How to Get Started Configuring Your Network in Oracle Solaris 11
This article describes some of the new features for basic Oracle Solaris 11 network configuration and shows
how to use them to add a new system to a simple but typical corporate network.
The Oracle Solaris 11 network architecture is significantly different from previous releases of Oracle Solaris. Not only has the implementation changed, but so have the names of network interfaces and the commands and methods for administering and configuring them.
|
These changes were introduced to bring a more consistent and integrated experience to network administration, particularly as administrators add more-complex configurations including link aggregation, bridging, load balancing, or virtual networks. In addition to the traditional fixed networking configuration, Oracle Solaris 11 introduced automatic network configuration through network profiles.
New Features of Oracle Solaris 11 Network Configuration
Oracle Solaris 11 introduced two new commands for manually administering networks, dladm and ipadm, and both supersede ifconfig. Unlike ifconfig, changes made by dladm and ipadm are persistent across reboots. They share a common, consistent command format and, unlike ifconfig, they have parseable output that can be used in scripts.
dladm performs data-link (layer 2) administration to configure physical links, aggregations, VLANs, IP tunnels, and InfiniBand partitions. It also manages link-layer properties.
ipadm configures IP interfaces, IP addresses, and TCP/IP protocol properties. It also replaces the use of ndd for network and transport layer tuning.
Data-link names are no longer the same as the physical interface, which might be a virtual device. Instead, they have generic names, such as net0 or net1, or administrators can give them descriptive names. This allows the underlying hardware to be changed without impacting the network configuration.
In addition, Oracle Solaris 11 adds automatic network configuration using network profiles. Profiles are managed with two administrative commands—netadm and netcfg—and describe the configuration of network interfaces, name services, routing, and IP filter and IPsec policies in a single entity.
Manual and Automatic Networking Modes
Oracle Solaris 11 uses profile-based network configuration, which comprises two network configuration modes: manual and automatic.
Depending on which mode you chose during installation, either the DefaultFixed network configuration profile (NCP) or the AutomaticNCP is activated on the system.
The Automatic NCP uses DHCP to obtain a basic network configuration (IP address, router, and DNS server) from any of the connected Ethernet interfaces. If this fails, it will try connecting to the best wireless network in the list of known networks.
The DefaultFixed NCP effectively disables automatic network configuration and requires the network interfaces to be manually configured using dladm and ipadm and the name services to be configured using the Oracle Solaris Service Management Facility (SMF).
It is easier to manage Oracle Solaris 11 networking by creating your own NCPs rather than using the DefaultFixed NCP and manually configuring the network.
The DefaultFixed NCP should be used on systems that will be reconfigured using Oracle Solaris Dynamic Reconfiguration or where hot-swappable interfaces are used. It must be used for IP multipathing, which is not supported when using the Automatic NCP.
You can use netadm to find out what network profiles are active on a system:
root@solaris:~# netadm list TYPE PROFILE STATE ncp Automatic online ncu:phys net0 online ncu:ip net0 online loc Automatic online loc NoNet offline loc User online
Without going into too much detail now (we will cover this in a later section), the output above shows that the Automatic NCP is enabled.
To switch to the DefaultFixed NCP and, thus, enable manual networking, run the following command:
root@solaris:~# netadm enable -p ncp DefaultFixed root@solaris:~# netadm list netadm: DefaultFixed NCP is enabled; automatic network management is not available. 'netadm list' is only supported when automatic network management is active.
And to switch back to the Automatic NCP, use the following command:
root@solaris:~# netadm enable -p ncp Automatic root@solaris:~# netadm list TYPE PROFILE STATE ncp Automatic uninitialized ncu:phys net0 uninitialized ncu:ip net0 uninitialized loc Automatic uninitialized
As the system starts to configure the data links and receives an IP address from the DHCP server, we soon get back to our original online state:
root@solaris:~# netadm list TYPE PROFILE STATE ncp Automatic online ncu:phys net0 online ncu:ip net0 online loc Automatic online loc NoNet offline loc User online
Manual Network Configuration
In the following example, we will manually configure our server to have a static IPv4 address of 10.163.198.20.
First of all, we will switch to the DefaultFixed NCP, if that hasn't been done already:
root@solaris:~# netadm enable -p ncp DefaultFixed
On a machine with multiple physical networks, you can use dladm to determine how network interface names are mapped to physical interfaces.
root@solaris:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 1000 full e1000g0 net1 Ethernet unknown 0 unknown pcn0
Creating a static IP address is a two-step process, and it involves creating an IP interface and an IP address. There can be multiple IP addresses associated with an IP interface. IP address objects have names in the form interface/description.
In the example shown in Listing 1, we use acme as the description.
root@solaris:~# ipadm create-ip net0 root@solaris:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes --- net0 ip down no --- root@solaris:~# ipadm create-addr -T static -a 10.163.198.20/24 net0/acme root@solaris:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes --- net0 ip ok yes --- root@solaris:~# ipadm show-addr ADDROBJ TYPE STATIC ADDR lo0/v4 static ok 127.0.0.1/8 net0/acme static ok 10.163.198.20/24 lo0/v6 static ok ::1/128
Listing 1. Configuring a Static IP Address
We can then add a persistent default route:
root@solaris:~# route -p add default 10.163.198.1 add net default: gateway 10.163.198.1 add persistent net default: gateway 10.163.198.1
Name Service Configuration Using SMF
The name service configuration is now stored and configured via SMF services instead of via configuration files in /etc. This change is part of a wider set of configuration changes in Oracle Solaris 11, which provides a greater degree of administrative auditability and control over system configuration, particularly during system updates.
The SMF service svc:/network/dns/client manages configuration information that used to be in /etc/resolv.conf. The SMF service svc:/system/name-service/switch manages configuration information that used to be in /etc/nsswitch.conf. In both cases, the configuration information is also stored in the legacy files for compatibility with other applications that might read them. You should not directly edit these legacy files. Changes made to properties are not reflected in the legacy files until the service is refreshed, restarted, or enabled.
Note: Specifying lists and strings as SMF properties requires quoting them or escaping parentheses and quotation marks to prevent the shell from interpreting them.
Example: Configuring a DNS Client Using SMF
In the following example, we configure Domain Name Service (DNS) using the svccfg command on the svc:/network/dns/clientSMF service. This will give us the ability to look up IP addresses for host names and vice versa:
root@solaris:~# svccfg -s svc:/network/dns/client setprop \
config/search='("uk.acme.com" "us.acme.com" "acme.com")'
root@solaris:~# svccfg -s svc:/network/dns/client listprop config/search
config/search astring "uk.acme.com" "us.acme.com" "acme.com"
root@solaris:~# svccfg -s svc:/network/dns/client setprop \
config/nameserver=net_address: '(10.167.162.20 10.167.162.36)'
root@solaris:~# svccfg -s svc:/network/dns/client listprop config/nameserver
config/nameserver net_address 10.167.162.20 10.167.162.36
After we have made the configuration changes, we refresh the SMF service:
root@solaris:~# svcadm refresh svc:/network/dns/client
It is not necessary to set the properties for every name service database. You can use the special property config/default to provide a default value. You can individually customize entries that can't use the default value.
Example: Configuring /etc/switch.conf Using SMF
In the following example, we use the name service switch mechanism to allow our system to search through the DNS, LDAP, NIS, or local file sources for naming information. We again use the svccfg command on the svc:/system/name-service/switch SMF service:
root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/default = "files nis" root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/host = "files dns nis" root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/password = "files nis" root@solaris:~# svcadm refresh svc:/system/name-service/switch
Note: The config/host property defines both the hosts and ipnodes entries in /etc/nsswitch.conf, while the config/password property defines the passwd entry. The remaining properties have the same name as their /etc/nsswitch.confentries.
Setting the Host Name
In Oracle Solaris 11, /etc/nodename has been removed and replaced with the config/nodename property of the svc:/system/identity:node service.
To set the host name, we again use svccfg:
root@solaris:~# svccfg -s svc:/system/identity:node setprop config/nodename = astring: hostname root@solaris:~# svcadm refresh svc:/system/identity:node root@solaris:~# svcadm restart identity:node
Setting the host name this way will work for both automatic and manual network configurations.
Changes to /etc/hosts
In Oracle Solaris 11, the host's own entry in /etc/hosts is now the same as that of localhost. In previous versions of Oracle Solaris, this entry was associated with the first network interface.
root@solaris:~# cat /etc/hosts # # Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # Internet host table # ::1 solaris localhost 127.0.0.1 solaris localhost loghost
Note: Some application installers might fail due to changes in the /etc/hosts file. If you experience this, you might have to edit /etc/hosts directly.
Automatic Network Configuration Using Profiles
In Oracle Solaris 11, network profiles help to aggregate network configuration that was scattered across multiple different configuration files in previous versions of Oracle Solaris. Switching network profiles results in a set of changes to different network configuration that is applied in a single administrative operation.
The traditional configuration files still exist for compatibility reasons only, but you should not directly edit any of these files because any modifications will be overwritten when a profile is activated or the system is rebooted.
Network Profiles
A network profile contains a Network Configuration Profile (NCP) and a Location Profile at a minimum, and it optionally contains External Network Modifiers (ENMs) and Known Wireless Networks (WLANs).
NCPs define a set of data links and IP interfaces as Network Configuration Units (NCUs). A Location Profile defines additional configuration, such as name service, IP filter rules, and IPsec policies that can be configured only after basic IP configuration.
ENMs are applications or services that directly modify the network configuration when a profile is activated or deactivated. An ENM would be needed to configure a virtual private network (VPN), for example. The use of ENMs or the configuration of wireless networks is not covered in this article.
Profiles have an activation mode that is either manual or automatic. When an automatic profile is active, external network events cause Oracle Solaris to re-evaluate which is the "best" automatic profile and make that profile active. External events include connecting or disconnecting an Ethernet cable, obtaining or losing a DHCP lease, or discovering a wireless network. There is always an active NCP and Location Profile. It is not possible to disable networking by disabling the current profile.
Creating a Network Configuration Profile
Without modification, the Automatic profile is generally unsuitable for most corporate networks, which are either static or provide more configuration information via DHCP than the Automatic profiles uses.
If your network has statically allocated IP address, you will need to create an NCP and a Location Profile.
In this example, we look at a typical corporate network of a fictional Acme corporation. It has statically allocated network addresses, uses a combination of NIS and DNS, and does not use IPv6.
To configure a system on the Acme network, we need to create an NCP and a Location Profile.
Example: Creating an NCP
To create the NCP and its component NCUs, we use netcfg. For the physical link, we accept the defaults provided by netcfg. For the IP configuration, we want IPv4 addressing and static IP address allocation, as shown in Listing 2.
root@solaris:~# netcfg
netcfg> create ncp acme.corp.ncp
netcfg:ncp:acme.corp.ncp> create ncu phys net0
Created ncu 'net0'. Walking properties ...
activation-mode (manual) [manual|prioritized]>
link-mac-addr>
link-autopush>
link-mtu>
netcfg:ncp:acme.corp.ncp:ncu:net0> list
ncu:net0
type link
class phys
parent "acme.corp.ncp"
activation-mode manual
enabled true
netcfg:ncp:acme.corp.ncp:ncu:net0> end
Committed changes
netcfg:ncp:acme.corp.ncp> create ncu ip net0
Created ncu 'net0'. Walking properties ...
ip-version (ipv4,ipv6) [ipv4|ipv6]> ipv4
ipv4-addrsrc (dhcp) [dhcp|static]> static
ipv4-addr> 10.163.198.20/24
ipv4-default-route> 10.163.198.1
netcfg:ncp:acme.corp.ncp:ncu:net0> list
ncu:net0
type interface
class ip
parent "acme.corp.ncp"
enabled true
ip-version ipv4
ipv4-addrsrc static
ipv4-addr "10.163.198.20/24"
ipv4-default-route "10.163.198.1"
ipv6-addrsrc dhcp,autoconf
netcfg:ncp:acme.corp.ncp:ncu:net0> end
Committed changes
netcfg:ncp:acme.corp.ncp> end
netcfg> end
Listing 2. Creating the NCP
Now we need to create the Location Profile, as shown in Listing 3. We associate the Location Profile to the network profile through its activation mode. The Location Profile will automatically activate as long as the NCP is active.
Since Acme uses a combination of NIS and DNS name services, we need to provide our own /etc/nsswitch.conf, which we will call /etc/nsswitch.acme.
root@solaris:~# netcfg
netcfg> create loc acme.corp.loc
Created loc 'acme.corp.loc'. Walking properties ...
activation-mode (manual) [manual|conditional-any|conditional-all]> conditional-all
conditions> ncp acme.corp.ncp is active
nameservices (dns) [dns|files|nis|ldap]> dns,nis
nameservices-config-file ("/etc/nsswitch.dns")> /etc/nsswitch.acme
dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual
dns-nameservice-domain>
dns-nameservice-servers> 10.167.162.20,10.167.162.36
dns-nameservice-search> acme.com,uk.acme.com,us.acme.com
dns-nameservice-sortlist>
dns-nameservice-options>
nis-nameservice-configsrc [manual|dhcp]> manual
nis-nameservice-servers> 10.167.162.21
default-domain> acme.com
nfsv4-domain>
ipfilter-config-file>
ipfilter-v6-config-file>
ipnat-config-file>
ippool-config-file>
ike-config-file>
ipsecpolicy-config-file>
netcfg:loc:acme.corp.loc> list
loc:acme.corp.loc
activation-mode conditional-all
conditions "ncp acme.corp.ncp is active"
enabled false
nameservices dns,nis
nameservices-config-file "/etc/nsswitch.acme"
dns-nameservice-configsrc manual
dns-nameservice-servers "10.167.162.20","10.167.162.36"
dns-nameservice-search "acme.com","uk.acme.com","us.acme.com"
nis-nameservice-configsrc manual
nis-nameservice-servers "10.167.162.21"
default-domain "acme.com"
netcfg:loc:acme.corp.loc> end
Committed changes
netcfg> end
Listing 3. Creating the Location Profile
Now we can activate the NCP, as shown in Listing 4, and the Location Profile will be automatically activated.
root@solaris:~# netadm enable acme.corp.ncp Enabling ncp 'acme.corp.ncp' root@solaris:~# netadm list TYPE PROFILE STATE ncp acme.corp.ncp online ncu:phys net0 online ncu:ip net0 online ncp Automatic disabled loc acme.corp.loc online loc Automatic offline loc NoNet offline loc User disabled
Listing 4. Activating the NCP
Editing an NCP
There are two ways to edit an existing NCP with netcfg. The set command lets you set individual properties, while the walkpropcommand walks you through all the properties.
netcfg automatically performs a walkprop command when you create a profile.
In example shown in Listing 5, we add a third DNS server to the existing acme.corp.loc Location Profile.
root@solaris:~# netcfg
netcfg> select loc acme.corp.loc
netcfg:loc:acme.corp.loc> list
loc:acme.corp.loc
activation-mode conditional-all
conditions "ncp acme.corp.ncp is active"
enabled false
nameservices dns,nis
nameservices-config-file "/etc/nsswitch.acme"
dns-nameservice-configsrc manual
dns-nameservice-servers "10.167.162.20","10.167.162.36"
dns-nameservice-search "acme.com", "uk.acme.com","us.acme.com"
nis-nameservice-configsrc manual
nis-nameservice-servers "10.167.162.21"
default-domain "acme.com"
netcfg:loc:acme.corp.loc>
Listing 5. Adding a DNS Server
The list command shows only properties that have been set; list -a shows all the properties of the profile, as shown in Listing 6.
netcfg:loc:acme.corp.loc> list -a
loc:acme.corp.loc
activation-mode conditional-all
conditions "ncp acme.corp.ncp is active"
enabled false
nameservices dns,nis
nameservices-config-file "/etc/nsswitch.acme"
dns-nameservice-configsrc manual
dns-nameservice-domain
dns-nameservice-servers "10.167.162.20","10.167.162.36"
dns-nameservice-search "acme.com", uk.acme.com","us.acme.com"
dns-nameservice-sortlist
dns-nameservice-options
nis-nameservice-configsrc manual
nis-nameservice-servers "10.167.162.21"
ldap-nameservice-configsrc
ldap-nameservice-servers
default-domain "acme.com"
nfsv4-domain
ipfilter-config-file
ipfilter-v6-config-file
ipnat-config-file
ippool-config-file
ike-config-file
ipsecpolicy-config-file
netcfg:loc:acme.corp.loc>
netcfg:loc:acme.corp.loc> set dns-nameservice-servers = "10.167.162.20","10.167.162.36","192.135.82.44"
netcfg:loc:acme.corp.loc> list
loc:acme.corp.loc
activation-mode conditional-all
conditions "ncp acme.corp.ncp is active"
enabled false
nameservices dns,nis
nameservices-config-file "/etc/nsswitch.dns"
dns-nameservice-configsrc manual
dns-nameservice-servers "10.167.162.20","10.167.162.36","192.135.82.44"
dns-nameservice-search "acme.com", uk.acme.com","us.acme.com"
nis-nameservice-configsrc manual
nis-nameservice-servers "10.167.162.21"
netcfg:loc:acme.corp.loc> verify
All properties verified
netcfg:loc:acme.corp.loc> commit
Committed changes
netcfg:loc:acme.corp.loc> end
netcfg> end
root@solaris:~#
Listing 6. Showing All Properties
Summary
Network configuration has substantially changed in Oracle Solaris 11 with the introduction of network configuration profiles and consolidated administration across the different facets of networking fabrics in the data center. By using network configuration profiles, administrators can simplify complex configurations and apply them as a single unit of change.
See Also
For more information related to Oracle Solaris 11 network administration, see the following administration guides:
- Oracle Solaris Administration: IP Services
- Oracle Solaris Administration: Naming and Directory Services
- Oracle Solaris Administration: Network Interfaces and Network Virtualization
- Transitioning From Oracle Solaris 10 to Oracle Solaris 11
Here are some additional Oracle Solaris 11 resources:
- Download Oracle Solaris 11
- Access Oracle Solaris 11 product documentation
- Access all Oracle Solaris 11 how-to articles
- Learn more with Oracle Solaris 11 training and support
- See the official Oracle Solaris blog
- Check out The Observatory and OTN Garage blogs for Oracle Solaris tips and tricks
- Follow Oracle Solaris on Facebook and Twitter