Solaris 11 Networking: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
m (Text replacement - "<source" to "<syntaxhighlight")
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Solaris11|Networking]]
= Switch to manual configuration =
= Switch to manual configuration =


To disable automatic procedures to take back your changes you have to enable the manual configuration mode.
To disable automatic procedures to take back your changes you have to enable the manual configuration mode.
<pre>
<pre>
# netadm enable –p ncp defaultfixed
# netadm enable -p ncp DefaultFixed
</pre>
</pre>


Line 53: Line 54:
</pre>
</pre>


== Change adress ==
== More sophisticated with aggregations and vnics ==
 
<syntaxhighlight lang=bash>
# dladm show-phys -L
LINK              DEVICE      LOC
net0              igb12        /SYS/MB
net1              igb13        /SYS/MB
net2              igb14        /SYS/MB
net3              igb15        /SYS/MB
net4              igb0        /SYS/MB/PCI_MEZZ/PCIE3
net5              igb1        /SYS/MB/PCI_MEZZ/PCIE3
net6              igb2        /SYS/MB/PCI_MEZZ/PCIE3
net7              igb3        /SYS/MB/PCI_MEZZ/PCIE3
net8              igb4        /SYS/MB/RISER2/PCIE2
net9              igb5        /SYS/MB/RISER2/PCIE2
net10            igb6        /SYS/MB/RISER2/PCIE2
net11            igb7        /SYS/MB/RISER2/PCIE2
net12            igb8        /SYS/MB/RISER0/PCIE0
net13            igb9        /SYS/MB/RISER0/PCIE0
net14            igb10        /SYS/MB/RISER0/PCIE0
net15            igb11        /SYS/MB/RISER0/PCIE0
net16            usbecm2      --
# dladm create-aggr -P L2,L3 -l net8 -l net9 -l net10 -l net11 PCIE2
# dladm create-aggr -P L2,L3 -l net4 -l net5 -l net6 -l net7 PCIE3
# dladm show-link
...
PCIE2              aggr      1500  up      net8 net9 net10 net11
PCIE3              aggr      1500  up      net4 net5 net6 net7
...
# dladm create-vnic -l PCIE2 zone01_ipmp0
# dladm create-vnic -l PCIE3 zone01_ipmp1
# dladm show-link
...
zone01_ipmp1      vnic      1500  up      PCIE3
zone01_ipmp0      vnic      1500  up      PCIE2
...
# zonecfg -z zone01
zonecfg:zone01> add net
zonecfg:zone01:net> set configure-allowed-address=true
zonecfg:zone01:net> set physical=zone01_ipmp0
zonecfg:zone01:net> end
zonecfg:zone01> add net
zonecfg:zone01:net> set configure-allowed-address=true
zonecfg:zone01:net> set physical=zone01_ipmp1
zonecfg:zone01:net> end
zonecfg:zone01> verify
zonecfg:zone01> commit
zonecfg:zone01> exit
</syntaxhighlight>
 
== Change address ==
1. Create new interface:
1. Create new interface:
<pre>
<pre>
Line 59: Line 110:
</pre>
</pre>
2. Login to new IP.
2. Login to new IP.
3. Delete the old interface.
 
3. Delete the old interface:
<pre>
<pre>
# ipadm delete-addr ipmp0/v4mailcluster0
# ipadm delete-addr ipmp0/v4mailcluster0
Line 93: Line 145:
# svcadm enable  svc:network/dns/server:default
# svcadm enable  svc:network/dns/server:default
</pre>
</pre>
[[Kategorie:Solaris11]]
 
= Set tcp/udp parameter (formerly ndd) =
<syntaxhighlight lang=bash>
# ipadm show-prop -p smallest_anon_port tcp
PROTO PROPERTY            PERM CURRENT      PERSISTENT  DEFAULT      POSSIBLE
tcp  smallest_anon_port  rw  1024        --          1024        1024-65535
</syntaxhighlight>
 
<syntaxhighlight lang=bash>
# ipadm set-prop -p smallest_anon_port=9000 tcp
# ipadm set-prop -p smallest_anon_port=9000 udp
# ipadm set-prop -p largest_anon_port=65500 tcp
# ipadm set-prop -p largest_anon_port=65500 udp
</syntaxhighlight>
 
= Jumbo Frames =
The MTU of an ipadm-interface can never be greater than its underlying dladm-interface.
To change the dladm-interface the ipadm-interface has to be disabled (DOWNTIME!? BE CAREFUL!).
<syntaxhighlight lang=bash>
# ipadm disable-if -t iscsi0
# dladm set-linkprop -p mtu=9000  iscsi0
# ipadm enable-if -t iscsi0
# ipadm set-ifprop -m ipv4 -p mtu=9000 iscsi0
</syntaxhighlight>
 
= Aggregate for iSCSI =
 
This is cruel but worked on our ciscos:
<syntaxhighlight lang=bash>
# dladm create-aggr -m trunk -P L4 -L off "-l iscsi"{0..7} iscsi_aggr0 | /bin/sh
# dladm show-aggr -P iscsi_aggr0
LINK              MODE  POLICY  ADDRPOLICY          LACPACTIVITY LACPTIMER
iscsi_aggr0      trunk L4      auto                off          short
# dladm show-aggr -L iscsi_aggr0
LINK                PORT        AGGREGATABLE SYNC COLL DIST DEFAULTED EXPIRED
iscsi_aggr0        iscsi0      no          no  no  no  yes      no
--                  iscsi1      no          no  no  no  yes      no
--                  iscsi2      no          no  no  no  yes      no
--                  iscsi3      no          no  no  no  yes      no
--                  iscsi4      no          no  no  no  yes      no
--                  iscsi5      no          no  no  no  yes      no
--                  iscsi6      no          no  no  no  yes      no
--                  iscsi7      no          no  no  no  yes      no
</syntaxhighlight>
 
= Set TCP parameters in immutable zones =
In normal immutable mode zlogin -U does not change it:
<syntaxhighlight lang=bash>
root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp
ipadm: set-prop: _time_wait_interval: Invalid argument provided
 
root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp   
PROTO PROPERTY              PERM CURRENT      PERSISTENT  DEFAULT      POSSIBLE
tcp  _time_wait_interval  rw  30000        --          60000        1000-600000
</syntaxhighlight>
 
Need to boot into writable:
<syntaxhighlight lang=bash>
root@global# zoneadm -z immutable-zone reboot -w
 
root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp
 
root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp   
PROTO PROPERTY              PERM CURRENT      PERSISTENT  DEFAULT      POSSIBLE
tcp  _time_wait_interval  rw  30000        30000        60000        1000-600000
 
root@global# zoneadm -z immutable-zone reboot 
</syntaxhighlight>

Latest revision as of 16:53, 25 November 2021

Switch to manual configuration

To disable automatic procedures to take back your changes you have to enable the manual configuration mode.

# netadm enable -p ncp DefaultFixed

Nodename

# svccfg -s svc:/system/identity:node setprop config/nodename = astring: camponotus
# svcadm refresh svc:/system/identity:node
# svcadm restart svc:/system/identity:node

Interfaces

Initial setup

# ipadm create-ip net1 
# ipadm create-addr -T static -a local=192.168.5.101/24 net1/v4mailcluster1

IPMP

# ipadm create-ip net2
# ipadm create-ip net3
# ipadm create-addr -T static -a 192.168.5.102/24 net2/v4ipmptestadress
# ipadm create-addr -T static -a 192.168.5.103/24 net3/v4ipmptestadress
# ipadm create-ipmp ipmp0
# ipadm add-ipmp -i net2 -i net3 ipmp0
# ipadm create-addr -T static -a 192.168.5.101/24 ipmp0/v4mailcluster0

# ipmpstat -i
INTERFACE   ACTIVE  GROUP       FLAGS     LINK      PROBE     STATE
net2        yes     ipmp0       -------   up        ok        ok
net3        yes     ipmp0       --mbM--   up        ok        ok

# ipmpstat -an
ADDRESS                   STATE  GROUP       INBOUND     OUTBOUND
::                        down   ipmp0       --          --
192.168.5.101              up     ipmp0       net3        net2 net3

Set one interface to standby:

# ipadm set-ifprop -p standby=on -m ip net2
# ipmpstat -i
INTERFACE   ACTIVE  GROUP       FLAGS     LINK      PROBE     STATE
net3        yes     ipmp0       --mbM--   up        ok        ok
net2        no      ipmp0       is-----   up        ok        ok
# ipmpstat -g
GROUP       GROUPNAME   STATE     FDT       INTERFACES
ipmp0       ipmp0       ok        10.00s    net3 (net2)

More sophisticated with aggregations and vnics

# dladm show-phys -L
LINK              DEVICE       LOC
net0              igb12        /SYS/MB
net1              igb13        /SYS/MB
net2              igb14        /SYS/MB
net3              igb15        /SYS/MB
net4              igb0         /SYS/MB/PCI_MEZZ/PCIE3
net5              igb1         /SYS/MB/PCI_MEZZ/PCIE3
net6              igb2         /SYS/MB/PCI_MEZZ/PCIE3
net7              igb3         /SYS/MB/PCI_MEZZ/PCIE3
net8              igb4         /SYS/MB/RISER2/PCIE2
net9              igb5         /SYS/MB/RISER2/PCIE2
net10             igb6         /SYS/MB/RISER2/PCIE2
net11             igb7         /SYS/MB/RISER2/PCIE2
net12             igb8         /SYS/MB/RISER0/PCIE0
net13             igb9         /SYS/MB/RISER0/PCIE0
net14             igb10        /SYS/MB/RISER0/PCIE0
net15             igb11        /SYS/MB/RISER0/PCIE0
net16             usbecm2      --
# dladm create-aggr -P L2,L3 -l net8 -l net9 -l net10 -l net11 PCIE2 
# dladm create-aggr -P L2,L3 -l net4 -l net5 -l net6 -l net7 PCIE3
# dladm show-link
...
PCIE2               aggr      1500   up       net8 net9 net10 net11
PCIE3               aggr      1500   up       net4 net5 net6 net7
...
# dladm create-vnic -l PCIE2 zone01_ipmp0
# dladm create-vnic -l PCIE3 zone01_ipmp1
# dladm show-link
...
zone01_ipmp1      vnic      1500   up       PCIE3
zone01_ipmp0      vnic      1500   up       PCIE2
...
# zonecfg -z zone01
zonecfg:zone01> add net
zonecfg:zone01:net> set configure-allowed-address=true
zonecfg:zone01:net> set physical=zone01_ipmp0
zonecfg:zone01:net> end
zonecfg:zone01> add net
zonecfg:zone01:net> set configure-allowed-address=true
zonecfg:zone01:net> set physical=zone01_ipmp1
zonecfg:zone01:net> end
zonecfg:zone01> verify
zonecfg:zone01> commit
zonecfg:zone01> exit

Change address

1. Create new interface:

# ipadm create-addr -T static -a 192.168.5.111/24 ipmp0/v4mailcluster1

2. Login to new IP.

3. Delete the old interface:

# ipadm delete-addr ipmp0/v4mailcluster0

DNS

Client

# svccfg -s svc:/network/dns/client setprop config/nameserver = net_address: "( 0.0.0.0 192.168.1.1 )"
# svccfg -s svc:/network/dns/client setprop config/search = astring: "timmann.de blindhuhn.de"
# svcadm refresh svc:/network/dns/client:default
# svcadm restart svc:/network/dns/client:default

Activate dns in nameservice switch (nsswitch.conf):

# perl -pi -e "s/^hosts:\s+files$/hosts: files dns/g" /etc/nsswitch.conf
# nscfg import -f svc:/system/name-service/switch:default
# svcadm refresh name-service/switch
# svcprop -p config/host svc:/system/name-service/switch:default
files\ dns

Server

# groupadd -g 53 dns
# useradd -u 53 -g dns -d /var/named -m dns
# usermod -A solaris.smf.manage.bind dns
# svccfg -s svc:network/dns/server:default setprop start/group = dns
# svccfg -s svc:network/dns/server:default setprop start/user  = dns
# svccfg -s svc:network/dns/server:default setprop options/ip_interfaces = IPv4
# svccfg -s svc:network/dns/server:default setprop options/configuration_file = /etc/named.conf
# svcadm refresh svc:network/dns/server:default
# svcadm enable  svc:network/dns/server:default

Set tcp/udp parameter (formerly ndd)

# ipadm show-prop -p smallest_anon_port tcp
PROTO PROPERTY            PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
tcp   smallest_anon_port  rw   1024         --           1024         1024-65535
# ipadm set-prop -p smallest_anon_port=9000 tcp
# ipadm set-prop -p smallest_anon_port=9000 udp
# ipadm set-prop -p largest_anon_port=65500 tcp
# ipadm set-prop -p largest_anon_port=65500 udp

Jumbo Frames

The MTU of an ipadm-interface can never be greater than its underlying dladm-interface. To change the dladm-interface the ipadm-interface has to be disabled (DOWNTIME!? BE CAREFUL!).

# ipadm disable-if -t iscsi0
# dladm set-linkprop -p mtu=9000  iscsi0
# ipadm enable-if -t iscsi0
# ipadm set-ifprop -m ipv4 -p mtu=9000 iscsi0

Aggregate for iSCSI

This is cruel but worked on our ciscos:

# dladm create-aggr -m trunk -P L4 -L off "-l iscsi"{0..7} iscsi_aggr0 | /bin/sh
# dladm show-aggr -P iscsi_aggr0
LINK              MODE  POLICY   ADDRPOLICY           LACPACTIVITY LACPTIMER
iscsi_aggr0       trunk L4       auto                 off          short
# dladm show-aggr -L iscsi_aggr0
LINK                PORT         AGGREGATABLE SYNC COLL DIST DEFAULTED EXPIRED
iscsi_aggr0         iscsi0       no           no   no   no   yes       no
--                  iscsi1       no           no   no   no   yes       no
--                  iscsi2       no           no   no   no   yes       no
--                  iscsi3       no           no   no   no   yes       no
--                  iscsi4       no           no   no   no   yes       no
--                  iscsi5       no           no   no   no   yes       no
--                  iscsi6       no           no   no   no   yes       no
--                  iscsi7       no           no   no   no   yes       no

Set TCP parameters in immutable zones

In normal immutable mode zlogin -U does not change it:

root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp
ipadm: set-prop: _time_wait_interval: Invalid argument provided

root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp     
PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
tcp   _time_wait_interval   rw   30000        --           60000        1000-600000

Need to boot into writable:

root@global# zoneadm -z immutable-zone reboot -w

root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp

root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp     
PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
tcp   _time_wait_interval   rw   30000        30000        60000        1000-600000

root@global# zoneadm -z immutable-zone reboot