Solaris 11 Networking: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
No edit summary |
m (Text replacement - "<source" to "<syntaxhighlight") |
||
| (23 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Solaris11|Networking]] | |||
= Switch to manual configuration = | |||
To disable automatic procedures to take back your changes you have to enable the manual configuration mode. | |||
<pre> | |||
# netadm enable -p ncp DefaultFixed | |||
</pre> | |||
= Nodename = | = Nodename = | ||
<pre> | <pre> | ||
| Line 32: | Line 40: | ||
ADDRESS STATE GROUP INBOUND OUTBOUND | ADDRESS STATE GROUP INBOUND OUTBOUND | ||
:: down ipmp0 -- -- | :: down ipmp0 -- -- | ||
192.168.5.101 up ipmp0 net3 net2 net3 | |||
</pre> | </pre> | ||
Set one interface to standby: | |||
<pre> | |||
# ipadm set-ifprop -p standby=on -m ip net2 | |||
# ipmpstat -i | |||
INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE | |||
net3 yes ipmp0 --mbM-- up ok ok | |||
net2 no ipmp0 is----- up ok ok | |||
# ipmpstat -g | |||
GROUP GROUPNAME STATE FDT INTERFACES | |||
ipmp0 ipmp0 ok 10.00s net3 (net2) | |||
</pre> | |||
== More sophisticated with aggregations and vnics == | |||
<syntaxhighlight lang=bash> | |||
# dladm show-phys -L | |||
LINK DEVICE LOC | |||
net0 igb12 /SYS/MB | |||
net1 igb13 /SYS/MB | |||
net2 igb14 /SYS/MB | |||
net3 igb15 /SYS/MB | |||
net4 igb0 /SYS/MB/PCI_MEZZ/PCIE3 | |||
net5 igb1 /SYS/MB/PCI_MEZZ/PCIE3 | |||
net6 igb2 /SYS/MB/PCI_MEZZ/PCIE3 | |||
net7 igb3 /SYS/MB/PCI_MEZZ/PCIE3 | |||
net8 igb4 /SYS/MB/RISER2/PCIE2 | |||
net9 igb5 /SYS/MB/RISER2/PCIE2 | |||
net10 igb6 /SYS/MB/RISER2/PCIE2 | |||
net11 igb7 /SYS/MB/RISER2/PCIE2 | |||
net12 igb8 /SYS/MB/RISER0/PCIE0 | |||
net13 igb9 /SYS/MB/RISER0/PCIE0 | |||
net14 igb10 /SYS/MB/RISER0/PCIE0 | |||
net15 igb11 /SYS/MB/RISER0/PCIE0 | |||
net16 usbecm2 -- | |||
# dladm create-aggr -P L2,L3 -l net8 -l net9 -l net10 -l net11 PCIE2 | |||
# dladm create-aggr -P L2,L3 -l net4 -l net5 -l net6 -l net7 PCIE3 | |||
# dladm show-link | |||
... | |||
PCIE2 aggr 1500 up net8 net9 net10 net11 | |||
PCIE3 aggr 1500 up net4 net5 net6 net7 | |||
... | |||
# dladm create-vnic -l PCIE2 zone01_ipmp0 | |||
# dladm create-vnic -l PCIE3 zone01_ipmp1 | |||
# dladm show-link | |||
... | |||
zone01_ipmp1 vnic 1500 up PCIE3 | |||
zone01_ipmp0 vnic 1500 up PCIE2 | |||
... | |||
# zonecfg -z zone01 | |||
zonecfg:zone01> add net | |||
zonecfg:zone01:net> set configure-allowed-address=true | |||
zonecfg:zone01:net> set physical=zone01_ipmp0 | |||
zonecfg:zone01:net> end | |||
zonecfg:zone01> add net | |||
zonecfg:zone01:net> set configure-allowed-address=true | |||
zonecfg:zone01:net> set physical=zone01_ipmp1 | |||
zonecfg:zone01:net> end | |||
zonecfg:zone01> verify | |||
zonecfg:zone01> commit | |||
zonecfg:zone01> exit | |||
</syntaxhighlight> | |||
== Change | == Change address == | ||
1. Create new interface: | |||
<pre> | <pre> | ||
# ipadm create-addr -T static -a 192.168.5.111/24 ipmp0/v4mailcluster1 | # ipadm create-addr -T static -a 192.168.5.111/24 ipmp0/v4mailcluster1 | ||
</pre> | </pre> | ||
Login to new IP. | 2. Login to new IP. | ||
3. Delete the old interface: | |||
<pre> | <pre> | ||
# ipadm delete-addr ipmp0/v4mailcluster0 | # ipadm delete-addr ipmp0/v4mailcluster0 | ||
</pre> | </pre> | ||
= DNS = | = DNS = | ||
== Client == | == Client == | ||
<pre> | <pre> | ||
# svccfg -s svc:/network/dns/client | # svccfg -s svc:/network/dns/client setprop config/nameserver = net_address: "( 0.0.0.0 192.168.1.1 )" | ||
# svccfg -s svc:/network/dns/client | # svccfg -s svc:/network/dns/client setprop config/search = astring: "timmann.de blindhuhn.de" | ||
# svcadm refresh svc:/network/dns/client:default | # svcadm refresh svc:/network/dns/client:default | ||
# svcadm restart svc:/network/dns/client:default | # svcadm restart svc:/network/dns/client:default | ||
</pre> | |||
Activate dns in nameservice switch (nsswitch.conf): | |||
<pre> | |||
# perl -pi -e "s/^hosts:\s+files$/hosts: files dns/g" /etc/nsswitch.conf | |||
# nscfg import -f svc:/system/name-service/switch:default | |||
# svcadm refresh name-service/switch | |||
# svcprop -p config/host svc:/system/name-service/switch:default | |||
files\ dns | |||
</pre> | </pre> | ||
| Line 65: | Line 145: | ||
# svcadm enable svc:network/dns/server:default | # svcadm enable svc:network/dns/server:default | ||
</pre> | </pre> | ||
= Set tcp/udp parameter (formerly ndd) = | |||
<syntaxhighlight lang=bash> | |||
# ipadm show-prop -p smallest_anon_port tcp | |||
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE | |||
tcp smallest_anon_port rw 1024 -- 1024 1024-65535 | |||
</syntaxhighlight> | |||
<syntaxhighlight lang=bash> | |||
# ipadm set-prop -p smallest_anon_port=9000 tcp | |||
# ipadm set-prop -p smallest_anon_port=9000 udp | |||
# ipadm set-prop -p largest_anon_port=65500 tcp | |||
# ipadm set-prop -p largest_anon_port=65500 udp | |||
</syntaxhighlight> | |||
= Jumbo Frames = | |||
The MTU of an ipadm-interface can never be greater than its underlying dladm-interface. | |||
To change the dladm-interface the ipadm-interface has to be disabled (DOWNTIME!? BE CAREFUL!). | |||
<syntaxhighlight lang=bash> | |||
# ipadm disable-if -t iscsi0 | |||
# dladm set-linkprop -p mtu=9000 iscsi0 | |||
# ipadm enable-if -t iscsi0 | |||
# ipadm set-ifprop -m ipv4 -p mtu=9000 iscsi0 | |||
</syntaxhighlight> | |||
= Aggregate for iSCSI = | |||
This is cruel but worked on our ciscos: | |||
<syntaxhighlight lang=bash> | |||
# dladm create-aggr -m trunk -P L4 -L off "-l iscsi"{0..7} iscsi_aggr0 | /bin/sh | |||
# dladm show-aggr -P iscsi_aggr0 | |||
LINK MODE POLICY ADDRPOLICY LACPACTIVITY LACPTIMER | |||
iscsi_aggr0 trunk L4 auto off short | |||
# dladm show-aggr -L iscsi_aggr0 | |||
LINK PORT AGGREGATABLE SYNC COLL DIST DEFAULTED EXPIRED | |||
iscsi_aggr0 iscsi0 no no no no yes no | |||
-- iscsi1 no no no no yes no | |||
-- iscsi2 no no no no yes no | |||
-- iscsi3 no no no no yes no | |||
-- iscsi4 no no no no yes no | |||
-- iscsi5 no no no no yes no | |||
-- iscsi6 no no no no yes no | |||
-- iscsi7 no no no no yes no | |||
</syntaxhighlight> | |||
= Set TCP parameters in immutable zones = | |||
In normal immutable mode zlogin -U does not change it: | |||
<syntaxhighlight lang=bash> | |||
root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp | |||
ipadm: set-prop: _time_wait_interval: Invalid argument provided | |||
root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp | |||
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE | |||
tcp _time_wait_interval rw 30000 -- 60000 1000-600000 | |||
</syntaxhighlight> | |||
Need to boot into writable: | |||
<syntaxhighlight lang=bash> | |||
root@global# zoneadm -z immutable-zone reboot -w | |||
root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp | |||
root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp | |||
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE | |||
tcp _time_wait_interval rw 30000 30000 60000 1000-600000 | |||
root@global# zoneadm -z immutable-zone reboot | |||
</syntaxhighlight> | |||
Latest revision as of 17:53, 25 November 2021
Switch to manual configuration
To disable automatic procedures to take back your changes you have to enable the manual configuration mode.
# netadm enable -p ncp DefaultFixed
Nodename
# svccfg -s svc:/system/identity:node setprop config/nodename = astring: camponotus # svcadm refresh svc:/system/identity:node # svcadm restart svc:/system/identity:node
Interfaces
Initial setup
# ipadm create-ip net1 # ipadm create-addr -T static -a local=192.168.5.101/24 net1/v4mailcluster1
IPMP
# ipadm create-ip net2 # ipadm create-ip net3 # ipadm create-addr -T static -a 192.168.5.102/24 net2/v4ipmptestadress # ipadm create-addr -T static -a 192.168.5.103/24 net3/v4ipmptestadress # ipadm create-ipmp ipmp0 # ipadm add-ipmp -i net2 -i net3 ipmp0 # ipadm create-addr -T static -a 192.168.5.101/24 ipmp0/v4mailcluster0 # ipmpstat -i INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE net2 yes ipmp0 ------- up ok ok net3 yes ipmp0 --mbM-- up ok ok # ipmpstat -an ADDRESS STATE GROUP INBOUND OUTBOUND :: down ipmp0 -- -- 192.168.5.101 up ipmp0 net3 net2 net3
Set one interface to standby:
# ipadm set-ifprop -p standby=on -m ip net2 # ipmpstat -i INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE net3 yes ipmp0 --mbM-- up ok ok net2 no ipmp0 is----- up ok ok # ipmpstat -g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 ok 10.00s net3 (net2)
More sophisticated with aggregations and vnics
# dladm show-phys -L
LINK DEVICE LOC
net0 igb12 /SYS/MB
net1 igb13 /SYS/MB
net2 igb14 /SYS/MB
net3 igb15 /SYS/MB
net4 igb0 /SYS/MB/PCI_MEZZ/PCIE3
net5 igb1 /SYS/MB/PCI_MEZZ/PCIE3
net6 igb2 /SYS/MB/PCI_MEZZ/PCIE3
net7 igb3 /SYS/MB/PCI_MEZZ/PCIE3
net8 igb4 /SYS/MB/RISER2/PCIE2
net9 igb5 /SYS/MB/RISER2/PCIE2
net10 igb6 /SYS/MB/RISER2/PCIE2
net11 igb7 /SYS/MB/RISER2/PCIE2
net12 igb8 /SYS/MB/RISER0/PCIE0
net13 igb9 /SYS/MB/RISER0/PCIE0
net14 igb10 /SYS/MB/RISER0/PCIE0
net15 igb11 /SYS/MB/RISER0/PCIE0
net16 usbecm2 --
# dladm create-aggr -P L2,L3 -l net8 -l net9 -l net10 -l net11 PCIE2
# dladm create-aggr -P L2,L3 -l net4 -l net5 -l net6 -l net7 PCIE3
# dladm show-link
...
PCIE2 aggr 1500 up net8 net9 net10 net11
PCIE3 aggr 1500 up net4 net5 net6 net7
...
# dladm create-vnic -l PCIE2 zone01_ipmp0
# dladm create-vnic -l PCIE3 zone01_ipmp1
# dladm show-link
...
zone01_ipmp1 vnic 1500 up PCIE3
zone01_ipmp0 vnic 1500 up PCIE2
...
# zonecfg -z zone01
zonecfg:zone01> add net
zonecfg:zone01:net> set configure-allowed-address=true
zonecfg:zone01:net> set physical=zone01_ipmp0
zonecfg:zone01:net> end
zonecfg:zone01> add net
zonecfg:zone01:net> set configure-allowed-address=true
zonecfg:zone01:net> set physical=zone01_ipmp1
zonecfg:zone01:net> end
zonecfg:zone01> verify
zonecfg:zone01> commit
zonecfg:zone01> exit
Change address
1. Create new interface:
# ipadm create-addr -T static -a 192.168.5.111/24 ipmp0/v4mailcluster1
2. Login to new IP.
3. Delete the old interface:
# ipadm delete-addr ipmp0/v4mailcluster0
DNS
Client
# svccfg -s svc:/network/dns/client setprop config/nameserver = net_address: "( 0.0.0.0 192.168.1.1 )" # svccfg -s svc:/network/dns/client setprop config/search = astring: "timmann.de blindhuhn.de" # svcadm refresh svc:/network/dns/client:default # svcadm restart svc:/network/dns/client:default
Activate dns in nameservice switch (nsswitch.conf):
# perl -pi -e "s/^hosts:\s+files$/hosts: files dns/g" /etc/nsswitch.conf # nscfg import -f svc:/system/name-service/switch:default # svcadm refresh name-service/switch # svcprop -p config/host svc:/system/name-service/switch:default files\ dns
Server
# groupadd -g 53 dns # useradd -u 53 -g dns -d /var/named -m dns # usermod -A solaris.smf.manage.bind dns # svccfg -s svc:network/dns/server:default setprop start/group = dns # svccfg -s svc:network/dns/server:default setprop start/user = dns # svccfg -s svc:network/dns/server:default setprop options/ip_interfaces = IPv4 # svccfg -s svc:network/dns/server:default setprop options/configuration_file = /etc/named.conf # svcadm refresh svc:network/dns/server:default # svcadm enable svc:network/dns/server:default
Set tcp/udp parameter (formerly ndd)
# ipadm show-prop -p smallest_anon_port tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
tcp smallest_anon_port rw 1024 -- 1024 1024-65535
# ipadm set-prop -p smallest_anon_port=9000 tcp
# ipadm set-prop -p smallest_anon_port=9000 udp
# ipadm set-prop -p largest_anon_port=65500 tcp
# ipadm set-prop -p largest_anon_port=65500 udp
Jumbo Frames
The MTU of an ipadm-interface can never be greater than its underlying dladm-interface. To change the dladm-interface the ipadm-interface has to be disabled (DOWNTIME!? BE CAREFUL!).
# ipadm disable-if -t iscsi0
# dladm set-linkprop -p mtu=9000 iscsi0
# ipadm enable-if -t iscsi0
# ipadm set-ifprop -m ipv4 -p mtu=9000 iscsi0
Aggregate for iSCSI
This is cruel but worked on our ciscos:
# dladm create-aggr -m trunk -P L4 -L off "-l iscsi"{0..7} iscsi_aggr0 | /bin/sh
# dladm show-aggr -P iscsi_aggr0
LINK MODE POLICY ADDRPOLICY LACPACTIVITY LACPTIMER
iscsi_aggr0 trunk L4 auto off short
# dladm show-aggr -L iscsi_aggr0
LINK PORT AGGREGATABLE SYNC COLL DIST DEFAULTED EXPIRED
iscsi_aggr0 iscsi0 no no no no yes no
-- iscsi1 no no no no yes no
-- iscsi2 no no no no yes no
-- iscsi3 no no no no yes no
-- iscsi4 no no no no yes no
-- iscsi5 no no no no yes no
-- iscsi6 no no no no yes no
-- iscsi7 no no no no yes no
Set TCP parameters in immutable zones
In normal immutable mode zlogin -U does not change it:
root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp
ipadm: set-prop: _time_wait_interval: Invalid argument provided
root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
tcp _time_wait_interval rw 30000 -- 60000 1000-600000
Need to boot into writable:
root@global# zoneadm -z immutable-zone reboot -w
root@global# zlogin -U immutable-zone ipadm set-prop -p _time_wait_interval=30000 tcp
root@global# zlogin immutable-zone ipadm show-prop -p _time_wait_interval tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
tcp _time_wait_interval rw 30000 30000 60000 1000-600000
root@global# zoneadm -z immutable-zone reboot
