Professional Documents
Culture Documents
Solaris 10 - III PDF
Solaris 10 - III PDF
Copyright 2005 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved.
This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and
decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of
Sun and its licensors, if any.
Third-party software, including font technology, is copyrighted and licensed from Sun suppliers.
Sun, Sun Microsystems, the Sun logo, Solaris, Java, JumpStart, OpenBoot, Sun BluePrints, Sun Fire, and Sun StorEdge are trademarks or
registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and
other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.
The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges
the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry.
Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Suns licensees who
implement OPEN LOOK GUIs and otherwise comply with Suns written license agreements.
Federal Acquisitions: Commercial Software Government Users Subject to Standard License Terms and Conditions
Export Laws. Products, Services, and technical data delivered by Sun may be subject to U.S. export controls or the trade laws of other
countries. You will comply with all such laws and obtain all licenses to export, re-export, or import as may be required after delivery to
You. You will not export or re-export to entities on the most current U.S. export exclusions lists or to any country subject to U.S. embargo
or terrorist controls as specified in the U.S. export laws. You will not use or provide Products, Services, or technical data for nuclear, missile,
or chemical biological weaponry end uses.
DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE
LEGALLY INVALID.
THIS MANUAL IS DESIGNED TO SUPPORT AN INSTRUCTOR-LED TRAINING (ILT) COURSE AND IS INTENDED TO BE
USED FOR REFERENCE PURPOSES IN CONJUNCTION WITH THE ILT COURSE. THE MANUAL IS NOT A STANDALONE
TRAINING TOOL. USE OF THE MANUAL FOR SELF-STUDY WITHOUT CLASS ATTENDANCE IS NOT RECOMMENDED.
Export Commodity Classification Number (ECCN) assigned: 12 December 2001
Please
Recycle
Copyright 2005 Sun Microsystems Inc. 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits rservs.
Ce produit ou document est protg par un copyright et distribu avec des licences qui en restreignent lutilisation, la copie, la distribution,
et la dcompilation. Aucune partie de ce produit ou document ne peut tre reproduite sous aucune forme, par quelque moyen que ce soit,
sans lautorisation pralable et crite de Sun et de ses bailleurs de licence, sil y en a.
Le logiciel dtenu par des tiers, et qui comprend la technologie relative aux polices de caractres, est protg par un copyright et licenci
par des fournisseurs de Sun.
Sun, Sun Microsystems, the Sun logo, Solaris, Java, JumpStart, OpenBoot, Sun BluePrints, Sun Fire, et Sun StorEdge sont des marques de
fabrique ou des marques dposes de Sun Microsystems, Inc. aux Etats-Unis et dans dautres pays.
Toutes les marques SPARC sont utilises sous licence sont des marques de fabrique ou des marques dposes de SPARC International, Inc.
aux Etats-Unis et dans dautres pays. Les produits portant les marques SPARC sont bass sur une architecture dveloppe par Sun
Microsystems, Inc.
UNIX est une marques dpose aux Etats-Unis et dans dautres pays et licencie exclusivement par X/Open Company, Ltd.
Linterfaces dutilisation graphique OPEN LOOK et Sun a t dveloppe par Sun Microsystems, Inc. pour ses utilisateurs et licencis.
Sun reconnat les efforts de pionniers de Xerox pour larecherche et le dveloppement du concept des interfaces dutilisation visuelle ou
graphique pour lindustrie de linformatique. Sun dtient une licence non exclusive de Xerox sur linterface dutilisation graphique Xerox,
cette licence couvrant galement les licencis de Sun qui mettent en place linterface dutilisation graphique OPEN LOOK et qui en outre
se conforment aux licences crites de Sun.
Lgislation en matire dexportations. Les Produits, Services et donnes techniques livrs par Sun peuvent tre soumis aux contrles
amricains sur les exportations, ou la lgislation commerciale dautres pays. Nous nous conformerons lensemble de ces textes et nous
obtiendrons toutes licences dexportation, de r-exportation ou dimportation susceptibles dtre requises aprs livraison Vous. Vous
nexporterez, ni ne r-exporterez en aucun cas des entits figurant sur les listes amricaines dinterdiction dexportation les plus courantes,
ni vers un quelconque pays soumis embargo par les Etats-Unis, ou des contrles anti-terroristes, comme prvu par la lgislation
amricaine en matire dexportations. Vous nutiliserez, ni ne fournirez les Produits, Services ou donnes techniques pour aucune utilisation
finale lie aux armes nuclaires, chimiques ou biologiques ou aux missiles.
LA DOCUMENTATION EST FOURNIE EN LETAT ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES
EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y
COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A LAPTITUDE A UNE
UTILISATION PARTICULIERE OU A LABSENCE DE CONTREFAON.
CE MANUEL DE RFRENCE DOIT TRE UTILIS DANS LE CADRE DUN COURS DE FORMATION DIRIG PAR UN
INSTRUCTEUR (ILT). IL NE SAGIT PAS DUN OUTIL DE FORMATION INDPENDANT. NOUS VOUS DCONSEILLONS DE
LUTILISER DANS LE CADRE DUNE AUTO-FORMATION.
Please
Recycle
Table of Contents
About This Course ............................................................Preface-xvii
Course Goals....................................................................... Preface-xvii
Course Map........................................................................ Preface-xviii
Topics Not Covered............................................................. Preface-xix
How Prepared Are You?...................................................... Preface-xx
Introductions ........................................................................ Preface-xxi
How to Use Course Materials ...........................................Preface-xxii
Conventions ........................................................................Preface-xxiii
Icons ............................................................................Preface-xxiii
Typographical Conventions ................................... Preface-xxiv
Additional Conventions........................................... Preface-xxv
Introducing the TCP/IP Model .........................................................1-1
Objectives ........................................................................................... 1-1
Introducing Network Model Fundamentals.................................. 1-2
Network Protocols .................................................................... 1-2
Network Model Concepts........................................................ 1-3
Introducing the Layers of the TCP/IP Model................................ 1-4
Network Interface Layer ......................................................... 1-5
Internet Layer ............................................................................ 1-6
Transport Layer......................................................................... 1-7
Application Layer ..................................................................... 1-8
Describing Basic Peer-to-Peer Communication,
Encapsulation, and Decapsulation ............................................. 1-10
Peer-to-Peer Communication ................................................ 1-10
Encapsulation and Decapsulation ........................................ 1-11
TCP/IP Protocols ............................................................................. 1-12
Exercise: Reviewing the TCP/IP Model ....................................... 1-16
Preparation............................................................................... 1-16
Tasks ......................................................................................... 1-16
Exercise Summary............................................................................ 1-18
Exercise Solutions ............................................................................ 1-19
vii
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
viii
ix
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
xi
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
xii
xiii
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
xv
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
xvi
Preface
Preface-xvii
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Course Map
Course Map
The course map enables you to see what you have accomplished and
where you are going in reference to the instructional goals.
Introducing LANs
and Their
Components
Describing
Ethernet
Interfaces
Describing
ARP and
RARP
Configuring
IP
Configuring IP
Network
Multipathing
Configuring
IPv6
Configuring
Routing
Describing
the Transport
Layer
Configuring
DNS
Preface-xviii
Configuring
DHCP
Configuring
NTP
Configuring the
Solaris IP
Filter Firewall
Refer to the Sun Educational Services catalog for specific information and
registration.
Preface-xix
Preface-xx
Can you set up user accounts when configuring network services for
system users?
Can you locate and install network software packages required to set
up various network services?
Introductions
Introductions
Now that you have been introduced to the course, introduce yourself to
the other students and the instructor, addressing the following items:
Name
Company affiliation
Preface-xxi
Visual aids The instructor might use several visual aids to convey a
concept, such as a process, in a visual form. Visual aids commonly
contain graphics, animation, and video.
Preface-xxii
Conventions
Conventions
The following conventions are used in this course to represent various
training elements and alternative learning resources.
Icons
Note Indicates additional information that can help students but is not
crucial to their understanding of the concept being described. Students
should be able to understand the concept or complete the task without
this information. Examples of notational information include keyword
shortcuts and minor system adjustments.
Caution Indicates that there is a risk of personal injury from a
nonelectrical hazard, or risk of irreversible damage to data, software, or
the operating system. A caution indicates that the possibility of a hazard
(as opposed to certainty) might happen, depending on the action of the
user.
Preface-xxiii
Conventions
Typographical Conventions
Courier is used for the names of commands, files, directories, user
names, host names, programming code, and on-screen computer output;
for example:
Use the ls -al command to list all files.
host1# cd /home
Courier bold is used for characters and numbers that you type; for
example:
To list the files in this directory, type the following:
# ls
Preface-xxiv
Conventions
Additional Conventions
Java programming language examples use the following additional
conventions:
Preface-xxv
Module 1
The course map in Figure 1-1 shows how this module fits into the current
instructional goal.
Introducing LANs
and Their
Components
Figure 1-1
Describing
Ethernet
Interfaces
Describing
ARP and
RARP
Course Map
1-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Network Protocols
Computer networks use protocols to communicate. Protocols define the
procedures to be followed by the systems involved in the communication
process. A data communication protocol is a set of rules that must be
followed for two electronic devices to communicate with each other.
These rules describe:
Functions of Protocols
A protocol defines how systems can communicate and facilitates
communication between software, firmware, and other devices in data
transfer.
Each protocol provides a function essential for data communication. Each
software module that implements a protocol can be developed and
updated independently of other modules, as long as the interface between
the modules remains constant.
Many protocols provide and support data communication. Many
protocols are used so that communication can be broken into smaller,
manageable processes. They form a communication architecture, also
known as a protocol stack. The TCP/IP model is a protocol stack used by
the Solaris OS for data communication.
1-2
Each layer has a specific purpose and exists on both the source and
destination hosts.
Model = structure
Layer = functions
Protocol = rules
Simplifies troubleshooting
1-3
Description
Application
Transport
Internet
Network
Interface
RFCs are a frame of reference for describing the protocol architecture and
functions specific to the TCP/IP protocol stack. For a complete listing of
RFCs, visit http://www.ietf.org/rfc.html.
1-4
Detecting errors
Framing packets
TCP/IP Layers
Application Layer
Transport Layer
Internet Layer
Packet
data unit
Hardware Layer
Figure 1-2
Preamble
Figure 1-3
Destination
Address
Source
Address
Type
Data
CRC
Structure of a Frame
1-5
Internet Layer
The Internet layer attempts to ensure that messages reach their
destination system using the most efficient route. Figure 1-4 shows the
position of the Internet layer in the TCP/IP network model. The primary
functions of the Internet layer are:
Application Layer
Transport Layer
Datagram
Internet Layer
1-6
Transport Layer
The Transport layer manages the transfer of application data between
communicating hosts. It also controls the flow of data and defines the
transport quality of the data transmission. Figure 1-5 shows the position
of the Transport layer in the TCP/IP network model.
TCP/IP Layers
Application Layer
Segment
or
datagram
Transport Layer
Internet Layer
Network Interface Layer
Hardware Layer
Figure 1-5
Acknowledgement responses
Sequencing
Flow control
1-7
Application Layer
The top layer of the TCP/IP stack is the Application layer. Figure 1-6
shows the position of the Application layer in the TCP/IP network model.
TCP/IP Layers
Stream
or
Message
Layer 4
Layer 3
Layer 2
Layer 1
Application Layer
Transport Layer
Internet Layer
Network Interface Layer
Hardware Layer
Figure 1-6
1-8
Telnet Protocol
Presenting data If end users specify how they want their data
presented to them, the Application layer makes sure that it reaches
the end users in this format. A common syntax ensures compatibility
between various end-user applications and machines. The
Application layer also provides translations between locally
represented data and data used for transfer between end systems.
1-9
Peer-to-Peer Communication
Peer-to-peer communication occurs when one layer on a system
communicates with a corresponding layer on another system. Figure 1-7
illustrates the peer-to-peer communications between the layers at either
end of a network interaction. For example, the Application layer on the
source system interacts with the Application layer on the destination
system.
Source System
Destination System
Application X
Application Y
User Data
Message
Message or
or
User Data
Application
Layer
A-PDU
Transport Layer
Stream
Stream
Transport Layer
TH
Internet Layer
Network
Interface Layer
Decapsulation
Encapsulation
Application
Layer
A-PDU
IH
T-PDU
NH
I-PDU
Segment
Segment or
or
TH
Datagram
Datagram
IH
Datagram
Datagram
NT
Frame
Frame
NH
Internet Layer
T-PDU
I-PDU
NT
Signal
Hardware Layer
Network
Interface Layer
Hardware Layer
Communication Path
Physical Transmission Medium
TH
= Transport Header
IH
Figure 1-7
1-10
= Internet Header
NH
= Network Header
NT
= Network Trailer
Peer-to-Peer Communication
Figure 1-7 on page 1-10 shows data encapsulation occurring on the source
system.
Data arriving at a destination system is decapsulated. During
decapsulation:
Headers and trailers are removed at each layer before the data is
passed up to the next layer.
1-11
TCP/IP Protocols
TCP/IP Protocols
The following tables describe briefly the common TCP/IP protocols.
Table 1-2 shows a list of Network Interface layer protocols, their
corresponding RFCs, and a short description of each protocol.
Table 1-2 Some TCP/IP Network Interface Layer Protocol Descriptions
RFC
Protocol
Description
1055
SLIP
1661
PPP
1-12
TCP/IP Protocols
Table 1-3 shows a list of Internet layer protocols, their corresponding
RFCs, and a short description of each protocol.
Table 1-3 Some TCP/IP Internet Layer Protocol Descriptions
RFC
Protocol
Description
826
ARP
903
RARP
791, 950,
919, 922
IP
792
ICMP
2401,
2406,
2402,
2407,
2408
IPSecrelated
RFCs
Protocol
Description
793
TCP
768
UDP
1-13
TCP/IP Protocols
Table 1-5 shows a list of some Application layer protocols, their
corresponding RFCs, and a short description of each protocol.
Table 1-5 Some TCP/IP Application Layer Protocol Descriptions
RFC
Protocol
Description
1034, 1035
DNS
959
FTP
854, 855
Telnet
1258, 1280
Remote login
2131
DHCP
2821
SMTP
1157
SNMP
1939
POP3
2060
IMAP4
1-14
TCP/IP Protocols
Table 1-5 Some TCP/IP Application Layer Protocol Descriptions (Continued)
RFC
Protocol
Description
1945, 2068
None
HTTP
HTTPS
None
SSH
1-15
Preparation
There is no preparation for this exercise.
Tasks
Perform the following steps:
1.
List the layers of the TCP/IP network model by their name and
function.
Name:_______________________________________________________
Function: ____________________________________________________
Name:_______________________________________________________
Function: ____________________________________________________
Name:_______________________________________________________
Function: ____________________________________________________
Name:_______________________________________________________
Function: ____________________________________________________
2.
3.
1-16
5.
ARP
b.
IP
c.
TCIP
d.
ICMP
b.
c.
d.
Headers and trailers are added before the data is passed down
to the next layer.
1-17
Exercise Summary
Exercise Summary
!
?
1-18
Experiences
Interpretations
Conclusions
Applications
Exercise Solutions
Exercise Solutions
Solutions to the exercise are as follows:
1.
List the layers of the TCP/IP network model by their name and
function.
Name: Application
Function: Consists of user-accessed application programs and network
services. This layer is also responsible for defining the way in which
cooperating networks represent data.
Name: Transport
Function: Manages the transfer of data using connection-oriented and
connectionless transport protocols.
Name: Internet
Function: Manages data addressing and delivery between networks, as well
as fragmenting data for the Network Interface layer.
Name: Network Interface
Function: Manages the delivery of data across the physical network. This
layer provides error detection and packet framing.
2.
3.
1-19
Exercise Solutions
4.
5.
1-20
ARP
b.
IP
d.
ICMP
d.
Headers and trailers are added before the data is passed down to the
next layer.
Module 2
The course map in Figure 2-1 shows how this module fits into the current
instructional goal.
Introducing LANs
and Their
Components
Figure 2-1
Describing
Ethernet
Interfaces
Describing
ARP and
RARP
Course Map
2-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Bus Topologies
The bus configuration was the typical LAN topology for the original
Ethernet network specification. A typical bus configuration has coaxial
cables running through an area. Systems are attached at points along the
cable to enable communication with each other. The bandwidth of the
cable is shared between all the systems connected to the cable. Figure 2-2
shows an example of a bus configuration.
Figure 2-2
2-2
Bus Configuration
Star Topologies
The LAN topology in a star configuration uses a central location, or hub,
from which a number of signal-carrying cables extend to each individual
device on a branch. Star configurations are well suited to many of todays
LAN network methodologies.
An intelligent hub controls:
Note A non-intelligent hub does not make any decisions about which
ports to send data. This essentially makes star configurations behave
exactly like bus configurations from the point of view of the nodes. A
benefit of the star configuration is that a fault on the cable to a node
affects only that node.
Depending upon the LAN methodology, there is a limit to the number of
segments that can be linked together. Figure 2-3 shows an example of the
star configuration.
Hub
Figure 2-3
Star Configuration
2-3
Ring Topologies
In a ring configuration, the output of one node connects to the input of the
next node. Each node in the ring is between two other nodes. In a ring
network, if one node stops functioning the ring can be broken, which
affects communication on the network.
With the invention of the intelligent central hub, a ring configuration can
be implemented with the reliability of a star configuration. The reliability
is a result of the intelligent hubs ability to bypass a non-functioning node
in the ring. Figure 2-4 shows a star-wired ring configuration.
Figure 2-4
2-4
Ring Configuration
VLAN Topologies
Virtual local area network (VLAN) topologies are becoming increasingly
popular. A VLAN topology is implemented with a central device that
supports VLAN technology. All systems are physically connected to the
same device; however, the device is configured with multiple logical
networks (the VLANs) that have one or more ports on the switch assigned
to them. For example, on an 8-port switch, ports 1, 2, 5, and 6 can be
assigned to network A, while ports 3, 4, 7, and 8 can be assigned to
network B. The traffic on network A is separated from the traffic on
network B, and traffic does not pass between the two networks. Ports can
be assigned to different VLANs based on port number, the hardware or
software address of the systems, or the protocols used by the systems.
Using VLANs reduces the size of broadcast domains. You can move
computer systems between VLANs without any hardware configuration.
Although the term VLAN is in common use, every vendor provides their
own VLAN implementation and enhancements. This makes the task of
defining the term VLAN difficult.
Figure 2-5 shows an example of a network with all systems on the same
broadcast domain.
2-5
2-6
VLAN Configurations
Figure 2-7
2-7
IEEE Identifiers
For the various types of LANs, the IEEE identifier indicates the types of
media used. These identifiers include three pieces of information:
Speed = 10 Mbs
Figure 2-8
2-8
10 BASE-5
Segment Length
= 500 Meter
10 BASE-T
Type of Media
= Twisted Pair
2-9
2-10
2-11
Repeaters
Repeaters are devices that amplify and regenerate the data signal, bit by
bit, to extend the distance of the transmission. A repeater does not read or
interpret the data.
Hubs
Shared hubs are the central devices of a star topology network. The hubs
connect all the hosts in a twisted-pair Ethernet installation. Hubs are
typically used in small LANs in which network performance is not
critical. Collisions commonly occur on a network implementing hubs
because the collision domain consists of all systems connected to the hub.
Bridges
A bridge is a network-layer device that reads and interprets addresses for
filtering or forwarding packets. Bridges connect two or more network
segments. Collisions commonly occur on a bridged network because the
collision domains often consist of more than one system.
Switches
Switches are multiport devices that control the logical dynamic
connection and disconnection between any two cable segments. Switches
are high-bandwidth devices because multiple data paths can be
established and used simultaneously.
Switches reduce the number of collisions on a network by replacing a
single shared data path with multiple dedicated data paths.
2-12
Hub
10BASE-T
Hub
10BASE-T
Ethernet Switch
10BASE-T
Hub
100BASE-T
10BASE-T
10BASE-T
Hub
Figure 2-9
Hub
Ethernet Switches
2-13
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
Tasks
To test your knowledge about common LAN terminology, answer the
following questions:
1.
2-14
_____
Star topology
a.
_____
VLAN topology
b.
_____
100BASE-TX
c.
_____
Category 5
d.
_____
Switch
e.
_____
Shared hub
f.
3.
Ring
b.
Star
c.
Bus
d.
Wing
10BASE-5
b.
10BASE-2
c.
100BASE-FX
d.
10BASE-T
e.
100BASE-T4
f.
100BASE-TX
2-15
Exercise Summary
Exercise Summary
!
?
2-16
Experiences
Interpretations
Conclusions
Applications
Exercise Solutions
Exercise Solutions
Solutions to the exercise are as follows:
1.
Star topology
a.
VLAN topology
b.
100BASE-TX
c.
Category 5
d.
Switch
e.
Shared hub
f.
2-17
Exercise Solutions
2.
3.
2-18
Ring
b.
Star
c.
Bus
100BASE-FX
e.
100BASE-T4
f.
100BASE-TX
Module 3
The course map in Figure 3-1 shows how this module fits into the current
instructional goal.
Introducing LANs
and Their
Components
Figure 3-1
Describing
Ethernet
Interfaces
Describing
ARP and
RARP
Course Map
3-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Ethernet packets, called frames These are units of data sent across
the network.
3-2
Multiple
Access
Carrier
Sense
traffic on the
a message.
Is there
Yes
network?
No
Collision
Detect
Was there
No
a collision?
Yes
Success.
Send the
jam signal.
Figure 3-2
Structure of CSMA/CD
3-3
Ethernet Statistics
The netstat command provides statistics on network-related
information, such as the collision rate. In a shared-media topology,
collisions occur frequently. The more transmitting nodes there are on a
network, the greater the likelihood that collisions occur because of an
increase in network traffic. The collision rate increases exponentially until
there is almost no throughput of data.
To display the current usage of the Ethernet interfaces, execute the
netstat command with the -i option, for example:
# netstat -i
Name Mtu Net/Dest
lo0
8232 loopback
hme0 1500 sys11
#
Address
localhost
sys11
Ipkts
52559
18973
Ierrs Opkts
0
52559
0
30292
Collision Rates
Collisions occur when two or more systems attempt to transmit data on
the network at the same time. Collision rates indicate the number of
collisions that occur on a network. Use collision rates to diagnose network
performance problems that are caused by collisions on a network.
To compute the collision rate, multiply 100 by the number of collisions,
and divide the product by the total number of output packets.
For example, assume that the netstat command reports 12 collisions and
1302 output packets. Calculate the collision rate as follows:
100 * 12 / 1302 = 1.0 percent collision rate
3-4
A faulty cable
A faulty interface
3-5
Ethernet Addresses
An Ethernet address is the devices unique hardware address. An
Ethernet address is sometimes referred to as a media access control
(MAC) address. An Ethernet address is 48 bits long and is displayed as
12 hexadecimal digits (six groups of two digits) separated by colons. An
example of an Ethernet address is 08:00:20:1e:56:7d.
For systems configured to have more than one interface on the same
physical subnet, you need a unique Ethernet address that is different from
the primary host-based assigned Ethernet address.
3-6
Unicast Addresses
Unicast addresses are used for one-to-one communication. The system
uses a unicast address to send a message to another system on the local
Ethernet network. You can use a systems unique Ethernet address as a
unicast address.
Broadcast Addresses
A device uses a broadcast address to send messages to all systems on the
local Ethernet network. The Ethernet broadcast address is represented in
the form of all 1s in binary format and as ff:ff:ff:ff:ff:ff in
hexadecimal format. When the Network Interface layer receives an
Ethernet frame with a destination address of all 1s, it passes the address to
the next layer for processing.
Multicast Addresses
A system uses a multicast address to send a message to a subset of
systems on the local Ethernet. In Ethernet multicast addressing, the value
of the first three octets determines if the address is multicast. The last
three octets determine the specific multicasts group identity.
3-7
3-8
3-9
tet
Loc
atio
n:
1-6
7-1
Pre
13-
am
64
ble
Bits
14
D ad
dr
4
8 B
its
15-
S ad
dr
48
Bits
151
4 (M
a
xim
um
Las
Typ
e
16
Bits
t 4
Oc
tets
(Ma
Da
ta
um
150
0
xim
Byt
es)
CR
32
Figure 3-3
Bits
Ethernet-II Frame
Note There are two common Ethernet frame formats: the Ethernet-II
format and the logical link control (802.3) format. The primary difference
between these formats is that in the Ethernet-II format, the fourth field is
a type field, while in the 802.3 format, the fourth field is a frame length
field. In the TCP/IP environments, typically the Ethernet-II frame format
is used.
3-10
Description
Preamble
D addr
S addr
Type
Data
CRC
3-11
Application
Layer
Application Data
Transport
Layer
Transport Datagram
Internet
Layer
Network
Interface
Layer
Internet Datagram
1500-byte Payload
Hardware Layer
Figure 3-4
3-12
Definition
Runts
Packets that are less than 64 bytes, including the header, are
too short and are discarded. Runts are usually caused by
collisions. These can be formed by poor wiring and
electrical interference.
Jabbers
Long
Giant
Bad CRC
3-13
mode)
Who is 192.168.1.3, sys13 ?
Who is 192.168.1.2, sys12 ?
Who is 192.168.1.1, sys11 ?
3-14
3-15
0.00000
0.00000
0.00000
0.00010
0.00010
0.00010
To filter out specific protocols or portions of the network trace, pipe the
output from the snoop -i command through the egrep command.
For example, the egrep -iv 'nfs|ack|contin|ftp|ip' command
ignores case (-i) and prints all lines except (-v) lines that contain the
patterns nfs, ack, contin, ftp, and ip.
# snoop -i /tmp/snooper -V | egrep -iv 'nfs|ack|contin|ftp|ip'
...
1
0.00000
0.00010
...
2
3-16
Mtu Net/Dest
8232 loopback
1500 sys11
Address
localhost
sys11
Ipkts
83505
21775
Ierrs Opkts
0
83505
0
53541
Table 3-3 shows the descriptions of the output fields from the netstat
command.
Table 3-3 The netstat Output Field Descriptions
Field
Description
Name
Mtu
Net/Dest
Address
Ipkts
Input packets.
Ierrs
Input errors.
Opkts
Output packets.
Oerrs
Output errors.
Collis
Queue
3-17
rawipInErrors
udpInErrors
tcpRtoMin
400
ipDefaultTTL
255
ipv6DefaultHopLimit =
255
icmpInErrors
icmp6InErrors
3-18
(read
(read
(read
(read
(read
(read
only)
only)
only)
only)
only)
and write)
ndd
ndd
ndd
ndd
/dev/arp \?
/dev/ip \?
/dev/icmp \?
/dev/tcp \?
Sun Microsystems does not currently provide extensive ndd parameter
documentation, except for network card configuration.
3-19
Use the ndd command to set parameters that are valid until you
reboot the system. A good way to test parameter settings is by using
the ndd command on the command line.
3-20
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
Tasks
Perform the following steps:
1.
_____
MTU
a.
_____
Unicast
b.
_____
Preamble
c.
_____
Encapsulation
d.
_____
Packet
e.
_____
Frame
f.
_____
Type field
g.
3-21
# man snoop
Look at the various modes and options for capturing and viewing
frames available to you.
a.
b.
c.
d.
3.
4.
5.
b.
3-22
Stop the snoop utility that is currently running, and restart the snoop
utility in verbose mode. Capture only broadcast frames.
Write the command that you use:
_____________________________________________________________
7.
In the terminal window logged in to the remote host, execute the rup
command again. Observe the format of the output from the snoop
utility running in verbose mode.
8.
Stop the snoop utility, and execute the snoop utility in verbose
summary mode, capturing only broadcast frames.
Write the command that you use:
_____________________________________________________________
9.
10. Log off of the remote host, and quit all instances of the snoop utility
that you are running.
Note While you might not understand everything that you see in this
section of the exercise, you should at least become familiar with the
command syntax, options, and output format of the ndd command. The
results of the exercise vary, depending on the type of network interface in
the system.
3-23
3-24
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
3-25
Exercise Solutions
Exercise Solutions
Solutions to the exercise are as follows:
1.
MTU
a.
Unicast
b.
Preamble
c.
Encapsulation
d.
Packet
e.
Frame
f.
Type field
g.
2.
# man snoop
Look at the various modes and options for capturing and viewing
frames available to you.
a.
b.
-S
-o filename
3-26
Exercise Solutions
c.
d.
-v
-d interface name
3.
# netstat -i
The hme0 interface, the qfe0 interface, or perhaps the eri0 interface,
depending on your system. The purpose of the network interface is to
provide access to the LAN.
4.
# snoop broadcast
5.
b.
Now you use different options of the snoop utility to provide different
amounts of output.
6.
Stop the snoop utility that is currently running, and restart the snoop
utility in the verbose mode. Capture only the broadcast frames.
# snoop -v broadcast
7.
In the terminal window logged in to the remote host, execute the rup
command again. Observe the format of the output from the snoop
utility running in the verbose mode.
8.
Stop the snoop utility, and execute the snoop utility in verbose
summary mode, capturing only broadcast frames.
# snoop -V broadcast
3-27
Exercise Solutions
9.
10. Log off of the remote host, and quit all instances of the snoop utility
that you are running.
Note While you might not understand everything that you see in this
section of the exercise, you should at least become familiar with the
command syntax, options, and output format of the ndd command. The
results of the exercise vary, depending on the type of network interface in
the system.
In this part of the exercise, you manipulate a specific interface on your
system.
11. Use the appropriate argument of the ndd command to make sure
that any instance information retrieved is for the primary network
interface.
# ndd -set /dev/hme instance 0
12. Use the ndd command to determine the value of the link_status
parameter of the primary network interface on your system. A status
of 0 indicates that the interface is down. A status of 1 indicates that
the interface is up.
# ndd /dev/hme link_status
3-28
Exercise Solutions
13. What command do you use to make the ndd command set your
systems link_status parameter to 0?
# ndd -set /dev/hme link_status 0
14. Use the ndd command to determine the read and write attributes of
ndd parameters for your interface driver. For example, if your
systems interface is an hme0 interface, use /dev/hme as the
parameter.
# ndd /dev/device_of_interest \?
Do you expect your command from Step 13 to work if you entered it
at the command line as the root user? Why?
The command would fail because the link_status parameter is read only.
3-29
Module 4
Describe ARP
Describe RARP
The course map in Figure 4-1 shows how this module fits into the current
instructional goal.
Introducing LANs
and Their
Components
Figure 4-1
Describing
Ethernet
Interfaces
Describing
ARP and
RARP
Course Map
4-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Introducing ARP
Introducing ARP
ARP is the method used to map a 32-bit IP address to a 48-bit Ethernet
address.
Purpose of ARP
The ARP function occurs between the Internet and Network Interface
layers of the TCP/IP model. Figure 4-2 shows the location of the ARP
function in the model.
TCP/IP Layers
Application Layer
Transport Layer
Internet Layer
ARP
Network Interface Layer
Hardware Layer
Figure 4-2
Destination
Ethernet
Address
Figure 4-3
Source
Ethernet
Address
Type
Data
Cyclic
Redundancy
Check
Ethernet Frame
When two systems need to communicate, they need each others Ethernet
addresses. ARP supplies the destination Ethernet address information if
the sending system does not already know the destination address.
4-2
Introducing ARP
Operation of ARP
If the final destination (receiving system) of the message being sent is on
the same LAN as the sending system, only one address resolution is
required. If the final destination is on a different network, an address
resolution might be required on each network that the message traverses
on the path to its final destination.
Figure 4-4 shows a simplification of the address resolution process.
192.168.1.1
sys11
1
Who is 192.168.1.3?
192.168.1.3 is 8:00:20:c0:78:73
Figure 4-4
192.168.1.3
sys13
192.168.1.2
sys12
For example, assume that the sys11 system must communicate with the
sys13 system:
1.
2.
3.
The sys12 and sys13 systems recognize that the ARP request
contains the IP address and the Ethernet address of the sys11
system, and add this information to their ARP tables if it is not
already present. This type of entry is known as an unsolicited entry
because the information was not explicitly requested.
4-3
Introducing ARP
4.
The sys13 system identifies its own IP address in the ARP request
and sends an ARP reply to the sys11 system. The ARP reply
includes the Ethernet address of the sys13 system, and it is sent
using the unicast Ethernet address of the sys11 system
(8:0:20:b9:72:23).
5.
The sys11 system receives the ARP reply and stores the information
about sys13 in its ARP table. This type of entry is a solicited entry
because the sys11 system requested the information.
ARP Table
ARP responses are stored in the ARP table so that the information is
available if it is required again in the near future. The ARP table, held in
memory, stores IP addresses and Ethernet addresses. This table is read
each time a destination Ethernet address is required to prepare an
Ethernet frame for transmission. If an Ethernet address does not appear in
the ARP table, an ARP request is sent to the local network. Other hosts
that see the ARP request also update their ARP table with the IP and
Ethernet addresses of the requesting host.
Use the ndd /dev/ip ip_ire_arp_interval command to display the
length of time that solicited ARP entries are cached. The default value is
1200000. This value is stored in milliseconds and translates to 20 minutes.
Use the ndd /dev/arp arp_cleanup_interval command to display
the length of time that unsolicited ARP entries are cached. The default
value is 300000. This value is stored in millisecond and translates to
5 minutes.
Solicited entries are those for which an Ethernet address was asked
specifically by a host, whereas unsolicited entries are a result of storing
information learned about a host that was performing an ARP request on
the local network.
4-4
Introducing ARP
Mask
--------------255.255.255.255
255.255.255.255
240.0.0.0
Flags
Phys Addr
----- --------------08:00:20:c0:78:73
SP
08:00:20:b9:72:23
SM
01:00:5e:00:00:00
The fields displayed in the output from the arp -a command are shown
in Table 4-1.
Table 4-1 ARP Fields
Field
Description
Device
IP
Address
Mask
Flags
Phys Addr The physical address for the entry, also known as the MAC
or the Ethernet address.
4-5
Introducing ARP
To examine a specific ARP table entry, type the command:
# arp hostname
where hostname is the name of the host or its decimal-dot notated IP
address. For example:
# arp sys13
sys13 (192.168.1.3) at 8:0:20:c0:78:73
#
Information about any flags is also displayed. For example:
# arp sys11
sys11 (192.168.1.1) at 8:0:20:b9:72:23 permanent published
#
The keyword permanent relates to the S flag. The keyword published
refers to the P flag.
To add a static (until reboot) ARP table entry, type the command:
# arp -s hostname ethernet_address
The preceding command overrides the default time-to-live (TTL) value for
ARP table entries by creating a static entry. For example, to add a hosts
Ethernet address manually to the ARP table, type the command:
# arp -s 192.168.1.99 1:2:3:4:5:6
Use the arp and grep commands to search for the new table entry:
# arp -a | grep 99
hme0
192.168.1.99
#
255.255.255.255 S
01:02:03:04:05:06
4-6
Introducing ARP
To add ARP table entries from a file, execute the command:
# arp -f filename
Entries in the file can be in the following form:
4-7
Introducing ARP
ARP:
ARP:
ARP:
ARP:
ARP:
ARP:
ARP:
ARP:
ARP:
4-8
Introducing RARP
Introducing RARP
RARP is the method used to map a 48-bit Ethernet address to a 32-bit IP
address.
Purpose of RARP
RARP is one of the protocols that a system can use when it needs to
determine its IP address.
Diskless clients and JumpStart software clients depend upon another
host or server from which to retrieve a network boot file. Each network
boot file has a name that is based on the IP address of each client. To
request the correct network boot file, each client uses RARP to obtain its
IP address at boot time.
Operation of RARP
A system sends a RARP request to the Ethernet broadcast address when
the system is booting and does not have any way to determine what its IP
address will be without requesting the information over the network. Any
system on the subnet running the RARP server daemon (in.rarpd), and
that also has appropriately configured files or network naming service
information, responds with the booting systems IP address.
RARP operations include a request and a reply. The RARP request is
reported as a REVARP request by the snoop utility. For example:
# snoop -v -d hme0 rarp
Using device /dev/hme (promiscuous mode)
ETHER: ----- Ether Header ----ETHER:
ETHER: Packet 1 arrived at 12:52:11.00053
ETHER: Packet size = 64 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source
= 8:0:20:90:b5:c7, Sun
ETHER: Ethertype = 8035 (RARP)
ETHER:
ARP: ----- ARP/RARP Frame ----ARP:
ARP: Hardware type = 1
ARP: Protocol type = 0800 (IP)
4-9
Introducing RARP
ARP:
ARP:
ARP:
ARP:
ARP:
ARP:
ARP:
ARP:
<Control>-C#
The RARP reply is reported as a REVARP reply by the snoop utility. For
example:
# snoop -v -d hme0 rarp
Using device /dev/hme (promiscuous mode)
ETHER: ----- Ether Header ----ETHER:
ETHER: Packet 1 arrived at 12:52:19.00053
ETHER: Packet size = 42 bytes
ETHER: Destination = 8:0:20:90:b5:c7, Sun
ETHER: Source
= 8:0:20:b9:72:23, Sun
ETHER: Ethertype = 8035 (RARP)
ETHER:
ARP: ----- ARP/RARP Frame ----ARP:
ARP: Hardware type = 1
ARP: Protocol type = 0800 (IP)
ARP: Length of hardware address = 6 bytes
ARP: Length of protocol address = 4 bytes
ARP: Opcode 4 (REVARP Reply)
ARP: Senders hardware address = 8:0:20:b9:72:23
ARP: Senders protocol address = 192.168.1.1, sys11
ARP: Target hardware address = 8:0:20:90:b5:c7
ARP: Target protocol address = 192.168.1.2, sys12
ARP:
<Control>-C#
By default, the OpenBoot PROM is configured to use RARP as the
network boot strategy. To force a system to perform a RARP boot, type the
command:
ok boot net:rarp
4-10
Introducing RARP
4-11
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
Be sure to write, in the space provided, any commands that you use
during the exercise so that you can use this exercise as a reference after
you have completed this course.
Work with other students to make sure that you all can see the expected
results in the next part of this exercise.
4-12
Tasks
Perform the following steps:
1.
To communicate with another host, the system must first learn the
Ethernet address of that host.
2.
Issue the ping command to a host in your local network that is not
currently in your ARP table.
_____________________________________________________________
3.
Examine the ARP table again. Observe the new ARP entry for the
host with which your system just communicated.
_____________________________________________________________
4.
Use the arp command to delete all host entries except for the
multicast entry (224.0.0.x) and your hosts own entries.
_____________________________________________________________
5.
6.
Open a terminal on your local host, and check the contents of your
ARP table for another host in your subnet that is not currently listed.
____________________________________________________________
7.
8.
4-13
10. Start the snoop utility in verbose summary mode to filter out all but
the ARP frames.
____________________________________________________________
11. Delete the ARP table entry for the host that you previously used.
____________________________________________________________
12. Use the ping command, and attempt to contact the host again.
____________________________________________________________
13. Examine the output from the snoop utility.
a.
b.
Why?
_______________________________________________________
c.
d.
Why?
_______________________________________________________
_______________________________________________________
_______________________________________________________
14. Use the ping command, and attempt to contact the host again.
____________________________________________________________
15. Examine the output from the snoop utility.
a.
b.
Why?
_______________________________________________________
_______________________________________________________
_______________________________________________________
4-14
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
4-15
Exercise Solutions
Exercise Solutions
Solutions to the exercise are as follows:
1.
# arp -a
Net to Media Table: IPv4
Device
IP Address
------ -------------------hme0
sys13
hme0
sys11
hme0
224.0.0.0
#
Mask
--------------255.255.255.255
255.255.255.255
240.0.0.0
Flags
Phys Addr
----- --------------08:00:20:c0:78:73
SP
08:00:20:b9:72:23
SM
01:00:5e:00:00:00
Explain why the table contents contain the entries reported by the
arp command.
If the system has previously contacted another system on the LAN, an entry
is present. Locally configured interfaces have their own static, published
entries and multicast entries by default. Unsolicited entries generated by
ARP requests from other hosts might also be present.
To communicate with another host, the system must first learn the
Ethernet address of that host.
2.
Issue the ping command to a host in your local network that is not
currently in your ARP table.
3.
Examine the ARP table again. Observe the new ARP entry for the
host with which your system just communicated.
# ping sys12
sys12 is alive
#
# arp -a
Net to Media Table: IPv4
Device
IP Address
------ -------------------hme0
sys13
hme0
sys12
hme0
sys11
hme0
224.0.0.0
#
4-16
Mask
--------------255.255.255.255
255.255.255.255
255.255.255.255
240.0.0.0
Flags
Phys Addr
----- --------------08:00:20:c0:78:73
08:00:20:90:b5:c7
SP
08:00:20:b9:72:23
SM
01:00:5e:00:00:00
Exercise Solutions
4.
# arp
sys12
# arp
sys13
#
Use the arp command to delete all host entries except for the
multicast entry (224.0.0.x) and your hosts own entries.
-d sys12
(192.168.1.2) deleted
-d sys13
(192.168.1.3) deleted
5.
# snoop -V broadcast
Using device /dev/hme (promiscuous mode)
6.
Open a terminal on your local host, and check the contents of your
ARP table for another host in your subnet that is not currently listed.
# arp -a
Net to
Device
-----hme0
hme0
#
8.
# ping sys12
sys12 is alive
#
Why did you receive this result?
The following is observed in the terminal running the snoop utility:
________________________________
sys11 -> (broadcast) ETHER Type=0806 (ARP), size = 42 bytes
sys11 -> (broadcast) ARP C Who is 192.168.1.2, sys12 ?
An address resolution was required because the host did not have the
destination host address information in its ARP table.
The snoop utility is filtering on broadcasts, resulting in the broadcast
requests that are observed in the snoop utilitys output. Recall that ARP
replies are unicasts, which explains why the ARP reply and the ICMP
traffic were not observed.
4-17
Exercise Solutions
9.
Control-C#
10. Start the snoop utility in verbose summary mode to filter out all but
the ARP frames.
# snoop -V arp
Using device /dev/hme (promiscuous mode)
11. Delete the ARP table entry for the host that you previously used.
# arp -d sys12
sys12 (192.168.1.2) deleted
#
12. Use the ping command, and attempt to contact the host again.
# ping sys12
sys12 is alive
#
13. Examine the output from the snoop utility.
________________________________
sys11 -> (broadcast) ETHER
sys11 -> (broadcast) ARP C
________________________________
sys13 -> sys11
ETHER
sys13 -> sys11
ARP R
a.
b.
Why?
The snoop utility is filtering out all but the ARP packets.
c.
d.
Why?
The snoop utility is filtering out all but ARP packets. The ARP
responses are unicast but are still ARP packets.
14. Use the ping command, and attempt to contact the host again.
# ping sys12
sys12 is alive
#
4-18
Exercise Solutions
15. Examine the output from the snoop utility.
No output is seen from the snoop utility.
a.
b.
Why?
The system resolved the destination Ethernet address by using its local
ARP table; therefore, an ARP request was unnecessary. The snoop
utility filters out all but ARP packets, which explains why you did not
see any ARP traffic resulting from the ping command.
4-19
Module 5
Configuring IP
Objectives
This module describes the features of IP, including the purpose of IP, the
IP datagram, and IP address types. This module also describes subnetting
and the variable length subnet mask (VLSM). Additionally, this module
explains the purpose of interface configuration files and describes how to
configure logical interfaces.
Upon completion of this module, you should be able to:
5-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Objectives
The course map in Figure 5-1 shows how this module fits into the current
instructional goal.
Configuring
IP
Configuring IP
Network
Multipathing
Configuring
IPv6
Figure 5-1
5-2
Configuring
Routing
Describing
the Transport
Layer
Course Map
Purpose of IP
IP is provided by a loadable kernel module and has two main functions.
IP provides:
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-3
Purpose of ICMP
ICMP enables IP on one system to send control and error messages to IP
on other systems. This communication can include a control message,
such as a routing redirect, or an error message, such as Network is
unreachable. Network administrators and system utilities, such as the
traceroute command, use this error messaging feature as a diagnostic
tool.
Destination unreachable
Router advertisement
Router solicitation
Redirect
Time exceeded
Code
Checksum
Unused
Figure 5-2
5-4
Code
Checksum
Figure 5-3
Figure 5-4 shows an ICMP header for an echo request or echo reply
message.
0
2
1
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Type
Code
Identifier
Figure 5-4
Checksum
Sequence Number
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-5
4 Bits
4 Bits
4 Bits
Versio
n Heade
Lengt r
h
Datag
Type
Servicof
e
ram Id
Time t
o
Live
4 Bits
4 Bits
4 Bits
Datag
ram L
entifie
Flags
ent Of
fset
ol
Check
Sourc
sum
e IP A
ddres
Destin
ation I
tions a
Figure 5-5
5-6
ength
Fragm
Protoc
IP Op
4 Bits
nd Pa
P Add
dding
ress
If Req
uired
4 Bits
Description
Version
Header length
Type of service
Datagram length
Datagram
identifier
Flags
Fragment offset
Time to live
Protocol
Checksum
Source IP address
Destination IP
address
IP options and
padding
Refer to RFC 791 for detailed information about the header fields.
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-7
IP Datagram Payload
The IP datagram payload can contain any one of the following: a UDP
datagram, a TCP segment, an ICMP message, or an Internet Group
Management Protocol (IGMP) message.
5-8
Unicast Addresses
Unicast addresses identify a single interface on a network. Unicast
addresses are used when a system needs to communicate with another
system. There are three classes of unicast addresses: Class A, Class B, and
Class C. The value of the high-order bits (first three bits) determines which
portion of the IPv4 address is the network number and which portion is
the host number. This addressing scheme is called classful IPv4 addressing.
Class A Addresses
Class A addresses are for very large networks and provide 16,777,214 host
addresses. Figure 5-6 shows the beginning of the address in binary format.
0
1 - 127
Figure 5-6
Example: 10.102.2.113
If the first bit is 0, that bit and the next seven bits define the network
number, and the remaining 24 bits define the host number. This makes
possible up to 128 Class A networks.
The Internet Assigned Numbers Authority (IANA) has reserved the
Class A network 10.0.0.0 10.255.255.255 for private networks. These
addresses are not routed in the Internet. Refer to RFC 1918 for additional
details. In addition, the 127.0.0.0 address range cannot be used because
127.0.0.1 is reserved for the loopback interface.
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-9
Class B Addresses
Class B addresses are for large networks and provide 65,534 host
addresses. Figure 5-7 shows the beginning of the address in binary format.
10
Example: 129.150.254.2
If the first two bits are 10, those two bits and the next 14 bits define the
network number, and the remaining 16 bits define the host number. This
makes possible 16,384 Class B networks. The IANA has reserved the
Class B networks 172.16.0.0172.31.255.255 for private networks.
These addresses are not routed in the Internet. Refer to RFC 1918 for
additional details.
Class C Addresses
Class C addresses are for small-sized and medium-sized networks and
provide 254 host addresses. Figure 5-8 shows the beginning of the address
in binary format.
110
0 - 255
Example: 192.9.227.13
If the first three bits are 110, those three and the next 21 bits define the
network number, and the remaining eight bits define the host number.
This makes possible up to 2,097,152 Class C networks. The IANA has
reserved the Class C networks 192.168.0.0192.168.255.255 for
private networks. These addresses are not routed in the Internet. Refer to
RFC 1918 for additional details.
5-10
Broadcast Addresses
A broadcast address is the address that reaches all systems on a particular
network. A broadcast means that data is sent to all of the hosts on the
LAN. In the Solaris 10 OS, the default broadcast address is an address that
has a host number of all ones when represented in binary. An example of
a broadcast address is 192.168.1.255. You use the ifconfig command
to configure an interfaces broadcast address.
Multicast Addresses
Multicasting is a very efficient way to send large amounts of data to many
systems at the same time. A multicast address identifies interfaces that
belong to a specific multicast group. Packets that are sent to a multicast
address are received by all interfaces that are associated with the multicast
address. Figure 5-9 shows the beginning of a multicast address in binary
format.
1110
0 - 255
0 - 255
Example: 224.0.1.8
Figure 5-9
Multicasting
If the first four bits are 1110, which makes the first field an integer value
between 224 and 239, the address is a multicast address. The remaining
28 bits comprise a group identification number for a specific multicast
group. An IPv4 multicast address is a destination address for one or more
hosts, while a Class A, B, or C address is an address for an individual
host. The IPv4 multicast address maps to an Ethernet multicast address so
that the network interface listens for a multicast traffic. The low-order
23 bits of the IPv4 multicast address are placed into the low-order 23 bits
of the Ethernet multicast address. Therefore, an IPv4 multicast address of
224.0.0.1 maps to 01:00:5e:00:00:01.
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-11
Subnetting
You can divide a network into subnets to do the following:
Figure 5-10 shows the basic idea of subnetting, which is to divide the
standard host number field into two parts: the subnet number and the
host number on that subnet.
Two-level Hierarchy
Network Number
Host Number
Three-level Hierarchy
Network Number
Subnet Number
Host Number
5-12
Netmasks
An IP address contains both the network on which the Solaris OS is
located and the host number on the network assigned to that system. In a
subnet environment, you need to be able to determine how much of the IP
address represents the network and how much of the IP address
represents the host number. The netmask is the mechanism by which this is
determined.
Each IP address has a netmask associated with it. A netmask is 32 bits in
length. Each bit in the netmask is used to state whether the corresponding
bit in the IP address forms part of the network number or the host
number. The bit values are associated with either the network number or
the host number as follows:
1
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-13
5-14
Network Number
Broadcast Address
172.16.0.0
172.16.31.255
172.16.32.0
172.16.63.255
172.16.64.0
172.16.95.255
172.16.96.0
172.16.127.255
172.168.128.0
172.16.159.255
172.168.160.0
172.16.191.255
172.168.192.0
172.16.223.255
172.168.224.0
172.16.255.255
Contiguous Netmasks
Each bit in a netmask is independent of any other bit. It is possible to have
netmasks in which the 1s and 0s are interleaved, but this is not
recommended. RFC 950 recommends the use of contiguous subnet masks
only. A contiguous subnet mask is one that uses only contiguous,
high-order bits (that is, the netmask consists of a sequences of 1s followed
by a sequence of 0s). For example:
11111111 11111111 11111111 11110000
Noncontiguous Netmasks
Although RFC 950 recommends the use of contiguous subnet masks only,
nothing prevents the use of noncontiguous subnet masks. For example:
11111111 11111111 11111111 01001010
Using noncontiguous subnet masks makes administration of the network
more difficult and should be avoided if at all possible.
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-15
Dot-separated decimals
A + (plus) sign
For example:
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
# ifconfig hme0 down
# ifconfig hme0 netmask 255.255.240.0
# ifconfig hme0 up
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask fffff000 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
#
5-16
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-17
5-18
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-19
VLSM
RFC 950 specifies how an IP network could use subnet masks. When an IP
network is assigned more than one subnet mask, it is considered a
network with VLSMs because the extended-network numbers have
different lengths at each subnet level.
Two of the main advantages to assign more than one subnet mask to a
given IP network number are:
255.255.0.0
255.255.255.0
255.255.255.224
Note VLSM subnet masks syntax has been recognized since the
Solaris 2.6 OS.
Figure 5-11 shows these additional subnet and host addresses.
16-bit
24-bit
27-bit
Subnet Mask
Subnet Mask
Subnet Mask
12.0.0.0
12.1.0.0
12.2.0.0
12.3.0.0
.
.
.
12.252.0.0
12.253.0.0
12.254.0.0
12.3.1.0
12.3.2.0
12.3.3.0
.
.
.
12.3.252.0
12.3.253.0
12.3.254.0
12.3.254.0
12.3.254.32
12.3.254.64
.
.
.
12.3.254.192
12.3.254.224
5-20
11111111
11111111
11111100
00000000
1024 Two Hosts Per Subnet
64 Subnets
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-21
5-22
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-23
5-24
driver-name physical-unit-number
For example:
hme0
qfe3
Logical interfaces have names of the form:
driver-name physical-unit-number:logical-unit-number
For example:
hme0:1
qfe3:1
Figure 5-13 shows how a system with one interface can appear as two
different systems.
192.168.1.1
www.sys11.com
192.168.1.1
hme0:1 192.168.1.99
www.sys11.com
www.sys99.com
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-25
5-26
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-27
5-28
Exercise: Reviewing IP
Exercise: Reviewing IP
In this exercise, you define logical interfaces in two ways: by explicitly
naming the logical interface and by using a command to automatically
add the next available logical interface.
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
Task Summary
In this exercise, you accomplish the following:
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-29
Exercise: Reviewing IP
Tasks
Complete the following steps:
1.
2.
3.
4.
5.
5-30
Exercise: Reviewing IP
6.
7.
8.
9.
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-31
Exercise Summary
Exercise Summary
!
?
5-32
Experiences
Interpretations
Conclusions
Applications
Exercise Solutions
Exercise Solutions
Solutions to the exercise are as follows:
1.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
#
2.
3.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
hme0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.18.1.2 netmask ffffff00 broadcast 172.18.1.255
#
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-33
Exercise Solutions
4.
5.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
hme0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.18.1.2 netmask ffffff00 broadcast 172.18.1.255
hme0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.19.1.2 netmask ffffff00 broadcast 172.19.1.255
#
6.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
hme0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.19.1.2 netmask ffffff00 broadcast 172.19.1.255
#
5-34
Exercise Solutions
8.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
Configuring IP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
5-35
Module 6
Describe IP multipathing
Implement IP multipathing
The course map in Figure 6-1 shows how this module fits into the current
instructional goal.
Configuring
IP
Configuring IP
Network
Multipathing
Configuring
IPv6
Figure 6-1
Configuring
Routing
Describing
the Transport
Layer
Course Map
6-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
qfe0
qfe1
qfe2
qfe3
Server
Client
Figure 6-2
6-2
IPMP Configuration
Introducing IPMP
IPMP enables the Solaris 10 OS to recover from network path failures.
IPMP also provides increased throughput by spreading the outbound
load across interfaces when multiple network adapters are connected to
the same IP network, such as to the same Ethernet switch.
If a failure occurs in the network link and an alternate adapter is
configured, the IP address fails over. The network access changes
automatically from the failed adapter to the new adapter, providing
uninterrupted access to the network.
IPMP has the following features:
6-3
6-4
6-5
The data address for the hme0 interface remains as 192.168.1.1, and the
data address for the qfe1 interface is 192.168.1.21.
6-6
2.
3.
Define IP addresses.
4.
5.
6.
You must know the state of the system if you need to restore it. Before
making any changes to the system, view the systems interface
configuration by executing the command:
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
#
6-7
6-8
Purpose
sys11
netmask +
broadcast +
group mpgrp-one
up
addif sys11-test-hme0
deprecated
-failover
6-9
6-10
6-11
The data address for the hme0 interface remains 192.168.1.1, and the
data address for the qfe1 interface is 192.168.1.21.
To configure IPMP, complete the following steps, which are described in
greater detail in the next sections.
6-12
1.
2.
3.
Configure IP addresses.
4.
5.
6.
7.
8.
6-13
6-14
6-15
6-16
6-17
Note Before the Solaris 10 OS, the in.mpathd daemon was started
during the execution of the /etc/rc2.d/S69inet start script.
6-18
6-19
6-20
hme
eri
ce
ge
bge
qfe
dmfe
2.
3.
Define IP addresses.
4.
5.
6.
You must know the state of the system if you need to restore it. Before
making any changes to the system, view the systems interface
configuration by executing the command:
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
6-21
6-22
6-23
6-24
To view the current status of the network interfaces, use the ifconfig
command:
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=89000842<BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,OFFLINE> mtu 0 index 2
inet 0.0.0.0 netmask 0
groupname ipmp_group0
ether 8:0:20:b9:72:23
hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.1.21 netmask ffffff00 broadcast 192.168.1.255
groupname ipmp_group0
ether 8:0:20:ac:9b:21
hme1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
Notice, that the IP address of the hme0 interface is 0.0.0.0, and a new
logical interface hme1:1 is created on the remaining physical interface
hme1. The new logical interface has the IP address (192.168.1.1) that
was assigned to the physical hme0 interface before it failed.
Reattach the hme0 interface, to force a failback:
# if_mpadm -r hme0
The message on the console indicates that the failback was successful:
Dec 16 13:41:47 sys11 in.mpathd[119]:Successfully failed back to NIC hme0
6-25
6-26
6-27
6-28
Note This message appears in the console window and is not seen if you
are using an xterm or dtterm window.
The message indicates that the fail back was successful. To view the status
of the interfaces, use the ifconfig command:
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
groupname mpgrp-one
ether 8:0:20:b9:72:23
hme0:1: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 2
inet 192.168.1.51 netmask ffffff00 broadcast 192.168.1.255
qfe1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.1.21 netmask ffffff00 broadcast 192.168.1.255
groupname mpgrp-one
ether 8:0:20:ac:9b:21
qfe1:1: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 3
inet 192.168.1.71 netmask ffffff00 broadcast 192.168.1.255
#
The hme0 interface is reassigned its original IP address, and the qfe1:2
logical interface is removed automatically.
6-29
6-30
6-31
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
At least two interfaces of the same type (for example, Ethernet) are
required for this exercise. Verify that your system meets the minimum
requirements and has enough network cabling before you continue. Work
with another student if your system does not have enough interfaces.
Caution Remove any interfaces that you configured that are not part of
previous exercises before starting this exercise.
You need the following information when you configure IPMP in this
exercise:
6-32
The IPMP group name This name is required for each physical
interface that will be part of the IPMP group.
6-33
Tasks
Complete the following steps:
1.
2.
Verify that your system has a supported version of the Solaris OS.
Write the command that you use:
_________________________________________________
3.
4.
5.
6.
7.
8.
Edit your /etc/inet/hosts file, and add entries for the interfaces.
Use comments to help limit confusion.
Write the command that you use:
_____________________________________________________________
_____________________________________________________________
_____________________________________________________________
6-34
b.
c.
11. Configure a test interface for the physical interface that you just
assigned to an IPMP group. Be sure to set the appropriate netmask
and broadcast addresses. Deprecate the interface, and configure
failover appropriately. Then, configure the interface so that it is up.
Write the command that you use:
_____________________________________________________________
_____________________________________________________________
6-35
b.
13. Configure a test interface for the physical interface that you just
configured. Be sure to configure the netmask and broadcast
addresses. Deprecate the interface, and configure failover
appropriately. Then, configure the interface so that it is up.
Write the command that you use:
_____________________________________________________________
14. Work with another teammate for this step. Have your teammate:
a.
b.
c.
d.
6-36
b.
c.
d.
6-37
6-38
a.
b.
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
6-39
Exercise Solutions
Exercise Solutions
Solutions to the exercise are as follows:
1.
2.
Verify that your system has a supported version of the Solaris OS.
# dtterm -C &
# cat /etc/release
Solaris 10 3/05 s10_74L2a SPARC
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 22 January 2005
#
3.
4.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
#
5.
6.
# eeprom local-mac-address?=true
#
6-40
Exercise Solutions
7.
8.
Edit your /etc/inet/hosts file, and add entries for the interfaces.
Use comments to help limit confusion.
# init 6
6-41
Exercise Solutions
11. Configure a test interface for the physical interface that you just
assigned to an IPMP group. Be sure to set the appropriate netmask
and broadcast addresses. Deprecate the interface, and configure
failover appropriately. Then, configure the interface so that it is up.
# ifconfig hme0 addif 192.168.1.51 deprecated netmask + \
broadcast + -failover up
Created new logical interface hme0:1
#
12. Verify that the new physical interface is connected to the network
before proceeding with the following steps:
a.
6-42
Exercise Solutions
14. Work with another teammate for this step. Have your teammate:
a.
b.
c.
# if_mpadm -d qfe1
#
Console message:
in.mpathd[603]: Successfully failed over from NIC qfe1 to NIC hme0
Notice that your teammates work is frozen for a moment and
then continues, even though the interface to which your
teammate is connected is disabled.
d.
# if_mpadm -r qfe1
#
Console message:
in.mpathd[603]: Successfully failed back to NIC qfe1
15. Configure your system so that the interfaces are automatically
configured for IPMP at boot time. Be sure to make copies of your
systems original configuration files because you will need to restore
your systems configuration later in this exercise.
a.
# cp /etc/hostname.hme0 /etc/_hostname.hme0
b.
6-43
Exercise Solutions
16. Reboot your system to test the IPMP configuration.
Write the command that you use:
# init 6
#
Pay careful attention to the systems console while it is booting. Look
for any error messages relating to interfaces and address
assignments.
17. Work with another teammate for this step. Have your teammate:
a.
b.
c.
# if_mpadm -d qfe1
#
Console message:
in.mpathd[159]: Successfully failed over from NIC qfe1 to NIC hme0
Notice that your teammates work is frozen for a moment and
then continues, even though the interface to which your
teammate is connected is disabled.
d.
# if_mpadm -r qfe1
#
Console message:
in.mpathd[159]: Successfully failed back to NIC qfe1
6-44
Exercise Solutions
18. To prepare your system for future exercises, complete the following
steps and remove the IPMP configuration:
a.
# cp /etc/_hostname.qfe0 /etc/hostname.qfe0
# rm /etc/hostname.qfe1
b.
# init 6
6-45
Module 7
Configuring Routing
Objectives
This module describes how to configure routing, routing schemes, routing
types, and troubleshooting.
Upon completion of this module, you should be able to:
Troubleshoot routing
7-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Objectives
The course map in Figure 7-1 shows how this module fits into the current
instructional goal.
Configuring
IP
Configuring IP
Network
Multipathing
Configuring
IPv6
Figure 7-1
7-2
Configuring
Routing
Describing
the Transport
Layer
Course Map
Purpose of Routing
Routing is one of the important functions of the Internet layer in the
TCP/IP network model. This function is primarily supported by IP. An IP
router connects two or more networks and forwards IP datagrams
between them. An IP router can forward IP datagrams based on the
information in the IP header and information obtained from its routing
table. Figure 7-2 shows the layer in the TCP/IP network model in which
routing takes place.
TCP/IP Layers
Application Layer
Transport Layer
Internet Layer
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-3
Types of Routes
Routes can be dividing in to two types: direct routes and indirect routes.
A direct route is a route in which the destination system is on the same
local network as the source system. The source system can send the IP
datagram to the destination system without any involvement from
another system. This activity could be thought of as direct delivery of a
datagram because no routers are required to complete the transaction.
An indirect route is a route in which the destination system is not on the
same local network as the source system. The IP datagram is sent through
one or more routers or gateways on its way to the destination. Because the
delivery of the datagram is not direct and other systems are involved in
the delivery, this is called an indirect route.
Note A router connects two networks running the same protocol stack.
A gateway connects two networks running different protocol stacks.
7-4
192.168.1.0
192.168.30.0
192.168.4.0
sys11
instructor
sys12
sys21
sys13
sys24
Direct Route
Indirect Route
Figure 7-3
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-5
Static Routes
Static routes are permanent entries in the routing table. Static routes can
be removed through manual intervention only. The most common static
entries are the direct routes that a system creates to its local networks.
The ifconfig command updates the routing table with static entries for
networks that are directly connected to the local network interfaces when
an interface is configured as up. Therefore, even in single-user mode, a
system can route directly to its local network or networks because the
interfaces are initialized by the ifconfig command.
Static routes can also be added to your systems routing table manually by
using the /etc/defaultrouter file or by using entries placed in the
/etc/gateways file. The /etc/defaultrouter file defines one or more
static default routes for a system. A default route defines the router to use
for all destinations that do not have an explicit routing table entry. The
/etc/gateways file is used to define static indirect routes to networks
and hosts.
7-6
Dynamic Routes
Dynamic routes are added to or removed from the routing table by
processes, such as the in.routed daemons. When the routing table is
updated with information about other reachable networks, the router can
forward or deliver datagrams to these networks.
The svc:/network/initial SMF service enables routing. Routing in the
Solaris 10 OS is implemented by the in.routed daemon. The
in.routed daemon implements three routing protocols:
Routers advertise the networks that they know about. Other hosts and
routers listen to these periodic announcements and update their routing
table with the most current and correct information. Only those entries
calculated to be the best paths to a network destination remain in the
routing table.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-7
Autonomous Systems
An autonomous system (AS), as shown in Figure 7-4, is a collection of
networks and routers under a single administrative control. This broad
definition was incorporated into the Internet in an attempt to reduce
excessively large routing tables.
AS
AS
AS
Figure 7-4
Autonomous Systems
7-8
IGP
AS
IGP
AS
AS
Figure 7-5
IGP
Use of IGPs in Networks
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-9
AS
EGP
EGP
EGP
AS
AS
Figure 7-6
EGP and the Border Gateway Protocol (BGP) are the two principal
protocols that exchange routing information among autonomous systems.
7-10
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-11
7-12
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------192.168.1.1
U
1
51 hme0
192.168.30.31
U
1
54 qfe0
192.168.1.1
U
1
0 hme0
127.0.0.1
UH
37
132 lo0
Description
Destination
Gateway
Flags
Ref
Use
Interface
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-13
Does the
destination IP address
match a host-specific route
in the route
table?
Yes
No
Does the
network number match
one found in the
route table?
Yes
No
Is there
a default entry in
the route table?
Yes
No
Figure 7-7
7-14
2.
The kernel routing algorithm checks the routing table for a route to
a matching host IP address on a non-local network.
The kernel searches the routing table entries for a matching host IP
address. If an entry that matches the host IP address is found, the
kernel encapsulates the IP datagram inside an Ethernet frame and
sends the frame to the router that is associated with that destination.
3.
The kernel routing algorithm checks the routing table for a route to
a matching network number.
The kernel searches the routing table for a matching network
number. If a matching number is found, the kernel sets the
destination Ethernet address to that of the corresponding router and
delivers the frame to that router. The router that receives the frame
repeats the execution of the route algorithm, but leaves the
destination IP address unchanged.
4.
5.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-15
192.168.1
192.168.2
192.168.3
192.168.30
arpa
# Historical
one
two
three
thirty
When the /etc/inet/networks file is modified, you can use the defined
network name in a command instead of a network address.
7-16
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------sys11
U
1
53 hme0
sys11ext
UG
1
0
sys11ext
UG
1
0
sys11ext
U
1
56 qfe0
sys11
U
1
0 hme0
localhost
UH
3
132 lo0
Observe that the destination networks are now displayed by name instead
of by network number, and the loopback address is replaced by its entry
from the /etc/inet/hosts file.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-17
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------192.168.1.1
U
1
53 hme0
192.168.30.31
192.168.1.1
127.0.0.1
U
U
UH
1
1
3
77
0
132
qfe0
hme0
lo0
The 127.0.0.1 entry in the routing table is a loopback route to the local
host that is created when the lo0 pseudo interface is configured.
7-18
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-19
7-20
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-21
hopcount
0
mtu
1500
expire
0
To change the routing table, use the route change command. For
example, to change the default route from instructor to sys41, type a
command similar to the following:
# route change default sys41
change net default: gateway sys41
#
To continuously report any changes to the routing table, route look-up
misses, or suspected network partitionings, use the route monitor
command. For example, when a route is deleted, to receive the following
output, type the route monitor command:
# route monitor
got message of size 124
RTM_DELETE: Delete Route: len 124, pid: 633, seq 1, errno 0,
flags:<UP,GATEWAY,DONE,STATIC>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK>
192.168.3.0 sys11ext 255.255.255.0
To flush (remove) the routing table of all gateway entries, use the
route flush command. For example:
# route flush
192.168.9
two
two
default
#
7-22
sys13
sys13
sys11ext
172.20.4.248
done
done
done
done
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-23
Note The in.routed process does not detect any routing table changes
that are performed by other programs on the machine, for example, routes
that are added, deleted, or flushed as a result of the route command.
Therefore, do not perform these types of changes while the in.routed
process is running. Instead, shut down the in.routed process, make the
required changes, and then restart the in.routed process. This ensures
that the in.routed process learns of any changes.
Network names can also be used to define routes. To add a route to the
two network, defined in the /etc/inet/networks file, type a command
similar to the following:
# route add net two 192.168.30.31
add net two: gateway 192.168.30.31
#
7-24
RIP Version 1
RIP version 1 is a distance-vector protocol that exchanges route
information between IP routers. RIP version 1 does not support VLSM or
CIDR.
Distance-Vector Protocols
Distance-vector algorithms compute the least-cost path of a route by using
information that is exchanged with other routers. This information
describes how far away (in distance) reachable networks are from the
sending or receiving system. This distance is measured by a metric known
as a hop. The total number of hops is called the hop count. The efficiency
of a route is determined by its distance from the source to the destination.
RIP maintains only the best route to a destination. When multiple paths to
a destination exist, only the first path with the lowest hop count is
maintained. Figure 7-8 shows the least hop count between a source host
and a destination host.
Metric = 1
(propagated to route tables)
Router
Router
Router
Source
Destination
Host
Metric = 2
Host
(discarded)
Figure 7-8
RIP specifies a number of features that make its operation more stable in
the face of rapid network topology changes. These stability features
include a hop-count limit, hold-down states, split horizons, triggered
updates, and route poisoning.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-25
Hop-Count Limits
RIP permits a maximum hop count of 15. A destination greater than
15 hops away is tagged as unreachable. The maximum hop count of RIP
greatly restricts its use in large networks but prevents a problem called
count to infinity from causing endless network routing loops.
This upper limit of 15 does not cause problems since RIP is an IGP and is
used within autonomous systems only.
Hold-Down States
Hold-down states prevent regular update messages from inappropriately
reinstating a route that has gone bad. When a route goes down,
neighboring routers detect this condition. These routers then calculate
new routes and send route update messages to inform their neighbors of
the route change. This activity begins a wave of route updates that filter
through the network. These updates do not instantly arrive at every
network device. It is possible that a device that has yet to be informed of
a network failure can send a regular update message (indicating that a
route that has just gone down is still available) to a device that has just
been notified of the network failure. In this case, the latter device now
contains (and potentially advertises) incorrect route information.
Hold-down states tell routers to hold down any changes that can affect
recently removed routes for a specified period of time. The hold-down
period is usually calculated to be just greater than the period of time that
is necessary to update the entire network with a route change.
Split Horizons
Split horizons derive from the fact that it is never useful to send
information about a route back in the direction from which it came. The
split-horizon rule prohibits this from happening. This helps prevent
two-node routing loops.
Triggered Updates
Triggered updates propagate changing route information quickly
throughout the network. As the router becomes aware that new routes are
available or that existing routes are not available, it advertises this
information immediately rather than waiting until the next 30-second
(default) advertisement interval occurs.
7-26
Route Poisoning
When a router learns that a destination is no longer available, it issues a
triggered update for that destination. This update includes a hop-count
advertisement of 16. All other hosts and routers consider the destination
as unreachable, and the hosts and routers remove the route entry. This is
to ensure that other systems do not attempt to use the bad route.
RIP Version 2
RIP version 2 was developed to address some of the limitations of RIPv1,
while maintaining backward compatibility combined with the simplicity
of RIPv1. RIPv2 has the following characteristics:
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-27
Current
Configuration
Current
System State
default
default
default
default
disabled
enabled
disabled
disabled
(disabled)
(enabled)
(disabled)
(disabled)
"/usr/sbin/in.routed"
""
"kill -TERM cat /var/tmp/in.routed.pid"
"/usr/lib/inet/in.ripngd"
"-s"
"kill -TERM cat /var/tmp/in.ripngd.pid"
7-28
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-29
Routers must still run a routing protocol, such as RIP, to learn about
other networks. The RDISC protocol provides a default route from
hosts to routers, not between routers.
7-30
ICMP Redirects
ICMP provides control and error messages. ICMP on a router or gateway
attempts to send reports of problems to the original source if an IP
datagram cannot be delivered for some reason. ICMP datagrams are
always encapsulated in IP.
ICMP redirects occur when a system uses more than one default route. If
the router determines a more efficient route, or if there is only one way to
forward the datagram, it redirects the datagram using the better or only
route and reports that route to the sender. Figure 7-9 on page 7-32 shows
an ICMP redirect process where the sys21 system needs to communicate
with the server1 system and has a default route of sys11. The
information does reach the server1 system and the sys11 system sends
an ICMP redirect to the sys21 system, telling it that the best route to the
server1 system is through the instructor system.
The sending systems routing table is updated with the new information.
The drawback to this method of routing is that for every ICMP redirect,
there is a separate entry in the sending systems routing table. This action
can lead to a large routing table. However, this method of routing also
ensures that the datagrams that are going to all reachable hosts are taking
the shortest route.
Caution An attacker might forge redirect errors to install false routes,
which might initiate a denial of service attack if the newly specified router
is not a router at all. There are rules governing valid redirect errors, all of
which can be spoofed easily. Use this ndd command to ignore IPv4 ICMP
redirect errors: ndd -set /dev/ip ip_ignore_redirect 1.
Refer to the Sun BluePrints document Solaris Operating Environment
Network Settings for Security, available at:
http://www.sun.com/solutions/blueprints/1200/
network-updt1.pdf.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-31
server1
4
5
Datagram
Datagram
#telnet server1
sys21
3
instructor
ICMP Redirect
1
Datagram
2
Datagram
sys11
Figure 7-9
7-32
ICMP Redirect
Introducing CIDR
Introducing CIDR
The rapid growth of the Internet in the early 1990s created concerns about
the ability to scale and support future growth. The most severe problems
are:
Purpose of CIDR
A task force was created by the Internet Engineering Task Force (IETF) to
develop a solution to the scale and growth problems. The solution became
known as CIDR, or supernetting, and is a way to make more-efficient use
of the IP address space. CIDR is documented in RFC 1517, RFC 1518,
RFC 1519, and RFC 1520. Three important features of CIDR that address
scalability and growth issues for the Internet are:
Hierarchical routing
Operation of CIDR
CIDR uses classless addresses. Netmasks are referred to as network prefixes
and are used to create networks of varying sizes. The network prefix is
expressed in the following notation: X.X.X.X/Y. The value Y is an integer
value that specifies the number of 1s in the netmask. For example, using
/18 is equivalent to a netmask of 255.255.192.0. The first 18 bits
identify the network, and the remaining 14 bits identify the host.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-33
Introducing CIDR
Figure 7-10 shows an example of a CIDR prefix.
10nnnnnn.nnnnnnnn.00000000.00000000
10nnnnnn.nnnnnnnn.ssssssss.ss0000000
10nnnnnn.nnnnnnnn.ssssssss.sshhhhhhh
Classless Routing Protocols
pppppppp.pppppppp.pp000000.00000000
Prefix Route
Prefix Length
n = Network
s = Subnet
h = Host
7-34
Introducing CIDR
Following is an example that configures an interface on this supernetted
network:
# ifconfig eri0 plumb 192.168.3.239/23 broadcast + up
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 192.168.3.239 netmask fffffe00 broadcast 192.168.3.255
ether 0:3:ba:2a:9d:7a
# netstat -rnv
IRE Table: IPv4
Destination
Mask
Gateway
Device Mxfrg Rtt Ref Flg
--------------- --------------- --------------- ------ ----- ---- --- --172.20.221.6
255.255.255.255 192.168.2.254
1500*
0
1 UGH
192.168.2.0
255.255.254.0
192.168.3.239
eri0 1500*
0
1 U
127.0.0.1
255.255.255.255 127.0.0.1
lo0 8232*
0
1 UH
#
Out In/Fwd
---- -----0
0
0
0
10
0
A CIDR and VLSM aware routing protocol, such as RIPv2, must be used
on the router that connects this supernetted network to other networks.
Subnetting is the application of a netmask on an IP address to divide the
network up into smaller pieces.
CIDR and VLSM permit a portion of the IP address space to be divided
into successively smaller pieces. For example, an Internet service provider
(ISP) could be allocated blocks of address space, which they then assign in
subset address blocks to smaller ISPs. These smaller ISPs can then supply
an even smaller subset of addresses to a customer or private organization.
CIDR and VLSM make this aggregation and subdivision of address space
possible.
The routing table entry for each ISP or organization reflects the first
address in the block assigned to it, for example, 204.106.8.0/22, even
though there can be additional network addresses that are associated with
the block. A range of CIDR addresses is known as a CIDR block. This
support of network addresses eliminates the number of entries required in
the backbone routing tables.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-35
Introducing CIDR
Consider an ISP that requires IP addresses for 1000 clients. Based on
254 clients per Class C network, the ISP requires four Class C networks.
You can supernet four Class C networks, for example:
204.106.8.0
204.106.9.0
204.106.10.0
204.106.11.0
Figure 7-11 shows the network addresses that can result from applying
different network prefixes.
7-36
Introducing CIDR
Figure 7-12 shows an example of supernetting.
204.106.0.0/21
Internet Service Provider
204.106.0.0/16
Address Range
204.106.0.0204.106.7.0
Internet
204.106.8.0/22
(1024 Host Addresses)
204.106.0.0/20
(4096 Host Addresses)
Address Range
204.106.8.0204.106.11.0
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-37
Initializing a Router
When a system boots, the system first checks the contents of the
/etc/inet/routing.conf file. If the ipv4-routing or
ipv4-forwarding options are set explicitly to either enabled or
disabled, the setting is applied. If either option has not been set
explicitly, then the system determines whether or not to enable or disable
each option.
IPv4 routing is disabled if the /etc/defaultrouter file is not empty. If
the /etc/defaultrouter file is not present, or is empty, IPv4 routing is
enabled (the in.routed daemon is started).
IPv4 forwarding is disabled by default and must be enabled explicitly by
using the routeadm command.
7-38
Disable
IPv4 forwarding
Does
/etc/defaultrouter
Yes
exist?
Disable
IPv4 routing
No
IPv4 routing
enabled by
routeadm?
Yes
Enable
IPv4 routing
Yes
Enable
IPv4 forwarding
No
Disable
IPv4 routing
IPv4
forwarding
enabled by
routeadm?
No
Disable
IPv4 forwarding
End
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-39
2.
# routeadm -u -e ipv4-forwarding
# routeadm -u -d ipv4-routing
# routeadm -u -e ipv4-routing
#
The system now functions as a router.
2.
# cat /etc/hostname.qfe2
sample-hostname-for-qfe2
#
This causes the interfaces to be configured by the SMF methods at
boot time.
7-40
# routeadm -u -d ipv4_forwarding
#
3.
# ifconfig qfe2 up
#
The system is now a multihomed host that has connectivity to more than
one network and can be used without concern of advertising routes and
potentially causing routing issues on any of the networks to which it
belongs.
Initializing a Non-Router
Disabling IP forwarding stops a router from forwarding packets between
the networks to which it is connected. To initialize a non-router, use the
routeadm command to disable IP forwarding on all interfaces by typing
the following command:
# routeadm -u -d ipv4_forwarding
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-41
Troubleshooting Routing
Troubleshooting Routing
One of the most challenging tasks that a network administrator has to
perform is troubleshooting routing. Router configuration and
troubleshooting relies on mastering other basic network skills.
instance
instance
instance
instance
#0
#1
#2
#3
# ifconfig qfe0
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:ac:9b:20
#
If the interface is up, examine the inet (IP address), netmask, and
broadcast entries, and make sure that they are set correctly. If the IP
address is set incorrectly, check the contents of the /etc/inet/hosts
file.
If the netmask and broadcast addresses are wrong, check the
contents of the /etc/inet/netmasks file.
The correct device and file name are defined for the interface. For
example, if you are configuring the qfe0 interface, to verify that the
hostname.qfe0 file is correct, type the command:
# ls -al /etc/hostname.qfe0
-rw-r--r-1 root
other
#
7-42
Troubleshooting Routing
# cat /etc/hostname.qfe0
sys11ext
#
#
#
#
#
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-43
Troubleshooting Routing
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------sys33ext
UG
1
0
sys11
U
1
189 hme0
sys32ext
UG
1
0
sys11ext
U
1
175 qfe0
sys11
U
1
0 hme0
localhost
UH
3
132 lo0
7-44
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------192.168.30.33
UG
1
0
192.168.1.1
U
1
191 hme0
192.168.30.32
UG
1
0
192.168.30.31
U
1
176 qfe0
192.168.1.1
U
1
0 hme0
127.0.0.1
UH
3
132 lo0
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
Populate your systems /etc/inet/hosts file with all of the hosts in the
class network if this is not already done. Your /etc/inet/hosts file
should have contents similar to the following:
# cat /etc/inet/hosts
#
# Internet host table
#
127.0.0.1
localhost
# SA-300-S10 host information
192.168.30.31
sys11ext
192.168.1.1
sys11
192.168.1.2
sys12
192.168.1.3
sys13
192.168.1.4
sys14
#
192.168.30.32
sys21ext
192.168.2.1
sys21
192.168.2.2
sys22
192.168.2.3
sys23
192.168.2.4
sys24
#
192.168.30.33
sys31ext
192.168.3.1
sys31
192.168.3.2
sys32
192.168.3.3
sys33
192.168.3.4
sys34
#
192.168.30.30
instructor
#
loghost
# router to get to instructor->Internet
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-45
instructor
xxx.xxx.xxx.xxx
.30
192.168.30.0
192.168.1.0
.31
.1
192.168.2.0
.32
.33
sys11
sys21
sys31
.2
.2
sys12
.2
sys22
sys32
.3
sys13
.4
.3
sys23
sys33
.4
sys14
.4
sys24
sys34
7-46
192.168.3.0
.1
.1
.2
Internet
Tasks
Complete the following steps:
1.
Static route
________________________________________________________
________________________________________________________
________________________________________________________
b.
Dynamic route
________________________________________________________
________________________________________________________
________________________________________________________
c.
Default route
________________________________________________________
________________________________________________________
________________________________________________________
2.
3.
4.
5.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-47
7.
Before making any changes to the interfaces, write the netmask and
broadcast values of the Ethernet interface.
Command used: ______________________________________________
Netmask: ____________________________________________________
Broadcast: ___________________________________________________
Caution Do not proceed if your system has more than one physical
interface configured. If additional interfaces are configured, remove the
relevant /etc/hostname.interface files, and use the ifconfig
command or reboot the system to remove the interface configuration. The
success of this exercise depends on your system having only one
configured physical interface.
If the /etc/defaultrouter file or the /etc/gateways file exists on
your system:
1. Remove the file/s.
2. Reboot the system in order to restore it to a default state for this
exercise.
a.
b.
7-48
How many bits of your IPv4 address are currently being used
for your network address?
________________________________________________________
10. Use the netstat command with the -rn options. What is the
difference between this output and the previous netstat -r output?
_____________________________________________________________
11. Use the ps command to determine if the routing daemon is currently
running on the system.
_____________________________________________________________
_____________________________________________________________
_____________________________________________________________
b.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-49
b.
c.
7-50
b.
c.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-51
7-52
Examine the snoop trace. Did you see the router notification
when the in.routed daemon terminated gracefully?
________________________________________________________
b.
c.
d.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-53
7-54
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-55
7-56
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-57
7-58
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-59
Exercise Solutions
Exercise Solutions
Solutions to the exercise are as follows:
1.
Static route
Static routes are routes that are do not time-out and must be removed
manually. Rebooting the system removes the static entries. The most
common static entry is a system that routes datagrams to the locally
connected networks.
b.
Dynamic route
Dynamic routing means that the routing environment changes.
Dynamic routing identifies other network destinations that are not
connected directly but are reachable through a router. After the
routing table identifies the other reachable networks, the identified
router can forward or deliver the datagrams.
c.
Default route
A default route is a table entry that permits a system to define default
routes to use if a route entry for a specific destination does not exist. It
is used for all indirectly connected workstations. The default routers
must be reliable. There is no need to define every reachable network.
All indirectly connected datagram destinations go to the default
router.
2.
3.
4.
5.
7-60
Exercise Solutions
6.
7.
Before making any changes to the interfaces, write the netmask and
broadcast values of the Ethernet interface.
router# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
The netmask is ffffff00.
The broadcast address is 192.168.1.255.
Caution Do not proceed if your system has more than one physical
interface configured. If additional interfaces are configured, remove the
relevant /etc/hostname.interface files, and use the ifconfig
command or reboot the system to remove the interface configuration. The
success of this exercise depends on your system having only one
configured physical interface.
If the /etc/defaultrouter file or the /etc/gateways file exist on your
system:
1. Remove the file/s.
2. Reboot the system in order to restore it to a default state for this
exercise.
a.
b.
How many bits of your IPv4 address are currently being used
for your network address?
Twenty-four bits (this might be different in your classroom).
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-61
Exercise Solutions
9.
router# netstat -r
Routing Table: IPv4
Destination
-------------------192.168.1.0
224.0.0.0
localhost
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------sys11
U
1
0 hme0
sys11
U
1
0 hme0
localhost
UH
2
6 lo0
10. Use the netstat command with the -rn options. What is the
difference between this output and the previous netstat -r output?
The netstat -rn command displays the table in numeric form.
router# netstat -rn
Routing Table: IPv4
Destination
-------------------192.168.1.0
224.0.0.0
127.0.0.1
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------192.168.1.1
U
1
0 hme0
192.168.1.1
U
1
0 hme0
127.0.0.1
UH
2
6 lo0
0:00 /usr/sbin/in.routed
7-62
0:00 /usr/sbin/in.routed
Exercise Solutions
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-63
Exercise Solutions
16. Verify that each router is correctly configured.
a.
router# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4, VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:ac:9b:20
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------sys11
U
1
0 hme0
sys21ext
UG
1
0
sys11ext
U
1
1 qfe0
sys11
U
1
0 hme0
localhost
UH
2
6 lo0
Which network destinations are now available?
You should see the following routes if all of the groups in the
classroom have configured their routers (you may have to wait up to
5 minutes):
c.
192.168.1.0
192.168.2.0
192.168.3.0
192.168.30.0
224.0.0.0
127.0.0.1 (localhost)
0:00 /usr/sbin/in.routed
Exercise Solutions
0:00 /usr/sbin/in.routed
non-router# netstat -r
Routing Table: IPv4
Destination
Gateway
Flags Ref
Use
Interface
-------------------- -------------------- ----- ----- ------ --------192.168.1.0
sys12
U
1
1 hme0
192.168.2.0
sys11
UG
1
1 hme0
192.168.30.0
sys11
UG
1
1 hme0
224.0.0.0
sys12
U
1
0 hme0
localhost
localhost
UH
2
6 lo0
c.
non-router# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4, VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:a4:8f:80
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-65
Exercise Solutions
7-66
Exercise Solutions
Which new type of entry is now present? How was it entered into
the routing table?
The newest entry is a default route. The system learns the default route
from routers on the subnet through the router discovery ICMP messages.
22. Use the ps command on the non-router systems to determine if the
routing daemon is now running.
non-router# ps -ef | grep in[.]
root
91
1 0 12:36:05 ?
0:00 /usr/sbin/in.routed
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-67
Exercise Solutions
25. View the output from the snoop utility. Look for the router
notification when the in.routed daemon terminated gracefully.
Hint: Look for multicasts and ICMP messages.
ETHER: ----- Ether Header ----ETHER:
ETHER: Packet 8 arrived at 12:46:52.27
ETHER: Packet size = 50 bytes
ETHER: Destination = 1:0:5e:0:0:1, (multicast)
ETHER: Source
= 8:0:20:ac:9b:20, Sun
ETHER: Ethertype = 0800 (IP)
ETHER:
...
...
IP:
Protocol = 1 (ICMP)
IP:
Header checksum = ea98
IP:
Source address = 192.168.1.1, sys11
IP:
Destination address = 224.0.0.1, 224.0.0.1
...
...
a.
Examine the snoop trace. Did you see the router notification
when the in.routed daemon terminated gracefully?
Yes.
b.
c.
d.
7-68
Exercise Solutions
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-69
Exercise Solutions
IP:
Source address = 192.168.1.1, sys11
IP:
Destination address = 224.0.0.1, 224.0.0.1
IP:
No options
IP:
ICMP: ----- ICMP Header ----ICMP:
ICMP: Type = 9 (Router advertisement)
ICMP: Code = 0 (Lifetime 270s [1]: {sys11 0})
...
...
7-70
Exercise Solutions
default
Tue Dec
default
...
...
sys11
4 17:18:04 MST 2004
sys11
UG
UG
UG
UG
0:00 /usr/sbin/in.routed
Caution Do not proceed beyond this point until everyone in the class
has completed this step.
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-71
Exercise Solutions
sys21ext
done
7-72
Exercise Solutions
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------sys11
U
1
16 hme0
sys21ext
UG
1
0
sys31ext
UG
1
0
sys11ext
U
1
14 hme0
sys11
U
1
0 hme0
localhost
UH
2
6 lo0
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-73
Exercise Solutions
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------sys12
U
1
1 hme0
sys11
UG
1
2
sys11
UG
1
0
sys11
UG
1
0
sys12
U
1
0 hme0
localhost
UH
2
6 lo0
7-74
Exercise Solutions
Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
7-75
Exercise Solutions
48. Remove the /etc/inet/routing.conf file.
non-router# rm /etc/inet/routing.conf
49. Reboot the system.
non-router# init 6
7-76
Module 8
Configuring IPv6
Objectives
This module describes IPv6 management, features, configuration and
troubleshooting, and IPv6 addressing and interfaces.
Upon completion of this module, you should be able to:
Describe IPv6
Enable IPv6
Manage IPv6
8-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Objectives
The course map in Figure 8-1 shows how this module fits into the current
instructional goal.
Configuring
IP
Configuring IP
Network
Multipathing
Configuring
IPv6
Figure 8-1
8-2
Configuring
Routing
Describing
the Transport
Layer
Course Map
Introducing IPv6
Introducing IPv6
IPv6 is the most recent version of the IP specification. Refer to RFC 2460
for a description of IPv6. In 1991, the Internet Architecture Board (IAB)
sponsored a working group to address a pending IP address shortage.
The IAB predicted that all Class B networks would be allocated by 1994
and that all IP addresses would be allocated by 2002 (see Christian
Huitema, Routing in the Internet, Second Edition, 2000).
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-3
Introducing IPv6
Features of IPv6
The IPv6 features are:
8-4
Address Types
Like IPv4, IPv6 has three types of addresses that you can use to
communicate across a network. For sending messages, IPv6 supports:
Unicast addresses
Multicast addresses
Anycast addresses
IPv6 differs from IPv4 in that IPv6 does not provide broadcast addresses
as a mechanism for communicating with other hosts on a subnet.
In IPv6 it is normal for several IPv6 addresses to be assigned to the same
physical interface.
Unicast Addressing
With the unicast address type, a unique address is assigned to an
interface. A unicast datagram is sent to a single machine with the
matching destination IPv6 address. Unicast addressing is called
point-to-point addressing in IPv4.
Multicast Addressing
With the multicast address type, an address is assigned to a group of
systems. Datagrams are delivered to all interfaces as identified by the
multicast address. Multicast addressing in IPv6 replaces broadcast
addressing in IPv4.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-5
Anycast Addressing
With the anycast address type, an address is assigned to a group of
systems. Anycast addresses identify the nearest member of a group of
systems that provide a particular type of service. Datagrams are delivered
to the nearest interface member, as identified by the routing protocol,
instead of being delivered to all members of a group.
Format Prefixes
The format prefix (FP) in the address indicates the type of IPv6 address
that is used. For example:
8-6
Aggregatable global addresses are valid across the Internet. They are
similar to an officially registered IPv4 address class for organizations
connected to the Internet.
FP (Binary)
FP (Hexadecimal)
1111 1110 10
FE8
1111 1110 11
FEC
Aggregatable global-unicast
addresses
001
2 or 3
Multicast addresses
1111 1111
FF
Note Refer to RFC 2373 for information about FPs that are not related to
the Solaris OS. The FP byte is binary. As defined in RFC 2373, unused
trailing bits in the byte are not shown. For example, the FP represented by
001 is 0x2 or 0x3, because the two binary values are 0010 and 0011. The FP
represented by 001 should not be confused with 0001, which is equal to
0x1.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-7
Stateful Autoconfiguration
Stateful autoconfiguration requires the additional setup of a DHCP server.
For this reason, stateful autoconfiguration is not a preferred configuration
method. Stateful autoconfiguration and stateless autoconfiguration, as
defined in IPv6, can coexist and operate together. Stateful
autoconfiguration supplies address and service information similar to the
way that DHCP provides information in IPv4.
Stateless Autoconfiguration
The stateless mechanism permits a host to generate its own addresses by
using a combination of information this is available locally and
information that is advertised by routers. Routers advertise prefixes that
identify the subnets associated with a link, while hosts generate an
interface identifier that uniquely identifies an interface on a subnet.
An address is formed by combining the advertised prefix and the
interface identifier. In the absence of routers, a host can generate only
link-local addresses. However, link-local addresses are sufficient for
permitting communication among systems that are attached to the same
link.
8-8
08:00:20:b5:41:37
CID
VID
Figure 8-2
2.
MAC Address
0000 1000 0000 0000 0010 0000 1011 0101 0100 0001 0011 0111
CID
Figure 8-3
VID
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-9
Toggle bit 7, the universal/local bit, which is the seventh bit from the
left.
Figure 8-4 shows the address after conversion.
0000 1010 0000 0000 0010 0000 1011 0101 0100 0001 0011 0111
CID
Figure 8-4
4.
VID
Insert two additional octets, 0xFF and 0xFE, between the CID and
the VID. This converts the MAC address to an interface identifier.
Figure 8-5 shows the resulting interface identifier.
0
0000 1010 0000 0000 0010 0000 1111 1111 1111 1110 1011 0101 0100 0001 0011 0111
CID
Figure 8-5
5.
VID
8-10
Link-Local Addresses
Link-local addresses are valid on a local network link only. Link-local
addresses are not forwarded by routers. The first 10 bits of the address
prefix identify an address as a link-local address. The link-local address
format prefix is 1111 1110 10 in binary, or FE8 in hexadecimal, as shown in
Figure 8-6.
10 Bits
54 Bits
64 Bits
1111111010
Interface ID
fe80::a00:20ff:feb5:4137
Figure 8-6
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-11
Site-Local Addresses
Site-local addresses are similar to link-local addresses but can be routed
through an intranet. Intranet routers can forward site-local addresses
through the intranet but not outside of the intranet. The first 10 bits of the
address prefix identify an address as a site-local address.The site-local
address format prefix is 1111 1110 11 in binary, or FEC in hexadecimal
format, as shown in Figure 8-7.
10 Bits
38 Bits
16 Bits
64 Bits
1111111011
Subnet ID
Interface ID
fec0::0003:a00:20ff:feb5:4137
Figure 8-7
TLA
Figure 8-8
32 Bits
16 Bits
64 Bits
NLA
SLA
Interface ID
8-12
Prefix Notation
RFC 2373 describes how IPv6 addresses use prefix notation. IPv6
addresses have two parts. The first part is the format prefix. The second
part is the interface identifier and is analogous to the IPv4 host portion.
An example of a subnet prefix address is:
fec0::0003:a00:20ff:feb5:4137/64
The /64 indicates that the subnet prefix is 64 bits in length. The first
64 bits of the address contain a subnet mask. The address can be broken
into a subnet prefix and a node address or into an interface identifier.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-13
8-14
FP
Flags Scope
8 Bits
4 Bits
4 Bits
11111111
000X
XXXX
Multicast Group ID
112 Bits
ff02:0:0:0:0:0:0:1
Figure 8-9
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-15
Scope Bits
Multicast addresses include four scope bits after the flag bits. The scope
bits determine how far the multicast datagram is routed:
Node-local FF01.
Route to all members of the group on the same node as the sender.
Link-local FF02.
Route to all members of the group on the same link as the sender.
Site-local FF05.
Route to all members of the group at the same site as the sender.
Organization-local FF08.
Route to all members of the same organization as the sender.
Global FF0E.
Route to all members of the group on the Internet.
8-16
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-17
Enabling IPv6
Enabling IPv6
You can enable IPv6 from the command line or by creating specific files
that are read by the /lib/svc/method/net-init and
/lib/svc/method/net-physical SMF methods at boot time.
Note You can also enable IPv6 during initial installation of the
Solaris 10 OS.
8-18
Enabling IPv6
Routers advertise their presence with various link and Internet
parameters, either periodically or in response to a router solicitation
message.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-19
Enabling IPv6
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 823
2 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:90:b5:c7
#
2.
# touch /etc/hostname6.hme0
# init 6
#
INIT: New run level: 6
8-20
Enabling IPv6
3.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 823 2 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:90:b5:c7
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 825 2 index 1
inet6 ::1/128
hme0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 8:0:20:90:b5:c7
inet6 fe80::a00:20ff:fe90:b5c7/10
#
Notice how both the lo0 and hme0 interfaces have inet6
components and that each interface has an inet6 address. Recall
from a previous step that an IPv6 address was not defined.
4.
sys12-v6
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-21
Enabling IPv6
Name service lookup configuration for IPv6 is similar to name service
lookup configuration for IPv4.
The following are additional files:
sys22.two.edu.
IN
AAAA
fec0::a00:20ff:feb5:4137
The ipnodes line is used in the nsswitch.conf file for IPv6 system
name resolution.
Gateway
--------------------------sys12-v6
sys12-v6
sys12-v6
localhost
Flags Ref
Use
If
----- --- ------ ----U
1
0 hme0
U
1
0 hme0
U
1
0 hme0
UH
1
0 lo0
8-22
Enabling IPv6
If
----lo0
lo0
hme0
hme0
hme0
Group
RefCnt
--------------------------- -----ff02::1:ff00:1
1
ff02::1
1
ff02::202
1
ff02::1:ff90:b5c7
1
ff02::1
2
#
You can use the ifconfig command to obtain IPv6-specific information
by using the inet6 address family parameter. For example, to view the
configuration of all IPv6 interfaces, perform the command:
# ifconfig -a inet6
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 825 2 index 1
inet6 ::1/128
hme0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
inet6 fe80::a00:20ff:fe90:b5c7/10
#
Router discovery
Prefix discovery
Address autoconfiguration
Address resolution
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-23
Enabling IPv6
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 823 2 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:ac:9b:20
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:b9:72:23
#
2.
8-24
Enabling IPv6
3.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4, VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:ac:9b:20
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:b9:72:23
hme0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 8:0:20:ac:9b:20
inet6 fe80::a00:20ff:feac:9b20/10
qfe0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3
ether 8:0:20:b9:72:23
inet6 fe80::a00:20ff:feb9:7223/10
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-25
Enabling IPv6
The following example demonstrates how to configure this information:
# cat /etc/inet/ndpd.conf
# Send router advertisements out all interfaces
ifdefault AdvSendAdvertisements on
#
# Advertise an unregistered (bogus) site local prefix and global
# prefix using the default lifetimes
prefix fec0:0:0:9255::0/64
hme0
prefix 2000:0:0:9255::0/64
hme0
#
prefix fec0:0:0:9256::0/64
qfe0
prefix 2000:0:0:9256::0/64
qfe0
#
8-26
Enabling IPv6
2.
# init 6
#
INIT: New run level: 6
...
...
a.
# ifconfig -a inet6
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 3
inet6 fe80::a00:20ff:feb9:7223/10
hme0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 3
inet6 2000::9255:a00:20ff:feb9:7223/64
hme0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 3
inet6 fec0::9255:a00:20ff:feb9:7223/64
qfe0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
inet6 fe80::a00:20ff:feac:9b20/10
qfe0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 2000::9256:a00:20ff:feac:9b20/64
qfe0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 fec0::9256:a00:20ff:feac:9b20/64
#
b.
3.
# routeadm -u -e ipv6-forwarding
or
# /usr/sbin/ndd -set /dev/ip ip6_forwarding 1
#
b.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-27
Enabling IPv6
d.
# /usr/lib/inet/in.ndpd
#
e.
# /usr/lib/inet/in.ripngd -s
#
f.
# ifconfig -a inet6
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 3
inet6 fe80::a00:20ff:feb9:7223/10
hme0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 3
inet6 2000::9255:a00:20ff:feb9:7223/64
hme0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 3
inet6 fec0::9255:a00:20ff:feb9:7223/64
qfe0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
inet6 fe80::a00:20ff:feac:9b20/10
qfe0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 2000::9256:a00:20ff:feac:9b20/64
qfe0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 fec0::9256:a00:20ff:feac:9b20/64
#
8-28
Enabling IPv6
Figure 8-10 shows how the /lib/svc/method/net-init method
configures a system for IPv6 forwarding and routing.
Start
Disable
IPv6-forwarding
IPv6 routing
enabled by
routeadm and
Yes
/etc/inet/ndpd.conf
Enable
IPv6-routing
exists?
No
Disable
IPv6-routing
IPv6
forwarding
enabled by
routeadm?
Yes
Enable
IPv6 forwarding
No
Disable
IPv6 forwarding
End
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-29
Enabling IPv6
Gateway
System
IPv6
Network
IPv4
Network
Gateway
System
8-30
Enabling IPv6
Configure a 6to4 tunnel. The 6to4 tunnel bridges between the local
IPv6 networks and the public IPv4 network.
2.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-31
Enabling IPv6
This configures the tunnel endpoint with a subnet number of zero (0)
and a host number of one (1).
The tunnel configuration can be seen in the output from the
ifconfig -a command:
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2
inet 192.168.1.3 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:f8:b7:23
qfe0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:f8:b7:23
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
inet6 fe80::a00:20ff:fef8:b723/10
ether 8:0:20:f8:b7:23
hme0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 2002:c0a8:1e1f:1:a00:20ff:fef8:b723/64
hme0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 fec0::1:a00:20ff:fef8:b723/64
ip.6to4tun0: flags=2300041<UP,RUNNING,ROUTER,NONUD,IPv6> mtu 8212 index 4
inet tunnel src 192.168.30.31
tunnel hop limit 60
inet6 2002:c0a8:1e1f::1/64
#
Note The 6to4 tunnel end point resides on its own IPv6 subnet. The
subnet ID used for the 6to4 tunnel must not be used on any of the local
IPv6 networks.
For example, to configure the tunnel end point as host ID 1 (one) on
subnet ffff:
# ifconfig ip.6to4tun0 inet6 tsrc 192.168.30.31 2002:c0a8:1e1f:ffff::1/64 up
#
The 6to4 tunnels can be configured at system boot by creating an
/etc/hostname.ip.6to4tun0 file. The contents of the file are the
arguments that follow the inet6 keyword on the command line. For
example:
# cat /etc/hostname6.ip.6to4tun0
tsrc 192.168.30.31 2002:c0a8:1e1f:ffff::1/64 up
8-32
Enabling IPv6
# uname -n
sys11
# pgrep -lf ndpd
108 /usr/lib/inet/in.ndpd
#
# uname -n
sys21
# pgrep -lf ndpd
1497 /usr/lib/inet/in.ndpd
# uname -n
sys11
# netstat -rn -f inet6
Routing Table: IPv6
Destination/Mask
--------------------------2000:0:0:9255::/64
fec0:0:0:9255::/64
2000:0:0:9256::/64
fec0:0:0:9256::/64
2000:0:0:9257::/64
fec0:0:0:9257::/64
fe80::/10
fe80::/10
ff00::/8
::1
#
Gateway
Flags Ref
Use
If
--------------------------- ----- --- ------ ----2000::9256:a00:20ff:feac:9b20 U
1
0 hme0:1
fec0::9256:a00:20ff:feac:9b20 U
1
0 hme0:2
2000::9255:a00:20ff:feb9:7223 U
1
0 qfe0:1
fec0::9255:a00:20ff:feb9:7223 U
1
0 qfe0:2
fe80::a00:20ff:fec0:449d
UG
1
0 qfe0
fe80::a00:20ff:fec0:449d
UG
1
0 qfe0
fe80::a00:20ff:feac:9b20
U
1
0 hme0
fe80::a00:20ff:feb9:7223
U
1
2 qfe0
fe80::a00:20ff:feb9:7223
U
1
0 hme0
::1
UH
1
0 lo0
# uname -n
#
sys21
#
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-33
Enabling IPv6
# netstat -rn -f inet6
Routing Table: IPv6
Destination/Mask
--------------------------2000:0:0:9257::/64
fec0:0:0:9257::/64
2000:0:0:9256::/64
fec0:0:0:9256::/64
2000:0:0:9255::/64
fec0:0:0:9255::/64
fe80::/10
fe80::/10
#
Gateway
Flags Ref
Use
If
--------------------------- ----- --- ------ ----2000::9257:a00:20ff:fec0:449d U
1
0 hme0:1
fec0::9257:a00:20ff:fec0:449d U
1
0 hme0:2
2000::9256:a00:20ff:feb8:2b08 U
1
0 qfe0:1
fec0::9256:a00:20ff:feb8:2b08 U
1
0 qfe0:2
fe80::a00:20ff:feb9:7223
UG
1
0 qfe0
fe80::a00:20ff:feb9:7223
UG
1
0 qfe0
fe80::a00:20ff:feb8:2b08
U
1
0 qfe0
fe80::a00:20ff:fec0:449d
U
1
1 hme0
# ping fec0::9255:a00:20ff:fec0:449d
fec0::9255:a00:20ff:fec0:449d is alive
#
# ping 2000::9255:a00:20ff:fec0:449d
2000::9255:a00:20ff:fec0:449d is alive
#
8-34
Managing IPv6
Managing IPv6
The tasks you use to manage IPv6 interfaces are similar to the tasks you
use to manage IPv4 interfaces.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-35
Managing IPv6
8-36
Gateway
--------------------------sys11-v6
sys11-v6
sys11-v6
localhost
Flags Ref
Use
If
----- --- ------ ----U
1
0 hme0
U
1
0 hme0
U
1
0 hme0
UH
1
0 lo0
Configure 6to4 routing so that you can contact IPv6 systems on other
subnets
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
Work with another group for these tasks if your system functions as a
router in the classroom.
2.
3.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-37
5.
Ask another group on your subnet for its link-local IPv6 IP address.
Write the IP address:
______________________________________________
6.
Use the ping command to verify that your system can send and
receive ICMP echo messages with another local IPv6 system.
______________________________________________
7.
View the current routing table so that you will be able to see the
difference after the router is reconfigured later.
______________________________________________
8.
8-38
2.
3.
4.
5.
Configure the IPv6 tunnel using the routers IPv4 address on the
30.X network (for example 192.168.30.31), and use network
number 0 (zero) and host number 1 (one) for the tunnel end point.
______________________________________________
6.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-39
For sys11:
prefix fec0:0:0:1::0/64
prefix 2002:c0a8:1e1f:1::0/64
For sys21:
prefix fec0:0:0:2::0/64
prefix 2002:c0a8:1e20:2::0/64
hme0
hme0
For sys31:
prefix fec0:0:0:3::0/64
prefix 2002:c0a8:1e21:3::0/64
8.
hme0
hme0
hme0
hme0
9.
8-40
Display the routers interface configuration so that you can back out
of the configuration at any stage.
______________________________________________
2.
3.
4.
Verify that the files that you use to configure the routers interfaces
with IPv6 at boot time exist. If they do not, create them.
______________________________________________
______________________________________________
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-41
Edit the correct file on your router to cause it to use a site-local and
an aggregated global-unicast address for each interface on the router.
Use the following addresses:
Configure the file to cause the routing daemon to advertise IPv6 out
of all interfaces.
Be sure to remove an existing prefix 2002 lines.
Document your work.
6.
7.
8.
View your routers IPv6 routing table. What routes are available?
______________________________________________
9.
8-42
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-43
Exercise Summary
Exercise Summary
!
?
8-44
Experiences
Interpretations
Conclusions
Applications
Exercise 1 Solutions
Exercise 1 Solutions
The following solution is specific to an individual system. Your results
will be different if you are working on different systems.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4, VIRTIAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.3 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:c1:4b:44
#
2.
# touch /etc/hostname6.hme0
3.
# init 6
#
INIT: New run level: 6
svc.startd: The system is coming down.
...
...
Please wait.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-45
Exercise 1 Solutions
4.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4, VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.3 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:c1:4b:44
lo0: flags=2000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 8:0:20:c1:4b:44
inet6 fe80::a00:20ff:fec1:4b44/10
#
The systems primary interface is now configured with both the IPv4 and
IPv6 protocol stacks.
Write your systems IPv6 IP address:
fe80::a00:20ff:fec1:4b44/10
Can this IPv6 IP address be used by systems on other subnets to
contact your system? Why or why not?
No, other systems cannot contact this IPv6 IP address because the address
has an FP of fe8, which is a link-local address and is limited to the local
subnet. The FP defines the scope that an IPv6 datagram is able to travel.
5.
Ask another group on your subnet for its link-local IPv6 IP address.
Write the IP address:
fe80::a00:20ff:fe90:b5c7/10
6.
Use the ping command to verify that your system can send and
receive ICMP echo messages with another local IPv6 system.
# ping fe80::a00:20ff:fe90:b5c7
fe80::a00:20ff:fe90:b5c7 is alive
#
8-46
Exercise 1 Solutions
7.
View the current routing table so that you will be able to see the
difference after the router is reconfigured later.
netstat -rn
Routing Table: IPv4
Destination
-------------------192.168.1.0
224.0.0.0
default
127.0.0.1
Gateway
Flags Ref
Use
Interface
-------------------- ----- ----- ------ --------192.168.1.3
U
1
2 hme0
192.168.1.3
U
1
0 hme0
192.168.1.1
UG
1
0 hme0
127.0.0.1
UH
2
6 lo0
Gateway
--------------------------fe80::a00:20ff:fec1:4b44
fe80::a00:20ff:fec1:4b44
fe80::a00:20ff:fec1:4b44
::1
Flags Ref
Use
If
----- --- ------ ----U
1
0 hme0
U
1
0 hme0
U
1
0 hme0
UH
1
0 lo0
#
8.
0:00 /usr/sbin/in.routed
0:00 /usr/lib/inet/in.ndpd
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-47
Exercise 1 Solutions
# routeadm -u -e ipv6-routing
# routeadm
Configuration
Current
Current
Option
Configuration
System State
--------------------------------------------------------------IPv4 forwarding
enabled
enabled
IPv4 routing
enabled
enabled
IPv6 forwarding
enabled
enabled
IPv6 routing
enabled
enabled
IPv4
IPv4
IPv6
IPv6
"/usr/sbin/in.routed"
""
"kill -TERM cat /var/tmp/in.routed.pid"
"/usr/lib/inet/in.ripngd"
"-s"
"kill -TERM cat /var/tmp/in.ripngd.pid"
#
3.
# routeadm -u -e ipv6-forwarding
#
8-48
Exercise 1 Solutions
4.
5.
Configure the IPv6 tunnel using the routers IPv4 address on the
30.X network (for example 192.168.30.31), and use network
number 0 (zero) and host number 1 (one) for the tunnel end point.
For sys11:
prefix fec0:0:0:1::0/64
prefix 2002:c0a8:1e1f:1::0/64
hme0
hme0
For sys21:
prefix fec0:0:0:2::0/64
prefix 2002:c0a8:1e20:2::0/64
hme0
hme0
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-49
Exercise 1 Solutions
For sys31:
prefix fec0:0:0:3::0/64
prefix 2002:c0a8:1e21:3::0/64
hme0
hme0
# cat /etc/inet/ndpd.conf
# Send router advertisements out all interfaces
ifdefault AdvSendAdvertisements on
# Advertise an unregistered (bogus) global prefix and a site
# local prefix using the default lifetimes
# Site-local address
prefix fec0:0:0:1::0/64
hme0
# 6to4 address
prefix 2002:c0a8:1e1f:1::0/64
hme0
#
8.
9.
# init 6
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:f8:b7:23
qfe0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:f8:b7:23
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
inet6 fe80::a00:20ff:fef8:b723/10
ether 8:0:20:f8:b7:23
hme0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 2002:c0a8:1e1f:1:a00:20ff:fef8:b723/64
hme0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 fec0::1:a00:20ff:fef8:b723/64
ip.6to4tun0: flags=2300041<UP,RUNNING,ROUTER,NONUD,IPv6> mtu 8212 index 4
inet tunnel src 192.168.30.31
tunnel hop limit 60
inet6 2002:c0a8:1e1f::1/64
#
8-50
Exercise 1 Solutions
10. View the routing table on the router.
# netstat -rn
Routing Table: IPv4
Destination
-------------------192.168.1.0
192.168.2.0
192.168.30.0
224.0.0.0
127.0.0.1
Gateway
-------------------192.168.1.3
192.168.30.32
192.168.30.31
192.168.1.3
127.0.0.1
Flags Ref
Use
Interface
----- ----- ------ --------U
1
38 hme0
UG
1
0 qfe0
U
1
34 qfe0
U
1
0 hme0
UH
9 152065 lo0
Gateway
Flags Ref
Use
If
--------------------------- ----- --- ------ ----2002:c0a8:1e1f:1:a00:20ff:fef8:b723 U
1
6 hme0:1
fec0::1:a00:20ff:fef8:b723 U
1
0 hme0:2
2002:c0a8:1e1f::1
U
1
0 ip.6to4tun0
2002:c0a8:1e1f::1
U
1
1 ip.6to4tun0
fe80::a00:20ff:fef8:b723
U
1
18 hme0
fe80::a00:20ff:fef8:b723
U
1
0 hme0
::1
UH
30
494 lo0
0 15:42:56 ?
0 15:42:56 ?
0 15:42:56 ?
0:32 /usr/sbin/in.routed
0:00 /usr/lib/inet/in.ndpd
0:02 /usr/lib/inet/in.ripngd -s
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-51
Exercise 1 Solutions
Display the routers interface configuration so that you can back out
of the configuration at any stage.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:f8:b7:23
qfe0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:f8:b7:23
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
inet6 fe80::a00:20ff:fef8:b723/10
ether 8:0:20:f8:b7:23
hme0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 2002:c0a8:1e1f:1:a00:20ff:fef8:b723/64
hme0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
inet6 fec0::1:a00:20ff:fef8:b723/64
ip.6to4tun0: flags=2300041<UP,RUNNING,ROUTER,NONUD,IPv6> mtu 8212 index 4
inet tunnel src 192.168.30.31
tunnel hop limit 60
inet6 2002:c0a8:1e1f::1/64
#
2.
8-52
Exercise 1 Solutions
root
root
root
161
158
163
1
1
1
0 14:25:20 ?
0 14:25:20 ?
0 14:25:20 ?
0:00 /usr/lib/inet/in.ndpd
0:01 /usr/sbin/in.routed
0:00 /usr/lib/inet/in.ripngd -s
Verify that the files that you use to configure the routers interfaces
with IPv6 at boot time exist. If they do not, create them.
# touch /etc/hostname6.hme0
# touch /etc/hostname6.qfe0
#
5.
Edit the correct file on your router to cause it to use a site-local and
an aggregated global unicast address for each interface on the router.
Use the following addresses:
Configure the file to cause the routing daemon to advertise IPv6 out
of all interfaces.
Be sure to remove existing prefix 2002 lines.
Document your work.
Edit the sys11 routers /etc/inet/ndpd.conf file to contain contents
similar to the following:
sys11# cat /etc/inet/ndpd.conf
# Send router advertisements out all interfaces
ifdefault AdvSendAdvertisements on
# Advertise an unregistered (bogus) global prefix and a site
# local prefix using the default lifetimes
# Site-local addresses:
prefix fec0:0:0:2::0/64
qfe0
prefix fec0:0:0:30::0/64
hme0
# Aggregatable global unicast addresses
prefix 2000:0:0:2::0/64
qfe0
prefix 2000:0:0:30::0/64
hme0
Edit the sys21 routers /etc/inet/ndpd.conf file to contain contents
similar to the following:
sys21# cat /etc/inet/ndpd.conf
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-53
Exercise 1 Solutions
# Send router advertisements out all interfaces
ifdefault AdvSendAdvertisements on
# Advertise an unregistered (bogus) global prefix and a site
# local prefix using the default lifetimes
# Site-local addresses:
prefix fec0:0:0:2::0/64
qfe0
prefix fec0:0:0:30::0/64
hme0
# Aggregatable global unicast addresses
prefix 2000:0:0:2::0/64
qfe0
prefix 2000:0:0:30::0/64
hme0
8-54
Exercise 1 Solutions
6.
# init 6
#
svc.startd: The system is coming down.
...
...
7.
Please wait.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:ac:9b:20
lo0: flags=2000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
ether 8:0:20:b9:72:23
inet6 fe80::a00:20ff:feb9:7223/10
hme0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index
inet6 2000::1:a00:20ff:feb9:7223/64
hme0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index
inet6 fec0::1:a00:20ff:feb9:7223/64
qfe0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 3
ether 8:0:20:ac:9b:20
inet6 fe80::a00:20ff:feac:9b20/10
qfe0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index
inet6 2000::30:a00:20ff:feac:9b20/64
qfe0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index
inet6 fec0::30:a00:20ff:feac:9b20/64
8.
2
2
3
3
View your routers IPv6 routing table. What routes are available?
Flags Ref
Use
If
----- --- ------ ----U
1
0 hme0:1
U
1
0 hme0:2
U
1
0 qfe0:1
U
1
0 qfe0:2
1
0 hme0
1
0 hme0
1
0 hme0
1
0 qfe0
1
0 hme0
UH
1
0 lo0
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-55
Exercise 1 Solutions
9.
0:00 /usr/sbin/in.routed
0:00 /usr/lib/inet/in.ndpd
0:00 /usr/lib/inet/in.ripngd -s
Please wait.
11. Use the ping command to send ICMP echo requests from a nonrouter system to the site-local address of another non-router system
on another subnet to verify that the routing is functioning as
expected. (You may have to wait enough time for the routing
information to be updated after the prior steps system boot).
# ping fec0::2:a00:20ff:feb8:30c8
ICMPv6 Address Unreachable from gateway
...
# ping fec0::2:a00:20ff:feb8:30c8
fec0::2:a00:20ff:feb8:30c8 is alive
#
8-56
....
Exercise 1 Solutions
12. Determine which routing daemons are running on each non-router
system. Which options are running with each routing daemon, and
why?
# ps -ef | grep in[.]
root
102
1 0 12:51:52 ?
root
109
1 0 12:51:52 ?
#
0:00 /usr/sbin/in.routed
0:00 /usr/lib/inet/in.ndpd
Gateway
--------------------------2000::1:a00:20ff:fec1:4b44
fec0::1:a00:20ff:fec1:4b44
fe80::a00:20ff:fec1:4b44
fe80::a00:20ff:fec1:4b44
fe80::a00:20ff:feac:9b20
::1
Flags Ref
Use
If
----- --- ------ ----U
1
0 hme0:1
U
1
0 hme0:2
U
1
0 hme0
U
1
0 hme0
UG
1
0 hme0
UH
1
0 lo0
The fe8, fec, and 200 FPs indicate that the system is aware of link-local,
site-local, and global networks.
14. Display the systems interface configuration. Notice the logical
addresses that provide access to the different networks based on
the FP.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.3 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:c1:4b:44
lo0: flags=2000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 8:0:20:c1:4b:44
inet6 fe80::a00:20ff:fec1:4b44/10
hme0:1: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 2000::1:a00:20ff:fec1:4b44/64
hme0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 fec0::1:a00:20ff:fec1:4b44/64
#
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-57
8-58
1.
2.
3.
4.
5.
6.
7.
8.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-59
Note You must reboot the system for EEPROM changes to take place.
You can also set the EEPROMs local-mac-address? variable from the
OpenBoot PROM.
Note You only see this and subsequent failure messages if you are
viewing the console.
8-60
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-61
The NOFAILOVER flag indicates that the interface must not be used as
a failover interface if another interface in the group fails. You do not
need to mark IPv6 test addresses as deprecated.
Be aware that the logical interface cannot function if the physical interface
fails.
8-62
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-63
8-64
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-65
8-66
The system now remains available to users even if either of the multipath
network interfaces fail or become unusable for any reason.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-67
2.
3.
4.
5.
6.
8-68
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-69
Note You must reboot the system for EEPROM changes to take place.
You can also set the EEPROMs local-mac-address? variable from the
OpenBoot PROM level.
8-70
Assigns an interface.
hostname6
-failover
group mpgrp6-one
up
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-71
8-72
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-73
Preparation
Unplumb any secondary interfaces that might be configured before
beginning this exercise.
Refer to the lecture notes as necessary to perform the tasks listed.
Tasks
Complete the following steps.
2.
8-74
Note You must reboot the system for EEPROM changes to take place.
Write the name that you are going to assign to your multipath group:
_____________________________________________________________
4.
Check your system for interfaces, and decide which interfaces that
you will use for multipathing.
Complete the following fields:
Multipath group name: _________________________
First interface: _______________________________
Second interface: _____________________________
IPv4 address for second interface: __________________
5.
Configure your first interface as part of the multipath group that you
will use.
Write the command that you use:
_____________________________________________________________
6.
7.
8.
Caution Before performing the next step, bring down and unplumb any
secondary interfaces that might be configured, as described in the
preparation section at the beginning of this exercise.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-75
8-76
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-77
Exercise 2 Solutions
Exercise 2 Solutions
The output in the following solution is specific to an individual system.
Your results will be different depending upon the system on which you
are working.
Task Solutions
This section provides solutions to the exercise tasks.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.3 netmask ffffff00 broadcast 192.168.2.255
ether 8:0:20:b8:30:c8
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 8:0:20:b8:30:c8
inet6 fe80::a00:20ff:feb8:30c8/10
hme0:1: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 2000::2:a00:20ff:feb8:30c8/64
hme0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 fec0::2:a00:20ff:feb8:30c8/64
#
8-78
Exercise 2 Solutions
2.
# cat /etc/release
Solaris 10 3/05 s10_74L2 SPARC
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 12 January 2005
This system can support multipathing because it is more recent than the
Solaris 8 10/00 OS.
3.
# eeprom local-mac-address?
local-mac-address?=true
#
This system assigns unique MAC addresses to each interface.
What command do you use to cause your system to use unique
MAC addresses?
# eeprom local-mac-address?=true
#
Note You must reboot the system for EEPROM changes to take place.
Write the name that you are going to assign to your multipath group:
This solution uses a multipath group name of mp-demo.
4.
Check your system for interfaces, and decide which interfaces that
you will use for multipathing.
Complete the following fields:
Multipath group name: _________________________
First interface: _______________________________
Second interface: _____________________________
IPv4 address for second interface: __________________
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.3 netmask ffffff00 broadcast 192.168.2.255
ether 8:0:20:b8:30:c8
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 8:0:20:b8:30:c8
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-79
Exercise 2 Solutions
inet6 fe80::a00:20ff:feb8:30c8/10
hme0:1: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 2000::2:a00:20ff:feb8:30c8/64
hme0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 fec0::2:a00:20ff:feb8:30c8/64
#
This solution demonstrates use of the hme0 and qfe1 interfaces. The qfe1
interface is not configured for any network traffic at this stage.
The IPv4 address used for the secondary will be the primary interfaces
address plus 200. For example, 192.168.2.3 uses 192.168.2.203 for
the secondary interface.
5.
Configure your first interface as part of the multipath group that you
will use.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.3 netmask ffffff00 broadcast 192.168.2.255
groupname mp-demo
ether 8:0:20:b8:30:c8
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 8:0:20:b8:30:c8
inet6 fe80::a00:20ff:feb8:30c8/10
groupname mp-demo
hme0:1: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 2000::2:a00:20ff:feb8:30c8/64
hme0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 fec0::2:a00:20ff:feb8:30c8/64
#
Observe that the IPv4 interface has also joined the multipath group.
7.
8-80
Exercise 2 Solutions
8.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.3 netmask ffffff00 broadcast 192.168.2.255
groupname mp-demo
ether 8:0:20:b8:30:c8
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
hme0: flags=a000841<UP,RUNNING,MULTICAST,IPv6,NOFAILOVER> mtu 1500 index 2
ether 8:0:20:b8:30:c8
inet6 fe80::a00:20ff:feb8:30c8/10
groupname mp-demo
hme0:1: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 2000::2:a00:20ff:feb8:30c8/64
hme0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 fec0::2:a00:20ff:feb8:30c8/64
#
Observe that only the IPv6 interface has a test address assigned to it.
Caution Before performing the next step, bring down and unplumb any
secondary interfaces that might be configured, as described in the
preparation section at the beginning of this exercise.
9.
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-81
Exercise 2 Solutions
hme0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 fec0::2:a00:20ff:feb8:30c8/64
8-82
Exercise 2 Solutions
12. Verify that the multipathing daemon is running.
# ps -ef|grep mpath
root
480
273
root
457
1
#
0 12:34:29 console
0 11:46:17 ?
Configuring IPv6
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
8-83
Module 9
Describe UDP
Describe TCP
The course map in Figure 9-1 shows how this module fits into the current
instructional goal.
Configuring
IP
Configuring IP
Network
Multipathing
Configuring
IPv6
Figure 9-1
Configuring
Routing
Describing
the Transport
Layer
Course Map
9-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Application Layer
Transport Layer
Internet Layer
Network Interface Layer
Hardware Layer
Figure 9-2
Protocol Characteristics
There are two main protocols that operate at the Transport layer, TCP and
UDP. To understand the differences between TCP and UDP, you must be
familiar with the different characteristics of network protocols. The two
protocols associated with the Transport layer, TCP and UDP, are provided
by a kernel-loadable module. Application designers decide which
transport protocol to use for their application.
9-2
Connection-Oriented Protocols
With connection-oriented protocols, you must establish a logical
connection with the communication partner before exchanging data.
Figure 9-3 illustrates how a connection-oriented protocol could work.
Figure 9-3
9-3
Connectionless Protocols
Figure 9-4 illustrates how a connectionless protocol could work.
Figure 9-4
Connectionless Protocol
9-4
Stateful Protocols
A stateful protocol is a protocol in which part of the data that is
exchanged between the client and the server systems includes state
information. Both systems keep track of the state of the communication
session. Figure 9-5 illustrates how interaction in a stateful protocol could
work.
Client
Figure 9-5
Server
Stateful Protocol
Stateless Protocols
A stateless protocol is a protocol in which neither the client nor the server
system has an obligation to keep track of the state of the communication
session. A stateless protocol does not support most reliability features;
therefore, data that is sent can be lost or delivered out-of-sequence.
Figure 9-6 illustrates how interaction in a stateless protocol could work.
Client
Figure 9-6
Server
Stateless Protocol
The advantages of a stateless protocol are that it has lower overheads and
it has a degree of isolation between the client and the server.
Connectionless protocols are typically stateless.
9-5
Reliable Protocols
A reliable protocol requires that each transmission is acknowledged by
the receiving host. The sender retransmits, if necessary. Figure 9-7 shows
how a reliable protocol could work.
Sender
Receiver
Time
Send Packet 1
1
Receive Packet 1
Send Acknowledgement (ACK)
2
Receive ACK
Send Packet 2
3
Receive Packet 2
Send ACK
4
Receive ACK
Send Packet 3
Packet Lost
Timeout
Resend Packet 3
6
Figure 9-7
9-6
Receive Packet 3
Reliable Protocol
Unreliable Protocols
An unreliable protocol does not require that each transmission is
acknowledged by the receiving host. Figure 9-8 shows how an unreliable
protocol could work.
Sender
Send Packet 1
Time
Receiver
Send Packet 2
Send Packet 3
Packet Lost
Send Packet 4
Figure 9-8
Unreliable Protocol
9-7
TCP
Certified
UDP
Uncertified
Figure 9-9
9-8
Introducing UDP
Introducing UDP
UDP is a connectionless, stateless, and unreliable protocol. UDP is
designed for applications that do not require a reliable Transport layer
mechanism. UDP packets can be lost, duplicated, or delivered
out-of-order. The application program that uses UDP is responsible for
reliability, sequencing, and flow control, if required.
Purpose of UDP
UDP gives an application direct access to the Internet layer and includes
the source and the destination port numbers. UDP does not require that
the receiving host acknowledge transmissions. UDP has low overhead,
and it is designed for high-speed applications that run on reliable
networks. UDP is also used by Application layer protocols that transmit
information by broadcast mechanisms.
Destination Port
Checksum
9-9
Introducing TCP
Introducing TCP
TCP is a connection-oriented, stateful, and reliable protocol.
TCP is suited for situations where large volumes of data must travel
between systems, particularly across multiple routers and gateways. TCP
has four main features:
Full-duplex connection
Buffered transfer
9-10
Introducing TCP
Full-Duplex Connection
TCP connections provide concurrent transfer in both directions. A
full-duplex connection consists of two independent streams of data that
flow in opposite directions. The TCP protocol software sends control
information for one stream back to the source in the segments that carry
data in the opposite direction. This process is called piggybacking, and it
reduces network traffic.
Buffered Transfer
Data that comes from the application is a flowing stream. Data can flow
fast or slow. To ensure the efficient flow of data to and from the
application, TCP provides both input and output buffers to regulate the
flow of data. The input and output buffers also enable the application to
see TCP as a full-duplex connection.
9-11
9-12
9-13
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
Tasks
Complete the following steps:
1.
_____
Sliding window
a.
_____
UDP
b.
_____
Connection-oriented
protocol
c.
An unacknowledged Transport
layer protocol
_____
TCP
d.
2.
9-14
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
9-15
Exercise Solutions
Exercise Solutions
Solutions to the exercise are as follows:
1.
Sliding window
a.
UDP
b.
Connection-oriented
protocol
c.
An unacknowledged Transport
layer protocol
TCP
d.
2.
9-16
Module 10
Configuring DNS
Objectives
This module describes the basic components of DNS, including the
Berkeley Internet name domain (BIND), top-level domains, zones of
authority, server types, the name resolution process, and resource records.
This module also describes DNS configuration, including gathering
needed information, editing the BIND configuration file and other
relevant files, and performing basic troubleshooting procedures.
Upon completion of this module, you should be able to:
The course map in Figure 10-1 shows how this module fits into the
current instructional goal.
Configuring
DNS
Configuring
DHCP
Configuring
NTP
Configuring the
Solaris IP
Filter Firewall
10-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
BIND
BIND is the most frequently used implementation of DNS in the UNIX
environment. The Solaris 10 OS implements the BIND 9, version 9.2.4
software.
Note Earlier versions of the Solaris OS implemented the BIND 8
software. In BIND 8 the daemon is /usr/sbin/in.named. In BIND 9 the
daemon is /usr/sbin/named.
The latest versions of the BIND software are available from the Internet
Systems Consortiums (ISC) Web site, http://www.isc.org/. You can
download and compile the latest version; however, Sun Microsystems,
Inc. does not support this action.
Top-Level Domains
A domain:
10-2
Can be broken into subdomains and can delegate authority for those
subdomains to another group of administrators.
Description
com
edu
Educational organizations
gov
mil
net
org
arpa
ca
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-3
Zones of Authority
In addition to dividing the name space into administrative domains, the
name space also divides into various zones of authority. These zones:
Are the portion of the name space for which a server is authoritative
(that is, contains information for domains over which the server has
naming control in the form of resource records in the servers
configuration files)
Server Types
DNS implements name resolution. The following are some of the more
common server types, which are described in more detail in this section.
Note that a single system can fulfill more than one role. For example, a
system might be a primary server for one zone and a secondary server for
a different zone. All servers also cache information.
The types of server are:
10-4
Root servers
Primary servers
Secondary servers
Caching-only servers
Forwarding servers
Root Servers
Root servers maintain data about each of the top-level zones. There are (as
of September, 2004) 13 root servers. Of these servers, nine serve the root
and top-level domains, and four serve the root domain only. ICANN
maintains the root servers, and the servers are moved to a common
domain for consistent naming purposes. The root servers are currently
named A.root-servers.net., B.root-servers.net., and so on.
You can download a current copy of the named.root file, which contains
a list of the current root servers, from the
ftp://ftp.rs.internic.net/domain/named.root URL.
Primary Servers
Each DNS zone must have a primary server. Although DNS does not
prohibit having more than one primary server, maintaining multiple
primary servers is difficult and is prone to having errors occur; therefore,
it is not frequently done. In the /etc/named.conf file, the keyword
master indicates the primary server.
Primary servers have the following features:
They are the system on which all changes are made to the zone.
They are authoritative servers for all zones that they serve. (See the
following sections for definitions of authoritative and
non-authoritative servers.)
Secondary Servers
Each domain should have at least one secondary server. The ICANN does
not permit a domain to be registered officially as a subdomain of a
top-level domain until a site demonstrates two working DNS servers.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-5
They are authoritative for all of the zones that they serve; that is,
their answers to queries are considered highly accurate.
Caching-Only Servers
All DNS servers cache information for any domain for which they are not
authoritative. Caching-only servers are servers that are not authoritative
for any zone, but instead caches responses from other, authoritative, name
servers. Over time, the size of the cache grows.
Caching-only servers have the following features:
They are never authoritative for any domain, with the exception of
the loopback address.
Forwarding Servers
Forwarding servers are DNS servers intended to act as focal points for all
off-site DNS queries. Off-site queries are queries for remote information.
Designating a server as a forwarding server causes all off-site requests to
consult initially the forwarding server or servers, and to wait for a reply. If
no reply is received from the forwarders, the name server resumes normal
operations and contacts the remote name servers itself.
Forwarding servers have the following features:
10-6
The local server can still contact the remote site if forwarders fail to
respond to queries.
Answer Types
Answers that are returned from DNS servers can be described as
authoritative or non-authoritative.
Answers from authoritative DNS servers are:
Usually correct
Name-Resolution Process
DNS name resolution is the process of translating a domain name to an IP
address or translating an IP address to a domain name.
Name resolution begins with client-side resolver code. Resolver code is
built into the operating system libraries and is available to programs that
use system interface calls.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-7
10-8
/etc/nsswitch.conf File
/etc/inet/hosts File
/etc/resolv.conf File
Cache
10
12
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-9
loghost
# router to get to instructor
10-10
1.
2.
The client system consults the local /etc/inet/hosts file and does
not find an entry.
3.
The client system sends a query asking for the IP address of the
Internet name, ftp.internic.net., to the LDAP server and finds
no address.
4.
5.
6.
The local DNS server consults the contents of its cached information
in case this query has been recently resolved. If the address is in the
local cache, it is returned to the client as a non-authoritative answer.
If the local DNS server does not have cached information about the
net or internic domains, it contacts one of the root servers and
sends an iterative query. An iterative query states: Send me the best
answer you have, and I will do all of the work. In this example, the
assumption is that the answer is not cached and that a root server
must be contacted.
8.
The root server returns the best information it has. In this case, the
only information you are guaranteed is that the root server has the
names and addresses of all the net domain servers. The root server
returns these names and addresses along with a TTL value that
specifies how long the local DNS server can cache this information.
9.
The local DNS server contacts one of the net domain servers
returned from the previous query and transmits the same iterative
query that was previously sent to a root server.
10. The net domain server that is contacted returns the best information
it has, which are the names and addresses of the internic.net
servers and a TTL value.
11. The local DNS server contacts one of the internic.net domain
servers and makes the same query for the IP address for the Internet
name, ftp.internic.net.
12. An internic.net server returns the IP addresses of the Internet
name, ftp.internic.net, along with a TTL value.
The local DNS server returns the requested address to the client system,
and the client can proceed.
Resource Records
Resource records are entries contained in the name server zone files and
are not case sensitive. A resource record can contain information that
pertains to a particular domain, including the server addresses, cache
time-out values, and the email address of the DNS administrator.
Resource records can also include information about a particular system
including its IP address, its domain name, and its contact information.
Although each type of resource record has specific syntax, the general
format of any resource record is:
[name] [ttl] class type data
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-11
Description
name
ttl
class
type
data
Depending on the record type and other shortcuts being taken, not all of
the fields are always required.
Record Types
DNS zone files can contain blank lines and comments. Comments begin
with a semicolon.
10-12
Purpose
$TTL
SOA
NS
PTR
CNAME
AAAA
$TTL 8h
. IN SOA instructor.thirty.edu. root.instructor.thirty.edu. (
20040923
; version number
10800
; refresh (3hrs.)
3600
; retry (1hr.)
691200
; expire (8days)
3600 )
; negative caching info. kept for 1 hour
one.edu.
sys12.one.edu.
NS
sys12.one.edu.
192.168.1.2
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-13
2.1.168.192
IN
www.one.edu.
sys12.one.edu.
CNAME
sys12.one.edu.
The $TTL directive identifies the cache TTL value that remote DNS servers
receive when they query the information specified by this directive. This
directive, or control statement, was not available for use until BIND 8.2.x
versions.
10-14
svc:/network/dns/client:default
svc:/network/dns/server:default
The following svcadm commands enable the DNS naming service and the
default client service:
# svcadm enable svc:/network/dns/server:default
# svcadm enable svc:/network/dns/client:default
# svcs -a | grep dns
online
23:02:34 svc:/network/dns/client:default
online
23:08:27 svc:/network/dns/server:default
Note The DNS client service will not start any new processes, but when
enabled, checks that the system is configured as a DNS client with an
/etc/resolv.conf file. Other services used for managing application
and daemons that require DNS, such as LDAP, will have a dependency on
the DNS client service to ensure that the system is a DNS client.
Gathering Information
When you configure a DNS server, supply the server with the following
types of information:
The information required to resolve all domains for which the server
is authoritative. This information consists of name-to-address
translations.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-15
The information needed to resolve all reverse domains for which the
server is authoritative. This information consists of address-to-name
translations.
The names and addresses of servers for all domains that are one
level below the domains being served by this server. This
information is sometimes referred to as parenting or delegating.
Indicate the location of the file that includes the root servers
The named daemon reads the /etc/named.conf file when the daemon is
started by the SMF. The configuration file directs the named daemon either
to other servers or to local data files for a specified domain.
The /etc/named.conf file contains statements and can contain
comments. Statements end with a semicolon (;), they can contain a block
of statements enclosed within curly braces ({}), and each statement in the
block is terminated with a semicolon (;). Comments can start with /* and
end with */, can follow either # or //, and can extend to the end of the
line.
10-16
Definition
acl
options
zone
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-17
/var/named
named.root
forward.zone
reverse.rzone
loop.back
10-18
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-19
The dot (.) in the first field denotes the root domain.
The TTL field is 3600000 seconds. This field is historic and is not
used in this file.
The NS record type indicates that a name server is being defined for
the root domain.
The fifth field of the first record (the data field) is the FQDN of a
root server. Note the trailing dot associated with this field.
The first (domain) field contains the FQDN of the root server that is
defined in the previous record.
The TTL field is 3600000 seconds. This field is historic and is not
used in this file.
For A records, the fourth data field contains the IP address of the root
server that is specified in the first field.
The NS and A records combine to define the name and address of a single
root server. This file specifies additional pairs of records, as appropriate.
10-20
IN
127.0.0.1
;
;{name}
{ttl}
Class
CNAME
Canonical Name
;------------------------------------------------------router
IN
CNAME
sys11
dns
IN
CNAME
sys12
The $TTL directive sets the default time to live for the zones information
to eight hours.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-21
An at sign (@) in the name field This is a shortcut for the domain
that is being served (one.edu. in this case). The actual value for the
@ comes from the second field of the appropriate record in the
named.conf file that references this file. The @ also defines the
default origin that determines the domain appended to any partially
qualified domain name in the configuration files resource records.
Data field argument 3 This is the version (Serial) number that the
secondary slave servers use to determine if they need to perform a
zone transfer to get a fresh copy of zone data. Any time you make
changes to this file, remember to update this number in such a way
that it gets larger. It is always safe to start at 1 and add 1 with each
change, or to use todays date.
You should define an NS record for all name servers in this domain that
you want to be recognized by DNS servers.
10-22
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-23
10-24
The @ (at the top of this resource record) in this example refers to the
1.168.192.in-addr.arpa. reverse domain, as indicated in the
/etc/named.conf file in which this reverse file is referenced.
The address-to-name mappings are defined with the PTR record type.
The domain field in the PTR record contains the host portion of the IP
address. Because these resource records do not end with a . (dot), the
value of the @ is appended to each record. The argument field of the
PTR record should contain the FQDN of the name of the system at
which the record points. This completes the reverse address-to-name
mapping.
You can use the @ when the domain name is the same as the origin,
127.in-addr.arpa. in this example.
The only items that you change from domain to domain in the SOA
record are the host name (first) argument and the email address used
to report problems.
You must specify the name of the system being configured on the NS
line.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-25
zone "one.edu" in {
type master;
file "db.one.edu";
allow-update { 127.0.0.1; 192.168.1.2; };
};
zone "1.168.192.in-addr.arpa" in {
type master;
file "db.192.168.1";
allow-update { 127.0.0.1; 192.168.1.2; };
};
2.
10-26
Configuring Security
Because of the nature of the Internet, DNS can be vulnerable to
unauthorized access.
Beginning with BIND version 8.x.x, security features are implemented
through the /etc/named.conf configuration file. Two important security
considerations are the control of name queries and the control of zone
transfers. By default, servers respond to any query or request for a zone
transfer. You can modify this behavior by using the allow-query and
allow-transfer keywords.
The allow-query statement enables you to establish an IP address-based
access list for queries. You can apply this access list to a specific zone or to
all queries that are received by the server. The IP address list determines
which systems receive responses from the server.
You can restrict queries to all zones by using the allow-query keyword
as an argument to the options statement for the zone.
For example:
options {
allow-query { 192.168.1/24; 192.168.3/24; };
};
In this case, only systems with the IP addresses 192.168.1.xxx and
192.168.3.xxx receive responses from the name server.
You can restrict queries for a specific zone by using the allow-query
keyword as an argument to the zone statement. For example:
zone "one.edu" in {
type master;
file "forward.zone";
allow-query { 192.168.3/24; };
};
In this case, only subnet 192.168.3.0 has access to the resource records
for this zone.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-27
10-28
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-29
Secondary servers are configured with and use the same root server
hints file as the primary name server.
Secondary servers are configured with and use the same syntax for a
reverse loopback domain file as the primary name server uses,
except that the secondary name server is always listed as the
primary for the loopback address.
Secondary servers start the named daemon during the boot process if the
/etc/named.conf file exists. The daemon is started by SMF.
10-30
zonee
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-31
10-32
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-33
category queries
10-34
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-35
Sends queries and displays replies for any of the valid resource
record types
IN
;; AUTHORITY SECTION:
one.edu.
86400
IN
SOA
sys12.one.edu.
root.sys12.one.edu. 2005010101 3600 1800 6048000 86400
;;
;;
;;
;;
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1440
10-36
IN
;; ANSWER SECTION:
sys11.one.edu.
86400
IN
192.168.1.1
;; AUTHORITY SECTION:
one.edu.
one.edu.
86400
86400
IN
IN
NS
NS
sys12.one.edu.
sys13.one.edu.
;; ADDITIONAL SECTION:
sys12.one.edu.
sys13.one.edu.
86400
86400
IN
IN
A
A
192.168.1.2
192.168.1.3
;;
;;
;;
;;
IN
;; AUTHORITY SECTION:
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-37
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1932
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;1.1.168.192.in-addr.arpa.
IN
PTR
;; ANSWER SECTION:
1.1.168.192.in-addr.arpa. 86400 IN
PTR
sys11.one.edu.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400
1.168.192.in-addr.arpa. 86400
IN
IN
NS
NS
sys13.one.edu.
sys12.one.edu.
;; ADDITIONAL SECTION:
sys12.one.edu.
sys13.one.edu.
IN
IN
A
A
192.168.1.2
192.168.1.3
;;
;;
;;
;;
86400
86400
10-38
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-39
Dump Examples
Examining dumped caches is often a very productive way to troubleshoot
errors.
The following example shows an improper use of the dig command
attempting a reverse query:
sys13# dig @192.168.1.2 one.edu 192.168.1.1
; <<>> DiG 9.2.4 <<>> @192.168.1.2 one.edu 192.168.1.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1328
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;one.edu.
IN
;; AUTHORITY SECTION:
one.edu.
86400
IN
SOA
sys12.one.edu.
root.sys12.one.edu. 2005010101 3600 1800 6048000 86400
;;
;;
;;
;;
10-40
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1204
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.1.1.
IN
;; AUTHORITY SECTION:
.
10800
IN
SOA
instructor.thirty.edu.
root.instructor.thirty.edu. 2005010101 3600 1800 6048000 86400
;;
;;
;;
;;
instructor.thirty.edu.
;-$NXDOMAIN
192.168.30.30
The NXDOMAIN in the dumped data indicates that a non existent (NX)
domain was requested. Because the incorrect syntax was used (missing -x
option, needed for reverse queries), the IP address was mistaken for a
domain.
The following example shows a successful reverse query:
sys13# dig @192.168.1.2 two.edu -x 192.168.2.1
; <<>> DiG 9.2.4 <<>> @192.168.1.2 two.edu -x 192.168.2.1
;; global options: printcmd
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-41
IN
;; AUTHORITY SECTION:
two.edu.
10800
IN
SOA
sys22.two.edu.
root.sys22.two.edu. 2005010101 3600 1800 6048000 86400
;;
;;
;;
;;
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1982
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;1.2.168.192.in-addr.arpa.
IN
PTR
;; ANSWER SECTION:
1.2.168.192.in-addr.arpa. 86400 IN
PTR
sys21.two.edu.
;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 86400
2.168.192.in-addr.arpa. 86400
NS
NS
sys23.two.edu.
sys22.two.edu.
;;
;;
;;
;;
IN
IN
10-42
IN NS
instructor.thirty.edu.
NS
NS
sys22.two.edu.
sys23.two.edu.
PTR
sys21.two.edu.
192.168.30.30
NS
NS
sys22.two.edu.
sys23.two.edu.
\-A
;-$NXRRSET
192.168.2.2
192.168.2.3
The first three entries in the cached data show the resolution process. The
first highlight entry shows the forwarding of the request to the
instructor.thirty.edu. The second highlighted entry shows that
server supplying the and of the authoritative server for the
2.168.192.in-addr.arpa zone (sys22.two.edu). The last highlighted
entry shows the pointer information cached for the requested IP address.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-43
instructor.thirty.edu.
192.168.30.30
sys22.two.edu.
sys23.two.edu.
;-$NXRRSET
192.168.2.1
192.168.2.2
192.168.2.3
10-44
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-45
10-46
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-47
Server Status
The rndc utility can be used to query server status and report statistics.
Now test to verify that the rndc utility works as expected:
sys12# rndc status
number of zones: 5
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
server is up and running
10-48
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-49
Preparation
Refer to the lecture notes as necessary to perform the tasks listed.
Before starting this lab; make sure that:
The instructor has set up a root domain server for use in this lab.
10-50
Host
Function
instructor
sysX1
Router
sysX2
sysX3
sysX4
DNS client
Task Summary
In this exercise, team up with the other students on your subnet, and
configure a DNS primary server, a DNS secondary server, and clients on
your subnet. You practice using troubleshooting tools, such as the
nslookup utility. Work as a team, and move as a team to each system that
is to be configured. In this way, you experience most of the aspects of
configuring DNS.
Tasks
To configure DNS, complete the following steps.
Your first task is to configure your domains primary DNS server.
Set up the /etc/named.conf file for your domain on the system that
will be your domains primary DNS server. You can create the file
yourself, or you can use the template file that your instructor makes
available to you.
zone
___________________________________________________
___________________________________________________
options
___________________________________________________
___________________________________________________
2.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-51
Where can you obtain a current copy of the current root name
servers?
___________________________________________________
___________________________________________________
___________________________________________________
___________________________________________________
NS
___________________________________________________
A
___________________________________________________
4.
Set up the zone file for your domain on the system that will be your
domains primary DNS server. You can create the file yourself, or
you can use the template file that your instructor makes available to
you.
10-52
Set up the reverse lookup file for your domain on the system that
will be your domains primary DNS server. You can create the file
yourself, or you can use the template file that your instructor makes
available to you.
6.
Set up the loopback file for your domain on the system that will be
your domains primary DNS server. You can create the file yourself,
or you can use the template file that your instructor makes available
to you.
Working on all of your DNS clients and DNS servers, copy the
/etc/nsswitch.dns file to the /etc/nsswitch.conf file.
Write the command that you use:
___________________________________________________
8.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-53
b.
Use the svcs command to verify that the services are online.
___________________________________________________
c.
10-54
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-55
b.
Use the svcs command to verify that the services are online.
_____________________________________________________
c.
21. Verify that the new zone files have been created in the /var/named
directory.
__________________________________________________________
22. Verify that the secondary name server performs forward lookup
requests as expected.
__________________________________________________________
10-56
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-57
Exercise Solutions
Exercise Solutions
Solutions to this exercise are provided in the following section.
Task Solutions
To configure DNS, complete the following steps.
Your first task is to configure your domains primary DNS server.
Set up the /etc/named.conf file for your domain on the system that
will be your domains primary DNS server. You can create the file
yourself, or you can use the template file that your instructor makes
available to you.
Your /etc/named.conf file should be similar to the following:
10-58
Exercise Solutions
zone "0.0.127.in-addr.arpa" in
{
type master;
file "db.127.0.0";
};
zone
It defines a zone of authority and applies options selectively on a
per-zone basis, rather than to all zones.
options
It controls global server configuration options and sets default
values for other statements.
2.
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-59
Exercise Solutions
Where can you obtain a current copy of the current root name
servers?
You can retrieve them from the
ftp://ftp.rs.internic.net/domain/named.root URL. Be
sure to check that the files syntax is correct.
NS
The NS record (name server record) identifies the name server of a
domain.
A
The A record (address record) yields an IP address that
corresponds to a host name.
4.
Set up the zone file for your domain on the system that will be your
domains primary DNS server. You can create the file yourself, or
you can use the template file that your instructor makes available to
you.
Your /var/named/db.one.edu file should be similar to the following:
10-60
Exercise Solutions
;{name}
{ttl}
Class
A
IP Address
;------------------------------------------------sys11
IN
A
192.168.1.1
sys12
IN
A
192.168.1.2
sys13
IN
A
192.168.1.3
sys14
IN
A
192.168.1.4
localhost
IN
127.0.0.1
;
;{name}
{ttl}
Class
CNAME
Canonical Name
;------------------------------------------------------router
IN
CNAME
sys11
dns
IN
CNAME
sys12
5.
Set up the reverse lookup file for your domain on the system that
will be your domains primary DNS server. You can create the file
yourself, or you can use the template file that your instructor makes
available to you.
Your /var/named/db.192.168.1 file should be similar to the following:
db.192.168.1
$TTL 86400
;
;{name}
{ttl}
Class
SOA
Origin
Postmaster
;---------------------------------------------------------------------------------@
IN
SOA
sys12.one.edu.
root.sys12.one.edu. (
2005010101
; Serial
3600
; Refresh (1 Hour)
1800
; Retry (30 Minutes)
6048000
; Expire (1 Week)
86400 )
; Minimum (24 Hours)
;
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-61
Exercise Solutions
;{name}
{ttl}
Class
NS
Nameserver Name
;-----------------------------------------------------IN
NS
sys12.one.edu.
;
;{name}
{ttl}
Class
PTR
Real Name
;-----------------------------------------------1
IN
PTR
sys11.one.edu.
2
IN
PTR
sys12.one.edu.
3
IN
PTR
sys13.one.edu.
4
IN
PTR
sys14.one.edu.
6.
Set up the loopback file for your domain on the system that will be
your domains primary DNS server. You can create the file yourself,
or you can use the template file that your instructor makes available
to you.
Your /var/named/db.127.0.0 file should be similar to the following:
db.127.0.0
$TTL 86400
;
;{name}
{ttl}
Class
SOA
Origin
Postmaster
;---------------------------------------------------------------------------------@
IN
SOA
sys12.one.edu.
root.sys12.one.edu. (
2005010101
; Serial
3600
; Refresh (1 Hour)
1800
; Retry (30 Minutes)
6048000
; Expire (1 Week)
86400 )
; Minimum (24 Hours)
;
;{name}
{ttl}
Class
NS
Nameserver Name
;-----------------------------------------------------IN
NS
sys12.one.edu.
;
;{name}
{ttl}
Class
PTR
Real Name
;-----------------------------------------------1
IN
PTR
localhost.
10-62
Exercise Solutions
Working on all of your DNS clients and DNS servers, copy the
/etc/nsswitch.dns file to the /etc/nsswitch.conf file.
Write the command that you use:
# cp /etc/nsswitch.dns /etc/nsswitch.conf
8.
# cat /etc/resolv.conf
domain one.edu
nameserver 192.168.1.2
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-63
Exercise Solutions
Use the svcs command to verify that the services are online.
10-64
Exercise Solutions
IN
;; AUTHORITY SECTION:
one.edu.
86400
IN
SOA
sys12.one.edu.
root.sys12.one.edu. 2005010101 3600 1800 6048000 86400
;;
;;
;;
;;
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;sys11.one.edu.
IN
;; ANSWER SECTION:
sys11.one.edu.
86400
IN
192.168.1.1
;; AUTHORITY SECTION:
one.edu.
86400
IN
NS
sys12.one.edu.
;; ADDITIONAL SECTION:
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-65
Exercise Solutions
sys12.one.edu.
;;
;;
;;
;;
86400
IN
192.168.1.2
10-66
Exercise Solutions
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-67
Exercise Solutions
The addition to the reverse zone file should be similar to the following,
added under the existing name server configuration:
;{name}
{ttl}
Class
NS
Nameserver Name
;-----------------------------------------------------IN
NS
sys12.one.edu.
IN
NS
sys13.one.edu.
10-68
Exercise Solutions
zone "one.edu"
{
type slave;
file "db.one.edu.slave";
masters
{
192.168.1.2;
};
};
zone "1.168.192.in-addr.arpa"
{
type slave;
file "db.192.168.1.slave";
masters
{
192.168.1.2;
};
};
zone "0.0.127.in-addr.arpa" in
{
type slave;
file "db.127.0.0.slave";
masters
{
192.168.1.2;
};
};
19. Set up the /var/named/db.root file for your domain on the system
that will be your domains secondary DNS server. You can create the
file yourself, or you can use the template file that your instructor
makes available to you.
Your /var/named/db.root file should be similar to the following:
sys13# cat /var/named/db.root
;
db.root
;
;{name}
{ttl}
Class
NS
Nameserver Name
;-------------------------------------------------------------.
604800 IN
NS
instructor.thirty.edu.
;
;{name}
{ttl}
Class
A
IP Address
;--------------------------------------------------------instructor.thirty.edu. 604800 IN
A
192.168.30.30
sys13#
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-69
Exercise Solutions
20. Start the name server daemon on your DNS server:
a.
Use the svcs command to verify that the services are online.
root
root
root
root
root
root
root
sys
root
root
root
root
512
1024
353
430
460
405
Jan
Jan
Jan
Jan
Jan
Jan
12
11
12
12
12
12
05:14
16:50
13:36
13:56
13:46
05:13
.
..
db.127.0.0.slave
db.192.168.1.slave
db.one.edu.slave
db.root
22. Verify that the secondary name server performs forward lookup
requests as expected.
You could use one of a few tools to test DNS lookup requests. This example
demonstrates using the dig utility where:
10-70
IN
Exercise Solutions
;; AUTHORITY SECTION:
one.edu.
86400
IN
SOA
sys12.one.edu.
root.sys12.one.edu. 2005010101 3600 1800 6048000 86400
;;
;;
;;
;;
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 322
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;4.1.168.192.in-addr.arpa.
IN
PTR
;; ANSWER SECTION:
4.1.168.192.in-addr.arpa. 86400 IN
PTR
sys14.one.edu.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400
1.168.192.in-addr.arpa. 86400
IN
IN
NS
NS
sys13.one.edu.
sys12.one.edu.
;; ADDITIONAL SECTION:
sys12.one.edu.
sys13.one.edu.
IN
IN
A
A
192.168.1.2
192.168.1.3
;;
;;
;;
;;
86400
86400
Configuring DNS
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
10-71
Module 11
Configuring DHCP
Objectives
This module explains the fundamentals of DHCP, including the purpose
of DHCP and client and server functions. This module explains how to
configure DHCP and how to troubleshoot a DCHP server.
Upon completion of this module, you should be able to:
The course map in Figure 11-1 shows how this module fits into the current
instructional goal.
Configuring
DNS
Configuring
DHCP
Configuring
NTP
Configuring the
Solaris IP
Filter Firewall
11-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
IP address
Purpose of DHCP
DHCP reduces the cost of managing networks by eliminating the need to
manually assign or change IP addresses repeatedly. DHCP also reclaims
IP addresses that are no longer needed or if the time period for their use
has expired. These IP addresses can then be used by other clients. DHCP
also makes it easier to renumber the network if the ISP is changed. The
DHCP server would be reconfigured to provide the new IP addresses
offered from this new ISP.
IP addresses are assigned to each system when an organization sets up its
computer network.
11-2
DHCP
Configure
Network
Interfaces
IP Address
Netmask
Router
Parameters
(System and
Application)
NIS Server
WWW Server
NTP Server
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-3
DHCP
Server
Client
Time
DHCPDISCOVER
DHCPOFFER
DHCPACK
11-4
Client
DHCP
Server
Time
DHCPDISCOVER
DHCPDISCOVER
2
DHCPOFFER
All DHCP requests are evaluated and
DHCPREQUEST is sent
4
DHCPACK
5
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-5
11-6
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-7
11-8
# /usr/sadm/admin/bin/dhcpmgr &
This example uses the sys12 system to demonstrate how to
configure a basic DHCP server by using the dhcpmgr utility.
If the system is not configured as a DHCP server or a BOOTP relay,
the Choose Server Configuration window appears. Figure 11-5
enables you to configure the server as a DHCP server. This example
uses the default Configure as the DHCP server.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-9
Click OK.
The DHCP Configuration Wizard Step 1 window appears.
Figure 11-6 shows you where to select the data storage format.
11-10
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-11
11-12
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-13
11-14
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-15
10. Select either Use router discovery protocol or type the router
information in the Use router field.
11. Click >.
11-16
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-17
11-18
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-19
11-20
2.
3.
Click >.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-21
11-22
4.
5.
6.
Click >.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-23
Select Configuration Macro from the drop-down list box and verify
that Addresses are unusable is unchecked.
9.
If you want to view the contents of the selected macro, click View. To
exit the contents window, click OK.
11-24
Note Normally, routers, mail servers, and systems that provide services
use permanent lease types.
11. Select either Dynamic or Permanent, and click >.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-25
11-26
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-27
-r datastore
-p location
11-28
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-29
DHCP
Network
192.168.1.0
Client ID
IP Address and
Configuration Parameters
00
Client Address:
192.168.30.1
Server Address:
192.168.30.30
Figure 11-24 The DHCP Network File
One DHCP network file exists for each network that is served by the
DHCP server. The name of each file is determined from the datastore
format and the network address of the network that it supports, such as
SUNWfiles1_192_168_1_0. There is no table or file with the name
SUNWfiles. The name always includes an IP address and an identifier
about the file type (SUNWbinfiles, SUNWfiles, or SUNWnisplus).
11-30
View tables
You can use any one of the following option flags with the pntadm
command:
-C
-A
-M
-P
-D
-r
-p
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-31
Note You can use an alias name for this network in place of the network
number if the alias is defined in the /etc/inet/networks file.
To verify that the network table was created, type the command:
# ls /var/dhcp | grep 30
SUNWfiles1_192_168_30_0
#
To view the initial contents of the new table, use the cat command:
# cat /var/dhcp/SUNWfiles1_192_168_30_0
# SUNWfiles1_192_168_30_0
#
# Do NOT edit this file by hand -- use pntadm(1M) or dhcpmgr(1M) instead
#
11-32
Client IP
192.168.30.1
Server IP
192.168.1.2
Lease Expiration
Zero
Macro
mymacro
Comment
Note Observe that the Flags value is 03, which represents the sum of 2
and 1, where MANUAL is represented by 2 and PERMANENT is represented
by 1. Refer to the DHCP network man page for more information.
To view the changes by using the table, type the command:
# cat /var/dhcp/SUNWfiles1_192_168_30_0
# SUNWfiles1_192_168_30_0
#
# Do NOT edit this file by hand -- use pntadm(1M) or dhcpmgr(1M) instead
#
192.168.30.1|00|03|192.168.1.2|0|8214847195300495362|mymacro|
#
To change the 192.168.30.1 entry to 192.168.30.2 (-n), type the
command:
# pntadm -M 192.168.30.1 -n 192.168.30.2 192.168.30.0
To verify the changes, type the command:
# pntadm -P 192.168.30.0
Client ID
00
Flags
03
Client IP
192.168.30.2
Server IP
192.168.1.2
Lease Expiration
Zero
Macro
mymacro
Comment
#
To delete the 192.168.30.2 entry from the 192.168.30.0 table, type the
command:
# pntadm -D 192.168.30.2 192.168.30.0
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-33
Flags
Client IP
Server IP
Lease Expiration
Macro
Comment
11-34
-A
-M
-D
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-35
To delete the NewSym symbol from the dhcptab table, type the command:
# dhtadm -D -s NewSym
#
To verify the changes, type the command:
# dhtadm -P
Name
Type
Value
==================================================
NewMacro
Macro
:DNSserv=192.168.1.1:LeaseTim=3600:
192.168.1.0
Macro
:Subnet=255.255.255.0:Router=192.168.1.1:Broadcst=192.168.1.255:
sys12
Macro
:Include=Locale:Timeserv=192.168.1.1:LeaseTim=86400:LeaseNeg:
Locale
Macro
:UTCoffst=-25200:
#
11-36
Table 11-1 shows the items that are created during DHCP configuration.
Table 11-1 Items Created During DHCP Server Configuration
Item
Description
Contents
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-37
Description
Contents
11-38
2.
Enable DHCP on the client by creating the appropriate file for the
external interface, which is hme0 in this example.
# touch /etc/dhcp.hme0
Note Verify that the /etc/hostname.interface file exists for the
interface being configured using DHCP; otherwise, the interface will not
be plumbed. This is a requirement for a successful DHCP configuration of
the client.
3.
4.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-39
Reboot the client, and watch the system console as the system boots.
6.
2.
3.
REQUEST_HOSTNAME=yes
4.
inet hostname
where hostname is the name you want the client to use. For example,
the file contents in this example are:
# cat /etc/hostname.qfe0
inet dhcp-hostname-test
#
5.
# pkill dhcpagent
# rm /etc/dhcp/interface.dhc
# init 6
Note The state file is written only when the dhcpagent process is
terminated and the dhcpagent program is not configured to release its IP
address on termination.
11-40
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-41
11-42
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-43
11-44
After you enable the client software and reboot the system, the client tries
to reach the DHCP server to obtain its network configuration. If the client
fails to reach the server or if the client does not receive correct
information, you can see error messages, such as:
DHCP or BOOTP server not responding
Need router-ip to communicate with TFTP server
TFTP servers IP address not known!
Before you determine the problem, you must gather diagnostic
information from both the client and the server, and analyze this
information. To gather information, you can:
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-45
Preparation
Before performing this exercise, do the following:
11-46
Host
Function
Instructor
sysX1
Router
sysX2
sysX3
sysX4
Task Summary
In this exercise, you accomplish the following tasks:
2.
3.
4.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-47
2.
3.
4.
Reboot the client, and watch the system console as the system boots.
11-48
1.
Start the snoop utility on any system on the subnet other than the
DHCP client. Be sure to use the snoop utility on an interface that is
on the same subnet as the DHCP client, which is hme0 in this
example. Have the snoop utility write to the /tmp/dhcp-snoop.snp
file.
2.
3.
After the DHCP client is booted, stop the snoop utility by pressing
the Control+C key sequence.
4.
Use the snoop utility to convert the trace data to ASCII text, and
output that text to the /tmp/dhcp-snoop.txt file for viewing with
any text editor that provides easy navigation and searching of the
data.
6.
7.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-49
Exercise Summary
Exercise Summary
!
?
11-50
Experiences
Interpretations
Conclusions
Applications
Exercise Solutions
Exercise Solutions
Solutions to the exercise are provided in this section.
# /usr/sadm/admin/bin/dhcpmgr &
2.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-51
Exercise Solutions
If the system is not configured as a DHCP server or BOOTP relay,
Figure 11-25 appears.
Click OK.
The DHCP Configuration Wizard Step 1 window in Figure 11-26
appears.
11-52
Exercise Solutions
b.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-53
Exercise Solutions
The DHCP Configuration Wizard Step 3 window in Figure 11-28
appears.
11-54
Exercise Solutions
The DHCP Configuration Wizard Step 4 window in Figure 11-29
appears. This example uses the defaults 1 and days.
Accept the defaults of 1, days, and Clients can renew their leases,
then click >.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-55
Exercise Solutions
The DHCP Configuration Wizard Step 5 window in Figure 11-30
appears. This example uses the default DNS information.
11-56
Accept the default DNS domain and DNS servers, and click >.
Exercise Solutions
The DHCP Configuration Wizard Step 6 window in Figure 11-31
appears. This example uses the 192.168.1.0 network.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-57
Exercise Solutions
The DHCP Configuration Wizard Step 7 window in Figure 11-32
appears. This example uses the defaults of Local-Area (LAN) and Use
router discovery protocol.
11-58
h.
i.
j.
Click >.
Exercise Solutions
The DHCP Configuration Wizard Step 8 window in Figure 11-33
appears. This example uses the defaults of no NIS Domain and no NIS
Servers.
l.
Click >.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-59
Exercise Solutions
The DHCP Configuration Wizard Step 9 window in Figure 11-34
appears. This example uses the defaults of no NIS+ domain and no
NIS+ servers.
11-60
m.
n.
Click >.
Exercise Solutions
The DHCP Configuration Wizard Step 10 window in Figure 11-35
appears. This example uses the sample information indicated
previously.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-61
Exercise Solutions
The DHCP Configuration Manager Window closes, the main DHCP
Manager Window appears, and the Start Address Wizard window in
Figure 11-36 appears.
11-62
Exercise Solutions
The DHCP Address Configuration Wizard Step 1 window in
Figure 11-37 appears. This example uses five addresses and a comment
of net1.
b.
c.
Click >.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-63
Exercise Solutions
The DHCP Address Configuration Wizard Step 2 window in
Figure 11-38 appears. In this example, the Managed by Server field is
set to the default, and the starting IP address must be changed to
192.168.1.10. This example allows client name generation and
uses sys13-dhcp for the root name.
11-64
d.
e.
f.
g.
Click >.
Exercise Solutions
The DHCP Address Configuration Wizard Step 3 window in
Figure 11-39 appears.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-65
Exercise Solutions
The DHCP Address Configuration Wizard Step 4 window in
Figure 11-40 appears.
11-66
i.
Use the default Configuration Macro and verify that Addresses are
unusable is checked.
j.
Click >.
Exercise Solutions
The DHCP Address Configuration Wizard Step 5 window in
Figure 11-41 appears. This example uses the default Dynamic.
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-67
Exercise Solutions
The DHCP Address Configuration Wizard Step 6 window in
Figure 11-42 appears.
Note You can continue without problems if one or two addresses are
already in use from earlier exercises.
11-68
Exercise Solutions
The DHCP Manager window in Figure 11-43 appears.
Select Exit from the File menu to close the DHCP Manager window.
2.
# touch /etc/dhcp.hme0
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-69
Exercise Solutions
4.
Reboot the client, and watch the system console as the system boots.
You should see something similar to the following:
Start the snoop utility on any system on the subnet other than the
DHCP client. Be sure to use the snoop utility on an interface that is
on the same subnet as the DHCP client, which is hme0 in this
example. Have the snoop utility write to the /tmp/dhcp-snoop.snp
file.
3.
After the DHCP client has booted, stop the snoop utility by pressing
the Control+C key sequence.
# init 6
11-70
Exercise Solutions
4.
0.61469
0.00254
1.00656
0.37637
0.79455
0.01810
0.00096
1.00432
5.
Use the snoop utility to convert the trace data to ASCII text, and
output that text to the /tmp/dhcp-snoop.txt file for viewing with
any text editor that provides easy navigation and searching of the
data.
DHCPRELEASE:
ETHER: ----- Ether Header ----ETHER:
ETHER: Packet 24 arrived at 9:31:56.83990
ETHER: Packet size = 342 bytes
ETHER: Destination = 0:3:ba:68:45:39,
ETHER: Source
= 0:3:ba:68:44:d3,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP:
----- IP Header ----IP:
IP:
Version = 4
IP:
Header length = 20 bytes
IP:
Type of service = 0x00
IP:
xxx. .... = 0 (precedence)
IP:
...0 .... = normal delay
IP:
.... 0... = normal throughput
IP:
.... .0.. = normal reliability
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-71
Exercise Solutions
IP:
IP:
IP:
IP:
IP:
IP:
IP:
IP:
IP:
IP:
IP:
IP:
IP:
IP:
IP:
UDP:
UDP:
UDP:
UDP:
UDP:
UDP:
UDP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCPDISCOVER:
11-72
Exercise Solutions
ETHER: ----- Ether Header ----ETHER:
ETHER: Packet 105 arrived at 9:34:5.95251
ETHER: Packet size = 342 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source
= 0:3:ba:68:44:d3,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP:
----- IP Header ----IP:
IP:
Version = 4
IP:
Header length = 20 bytes
IP:
Type of service = 0x00
IP:
xxx. .... = 0 (precedence)
IP:
...0 .... = normal delay
IP:
.... 0... = normal throughput
IP:
.... .0.. = normal reliability
IP:
.... ..0. = not ECN capable transport
IP:
.... ...0 = no ECN congestion experienced
IP:
Total length = 328 bytes
IP:
Identification = 4
IP:
Flags = 0x4
IP:
.1.. .... = do not fragment
IP:
..0. .... = last fragment
IP:
Fragment offset = 0 bytes
IP:
Time to live = 255 seconds/hops
IP:
Protocol = 17 (UDP)
IP:
Header checksum = 7aa1
IP:
Source address = 0.0.0.0, OLD-BROADCAST
IP:
Destination address = 255.255.255.255, BROADCAST
IP:
No options
IP:
UDP: ----- UDP Header ----UDP:
UDP: Source port = 68
UDP: Destination port = 67 (BOOTPS)
UDP: Length = 308
UDP: Checksum = E7EC
UDP:
DHCP: ----- Dynamic Host Configuration Protocol ----DHCP:
DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb))
DHCP: Hardware address length (hlen) = 6 octets
DHCP: Relay agent hops = 0
DHCP: Transaction ID = 0x926aa722
DHCP: Time since boot = 48 seconds
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-73
Exercise Solutions
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
Flags = 0x0000
Client address (ciaddr) = 0.0.0.0
Your client address (yiaddr) = 0.0.0.0
Next server address (siaddr) = 0.0.0.0
Relay agent address (giaddr) = 0.0.0.0
Client hardware address (chaddr) = 00:03:BA:68:44:D3
----- (Options) field options ----Message type = DHCPDISCOVER
Maximum DHCP Message Size = 1472 bytes
IP Address Lease Time = -1 seconds
Client Class Identifier = "SUNW.UltraAX-i2"
Requested Options:
1 (Subnet Mask)
3 (Router)
6 (DNS Servers)
12 (Client Hostname)
15 (DNS Domain Name)
28 (Broadcast Address)
43 (Vendor Specific Options)
DHCPOFFER:
11-74
Exercise Solutions
ETHER: ----- Ether Header ----ETHER:
ETHER: Packet 107 arrived at 9:34:6.96163
ETHER: Packet size = 359 bytes
ETHER: Destination = 0:3:ba:68:44:d3,
ETHER: Source
= 0:3:ba:68:45:39,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP:
----- IP Header ----IP:
IP:
Version = 4
IP:
Header length = 20 bytes
IP:
Type of service = 0x00
IP:
xxx. .... = 0 (precedence)
IP:
...0 .... = normal delay
IP:
.... 0... = normal throughput
IP:
.... .0.. = normal reliability
IP:
.... ..0. = not ECN capable transport
IP:
.... ...0 = no ECN congestion experienced
IP:
Total length = 345 bytes
IP:
Identification = 42935
IP:
Flags = 0x4
IP:
.1.. .... = do not fragment
IP:
..0. .... = last fragment
IP:
Fragment offset = 0 bytes
IP:
Time to live = 255 seconds/hops
IP:
Protocol = 17 (UDP)
IP:
Header checksum = 4f7a
IP:
Source address = 192.168.1.3, sys13.one.edu
IP:
Destination address = 192.168.1.14, 192.168.1.14
IP:
No options
IP:
UDP: ----- UDP Header ----UDP:
UDP: Source port = 67
UDP: Destination port = 68 (BOOTPC)
UDP: Length = 325
UDP: Checksum = 84B8
UDP:
DHCP: ----- Dynamic Host Configuration Protocol ----DHCP:
DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb))
DHCP: Hardware address length (hlen) = 6 octets
DHCP: Relay agent hops = 0
DHCP: Transaction ID = 0x926aa722
DHCP: Time since boot = 48 seconds
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-75
Exercise Solutions
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
Flags = 0x0000
Client address (ciaddr) = 0.0.0.0
Your client address (yiaddr) = 192.168.1.14
Next server address (siaddr) = 0.0.0.0
Relay agent address (giaddr) = 0.0.0.0
Client hardware address (chaddr) = 00:03:BA:68:44:D3
----- (Options) field options ----Message type = DHCPOFFER
DHCP Server Identifier = 192.168.1.3
UTC Time Offset = -25200 seconds
RFC868 Time Servers at = 192.168.1.3
IP Address Lease Time = 86400 seconds
DNS Domain Name = one.edu
DNS Servers at = 192.168.1.2
DNS Servers at = 192.168.1.3
Broadcast Address = 192.168.1.255
Perform Router Discovery Flag flag = 0x1
Subnet Mask = 255.255.255.0
Client Hostname = sys13-dhcp-14
DHCPREQUEST:
11-76
Exercise Solutions
ETHER: ----- Ether Header ----ETHER:
ETHER: Packet 109 arrived at 9:34:8.13256
ETHER: Packet size = 342 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source
= 0:3:ba:68:44:d3,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP:
----- IP Header ----IP:
IP:
Version = 4
IP:
Header length = 20 bytes
IP:
Type of service = 0x00
IP:
xxx. .... = 0 (precedence)
IP:
...0 .... = normal delay
IP:
.... 0... = normal throughput
IP:
.... .0.. = normal reliability
IP:
.... ..0. = not ECN capable transport
IP:
.... ...0 = no ECN congestion experienced
IP:
Total length = 328 bytes
IP:
Identification = 5
IP:
Flags = 0x4
IP:
.1.. .... = do not fragment
IP:
..0. .... = last fragment
IP:
Fragment offset = 0 bytes
IP:
Time to live = 255 seconds/hops
IP:
Protocol = 17 (UDP)
IP:
Header checksum = 7aa0
IP:
Source address = 0.0.0.0, OLD-BROADCAST
IP:
Destination address = 255.255.255.255, BROADCAST
IP:
No options
IP:
UDP: ----- UDP Header ----UDP:
UDP: Source port = 68
UDP: Destination port = 67 (BOOTPS)
UDP: Length = 308
UDP: Checksum = 9B2C
UDP:
DHCP: ----- Dynamic Host Configuration Protocol ----DHCP:
DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb))
DHCP: Hardware address length (hlen) = 6 octets
DHCP: Relay agent hops = 0
DHCP: Transaction ID = 0x21a95f6
DHCP: Time since boot = 48 seconds
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-77
Exercise Solutions
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
Flags = 0x0000
Client address (ciaddr) = 0.0.0.0
Your client address (yiaddr) = 0.0.0.0
Next server address (siaddr) = 0.0.0.0
Relay agent address (giaddr) = 0.0.0.0
Client hardware address (chaddr) = 00:03:BA:68:44:D3
----- (Options) field options ----Message type = DHCPREQUEST
IP Address Lease Time = 86400 seconds
Maximum DHCP Message Size = 1472 bytes
Requested IP Address = 192.168.1.14
DHCP Server Identifier = 192.168.1.3
Client Class Identifier = "SUNW.UltraAX-i2"
Requested Options:
1 (Subnet Mask)
3 (Router)
6 (DNS Servers)
12 (Client Hostname)
15 (DNS Domain Name)
28 (Broadcast Address)
43 (Vendor Specific Options)
DHCPACK:
11-78
Exercise Solutions
ETHER: ----- Ether Header ----ETHER:
ETHER: Packet 110 arrived at 9:34:8.15066
ETHER: Packet size = 359 bytes
ETHER: Destination = 0:3:ba:68:44:d3,
ETHER: Source
= 0:3:ba:68:45:39,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP:
----- IP Header ----IP:
IP:
Version = 4
IP:
Header length = 20 bytes
IP:
Type of service = 0x00
IP:
xxx. .... = 0 (precedence)
IP:
...0 .... = normal delay
IP:
.... 0... = normal throughput
IP:
.... .0.. = normal reliability
IP:
.... ..0. = not ECN capable transport
IP:
.... ...0 = no ECN congestion experienced
IP:
Total length = 345 bytes
IP:
Identification = 44125
IP:
Flags = 0x4
IP:
.1.. .... = do not fragment
IP:
..0. .... = last fragment
IP:
Fragment offset = 0 bytes
IP:
Time to live = 255 seconds/hops
IP:
Protocol = 17 (UDP)
IP:
Header checksum = 4ad4
IP:
Source address = 192.168.1.3, sys13.one.edu
IP:
Destination address = 192.168.1.14, 192.168.1.14
IP:
No options
IP:
UDP: ----- UDP Header ----UDP:
UDP: Source port = 67
UDP: Destination port = 68 (BOOTPC)
UDP: Length = 325
UDP: Checksum = 84B8
UDP:
DHCP: ----- Dynamic Host Configuration Protocol ----DHCP:
DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb))
DHCP: Hardware address length (hlen) = 6 octets
DHCP: Relay agent hops = 0
DHCP: Transaction ID = 0x21a95f6
DHCP: Time since boot = 48 seconds
Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
11-79
Exercise Solutions
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
DHCP:
Flags = 0x0000
Client address (ciaddr) = 0.0.0.0
Flags = 0x0000
Client address (ciaddr) = 0.0.0.0
Your client address (yiaddr) = 192.168.1.14
Next server address (siaddr) = 0.0.0.0
Relay agent address (giaddr) = 0.0.0.0
Client hardware address (chaddr) = 00:03:BA:68:44:D3
----- (Options) field options ----Message type = DHCPACK
DHCP Server Identifier = 192.168.1.3
UTC Time Offset = -25200 seconds
RFC868 Time Servers at = 192.168.1.3
IP Address Lease Time = 86400 seconds
DNS Domain Name = one.edu
DNS Servers at = 192.168.1.2
DNS Servers at = 192.168.1.3
Broadcast Address = 192.168.1.255
Perform Router Discovery Flag flag = 0x1
Subnet Mask = 255.255.255.0
Client Hostname = sys13-dhcp-14
7.
# rm /etc/dhcp.*
# init 6
11-80
Module 12
Configuring NTP
Objectives
This module introduces how to configure the Network Time Protocol
(NTP). This module also introduces NTP basics, including how computers
keep time, the uses of NTP, and NTP terms. This module also describes
how to configure an NTP server and an NTP client. In addition, this
module describes how to troubleshoot NTP, including how to view logs
and how to use the snoop utility.
Upon completion of this module, you should be able to:
Troubleshoot NTP
The course map in Figure 12-1 shows how this module fits into the
current instructional goal.
Configuring
DNS
Configuring
DHCP
Configuring
NTP
Configuring the
Solaris IP
Filter Firewall
12-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-2
Uses of NTP
Many network applications need synchronized clocks to properly
function. For example:
File systems Applications time stamp files when they are created or
modified. Many backup applications are configured to use time as a
criteria for determining backups, so that clock synchronization
between the backup server and other systems is important.
NTP Terms
Several terms are used when describing time-related topics. These terms
are described in Table 12-1.
Table 12-1 NTP Terms
Term
Description
Reference
clock
Strata
Stratum-1
server
Resolution
Precision
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-3
12-4
Term
Description
Jitter
Accuracy
Reliability
Wander
Drift file
xntpd
The ntp.conf
file
The fudge
command
Discipline
3.
The NTP client sends time request packets to all of the NTP servers
by using the servers unicast addresses. Included in the time request
packet is the clients local time.
4.
The NTP server replies by inserting UTC time into the packet and
then returns the packet to the client.
5.
The client compares its original request time with its own time when
it receives the response from the server. This enables the client to
determine how long the packet was in transit on the network.
6.
The client uses the UTC time value from the NTP server after it
receives several responses from the NTP server. It can take up to five
minutes for an NTP client to synchronize with an NTP server.
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-5
Description
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
keys /etc/inet/ntp.keys
trustedkey 0
controlkey 0
12-6
# cp /etc/inet/ntp.server /etc/inet/ntp.conf
#
2.
# vi /etc/inet/ntp.conf
Change:
server 127.127.XType.0
fudge 127.127.XType.0 stratum 0
to:
server 127.127.1.0 prefer
# fudge 127.127.XType.0 stratum 0
# touch /var/ntp/ntp.drift
#
Note The xntpd daemon creates the contents of the drift file
dynamically.
4.
# ls -al /var/ntp/ntp.drift
-rw-r--r-1 root
root
#
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-7
[st=1]
[st=1]
[st=1]
[st=1]
(2004-08-16
(2004-08-16
(2004-08-16
(2004-08-16
11:11:52.98017)
11:12:56.98017)
11:14:00.98016)
11:15:04.98016)
12-8
# cp /etc/inet/ntp.server /etc/inet/ntp.conf
#
2.
# vi /etc/inet/ntp.conf
Change:
server 127.127.XType.0
fudge 127.127.XType.0 stratum 0
to:
server external-time-server-a
server external-time-server-b
server external-time-server-c
# fudge 127.127.XType.0 stratum 0
3.
# touch /var/ntp/ntp.drift
#
4.
# ls -al /var/ntp/ntp.drift
-rw-r--r-1 root
root
#
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-9
Note NTP servers and client that are synchronizing with specific servers
defined in the /etc/inet/ntp.conf file use a 64-second polling
interval initially. When time synchronization is established, the polling
interval increases to 17 minutes and 4 seconds (that is, 1024 seconds, or 210
seconds).
Managing Daemons
By default, all NTP messages are sent to the syslog facility.
To view the logged information in pseudo real-time, use the tail
command with the follow (-f) option. For example:
# tail -f /var/adm/messages
Aug 16 14:25:37 sys11 xntpd[1614]: [ID 450285 daemon.error] 0 makes a
poor control keyid
...
You can query or configure a running xntpd daemon by using the xntpdc
utility, which was introduced in the Solaris 8 OS. The xntpdc command
provides an extensive view of the state of the xntpd daemon. You can
view statistical information interactively or on the command-line. Use the
? command to view a list of commands available inside xntpdc.
# xntpdc
xntpdc> ?
Commands available:
addpeer
addrefclock
broadcast
clkbug
ctlstats
debug
dmpeers
enable
host
hostnames
keytype
leapinfo
monlist
passwd
12-10
addserver
clockstat
delay
exit
iostats
listpeers
peers
addtrap
clrtrap
delrestrict
fudge
kerninfo
loopinfo
preset
authinfo
controlkey
disable
help
keyid
memstats
pstats
readkeys
showpeer
traps
version
requestkey
sysinfo
trustedkey
reset
sysstats
unconfig
reslist
timeout
unrestrict
The commands can be used to display and configure the NTP setup. For
example, the sysinfo command displays information about the current
configuration:
xntpdc> sysinfo
system peer:
system peer mode:
leap indicator:
stratum:
precision:
root distance:
root dispersion:
reference ID:
reference time:
system flags:
frequency:
stability:
broadcastdelay:
authdelay:
xntpdc> quit
#
instructor
client
00
2
-14
0.00081 s
0.31441 s
[192.168.30.30]
c4cc99b1.2ce5f000 Tue, Aug 17 2004 15:50:25.175
auth monitor pll stats kernel_sync
-16.000 ppm
38.345 ppm
0.003906 s
0.000122 s
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-11
12-12
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-13
12-14
Troubleshooting NTP
Troubleshooting NTP
Use a combination of tools, such as viewing system error logs and using
the snoop utility, to troubleshoot NTP.
Viewing Messages
Log messages result from setting the time forward on the system. The
system sends out its periodic (every 64 seconds) NTP requests with the
incorrect time. The NTP servers respond with the correct time. After
receiving multiple updates from the NTP servers, the client changes its
time and writes a message to the /var/adm/messages file.
# tail -50 /var/adm/messages | grep -i ntp
Aug 17 15:21:46 sys11 ntpdate[1680]: [ID 318594 daemon.notice] no server
suitable for synchronisation found yet
Aug 17 15:21:46 sys11 ntpdate[1680]: [ID 147394 daemon.notice] trying ttl
1 for multicast server synchronisation
Aug 17 15:21:46 sys11 ntpdate[1680]: [ID 558725 daemon.notice] adjust tim
e server 192.168.30.30 offset 0.004158 sec
Aug 17 15:22:48 sys11 xntpd[1676]: [ID 702911 daemon.notice] xntpd 3-5.93
e+sun 03/08/29 16:23:05 (1.4)
Aug 17 15:22:48 sys11 xntpd[1676]: [ID 301315 daemon.notice] tickadj = 5,
tick = 10000, tvu_maxslew = 495, est. hz = 100
Aug 17 15:22:48 sys11 xntpd[1676]: [ID 266339 daemon.notice] using kernel
phase-lock loop 0041, drift correction 0.00000
#
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-15
Troubleshooting NTP
ntp
/dev/hme (promiscuous mode)
-> 224.0.1.1
NTP broadcast
-> 224.0.1.1
NTP broadcast
-> 224.0.1.1
NTP broadcast
-> 224.0.1.1
NTP broadcast
[st=1]
[st=1]
[st=1]
[st=1]
(2004-08-16
(2004-08-16
(2004-08-16
(2004-08-16
11:11:52.98017)
11:12:56.98017)
11:14:00.98016)
11:15:04.98016)
The NTP client sends a message to an NTP server with its idea of the
local time.
NTP
Note that the client is at stratum 0 initially. It sets the correct stratum
level after synchronization is established.
2.
NTP
12-16
This exchange between the NTP server and the NTP client repeats
many times. Eventually, the NTP client acknowledges that its time is
incorrect. The client then takes action to change its own time, based
on NTP time advertisements received from one or more NTP servers.
Information about the actions taken by the NTP client is sent to the
syslog facility for proper processing.
NTP
NTP
Preparation
Refer to the lecture notes as necessary to perform the tasks listed. The
instructors system must be configured as a stratum-0 server even though
the system might be using its local clock. This configuration must be
completed at least five minutes before this exercise starts so that the NTP
server has an opportunity to initialize itself properly.
Task Summary
In this exercise, you configure an NTP server and an NTP client on your
subnet. Your NTP server uses the instructor system as an external NTP
server. After the NTP server is configured, it broadcasts NTP updates to
your local subnet.
Team up with other students in your subnet group so that you can
experience most aspects of NTP configuration.
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-17
Tasks
Your first task is to configure your subnets router as an NTP server.
Verify that your router is receiving NTP updates from the instructor
system. (Either use the -c 1 option to the snoop command so that
only one NTP broadcast packet is captured or remember to terminate
the snoop session when you are finished with this step. Be sure not
to let snoop run continually).
Write the commands that you use:
_____________________________________________________________
2.
3.
Edit the NTP configuration file, and modify the server entry so that
your system looks to the instructor system for NTP updates. Ensure
that the instructor system is your preferred server. While you edit
the file, comment out the fudge and keys entries and modify the
broadcast entry.
4.
5.
Start the snoop utility on your router systems to observe NTP traffic
between the router and the instructor system.
Write the command that you use:
_____________________________________________________________
6.
12-18
Start the NTP daemon, and view the NTP transactions that can be
seen on the snoop trace that is running. Watch the transactions for a
few minutes to see your systems time becoming synchronized with
the instructors stratum-0 NTP server. When you are finished,
terminate the snoop session.
Write the command that you use:
_____________________________________________________________
Use the snoop utility to verify that your system is receiving the NTP
broadcasts from your subnets NTP server. When you are finished,
terminate the snoop session.
Write the command that you use:
_____________________________________________________________
9.
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-19
12-20
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-21
Exercise Solutions
Exercise Solutions
Solutions to this exercise are provided in the following section.
Task Solutions
Your first task is to configure your subnets router as an NTP server.
Verify that your router is receiving NTP updates from the instructor
system. (Either use the -c 1 option to the snoop command so that
only one NTP broadcast packet is captured or remember to terminate
the snoop session when you are finished with this step. Be sure not
to let snoop run continually).
Write the commands that you use:
First, determine which interface is on the instructor systems
192.168.30.0 network.
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23
qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:ac:9b:20
lo0: flags=2000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
inet6 ::1/128
hme0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
ether 8:0:20:b9:72:23
inet6 fe80::a00:20ff:feb9:7223/10
hme0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index
inet6 2000::1:a00:20ff:feb9:7223/64
hme0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index
inet6 fec0::1:a00:20ff:feb9:7223/64
qfe0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 3
ether 8:0:20:ac:9b:20
inet6 fe80::a00:20ff:feac:9b20/10
qfe0:1: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index
inet6 2000::30:a00:20ff:feac:9b20/64
qfe0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index
inet6 fec0::30:a00:20ff:feac:9b20/64
12-22
2
2
3
3
Exercise Solutions
Use a combination of the snoop and grep utilities to look for NTP updates
on the interface (qfe0) closest to the instructor system as follows:
# snoop -d qfe0 -c 1 port ntp
Using device /dev/qfe (promiscuous mode)
instructor.thirty.edu -> 192.168.30.255 NTP
(2004-11-05 09:41:20.83034)
1 packets captured
#
broadcast [st=1]
# cp /etc/inet/ntp.server /etc/inet/ntp.conf
3.
Edit the NTP configuration file, and modify the server entry so that
your system looks to the instructor system for NTP updates. Ensure
that the instructor system is your preferred server. While you edit
the file, comment out the fudge and keys entries and modify the
broadcast entry.
Edit the /etc/inet/ntp.conf file.
# vi /etc/inet/ntp.conf
Change the server and fudge entries to be similar to the following:
server 192.168.30.30 prefer
# fudge 127.127.XType.0 stratum 0
Change the keys entries to be similar to the following:
#keys /etc/inet/ntp.keys
#trustedkey 0
#requestkey 0
#controlkey 0
Change the broadcast entry to be similar to the following:
broadcast 192.168.1.255 ttl 4
4.
# touch /var/ntp/ntp.drift
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-23
Exercise Solutions
5.
Start the snoop utility on your router systems to observe NTP traffic
between the router and the instructor system.
Write the command that you use:
Start the snoop utility on the 192.168.30.0 network.
6.
Start the NTP daemon, and view the NTP transactions that can be
seen on the snoop trace that is running. Watch the transactions for a
few minutes to see your systems time becoming synchronized with
the instructors stratum-0 NTP server.
Write the command that you use:
12-24
Exercise Solutions
Use the snoop utility to verify that your system is receiving the NTP
broadcasts from your subnets NTP server. When you are finished,
terminate the snoop session.
Write the command that you use:
You can continue with configuring your system as an NTP client because it
is receiving NTP updates from your router system, which acts as a
stratum-2 server.
9.
# cp /etc/inet/ntp.client /etc/inet/ntp.conf
10. Determine if the NTP daemon is running.
Write the command that you use, and write your answer:
# pgrep -lf ntp
No, the NTP daemon is not running, as expected.
11. Start a snoop session on the appropriate interface on the client. In the
window running the snoop trace on the NTP client. After you start
the NTP service in the next step, be prepared to examine the trace
carefully.
# snoop -d hme0 port ntp
...
12. Start the NTP daemon and verify that it is running.
Write the commands that you use:
# svcadm -v enable svc:/network/ntp
svc:/network/ntp:default enabled.
#
# pgrep -lf ntp
1528 /usr/lib/inet/xntpd
Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
12-25
Exercise Solutions
13. Examine the snoop trace and locate the part of the snoop trace where
the client time changed to match the servers time. (Hint: Use X-Off
(Control+S key sequence) to stop the snoop trace from scrolling and
use X-On (Control+Q key sequence) to enable scrolling again.
...
sys12.one.edu
sys12.one.edu
sys12.one.edu
sys12.one.edu
sys11.one.edu
sys12.one.edu
->
->
->
->
->
->
224.0.1.1
NTP
224.0.1.1
NTP
224.0.1.1
NTP
224.0.1.1
NTP
192.168.1.255 NTP
sys11.one.edu NTP
->
->
->
->
->
->
->
->
->
sys12.one.edu
sys11.one.edu
sys12.one.edu
sys11.one.edu
sys12.one.edu
sys11.one.edu
sys12.one.edu
192.168.1.255
sys11.one.edu
NTP
NTP
NTP
NTP
NTP
NTP
NTP
NTP
NTP
{observe that the client has updated its time to that of the server}
sys11.one.edu
sys11.one.edu
sys12.one.edu
sys11.one.edu
sys11.one.edu
12-26
->
->
->
->
->
sys12.one.edu
192.168.1.255
sys11.one.edu
sys12.one.edu
192.168.1.255
NTP
NTP
NTP
NTP
NTP
Module 13
The course map in Figure 13-1 shows how this module fits into the
current instructional goal.
Configuring
DNS
Configuring
DHCP
Configuring
NTP
Configuring the
Solaris IP
Filter Firewall
13-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
13-2
An action
A direction
The default behavior of the Solaris IP Filter firewall is to read every rule in
the /etc/ipf/ipf.conf file. Each rule in the file tells the Solaris IP
Filter firewall to either permit or deny the packet to be sent or received.
When processing a packet, the Solaris IP Filter firewall performs the
following tasks:
1.
Compare the packet against the direction and criteria in the rule.
2.
3.
4.
If the end of the rules is reached or the matched rule contains the
quick keyword, stop matching and perform the action.
5.
13-3
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
-1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
pfil
13-4
Block/pass in
on hme0
hme1
Block/pass out
on hme1
Internet
Corporate
Network
Traffic
Flow
hme0
Block/pass out
on hme0
hme1
Block/pass in
on hme1
13-5
13-6
example.3
example.6
example.9
example.4
example.7
example.sr
example.5
example.8
firewall
13-7
13-8
Note The Solaris IP Filter firewall does not filter the loopback interface.
You should not use the interface identifier lo0 in the
/etc/ipf/ipf.conf file. Note that the lo identifier does not appear in
the /etc/ipf/pfil.ap file.
To apply a rule to a specific interface, use the on keyword followed by the
name of the interface. For example, to permit all packets arriving and
leaving the hme0 interface and to stop further processing rules at this
point, use the rules:
pass in quick on hme0 all
pass out quick on hme0 all
13-9
13-10
Protocols Filtered
icmp
ICMP
tcp
TCP
udp
UDP
tcp/udp
For example, to block all ICMP packets arriving on the hme0 interface, use
the rule:
block in on hme0 proto icmp from any to any
In this form, this rule blocks all ICMP packets. The icmp-type keyword
can be used to specify a single ICMP type value for the rule. All ICMP
packets contain a type value in the ICMP header. Some common ICMP
types are shown in Table 13-2.
Table 13-2 ICMP Type Values and Keywords
ICMP Type
Value
Keyword
Echo reply
echorep
Echo request
echo
Router advertisement
routerad
Router solicitation
10
routersol
13-11
13-12
13-13
-Fi
-Fo
For example, to clear all of the input rules, type the command:
# ipf -Fi
#
If you have made changes to the rule set in the /etc/ipf/ipf.conf
file, you can load the new rules by combining a flush operation and an
add operation in one command:
# ipf -Fa -f /etc/ipf/ipf.conf
#
Note Options to the ipf command are executed in the order in which
they are specified on the command line. If a flush option is specified after
an add rules option, the new rules will be added, then flushed along with
the old rules. To clear the existing rules and load a new or updated set, the
flush option must be specified first.
13-14
Note The ipfstat -io command does not display the rules in the
same sequence as they are listed in the /etc/ipf/ipf.conf file. The
out rules are listed in order first, and then the in rules are listed.
13-15
13-16
Meaning
local0.error
local0.warning
local0.notice
local0.info
13-17
13-18
/var/adm/ipflog
Preparation
Caution Before beginning this exercise, check that DNS services are
running as they were in the prior DNS exercise. If the services are not
running, issue the appropropriate svcadm commands on the appropriate
systems to once again enable them.
There is no preparation for this exercise.
Team up with other students in your subnet group so that you can
experience most aspects of the Solaris IP Filter firewall configuration.
Also, be aware of what other subnet groups are doing. Configurations on
other groups router firewall, for example, can influence behavior that you
observe locally.
Task Summary
In this exercise, you configure packet filtering on your subnets router and
on client systems in your subnet.
13-19
2.
3.
4.
13-20
Edit the /etc/ipf/ipf.conf file and add the relevant rules to block
all incoming telnet requests to your system. Your file should have
contents similar to the following:
Start the service, and write the command that you use.
________________________________________________________
b.
Verify that the service started, and write the command that you
use.
________________________________________________________
7.
13-21
From the command line force the pfild daemon to read the rule file
by performing the following steps. (You can also reboot the system
to accomplish the same effect.)
a.
b.
d.
Plumb your systems interface to load the packet filter into the
interfaces IP stack.
________________________________________________________
9.
The next steps are to configure your system to permit incoming telnet
requests from the local subnet, but block telnet requests from all other
networks and not process any other rules.
10. Edit the Solaris IP Filter firewall configuration file by adding a new
rule that:
13-22
13-23
b.
Start the service, and write the command that you use.
________________________________________________________
c.
Verify that the service started, and write the command that you
use.
________________________________________________________
18. From the command line force the pfild daemon to read the rule file
by performing the following steps. (You can also reboot the system
to accomplish the same effect.)
a.
c.
d.
e.
The next steps block your non-router system from sending any outgoing
ICMP echo replies.
13-24
13-25
Edit the Solaris IP Filter firewalls rules to block all traffic on the
router.
Remove all existing rules currently in the configuration file, and
write and document the new rules that you entered in the
/etc/ipf/ipf.conf file.
_____________________________________________________________
_____________________________________________________________
2.
3.
5.
13-26
7.
8.
13-27
13-28
13-29
13-30
Exercise Summary
Exercise Summary
!
?
Experiences
Interpretations
Conclusions
Applications
13-31
Exercise Solutions
Exercise Solutions
Solutions to this exercise are provided in the following sections.
These solutions use sys12 as the example non-router system and sys11
as the example router system. Solution results vary accordingly.
Task 1 Solutions
In the first part of the lab you will configure the Solaris IP Filter firewalls
rules to show how to enable and disable access to services on a host and a
network.
The first set of exercise steps is to configure packet filtering in order to
prevent any telnet requests from reaching your system.
13-32
Exercise Solutions
2.
Edit the /etc/ipf/ipf.conf file and add the relevant rules to block
all incoming telnet requests to your system. Your file should have
contents similar to the following:
13-33
Exercise Solutions
6.
Start the service, and write the command that you use.
Verify that the service started, and write the command that you
use.
13-34
Exercise Solutions
8.
From the command line force the pfild daemon to read the rule file
by performing the following steps. (You can also reboot the system
to accomplish the same effect.)
a.
Plumb your systems interface to load the packet filter into the
interfaces IP stack.
9.
13-35
Exercise Solutions
The next steps are to configure your system to permit incoming telnet
requests from the local subnet, but block telnet requests from all other
networks and not process any other rules.
10. Edit the Solaris IP Filter firewall configuration file by adding a new
rule that:
13-36
Exercise Solutions
13-37
Exercise Solutions
16. Edit the relevant file on your router system and add rules to block all
incoming telnet requests to your local subnet that do not originate
from the local subnet. Document the file that you edit and your
rules.
sys11# cat /etc/ipf/ipf.conf
block in on qfe2 proto tcp from any to 192.168.1.0/24 port = 23
17. Enable the packet filter by performing the following steps:
a.
Start the service, and write the command that you use.
Verify that the service started, and write the command that you
use.
c.
13-38
Exercise Solutions
d.
e.
13-39
Exercise Solutions
21. Update the Solaris IP Filter firewall configuration to include the new
rule by using the ipf command.
sys12# ipf -Fa -f /etc/ipf/ipf.conf
22. Verify the rules by using the ipfstat command.
sys12# ipfstat -io
block out quick proto icmp from any to any icmp-type echorep
pass in quick proto tcp from 192.168.1.0/24 to 192.168.1.2/32 port = telnet
block in proto tcp from any to 192.168.1.2/32 port = telnet
#
23. Test that the new rule is functioning correctly by using the ping
command from the test system again.
sys13# ping sys12
no answer from sys12
24. Verify that a local system can successfully perform DNS lookups
across routers. Use the dig command to find the IP address of a
system on another network. (Successful completion of this step will
aid you in later steps when you write rules to specifically allow DNS
through firewalls.)
sys13# dig @192.168.2.2 two.edu -x 192.168.2.4
; <<>> DiG 9.2.4 <<>> @192.168.2.2 two.edu -x 192.168.2.4
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1914
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;two.edu.
IN
A
;; AUTHORITY SECTION:
two.edu.
86400
IN
SOA
sys22.two.edu.
root.sys22.two.edu. 2005010101 3600 1800 6048000 86400
;; Query time: 4 msec
;; SERVER: 192.168.2.2#53(192.168.2.2)
;; WHEN: Wed Jan 12 08:19:05 2005
;; MSG SIZE rcvd: 72
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1194
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;4.2.168.192.in-addr.arpa.
IN
PTR
;; ANSWER SECTION:
4.2.168.192.in-addr.arpa. 86400 IN
PTR
sys24.two.edu.
;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 86400
IN
NS
sys22.two.edu.
2.168.192.in-addr.arpa. 86400
IN
NS
sys23.two.edu.
;; ADDITIONAL SECTION:
13-40
Exercise Solutions
sys22.two.edu.
86400
IN
sys23.two.edu.
86400
IN
;; Query time: 1 msec
;; SERVER: 192.168.2.2#53(192.168.2.2)
;; WHEN: Wed Jan 12 08:19:05 2005
;; MSG SIZE rcvd: 141
A
A
192.168.2.2
192.168.2.3
Task 2 Solutions
In the second part of the lab you restrict access to your subnet by
disabling all services except a defined set.
Edit the Solaris IP Filter firewalls rules to block all traffic on the
router.
Remove all existing rules currently in the configuration file, and
write and document the new rules that you entered in the
/etc/ipf/ipf.conf file.
block in all
block out all
2.
5.
sys12# init 6
13-41
Exercise Solutions
The reboot is performed as an easy way to flush cached information
on the non-router systems. It is not a necessary part of the Solaris IP
Filter firewalls configuration.
pass
pass
pass
pass
pass
pass
13-42
Exercise Solutions
13-43
Exercise Solutions
pass out quick proto udp from any to any port = route
pass out quick proto udp from any to any port = ripng
pass out quick proto icmp from any to any icmp-type routerad
block out all
pass in quick proto udp from any to any port = domain keep state
pass in quick proto udp from any to any port = route
pass in quick proto udp from any to any port = ripng
pass in quick proto icmp from any to any icmp-type routersol
block in all
13-44
Exercise Solutions
;;
;;
;;
;;
13-45
Exercise Solutions
15. Update the Solaris IP Filter firewall configuration to permit FTP
traffic to pass from the local subnet to the instructor system only. Log
any traffic that matches one of the rules that you define.
Assume that your system will get more DNS traffic than FTP traffic.
Placing the new FTP rules after the DNS rules would recognize this
and, appropriately, be more responsive to the DNS traffic.
Hint: Use the keep state keywords in your rules.
Write the rules that you entered in the /etc/ipf/ipf.conf file.
pass
pass
pass
pass
pass
pass
pass
pass
16. Update the Solaris IP Filter firewall configuration to include the new
rule by using the ipf command.
sys11# ipf -Fa -f /etc/ipf/ipf.conf
17. Verify the rules by using the ipfstat command.
sys11# ipfstat -io
pass out quick proto udp from any to any port = domain keep state
pass out log quick on hme0 from 192.168.1.0/24 to 192.168.30.30/32 port = 21 keep state
pass out log quick on qfe2 from 192.168.1.0/24 to 192.168.30.30/32 port = 21 keep state
pass out log quick on hme0 from 192.168.1.0/24 to 192.168.30.30/32 port = 20 keep state
pass out log quick on qfe2 from 192.168.1.0/24 to 192.168.30.30/32 port = 20 keep state
pass out quick proto udp from any to any port = route
pass out quick proto udp from any to any port = ripng
pass out quick proto icmp from any to any icmp-type routerad
block out all
pass in quick proto udp from any to any port = domain keep state
pass in log quick on hme0 from 192.168.1.0/24 to 192.168.30.30/32 port = 21 keep state
pass in log quick on qfe2 from 192.168.1.0/24 to 192.168.30.30/32 port = 21 keep state
pass in log quick on hme0 from 192.168.1.0/24 to 192.168.30.30/32 port = 20 keep state
pass in log quick on qfe2 from 192.168.1.0/24 to 192.168.30.30/32 port = 20 keep state
pass in quick proto udp from any to any port = route
pass in quick proto udp from any to any port = ripng
pass in quick proto icmp from any to any icmp-type routersol
block in all
13-46
Exercise Solutions
13-47
Exercise Solutions
13-48
Bibliography
Sun Microsystems Publications
The following publications are available from Sun Microsystems:
Bibliography1-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Books
Books
The following books were used to create this course:
Albitz, Paul, and Cricket Liu. DNS & BIND, Fourth Edition.
Sebastopol, CA: OReilly & Associates, Inc., 2001.
The following book can be used when studying for the Solaris 8 Network
Certification Exam:
Bushnell, Rick. Sun Certified Net Administration for Solaris 8 Study
Guide. Upper Saddle River, NJ: Prentice Hall, Inc., 2002.
Bibliography-2
Online References
Online References
Many online references were used to create this course, including:
Bibliography
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Bibliography-3
RFCs
RFCs
Many RFCs were used to create this course, including:
Bibliography-4
Conta, A., and S. Deering. RFC 2463: Internet Control Message Protocol
(ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification.
Network Working Group Request for Comments: 2463, 1998.
Glossary/Acronyms
Numerals
10BASE-T
An evolution of Ethernet technology that succeeded 10BASE-5 and
10BASE-2 as the most popular method of physical network
implementation. A 10BASE-T network has a data transfer rate of
10 megabits per second and uses unshielded twisted-pair wiring.
A
ACL
(access control list) ACLs provide a higher level of file security than the
standard UNIX file permissions. ACLs give a file owner the ability to
permit access to that file or directory to one or more specific users or
groups and to set the default permissions for specific users or groups.
AH
Authentication header.
ANSI
American National Standards Institute.
application
A program that combines all the functions necessary for the user to
accomplish a particular set of tasks (for example, word processing or
inventory tracking).
Application layer
In the International Standards Organization/Open Systems
Interconnection (ISO/OSI) model of network standards, the seventh
layer, which handles services, such as login procedures, file and print
server operation, and other basic functions.
Glossary-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
ARP
(Address Resolution Protocol) The Internet protocol that dynamically
maps Internet addresses to physical (hardware) addresses on local area
networks. ARP is limited to networks that support hardware broadcast.
AS
Autonomous system.
ASCII
(American Standard Code for Information Interchange) A standard
assignment of 7-bit numeric codes to characters.
B
BCC
Block-check character.
BIND
Berkeley Internet Name Domain.
boot
(bootstrap) To load the system software into memory and start it.
Bourne shell
The Bourne shell is the default shell for the Solaris Operating
Environment. It does not have aliasing or history capabilities.
broadcast address
One of three types of Ethernet addresses, the broadcast address
represents broadcasts to the network. A host sends a message to all
hosts on the local Ethernet using a broadcast address. The Ethernet
broadcast address is all 1s (ff:ff:ff:ff:ff:ff in hexadecimal).
C
cache
A buffer of high-speed memory filled at medium speed from main
memory, often with instructions or the most frequently accessed
information. A cache increases effective memory transfer rates and
processor speed.
caching-only server
A domain name server that is not authoritative for any domain. This
server queries servers that have authority for the information needed
and caches that data.
Glossary-2
canonical
Characteristic of adhering to standard, accepted, or authoritative
procedures or principles.
Category 3
Category 3 twisted-pair cabling is a voice-grade cable. It features two to
three twists per foot and is used in 10BASE-T and 100BASE-T4
networks.
Category 5
Category 5 twisted-pair cable is a data-grade cable. It features two to
three twists per inch used in 10BASE-T and 100BASE-TX networks.
CCITT
Comite Consultatif Internationale de Telegraphie et Telephonie.
CDE
(Common Desktop Environment) This is a graphical user interface
between the user and the operating system. It provides built-in menus
for users to select and run utilities and programs without using the
Solaris 2.x OE commands. It enables users to control multiple working
documents or applications on the screen at the same time.
checksum
A checksum is a number that is calculated from the binary bytes of the
file. It is used to determine if the file contents have changed.
CIDR
(classless inter-domain routing) This type of routing was introduced as a
stop-gap solution to the Class B IPv4 address exhaustion and routing
table explosion. CIDR enables more efficient allocation of IP address
space, and it enables routing information to be aggregated to reduce the
size of routing tables on backbone routers.
client-server model
A client-server environment is a network environment that contains at
least one of each of the following:
CNAME
Canonical name.
Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Glossary-3
connectionless
A type of data transfer in which self-contained messages are delivered
without acknowledgement of receipt. User Datagram Protocol (UDP) is
an example of a protocol in which a connection is not necessary.
connection-oriented
A type of data transfer in which a connection with another system must
be established before exchanging data. Transmission Control Protocol
(TCP) is an example of a connection-oriented protocol.
CRC
(cyclical redundancy check) A system of error checking performed at
both the sending and receiving station after a block-check character
(BCC) has been accumulated.
CSMA/CD
(carrier sense multiple access/collision detection) The Ethernet access
method protocol used to control packet transmission and flow over the
Ethernet hardware.
D
daemon
A process that performs a particular system task.
datagram
The Internet Protocol (IP) datagram is the basic unit of information that
is passed on a Transmission Control Protocol/Internet Protocol
(TCP/IP) network. Datagrams contain at least data and destination
addresses.
Data Link layer
In the International Standards Organization/Open Systems
Interconnection (ISO/OSI) model, the second layer, which enables
establishing, maintaining, and releasing services between network
entities.
decryption
The process of converting coded data to plain text.
de-encapsulation
The process of removing a header from a segment of data when systems
are communicating with each other.
Glossary-4
DHCP
(Dynamic Host Configuration Protocol) This automatically assigns
Internet Protocol (IP) addresses to Transmission Control
Protocol/Internet Protocol (TCP/IP) client computers when the client
joins the network. This eliminates the need to maintain a static list of
addresses for each client. DHCP selects an IP address from a
preconfigured pool.
DNS
(Domain Name System) DNS provides translations of host names into
Internet Protocol (IP) addresses. This enables Internet communications
using only host names.
domain
The name assigned to a group of systems on a local network that share
administrative files. It is required for the Network Information Service
(NIS) database to work properly.
E
EBCDIC
Extended Binary Coded Decimal Interchange Code.
EEPROM
(electrically erasable programmable read-only memory) A nonvolatile
PROM that can be written to as well as read from. In Sun workstations,
an EEPROM holds information about the current system configuration,
alternate boot paths, and so on.
EGPs
Exterior gateway protocols.
encapsulation
The process of adding a header to a segment of data when systems are
communicating with each other.
encryption
The process of protecting information from unauthorized use by making
the information unintelligible. Encryption is based on a code, called a
key, which is used to decrypt the information.
ESP
Encapsulation security payload.
Ethernet
A type of local area network that enables real-time communication
between machines connected directly through cables.
Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Glossary-5
Ethernet address
The physical address of an individual Ethernet controller board. It is
called the hardware address or media access control (MAC) address.
The Ethernet address of every Sun workstation is unique and coded into
a chip on the motherboard. Additional Ethernet interfaces are assigned
different Ethernet addresses.
Ethernet MAC address
The physical address also known as the media access controller (MAC)
or Ethernet address. An Ethernet address is a unique hardware address.
It is 48 bits long. An example of a complete Ethernet address is
8:0:20:le:56:7:d.
EUI
End-unit identifier.
F
FCS
Frame check sequence.
FP
Format prefix.
FQDN
(fully qualified domain name) A domain name that ends with a dot
followed by a domain label of length zero (the root). For example,
andy.sun.com, where andy is the name of a host.
frame
A series of bits with a well-defined beginning and a well-defined end.
H
hierarchal domains
A tree of domains or namespaces, each one of them having their own
authority.
hierarchy
A classification of relationships in which each item except the top one
(called the root) is a specialized form of the item above it. Each item can
have one or more items below it in the hierarchy.
Glossary-6
host name
A unique name identifying a host machine connected to a network. The
name must be unique on the network. The hostname command
determines a systems host.
hub
The central device through which all hosts in a twisted-pair Ethernet
installation are connected.
I
IAB
Internet Architecture Board.
IANA
Internet Assigned Numbers Authority.
ICANN
Internet Corporation for Assigned Names and Numbers.
ICMP
(Internet Control Message Protocol) A network layer protocol that
provides for routing, reliability, flow control, and sequencing of data.
IEEE
(Institute of Electrical and Electronics Engineers) The standards
organization that is responsible for developing networking standards
relating to Ethernet, token bus, token ring, and metropolitan area
networks.
IGMP
Internet Group Management Protocol.
IGP
(Interior Gateway Protocol) The protocol that enables the exchange or
routing information between collaborating routers on the Internet.
Examples of IGPs include Routing Information Protocol (RIP) and Open
Shortest Path First (OSPF).
IP
(Internet Protocol) The basic protocol of the Internet. It enables the
unreliable delivery of individual packets from one host to another. The
IP does not determine whether the packet will be delivered, how long it
will take, or if multiple packets will arrive in the order they were sent.
Protocols built on top of this protocol add the functions of connection
and reliability.
Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Glossary-7
IP address
In Transmission Control Protocol/Internet Protocol (TCP/IP), a unique
32-bit number that identifies each host in a network.
IPG
Internet Gateway Protocol.
IPMP
Internet Protocol Messaging Protocol.
IP network number
The first octet or octets of an Internet Protocol (IP) address that uniquely
identify an IP network within an organization, and on the Internet, if
that network has been registered with the Internet governing
organization.
IPsec
Internet Protocol Security Architecture.
IPv4
(Internet Protocol version 4) One of two versions of IP addressing. It is a
32-bit addressing scheme currently used as the dominant scheme. An
IPv4 address is a unique number assigned to a host on a network. IPv4
addresses are 32 bits divided into four 8-bit fields. Each 8-bit field, or
octet, is represented by a decimal number between 0 and 255, separated
by periods; for example, 129.150.182.31.
IPv6
(Internet Protocol version 6) A new version designed to be an
evolutionary step from the current version, Internet Protocol version 4
(IPv4). IPv6 is an increment to IPv4. Deploying IPv6, using defined
transition mechanisms, does not disrupt current operations. In addition,
IPv6 provides a platform for new Internet functionality.
ISO
(International Organization for Standardization) An international
standards body that reviews and approves independently designed
products for use within specific industries. ISO also develops standards
for information exchange, such as the ISO/OSI model for computer
networks.
ISP
(Internet service provider) A company providing an Internet package.
This often includes a phone number access code, user name, and
software, all for a provider fee.
Glossary-8
J
JPEG
Joint Pictures Expert Group.
JPG
Joint Pictures Group.
JumpStart process
An automatic installation process available in a network environment
that enables system administrators to categorize machines and
automatically install systems based on the machines category.
K
kernel
The master program (core) of the Solaris Operating Environment. It
manages devices, memory, swap, processes, and daemons. The kernel
also controls the functions between the system programs and the system
hardware.
L
LAN
(local area network) A group of computer systems in close proximity
that can communicate by way of some connecting hardware and
software.
layer
One of a set of services, functions, and protocols that span all open
systems.
M
MAC
Media access control.
master server
The server that maintains the master copy of the network information
service database. It has a disk and a complete copy of the operating
system.
mirror
Disk mirroring is a feature that guards against component failure by
writing the same data to two or more disk drives at the same time.
MMF
Multimode fiber.
Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Glossary-9
MTU
(maximum transmission unit) An MTU is the largest amount of data
that can be transferred across a given physical network. The MTU is
hardware specific. For example, the MTU for a physical Ethernet
interface is 1500 bytes.
multicast address
One of three types of Ethernet address, the multicast address is used to
send a message to a subset of hosts on a network. In Ethernet multicast
addressing, the first three octets must contain a value of 01.00.5E. The
last three octets are used to assign host group identity.
N
name service
A name service provides a means of identifying and locating resources
(traditionally host names and Internet Protocol [IP] addresses) available
to a network. The default name service product available in the
Solaris 2.x Operating Environment is Network Information Service Plus
(NIS+).
NDP
Neighbor Discovery Protocol.
network
Technically, the hardware connecting various systems, enabling them to
communicate. Informally, the systems so connected.
network address
The address, consisting of up to 20 octets, used to locate an Open
Systems Interconnection (OSI) transport entity. The address is formatted
into an initial domain part that is standardized for each of several
addressing domains, and a domain-specific part that is the responsibility
of the addressing authority for that domain.
Network layer
In the International Standards Organization/Open Systems
Interconnection (ISO/OSI) model of network standards, the third layer,
which enables routing and switching blocks of data between two
devices that support Transport layer protocols over a connection.
network segment
In Integrated Services Digital Network (ISDN), when the TCP adds an
information header to a packet of data for decoding by the TCP on the
remote machine, the expanded packet is referred to as a segment. It is
then passed to the Network layer, which converts it to a datagram. It
then goes to the Data Link layer, which converts it to a frame.
Glossary-10
NFS
(Network File System) A file system distributed by Sun that provides
transparent access to remote file systems on heterogeneous networks.
NIC
Network interface card.
NIS
(Network Information Service) The Sun Operating System 4.0
(minimum) network information service. A distributed network
database containing key information about the systems and the users on
the network. The NIS database is stored on the master server and all the
slave servers. See also NIS+.
NIS+
(Network Information Service Plus) The Sun Operating System 5.0
(minimum) network information service. NIS+ replaces NIS, the Sun OS
4.0 (minimum) NIS.
NLA
Next level aggregator.
node
A node is an addressable point on a network. Each node in a Sun
network has a different name. A node can connect a computing system,
a terminal, or various other peripheral devices to the network.
NS
Name server.
NSCD
Name service cache daemon.
NTP
Network Time Protocol.
NVRAM
Nonvolatile random access memory.
O
OpenBoot PROM
OpenBoot programmable read-only memory.
OS
(operating system) A collection of programs that monitor the use of the
system and supervise the other programs executed by it.
Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Glossary-11
OSI
(Open Systems Interconnection) OSI is an international standardization
program that was developed to facilitate communications among
computers from different manufacturers.
OSPF
Open Shortest Path First.
P
PDU
Packet data unit.
peer-to-peer communication
The communications between peer devices.
Physical layer
In the International Standards Organization/Open Systems
Interconnection (ISO/OSI) model of network standards, the first layer,
which supplies the mechanical, electrical, and procedural means of
establishing, maintaining, and releasing physical connections.
PID
(process identification number) A unique, system-wide, identification
number assigned to a process. Also called process ID, process number.
PLM
Physical layer medium.
PPP
(Point-to-Point Protocol) A way to connect to the Internet; PPP also
provides error-checking features.
PROM
(programmable read-only memory) A permanent memory chip
programmed by the user rather than at the chip manufacturer, as is true
with a read-only memory (ROM). You need a PROM programmer or
burner to write data onto a PROM. PROM has been mostly replaced by
erasable programmable read-only memory (EPROM), a type of PROM
that can be erased by ultraviolet light and reprogrammed.
protocol
A way to transmit data between devices. A computer or device must
have a correct protocol to be able to communicate successfully with
other computers or devices.
PTR
DNS pointer record.
Glossary-12
R
RARP
(Reverse Address Resolution Protocol) RARP is an Internet Protocol that
maps a physical (hardware) address to an Internet address. Diskless
clients use RARP to find its Internet address at startup.
RDISC
Router discovery.
RFC
Request for Comment.
RIP
(Routing Information Protocol) RIP provides for automated distribution
of routing information between systems.
RPC
(remote procedure call) This is an easy and popular paradigm for
implementing the client-server model of distributed computing. A
request is sent to a remote system to execute a designated procedure,
using supplied arguments. The result is returned to the caller. There are
many variations of this, resulting in a variety of different RPC protocols.
run level
One of the eight initialization states in which a system can run. A
system can run in only one initialization state at a time. The default run
level for each system is specified in the /etc/inittab file.
run level 2
A multiuser mode without remote resources available. All daemons are
running except for remote file-sharing daemons.
run level S
A single-user mode in which the operating system is running, but all
users are logged out and most system processes, such as print and mail,
are not running. Only one user (the superuser) is logged in to the
system. Run level S is convenient for doing backups because, because no
users are logged in, all data is stable.
S
SLA
Site-level aggregator.
Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Glossary-13
slave server
A server system that maintains a copy of the Network Information
Service (NIS) database. It has a disk and a complete copy of the
operating system.
SLIP
(Serial-Line Internet Protocol) An Internet protocol used to run Internet
Protocol (IP) over serial lines such as telephone circuits or RS-232 cables
interconnecting two systems. The Point-to-Point Protocol (PPP) is the
preferred protocol.
SMF
Service Management Framework.
SNMP
(Simple Network Management Protocol) The network management of
choice for Transmission Control Protocol/Internet Protocol-based
(TCP/IP-based) Internets.
snoop
This command captures network packets and displays their contents.
The command can be run only by the superuser.
SOA
(start of authority) An SOA record marks the beginning of a zones
authority and defines parameters that affect an entire zone.
stateful
A type of data transfer where part of the data sent from the client to the
server includes the status of the client. Transmission Control Protocol
(TCP) is an example of a stateful protocol.
stateless
A type of data transfer where the server has no obligation to keep track
of the state of the client. User Datagram Protocol (UDP) is an example of
a stateless protocol.
subnetwork
A collection of International Standards Organization/Open Systems
Interconnection (ISO/OSI) end systems and intermediate systems under
the control of a single administrative domain and using a single
network access protocol; for example, private X.25 networks and a
collection of bridged LANs.
Glossary-14
T
TCP
(Transmission Control Protocol) A communications protocol that
ensures data is sent between computers on the Internet.
TCP/IP
(Transmission Control Protocol/Internet Protocol) An Internet protocol
that provides for the reliable delivery of data streams from one host to
another. SunOS networks run on TCP/IP by default. Also called Internet
Protocol suite. See also IP.
TLA
Top-level aggregator.
TP
Twisted pair.
TP-PLM
Twisted-pair physical layer medium.
Transport layer
In the International Standards Organization/Open Systems
Interconnection (ISO/OSI) model of network standards, the fourth layer,
which controls the transfer of data between session layer entities.
TTL
(time-to-live) Complete entries in the Address Resolution Protocol
(ARP) table have a TTL value and a period during which they are
considered to be valid entries (normally 30 minutes). TTL is also used in
Domain Name System (DNS) zone files.
U
UDP
(User Datagram Protocol) This protocol is a transport protocol in the
Internet suite of protocols. It uses Internet Protocol (IP) for delivery, and
provides for exchange of datagrams without acknowledgements or
guaranteed delivery.
UTC
Coordinated Universal Time. This is the official standard for current
time. Several institutions contribute their calculations of the current
time, and UTC is a combination of these estimates.
UTP
Unshielded twisted-pair.
Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Glossary-15
V
VLAN
Virtual local area network.
VLSM
Variable length subnet mask.
W
WAN
(wide area network) WANs are slower-speed networks typically used by
organizations to connect their local area networks. WANs are often built
from leased telephone lines capable of moving data at speeds of
56 kilobits per second to 1.55 megabits per second. A WAN might be
used to bridge a companys office on two opposite ends of town or on
opposite ends of a continent.
Glossary-16
Index
Numerics
1000BASE-CX media
system 2-11
1000BASE-LX media
system 2-11
1000BASE-SX media
system 2-11
1000BASE-T media system 2-11
100BASE-FX media system 2-10
100BASE-T4 media system 2-10
100BASE-TX media system 2-9
10BASE-T media system 2-9
A
access list 10-27
access method, Ethernet 3-2
addif option 5-27
address
aggregatable global 8-7
broadcast 3-7, 5-11
Class A 5-9
Class B 5-10
Class C 5-10
classful 5-9
define test 8-61
detecting duplicates 8-10
embedded IPv4 8-13
Ethernet 3-6
host number 5-9
IP 5-9
IPv4 5-9
IPv6
anycast 8-6
multicast 8-5
representation 8-6
types 8-5
unicast 8-5
link-local 8-6
loopback type 8-14
multicast 3-7, 5-11, 8-7
network number 5-9
scope bits 8-16
site-local 8-6
test 6-5
unicast 3-7, 5-9
unspecified type 8-14
address-to-name
translation 10-24, 10-25
aggregatable global address 8-7,
8-12
anycast address 8-6
Application layer
common protocols 1-9
description 1-4, 1-8
formatting data 1-9
functions 1-9
presenting data 1-9
transporting data 1-9
ARP
adding entries from a file 4-6
adding permanent table
entries 4-6
adding table entries 4-6
cache 4-4
Index-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
B
banner command 3-8
BASE 2-8
baseband 2-8
BIND 10-24
bridges 2-12
bridging devices 2-12
broadcast addresses 3-7, 5-11
buffered transfer 9-11
bus configurations 2-2
C
capture network packets 3-14
carrier sense 3-2
carrier sense multiple access/collision
detection. See CSMA/CD
changing host name 5-23
CIDR
block 7-35
operation 7-33
purpose 7-33
Class A address 5-9
Class B address 5-10
Class C address 5-10
Index-2
D
daemons
/usr/sbin/in.routed 7-28
in.dhcpd 11-4
in.mpathd 6-4, 6-18, 8-66
in.ndpd 8-18, 8-23
in.rarpd 4-9, 4-11
in.ripngd 8-24
in.routed 7-20
xntpd 12-7
data communication 1-2
data encapsulation 1-11, 4-2
data format 1-2
data transfer 1-2
datagram
connectionless delivery of 5-3
header fields 5-6
IP 5-6
IP fields 5-6
payload 5-8
default route 7-6, 7-19
define test address 8-61
destination
IP address 7-15
network 7-17
network number 7-15
DHCP
adding table entries 11-32
address configuration 11-21, 11-38
client functions 11-3
configuration file 11-7
configuring
client 11-39
servers 11-7, 11-28
creating tables 11-31
description 1-14
dhcptab table 11-34
functionality 11-2
fundamentals 11-2
graphical manager 11-8
initial configuration 11-9 to 11-20
managing tables 11-31
server 10-26
server functions 11-4
troubleshooting
clients 11-45
dhcp_network file 11-30
dhcpconfig utility 11-8, 11-28
dhcpmgr utility 11-8
dhcptab table 11-34
dhtadm utility 11-34
direct route 7-4
directory, /tftpboot 4-11
discover routers 8-18
diskless clients 4-9
displaying
ARP data 4-4
ARP table entries 4-6
IPv6 route table 8-36
route table 7-12
state of IPv6 interfaces 8-35
distance-vector algorithms 7-11, 7-25
DNS
access list 10-27
allow-query BIND file 10-27
allow-transfer BIND file 10-27
configuring server 10-29
configuring the client 10-32
description 1-14
dynamic updates 10-26
Index
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Index-3
E
EBCDIC 1-9
EEPROM 3-8
eeprom command 3-8
EGP 7-10
electrically erasable programmable
read-only memory (EEPROM) 3-8
embedded IPv4 address 8-13
enabling IPv6 8-18
Ethernet
access method 3-2
address mapping 4-5
addresses 3-6
ARP 4-2
changing the address 3-9
displaying the address 3-8
displaying the state 3-4
elements 3-2
frame header information 3-14
frames 3-2, 3-6, 3-10
permanent change to address 3-9
statistics 3-4
switches 2-13
topology 3-3
viewing the address 3-8
Ethernet frames
bad CRC 3-13
error conditions 3-13
giant 3-13
jabbers 3-13
long 3-13
runts 3-13
Index-4
F
failover 6-2
FAILURE_DETECTION_TIME variable 6-5
features of a protocol stack 1-3
File Transfer Protocol (FTP) 1-9, 1-14
files
/etc/default/dhcp 11-7
/etc/default/mpathd 6-3, 6-5, 6-18,
8-66
/etc/defaultrouter 7-6, 7-19
/etc/ethers 4-11
/etc/gateways 7-20
/etc/hostname.hme0 5-27
/etc/hostname.interface 5-22,
5-23
/etc/inet/dhcpsvc.conf 11-7
/etc/inet/hosts 3-17, 4-11, 5-23
/etc/inet/netmasks 5-18
/etc/inet/networks 7-16
/etc/inet/ntp.conf 12-7, 12-11
/etc/inet/ntp.server 12-5
/etc/named.conf 10-27
/etc/net/hosts 5-22
/etc/netmask 5-18
/etc/nodename 5-23
/etc/nsswitch.conf 4-11
/usr/include/netinet/ip_icmp.h
5-4
/var/adm/messages 10-35
/var/ntp/ntp.drift 12-7
dhcp_network 11-30
interface configuration 5-22
ndpd.conf 8-25
ntp.conf 12-8
one-backup 10-30
one-rbackup 10-30
flow control 9-12
flushing route table 7-23
format prefix 8-6
formatting data, Application layer
functions 1-9
fragmentation 5-3
G
group membership 8-17
H
half-duplex transmission 3-4
hardware address 4-5
header fields, IP 5-7
hme driver 3-18
hme interfaces 3-19
hme0 interface 3-19, 5-22
hold-down state 7-26
hop count 7-25
hop-count limit 7-26
host alias 10-23
host name, changing 5-23
host nickname 10-23
host-based addressing media 3-6
host-based approach, Ethernet
addresses 3-6
HTTP 1-15
http 1-4, 12-9
hubs
intelligent 2-3
non-intelligent 2-3
shared 2-12
Hypertext Transfer Protocol (HTTP) 1-15
I
IANA 5-9
ICMP
definition 5-3
description 1-13
error detection 1-7
functions 5-3
message types 5-4
message-type file 5-4
purpose 5-3, 5-4
redirect 7-31
routing data 1-7
ICMPv6 group membership 8-17
IEEE 802.3 standard 2-9, 3-2
IEEE identifiers 2-8
if_mpadm utility 6-28
ifconfig utility
addif option 5-27
configuring logical interfaces 5-26
unconfiguring logical interfaces 5-28
viewing the MTU of an interface 5-3
IGP 7-9
IMAP4 1-14
in.dhcpd daemon 11-4
in.mpathd daemon
failure detection 6-5
multipath group 6-4
repair detection 6-5
starting 6-18, 8-66
in.ndpd daemon 8-18, 8-23
in.rarpd daemon 4-9, 4-11
in.rdisc process 7-30
in.ripngd daemon 8-24
in.routed daemon 7-20
incrementing interface number 5-27
indirect route 7-4
initializing
multihomed host 7-40
non-router 7-41
input errors, network system 3-5
instance of hme interface 3-19
instance parameter 3-19
Institute of Electrical and Electronics
Engineers, Inc. (IEEE) identifiers 2-8
intelligent hubs 2-3
interface configuration files 5-22
interface failure definition 6-5
interface identifier 8-8
interface identifier calculation 8-9
interface repair definition 6-6
Index
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Index-5
interfaces
hme 3-19
hme0 3-19
logical 5-24
virtual 5-24
Internet Assigned Numbers Authority
(IANA) 5-9
Internet Control Message Protocol. See
ICMP
Internet Gateway Protocol (IGP) 7-9
Internet layer
description 1-4, 1-6
functions 1-6
ICMP 1-7
IP 1-7
Internet Message Access Protocol
version 4 (IMAP4) 1-14
Internet Protocol. See IP
IP
address mapping 4-5
address types 5-9
datagram 5-3, 5-6, 7-15
datagram header fields 5-6
datagram payload 5-8
description 1-13
fragmenting data 1-7
header fields 5-7
ICMP 5-3
MTUs 5-3
purpose 5-3
routing 7-3
routing data 1-7
IPMP
configuring at boot time 8-68
features 6-3
manual configuration 8-58
requirements 6-4, 6-20
IPv4
address shortage 8-3
addresses 5-9
IPv6
address representation 8-6
address shortage 8-3
address types 8-5
aggregatable global address 8-7, 8-12
anycast address 8-6
Index-6
authentication 8-4
autoconfiguration 8-3, 8-8
configure on non-router 8-19
configuring interfaces 8-20, 8-24
configuring multipathing 8-58
configuring name service lookup 8-21
displaying interfaces 8-35
displaying route table 8-36
embedded IPv4 address 8-13
enabling 8-18
expanded addressing 8-4
format prefix 8-6
interface troubleshooting 8-36
IPMP configuration 8-58
link-local address 8-6
managing 8-35
multicast address 8-5, 8-7
name service lookup 8-25
privacy header 8-4
RFC 8-3
RIP 8-23
router configuration 8-24
site-local address 8-6
stateful autoconfiguration 8-8
stateless autoconfiguration 8-8
unicast address 8-5
J
JumpStart software
clients 4-9
L
LAN
media 2-8
network devices 2-12
link speed 3-19
link-local address 8-6, 8-11
link-state protocol 7-10
localhost entry 7-18
local-mac-address? variable 3-8
logical interfaces
administering 5-24
configuring 5-26, 8-36
description 5-24
incrementing 5-27
removeif option 5-28
unconfiguring 5-28
loopback address type 8-14
loopback interface 3-12
MAC address
banner command 3-8
files 4-11
ifconfig utility 3-8
setting 3-8
viewing 3-8
managing
DHCP tables 11-31
IPv6 8-35
NTP daemons 12-10
mappings to host names 10-21
maximum transfer unit. See MTU
media access control address. See MAC
address
media systems
1000BASE-CX 2-11
1000BASE-LX 2-11
1000BASE-SX 2-11
1000BASE-T 2-11
100BASE - TX 2-9
100BASE-FX 2-10
100BASE-T4 2-10
10BASE-T 2-9
messages, ICMP 5-4
monitoring route table changes 7-22
MTU
data size 3-12
description 3-12
fragmentation 5-3
Internet layer 5-3
maximum frame size 3-12
multicast address
description 3-7, 5-11
format prefixes 8-7
IPv6 8-5
purpose 8-15
scope bits 8-16
Index
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Index-7
network model
concepts 1-3
functions 1-3
layered model 1-3
layers 1-3
rules 1-3
structure 1-3
network name 7-16, 7-44
network number 5-18
network overload 3-5
network packets, capturing 3-14
network performance problems 3-4
network protocols 1-2
Network Time Protocol. See NTP
network topologies
and OSPF 7-10
bus configurations 2-2
describing 2-2
ring configurations 2-4
star configurations 2-3
NFS 1-9
NIC 3-6, 6-2
no route to host 7-15
noncontiguous netmasks 5-15
noncontiguous subnet masks 5-15
non-intelligent hubs 2-3
nonvolatile random access memory
(NVRAM), Ethernet addresses 3-6
noripin directive 7-20
NS record 10-20, 10-21
nslookup utility 10-36
NTP
basic concepts 12-2
configuration file parts 12-6
configuring a server 12-5
configuring clients 12-13
configuring stratum of a NTP
server 12-8
configuring the stratum 12-8
external reference servers 12-9
fudge entry 12-8
functions 12-3
managing daemons 12-10
multicast advertisement 12-8
ntpg utility 12-12
peers 12-12
Index-8
O
one-backup file 10-30
one-rbackup file 10-30
output errors 3-5
P
packet data unit 1-5
parameters
instance 3-19
TRACK_INTERFACES_ONLY_WITH_
GROUPS 8-66
path-vector algorithm 7-11
PDU 1-5
peer-to-peer
description 1-10
encapsulation 1-11
physical network interface 5-25
piggybacking 9-11
pntadm utility 11-31
Point-to-Point Protocol (PPP) 1-12
POP3 1-14
port-based address 3-8
port-based approach, Ethernet
addresses 3-6
Post Office Protocol, version 3
(POP3) 1-14
PPP 1-12
prefix notation 8-13
presenting data, Application layer
functions 1-9
process, in.rdisc 7-30
programmable read-only memory
(PROM) 4-10
R
RARP
/etc/ethers files 4-11
/etc/inet/hosts files 4-11
description 1-13
in.rarp daemon 4-11
operation 4-9
performing a boot 4-10
PROM 4-10
TCP/IP Internet layer protocol
description 1-13
RDISC Protocol 7-30, 8-18
reducing network traffic 9-11
reference clock 12-3
reliable protocol 9-6
remote procedure call (RPC) 3-14
removeif option 5-28
Request for Comment. See RFC
Index
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Index-9
S
scope bits 8-16
scripts
/etc/rc2.d/S69inet 4-11, 5-17, 6-18,
7-7, 7-39, 8-29
/etc/rc2.d/S72inetsvc 5-17
/etc/rcSd/S30network.sh 5-17,
6-18
secure shell 1-9
security
DNS 10-27
restricting queries 10-28
segment type 2-8
self-contained messages 9-4
semantics in network protocols 1-2
sender side congestion window 9-12
sequencing 1-2
Serial Line Internet Protocol (SLIP) 1-12
servers
DHCP configuration 11-7
stratum 12-3
Simple Mail Transfer Protocol
(SMTP) 1-9, 1-14
Simple Network Management Protocol
(SNMP) 1-9, 1-14
site-local address 8-6, 8-12
SLIP 1-12
SMTP 1-9, 1-14
SNMP 1-9, 1-14
snoop utility
capture network packets 3-14
NTP 12-16
reading the file 3-16
summary mode 3-14
Index-10
using 3-14
verbose mode 3-14
SOA record 10-22
speed matching 1-2
split horizons 7-26
SSH 1-9
standby interface 6-3
star configurations 2-3
stateful
autoconfiguration 8-8
protocol 9-5
stateless
autoconfiguration 8-8
protocol 9-5
static routes
configuring 7-18
configuring manual 7-21
definition 7-6
strata 12-3
stratum-1 server 12-3
subnet address 5-21
subnet masks
contiguous 5-15
noncontiguous 5-15
subnetting 5-12
switches 2-12
switching devices 2-12
T
TCP
congestion window 9-12
datagram header 9-10
description 1-13, 9-10
flow control 9-12
header information 9-11
high-bandwidth network 9-13
large window 9-13
network congestion 9-12
protocol 1-8, 9-2, 9-8
receiver-side window
advertisements 9-12
reliability 1-8
satellite networks 9-13
segment acknowledgement 9-12
segments 1-8
TCP/IP
ARP 4-2
common protocols 1-12
model 1-1
Network Interface layer 3-2
peer-to-peer communication 1-10
PPP 1-12
protocol stack 9-8
protocols 1-12
SLIP protocol 1-12
TCP/IP layer model
Application layer 1-4
common hardware platform 1-4
Internet layer 1-4
Network Interface layer 1-4
primary functions 1-5
Transport layer 1-4
telnet protocol 1-9, 1-14
test address 6-5, 8-61
time keeping 12-2
time-to-live 10-20
timing in network protocols 1-2
TRACK_INTERFACES_ONLY_WITH_GROUPS
parameter 8-66
transfer, buffered 9-11
transmission
full-duplex 3-4
half-duplex 3-4
Transmission Control Protocol. See TCP
Transmission Control Protocol/Internet
Protocol. See TCP/IP
Transport layer
connectionless communication 1-8
connection-oriented
communication 1-8
description 1-4, 1-7
error detection 9-8
fundamentals 9-2
protocol 9-2, 9-8
transport server 9-2
transporting data, Application layer
functions 1-9
triggered updates 7-26
troubleshooting
DHCP clients 11-45
DNS server 10-33
U
UDP
datagram header 9-9
datagrams 1-8
description 1-13, 9-9
procedure call 3-14
protocol 9-2, 9-8
reliability 1-8, 9-9
unconfiguring logical interfaces 5-28
undisciplined local clock 12-7
unicast addresses
description 3-7, 5-9, 8-5
types 8-11
unreliable protocol 9-7
unspecified address type 8-14
unstructured stream orientation 9-11
User Datagram Protocol. See UDP
utilities
arp 4-5
dhcpconfig 11-8, 11-28
dhcpmgr 11-8
dhtadm 11-34
if_mpadm 6-28
ifconfig 5-3, 5-26
ndc 10-45
ndd 3-18, 3-19, 3-20
netstat 3-4, 3-5
nslookup 10-36
ntpg 12-12
ntpq 12-12
pntadm 11-31
snoop 3-14, 12-16
xntpdc 12-10
Index
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1
Index-11
V
variable length subnet mask (VLSM) 5-20
variables
FAILURE_DETECTION_TIME 6-5
local-mac-address? 3-8
virtual circuit connection 9-11
virtual interfaces 5-24
Virtual Local Area Network (VLAN) 2-5
VLAN 2-5
VLSM 5-20
W
web servers 10-24
window advertisement 9-12
X
xntpd daemon 12-7
xntpdc utility 12-10
Index-12