How to Get Started Configuring Your Network in Oracle Solaris 11
by Andrew Walton
Published May 2012
This article describes some of the new features for basic Oracle Solaris 11 network configuration and shows how to use them to add a new system to a simple but typical corporate network.
The Oracle Solaris 11 network architecture is significantly different from previous releases of Oracle Solaris. Not only has the implementation changed, but so have the names of network interfaces and the commands and methods for administering and configuring them.
OTN is all about helping you become familiar enough with Oracle technologies to make an informed decision. Articles, software downloads, documentation, and more. Join up and get the technical resources you need to do your job.
These changes were introduced to bring a more consistent and integrated experience to network administration, particularly as administrators add more-complex configurations including link aggregation, bridging, load balancing, or virtual networks. In addition to the traditional fixed networking configuration, Oracle Solaris 11 introduced automatic network configuration through network profiles.
Oracle Solaris 11 introduced two new commands for manually administering networks,
ipadm, and both supersede
ifconfig, changes made by
ipadm are persistent across reboots. They share a common, consistent command format and, unlike
ifconfig, they have parseable output that can be used in scripts.
dladm performs data-link (layer 2) administration to configure physical links, aggregations, VLANs, IP tunnels, and InfiniBand partitions. It also manages link-layer properties.
ipadm configures IP interfaces, IP addresses, and TCP/IP protocol properties. It also replaces the use of
ndd for network and transport layer tuning.
Data-link names are no longer the same as the physical interface, which might be a virtual device. Instead, they have generic names, such as
net1, or administrators can give them descriptive names. This allows the underlying hardware to be changed without impacting the network configuration.
In addition, Oracle Solaris 11 adds automatic network configuration using network profiles. Profiles are managed with two administrative commands—
netcfg—and describe the configuration of network interfaces, name services, routing, and IP filter and IPsec policies in a single entity.
Oracle Solaris 11 uses profile-based network configuration, which comprises two network configuration modes: manual and automatic.
Depending on which mode you chose during installation, either the
DefaultFixed network configuration profile (NCP) or the
Automatic NCP is activated on the system.
Automatic NCP uses DHCP to obtain a basic network configuration (IP address, router, and DNS server) from any of the connected Ethernet interfaces. If this fails, it will try connecting to the best wireless network in the list of known networks.
DefaultFixed NCP effectively disables automatic network configuration and requires the network interfaces to be manually configured using
ipadm and the name services to be configured using the Oracle Solaris Service Management Facility (SMF).
It is easier to manage Oracle Solaris 11 networking by creating your own NCPs rather than using the
DefaultFixed NCP and manually configuring the network.
DefaultFixed NCP should be used on systems that will be reconfigured using Oracle Solaris Dynamic Reconfiguration or where hot-swappable interfaces are used. It must be used for IP multipathing, which is not supported when using the
You can use
netadm to find out what network profiles are active on a system:
root@solaris:~# netadm list TYPE PROFILE STATE ncp Automatic online ncu:phys net0 online ncu:ip net0 online loc Automatic online loc NoNet offline loc User online
Without going into too much detail now (we will cover this in a later section), the output above shows that the
Automatic NCP is enabled.
To switch to the
DefaultFixed NCP and, thus, enable manual networking, run the following command:
root@solaris:~# netadm enable -p ncp DefaultFixed root@solaris:~# netadm list netadm: DefaultFixed NCP is enabled; automatic network management is not available. 'netadm list' is only supported when automatic network management is active.
And to switch back to the
Automatic NCP, use the following command:
root@solaris:~# netadm enable -p ncp Automatic root@solaris:~# netadm list TYPE PROFILE STATE ncp Automatic uninitialized ncu:phys net0 uninitialized ncu:ip net0 uninitialized loc Automatic uninitialized
As the system starts to configure the data links and receives an IP address from the DHCP server, we soon get back to our original online state:
root@solaris:~# netadm list TYPE PROFILE STATE ncp Automatic online ncu:phys net0 online ncu:ip net0 online loc Automatic online loc NoNet offline loc User online
In the following example, we will manually configure our server to have a static IPv4 address of 10.163.198.20.
First of all, we will switch to the
DefaultFixed NCP, if that hasn't been done already:
root@solaris:~# netadm enable -p ncp DefaultFixed
On a machine with multiple physical networks, you can use
dladm to determine how network interface names are mapped to physical interfaces.
root@solaris:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 1000 full e1000g0 net1 Ethernet unknown 0 unknown pcn0
Creating a static IP address is a two-step process, and it involves creating an IP interface and an IP address. There can be multiple IP addresses associated with an IP interface. IP address objects have names in the form interface/description.
In the example shown in Listing 1, we use
acme as the description.
root@solaris:~# ipadm create-ip net0 root@solaris:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes --- net0 ip down no --- root@solaris:~# ipadm create-addr -T static -a 10.163.198.20/24 net0/acme root@solaris:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes --- net0 ip ok yes --- root@solaris:~# ipadm show-addr ADDROBJ TYPE STATIC ADDR lo0/v4 static ok 127.0.0.1/8 net0/acme static ok 10.163.198.20/24 lo0/v6 static ok ::1/128
Listing 1. Configuring a Static IP Address
We can then add a persistent default route:
root@solaris:~# route -p add default 10.163.198.1 add net default: gateway 10.163.198.1 add persistent net default: gateway 10.163.198.1
The name service configuration is now stored and configured via SMF services instead of via configuration files in
/etc. This change is part of a wider set of configuration changes in Oracle Solaris 11, which provides a greater degree of administrative auditability and control over system configuration, particularly during system updates.
The SMF service
svc:/network/dns/client manages configuration information that used to be in
/etc/resolv.conf. The SMF service
svc:/system/name-service/switch manages configuration information that used to be in
/etc/nsswitch.conf. In both cases, the configuration information is also stored in the legacy files for compatibility with other applications that might read them. You should not directly edit these legacy files. Changes made to properties are not reflected in the legacy files until the service is refreshed, restarted, or enabled.
Note: Specifying lists and strings as SMF properties requires quoting them or escaping parentheses and quotation marks to prevent the shell from interpreting them.
Example: Configuring a DNS Client Using SMF
In the following example, we configure Domain Name Service (DNS) using the
svccfg command on the
svc:/network/dns/client SMF service. This will give us the ability to look up IP addresses for host names and vice versa:
root@solaris:~# svccfg -s svc:/network/dns/client setprop \ config/search='("uk.acme.com" "us.acme.com" "acme.com")' root@solaris:~# svccfg -s svc:/network/dns/client listprop config/search config/search astring "uk.acme.com" "us.acme.com" "acme.com" root@solaris:~# svccfg -s svc:/network/dns/client setprop \ config/nameserver=net_address: '(10.167.162.20 10.167.162.36)' root@solaris:~# svccfg -s svc:/network/dns/client listprop config/nameserver config/nameserver net_address 10.167.162.20 10.167.162.36
After we have made the configuration changes, we refresh the SMF service:
root@solaris:~# svcadm refresh svc:/network/dns/client
It is not necessary to set the properties for every name service database. You can use the special property
config/default to provide a default value. You can individually customize entries that can't use the default value.
/etc/switch.conf Using SMF
In the following example, we use the name service switch mechanism to allow our system to search through the DNS, LDAP, NIS, or local file sources for naming information. We again use the
svccfg command on the
svc:/system/name-service/switch SMF service:
root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/default = "files nis" root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/host = "files dns nis" root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/password = "files nis" root@solaris:~# svcadm refresh svc:/system/name-service/switch
config/host property defines both the
ipnodes entries in
/etc/nsswitch.conf, while the
config/password property defines the
passwd entry. The remaining properties have the same name as their
In Oracle Solaris 11,
/etc/nodename has been removed and replaced with the
config/nodename property of the
To set the host name, we again use
root@solaris:~# svccfg -s svc:/system/identity:node setprop config/nodename = astring: hostname root@solaris:~# svcadm refresh svc:/system/identity:node root@solaris:~# svcadm restart identity:node
Setting the host name this way will work for both automatic and manual network configurations.
In Oracle Solaris 11, the host's own entry in
/etc/hosts is now the same as that of
localhost. In previous versions of Oracle Solaris, this entry was associated with the first network interface.
root@solaris:~# cat /etc/hosts # # Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # Internet host table # ::1 solaris localhost 127.0.0.1 solaris localhost loghost
Note: Some application installers might fail due to changes in the
/etc/hosts file. If you experience this, you might have to edit
In Oracle Solaris 11, network profiles help to aggregate network configuration that was scattered across multiple different configuration files in previous versions of Oracle Solaris. Switching network profiles results in a set of changes to different network configuration that is applied in a single administrative operation.
The traditional configuration files still exist for compatibility reasons only, but you should not directly edit any of these files because any modifications will be overwritten when a profile is activated or the system is rebooted.
A network profile contains a Network Configuration Profile (NCP) and a Location Profile at a minimum, and it optionally contains External Network Modifiers (ENMs) and Known Wireless Networks (WLANs).
NCPs define a set of data links and IP interfaces as Network Configuration Units (NCUs). A Location Profile defines additional configuration, such as name service, IP filter rules, and IPsec policies that can be configured only after basic IP configuration.
ENMs are applications or services that directly modify the network configuration when a profile is activated or deactivated. An ENM would be needed to configure a virtual private network (VPN), for example. The use of ENMs or the configuration of wireless networks is not covered in this article.
Profiles have an activation mode that is either manual or automatic. When an automatic profile is active, external network events cause Oracle Solaris to re-evaluate which is the "best" automatic profile and make that profile active. External events include connecting or disconnecting an Ethernet cable, obtaining or losing a DHCP lease, or discovering a wireless network. There is always an active NCP and Location Profile. It is not possible to disable networking by disabling the current profile.
Without modification, the
Automatic profile is generally unsuitable for most corporate networks, which are either static or provide more configuration information via DHCP than the
Automatic profiles uses.
If your network has statically allocated IP address, you will need to create an NCP and a Location Profile.
In this example, we look at a typical corporate network of a fictional Acme corporation. It has statically allocated network addresses, uses a combination of NIS and DNS, and does not use IPv6.
To configure a system on the Acme network, we need to create an NCP and a Location Profile.
Example: Creating an NCP
To create the NCP and its component NCUs, we use
netcfg. For the physical link, we accept the defaults provided by
netcfg. For the IP configuration, we want IPv4 addressing and static IP address allocation, as shown in Listing 2.
root@solaris:~# netcfg netcfg> create ncp acme.corp.ncp netcfg:ncp:acme.corp.ncp> create ncu phys net0 Created ncu 'net0'. Walking properties ... activation-mode (manual) [manual|prioritized]> link-mac-addr> link-autopush> link-mtu> netcfg:ncp:acme.corp.ncp:ncu:net0> list ncu:net0 type link class phys parent "acme.corp.ncp" activation-mode manual enabled true netcfg:ncp:acme.corp.ncp:ncu:net0> end Committed changes netcfg:ncp:acme.corp.ncp> create ncu ip net0 Created ncu 'net0'. Walking properties ... ip-version (ipv4,ipv6) [ipv4|ipv6]> ipv4 ipv4-addrsrc (dhcp) [dhcp|static]> static ipv4-addr> 10.163.198.20/24 ipv4-default-route> 10.163.198.1 netcfg:ncp:acme.corp.ncp:ncu:net0> list ncu:net0 type interface class ip parent "acme.corp.ncp" enabled true ip-version ipv4 ipv4-addrsrc static ipv4-addr "10.163.198.20/24" ipv4-default-route "10.163.198.1" ipv6-addrsrc dhcp,autoconf netcfg:ncp:acme.corp.ncp:ncu:net0> end Committed changes netcfg:ncp:acme.corp.ncp> end netcfg> end
Listing 2. Creating the NCP
Now we need to create the Location Profile, as shown in Listing 3. We associate the Location Profile to the network profile through its activation mode. The Location Profile will automatically activate as long as the NCP is active.
Since Acme uses a combination of NIS and DNS name services, we need to provide our own
/etc/nsswitch.conf, which we will call
root@solaris:~# netcfg netcfg> create loc acme.corp.loc Created loc 'acme.corp.loc'. Walking properties ... activation-mode (manual) [manual|conditional-any|conditional-all]> conditional-all conditions> ncp acme.corp.ncp is active nameservices (dns) [dns|files|nis|ldap]> dns,nis nameservices-config-file ("/etc/nsswitch.dns")> /etc/nsswitch.acme dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual dns-nameservice-domain> dns-nameservice-servers> 10.167.162.20,10.167.162.36 dns-nameservice-search> acme.com,uk.acme.com,us.acme.com dns-nameservice-sortlist> dns-nameservice-options> nis-nameservice-configsrc [manual|dhcp]> manual nis-nameservice-servers> 10.167.162.21 default-domain> acme.com nfsv4-domain> ipfilter-config-file> ipfilter-v6-config-file> ipnat-config-file> ippool-config-file> ike-config-file> ipsecpolicy-config-file> netcfg:loc:acme.corp.loc> list loc:acme.corp.loc activation-mode conditional-all conditions "ncp acme.corp.ncp is active" enabled false nameservices dns,nis nameservices-config-file "/etc/nsswitch.acme" dns-nameservice-configsrc manual dns-nameservice-servers "10.167.162.20","10.167.162.36" dns-nameservice-search "acme.com","uk.acme.com","us.acme.com" nis-nameservice-configsrc manual nis-nameservice-servers "10.167.162.21" default-domain "acme.com" netcfg:loc:acme.corp.loc> end Committed changes netcfg> end
Listing 3. Creating the Location Profile
Now we can activate the NCP, as shown in Listing 4, and the Location Profile will be automatically activated.
root@solaris:~# netadm enable acme.corp.ncp Enabling ncp 'acme.corp.ncp' root@solaris:~# netadm list TYPE PROFILE STATE ncp acme.corp.ncp online ncu:phys net0 online ncu:ip net0 online ncp Automatic disabled loc acme.corp.loc online loc Automatic offline loc NoNet offline loc User disabled
Listing 4. Activating the NCP
Editing an NCP
There are two ways to edit an existing NCP with
set command lets you set individual properties, while the
walkprop command walks you through all the properties.
netcfg automatically performs a
walkprop command when you create a profile.
In example shown in Listing 5, we add a third DNS server to the existing
acme.corp.loc Location Profile.
root@solaris:~# netcfg netcfg> select loc acme.corp.loc netcfg:loc:acme.corp.loc> list loc:acme.corp.loc activation-mode conditional-all conditions "ncp acme.corp.ncp is active" enabled false nameservices dns,nis nameservices-config-file "/etc/nsswitch.acme" dns-nameservice-configsrc manual dns-nameservice-servers "10.167.162.20","10.167.162.36" dns-nameservice-search "acme.com", "uk.acme.com","us.acme.com" nis-nameservice-configsrc manual nis-nameservice-servers "10.167.162.21" default-domain "acme.com" netcfg:loc:acme.corp.loc>
Listing 5. Adding a DNS Server
list command shows only properties that have been set;
list -a shows all the properties of the profile, as shown in Listing 6.
netcfg:loc:acme.corp.loc> list -a loc:acme.corp.loc activation-mode conditional-all conditions "ncp acme.corp.ncp is active" enabled false nameservices dns,nis nameservices-config-file "/etc/nsswitch.acme" dns-nameservice-configsrc manual dns-nameservice-domain dns-nameservice-servers "10.167.162.20","10.167.162.36" dns-nameservice-search "acme.com", uk.acme.com","us.acme.com" dns-nameservice-sortlist dns-nameservice-options nis-nameservice-configsrc manual nis-nameservice-servers "10.167.162.21" ldap-nameservice-configsrc ldap-nameservice-servers default-domain "acme.com" nfsv4-domain ipfilter-config-file ipfilter-v6-config-file ipnat-config-file ippool-config-file ike-config-file ipsecpolicy-config-file netcfg:loc:acme.corp.loc> netcfg:loc:acme.corp.loc> set dns-nameservice-servers = "10.167.162.20","10.167.162.36","18.104.22.168" netcfg:loc:acme.corp.loc> list loc:acme.corp.loc activation-mode conditional-all conditions "ncp acme.corp.ncp is active" enabled false nameservices dns,nis nameservices-config-file "/etc/nsswitch.dns" dns-nameservice-configsrc manual dns-nameservice-servers "10.167.162.20","10.167.162.36","22.214.171.124" dns-nameservice-search "acme.com", uk.acme.com","us.acme.com" nis-nameservice-configsrc manual nis-nameservice-servers "10.167.162.21" netcfg:loc:acme.corp.loc> verify All properties verified netcfg:loc:acme.corp.loc> commit Committed changes netcfg:loc:acme.corp.loc> end netcfg> end root@solaris:~#
Listing 6. Showing All Properties
Network configuration has substantially changed in Oracle Solaris 11 with the introduction of network configuration profiles and consolidated administration across the different facets of networking fabrics in the data center. By using network configuration profiles, administrators can simplify complex configurations and apply them as a single unit of change.
For more information related to Oracle Solaris 11 network administration, see the following administration guides:
Here are some additional Oracle Solaris 11 resources:
Download Oracle Solaris 11
Access all Oracle Solaris 11 how-to articles
Learn more with Oracle Solaris 11 training and support
See the official Oracle Solaris blog
Andrew Walton is a senior engineer in the ISV group at Oracle and has over 20 years experience in the UNIX industry working at Silicon Graphics, Sun, and Oracle. He specializes in application performance tuning and porting C and C++ code.
Revision 1.0, 05/16/2012