Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Oracle Solaris 11: First Look

You're reading from  Oracle Solaris 11: First Look

Product type Book
Published in Jan 2013
Publisher Packt
ISBN-13 9781849688307
Pages 168 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Philip P. Brown Philip P. Brown
Profile icon Philip P. Brown
LinkedIn
Philip P. Brown was introduced to computers at the early age of 10, by a Science teacher at St. Edmund's College, Ware, UK. He was awestruck by the phenomenal power of the ZX81's 3 MHz, Z80 CPU, and 1 K of RAM, showcasing the glory of 64 x 48 monochrome block graphics! The impressionable lad promptly went out and spent his life savings to acquire one of his very own, and then spent many hours keying in small BASIC programs such as "Ark Royal", a game where you land a block pretending to be an aircraft, on a bunch of lower blocks pretending to be an aircraft carrier. Heady stuff! When birthday money allowed expanding the ZX81 to an unbelievable 16 K of RAM, he also felt the need to acquire a patch cable to allow him to actually save programs to audio cassettes. Once this was deployed to the family cassette recorder, he was not seen or heard from for many months that followed. Phil's first exposure to Sun Microsystems was at U.C. Berkeley in 1989, as part of standard computer science classwork. Students were expected to do their classwork on diskless Sun 3/50 workstations running SunOS 4.1.1. During this time, he wrote his first serious freeware program, "kdrill", which at one time was part of the official X11 distribution, and remains in some Linux distros to this day. He eventually acquired a Sun workstation for personal use (with a disk and quarter-inch tape drive) and continued his home explorations, eventually transitioning from SunOS to Solaris, around Solaris 2.5.1. The principles of the original, pre-GPL freeware licenses prevalent in 1989 inspired Phil the most. Led by their example, he has contributed to an assortment of free software projects along the way. A little-known fact is that he is responsible for "MesaGL" morphing into the modern GLX/OpenGL implementation it is known for today. At the time, MesaGL was primarily an OpenGL workalike with a separate, non-X11 API, as author Brian Paul did not believe that it could function in a speed-effective way. In 2003, Phil wrote the first GLX integration proof-of-concept code, which convinced Brian to eventually commit to true GLX extension support. In 2002, Phil created pkg-get, inspired by Debian's apt-get utility, and started off CSW packaging. This, at last, brought the era of network-installed packages to Solaris. All major public Solaris package repositories prior to Solaris 11 still use pkg-get format catalogs for their software. In reality, Phil also had an impact on the existence of Solaris itself. In 2002, Sun Microsystems was on the road to canceling Solaris x86 as a product line. The community was outraged, and a vote in the old "solarisonintel" Yahoo! group resulted in six community representatives making the case for x86 to Sun. Phil was one of those six who eventually flew to Sun HQ to meet the head honchos and banish the forces of evil for a while. Phil's current hobbies include writing (both articles and code), riding motorcycles, reading historical fiction, and keeping his children amused. The Solaris-specific part of his website is http://www.bolthole.com/solaris. Most of his writing until this point has been done online, for free. His website has a particular wealth of Solaris information, and includes a mix of script writing, driver code, and Solaris sysadmin resources. As far as books go, he was only a prepublication reviewer for Solaris Systems Programming, Rich Teer. However, the first time any of his articles got published was in Rainbow magazine (a publication for the Tandy Color Computer) on page 138 of the May 1989 issue, under a column named Tools for Programming BASIC09 (http://ia700809.us.archive.org/26/items/rainbowmagazine-1989-05/The_Rainbow_Magazine_05_1989_text.pdf).
See other products by Philip P. Brown

Table of Contents (19) Chapters

Oracle Solaris 11: First Look
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. IPS – The Image Packaging System 2. Solaris 11 Installation Methods 3. Sysadmin Configuration Differences 4. Networking Nuts and Bolts 5. NWAM – Networking Auto-reconfiguration 6. ZFS – Now You Can't Ignore It! 7. Zones in Solaris 11 8. Security Improvements 9. Miscellaneous IPS Package Reference
New ACL Permissions and Abbreviations
Solaris 10 Available Enhancements Index

Chapter 4. Networking Nuts and Bolts

Basic IP configuration has been addressed in the Chapter 3, Sysadmin Configuration Differences. This chapter covers advanced network configurations possible in Solaris 11, along with a more in-depth overview of the changes.

Networking re-architected

Solaris 11 has a vastly redesigned networking infrastructure, both at the kernel level, and at the sysadmin level. It is crucial to understand this redesign.

Therefore, I shall start this chapter with some orientation material.

The following topics are touched on in this chapter:

  • Kernel redesign

  • Orientation to new Solaris 11 networking

  • Interface naming

  • NWAM – automatic networking configuration

  • IPMP (IP multipathing), tunneling, and VLAN management

  • Network resource management (per-interface, flows, and IP QoS)

  • Other changes

The changes in Solaris 11 improve both performance, and general manageability. In the manageability department, changes you make with the new tools stay across reboots.

Kernel redesign

Prior to Solaris 11, many, but not all, network drivers took advantage of a common driver framework called the Generic LAN Driver (GLD) framework.

Now in Solaris 11, virtually all drivers use GLD Version 3. This has allowed a redesign of the kernel-to-user interface to bring...

Orientation to new Solaris 11 networking

Networking functionality has now been split into layers, almost similar in some ways to how the old simple method of accessing disks through disk slices, got split up by ZFS into pools, mirrors, and the like.

Previously, almost all network configuration in Solaris was done by the physical interface, xyz0, and some permutation of the ifconfig command. Now, however, the multiple personalities of ifconfig, have been divided up into separate commands and layers.

The basic layers can be grouped as follows:

Physical, readonly

(dladm)

Data link

(dladm)

IP interface

(ipadm)

IP "addrobj"

(ipadm)

bge0, nxge0, e1000g0, and so on

net0, vlan0, vnic0, aggr0, stub0

net0, (simple case usually should match data link object name), ipmp0

net0/labelhere

To configure an IP address generally requires one item from each column, building step-by-step, from the left-most column, until you get to the right-hand side.

The left-most column is only visible from a global...

Interface naming and IP labels

By default, all network interface names visible at the general sysadmin level, are now simply called net0, net1, and so on. The inconsistency of names such as bge0, e1000g0, and ngxe0 are now hidden from view.

If you have different types of physical interface, and you need to know which netX name maps to which specific physical name, you can view mappings with:

dladm show-link

This command will show you all dladm level devices, including Virtual NICs and aggregation links. However, if you would like to narrow it down to just the ones associated with physical interfaces, you should use the following command:

dladm show-phys

Beyond that, what you most likely care even more about, after the initial setup, is which interface is being used for what purpose. Even more in this era of virtual services and zones, it is nice to know this information per IP address, rather than per interface. To that end, Solaris 11 associates IP address with user-named strings. Now if...

NWAM – NetWork AutoMagic

Someone on the Solaris engineering team decided to name this feature, Network AutoMagic. But from a server sysadmin perspective, it might perhaps be better named "Never Wake A Monster".

NWAM is primarily useful for people running Solaris on a laptop, who have to deal with wireless in different locations. If you are the console user (that is, physically in front of the machine), and within the GNOME-based desktop, you will have a fairly nice tool that allows you to easily configure wireless, and even swap between location-based profiles for other IP needs. In that context, it is fairly useful. If, on the other hand, your systems are servers which ignore DHCP, it is best avoided.

NWAM gets in the way of doing almost anything intelligent or fancy with the normal network control tools dladm or ipadm. It will cause complaints about "Persistent operation on temporary object". Technically, you can add the -t flag to dladm or ipadm, to make your operation temporary as well...

IPMP – IP multipathing

IP multipathing is a configuration that allows an IP address to automatically failover between two or more physical network interfaces. Prior versions of Solaris did already have IPMP support, but it was a bit hacky. It involved using ifconfig to assign two or more interfaces to a group, and then basically hoping the kernel did a good job from there. It was then up to the kernel to plumb and unplumb a secondary IP address (such as bge0:1) from one physical interface or another.

IPMP support in Solaris 11 is much more refined. The floating IP is given its own persistent, virtual object, at the same level as any other IP object at the ipadm layer. This then allows you to apply persistent tuning options to it.

There is also a new tool specifically written to monitor IPMP; predictably, it is called ipmpstat.

Setting up IPMP

Before you can set up a multipath IP object, you first have to set up underlying regular IP objects and interfaces with their own IP addresses (so that...

Link aggregation

Link aggregation, aka "trunking", is similar, yet different to IP multipathing (IPMP). Both actually let you increase outbound bandwidth by spreading it across multiple links. Both give you a measure of automatic failover support. However, only link aggregation lets you spread inbound bandwidth across multiple links.

That's the good news. The bad news is link aggregation has some important limitations that, while they may not be a problem in "small to midsize" shops, can be a problem in enterprise level endeavors.

Link aggregation uses the IEEE 802.3ad protocol, sometimes known as LACP. This makes it an Ethernet-only solution. An even stronger limitation is that all the links that are aggregated together must be on the same switch.

In contrast, IPMP, can be used across truly redundant, separate switches. Furthermore, as it is an IP-level solution, rather than a link-level solution, it can be used on top of alternative transports such as InfiniBand.

The bonus good news, for...

VNIC – Virtual NIC

Prior to Solaris 11, it was always possible to add a virtual, or secondary IP address to a network interface, such as bge0:1 on top of bge0.

Solaris 11 takes things an important step further, by allowing you to encapsulate an IP address within a virtual network interface object. This object can be treated as a first class network entity in its own right. It is possible to run snoop on it. It is also possible to assign it to a zone, and allow the zone to have full access to it, without compromising the security of the physical device, or other VNICs on that device.

You can name a VNIC almost anything you want, as long as you put a number at the end of it. For ease of comprehension, however, you may want to stick to the standard of vnicX.

Sample usage is as follows:

dladm create-vnic -l net0 vnic1
ipadm create-ip vnic1
ipadm create-addr -T static -a local=1.2.3.9/24 vnic1/extraIP
snoop -d vnic1

As mentioned, snoop will pick up traffic related to 1.2.3.9, and to broadcast traffic...

VLAN tagging

VLAN tagging is a network layer 2 standard designed to allow separate Ethernet broadcast domains to coexist safely on a single physical interface or network fabric. Configuring a virtual IP address or virtual network interface with a specific VLAN ID, or tag, is the way to let the network hardware know which broadcast domain to assign a packet to.

Solaris 10 supported use of VLAN tagging for interfaces; however, the administrative interface was highly ugly. It involved using ifconfig to plumb virtual interfaces with mandatory 6-digit numbers.

Solaris 11's unified network interface allows for much cleaner VLAN tagging usage. You can now create a VLAN tagged virtual interface that is a top-level network entity in its own right. Basically, it is a VNIC with a fixed extra attribute, which is the VLAN tag ID. You can give it a custom name to denote that it is not just an ordinary VNIC, but after that, you can treat it as any other VNIC level device. For example:

dladm create-vlan...

IP tunneling

In Solaris 10 and earlier, it was possible to create IP tunnels manually, using ifconfig. In Solaris 11, you use the dladm and ipadm commands. The bad news is the process involves a few more steps. The good news is it is automatically persistent across reboots, and also is more readable, by virtue of the fact that you can name the tunnels.

To create an IPv4 tunnel between your own host at 1.2.3.4 and a remote gateway at 5.6.7.8, use the following sequence of commands:

dladm create-iptun -T ipv4 -a local=1.2.3.4,remote=5.6.7.8 tunnelname0
ipadm create-ip tunnelname0
ipadm create-addr -T static -a local=1.2.3.4,remote=5.6.7.8 tunnelname0/usefulnamehere

As you can see, the syntax is fairly similar to VLAN creation. First, the creation of a base-layer kernel object is required, through dladm. After that, the IP-level setup via ipadm is almost identical to other IP administrative tasks.

Bridging

Bridging is the term used when a device transparently forwards network layer 2 packets from one broadcast domain to another. In essence, it can make the Solaris server act like an Ethernet switch (or in some cases, other layer 2 protocol switches).

Note

Bridging makes the involved physical interfaces to always run in promiscuous mode, which has the effect of degrading effective interface throughput.

Normally, I would consider bridging on a Solaris box to not be used enough to include here, but the improvements in Solaris 11 are so impressive that they are worth mentioning.

The old way of making a Solaris machine act as a bridge was to set ip_forwarding=1 on the interfaces you wished, then telling other machines to use the Solaris machine as a bridge, and blindly hope for the best.

The new way is much improved. There are real administrative commands instead of ndd, and the OS has been enhanced to properly support the following standard bridging protocols:

Spanning Tree Protocol (STP)...

Network resource management

Now, there are three main ways to handle resource management in Solaris 11: by flows, by interface, and by custom Quality of Service rules.

The QoS methods are the most flexible, but also highly complex, and perhaps best avoided unless absolutely necessary.

Related to resource management is knowing just how much data is flowing through the resource. At a coarse level, the dlstat command will tell you the amount of data that has been flowing through a low-level physical or virtual interface. Similar to the iostat command, it can show you total number of packets since reboot, or you can tell it to report over regular intervals.

At a little more refined level, is the flowstat command, mentioned in the Flow-based resource management section.

Per-interface management

There are two types of resource management on an dladm level interface that are of interest:

  • CPU based

  • Bandwidth based

Limits are set through interface properties. You could consider them somewhat similar to old...

Other changes

Other things that have changed in Solaris 11 networking, that we won't go into detail about here, but are worth mentioning briefly:

  • The netcat utility is now included in Solaris. This is useful for a simple user-level network port redirector. Wireshark is also just a pkg install away.

  • The supported DHCP server for Solaris is now the ISC DHCP server (the most common open source one).

    Note

    Since this DHCP server is widely known and documented, the only things worth mentioning here are the Solaris specific bits:

    New DHCP SMF service FMRIs:

    svc:/network/dhcp/server:ipv4

    svc:/network/dhcp/server:ipv6

    New DHCP server configuration files:

    /etc/inet/dhcpd4.conf

    /etc/inet/dhcpd6.conf

  • Solaris 11 supports Virtual Router Redundancy Protocol (VRRP). However, since most readers will probably not want to turn their Solaris box into a router, all that needs to be mentioned here is that there is a single administrative command, predictably named vrrpadm.

Summary

Solaris 11 networking administration has changed so much that it is almost like using a different operating system. There are clear benefits from the new admin interfaces, as well as the performance benefits of the kernel rearchitecture. The most important takeaways for the new networking paradigm are to understand what new capabilities are now available and to know which toolsets are most important to use.

First and foremost, remember the following parallel paths for tool chains:

  • NWAM profile-oriented configuration: netcfg and netadm. Despite the generic names, these are only for NWAM.

  • Standard sysadmin tools: ipadm, dladm, flowadm, flowstat, and dlstat. Remember that ipadm and dladm only work normally if NWAM is disabled.

Secondly, remember the virtualization and stackability of the new VNIC, VLAN, and aggr objects. You can treat any of these types as a first class object, where you can assign exclusive use of them to a zone, including snoop and IP address control. You can also stack...

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 19
Next Chapter arrow right
You have been reading a chapter from
Oracle Solaris 11: First Look
Published in: Jan 2013 Publisher: Packt ISBN-13: 9781849688307
© 2013 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (1)

Profile icon Philip P. Brown
LinkedIn
Philip P. Brown was introduced to computers at the early age of 10, by a Science teacher at St. Edmund's College, Ware, UK. He was awestruck by the phenomenal power of the ZX81's 3 MHz, Z80 CPU, and 1 K of RAM, showcasing the glory of 64 x 48 monochrome block graphics! The impressionable lad promptly went out and spent his life savings to acquire one of his very own, and then spent many hours keying in small BASIC programs such as "Ark Royal", a game where you land a block pretending to be an aircraft, on a bunch of lower blocks pretending to be an aircraft carrier. Heady stuff! When birthday money allowed expanding the ZX81 to an unbelievable 16 K of RAM, he also felt the need to acquire a patch cable to allow him to actually save programs to audio cassettes. Once this was deployed to the family cassette recorder, he was not seen or heard from for many months that followed. Phil's first exposure to Sun Microsystems was at U.C. Berkeley in 1989, as part of standard computer science classwork. Students were expected to do their classwork on diskless Sun 3/50 workstations running SunOS 4.1.1. During this time, he wrote his first serious freeware program, "kdrill", which at one time was part of the official X11 distribution, and remains in some Linux distros to this day. He eventually acquired a Sun workstation for personal use (with a disk and quarter-inch tape drive) and continued his home explorations, eventually transitioning from SunOS to Solaris, around Solaris 2.5.1. The principles of the original, pre-GPL freeware licenses prevalent in 1989 inspired Phil the most. Led by their example, he has contributed to an assortment of free software projects along the way. A little-known fact is that he is responsible for "MesaGL" morphing into the modern GLX/OpenGL implementation it is known for today. At the time, MesaGL was primarily an OpenGL workalike with a separate, non-X11 API, as author Brian Paul did not believe that it could function in a speed-effective way. In 2003, Phil wrote the first GLX integration proof-of-concept code, which convinced Brian to eventually commit to true GLX extension support. In 2002, Phil created pkg-get, inspired by Debian's apt-get utility, and started off CSW packaging. This, at last, brought the era of network-installed packages to Solaris. All major public Solaris package repositories prior to Solaris 11 still use pkg-get format catalogs for their software. In reality, Phil also had an impact on the existence of Solaris itself. In 2002, Sun Microsystems was on the road to canceling Solaris x86 as a product line. The community was outraged, and a vote in the old "solarisonintel" Yahoo! group resulted in six community representatives making the case for x86 to Sun. Phil was one of those six who eventually flew to Sun HQ to meet the head honchos and banish the forces of evil for a while. Phil's current hobbies include writing (both articles and code), riding motorcycles, reading historical fiction, and keeping his children amused. The Solaris-specific part of his website is http://www.bolthole.com/solaris. Most of his writing until this point has been done online, for free. His website has a particular wealth of Solaris information, and includes a mix of script writing, driver code, and Solaris sysadmin resources. As far as books go, he was only a prepublication reviewer for Solaris Systems Programming, Rich Teer. However, the first time any of his articles got published was in Rainbow magazine (a publication for the Tandy Color Computer) on page 138 of the May 1989 issue, under a column named Tools for Programming BASIC09 (http://ia700809.us.archive.org/26/items/rainbowmagazine-1989-05/The_Rainbow_Magazine_05_1989_text.pdf).
Read more
See other products by Philip P. Brown

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Nov 2023 14 hours 16 minutes
Right arrow icon