821-1458

Oracle Solaris Administration:NetworkInterfaces andNetworkVirtualization

Part No: 821145811December 2011

Copyright 2011 500Oracle Parkway, Redwood City, CA 94065U.S.A.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectualproperty laws. Except as expressly permitted in your license agreement or allowed by law, youmay not use, copy, reproduce, translate, broadcast, modify, license,transmit, distribute, exhibit, perform, publish or display any part, in any form, or by anymeans. Reverse engineering, disassembly, or decompilation of this software,unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice isapplicable:

U.S. GOVERNMENTRIGHTS

Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or"commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication,disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extentapplicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007).Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software or hardware is developed for general use in a variety of informationmanagement applications. It is not developed or intended for use in any inherentlydangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shallbe responsible to take all appropriate fail-safe, backup, redundancy, and othermeasures to ensure its safe use. Oracle Corporation and its affiliates disclaim anyliability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other namesmay be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registeredtrademarks of SPARC International, Inc. AMD,Opteron, the AMD logo, and the AMDOpteron logo are trademarks or registered trademarks of AdvancedMicroDevices. UNIX is a registered trademark of TheOpenGroup.

This software or hardware and documentationmay provide access to or information on content, products, and services from third parties. Oracle Corporation andits affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporationand its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.

Ce logiciel et la documentation qui laccompagne sont protgs par les lois sur la proprit intellectuelle. Ils sont concds sous licence et soumis des restrictionsdutilisation et de divulgation. Sauf disposition de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diffuser, modifier, breveter,transmettre, distribuer, exposer, excuter, publier ou afficher le logiciel, mme partiellement, sous quelque forme et par quelque procd que ce soit. Par ailleurs, il estinterdit de procder toute ingnierie inverse du logiciel, de le dsassembler ou de le dcompiler, except des fins dinteroprabilit avec des logiciels tiers ou tel queprescrit par la loi.

Les informations fournies dans ce document sont susceptibles demodification sans pravis. Par ailleurs, Oracle Corporation ne garantit pas quelles soient exemptesderreurs et vous invite, le cas chant, lui en faire part par crit.

Si ce logiciel, ou la documentation qui laccompagne, est concd sous licence au Gouvernement des Etats-Unis, ou toute entit qui dlivre la licence de ce logicielou lutilise pour le compte duGouvernement des Etats-Unis, la notice suivante sapplique :

U.S. GOVERNMENTRIGHTS. Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are"commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplementalregulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicableGovernment contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, CommercialComputer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

Ce logiciel oumatriel a t dvelopp pour un usage gnral dans le cadre dapplications de gestion des informations. Ce logiciel oumatriel nest pas conu ni nestdestin tre utilis dans des applications risque, notamment dans des applications pouvant causer des dommages corporels. Si vous utilisez ce logiciel oumatrieldans le cadre dapplications dangereuses, il est de votre responsabilit de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesuresncessaires son utilisation dans des conditions optimales de scurit. Oracle Corporation et ses affilis dclinent toute responsabilit quant aux dommages causspar lutilisation de ce logiciel oumatriel pour ce type dapplications.

Oracle et Java sont desmarques dposes dOracle Corporation et/ou de ses affilis.Tout autre nommentionn peut correspondre desmarques appartenant dautres propritaires quOracle.

AMD,Opteron, le logo AMD et le logo AMDOpteron sont desmarques ou desmarques dposes dAdvancedMicro Devices. Intel et Intel Xeon sont desmarques oudesmarques dposes dIntel Corporation. Toutes les marques SPARC sont utilises sous licence et sont desmarques ou desmarques dposes de SPARCInternational, Inc. UNIX est unemarque dpose concd sous license par X/Open Company, Ltd.

111206@25097

Contents

Preface ...................................................................................................................................................15

1 Overviewof theNetworking Stack ................................................................................................... 21Network Configuration in This Oracle Solaris Release .................................................................. 21TheNetwork Stack in Oracle Solaris ................................................................................................. 22Network Devices andDatalink Names ............................................................................................. 26

Default Generic LinkNames ...................................................................................................... 26The Assignment of Generic Names to Datalinks ..................................................................... 27CustomizingHowGeneric LinkNames Are Assigned ........................................................... 28LinkNames in Upgraded Systems ............................................................................................. 28

Administration of Other Link Types ................................................................................................ 31

Part I NetworkAuto-Magic ...........................................................................................................................33

2 Introduction toNWAM ........................................................................................................................35What Is anNWAMConfiguration? .................................................................................................. 35

NWAMFunctional Components .............................................................................................. 37When to Use NWAM ......................................................................................................................... 38How the NWAMConfigurationWorks ........................................................................................... 39

NWAMDefault Behavior ........................................................................................................... 39HowNWAMWorksWithOther Oracle Solaris Networking Technologies ............................... 40Where to FindNetwork Configuration Tasks ................................................................................. 42

3 NWAMConfiguration andAdministration (Overview) ................................................................. 43Overview of NWAMConfiguration ................................................................................................. 43

What Are Network Profiles? ....................................................................................................... 43Description of anNCP ................................................................................................................ 44

3

Description of anNCU ................................................................................................................ 45Description of the Automatic andUser-DefinedNCPs .......................................................... 46Description of a Location Profile ............................................................................................... 46Description of an ENM ............................................................................................................... 47About KnownWLANs ................................................................................................................ 48

NWAMConfigurationData .............................................................................................................. 49NCUProperty Values .................................................................................................................. 50Property Values of System-Defined Locations ......................................................................... 51

HowNWAMProfiles Are Activated ................................................................................................. 54NCPActivation Policy ................................................................................................................. 54Location Activation Selection Criteria ...................................................................................... 56

Configuring Profiles by Using the netcfgCommand .................................................................... 58netcfg InteractiveMode ............................................................................................................. 60netcfgCommand-LineMode ................................................................................................... 60netcfgCommand-FileMode ..................................................................................................... 61netcfg Supported Subcommands ............................................................................................. 61

Administering Profiles by Using the netadmCommand ................................................................ 63Overview of the NWAMDaemons ................................................................................................... 65

Description of the NWAMPolicy Engine Daemon (nwamd) .................................................. 66Description of the NWAMRepository Daemon (netcfgd) ................................................... 66

SMFNetwork Services ........................................................................................................................ 67Overview of NWAMSecurity ............................................................................................................ 67

Authorizations and Profiles That Are Related to NWAM ...................................................... 68Authorizations That Are Required to Use the NWAMUser Interfaces ................................ 68

4 NWAMProfile Configuration (Tasks) ................................................................................................71Creating Profiles .................................................................................................................................. 72

Creating Profiles in Command-LineMode .............................................................................. 72Interactively Creating Profiles .................................................................................................... 73Creating anNCP .......................................................................................................................... 74Creating NCUs for anNCP ........................................................................................................ 74

How to Interactively Create anNCP ......................................................................................... 77Creating a Location Profile ......................................................................................................... 81Creating an ENMProfile ............................................................................................................. 86CreatingWLANs ......................................................................................................................... 89

Contents

Oracle Solaris Administration: Network Interfaces andNetworkVirtualization December 20114

Removing Profiles ............................................................................................................................... 91Setting and Changing Property Values for a Profile ........................................................................ 92Querying the System for Profile Information .................................................................................. 95

Listing All of the Profiles on a System ........................................................................................ 95Listing All Property Values for a Specific Profile ..................................................................... 96Obtaining Values of a Specific Property .................................................................................... 97Interactively Viewing and Changing Property Values by Using the walkprop Subcommand......................................................................................................................................................... 99

Exporting and Restoring a Profile Configuration ......................................................................... 100Restoring a User-Defined Profile ............................................................................................. 103

Managing Network Configuration .................................................................................................. 104How to Switch FromAutomatic Network ConfigurationMode toManual Network

ConfigurationMode .................................................................................................................. 104How to Switch FromManual Network ConfigurationMode to Automatic Network

ConfigurationMode .................................................................................................................. 105

5 NWAMProfileAdministration (Tasks) ............................................................................................107Obtaining Information About Profile States .................................................................................. 108

Displaying the Current State of a Profile ................................................................................. 108Auxiliary State Values ................................................................................................................ 110

Activating andDeactivating Profiles ............................................................................................... 110Performing aWireless Scan and Connecting to AvailableWireless Networks .......................... 113Troubleshooting NWAMNetwork Configuration ....................................................................... 114

Monitoring the Current State of All Network Connections ................................................. 114Troubleshooting Network Interface Configuration Issues ................................................... 115

6 About theNWAMGraphical User Interface ................................................................................... 117Introduction to the NWAMGraphical User Interface ................................................................. 117

Accessing the NWAMGUI From the Desktop ...................................................................... 118Differences Between the NWAMCLI and the NWAMGUI ............................................... 118

Functional Components of the NWAMGUI ................................................................................ 120InteractingWith NWAMFrom the Desktop ................................................................................ 122

Checking the Status of Your Network Connection ............................................................... 122Controlling Network Connections From the Desktop ......................................................... 124

Joining andManaging FavoriteWireless Networks ...................................................................... 125

Contents

5

How to Join aWireless Network .............................................................................................. 126Managing Favorite Networks ................................................................................................... 127

Managing Network Profiles ............................................................................................................. 127About the Network Preferences Dialog ................................................................................... 128Viewing Information About Network Profiles ....................................................................... 130Switching FromOneNetwork Profile to Another Network Profile .................................... 130Adding or Removing a Network Profile .................................................................................. 131Editing Network Profiles ........................................................................................................... 131WorkingWith Priority Groups ................................................................................................ 132Creating andManaging Locations ........................................................................................... 134Editing Locations ....................................................................................................................... 136

About External NetworkModifiers ................................................................................................. 137About the NetworkModifiers Dialog ...................................................................................... 137

How to Add a Command-Line ENM ...................................................................................... 138

Part II Datalink and Interface Configuration ........................................................................................... 141

7 UsingDatalink and Interface ConfigurationCommandsonProfiles ....................................... 143Highlights of Profile-BasedNetwork Configuration .................................................................... 143Profiles and Configuration Tools .................................................................................................... 144How toDetermine the NetworkManagementMode ............................................................ 144

Next Steps ........................................................................................................................................... 146

8 Datalink Configuration andAdministration .................................................................................147Configuration of Datalinks (Tasks) ................................................................................................. 147The dladmCommand ....................................................................................................................... 148How to Rename aDatalink ....................................................................................................... 149How toDisplay Information About Physical Attributes of Datalinks ................................. 151How toDisplay Datalink Information .................................................................................... 152How toDelete a Datalink .......................................................................................................... 152

Setting Datalink Properties .............................................................................................................. 153Overview of Datalink Properties .............................................................................................. 153Setting Datalink PropertiesWith the dladmCommand ....................................................... 154

Additional Configuration Tasks onDatalinks ............................................................................... 161

Contents


How to Replace a Network Interface CardWith Dynamic Reconfiguration ..................... 161Configuring STREAMSModules onDatalinks ..................................................................... 164

9 Configuring an IP Interface ..............................................................................................................167About IP Interface Configuration ................................................................................................... 167The ipadmCommand ....................................................................................................................... 167IP Interface Configuration (Tasks) ................................................................................................. 168 SPARC: How to Ensure That theMACAddress of an Interface Is Unique ......................... 169

Configuring IP Interfaces ................................................................................................................. 170How to Configure an IP Interface ............................................................................................ 171

Setting IP Address Properties ................................................................................................... 175Setting IP Interface Properties .................................................................................................. 176

Administering Protocol Properties ................................................................................................. 180Setting TCP/IP Properties ......................................................................................................... 180

Monitoring IP Interfaces and Addresses ........................................................................................ 184How toObtain Information About Network Interfaces ....................................................... 185

Troubleshooting Interface Configuration ...................................................................................... 188The ipadm command does not work. ....................................................................................... 188IP address cannot be assigned with the ipadm create-addr command. ........................... 189The message cannot create address object: Invalid argument provided is displayedduring IP address configuration. .............................................................................................. 189The message cannot create address: Persistent operation on temporary objectduring IP interface configuration ............................................................................................ 190

Comparison Tables: ipadmCommand andOther Networking Commands ............................. 190ifconfigCommandOptions and ipadmCommandOptions ............................................ 190nddCommandOptions and ipadmCommandOptions ....................................................... 192

10 ConfiguringWireless Interface Communications onOracle Solaris ......................................... 195WiFi Communications TaskMap ................................................................................................... 195Communicating OverWiFi Interfaces ........................................................................................... 196

Finding aWiFi Network ............................................................................................................ 196Planning forWiFi Communications ....................................................................................... 197

Connecting andUsingWiFi onOracle Solaris Systems ............................................................... 198How to Connect to aWiFi Network ........................................................................................ 198How toMonitor theWiFi Link ................................................................................................. 202

Contents

7

SecureWiFi Communications ......................................................................................................... 203How to Set Up an EncryptedWiFi Network Connection ..................................................... 204

11 AdministeringBridges ......................................................................................................................207Bridging Overview ............................................................................................................................ 207

Link Properties ........................................................................................................................... 210STPDaemon ............................................................................................................................... 212TRILLDaemon .......................................................................................................................... 213Debugging Bridges ..................................................................................................................... 213Other Bridge Behaviors ............................................................................................................. 214Bridge Configuration Examples ............................................................................................... 216

Administering Bridges (TaskMap) ................................................................................................. 217How to View Information About Configured Bridges .......................................................... 218How to ViewConfiguration Information About Bridge Links ............................................ 220How to Create a Bridge .............................................................................................................. 220How toModify the Protection Type for a Bridge ................................................................... 221How to AddOne orMore Links to an Existing Bridge .......................................................... 221How to Remove Links From a Bridge ...................................................................................... 222How toDelete a Bridge From the System ................................................................................ 223

12 Administering LinkAggregations ..................................................................................................225Overview of Link Aggregations ....................................................................................................... 225

Link Aggregation Basics ............................................................................................................ 226Back-to-Back Link Aggregations ............................................................................................. 227Policies and Load Balancing ..................................................................................................... 228AggregationMode and Switches .............................................................................................. 228Requirements for Link Aggregations ...................................................................................... 229Flexible Names for Link Aggregations .................................................................................... 229Administering Link Aggregations (TaskMap) ...................................................................... 229

How to Create a Link Aggregation ........................................................................................... 230How toModify an Aggregation ................................................................................................ 232How to Add a Link to an Aggregation ..................................................................................... 233How to Remove a Link From anAggregation ........................................................................ 234How toDelete an Aggregation ................................................................................................. 234

Contents


13 AdministeringVLANs ........................................................................................................................237Administering Virtual Local Area Networks ................................................................................. 237

Overview of VLANTopology .................................................................................................. 238VLANAdministration (TaskMap) ......................................................................................... 240Planning for VLANs on aNetwork .......................................................................................... 241Configuring VLANs .................................................................................................................. 242VLANs on Legacy Devices ........................................................................................................ 246PerformingOther Administrative Tasks on VLANs ............................................................. 246Combining Network Configuration TasksWhile Using CustomizedNames ................... 248

14 Introducing IPMP ...............................................................................................................................251What's NewWith IPMP ................................................................................................................... 251Deploying IPMP ................................................................................................................................ 252

Why You Should Use IPMP ..................................................................................................... 252When YouMust Use IPMP ....................................................................................................... 253Comparing IPMP and Link Aggregation ................................................................................ 253Using Flexible LinkNames on IPMPConfiguration ............................................................. 255How IPMPWorks ...................................................................................................................... 255

IPMPComponents in Oracle Solaris .............................................................................................. 261Types of IPMP Interface Configurations ........................................................................................ 262IPMPAddressing .............................................................................................................................. 263

IPv4 Test Addresses ................................................................................................................... 263IPv6 Test Addresses ................................................................................................................... 264

Failure and Repair Detection in IPMP ............................................................................................ 264Types of Failure Detection in IPMP ........................................................................................ 264Detecting Physical Interface Repairs ....................................................................................... 267

IPMP andDynamic Reconfiguration ............................................................................................. 268Attaching NewNICs .................................................................................................................. 269Detaching NICs .......................................................................................................................... 269Replacing NICs ........................................................................................................................... 270

IPMPTerminology and Concepts .................................................................................................. 270

15 Administering IPMP ..........................................................................................................................277IPMPAdministration TaskMaps ................................................................................................... 277

IPMPGroup Creation and Configuration (TaskMap) ......................................................... 277

Contents

9

IPMPGroupMaintenance (TaskMap) .................................................................................. 278Probe-Based Failure Detection Configuration (TaskMap) .................................................. 278IPMPGroupMonitoring (TaskMap) ..................................................................................... 279

Configuring IPMPGroups ............................................................................................................... 279How to Plan an IPMPGroup .................................................................................................... 279How to Configure an IPMPGroup byUsing DHCP ............................................................. 281How toManually Configure an Active-Active IPMPGroup ................................................ 284How toManually Configure an Active-Standby IPMPGroup ............................................. 285

Maintaining IPMPGroups ............................................................................................................... 287How to Add an Interface to an IPMPGroup .......................................................................... 287How to Remove an Interface From an IPMPGroup ............................................................. 287How to Add or Remove IP Addresses ...................................................................................... 288How toMove an Interface FromOne IPMPGroup to Another Group .............................. 289How toDelete an IPMPGroup ................................................................................................ 290

Configuring for Probe-Based Failure Detection ............................................................................ 291How toManually Specify Target Systems for Probe-Based Failure Detection ................... 292How to SelectWhich Failure DetectionMethod to Use ........................................................ 292How to Configure the Behavior of the IPMPDaemon .......................................................... 293

Recovering an IPMPConfigurationWith Dynamic Reconfiguration ....................................... 294How to Replace a Physical Card That Has Failed ................................................................... 294

Monitoring IPMP Information ....................................................................................................... 296How toObtain IPMPGroup Information .............................................................................. 296How toObtain IPMPData Address Information .................................................................. 297How toObtain Information About Underlying IP Interfaces of a Group .......................... 298How toObtain IPMP Probe Target Information ................................................................... 299How toObserve IPMP Probes .................................................................................................. 301How to Customize the Output of the ipmpstatCommand in a Script ............................... 302How toGenerateMachine Parseable Output of the ipmpstatCommand ......................... 303

16 ExchangingNetworkConnectivity InformationWith LLDP ....................................................... 305Overview of LLDP inOracle Solaris ................................................................................................ 305Components of an LLDP Implementation ..................................................................................... 305Functions of the LLDPAgent ........................................................................................................... 306

ConfiguringHow the LLDPAgent Operates .......................................................................... 307ConfiguringWhat Information ToAdvertise ........................................................................ 308

Contents


Managing TLVUnits ......................................................................................................................... 311How toDefine Global TLVValues ........................................................................................... 312

Data Center Bridging ................................................................................................................. 313Monitoring LLDPAgents ................................................................................................................. 314How toDisplay Advertisements ............................................................................................... 314How toDisplay LLDP Statistics ................................................................................................ 316

Part III NetworkVirtualization andResourceManagement .................................................................. 319

17 IntroducingNetworkVirtualization andResource Control (Overview) ................................... 321Network Virtualization andVirtual Networks .............................................................................. 321

Parts of the Internal Virtual Network ...................................................................................... 322Who Should Implement Virtual Networks? ........................................................................... 324

What Is Resource Control? .............................................................................................................. 325How BandwidthManagement and FlowControlWorks ..................................................... 325Allocating Resource Control and BandwidthManagement on aNetwork ........................ 326Who Should Implement Resource Control Features ............................................................ 328

Observability Features for Network Virtualization and Resource Control ................................ 328

18 Planning forNetworkVirtualization andResource Control ...................................................... 331Network Virtualization and Resource Control TaskMap ........................................................... 331Planning andDesigning a Virtual Network ................................................................................... 332

Basic Virtual Network on a Single System .............................................................................. 332Private Virtual Network on a Single System ........................................................................... 334ForMore Information ............................................................................................................... 335

Implementing Controls onNetwork Resources ............................................................................ 336Interface-based Resource Control for a Traditional Network .............................................. 338FlowControl for the Virtual Network ..................................................................................... 338

How to Create a Usage Policy for Applications on a Virtual Network ................................ 340How to Create a Service Level Agreement for the Virtual Network .................................... 340

19 ConfiguringVirtual Networks (Tasks) ............................................................................................341Virtual Networks TaskMap ............................................................................................................. 341Configuring Components of Network Virtualization in Oracle Solaris ..................................... 342

Contents

11

How to Create a Virtual Network Interface ............................................................................ 343How to Create Etherstubs ......................................................................................................... 345

WorkingWith VNICs and Zones .................................................................................................... 347Creating New Zones for UseWith VNICs .............................................................................. 347Modifying the Configuration of Existing Zones to Use VNICs ........................................... 352Creating a Private Virtual Network ......................................................................................... 356

How to Remove the Virtual NetworkWithout Removing the Zones ................................. 358

20 Using LinkProtection inVirtualized Environments .................................................................... 361Overview of Link Protection ............................................................................................................ 361

Link Protection Types ............................................................................................................... 361Configuring Link Protection (TaskMap) ....................................................................................... 363How to Enable the Link ProtectionMechanism .................................................................... 363How toDisable Link Protection ............................................................................................... 364How to Specify IP Addresses for Protection Against IP Spoofing ........................................ 364How to View the Link Protection Configuration ................................................................... 365

21 ManagingNetworkResources ........................................................................................................367Overview of Network ResourceManagement ............................................................................... 367

Datalink Properties for Resource Control .............................................................................. 367Network ResourceManagement by Using Flows .................................................................. 368Commands for Network ResourceManagement .................................................................. 369

Network ResourceManagement (TaskMap) ................................................................................ 370Managing Resources onDatalinks .................................................................................................. 370

Transmit and Receive Rings ..................................................................................................... 370Pools and CPUs .......................................................................................................................... 384

Managing Resources on Flows ......................................................................................................... 389Configuring Flows on the Network ......................................................................................... 389

22 MonitoringNetworkTrafficandResourceUsage ........................................................................ 395Overview of Network Traffic Flow .................................................................................................. 395Monitoring Traffic andUse of Resources (TaskMap) .................................................................. 398Gathering Statistics About Network Traffic on Links ................................................................... 399How toObtain Basic Statistics About Network Traffic ......................................................... 399

Contents


How toObtain Statistics About Ring Usage ........................................................................... 401How toObtain Statistics About Network Traffic on Lanes ................................................... 402

Gathering Statistics About Network Traffic on Flows .................................................................. 404How toObtain Statistics on Flows ........................................................................................... 405

Setting UpNetwork Accounting ..................................................................................................... 407How to Configure ExtendedNetwork Accounting ............................................................... 407How toObtainHistorical Statistics onNetwork Traffic ........................................................ 408

Glossary .............................................................................................................................................. 413

Index ................................................................................................................................................... 423

Contents

13

Preface

Welcome to the Oracle Solaris Administration: Network Interfaces andNetworkVirtualization. This book is part of a fourteen-volume set that covers a significant part of theOracle Solaris system administration information. This book assumes that you have alreadyinstalled Oracle Solaris. You should be ready to configure your network or ready to configureany networking software that is required on your network.

Note This Oracle Solaris release supports systems that use the SPARC and x86 families ofprocessor architectures. The supported systems appear in theOracle Solaris OS: HardwareCompatibility Lists. This document cites any implementation differences between the platformtypes.

In this document, these x86 related termsmean the following: x86 refers to the larger family of 64-bit and 32-bit x86 compatible products. x64 relates specifically to 64-bit x86 compatible CPUs. "32-bit x86" points out specific 32-bit information about x86 based systems.

For supported systems, see theOracle Solaris OS: Hardware Compatibility Lists.

WhoShouldUseThis BookThis book is intended for anyone responsible for administering systems that runOracle Solaris,which are configured in a network. To use this book, you should have at least two years of UNIXsystem administration experience. Attending UNIX system administration training coursesmight be helpful.

15

How the SystemAdministrationGuidesAreOrganizedHere is a list of the topics that are covered by the SystemAdministration Guides.

BookTitle Topics

Booting and Shutting DownOracle Solaris on SPARC Platforms Booting and shutting down a system,managing boot services,modifying boot behavior, booting fromZFS, managing the bootarchive, and troubleshooting booting on SPARC platforms

Booting and Shutting DownOracle Solaris on x86 Platforms Booting and shutting down a system,managing boot services,modifying boot behavior, booting fromZFS, managing the bootarchive, and troubleshooting booting on x86 platforms

Oracle Solaris Administration: Common Tasks UsingOracle Solaris commands, booting and shutting down asystem,managing user accounts and groups, managing services,hardware faults, system information, system resources, andsystem performance, managing software, printing, the consoleand terminals, and troubleshooting system and softwareproblems

Oracle Solaris Administration: Devices and File Systems Removablemedia, disks and devices, file systems, and backing upand restoring data

Oracle Solaris Administration: IP Services TCP/IP network administration, IPv4 and IPv6 addressadministration, DHCP, IPsec, IKE, IP Filter, and IPQoS

Oracle Solaris Administration: Naming and Directory Services DNS, NIS, and LDAP naming and directory services, includingtransitioning fromNIS to LDAP

Oracle Solaris Administration: Network Interfaces and NetworkVirtualization

Automatic andmanual IP interface configuration includingWiFiwireless; administration of bridges, VLANs, aggregations, LLDP,and IPMP; virtual NICs and resourcemanagement.

Oracle Solaris Administration: Network Services Web cache servers, time-related services, network file systems(NFS and autofs), mail, SLP, and PPP

Oracle Solaris Administration: Oracle Solaris Zones, OracleSolaris 10 Zones, and ResourceManagement

Resourcemanagement features, which enable you to control howapplications use available system resources; Oracle Solaris Zonessoftware partitioning technology, which virtualizes operatingsystem services to create an isolated environment for runningapplications; andOracle Solaris 10 Zones, which host OracleSolaris 10 environments running on the Oracle Solaris 11 kernel

Oracle Solaris Administration: Security Services Auditing, devicemanagement, file security, BART, Kerberosservices, PAM, Cryptographic Framework, KeyManagement,privileges, RBAC, SASL, Secure Shell, and virus scanning

Preface


BookTitle Topics

Oracle Solaris Administration: SMB andWindows Interoperability SMB service, which enables you to configure anOracle Solarissystem tomake SMB shares available to SMB clients; SMB client,which enables you to access SMB shares; and native identitymapping services, which enables you tomap user and groupidentities betweenOracle Solaris systems andWindows systems

Oracle Solaris Administration: ZFS File Systems ZFS storage pool and file system creation andmanagement,snapshots, clones, backups, using access control lists (ACLs) toprotect ZFS files, using ZFS on a Solaris systemwith zonesinstalled, emulated volumes, and troubleshooting and datarecovery

Oracle Solaris Trusted Extensions Configuration andAdministration

System installation, configuration, and administration that isspecific to Trusted Extensions

Oracle Solaris 11 Security Guidelines Securing anOracle Solaris system, as well as usage scenarios for itssecurity features, such as zones, ZFS, and Trusted Extensions

Transitioning FromOracle Solaris 10 to Oracle Solaris 11 Provides system administration information and examples fortransitioning fromOracle Solaris 10 to Oracle Solaris 11 in theareas of installation, device, disk, and file systemmanagement,softwaremanagement, networking, systemmanagement,security, virtualization, desktop features, user accountmanagement, and user environments emulated volumes, andtroubleshooting and data recovery

RelatedThird-PartyWebSite ReferencesThird party URLs are referenced in this document and provide additional, related information.

Note Oracle is not responsible for the availability of third-partyWeb sitesmentioned in thisdocument. Oracle does not endorse and is not responsible or liable for any content, advertising,products, or othermaterials that are available on or through such sites or resources. Oracle willnot be responsible or liable for any actual or alleged damage or loss caused by or in connectionwith the use of or reliance on any such content, goods, or services that are available on orthrough such sites or resources.

Preface

17

Access toOracle SupportOracle customers have access to electronic support throughMyOracle Support. Forinformation, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visithttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

Typographic ConventionsThe following table describes the typographic conventions that are used in this book.

TABLE P1 TypographicConventions

Typeface Description Example

AaBbCc123 The names of commands, files, and directories,and onscreen computer output

Edit your .login file.

Use ls -a to list all files.

machine_name% you have mail.

AaBbCc123 What you type, contrasted with onscreencomputer output

machine_name% su

Password:

aabbcc123 Placeholder: replace with a real name or value The command to remove a file is rmfilename.

AaBbCc123 Book titles, new terms, and terms to beemphasized

Read Chapter 6 in theUser's Guide.

A cache is a copy that is storedlocally.

Do not save the file.

Note: Some emphasized itemsappear bold online.

Shell Prompts in CommandExamplesThe following table shows the default UNIX system prompt and superuser prompt for shellsthat are included in the Oracle Solaris OS. Note that the default system prompt that is displayedin command examples varies, depending on the Oracle Solaris release.

TABLE P2 Shell Prompts

Shell Prompt

Bash shell, Korn shell, and Bourne shell $

Preface


TABLE P2 Shell Prompts (Continued)Shell Prompt

Bash shell, Korn shell, and Bourne shell for superuser #

C shell machine_name%

C shell for superuser machine_name#

Preface

19

Overview of theNetworking Stack

This chapter introduces network administration in Oracle Solaris. It describesinterrelationships that underlie interfaces, datalinks over which the interfaces are configured,and network devices. Support for flexible names for datalinks is also discussed at length.

NetworkConfiguration inThisOracle Solaris ReleaseNote the following differences in themanner the network is configured in this release thatdistinguishes it from previous Oracle Solaris releases: Network configuration is managed by a profile. The type of configuration that is operative in

a system depends on which network configuration profile is active. See Part I, NetworkAuto-Magic.

Datalinks on layer 2 of the networking stack are administered by using the dladm command.This command replaces previous ifconfig command options to configure datalinkproperties. Consequently, the configuration of link aggregations, VLANs, and IP tunnelshave also changed. See Chapter 8, Datalink Configuration and Administration,Chapter 12, Administering Link Aggregations, and Chapter 13, Administering VLANs.See also Chapter 6, Configuring IP Tunnels, inOracle Solaris Administration: IP Services.

Datalink names are no longer bound to their hardware drivers. Thus, datalinks, by default,are assigned generic link names such as net0, net1, and so on. See Network Devices andDatalink Names on page 26.

IP interfaces on layer 3 of the networking stack are administered by using the ipadmcommand. This command replaces previous ifconfig command options to configure IPinterfaces. See Chapter 9, Configuring an IP Interface.

IPMP groups are implemented as IP interfaces and are therefore similarly configured withthe ipadm command. Additionally, the ipmpstat is introduced that allows you to obtainIPMP-related information and statistics. See Chapter 14, Introducing IPMP, andChapter 15, Administering IPMP.

1C H A P T E R 1

21

Virtualization is implemented on the network device level. Thus you can configure VNICsandmanage the use of network resources for greater efficiency. See Part III, NetworkVirtualization and ResourceManagement.

TheNetwork Stack inOracle SolarisNetwork interfaces provide the connection between the system and the network. Theseinterfaces are configured over datalinks, which in turn correspond to instances of hardwaredevices in the system. Network hardware devices are also called network interface cards (NICs)or network adapters. NICs can be built in and already present in the systemwhen the system ispurchased. However, you can also purchase separate NICs to add to the system. Certain NICshave only a single interface that resides on the card. Other brandsmight havemultipleinterfaces that you can configure to perform network operations.

In the currentmodel of the network stack, interfaces and links on the software layer build on thedevices in the hardware layer. More specifically, a hardware device instance in the hardwarelayer has a corresponding link on the datalink layer and a configured interface on the interfacelayer. This one-to-one relationship among the network device, its datalink, and the IP interfaceis illustrated in the figure that follows.

Note For a fuller explanation of the TCP/IP stack, see Chapter 1, Oracle Solaris TCP/IPProtocol Suite (Overview), in SystemAdministration Guide: IP Services.

TheNetwork Stack in Oracle Solaris


The figure shows twoNICs on the hardware layer: e1000with a single device instance e1000g0,and qfewithmultiple device instances, qfe0 to qfe3. The devices qfe0 through qfe2 are notused. Devices e1000g and qfe3 are used and have corresponding links e1000g and qfe3 on thedatalink layer. In the figure, the IP interfaces are likewise named after their respectiveunderlying hardware, e1000g and qfe3. These interfaces can be configured with IPv4 or IPv6addresses to host both types of network traffic. Note also the presence of the loopback interfacelo0 on the interface layer. This interface is used to test, for example, that the IP stack isfunctioning properly.

Different administrative commands are used at each layer of the stack. For example, hardwaredevices that are installed on the system are listed by the dladm show-dev command.Information about links on the datalink layer is displayed by the dladm show-link command.The ifconfig command shows the IP interface configuration on the interface layer.

FIGURE 11 Network Stack ShowingNetworkDevices, Links, and InterfacesOracle Solaris 10Model

e1000g0 lo0(IP) Interface layer(ifconfig)configured forIPv4 or IPv6 addresses

Data-link layer(dladm show-link)Device layer(dladm show-dev)

Link

Device instance (dip)

NIC

Interface

Hardware

qfe3

e1000g0 qfe3

e1000g0

qfe0

qfe1qfe2

qfe3

e1000g qfe

Software


Chapter 1 Overview of theNetworking Stack 23

In this model, a one-to-one relationship exists that binds the device, the datalink, and theinterface. This relationshipmeans that network configuration is dependent on hardwareconfiguration and network topology. Interfacesmust be reconfigured if changes areimplemented in the hardware layer, such as replacing the NIC or changing the networktopology.

Oracle Solaris 11 introduces an implementation of the network stack in which the basicrelationship between the hardware, datalink, and interface layers remains. However, thesoftware layer is decoupled from the hardware layer.With this separation, networkconfiguration on the software level is no longer bound to the chipset or the network topology inthe hardware layer. This implementationmakes network administrationmore flexible in thefollowing ways:

The network configuration is insulated from any changes that might occur in the hardwarelayer. Link and interface configurations are preserved even if the underlying hardware isremoved. These same configurations can then be reapplied to any replacement NIC,provided that the twoNICs are of the same type.

The separation of the network configuration from the network hardware configuration alsoallows the use of customized link names in the datalink layer.

With the abstraction of the datalink layer, multiple networking abstractions orconfigurations such as VLANs, VNICs, physical devices, link aggregations, and IP tunnelsare unified into a common administrative entity, which is the datalink.

The following figure illustrates how these network configurations are created on the networkingstack:



The configurations in this illustration are further explained in Administration of Other LinkTypes on page 31.

FIGURE 12 Network Stack ShowingNetworkDevices, Links, and InterfacesOracle Solaris 11Model

net0

IPMP

(IP) Interface layer(ipadm show-if)

Data-link layer(dladm show-link)

Hardware

Device layer(dladm show-phys -o)

Device instance (dip)

NIC

net1

net0

VLAN

VLAN

Aggregation

sales1

sales2

lo0

net1 net3 net2

dladm show-iptun

e1000g0

qfe0qfe1

qfe2qfe3

e1000g qfe

video0

video0

vpn1

vpn1

Routing Table

Tunnel

Software

itops0

sales2



NetworkDevices andDatalinkNamesFrom an administrative perspective, administrators create IP interfaces on top of datalinks. Thedatalink represents a link object in the second layer of the Open Systems Interconnection (OSI)model. The physical link is directly associated with a device and possesses a device name. Thedevice name is essentially the device instance name, and is composed of the driver name and thedevice instance number. The instance number can have a value from zero to n, depending onhowmanyNICs use that driver on the system.

For example, consider a Gigabit Ethernet card, which is often used as the primary NIC on bothhost systems and server systems. Some typical driver names for this NIC are bge and e1000g.When used as the primary NIC, the Gigabit Ethernet interface has a device name such as bge0or e1000g0. Other driver names are nge, nxge, and so on.

In this Oracle Solaris release, the device instance name continues to depend on the underlyinghardware. However, datalinks on top of these devices are not similarly bound and can be givenmeaningful names. For example, the administrator can assign the datalink on top of deviceinstance e1000g0 the name itops0. In this Oracle Solaris release, datalinks by default areprovided with generic names. To display themapping between the datalinks with their genericnames and the corresponding device instances, you use the dladm sho-phys subcommand.

Default Generic LinkNamesWhen you install this Oracle Solaris release on a system for the first time, Oracle Solarisautomatically provides generic link names for all the system's physical network devices. Thisname assignment uses the net# naming convention, where the # is the instance number. Thisinstance number increments for each device, for example, net0, net1, net2, and so on.

Generic or flexible link names provide advantages in network configuration as shown in thefollowing examples: Within a single system, dynamic reconfiguration becomes easier. The network

configuration that is set for a givenNIC can be inherited by a different NIC replacement. Zonemigration becomes less complicated with regards to network setup. The zone in the

migrated system preserves its network configuration if the destination system's link sharesthe same namewith the link that has been assigned to the zone prior tomigration. Thus, noadditional network configuration on the zone is required after themigration.

The generic naming scheme helps with network configuration that is specified in the SystemConfiguration (SC)manifest. The primary network datalink is generally named net0 for allsystems. Thus, a generic SCmanifest can be used formultiple systems that specify aconfiguration for net0.

Datalink administration also becomes flexible. You can further customize the name ofdatalinks, for example to reflect a specific function that the datalink serves, as shown inFigure 12.

Network Devices andDatalink Names


The following table illustrates the new correspondence between the hardware (NIC), thedevice instance, the link name, and the interface over the link. The names of the datalinksare automatically provided by the OS.

Hardware (NIC) Device Instance Link's AssignedName IP Interface

e1000g e1000g0 net0 net0

qfe qfe1 net1 net1

As the table indicates, while the device instance name remains hardware-based, thedatalinks have been renamed by the OS after it is installed.

TheAssignment ofGenericNames toDatalinksIn Oracle Solaris, generic names are automatically assigned to all the datalinks based on specificcriteria. All devices share the same prefix net. However, the instance numbers are assignedbased on the following: Physical network devices are ordered according tomedia type, where certain types have

priority over others. Themedia types are ordered in descending priority as follows:1. Ethernet2. IP over IB (Infiniband devices)3. Ethernet over IB4. WiFi

After devices are grouped and sorted according tomedia types, these devices are furtherordered based on their physical locations, where onboard devices are favored overperipheral devices.

Devices that have higher priority based on their media type and location are assigned lowerinstance numbers.

Based on the criteria, Ethernet devices on a lowermotherboard or ioboard, hostbridge, PCIerootcomplex, bus, device, and function are ranked ahead of the other devices.

To display the correspondences of link names, devices, and locations, use the dladm show-physcommand as follows:

# dladm show-phys -L

LINK DEVICE LOCATION

net0 e1000g0 MB

net1 e1000g1 MB

net2 e1000g2 MB

net3 e1000g3 MB

net4 ibp0 MB/RISER0/PCIE0/PORT1

net5 ibp1 MB/RISER0/PCIE0/PORT2



net6 eoib2 MB/RISER0/PCIE0/PORT1/cloud-nm2gw-2/1A-ETH-2

net7 eoib4 MB/RISER0/PCIE0/PORT2/cloud-nm2gw-2/1A-ETH-2

CustomizingHowGeneric LinkNamesAreAssignedOracle Solaris uses the prefix netwhen assigning link names. However, any custom prefix canbe used instead, such as eth. If you prefer, you can also disable the automatic assignment ofneutral link names.

Caution Youmust customize how generic link names are automatically assigned before youinstall Oracle Solaris. After installation, you cannot customize the default link names withouttearing down existing configurations.

To disable automatic link naming, or to customize the prefix of link names, set the followingproperty in the SystemConfigurationmanifests that are used by the Automated Install (AI)program.

The case is not true if you upgrade fromOracle Solaris 11 Express. On such upgraded systems,the datalinks retain their names prior to the upgrade. These names would either be the defaulthardware-based names, or customized names that the administrator assigned to the datalinksbefore the upgrade. Further, on these upgraded systems, new network devices that aresubsequently added also retain the default hardware-based names rather than receive neutralnames. This behavior for upgraded systems ensures that no neutral names that are assigned bythe OS becomemixed with other hardware-based names or customize names assigned by theadministrator before the upgrade.

In any systemwith this Oracle Solaris release, both hardware-based names as well asOS-supplied link names can be replaced by other names that you prefer to use. Typically, thedefault link names that are assigned by the OS suffice for creating the system's networkconfiguration. However, if you select to change link names, note the important considerationsdiscussed in the following sections.

ReplacingHardware-Based LinkNamesIf your system's links have hardware-based names, rename these links with at least genericnames. If you retain the hardware-based names of the links, confusionmight arise in latersituations where these physical devices are removed or replaced.

For example, you retain the link name bge0 that is associated with the device bge0. All linkconfigurations are performed by referring to the link name. Later, youmight replace the NICbgewith the NIC e1000g. To reapply the former device's link configuration to the newNICe1000g0, you would need to reassign the link name bge0 to e1000g0. The combination of ahardware-based link name bge0with a different associated NIC e1000g0 can cause confusion.By using names that are not hardware-based, you can better distinguish the links from theassociated devices.

CautionAbout Changing LinkNamesWhile replacing hardware-based link names is recommended, youmust still plan carefullybefore you rename links. Changing the device's link name does not automatically propagate thenew name to all existing associated configurations. The following examples illustrate the riskswhen you change link names: Some rules in an IP Filter configuration apply to specific links.When you change a link's

name, the filter rules continue to refer to the link's original name. Consequently, these rulesno longer behave as expected after you rename the link. You need to adjust the filter rules toapply to the link by using the new link name.

Consider the possibility of exporting network configuration information. As previouslyexplained, by using the default net# names provided by the OS, you canmigrate zones andexport network configuration to another system easily. If the target system's networkdevices are namedwith generic names such as net0, net1, and others, then the zone simplyinherits the network configuration of the datalink whose namematches the datalinkassigned to the zone.



Thus, as a general rule, do not rename datalinks randomly.When renaming datalinks, ensurethat all of the link's associated configurations continue to apply after the link name is changed.Some of the configurations that might be affected by renaming links are as follows:

IP Filter rules IP configurations that are specified in configuration files such as /etc/dhcp.* Oracle Solaris 11 Zones autopush configuration

Note No changes are required in the autopush configurationwhen you rename links.However, youmust be aware of how the configuration would work with the per-linkautopush property after the link has been renamed. Formore information, see How to SetSTREAMSModules onDatalinks on page 164.

Rules forValid LinkNamesWhen you assign link names, observe the following rules:

Link names consist of a string and a physical point of attachment (PPA) number. The namemust abide by the following constraints:

Names consist of between 3 to 8 characters. However, names can have amaximum of 16characters.

Valid characters for names are alphanumeric (a-z, 09) and the underscore ('_').

Caution Donot use upper case letters on link names.

Each datalinkmust have only one link name at one time. Each datalinkmust have a unique link namewithin the system.

Note As an added restriction, you cannot use lo0 as a flexible link name. This name is reservedto identify the IP loopback interface.

The function of the link within your network setup can be a useful reference when you assignlink names. For example, netmgt0 can be a link that is dedicated to networkmanagement.Upstream2 can be the link that connects to the ISP. As a general rule to avoid confusion, do notassign names of known devices to your links.



AdministrationofOther LinkTypesThe separation between network configuration and network hardware configurationintroduces the same flexibility to other types of link configurations. For example, virtual localarea networks (VLANs), link aggregations, and IP tunnels can be assignedadministratively-chosen names and then configured by referring to those names. Other relatedtasks, such as performing dynamic reconfiguration (DR) to replace hardware devices, are alsoeasier to perform because no further network reconfiguration is required, provided that thenetwork configuration was not deleted.

The following figure shows the interrelationship among devices, link types, and theircorresponding interfaces.

Note In the figure, the datalinks are named according to specific functions that they perform inthe system, such as video0 or sales2. The figure intends to highlight the flexibility with whichyou can name the datalinks. However, using the default neutral names such as net0 as suppliedby the OS is sufficient and preferable.

The figure also provides a sample of how administratively chosen names can be used in thenetwork setup; VLANs are configured on the net0 link. These VLANs, in turn, are also assigned customized

names, such as sales1 and sales2. The VLAN sales2's IP interface is plumbed andoperational.

The device instances qfe0 and qfe2 are used to service video traffic. Accordingly, thecorresponding links in the datalink layer are assigned the names subvideo0 and subvideo1.These two links are aggregated to host video feed. The link aggregation possesses its owncustomized name as well, video0.

Two interfaces (net0 and net1) with different underlying hardware (e1000g and qfe) aregrouped together as an IPMP group (itops0) to host email traffic.

Note Although IPMP interfaces are not links on the datalink layer, these interfaces, like thelinks, can also be assigned customized names. Formore information about IPMP groups,see Chapter 14, Introducing IPMP.

Two interfaces have no underlying devices: the tunnel vpn1, which is configured for VPNconnections and lo0 for IP loopback operations.

All of the link and interface configurations in this figure are independent of the configurationsin the underlying hardware. For example, if the qfe card is replaced, the video0 interfaceconfiguration for video traffic remains and can later be applied to a replacement NIC.

Administration of Other LinkTypes


The following figure shows a bridge configuration. Two interfaces, net0 and videoagg0, areconfigured as a bridge, bridge0. Packets that are received on one are forwarded to the other.After bridge configuration, both interfaces can still be used to configure VLANs and IPinterfaces.

FIGURE 13 Bridges in theNetwork Stack

sales0 vnic0

bridge0

IP Layer

net0 videoagg0

net1 net2

VLAN

Aggregation

Data-link Layer(dladm show-link)

nxge1 e1000g0 bge1DeviceInstance (dlp)

nxge e1000g bge

Hardware

Software

Device Layer(dladm show-phys -o)

Administration of Other LinkTypes


Network Auto-MagicNetwork Auto-Magic (NWAM) is a feature of Oracle Solaris that automates the basicnetwork configuration of your system. The topics that are covered in these chaptersdescribe components of the NWAMarchitecture and how these components worktogether to effect automated network configuration on your Oracle Solaris system.

This documentation primarily focuses on how tomanage your network configuration byusing the NWAMcommand-line utilities. Also described is basic information about howto use the NWAMgraphical user interface (GUI) to view andmonitor the status of yournetwork, as well as interact with NWAM from the desktop. Detailed instructions onmonitoring andmanaging your network configuration by using the NWAMGUI can befound in the online help.

P A R T I

33

Introduction to NWAM

TheNetwork Auto-Magic (NWAM) feature simplifies basic network configuration byautomatically addressing basic Ethernet andWiFi configurations, such as connecting to yourwired or wireless network at startup and displaying notifications about the status of yourcurrently active network connection from the desktop. NWAM is also designed to simplifysome of themore complex networking tasks, such as the creation andmanagement ofsystem-wide network profiles, for example, the configuration of naming services, IP Filter, andIP Security (IPsec), all of which are features of Oracle Solaris.

This chapter covers the following topics: What Is anNWAMConfiguration? on page 35 When to Use NWAM on page 38 How the NWAMConfigurationWorks on page 39 HowNWAMWorksWithOther Oracle Solaris Networking Technologies on page 40 Where to FindNetwork Configuration Tasks on page 42

This chapter is intended for users and system administrators who have an understanding ofbasic networking concepts, as well as some experiencemanaging network configuration byusing traditional networking tools and commands. If you are ready to use NWAM tomanageyour network configuration, skip to Chapter 4, NWAMProfile Configuration (Tasks).

For basic information about administering network interfaces in Oracle Solaris, see Part II,Datalink and Interface Configuration.

What Is anNWAMConfiguration?AnNWAMconfiguration consists of several components that work together to effect thenetwork configuration of a system in as automated of amanner as possible.With the primaryfocus onmobility, NWAM is capable of dynamically changing a system's configuration, inresponse to different network events, or at a user's request. NWAM includes dynamic

2C H A P T E R 2

35

capabilities that address any changes in network conditions, for example, if your wired networkinterface becomes unplugged, or if a newwireless network becomes available.

Network configuration throughNWAM ismade up of properties and their values that areassociated with several different types of profiles, which are also sometimes referred to asconfiguration objects.

These profiles and configuration objects include the following: NetworkConfiguration Profiles (NCPs)

AnNCP specifies the configuration of network links and interfaces. This profile is one of theprimary profile types that comprise anNWAMconfiguration. The second primary profiletype is the Location profile.The system always defines anNCP called the Automatic NCP. This NCP is activated in theabsence of input from the user. The Automatic NCP is created andmaintained by thesystem and cannot bemodified or removed.You can also create additional user-definedNCPs, as needed. For a complete description ofthe Automatic and user-definedNCPs, see Description of the Automatic andUser-DefinedNCPs on page 46.

NetworkConfigurationUnits (NCUs)NCUs are the individual configuration objects that contain all of the properties that makeup anNCP. TheNCP is essentially a container that stores the NCUs that define it. EachNCUcorrelates to an individual link or interface in the system. For a complete description of anNCU, see Description of anNCU on page 45.

LocationsThe Location profile is one of the two primary profile types that make up anNWAMconfiguration. The location specifies system-wide network configuration, for example, thenaming services, the domain, the IP Filter, and IPsec configuration. This informationconsists of a set of properties that apply to system-wide network configuration. There areboth system-defined and user-defined locations. For a complete description of the Locationprofile, see Description of a Location Profile on page 46.

External NetworkModifiers (ENMs)ENMs are profiles that are used tomanage applications that are external to NWAM, forexample the VPN application. These applications canmodify and create networkconfiguration. The nwamd daemon activates or deactivates an ENM, depending onconditions that are specified as a part of the ENM. For a complete description of an ENM,see Description of an ENM on page 47.

KnownWireless Local AreaNetworks (WLANs)KnownWLANs are configuration objects that NWAMuses tomonitor and storeinformation about wireless networks that are known to your system. NWAMmaintains alist of all such wireless networks, then refers to this list to determine the order in which

What Is anNWAMConfiguration?


connections to available wireless networks are attempted. For a complete description ofknownWLANs, see About KnownWLANs on page 48.

NWAMFunctional ComponentsNWAMconsists of the following functional components: NWAMprofile repository The profile repository is where the NWAMconfiguration data

is stored. Access to the profile repository is managed by the repository daemon, netcfgd.The NWAMprofile repository includes a snapshot of your network configuration whenNWAM is enabled. This data is preserved, in the event that you need to revert tomanualconfiguration of your network. Formore information, see NWAMConfigurationData onpage 49.

Profile configuration programs (user interfaces) TheNWAMarchitecture includes botha command-line interface (CLI) and a graphical user interface (GUI). These interfaces canbe used to perform similar tasks, such as creating andmodifying profiles, activating profiles,and querying the system for information about profiles.The NWAMCLI consists of two administrative commands, netcfg and netadm. Thenetcfg command enables you to create andmodify profiles. This command operates ininteractivemode, command-linemode, and command-filemode. The netadm commandenables you to perform certain actions, for example, enabling or disabling a profile andlisting information about profile states. Formore information, see the netcfg(1M) andnetadm(1M)man pages.For step-by-step instructions on creating andmanaging profiles by using the NWAMCLI,see Chapter 4, NWAMProfile Configuration (Tasks), and Chapter 5, NWAMProfileAdministration (Tasks).The NWAMGUI can also be used to create andmanage network profiles. The GUI hasadditional functionality that enables you to quickly view andmonitor the status of networkconnections from the desktop. The GUI also has a notification feature that alerts you aboutchanges in the current status of your network. The notification feature is only available inthe GUI. To find aboutmore about using the NWAMGUI, see Chapter 6, About theNWAMGraphical User Interface, or refer to the online help. See also the nwammgr(1M) andthe nwammgr-properties(1M)man pages.

Policy engine daemon The nwamd daemon is the policy component of NWAM. Thisdaemon functions inmultiple roles andmanages your network configuration based on theprofiles that are stored in the profile repository. The daemon determines which profileshould be activated, depending on current network conditions, and then activates thatprofile. To accomplish this task, the daemon integrates information frommultiple sources.Themultiple roles that the nwamd daemon fulfills are described in detail in the section,Overview of the NWAMDaemons on page 65.

What Is anNWAMConfiguration?

Chapter 2 Introduction to NWAM 37

Repository daemon The netcfgd daemon controls the common profile repository thatstores all of the configuration data for profiles and other configuration objects. The netcfgcommand, the NWAMGUI, and the nwamd daemon all interact with the netcfgd daemonby sending requests to access the profile repository. The repository daemon's job is to verifywhether the various processes that are attempting to access the repository data have thecorrect authorizations. The daemon prohibits (fails) any access attempts by unauthorizedprocesses. Formore information, see Description of the NWAMRepository Daemon(netcfgd) on page 66.

NWAM library interface The libnwam library provides a functional interface to interactwith the profile repository, thereby enabling information about profiles to be read andmodified byNWAM.

ServiceManagement Facility (SMF) network services Several network services thatNWAMuses are already a part of Oracle Solaris. However, some of these existing serviceshave beenmodified, and new services that are specific to NWAM, have been introduced. Formore information, see SMFNetwork Services on page 67.

When toUseNWAMTypically, if you change work environments and connectionmethods often (wired or wireless),you will want to take advantage of the automated network configuration capabilities ofNWAM. You can use NWAM to set up user-defined profiles that enable you to connect tonetworks in a variety of settings, for example, the office, at home, or on the road. NWAM is avaluable tool for users of laptopmodels and systems that require frequent changes in networkenvironments. In addition, the NWAMGUImakes the setting up of static IP configurationsand connections toWiFi networksmuch easier than traditional networking tools andcommands.

NWAMcan be configured to adapt to changes in your network environment, such as loss ofEthernet connectivity or the addition or removal of a network interface card (NIC).

Note Youmight choose to configure your networkmanually, for example, if you are usingadvanced networking features that are not currently supported byNWAM. Formoreinformation, see Managing Network Configuration on page 104.

When toUseNWAM


How theNWAMConfigurationWorksNWAM's default behavior is to perform basic configuration of your wired or wireless networkautomagically, without any user interaction. The only time you are required to interact withNWAM is if you are prompted by the system formore information, for example, to provide asecurity key or password for a wireless network.

The automatedNWAMconfiguration is triggered by the following events and activities: Connecting or disconnecting an Ethernet cable Connecting or disconnecting aWLAN card Booting a systemwhen a wired interface, a wireless interface, or both, is available Resuming from suspend when a wired interface, a wireless interface, or both, is available (if

supported) Acquiring or losing a DHCP lease

TheNWAMcomponents interact with each other in the followingmanner: At all times, one NCP and one Location profilemust be active on the system. During a system boot, the policy engine daemon, nwamd, performs the following actions:

1. Consults the servic

821-1458

Documents

Transcript of 821-1458