Solaris 11 Networking: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
No edit summary
m (Text replacement - "<source" to "<syntaxhighlight")
 
(One intermediate revision by the same user not shown)
Line 56: Line 56:
== More sophisticated with aggregations and vnics ==
== More sophisticated with aggregations and vnics ==


<source lang=bash>
<syntaxhighlight lang=bash>
# dladm show-phys -L
# dladm show-phys -L
LINK              DEVICE      LOC
LINK              DEVICE      LOC
Line 102: Line 102:
zonecfg:zone01> commit
zonecfg:zone01> commit
zonecfg:zone01> exit
zonecfg:zone01> exit
</source>
</syntaxhighlight>


== Change address ==
== Change address ==
Line 147: Line 147:


= Set tcp/udp parameter (formerly ndd) =
= Set tcp/udp parameter (formerly ndd) =
<source lang=bash>
<syntaxhighlight lang=bash>
# ipadm show-prop -p smallest_anon_port tcp
# ipadm show-prop -p smallest_anon_port tcp
PROTO PROPERTY            PERM CURRENT      PERSISTENT  DEFAULT      POSSIBLE
PROTO PROPERTY            PERM CURRENT      PERSISTENT  DEFAULT      POSSIBLE
tcp  smallest_anon_port  rw  1024        --          1024        1024-65535
tcp  smallest_anon_port  rw  1024        --          1024        1024-65535
</source>
</syntaxhighlight>


<source lang=bash>
<syntaxhighlight lang=bash>
# ipadm set-prop -p smallest_anon_port=9000 tcp
# ipadm set-prop -p smallest_anon_port=9000 tcp
# ipadm set-prop -p smallest_anon_port=9000 udp
# ipadm set-prop -p smallest_anon_port=9000 udp
# ipadm set-prop -p largest_anon_port=65500 tcp
# ipadm set-prop -p largest_anon_port=65500 tcp
# ipadm set-prop -p largest_anon_port=65500 udp
# ipadm set-prop -p largest_anon_port=65500 udp
</source>
</syntaxhighlight>


= Jumbo Frames =
= Jumbo Frames =
The MTU of an ipadm-interface can never be greater than its underlying dladm-interface.
The MTU of an ipadm-interface can never be greater than its underlying dladm-interface.
To change the dladm-interface the ipadm-interface has to be disabled (DOWNTIME!? BE CAREFUL!).  
To change the dladm-interface the ipadm-interface has to be disabled (DOWNTIME!? BE CAREFUL!).  
<source lang=bash>
<syntaxhighlight lang=bash>
# ipadm disable-if -t iscsi0
# ipadm disable-if -t iscsi0
# dladm set-linkprop -p mtu=9000  iscsi0
# dladm set-linkprop -p mtu=9000  iscsi0
# ipadm enable-if -t iscsi0
# ipadm enable-if -t iscsi0
# ipadm set-ifprop -m ipv4 -p mtu=9000 iscsi0  
# ipadm set-ifprop -m ipv4 -p mtu=9000 iscsi0  
</source>
</syntaxhighlight>


= Aggregate for iSCSI =
= Aggregate for iSCSI =


This is cruel but worked on our ciscos:
This is cruel but worked on our ciscos:
<source lang=bash>
<syntaxhighlight lang=bash>
# dladm create-aggr -m trunk -P L4 -L off "-l iscsi"{0..7} iscsi_aggr0 | /bin/sh
# dladm create-aggr -m trunk -P L4 -L off "-l iscsi"{0..7} iscsi_aggr0 | /bin/sh
# dladm show-aggr -P iscsi_aggr0
# dladm show-aggr -P iscsi_aggr0
Line 188: Line 188:
--                  iscsi6      no          no  no  no  yes      no
--                  iscsi6      no          no  no  no  yes      no
--                  iscsi7      no          no  no  no  yes      no
--                  iscsi7      no          no  no  no  yes      no
</source>
</syntaxhighlight>


= Set TCP parameters in immutable zones =
= Set TCP parameters in immutable zones =
In normal immutable mode zlogin -U does not change it:
In normal immutable mode zlogin -U does not change it:
<source lang=bash>
<syntaxhighlight lang=bash>
root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp
root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp
ipadm: set-prop: _time_wait_interval: Invalid argument provided
ipadm: set-prop: _time_wait_interval: Invalid argument provided
Line 199: Line 199:
PROTO PROPERTY              PERM CURRENT      PERSISTENT  DEFAULT      POSSIBLE
PROTO PROPERTY              PERM CURRENT      PERSISTENT  DEFAULT      POSSIBLE
tcp  _time_wait_interval  rw  30000        --          60000        1000-600000
tcp  _time_wait_interval  rw  30000        --          60000        1000-600000
</source>
</syntaxhighlight>


Need to boot into writable:
Need to boot into writable:
<source lang=bash>
<syntaxhighlight lang=bash>
root@global# zoneadm -z immutable-zone reboot -w
root@global# zoneadm -z immutable-zone reboot -w


Line 212: Line 212:


root@global# zoneadm -z immutable-zone reboot   
root@global# zoneadm -z immutable-zone reboot   
</source>
</syntaxhighlight>

Latest revision as of 16:53, 25 November 2021

Switch to manual configuration

To disable automatic procedures to take back your changes you have to enable the manual configuration mode.

# netadm enable -p ncp DefaultFixed

Nodename

# svccfg -s svc:/system/identity:node setprop config/nodename = astring: camponotus
# svcadm refresh svc:/system/identity:node
# svcadm restart svc:/system/identity:node

Interfaces

Initial setup

# ipadm create-ip net1 
# ipadm create-addr -T static -a local=192.168.5.101/24 net1/v4mailcluster1

IPMP

# ipadm create-ip net2
# ipadm create-ip net3
# ipadm create-addr -T static -a 192.168.5.102/24 net2/v4ipmptestadress
# ipadm create-addr -T static -a 192.168.5.103/24 net3/v4ipmptestadress
# ipadm create-ipmp ipmp0
# ipadm add-ipmp -i net2 -i net3 ipmp0
# ipadm create-addr -T static -a 192.168.5.101/24 ipmp0/v4mailcluster0

# ipmpstat -i
INTERFACE   ACTIVE  GROUP       FLAGS     LINK      PROBE     STATE
net2        yes     ipmp0       -------   up        ok        ok
net3        yes     ipmp0       --mbM--   up        ok        ok

# ipmpstat -an
ADDRESS                   STATE  GROUP       INBOUND     OUTBOUND
::                        down   ipmp0       --          --
192.168.5.101              up     ipmp0       net3        net2 net3

Set one interface to standby:

# ipadm set-ifprop -p standby=on -m ip net2
# ipmpstat -i
INTERFACE   ACTIVE  GROUP       FLAGS     LINK      PROBE     STATE
net3        yes     ipmp0       --mbM--   up        ok        ok
net2        no      ipmp0       is-----   up        ok        ok
# ipmpstat -g
GROUP       GROUPNAME   STATE     FDT       INTERFACES
ipmp0       ipmp0       ok        10.00s    net3 (net2)

More sophisticated with aggregations and vnics

# dladm show-phys -L
LINK              DEVICE       LOC
net0              igb12        /SYS/MB
net1              igb13        /SYS/MB
net2              igb14        /SYS/MB
net3              igb15        /SYS/MB
net4              igb0         /SYS/MB/PCI_MEZZ/PCIE3
net5              igb1         /SYS/MB/PCI_MEZZ/PCIE3
net6              igb2         /SYS/MB/PCI_MEZZ/PCIE3
net7              igb3         /SYS/MB/PCI_MEZZ/PCIE3
net8              igb4         /SYS/MB/RISER2/PCIE2
net9              igb5         /SYS/MB/RISER2/PCIE2
net10             igb6         /SYS/MB/RISER2/PCIE2
net11             igb7         /SYS/MB/RISER2/PCIE2
net12             igb8         /SYS/MB/RISER0/PCIE0
net13             igb9         /SYS/MB/RISER0/PCIE0
net14             igb10        /SYS/MB/RISER0/PCIE0
net15             igb11        /SYS/MB/RISER0/PCIE0
net16             usbecm2      --
# dladm create-aggr -P L2,L3 -l net8 -l net9 -l net10 -l net11 PCIE2 
# dladm create-aggr -P L2,L3 -l net4 -l net5 -l net6 -l net7 PCIE3
# dladm show-link
...
PCIE2               aggr      1500   up       net8 net9 net10 net11
PCIE3               aggr      1500   up       net4 net5 net6 net7
...
# dladm create-vnic -l PCIE2 zone01_ipmp0
# dladm create-vnic -l PCIE3 zone01_ipmp1
# dladm show-link
...
zone01_ipmp1      vnic      1500   up       PCIE3
zone01_ipmp0      vnic      1500   up       PCIE2
...
# zonecfg -z zone01
zonecfg:zone01> add net
zonecfg:zone01:net> set configure-allowed-address=true
zonecfg:zone01:net> set physical=zone01_ipmp0
zonecfg:zone01:net> end
zonecfg:zone01> add net
zonecfg:zone01:net> set configure-allowed-address=true
zonecfg:zone01:net> set physical=zone01_ipmp1
zonecfg:zone01:net> end
zonecfg:zone01> verify
zonecfg:zone01> commit
zonecfg:zone01> exit

Change address

1. Create new interface:

# ipadm create-addr -T static -a 192.168.5.111/24 ipmp0/v4mailcluster1

2. Login to new IP.

3. Delete the old interface:

# ipadm delete-addr ipmp0/v4mailcluster0

DNS

Client

# svccfg -s svc:/network/dns/client setprop config/nameserver = net_address: "( 0.0.0.0 192.168.1.1 )"
# svccfg -s svc:/network/dns/client setprop config/search = astring: "timmann.de blindhuhn.de"
# svcadm refresh svc:/network/dns/client:default
# svcadm restart svc:/network/dns/client:default

Activate dns in nameservice switch (nsswitch.conf):

# perl -pi -e "s/^hosts:\s+files$/hosts: files dns/g" /etc/nsswitch.conf
# nscfg import -f svc:/system/name-service/switch:default
# svcadm refresh name-service/switch
# svcprop -p config/host svc:/system/name-service/switch:default
files\ dns

Server

# groupadd -g 53 dns
# useradd -u 53 -g dns -d /var/named -m dns
# usermod -A solaris.smf.manage.bind dns
# svccfg -s svc:network/dns/server:default setprop start/group = dns
# svccfg -s svc:network/dns/server:default setprop start/user  = dns
# svccfg -s svc:network/dns/server:default setprop options/ip_interfaces = IPv4
# svccfg -s svc:network/dns/server:default setprop options/configuration_file = /etc/named.conf
# svcadm refresh svc:network/dns/server:default
# svcadm enable  svc:network/dns/server:default

Set tcp/udp parameter (formerly ndd)

# ipadm show-prop -p smallest_anon_port tcp
PROTO PROPERTY            PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
tcp   smallest_anon_port  rw   1024         --           1024         1024-65535
# ipadm set-prop -p smallest_anon_port=9000 tcp
# ipadm set-prop -p smallest_anon_port=9000 udp
# ipadm set-prop -p largest_anon_port=65500 tcp
# ipadm set-prop -p largest_anon_port=65500 udp

Jumbo Frames

The MTU of an ipadm-interface can never be greater than its underlying dladm-interface. To change the dladm-interface the ipadm-interface has to be disabled (DOWNTIME!? BE CAREFUL!).

# ipadm disable-if -t iscsi0
# dladm set-linkprop -p mtu=9000  iscsi0
# ipadm enable-if -t iscsi0
# ipadm set-ifprop -m ipv4 -p mtu=9000 iscsi0

Aggregate for iSCSI

This is cruel but worked on our ciscos:

# dladm create-aggr -m trunk -P L4 -L off "-l iscsi"{0..7} iscsi_aggr0 | /bin/sh
# dladm show-aggr -P iscsi_aggr0
LINK              MODE  POLICY   ADDRPOLICY           LACPACTIVITY LACPTIMER
iscsi_aggr0       trunk L4       auto                 off          short
# dladm show-aggr -L iscsi_aggr0
LINK                PORT         AGGREGATABLE SYNC COLL DIST DEFAULTED EXPIRED
iscsi_aggr0         iscsi0       no           no   no   no   yes       no
--                  iscsi1       no           no   no   no   yes       no
--                  iscsi2       no           no   no   no   yes       no
--                  iscsi3       no           no   no   no   yes       no
--                  iscsi4       no           no   no   no   yes       no
--                  iscsi5       no           no   no   no   yes       no
--                  iscsi6       no           no   no   no   yes       no
--                  iscsi7       no           no   no   no   yes       no

Set TCP parameters in immutable zones

In normal immutable mode zlogin -U does not change it:

root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp
ipadm: set-prop: _time_wait_interval: Invalid argument provided

root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp     
PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
tcp   _time_wait_interval   rw   30000        --           60000        1000-600000

Need to boot into writable:

root@global# zoneadm -z immutable-zone reboot -w

root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp

root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp     
PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
tcp   _time_wait_interval   rw   30000        30000        60000        1000-600000

root@global# zoneadm -z immutable-zone reboot