How to Get Started Configuring Your Network in Oracle Solaris 11

by Andrew Walton

This article describes some of the new features for basic Oracle Solaris 11 network configuration and shows
how to use them to add a new system to a simple but typical corporate network.


Published May 2012

New Features of Oracle Solaris 11 Network Configuration
Manual and Automatic Networking Modes
Manual Network Configuration
   Name Service Configuration Using SMF
   Setting the Host Name
   Changes to /etc/hosts
Automatic Network Configuration Using Profiles
   Network Profiles
   Creating a Network Configuration Profile
Summary
See Also
About the Author

 

The Oracle Solaris 11 network architecture is significantly different from previous releases of Oracle Solaris. Not only has the implementation changed, but so have the names of network interfaces and the commands and methods for administering and configuring them.

OTN is all about helping you become familiar enough with Oracle technologies to make an informed decision. Articles, software downloads, documentation, and more. Join up and get the technical resources you need to do your job.

These changes were introduced to bring a more consistent and integrated experience to network administration, particularly as administrators add more-complex configurations including link aggregation, bridging, load balancing, or virtual networks. In addition to the traditional fixed networking configuration, Oracle Solaris 11 introduced automatic network configuration through network profiles.

New Features of Oracle Solaris 11 Network Configuration

Oracle Solaris 11 introduced two new commands for manually administering networks, dladm and ipadm, and both supersede ifconfig. Unlike ifconfig, changes made by dladm and ipadm are persistent across reboots. They share a common, consistent command format and, unlike ifconfig, they have parseable output that can be used in scripts.

dladm performs data-link (layer 2) administration to configure physical links, aggregations, VLANs, IP tunnels, and InfiniBand partitions. It also manages link-layer properties.

ipadm configures IP interfaces, IP addresses, and TCP/IP protocol properties. It also replaces the use of ndd for network and transport layer tuning.

Data-link names are no longer the same as the physical interface, which might be a virtual device. Instead, they have generic names, such as net0 or net1, or administrators can give them descriptive names. This allows the underlying hardware to be changed without impacting the network configuration.

In addition, Oracle Solaris 11 adds automatic network configuration using network profiles. Profiles are managed with two administrative commands—netadm and netcfg—and describe the configuration of network interfaces, name services, routing, and IP filter and IPsec policies in a single entity.

Manual and Automatic Networking Modes

Oracle Solaris 11 uses profile-based network configuration, which comprises two network configuration modes: manual and automatic.

Depending on which mode you chose during installation, either the DefaultFixed network configuration profile (NCP) or the Automatic NCP is activated on the system.

The Automatic NCP uses DHCP to obtain a basic network configuration (IP address, router, and DNS server) from any of the connected Ethernet interfaces. If this fails, it will try connecting to the best wireless network in the list of known networks.

The DefaultFixed NCP effectively disables automatic network configuration and requires the network interfaces to be manually configured using dladm and ipadm and the name services to be configured using the Oracle Solaris Service Management Facility (SMF).

It is easier to manage Oracle Solaris 11 networking by creating your own NCPs rather than using the DefaultFixed NCP and manually configuring the network.

The DefaultFixed NCP should be used on systems that will be reconfigured using Oracle Solaris Dynamic Reconfiguration or where hot-swappable interfaces are used. It must be used for IP multipathing, which is not supported when using the Automatic NCP.

You can use netadm to find out what network profiles are active on a system:

root@solaris:~# netadm list
TYPE       PROFILE     STATE
ncp        Automatic   online
ncu:phys   net0        online
ncu:ip     net0        online
loc        Automatic   online
loc        NoNet       offline
loc        User        online

Without going into too much detail now (we will cover this in a later section), the output above shows that the Automatic NCP is enabled.

To switch to the DefaultFixed NCP and, thus, enable manual networking, run the following command:

root@solaris:~# netadm enable -p ncp DefaultFixed
root@solaris:~# netadm list
netadm: DefaultFixed NCP is enabled; automatic network management is not available.
'netadm list' is only supported when automatic network management is active.

And to switch back to the Automatic NCP, use the following command:

root@solaris:~# netadm enable -p ncp Automatic
root@solaris:~# netadm list
TYPE       PROFILE     STATE
ncp        Automatic   uninitialized
ncu:phys   net0        uninitialized
ncu:ip     net0        uninitialized
loc        Automatic   uninitialized

As the system starts to configure the data links and receives an IP address from the DHCP server, we soon get back to our original online state:

root@solaris:~# netadm list
TYPE       PROFILE     STATE
ncp        Automatic   online
ncu:phys   net0        online
ncu:ip     net0        online
loc        Automatic   online
loc        NoNet       offline
loc        User        online

Manual Network Configuration

In the following example, we will manually configure our server to have a static IPv4 address of 10.163.198.20.

First of all, we will switch to the DefaultFixed NCP, if that hasn't been done already:

root@solaris:~# netadm enable -p ncp DefaultFixed

On a machine with multiple physical networks, you can use dladm to determine how network interface names are mapped to physical interfaces.

root@solaris:~# dladm show-phys
LINK              MEDIA                STATE      SPEED  DUPLEX    DEVICE
net0              Ethernet             up         1000   full      e1000g0
net1              Ethernet             unknown    0      unknown   pcn0

Creating a static IP address is a two-step process, and it involves creating an IP interface and an IP address. There can be multiple IP addresses associated with an IP interface. IP address objects have names in the form interface/description.

In the example shown in Listing 1, we use acme as the description.

root@solaris:~# ipadm create-ip net0
root@solaris:~# ipadm show-if
IFNAME     CLASS      STATE      ACTIVE      OVER
lo0        loopback   ok         yes         ---
net0       ip         down       no          ---
root@solaris:~# ipadm create-addr -T static -a 10.163.198.20/24 net0/acme
root@solaris:~# ipadm show-if
IFNAME      CLASS     STATE      ACTIVE      OVER
lo0         loopback  ok         yes         ---
net0        ip        ok         yes         ---
root@solaris:~# ipadm show-addr
ADDROBJ     TYPE      STATIC     ADDR
lo0/v4      static    ok         127.0.0.1/8
net0/acme   static    ok         10.163.198.20/24
lo0/v6      static    ok         ::1/128

Listing 1. Configuring a Static IP Address

We can then add a persistent default route:

root@solaris:~# route -p add default 10.163.198.1
add net default: gateway 10.163.198.1
add persistent net default: gateway 10.163.198.1

Name Service Configuration Using SMF

The name service configuration is now stored and configured via SMF services instead of via configuration files in /etc. This change is part of a wider set of configuration changes in Oracle Solaris 11, which provides a greater degree of administrative auditability and control over system configuration, particularly during system updates.

The SMF service svc:/network/dns/client manages configuration information that used to be in /etc/resolv.conf. The SMF service svc:/system/name-service/switch manages configuration information that used to be in /etc/nsswitch.conf. In both cases, the configuration information is also stored in the legacy files for compatibility with other applications that might read them. You should not directly edit these legacy files. Changes made to properties are not reflected in the legacy files until the service is refreshed, restarted, or enabled.

Note: Specifying lists and strings as SMF properties requires quoting them or escaping parentheses and quotation marks to prevent the shell from interpreting them.

Example: Configuring a DNS Client Using SMF

In the following example, we configure Domain Name Service (DNS) using the svccfg command on the svc:/network/dns/client SMF service. This will give us the ability to look up IP addresses for host names and vice versa:

root@solaris:~# svccfg -s svc:/network/dns/client setprop \
config/search='("uk.acme.com" "us.acme.com" "acme.com")'

root@solaris:~# svccfg -s svc:/network/dns/client listprop config/search
config/search astring	"uk.acme.com" "us.acme.com" "acme.com"

root@solaris:~# svccfg -s svc:/network/dns/client setprop \
config/nameserver=net_address: '(10.167.162.20 10.167.162.36)'

root@solaris:~# svccfg -s svc:/network/dns/client listprop config/nameserver
config/nameserver net_address 10.167.162.20 10.167.162.36 

After we have made the configuration changes, we refresh the SMF service:

root@solaris:~# svcadm refresh svc:/network/dns/client 

It is not necessary to set the properties for every name service database. You can use the special property config/default to provide a default value. You can individually customize entries that can't use the default value.

Example: Configuring /etc/switch.conf Using SMF

In the following example, we use the name service switch mechanism to allow our system to search through the DNS, LDAP, NIS, or local file sources for naming information. We again use the svccfg command on the svc:/system/name-service/switch SMF service:

root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/default = "files nis" 
root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/host = "files dns nis" 
root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/password  = "files nis" 
root@solaris:~# svcadm refresh svc:/system/name-service/switch 

Note: The config/host property defines both the hosts and ipnodes entries in /etc/nsswitch.conf, while the config/password property defines the passwd entry. The remaining properties have the same name as their /etc/nsswitch.conf entries.

Setting the Host Name

In Oracle Solaris 11, /etc/nodename has been removed and replaced with the config/nodename property of the svc:/system/identity:node service.

To set the host name, we again use svccfg:

root@solaris:~# svccfg -s svc:/system/identity:node setprop config/nodename = astring: hostname
root@solaris:~# svcadm refresh svc:/system/identity:node
root@solaris:~# svcadm restart identity:node

Setting the host name this way will work for both automatic and manual network configurations.

Changes to /etc/hosts

In Oracle Solaris 11, the host's own entry in /etc/hosts is now the same as that of localhost. In previous versions of Oracle Solaris, this entry was associated with the first network interface.

root@solaris:~# cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1 solaris localhost 
127.0.0.1 solaris localhost loghost 

Note: Some application installers might fail due to changes in the /etc/hosts file. If you experience this, you might have to edit /etc/hosts directly.

Automatic Network Configuration Using Profiles

In Oracle Solaris 11, network profiles help to aggregate network configuration that was scattered across multiple different configuration files in previous versions of Oracle Solaris. Switching network profiles results in a set of changes to different network configuration that is applied in a single administrative operation.

The traditional configuration files still exist for compatibility reasons only, but you should not directly edit any of these files because any modifications will be overwritten when a profile is activated or the system is rebooted.

Network Profiles

A network profile contains a Network Configuration Profile (NCP) and a Location Profile at a minimum, and it optionally contains External Network Modifiers (ENMs) and Known Wireless Networks (WLANs).

NCPs define a set of data links and IP interfaces as Network Configuration Units (NCUs). A Location Profile defines additional configuration, such as name service, IP filter rules, and IPsec policies that can be configured only after basic IP configuration.

ENMs are applications or services that directly modify the network configuration when a profile is activated or deactivated. An ENM would be needed to configure a virtual private network (VPN), for example. The use of ENMs or the configuration of wireless networks is not covered in this article.

Profiles have an activation mode that is either manual or automatic. When an automatic profile is active, external network events cause Oracle Solaris to re-evaluate which is the "best" automatic profile and make that profile active. External events include connecting or disconnecting an Ethernet cable, obtaining or losing a DHCP lease, or discovering a wireless network. There is always an active NCP and Location Profile. It is not possible to disable networking by disabling the current profile.

Creating a Network Configuration Profile

Without modification, the Automatic profile is generally unsuitable for most corporate networks, which are either static or provide more configuration information via DHCP than the Automatic profiles uses.

If your network has statically allocated IP address, you will need to create an NCP and a Location Profile.

In this example, we look at a typical corporate network of a fictional Acme corporation. It has statically allocated network addresses, uses a combination of NIS and DNS, and does not use IPv6.

To configure a system on the Acme network, we need to create an NCP and a Location Profile.

Example: Creating an NCP

To create the NCP and its component NCUs, we use netcfg. For the physical link, we accept the defaults provided by netcfg. For the IP configuration, we want IPv4 addressing and static IP address allocation, as shown in Listing 2.

root@solaris:~# netcfg
netcfg> create ncp acme.corp.ncp
netcfg:ncp:acme.corp.ncp> create ncu phys net0
Created ncu 'net0'.  Walking properties ...
activation-mode (manual) [manual|prioritized]> 
link-mac-addr> 
link-autopush> 
link-mtu> 
netcfg:ncp:acme.corp.ncp:ncu:net0> list
ncu:net0
    type               link
    class              phys
    parent             "acme.corp.ncp"
    activation-mode    manual
    enabled            true
netcfg:ncp:acme.corp.ncp:ncu:net0> end
Committed changes
netcfg:ncp:acme.corp.ncp> create ncu ip net0
Created ncu 'net0'.  Walking properties ...
ip-version (ipv4,ipv6) [ipv4|ipv6]> ipv4
ipv4-addrsrc (dhcp) [dhcp|static]> static
ipv4-addr> 10.163.198.20/24
ipv4-default-route> 10.163.198.1
netcfg:ncp:acme.corp.ncp:ncu:net0> list
ncu:net0
    type                interface
    class               ip
    parent              "acme.corp.ncp"
    enabled             true
    ip-version          ipv4
    ipv4-addrsrc        static
    ipv4-addr           "10.163.198.20/24"
    ipv4-default-route  "10.163.198.1"
    ipv6-addrsrc        dhcp,autoconf
netcfg:ncp:acme.corp.ncp:ncu:net0> end
Committed changes
netcfg:ncp:acme.corp.ncp> end
netcfg> end

Listing 2. Creating the NCP

Now we need to create the Location Profile, as shown in Listing 3. We associate the Location Profile to the network profile through its activation mode. The Location Profile will automatically activate as long as the NCP is active.

Since Acme uses a combination of NIS and DNS name services, we need to provide our own /etc/nsswitch.conf, which we will call /etc/nsswitch.acme.

root@solaris:~# netcfg
netcfg> create loc acme.corp.loc
Created loc 'acme.corp.loc'.  Walking properties ...
activation-mode (manual) [manual|conditional-any|conditional-all]> conditional-all
conditions> ncp acme.corp.ncp is active
nameservices (dns) [dns|files|nis|ldap]> dns,nis
nameservices-config-file ("/etc/nsswitch.dns")> /etc/nsswitch.acme
dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual
dns-nameservice-domain> 
dns-nameservice-servers> 10.167.162.20,10.167.162.36
dns-nameservice-search> acme.com,uk.acme.com,us.acme.com
dns-nameservice-sortlist> 
dns-nameservice-options> 
nis-nameservice-configsrc [manual|dhcp]> manual
nis-nameservice-servers> 10.167.162.21
default-domain> acme.com
nfsv4-domain> 
ipfilter-config-file> 
ipfilter-v6-config-file> 
ipnat-config-file> 
ippool-config-file> 
ike-config-file> 
ipsecpolicy-config-file> 
netcfg:loc:acme.corp.loc> list
loc:acme.corp.loc
    activation-mode             conditional-all
    conditions                  "ncp acme.corp.ncp is active"
    enabled                     false
    nameservices                dns,nis
    nameservices-config-file    "/etc/nsswitch.acme"
    dns-nameservice-configsrc   manual
    dns-nameservice-servers     "10.167.162.20","10.167.162.36"
    dns-nameservice-search      "acme.com","uk.acme.com","us.acme.com"
    nis-nameservice-configsrc   manual
    nis-nameservice-servers     "10.167.162.21"
    default-domain              "acme.com"
netcfg:loc:acme.corp.loc> end
Committed changes
netcfg> end

Listing 3. Creating the Location Profile

Now we can activate the NCP, as shown in Listing 4, and the Location Profile will be automatically activated.

root@solaris:~# netadm enable acme.corp.ncp
Enabling ncp 'acme.corp.ncp'
root@solaris:~# netadm list
TYPE        PROFILE        STATE
ncp         acme.corp.ncp  online
ncu:phys    net0           online
ncu:ip      net0           online
ncp         Automatic      disabled
loc         acme.corp.loc  online
loc         Automatic      offline
loc         NoNet          offline
loc         User           disabled

Listing 4. Activating the NCP

Editing an NCP

There are two ways to edit an existing NCP with netcfg. The set command lets you set individual properties, while the walkprop command walks you through all the properties.

netcfg automatically performs a walkprop command when you create a profile.

In example shown in Listing 5, we add a third DNS server to the existing acme.corp.loc Location Profile.

root@solaris:~# netcfg
netcfg> select loc acme.corp.loc 
netcfg:loc:acme.corp.loc> list 
loc:acme.corp.loc 
    activation-mode             conditional-all 
    conditions                  "ncp acme.corp.ncp is active" 
    enabled                     false 
    nameservices                dns,nis 
    nameservices-config-file    "/etc/nsswitch.acme" 
    dns-nameservice-configsrc   manual 
    dns-nameservice-servers     "10.167.162.20","10.167.162.36" 
    dns-nameservice-search      "acme.com", "uk.acme.com","us.acme.com"
    nis-nameservice-configsrc   manual
    nis-nameservice-servers     "10.167.162.21"
    default-domain              "acme.com" 
netcfg:loc:acme.corp.loc>

Listing 5. Adding a DNS Server

The list command shows only properties that have been set; list -a shows all the properties of the profile, as shown in Listing 6.

netcfg:loc:acme.corp.loc> list -a
loc:acme.corp.loc 
    activation-mode             conditional-all 
    conditions                  "ncp acme.corp.ncp is active" 
    enabled                     false 
    nameservices                dns,nis 
    nameservices-config-file    "/etc/nsswitch.acme" 
    dns-nameservice-configsrc   manual
    dns-nameservice-domain 
    dns-nameservice-servers     "10.167.162.20","10.167.162.36" 
    dns-nameservice-search      "acme.com", uk.acme.com","us.acme.com"
    dns-nameservice-sortlist
    dns-nameservice-options
    nis-nameservice-configsrc   manual
    nis-nameservice-servers     "10.167.162.21"
    ldap-nameservice-configsrc
    ldap-nameservice-servers
    default-domain              "acme.com"
    nfsv4-domain
    ipfilter-config-file
    ipfilter-v6-config-file
    ipnat-config-file
    ippool-config-file
    ike-config-file
    ipsecpolicy-config-file
netcfg:loc:acme.corp.loc>

netcfg:loc:acme.corp.loc> set dns-nameservice-servers = "10.167.162.20","10.167.162.36","192.135.82.44" 
netcfg:loc:acme.corp.loc> list 
loc:acme.corp.loc 
    activation-mode             conditional-all 
    conditions                  "ncp acme.corp.ncp is active" 
    enabled                     false 
    nameservices                dns,nis 
    nameservices-config-file    "/etc/nsswitch.dns" 
    dns-nameservice-configsrc   manual 
    dns-nameservice-servers     "10.167.162.20","10.167.162.36","192.135.82.44" 
    dns-nameservice-search      "acme.com", uk.acme.com","us.acme.com"
    nis-nameservice-configsrc   manual
    nis-nameservice-servers     "10.167.162.21"
netcfg:loc:acme.corp.loc> verify 
All properties verified 
netcfg:loc:acme.corp.loc> commit 
Committed changes 
netcfg:loc:acme.corp.loc> end 
netcfg> end 
root@solaris:~#

Listing 6. Showing All Properties

Summary

Network configuration has substantially changed in Oracle Solaris 11 with the introduction of network configuration profiles and consolidated administration across the different facets of networking fabrics in the data center. By using network configuration profiles, administrators can simplify complex configurations and apply them as a single unit of change.

See Also

For more information related to Oracle Solaris 11 network administration, see the following administration guides:

Here are some additional Oracle Solaris 11 resources:

About the Author

Andrew Walton is a senior engineer in the ISV group at Oracle and has over 20 years experience in the UNIX industry working at Silicon Graphics, Sun, and Oracle. He specializes in application performance tuning and porting C and C++ code.

Revision 1.0, 05/16/2012

See sysadmin-related content for all Oracle technologies by following OTN Systems on Facebook and Twitter.