipadm show-addr, or ipadm delete-addr.

  7. (Optional) Display information about the newly configured IP interface.

    You can use the following commands, depending on the information that you want to check:

    • Display the general status of the interface.

      # ipadm show-if [interface]

      If you do not specify the interface, then information for all interfaces in the system is displayed.

    • Display the interface's address information.

      # ipadm show-addr [addrobj]

      If you do not specify the addrobj, then information for all address objects in the system is displayed.

    For more information about the output of the ipadm show-* subcommand, see Monitoring IP Interfaces and Addresses.

  8. (Optional) Add entries for the IP addresses in the /etc/hosts file.

    The entries in this file consist of IP addresses and the corresponding host names.


    Note - This step applies only if you are configuring static IP addresses that use hostnames. If you are configuring DHCP addresses, you do not need to update the /etc/hosts file.

    Additionally, all configuration by the ipadm command is persistent, provided the -t option is not used. Therefore, the /etc/hostname.interface is no longer required.


Example 8-1 Configuring a Network Interface With a Static Address

# dladm show-phys
LINK     MEDIA        STATE     SPEED     DUPLEX     DEVICE
bge3     Ethernet     up        100Mb     full       bge3

# dladm show-link
LINK     CLASS     MTU     STATE     BRIDGE   OVER
bge3     phys      1500    up        --       --

# ipadm delete-if bge3
# dladm rename-link bge3 subitops1
# ipadm create-addr -T static -a 192.168.84.3/24 subitops1/v4static

# ipadm show-if
IFNAME        STATE   CUTTENT         PERSISTENT
lo0           ok      -m-v-----46     ---
subitops1     ok      bm-------46     -46

# ipadm show-addr
ADDROBJ          TYPE       STATE     ADDR
lo0/?            static     ok        127.0.0.1/8
subitops1/v4     static     ok        192.168.84.3/24

# vi /etc/hosts
# Internet host table
# 127.0.0.1       localhost
10.0.0.14       myhost
192.168.84.3    campus01

Note that if campus01 is already defined in the /etc/hosts file, you can use that host name when assigning the following address:

# ipadm create-addr -T static -a campus01 subitops1/v4static

Example 8-2 Automatically Configuring a Network Interface With an IP Address

This example uses the same network device as the previous example but configures the IP interface to receive its address from a DHCP server.

# dladm show-phys 
LINK     MEDIA        STATE     SPEED     DUPLEX     DEVICE
bge3     Ethernet     up        100Mb     full       bge3
# dladm show-link
LINK     CLASS     MTU     STATE     BRIDGE   OVER
bge3     phys      1500    up        --       --

# ipadm delete-if bge3
# dladm rename-link bge3 subitops1

# ipadm create-addr -T dhcp subitops1/dhcp

# ipadm show-if
IFNAME        STATE   CUTTENT         PERSISTENT
lo0           ok      -m-v-----4-     ---
subitops1     ok      bm-------4-     -46

# ipadm show-addr subitops1/dhcp
ADDROBJ          TYPE       STATE     ADDR
subitops1/dhcp   dhcp       ok        10.8.48.242/24

# ipadm show-addr
ADDROBJ          TYPE       STATE     ADDR
lo0/?            static     ok        127.0.0.1/8
subitops1/dhcp   dhcp       ok        10.8.48.242/24

Setting IP Address Properties

The ipadm command enables you to set address–specific properties after these addresses are assigned to interfaces. By setting these properties, you can determine the following:

To list the properties of an IP address, use the following syntax:

# ipadm show-addrprop [-p property] [addrobj]

The information that is displayed depends on the options that you use.


Note - You can only set address properties one at a time.


How to Set the Property of an IP Address

This procedure shows the general steps to configure a property for an IP address.

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. List the IP addresses currently in use on the system.
    # ipadm show-addr
  3. (Optional) Determine the current setting of a specific property of an IP address that you want to change.
    # ipadm show-addrprop -p property addrobj

    If you do not know the property, you can issue a general ipadm show-addrprop command. When you display IP addresses with this command, the addresses are displayed with the current settings of all their properties.

  4. Set the selected property to the desired value.
    # ipadm set-addrprop -p property=value addrobj
  5. View the new setting for the property.
    # ipadm show-addrprop -p property addrobj

Example 8-3 Setting the prefixlen Property of an Address

The prefixlen property refers to the netmask of an IP address. The following example changes the length of the prefixlen property of subitops1's IP address. In this example, the -t option is used to create only a temporary change in the property. If the system is rebooted, the property's value reverts to the default setting.

# ipadm show-addr
ADDROBJ          TYPE       STATE     ADDR
lo0/?            static     ok        127.0.0.1/8
subitops1/v4     static     ok        192.168.84.3/24

# ipadm show-addrprop -p prefixlen subitops/v4
ADDROBJ       PROPERTY   PERM  CURRENT  PERSISTENT  DEFAULT   POSSIBLE
subitops1/v4  prefixlen  rw    24       24          24        1-30,32

# ipadm set-addrprop -t -p prefixlen=8 subitops/v4
# ipadm show-addrprop -p prefixlen subitops/v4
ADDROBJ       PROPERTY   PERM  CURRENT  PERSISTENT  DEFAULT   POSSIBLE
subitops1/v4  prefixlen  rw    8        24          24        1-30,32

Setting IP Interface Properties

IP interfaces, like datalinks, have properties that you can customize for your specific network setting. For each interface, two sets of properties exist that apply to IPv4 and IPv6 protocols, respectively. Some properties, such as MTU, are common to both datalinks and the IP interface. Thus, you can have one MTU setting for a datalink and a different MTU setting for the interface configured over that link. Further, you can have different MTU settings that apply to IPv4 and IPv6 packets, respectively, that traverse that IP interface.

IP forwarding is an IP interface property that is typically configured in networking scenarios. The following procedure shows the steps.

Enabling Packet Forwarding

In a network, a host can receive data packets that are destined for another host system. By enabling packet forwarding in the receiving local system, that system can forward the data packet to the destination host. By default, IP forwarding is disabled. The following two procedures describe how to enable this functionality. In previous Oracle Solaris releases, the routeadm command was used to enable packet forwarding. The ipadm syntax in this procedure replaces the routeadm command.

Consider the following to determine whether to use the interface–based or protocol–based procedure.


Note - The two methods of forwarding packets are not mutually exclusive. For example, you can enable packet forwarding globally, and then customize the forwarding property for each interface. Thus, packet forwarding can still be selective for that particular system.


How to Enable IP Packet Forwarding by Setting an Interface Property

This procedure shows how to enable packet forwarding selectively by configuring the IP forwarding property on specific interfaces.


Note - Packet forwarding involves the IP protocol. Thus, distinguishing between IP protocol versions is also included in the steps.


  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Display the current setting of an interface's IP forwarding property.
    # ipadm show-ifprop -p forwarding [-m protocol-version] interface

    where protocol-version can either be ipv4 or ipv6. If you do not specify the version, then the settings for both IPv4 and IPv6 protocols are displayed.


    Note - To display all the valid protocol properties of a given interface, do not specify a property, as follows:

    # ipadm show-ifprop interface

    This syntax is also shown in Example 8-4.


  3. For every interface on which you want to enable packet forwarding, type the following command:
    # ipadm set-ifprop forwarding=on -m protocol-version interface
  4. (Optional) Display the settings of an interface's forwarding property.
    # ipadm show-ifprop -p forwarding interface
  5. To restore an interface's forwardingproperty to its default setting, type the following command:
    # ipadm reset-ifprop -p forwarding -m protocol-version interface

Example 8-4 Enabling an Interface to Forward Only IPv4 Packets

The following example shows how to implement selective packet forwarding, where forwarding of IPv4 packets is enabled only in the net0 interface. In the other remaining interfaces of the system, packet forwarding is disabled, which is the default setting.

# ipadm show-ifprop -p forwarding net0
IFNAME   PROPERTY     PROTO   PERM   CURRENT   PERSISTENT   DEFAULT   POSSIBLE
net0     forwarding   ipv4    rw     off       off          off       on,off
net0     forwarding   ipv6    rw     off       --           off       on,off

The ipadm show-ifprop command syntax that uses the -p property option provides information only about a specific property.

# ipadm set-ifprop -p forwarding=on -m ipv4 net0
# ipadm show-ifprop net0
IFNAME   PROPERTY         PROTO  PERM  CURRENT  PERSISTENT  DEFAULT   POSSIBLE
...
net0     forwarding       ipv4   rw    on       on          off       on,off
...

The ipadm show-ifprop command syntax without the -p property option displays all the properties of an interface and their corresponding settings.

# ipadm reset-ifprop -p forwarding -m ipv4 net0
# ipadm show-ifprop -p forwarding -m ipv4 net0
IFNAME   PROPERTY     PROTO   PERM   CURRENT   PERSISTENT   DEFAULT   POSSIBLE
net0     forwarding   ipv4    rw     off       off          off       on,off

The ipadm reset-ifprop command syntax resets the specified property to the default setting.

How to Enable Packet Forwarding by Setting the Protocol Property

This procedure shows how to enable packet forwarding globally in the system.

  1. Become an administrator.

    For more information, see How to Obtain Administrative Rights in System Administration Guide: Security Services.

  2. Display the current setting of the IP forwarding property.
    # ipadm show-prop -p forwarding protocol-version

    where protocol-version can either be ipv4 or ipv6.


    Note - To display all the valid tunable properties for a given protocol and their current settings, type the following command:

    # ipadm show-prop protocol

    where protocol can be ip, ipv4, ipv6, udp, tcp, icmp, and sctp.

    This syntax is shown in Example 8-5.


  3. For every protocol version on which you want to enable forwarding, type the following command:
    # ipadm set-prop forwarding=on protocol-version
  4. (Optional) Display the settings of the IP forwarding property by performing one of the following:
    • To display all the properties and current settings of a protocol, type the following:

      # ipadm show-prop protocol
    • To display a specific property of a protocol, type the following:

      # ipadm show-prop -p property protocol
    • To display a specific property of a specific protocol version, type the following:

      # ipadm show-prop -p property protocol-version
  5. To reset a specific property of a protocol version to its default setting, type the following:
    # ipadm reset-prop -p property protocol-version

Example 8-5 Enabling Forwarding for IPv4 and IPv6 Packets

The following example parallels the previous example about forwarding packets on interfaces. The two uses of ipadm show-prop display the settings of a specified property or all the properties of a protocol and their corresponding settings.

# ipadm show-prop -p forwarding ip
PROTO   PROPERTY     PERM   CURRENT   PERSISTENT   DEFAULT   POSSIBLE
ipv4    forwarding   rw     off       --           off       on,off
ipv6    forwarding   rw     off       --           off       on,off
#
# ipadm set-prop -p forwarding=on ipv4
# ipadm set-prop -p forwarding=on ipv6
#
# ipadm show-prop ip
PROTO   PROPERTY     PERM   CURRENT   PERSISTENT   DEFAULT   POSSIBLE
ipv4    forwarding   rw     on        on           off       on,off
ipv4    ttl          rw     255       --           255       1-255
ipv6    forwarding   rw     on        on           off       on,off
ipv6    hoplimit     rw     255       --           255       1-255#