How to Get Started Configuring Your Network in Oracle Solaris 11
by Andrew Walton
Published May 2012
This article describes some of the new features for basic Oracle Solaris 11 network configuration and shows how to use them to add a new system to a simple but typical corporate network.
The Oracle Solaris 11 network architecture is significantly different from previous releases of Oracle Solaris. Not only has the implementation changed, but so have the names of network interfaces and the commands and methods for administering and configuring them.
OTN is all about helping you become familiar enough with Oracle technologies to make an informed decision. Articles, software downloads, documentation, and more. Join up and get the technical resources you need to do your job.
These changes were introduced to bring a more consistent and integrated experience to network administration, particularly as administrators add more-complex configurations including link aggregation, bridging, load balancing, or virtual networks. In addition to the traditional fixed networking configuration, Oracle Solaris 11 introduced automatic network configuration through network profiles.
New Features of Oracle Solaris 11 Network Configuration
Oracle Solaris 11 introduced two new commands for manually administering networks, dladm
and ipadm
, and both supersede ifconfig
. Unlike ifconfig
, changes made by dladm
and ipadm
are persistent across reboots. They share a common, consistent command format and, unlike ifconfig
, they have parseable output that can be used in scripts.
dladm
performs data-link (layer 2) administration to configure physical links, aggregations, VLANs, IP tunnels, and InfiniBand partitions. It also manages link-layer properties.
ipadm
configures IP interfaces, IP addresses, and TCP/IP protocol properties. It also replaces the use of ndd
for network and transport layer tuning.
Data-link names are no longer the same as the physical interface, which might be a virtual device. Instead, they have generic names, such as net0
or net1
, or administrators can give them descriptive names. This allows the underlying hardware to be changed without impacting the network configuration.
In addition, Oracle Solaris 11 adds automatic network configuration using network profiles. Profiles are managed with two administrative commands—netadm
and netcfg
—and describe the configuration of network interfaces, name services, routing, and IP filter and IPsec policies in a single entity.
Manual and Automatic Networking Modes
Oracle Solaris 11 uses profile-based network configuration, which comprises two network configuration modes: manual and automatic.
Depending on which mode you chose during installation, either the DefaultFixed
network configuration profile (NCP) or the Automatic
NCP is activated on the system.
The Automatic
NCP uses DHCP to obtain a basic network configuration (IP address, router, and DNS server) from any of the connected Ethernet interfaces. If this fails, it will try connecting to the best wireless network in the list of known networks.
The DefaultFixed
NCP effectively disables automatic network configuration and requires the network interfaces to be manually configured using dladm
and ipadm
and the name services to be configured using the Oracle Solaris Service Management Facility (SMF).
It is easier to manage Oracle Solaris 11 networking by creating your own NCPs rather than using the DefaultFixed
NCP and manually configuring the network.
The DefaultFixed
NCP should be used on systems that will be reconfigured using Oracle Solaris Dynamic Reconfiguration or where hot-swappable interfaces are used. It must be used for IP multipathing, which is not supported when using the Automatic
NCP.
You can use netadm
to find out what network profiles are active on a system:
root@solaris:~# netadm list
TYPE PROFILE STATE
ncp Automatic online
ncu:phys net0 online
ncu:ip net0 online
loc Automatic online
loc NoNet offline
loc User online
Without going into too much detail now (we will cover this in a later section), the output above shows that the Automatic
NCP is enabled.
To switch to the DefaultFixed
NCP and, thus, enable manual networking, run the following command:
root@solaris:~# netadm enable -p ncp DefaultFixed
root@solaris:~# netadm list
netadm: DefaultFixed NCP is enabled; automatic network management is not available.
'netadm list' is only supported when automatic network management is active.
And to switch back to the Automatic
NCP, use the following command:
root@solaris:~# netadm enable -p ncp Automatic
root@solaris:~# netadm list
TYPE PROFILE STATE
ncp Automatic uninitialized
ncu:phys net0 uninitialized
ncu:ip net0 uninitialized
loc Automatic uninitialized
As the system starts to configure the data links and receives an IP address from the DHCP server, we soon get back to our original online state:
root@solaris:~# netadm list
TYPE PROFILE STATE
ncp Automatic online
ncu:phys net0 online
ncu:ip net0 online
loc Automatic online
loc NoNet offline
loc User online
Manual Network Configuration
In the following example, we will manually configure our server to have a static IPv4 address of 10.163.198.20.
First of all, we will switch to the DefaultFixed
NCP, if that hasn't been done already:
root@solaris:~# netadm enable -p ncp DefaultFixed
On a machine with multiple physical networks, you can use dladm
to determine how network interface names are mapped to physical interfaces.
root@solaris:~# dladm show-phys
LINK MEDIA STATE SPEED DUPLEX DEVICE
net0 Ethernet up 1000 full e1000g0
net1 Ethernet unknown 0 unknown pcn0
Creating a static IP address is a two-step process, and it involves creating an IP interface and an IP address. There can be multiple IP addresses associated with an IP interface. IP address objects have names in the form interface/description.
In the example shown in Listing 1, we use acme
as the description.
root@solaris:~# ipadm create-ip net0
root@solaris:~# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes ---
net0 ip down no ---
root@solaris:~# ipadm create-addr -T static -a 10.163.198.20/24 net0/acme
root@solaris:~# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes ---
net0 ip ok yes ---
root@solaris:~# ipadm show-addr
ADDROBJ TYPE STATIC ADDR
lo0/v4 static ok 127.0.0.1/8
net0/acme static ok 10.163.198.20/24
lo0/v6 static ok ::1/128
Listing 1. Configuring a Static IP Address
We can then add a persistent default route:
root@solaris:~# route -p add default 10.163.198.1
add net default: gateway 10.163.198.1
add persistent net default: gateway 10.163.198.1
Name Service Configuration Using SMF
The name service configuration is now stored and configured via SMF services instead of via configuration files in /etc
. This change is part of a wider set of configuration changes in Oracle Solaris 11, which provides a greater degree of administrative auditability and control over system configuration, particularly during system updates.
The SMF service svc:/network/dns/client
manages configuration information that used to be in /etc/resolv.conf
. The SMF service svc:/system/name-service/switch
manages configuration information that used to be in /etc/nsswitch.conf
. In both cases, the configuration information is also stored in the legacy files for compatibility with other applications that might read them. You should not directly edit these legacy files. Changes made to properties are not reflected in the legacy files until the service is refreshed, restarted, or enabled.
Note: Specifying lists and strings as SMF properties requires quoting them or escaping parentheses and quotation marks to prevent the shell from interpreting them.
Example: Configuring a DNS Client Using SMF
In the following example, we configure Domain Name Service (DNS) using the svccfg
command on the svc:/network/dns/client
SMF service. This will give us the ability to look up IP addresses for host names and vice versa:
root@solaris:~# svccfg -s svc:/network/dns/client setprop \
config/search='("uk.acme.com" "us.acme.com" "acme.com")'
root@solaris:~# svccfg -s svc:/network/dns/client listprop config/search
config/search astring "uk.acme.com" "us.acme.com" "acme.com"
root@solaris:~# svccfg -s svc:/network/dns/client setprop \
config/nameserver=net_address: '(10.167.162.20 10.167.162.36)'
root@solaris:~# svccfg -s svc:/network/dns/client listprop config/nameserver
config/nameserver net_address 10.167.162.20 10.167.162.36
After we have made the configuration changes, we refresh the SMF service:
root@solaris:~# svcadm refresh svc:/network/dns/client
It is not necessary to set the properties for every name service database. You can use the special property config/default
to provide a default value. You can individually customize entries that can't use the default value.
Example: Configuring /etc/switch.conf
Using SMF
In the following example, we use the name service switch mechanism to allow our system to search through the DNS, LDAP, NIS, or local file sources for naming information. We again use the svccfg
command on the svc:/system/name-service/switch
SMF service:
root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/default = "files nis"
root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/host = "files dns nis"
root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/password = "files nis"
root@solaris:~# svcadm refresh svc:/system/name-service/switch
Note: The config/host
property defines both the hosts
and ipnodes
entries in /etc/nsswitch.conf
, while the config/password
property defines the passwd
entry. The remaining properties have the same name as their /etc/nsswitch.conf
entries.
In Oracle Solaris 11, /etc/nodename
has been removed and replaced with the config/nodename
property of the svc:/system/identity:node
service.
To set the host name, we again use svccfg
:
root@solaris:~# svccfg -s svc:/system/identity:node setprop config/nodename = astring: hostname
root@solaris:~# svcadm refresh svc:/system/identity:node
root@solaris:~# svcadm restart identity:node
Setting the host name this way will work for both automatic and manual network configurations.
In Oracle Solaris 11, the host's own entry in /etc/hosts
is now the same as that of localhost
. In previous versions of Oracle Solaris, this entry was associated with the first network interface.
root@solaris:~# cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1 solaris localhost
127.0.0.1 solaris localhost loghost
Note: Some application installers might fail due to changes in the /etc/hosts
file. If you experience this, you might have to edit /etc/hosts
directly.
Automatic Network Configuration Using Profiles
In Oracle Solaris 11, network profiles help to aggregate network configuration that was scattered across multiple different configuration files in previous versions of Oracle Solaris. Switching network profiles results in a set of changes to different network configuration that is applied in a single administrative operation.
The traditional configuration files still exist for compatibility reasons only, but you should not directly edit any of these files because any modifications will be overwritten when a profile is activated or the system is rebooted.
A network profile contains a Network Configuration Profile (NCP) and a Location Profile at a minimum, and it optionally contains External Network Modifiers (ENMs) and Known Wireless Networks (WLANs).
NCPs define a set of data links and IP interfaces as Network Configuration Units (NCUs). A Location Profile defines additional configuration, such as name service, IP filter rules, and IPsec policies that can be configured only after basic IP configuration.
ENMs are applications or services that directly modify the network configuration when a profile is activated or deactivated. An ENM would be needed to configure a virtual private network (VPN), for example. The use of ENMs or the configuration of wireless networks is not covered in this article.
Profiles have an activation mode that is either manual or automatic. When an automatic profile is active, external network events cause Oracle Solaris to re-evaluate which is the "best" automatic profile and make that profile active. External events include connecting or disconnecting an Ethernet cable, obtaining or losing a DHCP lease, or discovering a wireless network. There is always an active NCP and Location Profile. It is not possible to disable networking by disabling the current profile.
Creating a Network Configuration Profile
Without modification, the Automatic
profile is generally unsuitable for most corporate networks, which are either static or provide more configuration information via DHCP than the Automatic
profiles uses.
If your network has statically allocated IP address, you will need to create an NCP and a Location Profile.
In this example, we look at a typical corporate network of a fictional Acme corporation. It has statically allocated network addresses, uses a combination of NIS and DNS, and does not use IPv6.
To configure a system on the Acme network, we need to create an NCP and a Location Profile.
Example: Creating an NCP
To create the NCP and its component NCUs, we use netcfg
. For the physical link, we accept the defaults provided by netcfg
. For the IP configuration, we want IPv4 addressing and static IP address allocation, as shown in Listing 2.
root@solaris:~# netcfg
netcfg> create ncp acme.corp.ncp
netcfg:ncp:acme.corp.ncp> create ncu phys net0
Created ncu 'net0'. Walking properties ...
activation-mode (manual) [manual|prioritized]>
link-mac-addr>
link-autopush>
link-mtu>
netcfg:ncp:acme.corp.ncp:ncu:net0> list
ncu:net0
type link
class phys
parent "acme.corp.ncp"
activation-mode manual
enabled true
netcfg:ncp:acme.corp.ncp:ncu:net0> end
Committed changes
netcfg:ncp:acme.corp.ncp> create ncu ip net0
Created ncu 'net0'. Walking properties ...
ip-version (ipv4,ipv6) [ipv4|ipv6]> ipv4
ipv4-addrsrc (dhcp) [dhcp|static]> static
ipv4-addr> 10.163.198.20/24
ipv4-default-route> 10.163.198.1
netcfg:ncp:acme.corp.ncp:ncu:net0> list
ncu:net0
type interface
class ip
parent "acme.corp.ncp"
enabled true
ip-version ipv4
ipv4-addrsrc static
ipv4-addr "10.163.198.20/24"
ipv4-default-route "10.163.198.1"
ipv6-addrsrc dhcp,autoconf
netcfg:ncp:acme.corp.ncp:ncu:net0> end
Committed changes
netcfg:ncp:acme.corp.ncp> end
netcfg> end
Listing 2. Creating the NCP
Now we need to create the Location Profile, as shown in Listing 3. We associate the Location Profile to the network profile through its activation mode. The Location Profile will automatically activate as long as the NCP is active.
Since Acme uses a combination of NIS and DNS name services, we need to provide our own /etc/nsswitch.conf
, which we will call /etc/nsswitch.acme
.
root@solaris:~# netcfg
netcfg> create loc acme.corp.loc
Created loc 'acme.corp.loc'. Walking properties ...
activation-mode (manual) [manual|conditional-any|conditional-all]> conditional-all
conditions> ncp acme.corp.ncp is active
nameservices (dns) [dns|files|nis|ldap]> dns,nis
nameservices-config-file ("/etc/nsswitch.dns")> /etc/nsswitch.acme
dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual
dns-nameservice-domain>
dns-nameservice-servers> 10.167.162.20,10.167.162.36
dns-nameservice-search> acme.com,uk.acme.com,us.acme.com
dns-nameservice-sortlist>
dns-nameservice-options>
nis-nameservice-configsrc [manual|dhcp]> manual
nis-nameservice-servers> 10.167.162.21
default-domain> acme.com
nfsv4-domain>
ipfilter-config-file>
ipfilter-v6-config-file>
ipnat-config-file>
ippool-config-file>
ike-config-file>
ipsecpolicy-config-file>
netcfg:loc:acme.corp.loc> list
loc:acme.corp.loc
activation-mode conditional-all
conditions "ncp acme.corp.ncp is active"
enabled false
nameservices dns,nis
nameservices-config-file "/etc/nsswitch.acme"
dns-nameservice-configsrc manual
dns-nameservice-servers "10.167.162.20","10.167.162.36"
dns-nameservice-search "acme.com","uk.acme.com","us.acme.com"
nis-nameservice-configsrc manual
nis-nameservice-servers "10.167.162.21"
default-domain "acme.com"
netcfg:loc:acme.corp.loc> end
Committed changes
netcfg> end
Listing 3. Creating the Location Profile
Now we can activate the NCP, as shown in Listing 4, and the Location Profile will be automatically activated.
root@solaris:~# netadm enable acme.corp.ncp
Enabling ncp 'acme.corp.ncp'
root@solaris:~# netadm list
TYPE PROFILE STATE
ncp acme.corp.ncp online
ncu:phys net0 online
ncu:ip net0 online
ncp Automatic disabled
loc acme.corp.loc online
loc Automatic offline
loc NoNet offline
loc User disabled
Listing 4. Activating the NCP
Editing an NCP
There are two ways to edit an existing NCP with netcfg
. The set
command lets you set individual properties, while the walkprop
command walks you through all the properties.
netcfg
automatically performs a walkprop
command when you create a profile.
In example shown in Listing 5, we add a third DNS server to the existing acme.corp.loc
Location Profile.
root@solaris:~# netcfg
netcfg> select loc acme.corp.loc
netcfg:loc:acme.corp.loc> list
loc:acme.corp.loc
activation-mode conditional-all
conditions "ncp acme.corp.ncp is active"
enabled false
nameservices dns,nis
nameservices-config-file "/etc/nsswitch.acme"
dns-nameservice-configsrc manual
dns-nameservice-servers "10.167.162.20","10.167.162.36"
dns-nameservice-search "acme.com", "uk.acme.com","us.acme.com"
nis-nameservice-configsrc manual
nis-nameservice-servers "10.167.162.21"
default-domain "acme.com"
netcfg:loc:acme.corp.loc>
Listing 5. Adding a DNS Server
The list
command shows only properties that have been set; list -a
shows all the properties of the profile, as shown in Listing 6.
netcfg:loc:acme.corp.loc> list -a
loc:acme.corp.loc
activation-mode conditional-all
conditions "ncp acme.corp.ncp is active"
enabled false
nameservices dns,nis
nameservices-config-file "/etc/nsswitch.acme"
dns-nameservice-configsrc manual
dns-nameservice-domain
dns-nameservice-servers "10.167.162.20","10.167.162.36"
dns-nameservice-search "acme.com", uk.acme.com","us.acme.com"
dns-nameservice-sortlist
dns-nameservice-options
nis-nameservice-configsrc manual
nis-nameservice-servers "10.167.162.21"
ldap-nameservice-configsrc
ldap-nameservice-servers
default-domain "acme.com"
nfsv4-domain
ipfilter-config-file
ipfilter-v6-config-file
ipnat-config-file
ippool-config-file
ike-config-file
ipsecpolicy-config-file
netcfg:loc:acme.corp.loc>
netcfg:loc:acme.corp.loc> set dns-nameservice-servers = "10.167.162.20","10.167.162.36","192.135.82.44"
netcfg:loc:acme.corp.loc> list
loc:acme.corp.loc
activation-mode conditional-all
conditions "ncp acme.corp.ncp is active"
enabled false
nameservices dns,nis
nameservices-config-file "/etc/nsswitch.dns"
dns-nameservice-configsrc manual
dns-nameservice-servers "10.167.162.20","10.167.162.36","192.135.82.44"
dns-nameservice-search "acme.com", uk.acme.com","us.acme.com"
nis-nameservice-configsrc manual
nis-nameservice-servers "10.167.162.21"
netcfg:loc:acme.corp.loc> verify
All properties verified
netcfg:loc:acme.corp.loc> commit
Committed changes
netcfg:loc:acme.corp.loc> end
netcfg> end
root@solaris:~#
Listing 6. Showing All Properties
Summary
Network configuration has substantially changed in Oracle Solaris 11 with the introduction of network configuration profiles and consolidated administration across the different facets of networking fabrics in the data center. By using network configuration profiles, administrators can simplify complex configurations and apply them as a single unit of change.
See Also
For more information related to Oracle Solaris 11 network administration, see the following administration guides:
Oracle Solaris Administration: Naming and Directory Services
Oracle Solaris Administration: Network Interfaces and Network Virtualization
Here are some additional Oracle Solaris 11 resources:
Download Oracle Solaris 11
Access all Oracle Solaris 11 how-to articles
Learn more with Oracle Solaris 11 training and support
See the official Oracle Solaris blog
About the Author
Andrew Walton is a senior engineer in the ISV group at Oracle and has over 20 years experience in the UNIX industry working at Silicon Graphics, Sun, and Oracle. He specializes in application performance tuning and porting C and C++ code.
Revision 1.0, 05/16/2012