Network Administration for the Solaris™ 10 Operating System SA-300-S10

Student Guide

Sun Microsystems, Inc. UBRM05-104 500 Eldorado Blvd. Broomfield, CO 80021 U.S.A. Revision A.1

March 9, 2005 2:48 pm

Copyright 2005 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Sun, Sun Microsystems, the Sun logo, Solaris, Java, JumpStart, OpenBoot, Sun BluePrints, Sun Fire, and Sun StorEdge are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements. Federal Acquisitions: Commercial Software – Government Users Subject to Standard License Terms and Conditions Export Laws. Products, Services, and technical data delivered by Sun may be subject to U.S. export controls or the trade laws of other countries. You will comply with all such laws and obtain all licenses to export, re-export, or import as may be required after delivery to You. You will not export or re-export to entities on the most current U.S. export exclusions lists or to any country subject to U.S. embargo or terrorist controls as specified in the U.S. export laws. You will not use or provide Products, Services, or technical data for nuclear, missile, or chemical biological weaponry end uses. DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. THIS MANUAL IS DESIGNED TO SUPPORT AN INSTRUCTOR-LED TRAINING (ILT) COURSE AND IS INTENDED TO BE USED FOR REFERENCE PURPOSES IN CONJUNCTION WITH THE ILT COURSE. THE MANUAL IS NOT A STANDALONE TRAINING TOOL. USE OF THE MANUAL FOR SELF-STUDY WITHOUT CLASS ATTENDANCE IS NOT RECOMMENDED. Export Commodity Classification Number (ECCN) assigned: 12 December 2001

Please Recycle

Copyright 2005 Sun Microsystems Inc. 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés. Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribution, et la décompilation. Aucune partie de ce produit ou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y en a. Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié par des fournisseurs de Sun. Sun, Sun Microsystems, the Sun logo, Solaris, Java, JumpStart, OpenBoot, Sun BluePrints, Sun Fire, et Sun StorEdge sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d’autres pays. Toutes les marques SPARC sont utilisées sous licence sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d’autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc. UNIX est une marques déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd. L’interfaces d’utilisation graphique OPEN LOOK et Sun™ a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts de pionniers de Xerox pour larecherche et le développement du concept des interfaces d’utilisation visuelle ou graphique pour l’industrie de l’informatique. Sun détient une licence non exclusive de Xerox sur l’interface d’utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l’interface d’utilisation graphique OPEN LOOK et qui en outre se conforment aux licences écrites de Sun. Législation en matière dexportations. Les Produits, Services et données techniques livrés par Sun peuvent être soumis aux contrôles américains sur les exportations, ou à la législation commerciale dautres pays. Nous nous conformerons à lensemble de ces textes et nous obtiendrons toutes licences dexportation, de ré-exportation ou dimportation susceptibles dêtre requises après livraison à Vous. Vous nexporterez, ni ne ré-exporterez en aucun cas à des entités figurant sur les listes américaines dinterdiction dexportation les plus courantes, ni vers un quelconque pays soumis à embargo par les Etats-Unis, ou à des contrôles anti-terroristes, comme prévu par la législation américaine en matière dexportations. Vous nutiliserez, ni ne fournirez les Produits, Services ou données techniques pour aucune utilisation finale liée aux armes nucléaires, chimiques ou biologiques ou aux missiles. LA DOCUMENTATION EST FOURNIE “EN L’ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON. CE MANUEL DE RÉFÉRENCE DOIT ÊTRE UTILISÉ DANS LE CADRE D’UN COURS DE FORMATION DIRIGÉ PAR UN INSTRUCTEUR (ILT). IL NE S’AGIT PAS D’UN OUTIL DE FORMATION INDÉPENDANT. NOUS VOUS DÉCONSEILLONS DE L’UTILISER DANS LE CADRE D’UNE AUTO-FORMATION.

Please Recycle

Table of Contents
About This Course ............................................................Preface-xvii Course Goals....................................................................... Preface-xvii Course Map........................................................................ Preface-xviii Topics Not Covered............................................................. Preface-xix How Prepared Are You?...................................................... Preface-xx Introductions ........................................................................ Preface-xxi How to Use Course Materials ...........................................Preface-xxii Conventions ........................................................................Preface-xxiii Icons ............................................................................Preface-xxiii Typographical Conventions ................................... Preface-xxiv Additional Conventions........................................... Preface-xxv Introducing the TCP/IP Model .........................................................1-1 Objectives ........................................................................................... 1-1 Introducing Network Model Fundamentals.................................. 1-2 Network Protocols .................................................................... 1-2 Network Model Concepts........................................................ 1-3 Introducing the Layers of the TCP/IP Model................................ 1-4 Network Interface Layer ......................................................... 1-5 Internet Layer ............................................................................ 1-6 Transport Layer......................................................................... 1-7 Application Layer ..................................................................... 1-8 Describing Basic Peer-to-Peer Communication, Encapsulation, and Decapsulation ............................................. 1-10 Peer-to-Peer Communication ................................................ 1-10 Encapsulation and Decapsulation ........................................ 1-11 TCP/IP Protocols ............................................................................. 1-12 Exercise: Reviewing the TCP/IP Model ....................................... 1-16 Preparation............................................................................... 1-16 Tasks ......................................................................................... 1-16 Exercise Summary............................................................................ 1-18 Exercise Solutions ............................................................................ 1-19

vii
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Introducing LANs and Their Components..................................... 2-1 Objectives ............................................................................................ 2-1 Introducing Network Topologies .................................................... 2-2 Bus Topologies .......................................................................... 2-2 Star Topologies ......................................................................... 2-3 Ring Topologies......................................................................... 2-4 VLAN Topologies .................................................................... 2-5 Introducing LAN Media ................................................................... 2-8 IEEE Identifiers.......................................................................... 2-8 IEEE 802.3 Types ....................................................................... 2-9 Introducing Network Devices........................................................ 2-12 Repeaters .................................................................................. 2-12 Hubs.......................................................................................... 2-12 Bridges ...................................................................................... 2-12 Switches.................................................................................... 2-12 Exercise: Reviewing LANs and Their Components ................... 2-14 Preparation............................................................................... 2-14 Tasks ......................................................................................... 2-14 Exercise Summary............................................................................ 2-16 Exercise Solutions ............................................................................ 2-17 Describing Ethernet Interfaces....................................................... 3-1 Objectives ........................................................................................... 3-1 Introducing Ethernet Concepts........................................................ 3-2 Major Ethernet Elements.......................................................... 3-2 CSMA/CD Access Method ..................................................... 3-2 Full-Duplex and Half-Duplex Mode...................................... 3-4 Ethernet Statistics...................................................................... 3-4 Introducing Ethernet Frames ........................................................... 3-6 Ethernet Addresses................................................................... 3-6 Setting a Local Ethernet Address........................................... 3-8 Ethernet-II Frame Analysis................................................... 3-10 Maximum Transmission Units............................................. 3-12 Ethernet Frame Errors ............................................................ 3-13 Using Network Utilities .................................................................. 3-14 Using the snoop Utility .......................................................... 3-14 Using the netstat Command ............................................. 3-17 Using the ndd Command ....................................................... 3-18 Exercise: Reviewing Ethernet Interfaces....................................... 3-21 Preparation............................................................................... 3-21 Tasks ......................................................................................... 3-21 Exercise Summary............................................................................ 3-25 Exercise Solutions ............................................................................ 3-26

viii

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Describing ARP and RARP..............................................................4-1 Objectives ........................................................................................... 4-1 Introducing ARP ................................................................................ 4-2 Purpose of ARP ......................................................................... 4-2 Operation of ARP...................................................................... 4-3 Introducing RARP.............................................................................. 4-9 Purpose of RARP....................................................................... 4-9 Operation of RARP ................................................................... 4-9 Exercise: Reviewing ARPs and RARPs......................................... 4-12 Preparation............................................................................... 4-12 Tasks ........................................................................................ 4-13 Exercise Summary............................................................................ 4-15 Exercise Solutions ............................................................................ 4-16 Configuring IP...................................................................................5-1 Objectives ............................................................................................ 5-1 Introducing the Internet Layer Protocols ....................................... 5-3 Purpose of IP.............................................................................. 5-3 Purpose of ICMP ....................................................................... 5-4 Introducing the IP Datagram ........................................................... 5-6 IP Datagram Header Fields ..................................................... 5-6 IP Datagram Payload................................................................ 5-8 Introducing IP Address Types ......................................................... 5-9 Unicast Addresses..................................................................... 5-9 Broadcast Addresses............................................................... 5-11 Multicast Addresses ............................................................... 5-11 Introducing Subnetting and VLSM ............................................... 5-12 Subnetting ................................................................................ 5-12 Netmasks.................................................................................. 5-13 Configuring the Netmask ..................................................... 5-16 The /etc/inet/netmasks File............................................. 5-17 VLSM ....................................................................................... 5-20 Introducing the Interface Configuration Files ............................. 5-22 The /etc/hostname.interface File.................................. 5-22 The /etc/inet/hosts File ................................................... 5-22 The /etc/nodename File........................................................ 5-23 Administering Logical Interfaces .................................................. 5-24 Introducing Logical Interfaces .............................................. 5-24 Configuring Logical Interfaces............................................. 5-26 Unconfiguring Logical Interfaces ......................................... 5-28 Exercise: Reviewing IP .................................................................... 5-29 Preparation............................................................................... 5-29 Task Summary......................................................................... 5-29 Tasks ........................................................................................ 5-30 Exercise Summary............................................................................ 5-32 Exercise Solutions ............................................................................ 5-33

ix
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Configuring IP Network Multipathing............................................. 6-1 Objectives ............................................................................................ 6-1 Increasing Network Availability ..................................................... 6-2 Limitations of Network Interfaces.......................................... 6-2 Configuring IP Network Multipathing........................................... 6-3 Introducing IPMP ..................................................................... 6-3 Probe-based IPMP Configuration........................................... 6-4 Configuring Probe-based IPMP by Using Configuration Files ................................................................ 6-6 Configuring Probe-based IPMP on the Command Line.................................................................... 6-12 Link-based IPMP Configuration.......................................... 6-20 Configuring Link-based IPMP by Using Configuration Files ....................................................................................... 6-21 Configuring a Singleton IPMP Group ................................. 6-26 Viewing IPMP Operation ..................................................... 6-28 Troubleshooting an IPMP Configuration........................... 6-30 Exercise: Configuring IPMP ........................................................... 6-32 Preparation............................................................................... 6-32 Tasks ........................................................................................ 6-34 Exercise Summary............................................................................ 6-39 Exercise Solutions ............................................................................ 6-40 Configuring Routing ........................................................................ 7-1 Objectives ............................................................................................ 7-1 Identifying the Fundamentals of Routing ...................................... 7-3 Purpose of Routing ................................................................... 7-3 Types of Routes ......................................................................... 7-4 Introducing the Routing Table......................................................... 7-6 Static Routes............................................................................... 7-6 Dynamic Routes ....................................................................... 7-7 Introducing Routing Protocol Types............................................... 7-8 Autonomous Systems............................................................... 7-8 Interior Gateway Protocols...................................................... 7-9 Exterior Gateway Protocols ................................................... 7-10 Working With the Routing Table .................................................. 7-12 Displaying the Routing Table ............................................... 7-12 Introducing Routing Table Information .............................. 7-13 Searching the Routing Table................................................. 7-14 Associating Names and Network Numbers ....................... 7-16 Configuring Static Routes............................................................... 7-18 Configuring Static Direct Routes .......................................... 7-18 Configuring the /etc/defaultrouter File ...................... 7-19 Configuring the /etc/gateways File ................................. 7-20 Configuring Static Routes on the Command Line ............ 7-21 Configuring Dynamic Routing ...................................................... 7-25

x

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

RIP Version 1 ........................................................................... 7-25 RIP Version 2 ........................................................................... 7-27 The in.routed Daemon ....................................................... 7-28 The RDISC Protocol ............................................................... 7-30 ICMP Redirects........................................................................ 7-31 Introducing CIDR ............................................................................ 7-33 Purpose of CIDR ..................................................................... 7-33 Operation of CIDR .................................................................. 7-33 Configuring Routing at Boot Time ................................................ 7-38 Initializing a Router ................................................................ 7-38 Configuring a Router Without Rebooting........................... 7-40 Initializing a Multihomed Host ............................................ 7-40 Initializing a Non-Router ....................................................... 7-41 Troubleshooting Routing................................................................ 7-42 Troubleshooting the Router Configuration......................... 7-42 Troubleshooting Network Names....................................... 7-44 Exercise: Reviewing Routing Configuration................................ 7-45 Preparation............................................................................... 7-45 Tasks ........................................................................................ 7-47 Exercise Summary............................................................................ 7-59 Exercise Solutions ............................................................................ 7-60 Configuring IPv6...............................................................................8-1 Objectives ............................................................................................ 8-1 Introducing IPv6 ................................................................................ 8-3 The Need for IPv6 ..................................................................... 8-3 Features of IPv6 ........................................................................ 8-4 Introducing IPv6 Addressing........................................................... 8-5 Address Types ........................................................................... 8-5 IPv6 Address Representation.................................................. 8-6 Format Prefixes.......................................................................... 8-6 Introducing IPv6 Autoconfiguration .............................................. 8-8 Stateful Autoconfiguration ...................................................... 8-8 Stateless Autoconfiguration .................................................... 8-8 Interface Identifier Calculation ............................................... 8-9 Duplicate Address Detection ................................................ 8-10 Introducing Unicast Address Types ............................................. 8-11 Link-Local Addresses ............................................................. 8-11 Site-Local Addresses............................................................... 8-12 Aggregatable Global-Unicast Addresses............................. 8-12 Prefix Notation ........................................................................ 8-13 Embedded IPv4 Addresses.................................................... 8-13 Unspecified Address Types................................................... 8-14 Loopback Address Types ...................................................... 8-14 Introducing Multicast Address Types .......................................... 8-15

xi
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Purpose of Multicast Addresses ........................................... 8-15 Scope Bits................................................................................. 8-16 ICMPv6 Group Membership................................................. 8-17 Enabling IPv6.................................................................................... 8-18 The in.ndpd Daemon on a Non-Router.............................. 8-18 Configuring IPv6 on Non-Routers ....................................... 8-19 Troubleshooting a Non-Router Configuration................... 8-22 The in.ndpd Daemon on the Router ................................... 8-23 IPv6 Routing Information Protocol ...................................... 8-23 Configuring an IPv6 Router ................................................. 8-24 Configuring an IPv6 6to4 Router.......................................... 8-30 Configuring a 6to4 Boundary Router.................................. 8-31 Troubleshooting a Router Configuration ............................ 8-33 Managing IPv6 ................................................................................. 8-35 Displaying the State of IPv6 Interfaces ................................ 8-35 Modifying the Configuration of an IPv6 Interface............. 8-35 Configuring Logical Interfaces.............................................. 8-36 Troubleshooting IPv6 Interfaces ........................................... 8-36 Displaying the IPv6 Routing Table ...................................... 8-36 Exercise 1: Configuring IPv6 .......................................................... 8-37 Preparation............................................................................... 8-37 Task 1 – Configuring IPv6 on the Local Subnet ................. 8-37 Task 2 – Configuring 6to4 Routing...................................... 8-39 Task 3 – Configuring IPv6 Across the Whole Network................................................................................ 8-41 Exercise Summary............................................................................ 8-44 Exercise 1 Solutions ......................................................................... 8-45 Task 1 – Configuring IPv6 on the Local Subnet ................. 8-45 Task 2 – Configuring 6to4 Routing...................................... 8-48 Task 3 – Configuring IPv6 Across the Whole Network................................................................................ 8-52 Configuring IPv6 Multipathing ..................................................... 8-58 Configuring IPMP Manually................................................. 8-58 Configuring IPMP at Boot Time .......................................... 8-68 Configure a Singleton IPMP Group in IPv6........................ 8-73 Exercise 2: Configuring IPv6 Multipathing.................................. 8-74 Preparation............................................................................... 8-74 Tasks ......................................................................................... 8-74 Exercise Summary............................................................................ 8-77 Exercise 2 Solutions ......................................................................... 8-78 Task Solutions.......................................................................... 8-78

xii

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Describing the Transport Layer ......................................................9-1 Objectives ............................................................................................ 9-1 Introducing Transport Layer Fundamentals ................................. 9-2 Protocol Characteristics............................................................ 9-2 Transport Protocols in TCP/IP .............................................. 9-8 Introducing UDP................................................................................ 9-9 Purpose of UDP......................................................................... 9-9 UDP Datagram Header ............................................................ 9-9 Introducing TCP............................................................................... 9-10 TCP Segment Header ............................................................. 9-10 Virtual Circuit Connection .................................................... 9-11 Full-Duplex Connection......................................................... 9-11 Unstructured Stream Orientation......................................... 9-11 Buffered Transfer .................................................................... 9-11 Introducing TCP Flow Control ...................................................... 9-12 Receiver-Side Window Advertisements.............................. 9-12 Sender-Side Congestion Window......................................... 9-12 TCP Large Window ................................................................ 9-13 Exercise: Describing the Transport Layer..................................... 9-14 Preparation............................................................................... 9-14 Tasks ......................................................................................... 9-14 Exercise Summary............................................................................ 9-15 Exercise Solutions ............................................................................ 9-16 Configuring DNS.............................................................................10-1 Objectives .......................................................................................... 10-1 Introducing DNS Basics .................................................................. 10-2 BIND ......................................................................................... 10-2 Top-Level Domains ................................................................ 10-2 Zones of Authority.................................................................. 10-4 Server Types ............................................................................ 10-4 Answer Types.......................................................................... 10-7 Name-Resolution Process ...................................................... 10-7 Resource Records .................................................................. 10-11 Configuring a DNS Server............................................................ 10-15 Gathering Information ......................................................... 10-15 Editing the BIND Configuration File ................................. 10-16 Editing the named.root File .............................................. 10-19 Editing the Forward Domain File...................................... 10-21 Editing the Reverse Domain File ....................................... 10-24 Editing the Reverse Loopback Domain File...................... 10-25 Configuring Dynamic Updates.......................................... 10-26 Configuring Security ........................................................... 10-27 Configuring Secondary DNS Servers................................ 10-29 Checking Configuration and Database Files.................... 10-31 Configuring DNS Clients.................................................... 10-32

xiii
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Troubleshooting the DNS Server by Using Basic Utilities.......................................................................................... 10-33 Implementing named Logging............................................. 10-33 Examining the/var/adm/messages File........................... 10-35 Using the dig Utility ........................................................... 10-36 Dumping a Snapshot of the DNS Database by Using the rndc Utility ...................................................... 10-39 Forcing the named Daemon to Reread the Configuration and Changed Zone Files ......................... 10-44 Managing a DNS Server by Using the rndc Utility .................................................................................. 10-45 Exercise: Configuring DNS.......................................................... 10-50 Preparation............................................................................. 10-50 Task Summary....................................................................... 10-51 Tasks ....................................................................................... 10-51 Exercise Summary.......................................................................... 10-57 Exercise Solutions .......................................................................... 10-58 Task Solutions........................................................................ 10-58 Configuring DHCP ......................................................................... 11-1 Objectives .......................................................................................... 11-1 Introducing the Fundamentals of DHCP ..................................... 11-2 Purpose of DHCP.................................................................... 11-2 DHCP Client Functions.......................................................... 11-3 DHCP Server Functions ......................................................... 11-4 Configuring a DHCP Server........................................................... 11-7 Configuring DHCP by Using Different Methods ............. 11-8 Performing Initial DHCP Server Configuration by Using the dhcpmgr Utility.................................................. 11-9 Adding Addresses by Using the dhcpmgr Utility ............ 11-21 Using the dhcpconfig Command..................................... 11-28 Introducing DHCP Network Files...................................... 11-30 Using the pntadm Command .............................................. 11-31 Introducing the dhcptab Table........................................... 11-34 Configuring and Managing DHCP Clients................................ 11-39 Configuring a DHCP Client ................................................ 11-39 Troubleshooting a DHCP Server ................................................. 11-42 Troubleshooting DHCP Clients ................................................... 11-45 Exercise: Configuring a DHCP Server and Client..................... 11-46 Preparation............................................................................. 11-46 Task Summary...................................................................... 11-47 Task 1 – Configuring the DHCP Server............................. 11-47 Task 2 – Configuring the DHCP Client ............................ 11-48 Task 3 – Using the snoop Utility to View DHCP Client-Server Interaction................................................... 11-48 Exercise Summary.......................................................................... 11-50 Exercise Solutions .......................................................................... 11-51 Task 1 – Configuring the DHCP Server............................. 11-51
xiv Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

................................................................................................................ 13-14 Viewing the Solaris IP Filter Firewall Configuration ............................. Sun Services............. 12-14 Troubleshooting NTP ....................................................... 12-22 Task Solutions..................13-1 Objectives ................................................................................................................ 12-2 Uses of NTP ...12-1 Objectives .............. 12-21 Exercise Solutions ........................................................................................................................... 12-13 Stopping the NTP Client Daemon............................................ 11-69 Task 3 – Using the snoop Utility to View DHCP Client-Server Interaction...................................................................................................... 13-3 Enabling Packet Filtering With the Solaris IP Filter Firewall .................... 13-3 Configuring the Solaris IP Filter Firewall Actions . 12-10 Determining NTP Peers ....... 12-3 NTP Terms ........ 13-8 Changing and Updating the Solaris IP Filter Firewall Configuration ................................... 12-18 Exercise Summary............................................................ 13-6 Configuring Filter Rules........ 12-15 Viewing Messages....................................................................... 12-13 Starting the NTP Client Daemon .................................................................................................................................................................................................................... 12-22 Configuring the Solaris™ IP Filter Firewall...................................... 12-5 Using an Undisciplined Local Clock....................................................................................................................................1 ........................................................ Revision A.................................................................................................................................................................................. 12-16 Exercise: Configuring NTP ........................................... 12-9 Managing Daemons....................................... 13-16 xv Copyright 2005 Sun Microsystems....................... 12-1 Identifying NTP Basics............................. 11-70 Configuring NTP ........................... 12-7 Using External NTP Reference Servers.....................................................................................................................................Task 2 – Configuring the DHCP Client ................................... 12-17 Task Summary...................................................................................................................... 12-3 Configuring an NTP Server....... 13-7 Configuring Specific Matching ........ Inc.............. 12-15 Using the snoop Utility .............. 12-17 Preparation........ 12-13 Establishing Basic Configuration................................................................... 13-1 Identifying Firewall Basics ............................ 13-15 Configuring Logging in the Solaris IP Filter Firewall....................................................................................................................................................................................................................... 13-2 Configuring the Behavior of the Solaris IP Filter Firewall .. All Rights Reserved............. 12-2 How Computers Keep Time...... 12-17 Tasks .............. 12-12 Configuring an NTP Client ........................................ 13-5 Configuring Packet Direction...........................

....... 13-32 Task 1 Solutions.......................... Bibliography-3 RFCs ....................................................................................................................... 13-31 Exercise Solutions ............................................................................ 1-1 xvi Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. 13-19 Preparation................................... Bibliography-1 Sun Microsystems Publications ..........Glossary-1 Index........ 13-20 Task 2 – Disabling Services.............................................................................................. 13-41 Bibliography ......... Sun Services................................................. 13-32 Task 2 Solutions......................1 .............. Bibliography-4 Glossary/Acronyms ...... 13-19 Task 1 – Configuring Firewall Rules ..........Exercise: Configuring the Solaris IP Filter Firewall ....................................................... All Rights Reserved............................................................................................................. 13-26 Exercise Summary................................................................................................................................. Bibliography-1 Books.................................. 13-19 Task Summary............................................................................................... Bibliography-2 Online References ............................. Revision A..................................................................... Inc...

Preface About This Course Course Goals Upon completion of this course. Sun Services. Inc.1 . All Rights Reserved. you should be able to: q q q Configure the Network Interface layer Configure the network (Internet and Transport layers) Configure and manage network applications Preface-xvii Copyright 2005 Sun Microsystems. Revision A.

All Rights Reserved. Inc. Sun Services.1 . Configuring the Network Interface Layer Introducing the TCP/IP Model Introducing LANs and Their Components Describing Ethernet Interfaces Describing ARP and RARP Configuring the Network Configuring IP Network Multipathing Configuring IP Configuring Routing Configuring IPv6 Describing the Transport Layer Configuring and Managing Network Applications Configuring the Solaris™ IP Filter Firewall Configuring DNS Configuring DHCP Configuring NTP Preface-xviii Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A.Course Map Course Map The course map enables you to see what you have accomplished and where you are going in reference to the instructional goals.

Covered in IN-425: TCP/IP Network Troubleshooting in the Solaris™ OS q q q q Refer to the Sun Educational Services catalog for specific information and registration. Revision A. Many of these topics are covered in other courses offered by Sun Educational Services: q Solaris™ Operating System (Solaris OS) system administration – Covered in SA-200-S10: Intermediate System Administration for the Solaris™ 10 Operating System and SA-202-S10: Advanced System Administration for the Solaris™ 10 Operating System Server storage administration – Covered in ES-222: Solaris™ Volume Manager Administration and ES-310: Volume Manager With Sun StorEdge™ Network Information Services Plus (NIS+) – Covered in SA-385: NIS+ Administration Solaris OS tuning – Covered in SA-400: Solaris™ Systems Performance Management Network Troubleshooting .1 Preface-xix . All Rights Reserved. Sun Services. About This Course Copyright 2005 Sun Microsystems. Inc.Topics Not Covered Topics Not Covered This course does not cover the following topics.

All Rights Reserved. such as startup and shutdown. can you answer yes to the following questions? q Can you perform basic host operations. Inc. Sun Services.1 .How Prepared Are You? How Prepared Are You? To be sure you are prepared to take this course. Revision A. to initialize certain network configuration changes? Can you manipulate startup and shutdown scripts to configure networks? Can you set up user accounts when configuring network services for system users? Can you locate and install network software packages required to set up various network services? q q q Preface-xx Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

addressing the following items: q q q q q q Name Company affiliation Title. All Rights Reserved.1 Preface-xxi . Sun Services. Revision A. Inc. function. and job responsibility Experience related to topics presented in this course Reasons for enrolling in this course Expectations for this course About This Course Copyright 2005 Sun Microsystems. introduce yourself to the other students and the instructor.Introductions Introductions Now that you have been introduced to the course.

animation. q q q Note – Many system administration tasks for the Solaris OS can be accomplished in more than one way. Activities – The activities take on various forms.1 . Visual aids commonly contain graphics. The methods presented in the courseware reflect recommended practices used by Sun Educational Services. Preface-xxii Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Objectives support goals and can support other higher-level objectives. such as an exercise. and video. and demonstration. discussion. All Rights Reserved. such as a process. This information will help you learn the knowledge and skills necessary to succeed with the activities. Sun Services. self-check. Lecture – The instructor will present information specific to the objective of the module. Inc. Activities are used to facilitate mastery of an objective. Visual aids – The instructor might use several visual aids to convey a concept. Revision A.How to Use Course Materials How to Use Course Materials To enable you to succeed in this course. these course materials employ a learning module that is composed of the following components: q Objectives – You should be able to accomplish the objectives after completing a portion of instructional content. in a visual form.

Caution – Indicates that there is a risk of personal injury from a nonelectrical hazard. Revision A. Students should be able to understand the concept or complete the task without this information. About This Course Copyright 2005 Sun Microsystems.1 Preface-xxiii . or the operating system. Sun Services. software. depending on the action of the user. A caution indicates that the possibility of a hazard (as opposed to certainty) might happen. or risk of irreversible damage to data. Inc. Examples of notational information include keyword shortcuts and minor system adjustments. All Rights Reserved. ! ? Note – Indicates additional information that can help students but is not crucial to their understanding of the concept being described.Conventions Conventions The following conventions are used in this course to represent various training elements and alternative learning resources. Icons Discussion – Indicates a small-group or class discussion on the current topic is recommended at this time.

Revision A. for example: To list the files in this directory.1 . for example: Read Chapter 6 in the User’s Guide. programming code. host names. or words that you want to emphasize. use the rm filename command. for example: Type chmod a+rwx filename to grant read. Palatino italics is used for book titles. directories. host1# cd /home Courier bold is used for characters and numbers that you type. All Rights Reserved. and on-screen computer output. Courier italic bold is used to represent variables whose values are to be entered by the student as part of an activity. user names. Sun Services. type the following: # ls Courier italics is used for variables and command-line placeholders that are replaced with a real name or value. files. new words or terms. for example: Use the ls -al command to list all files. Inc. and execute rights for filename. These are called class options.Conventions Typographical Conventions Courier is used for the names of commands. Preface-xxiv Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. for example: To delete a file. write.

If a command used in the Solaris OS is different from a command used in the Microsoft Windows platform. conjunctions (operators).” refers to a method called doIt that takes no arguments. for example: “The doIt method.” refers to any method called doIt. Sun Services.. Inc..Conventions Additional Conventions Java™ programming language examples use the following additional conventions: q Method names are not followed with parentheses unless a formal or actual parameter list is shown.1 Preface-xxv . All Rights Reserved.. Revision A.. both commands are shown. or white space in the code. for example: If working in the Solaris OS $ cd $SERVER_ROOT/bin If working in Microsoft Windows C:\> cd %SERVER_ROOT%\bin q About This Course Copyright 2005 Sun Microsystems. “The doIt() method. Broken code is indented four spaces under the starting code. q Line breaks occur only where there are separations (commas).

.

All Rights Reserved. Revision A. Configuring the Network Interface Layer Introducing the TCP/IP Model Introducing LANs and Their Components Course Map Describing Ethernet Interfaces Describing ARP and RARP Figure 1-1 1-1 Copyright 2005 Sun Microsystems. this module describes basic peer-to-peer communication and some common TCP/IP protocols. Upon completion of this module. Transport. Sun Services.Module 1 Introducing the TCP/IP Model Objectives This module describes the fundamentals of the Transmission Control Protocol/Internet Protocol (TCP/IP) model. This module also describes the layers of the TCP/IP model. Inc. In addition. you should be able to: q q q q Describe network model fundamentals Describe the layers of the TCP/IP model Describe basic peer-to-peer communication and related protocols Identify TCP/IP protocols The course map in Figure 1-1 shows how this module fits into the current instructional goal. including network protocols and concepts.1 . including the Network Interface. Internet. and Application layers.

A data communication protocol is a set of rules that must be followed for two electronic devices to communicate with each other. Each software module that implements a protocol can be developed and updated independently of other modules. also known as a protocol stack. Inc. Revision A. and the protocols that govern data transfer between two or more systems. Protocols define the procedures to be followed by the systems involved in the communication process.Introducing Network Model Fundamentals Introducing Network Model Fundamentals The fundamentals required to understand computer networking are the network model. Sun Services. as long as the interface between the modules remains constant. They form a communication architecture. These rules describe: q q q Syntax – Data format and coding Semantics – Control information and error handling Timing – Speed matching and sequencing Functions of Protocols A protocol defines how systems can communicate and facilitates communication between software. Many protocols are used so that communication can be broken into smaller. the functions of the layers. All Rights Reserved. 1-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. firmware. manageable processes. and other devices in data transfer.1 . Network Protocols Computer networks use protocols to communicate. Many protocols provide and support data communication. The TCP/IP model is a protocol stack used by the Solaris OS for data communication. Each protocol provides a function essential for data communication.

All Rights Reserved. Sun Services. Revision A. You can think of layers as a series of steps or functions that must be sequentially completed for communication to occur between two systems.1 1-3 . Each layer on a host acts independently of other layers on the same machine but is synchronous with the same layer on other hosts. Inc. The following mapping helps you to understand the network model: q q q Model = structure Layer = functions Protocol = rules Advantages of Using a Layered Model Some of the advantages of a layered model are that it: q Separates the complexity of networking into many functions or layers Enables you to introduce changes or new features in one layer without having to change the other layers Provides a standard to follow. enabling inter-operability between software and hardware vendors Simplifies troubleshooting q q q Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. Networking models consist of layers. Each layer communicates with its peer layer on another host in a given process of communication. q q Network Model Concepts A networking model refers to a common structure that enables communication between two or more systems.Introducing Network Model Fundamentals The features of a protocol stack are: q Each layer has a specific purpose and exists on both the source and destination hosts.

html. Table 1-1 TCP/IP Network Model TCP/IP Layer Application Description q Consists of user-accessed application programs and network services Defines how cooperating networks represent data Manages the transfer of data by using acknowledged and unacknowledged transport protocols Manages the connections between cooperating applications Manages data addressing and delivery between networks Fragments data for the Network Interface layer Manages the delivery of data across the physical network Provides error detection and packet framing q Transport q q Internet q q Network Interface q q RFCs are a frame of reference for describing the protocol architecture and functions specific to the TCP/IP protocol stack. visit http://www. 1-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 .org/rfc.ietf. All Rights Reserved. It has standards that are defined and described in Request for Comment (RFC) documents. The TCP/IP model was developed by the United States Department of Defense (DOD) in the 1970s.Introducing the Layers of the TCP/IP Model Introducing the Layers of the TCP/IP Model Table 1-1 shows the four layers of the TCP/IP model. Sun Services. The TCP/IP model is a four-layered structure resting on a common hardware platform. Revision A. For a complete listing of RFCs. Inc.

Introducing the Layers of the TCP/IP Model Network Interface Layer Figure 1-2 shows the position of the Network Interface layer in the TCP/IP network model. destination and source hardware address. The primary functions of this layer are: q q q Managing the delivery of data across the physical network Detecting errors Framing packets TCP/IP Layers Application Layer Transport Layer Internet Layer Packet data unit Network Interface Layer Hardware Layer Figure 1-2 TCP/IP Network Interface Layer The Network Interface layer services the Internet layer by providing communication between nodes on the same network.1 1-5 . Inc. A packet data unit (PDU) is a structured series of bits with a well-defined beginning and a well-defined end. frame length or type. This layer defines how bits are assembled into manageable units of data. Figure 1-3 shows a specific type of PDU known as an Ethernet frame. where the bits are divided into fields containing information labels. Sun Services. data. Revision A. such as preamble. Preamble Destination Address Source Address Type Data CRC Figure 1-3 Structure of a Frame Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. and cyclic redundancy check (CRC). All Rights Reserved.

The primary functions of the Internet layer are: q q Routing data between networks Fragmenting and reassembly of data TCP/IP Layers Application Layer Transport Layer Datagram Internet Layer Network Interface Layer Hardware Layer Figure 1-4 TCP/IP Internet Layer 1-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. Figure 1-4 shows the position of the Internet layer in the TCP/IP network model.1 .3 – Ethernet standards IEEE 802.Introducing the Layers of the TCP/IP Model Examples of Network Interface layer protocols are: q Institute of Electrical and Electronics Engineers (IEEE) 802.11 – Wireless network standards q q q Internet Layer The Internet layer attempts to ensure that messages reach their destination system using the most efficient route. Sun Services.5 – Token ring standards IEEE 802.4 – Token bus standards IEEE 802. Inc. All Rights Reserved.

Inc. The Internet layer uses the Internet Protocol (IP) and Internet Control Message Protocol (ICMP). Revision A. or the next gateway node in the route if the destination is on another network. IP encapsulates data in datagrams. This node is either the destination itself if the destination is on the local network. All Rights Reserved. which in turn are encapsulated inside Network Interface layer PDUs. It also controls the flow of data and defines the transport quality of the data transmission. Figure 1-5 shows the position of the Transport layer in the TCP/IP network model.1 1-7 .Introducing the Layers of the TCP/IP Model Using routing information. TCP/IP Layers Application Layer Segment or datagram Transport Layer Internet Layer Network Interface Layer Hardware Layer Figure 1-5 TCP/IP Transport Layer The mechanisms used by the Transport layer to determine whether data has been correctly delivered are: q q q Acknowledgement responses Sequencing Flow control Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. the Internet layer determines the next directly accessible node in the path to a packet’s destination. Transport Layer The Transport layer manages the transfer of application data between communicating hosts. IP is responsible for fragmenting and routing data. Sun Services. and ICMP assists routing and performs error detection and other network management tasks.

and UDP uses packets called datagrams. All Rights Reserved.1 . Both TCP segments and UDP datagrams are encapsulated in Internet layer datagrams for transmission to the next node. TCP/IP Layers Stream or Message Layer 4 Layer 3 Layer 2 Layer 1 Application Layer Transport Layer Internet Layer Network Interface Layer Hardware Layer Figure 1-6 TCP/IP Application Layer 1-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Two Transport layer protocols are found in the Solaris OS TCP/IP stack: the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). The Transport layer facilitates two types of communication: q Connection-oriented (TCP) – A connection must be established at the Transport layer of both systems before the application can transmit any data. Revision A. Connectionless (UDP) – Systems do not need to establish a connection with the recipient prior to data exchange. It supports multiple operations simultaneously. Sun Services. q TCP is a more reliable form of data exchange than UDP. TCP uses packets called segments. Application Layer The top layer of the TCP/IP stack is the Application layer. Figure 1-6 shows the position of the Application layer in the TCP/IP network model. Inc.Introducing the Layers of the TCP/IP Model The Transport layer facilitates end-to-end data transfer.

which represents a coding agreement for the data to be formatted and transferred. All Rights Reserved. Transporting data – The Application layer stipulates a transfer syntax. Application layer protocols. A common syntax ensures compatibility between various end-user applications and machines. the Application layer makes sure that it reaches the end users in this format. and new protocols are frequently included in the Solaris OS TCP/IP stack.Introducing the Layers of the TCP/IP Model The Application layer includes all of the protocols that use Transport layer protocols to deliver data to the Internet layer. q q Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. For example. Inc. The primary functions of this layer are: q Formatting data – Data is formatted based on a computer’s architecture. alphanumeric characters are represented by using American Standard Code for Information Interchange (ASCII) on a UNIX® host. Protocols operating at this layer of the model encapsulate packets into streams or messages. Some common TCP/IP applications or protocols include: q q q q q q q q q Telnet Protocol File Transfer Protocol (FTP) Simple Network Management Protocol (SNMP) Simple Mail Transfer Protocol (SMTP) Dynamic Host Configuration Protocol (DHCP) Domain Name System (DNS) Network Information Service (NIS) Network File System (NFS) Secure shell (SSH) The Application layer handles the details of the particular application. and Extended Binary Coded Decimal Interchange Code (EBCDIC) on an IBM mainframe computer. use RPC for session management between clients and servers. Sun Services. such as NIS and NFS. Remote procedure call (RPC) libraries enable high-level language programs to make procedure calls to other machines on a network. There are many application protocols. Revision A.1 1-9 . The Application layer also provides translations between locally represented data and data used for transfer between end systems. Presenting data – If end users specify how they want their data presented to them.

1 . and Decapsulation In the TCP/IP model. Inc. adjacent layers in the model interact with each other.Describing Basic Peer-to-Peer Communication. Sun Services. Peer-to-Peer Communication Peer-to-peer communication occurs when one layer on a system communicates with a corresponding layer on another system. Revision A. Source System Destination System Application X Application Y Application Layer Encapsulation User Data Decapsulation Message or Message or Stream Stream User Data Application Layer Transport Layer Internet Layer Network Interface Layer Hardware Layer NH IH TH A-PDU Segment or Segment or Datagram Datagram TH A-PDU Transport Layer Internet Layer Network Interface Layer Hardware Layer T-PDU Datagram Datagram IH T-PDU I-PDU NT Frame Frame NH I-PDU NT Signal Communication Path Physical Transmission Medium TH = Transport Header IH = Internet Header NH = Network Header NT = Network Trailer Figure 1-7 Peer-to-Peer Communication 1-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Encapsulation. Encapsulation. All Rights Reserved. and the corresponding layers at either end are also considered to interact with each other. and Decapsulation Describing Basic Peer-to-Peer Communication. the Application layer on the source system interacts with the Application layer on the destination system. For example. Figure 1-7 illustrates the peer-to-peer communications between the layers at either end of a network interaction.

During decapsulation: q q Data travels up through the layers. Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. and Decapsulation Encapsulation and Decapsulation Data passed down through each layer on the sender is encapsulated. At the final layer.Describing Basic Peer-to-Peer Communication. Figure 1-7 on page 1-10 shows data decapsulation occurring on the destination system.1 1-11 . Headers and trailers are removed at each layer before the data is passed up to the next layer. Encapsulation. Inc. During encapsulation: q Header information is added at each layer before the data is passed down to the next layer. Sun Services. The header information helps the destination system to direct the data to the appropriate protocol. trailer information is also added. q Figure 1-7 on page 1-10 shows data encapsulation occurring on the source system. Data arriving at a destination system is decapsulated. All Rights Reserved. Revision A.

and a short description of each protocol. 1-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Table 1-2 Some TCP/IP Network Interface Layer Protocol Descriptions RFC 1055 1661 Protocol SLIP PPP Description Serial Line Internet Protocol compresses IP datagrams on serial lines.1 . point-to-point links.TCP/IP Protocols TCP/IP Protocols The following tables describe briefly the common TCP/IP protocols. Point-to-Point Protocol transmits datagrams over serial. Table 1-2 shows a list of Network Interface layer protocols. Revision A. their corresponding RFCs. All Rights Reserved. Sun Services. Inc.

All Rights Reserved. 2406. 919. and a short description of each protocol. 768 UDP Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. their corresponding RFCs. Internet Protocol determines the path that a datagram must take. Table 1-3 Some TCP/IP Internet Layer Protocol Descriptions RFC 826 903 791. Revision A. based on the destination host’s IP address. 2402. stream service on which many application protocols depend. Reverse Address Resolution Protocol defines the method used to map a 48-bit Ethernet address to a 32-bit IP address. Sun Services. 922 792 2401. Inc. 950. their corresponding RFCs.1 1-13 . • Internet Protocol Security Architecture • Encapsulating Security Payload (ESP) • IP authentication header • Internet IP security domain of interpretation for the Internet Security Association and Key Management Protocol (ISAKMP) Table 1-4 shows a list of Transport layer protocols. 2408 Protocol ARP RARP IP ICMP IPSecrelated RFCs Description Address Resolution Protocol defines the method used to map a 32-bit IP address to a 48-bit Ethernet address. and a short description of each protocol. Table 1-4 Some TCP/IP Transport Layer Protocol Descriptions RFC 793 Protocol TCP Description Transmission Control Protocol is a connection-oriented protocol that provides the full-duplex. Internet Control Message Protocol communicates error messages and other controls within IP datagrams.TCP/IP Protocols Table 1-3 shows a list of Internet layer protocols. 2407. User Datagram Protocol is a connectionless protocol that provides non-acknowledged datagrams delivered over reliable networks.

whereas POP3 is client-centric. All Rights Reserved. Telnet Protocol enables terminals and terminal-oriented processes to communicate on a network by using TCP/IP. File Transfer Protocol is used to transfer files between systems. IMAP4 is suited to mobile users because the mail remains on the server. enables users to access their email box across the network from an IMAP4 server. Domain names index a hierarchical tree of names and ultimately identify hosts and domains. Internet Message Access Protocol. enables users to access their email box across a wide area network (WAN) or local area network (LAN) from a POP3 server. 1280 2131 Remote login DHCP 2821 1157 SMTP SNMP 1939 POP3 2060 IMAP4 1-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. distributed database for domain names. Simple Mail Transfer Protocol transfers electronic mail (email) messages from one machine to another. 1035 Protocol DNS Description Domain Name System is a text-based. Post Office Protocol. Inc. and a short description of each protocol. 855 FTP Telnet 1258. version 4. Simple Network Management Protocol enables system administrators to monitor and control network devices.TCP/IP Protocols Table 1-5 shows a list of some Application layer protocols. and IP addresses. Revision A. their corresponding RFCs. host names. The rlogin command enables users to log in to remote hosts. Dynamic Host Configuration Protocol is responsible for automatically assigning IP addresses in an organization’s network.1 . 959 854. version 3. IMAP4 is server-centric. Sun Services. Table 1-5 Some TCP/IP Application Layer Protocol Descriptions RFC 1034.

Sun Services. Inc. pictures.TCP/IP Protocols Table 1-5 Some TCP/IP Application Layer Protocol Descriptions (Continued) RFC 1945. All Rights Reserved.1 1-15 . Revision A. Secure shell is based on a number of drafts. 2068 None Protocol HTTP HTTPS Description Hypertext Transfer Protocol and Secure Hypertext Transfer Protocol are used on the World Wide Web to transfer text. and other multimedia information that is accessible through a web browser. audio. None SSH Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. SSH logs in securely to a system across a network.

you review the TCP/IP model. _____________________________________________________________ _____________________________________________________________ 3. Preparation There is no preparation for this exercise. In your own words. Inc.Exercise: Reviewing the TCP/IP Model Exercise: Reviewing the TCP/IP Model In this exercise. Tasks Perform the following steps: 1. List the layers of the TCP/IP network model by their name and function. All Rights Reserved. define the term protocol.1 . define the term peer-to-peer. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 1-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Name:_______________________________________________________ Function: ____________________________________________________ Name:_______________________________________________________ Function: ____________________________________________________ Name:_______________________________________________________ Function: ____________________________________________________ Name:_______________________________________________________ Function: ____________________________________________________ 2. Sun Services. Revision A. In your own words.

Headers and trailers are added before the data is passed down to the next layer. Which statements describe data encapsulation? Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. Revision A. b. c. d. All Rights Reserved. 5.1 1-17 . Data travels down through layers at the source system’s end. Sun Services.Exercise: Reviewing the TCP/IP Model 4. ARP IP TCIP ICMP Data travels up through layers at the destination system’s end. d. Headers and trailers are removed before the data is passed up to the next layer. Inc. b. c. Which protocols are part of the TCP/IP suite? a. a.

1 . Inc. q q q q ! ? Experiences Interpretations Conclusions Applications 1-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services. Revision A.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. All Rights Reserved. or discoveries you had during the lab exercise. issues.

Name: Network Interface Function: Manages the delivery of data across the physical network. In your own words. as well as fragmenting data for the Network Interface layer. This layer is also responsible for defining the way in which cooperating networks represent data. 3. define the term protocol.Exercise Solutions Exercise Solutions Solutions to the exercise are as follows: 1. Name: Transport Function: Manages the transfer of data using connection-oriented and connectionless transport protocols.1 1-19 . Sun Services. Name: Application Function: Consists of user-accessed application programs and network services. Inc. A protocol is set of rules governing the exchange of data between two entities. Name: Internet Function: Manages data addressing and delivery between networks. These rules describe: q q q Syntax – Data format and coding Semantics – Control information and error handling Timing – Speed matching and sequencing Introducing the TCP/IP Model Copyright 2005 Sun Microsystems. This layer provides error detection and packet framing. 2. List the layers of the TCP/IP network model by their name and function. All Rights Reserved. Revision A. In your own words. Peer-to-peer communication is the ability of a specific layer to communicate with a corresponding layer on another host. define the term peer-to-peer.

Revision A. 5. Sun Services. d. ARP IP ICMP Data travels down through layers at the source system’s end. Headers and trailers are added before the data is passed down to the next layer.1 . b. Which protocols are part of the TCP/IP suite? a. b.Exercise Solutions 4. Which statements describe data encapsulation? 1-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved. d. Inc.

This module also introduces LAN media. Upon completion of this module. including shared hubs. Inc.Module 2 Introducing LANs and Their Components Objectives This module describes LANs and their components. In addition. and switches. Sun Services. bridges. you should be able to: q q q Describe network topologies Describe LAN media Describe network devices The course map in Figure 2-1 shows how this module fits into the current instructional goal.1 . Revision A. including IEEE LAN media identifiers and Ethernet media. Configuring the Network Interface Layer Introducing the TCP/IP Model Introducing LANs and Their Components Course Map Describing Ethernet Interfaces Describing ARP and RARP Figure 2-1 2-1 Copyright 2005 Sun Microsystems. All Rights Reserved. this module introduces network devices.

Many different network topologies are commonly implemented in today’s network environments. the type of business. Sun Services. Inc. All Rights Reserved. any failover requirements.Introducing Network Topologies Introducing Network Topologies The topology of a network relates to the way nodes on the network are physically wired together. Systems are attached at points along the cable to enable communication with each other. Revision A. and the amount of network traffic you expect when you make decisions about which topology to use. Consider the size of the network.1 . The bandwidth of the cable is shared between all the systems connected to the cable. A typical bus configuration has coaxial cables running through an area. Figure 2-2 Bus Configuration 2-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Topology is one of the most important considerations when you design a network. Bus Topologies The bus configuration was the typical LAN topology for the original Ethernet network specification. Figure 2-2 shows an example of a bus configuration.

Sun Services.1 2-3 . Star configurations are well suited to many of today’s LAN network methodologies. This essentially makes star configurations behave exactly like bus configurations from the point of view of the nodes. Figure 2-3 shows an example of the star configuration. 0K> Figure 2-3 Star Configuration Introducing LANs and Their Components Copyright 2005 Sun Microsystems. An intelligent hub controls: q q Which messages are transferred between which ports What devices are connected to each port or segment Note – A non-intelligent hub does not make any decisions about which ports to send data. Revision A. Inc. A benefit of the star configuration is that a fault on the cable to a node affects only that node. Depending upon the LAN methodology.Introducing Network Topologies Star Topologies The LAN topology in a star configuration uses a central location. from which a number of signal-carrying cables extend to each individual device on a branch. All Rights Reserved. or hub. there is a limit to the number of segments that can be linked together.

Figure 2-4 Ring Configuration 2-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. With the invention of the intelligent central hub. if one node stops functioning the ring can be broken. In a ring network. The reliability is a result of the intelligent hub’s ability to bypass a non-functioning node in the ring. All Rights Reserved. the output of one node connects to the input of the next node.1 . Figure 2-4 shows a star-wired ring configuration. a ring configuration can be implemented with the reliability of a star configuration. Each node in the ring is between two other nodes. Inc.Introducing Network Topologies Ring Topologies In a ring configuration. which affects communication on the network. Sun Services.

7. the hardware or software address of the systems. Although the term VLAN is in common use. All systems are physically connected to the same device. All systems on the same broadcast domain Figure 2-5 VLAN With All Systems on the Same Domain Introducing LANs and Their Components Copyright 2005 Sun Microsystems. and 6 can be assigned to network A. and traffic does not pass between the two networks. or the protocols used by the systems. All Rights Reserved. Using VLANs reduces the size of broadcast domains. You can move computer systems between VLANs without any hardware configuration. Inc. Revision A. This makes the task of defining the term VLAN difficult. Figure 2-5 shows an example of a network with all systems on the same broadcast domain. 4. Sun Services. and 8 can be assigned to network B. For example. The traffic on network A is separated from the traffic on network B. 5. while ports 3. ports 1. on an 8-port switch. every vendor provides their own VLAN implementation and enhancements. 2. the device is configured with multiple logical networks (the VLANs) that have one or more ports on the switch assigned to them. A VLAN topology is implemented with a central device that supports VLAN technology. Ports can be assigned to different VLANs based on port number.Introducing Network Topologies VLAN Topologies Virtual local area network (VLAN) topologies are becoming increasingly popular. however.1 2-5 .

Smaller Broadcast Domains Figure 2-6 VLAN Configurations 2-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. smaller broadcast domains. Revision A. Inc.1 .Introducing Network Topologies Figure 2-6 shows how a single switch can be configured into three VLANs so that there are three separate. All Rights Reserved. Sun Services.

Inc. Revision A. Three VLANs defined (by color) Figure 2-7 Three VLANs Defined Introducing LANs and Their Components Copyright 2005 Sun Microsystems. how the three VLANs are configured by using software on the switch to which all systems are connected. through shading.1 2-7 . All Rights Reserved.Introducing Network Topologies Figure 2-7 shows. Sun Services.

Inc. which is a type of signalling. Sun Services.Introducing LAN Media Introducing LAN Media Many types of LAN methodologies include the media’s specifications as part of the LAN’s name (identifier). The second piece of information. q q An example identifier is 100BASE-T. BASE. For thick coaxial cable. Two systems cannot transmit signals at the same time. The third piece of information indicates the segment type or the approximate segment length. stands for baseband. For thin coaxial cable. and the designation F stands for fiber-optic cable. which means that the transmission speed is 100 megabits per second. 5 indicates the 500-meter maximum length allowed for individual segments. All Rights Reserved. baseband signaling is used. respectively.1 . represents a media speed of 10 megabits per second (Mbps). or 1000 Mbps. These identifiers include three pieces of information: q The first piece of information. IEEE Identifiers For the various types of LANs. the IEEE identifier indicates the types of media used. and the media is twisted pair. 10. 100 Mbps. The designation T indicates that the segment type is twisted-pair. Type of Signal = Baseband Speed = 10 Mbs 10 BASE-5 Segment Length = 500 Meter 10 BASE-T Type of Media = Twisted Pair Figure 2-8 IEEE Media Identifier 2-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. or 1000. Revision A. 100. which is rounded up from the 185-meter maximum length for individual thin coaxial segments. 2 indicates 200 meters. Baseband signalling uses the entire bandwidth of the cable for one signal. Figure 2-8 shows how baseband segments are designated.

Introducing LANs and Their Components Copyright 2005 Sun Microsystems. the security. This is a standard technique that improves the signal-carrying characteristics of a wire pair.Introducing LAN Media The thick coaxial cable media segment was the first media segment to be defined in the Ethernet specifications. The twisted-pair segment type is widely used today for making network connections to the desktop. You can only implement 100BASE-TX over Category 5 cable. Revision A. The two wires in each pair must be twisted together for the entire length of the segment. Multiple twisted-pair segments communicate using a multiport hub or switch. and the media that is supported by current technology when you make decisions about which LAN media to use. and the other pair transmits data signals. The specifications for this media type were published in 1990. 100BASE-TX Media Type The 100BASE-TX media type is based on specifications published in the American National Standards Institute (ANSI) Twisted-Pair – Physical Media Standard (TP-PMD). The 10BASE-T media type uses two pairs of wires: one pair receives data signals. The thin coaxial cable media segment was defined next. the cost of the media. the cost to install the media. 100BASE-TX uses both. The 100BASE-TX media type carries 100 Mbps signals over two pairs of wire.3 Types Many different types of LAN media have been used. All Rights Reserved. Sun Services. from half-inch thick coaxial cable to optical fibre measured in microns. You can implement 10BASE-T over Category 3 (two to three twists per foot) or Category 5 (two to three twists per inch) twisted-pair cable. IEEE 802. followed by the twisted-pair and fiber-optic media segments. 10BASE-T Media Type The 10BASE-T media type uses twisted-pair cables. Inc.1 2-9 . Because the ANSI TP-PMD specification provides for the use of either unshielded twisted-pair or shielded twisted-pair cable. Consider the physical distance. This is one of the most widely used media types for connections to the desktop.

the IEEE Standards Board approved the gigabit Ethernet standard for 1000 Mbps over multimode fiber (MMF) and single-mode fiber. 100BASE-FX Media Type The 100BASE-FX (fast fiber-optic) media system uses pulses of light instead of electrical currents to send signals. Fiber also provides more security because the optical signal does not cause induction. and from the flow of current that can result from having different levels of electrical ground currents that can be found in separate buildings. The 1000BASE-X standard refers to two implementations of fiber-optic segment types: 1000BASE-SX and 1000BASE-LX. fiber-optic media is nonconductive. Revision A. 1000BASE-X Media Type In 1998. Gigabit Ethernet includes both full-duplex and half-duplex operating modes. 2-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Introducing LAN Media 100BASE-T4 Media Type The 100BASE-T4 media type operates over four pairs of wires.1 . This complete electrical isolation provides immunity from much larger electrical hazards. Gigabit Ethernet provides a raw bandwidth of 1000 Mbps and maintains full compatibility with the installed base of over 100 million Ethernet nodes. and two pairs are bidirectional (BI) data pairs. jumpers. Inc. and connecting hardware whenever possible because these higher-quality components and cables improve the reception of signals on the link. An advantage of the 100BASE-FX fiber-optic link segment is that it can span long distances. such as lightning strikes. The signaling system makes it possible to provide fast Ethernet signals (100 megaHertz (MHz)) over any existing standard voice-grade Category 3 or 4 unshielded twisted-pair cable that might be installed. All Rights Reserved. The 100BASE-T4 specifications recommend using Category 5 patch cables. While LAN equipment used in metallic media segments has protection circuits designed for typical indoor electrical hazards. Gigabit Ethernet is an extension of the successful 10-Mbps and 100-Mbps 802.3 standards. Sun Services. The use of fiber provides superior electrical isolation for equipment at each end of the fiber link. Complete electrical isolation is essential when using LAN segments to link separate buildings. One pair of wires transmits data (TX). one pair receives data (RX).

All Rights Reserved. Revision A. The 1000BASE-T system uses the previously defined standards 100BASE-TX.5-micron and 50-micron MMF cable 3000 meters over 9-micron single-mode fiber cable 1000BASE-CX Media Type The 1000BASE-CX media system is the shortest-haul copper specification because it uses high-quality shielded copper jumper cables to connect devices. and 100BASE-T4 for its signal methodology. Sun’s implementation of the 1000BASE-CX system specification supports the 25 meters over twin-axial cable. Sun’s implementation of the 1000BASE-SX system specification supports the following distances: q q 300 meters over 62.5-micron MMF cable 550 meters over 50-micron MMF cable 1000BASE-LX Media Type The 1000BASE-LX media system is the longest wavelength specification because it uses longwave lasers to transmit data over fiber-optic cable. Introducing LANs and Their Components Copyright 2005 Sun Microsystems. This standard is for gigabit Ethernet over four pairs of Category 5 unshielded twisted-pair (UTP) cable. Sun’s implementation of the 1000BASE-T system specification supports distances up to 100 meters over four pairs of Cat-5 UTP (using a complex encoding scheme). Sun’s implementation of the 1000BASE-SX system specification supports the following distances: q q 550 meters over 62. Inc.1 2-11 . for data transmissions of 1000 Mbps. 100BASE-T2. Sun Services. such as wiring closets. The 1000BASE-CX system uses connecting equipment in small areas. the IEEE Standards Board approved the standard for the 1000BASE-T media system.Introducing LAN Media 1000BASE-SX Media Type The 1000BASE-SX media system is the shortest wavelength specification because it uses short wavelength lasers to transmit data over fiber-optic cable. 1000BASE-T Media Type In 1999.

Hubs are typically used in small LANs in which network performance is not critical. Switches reduce the number of collisions on a network by replacing a single shared data path with multiple dedicated data paths. Repeaters Repeaters are devices that amplify and regenerate the data signal. Switches are high-bandwidth devices because multiple data paths can be established and used simultaneously.Introducing Network Devices Introducing Network Devices Networks consist of many different devices and device types. Collisions commonly occur on a bridged network because the collision domains often consist of more than one system. Switches Switches are multiport devices that control the logical dynamic connection and disconnection between any two cable segments. The hubs connect all the hosts in a twisted-pair Ethernet installation. Devices that are found on LANs range from printers to sophisticated switching devices. bit by bit.1 . Hubs Shared hubs are the central devices of a star topology network. Revision A. Bridges A bridge is a network-layer device that reads and interprets addresses for filtering or forwarding packets. All Rights Reserved. Inc. A repeater does not read or interpret the data. to extend the distance of the transmission. Bridges connect two or more network segments. 2-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services. Collisions commonly occur on a network implementing hubs because the collision domain consists of all systems connected to the hub.

Hub Hub 10BASE-T 10BASE-T Ethernet Switch 10BASE-T 100BASE-T Hub 10BASE-T 10BASE-T Hub Hub Figure 2-9 Ethernet Switches Introducing LANs and Their Components Copyright 2005 Sun Microsystems. All Rights Reserved. Interconnecting the hubs increases intranet transfer rates greatly and makes connections more economical. Sun Services. Inc. Revision A.1 2-13 . Because connecting multiple subnets to an intranet using a switch requires no protocol changes.Introducing Network Devices Figure 2-9 shows how you can use an Ethernet switch to interconnect shared hubs. the cost of a speed increase is minimized.

_____ _____ _____ VLAN topology 100BASE-TX b. Preparation Refer to the lecture notes as necessary to perform the tasks listed. The IEEE standard for 100-Mbps. Ethernet installation. f. c. 2-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. _____ Category 5 d. Inc. The central device through which all hosts connect in a single broadcast domain in a twisted-pair. answer the following questions: 1. Revision A. _____ _____ Switch Shared hub e. twisted-pair media. The multiport device that provides for the logical dynamic connection and disconnection between any two cable segments without operator intervention. Additionally. This topology uses a central device. All Rights Reserved. unshielded. each individual device can be configured to be in its own broadcast domain. from which signal-carrying cables extend to each individual device on this branch. Star topology a. twisted-pair media. Match the terms to their definition. The cabling standard for 100-Mbps. This topology uses a central device. you test your knowledge about common LAN terminology. Sun Services.Exercise: Reviewing LANs and Their Components Exercise: Reviewing LANs and Their Components In this exercise.1 . from which signal-carrying cables are connected to each individual device on a branch. Tasks To test your knowledge about common LAN terminology.

Exercise: Reviewing LANs and Their Components 2. b. Revision A.1 2-15 . b. d. All Rights Reserved. Inc. a. 3. Sun Services. Ring Star Bus Wing 10BASE-5 10BASE-2 100BASE-FX 10BASE-T 100BASE-T4 100BASE-TX Which specifications support a media speed of 100 Mbps? Introducing LANs and Their Components Copyright 2005 Sun Microsystems. c. e. Which are topologies found in LANs? a. d. c. f.

or discoveries you had during the lab exercise. Revision A.1 . Sun Services.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. All Rights Reserved. q q q q ! ? Experiences Interpretations Conclusions Applications 2-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc. issues.

f c Switch Shared hub e.1 2-17 . twisted-pair media. The cabling standard for 100-Mbps. Match the terms to their definition. Inc. Revision A. Ethernet installation. This topology uses a central device. a VLAN topology b. The IEEE standard for 100-Mbps. This topology uses a central device. The central device through which all hosts connect in a single broadcast domain in a twisted-pair. The multiport device that provides for the logical dynamic connection and disconnection between any two cable segments without operator intervention. e 100BASE-TX c. All Rights Reserved. Sun Services. Additionally. each individual device can be configured to be in its own broadcast domain. Introducing LANs and Their Components Copyright 2005 Sun Microsystems. from which signal-carrying cables extend to each individual device on this branch.Exercise Solutions Exercise Solutions Solutions to the exercise are as follows: 1. d Star topology a. twisted-pair media. f. unshielded. b Category 5 d. from which signal-carrying cables are connected to each individual device on a branch.

e. Ring Star Bus 100BASE-FX 100BASE-T4 100BASE-TX Which specifications support a media speed of 100 Mbps? 2-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. c. b.1 . Inc. Which are topologies found in LANs? a. 3.Exercise Solutions 2. Sun Services. Revision A. c. All Rights Reserved. f.

Upon completion of this module. Configuring the Network Interface Layer Introducing the TCP/IP Model Introducing LANs and Their Components Course Map Describing Ethernet Interfaces Describing ARP and RARP Figure 3-1 3-1 Copyright 2005 Sun Microsystems. Sun Services. Revision A. encapsulation. including addresses. frame fields. and errors. This module also describes the Ethernet frame.Module 3 Describing Ethernet Interfaces Objectives This module describes Ethernet’s Carrier Sense Multiple Access/Collision Detect (CSMA/CD) access method. Inc. you should be able to: q q q Describe Ethernet concepts Describe Ethernet frames Use network utilities The course map in Figure 3-1 shows how this module fits into the current instructional goal. All Rights Reserved. maximum transmission units (MTUs).1 . this module describes network utilities that assist in configuring and troubleshooting the system’s network interfaces. In addition.

The wait period is determined by using an exponential back-off algorithm. All Rights Reserved.1 . q q CSMA/CD Access Method Non-switched Ethernet uses a broadcast delivery mechanism in which each frame that is transmitted is heard by every station. 3-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Devices connect to the network and compete for access to a shared communications channel.Introducing Ethernet Concepts Introducing Ethernet Concepts Ethernet was designed as a packet-switching LAN over broadcast technology. Inc. each interface has an equal chance to transmit data (Multiple Access). Sun Services. connectors. Ethernet standards are implemented at the Network Interface layer of the TCP/IP protocol model. Major Ethernet Elements The three major elements of Ethernet networks are: q Ethernet packets. Revision A. The Ethernet access method. Both interfaces must wait a short period of time before they attempt to resend data.3 standard for Ethernet was defined in 1985. and circuitry – These transfer data to and from systems across the network. If two interfaces try to transmit data at the same time. called frames – These are units of data sent across the network. CSMA/CD is an arbitrary access method that provides a method to detect and recover from simultaneous transmissions. Hardware cables. During a gap between transmissions. CSMA/CD – This method controls packet transmission and information flow across the Ethernet hardware. Each interface monitors the network for a carrier signal (Carrier Sense). The IEEE 802. the transceiver circuitry detects a transmit collision (Collision Detection).

Revision A. Send the jam signal. Figure 3-2 Structure of CSMA/CD Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. Ethernet originally consisted of a single-wire.1 3-3 . All Rights Reserved. Carrier Sense Is there traffic on the network? Yes No The host sends a message. but Ethernet topologies use more advanced components that permit a higher transmission rate. Multiple Access The host has a message. bidirectional backbone. Sun Services. Wait. The theory of operation is still the same today.Introducing Ethernet Concepts Figure 3-2 shows how CSMA/CD accesses the network. The figure represents the CSMA/CD developed for the original Ethernet topology. Back off exponentially. Collision Detect Was there a collision? No Yes Success. Inc.

The more transmitting nodes there are on a network. such as the collision rate. To compute the collision rate. For example. The collision rate increases exponentially until there is almost no throughput of data. Full-duplex networking is more efficient than half-duplex networking. To display the current usage of the Ethernet interfaces. Half-duplex network mode is when a system can either send or receive data on a bidirectional network. assume that the netstat command reports 12 collisions and 1302 output packets. execute the netstat command with the -i option. and divide the product by the total number of output packets. All Rights Reserved.Introducing Ethernet Concepts Full-Duplex and Half-Duplex Mode Full-duplex network mode is when a system can send and receive data simultaneously on a bidirectional network. collisions occur frequently. The system cannot send and receive data simultaneously. Sun Services. Ethernet Statistics The netstat command provides statistics on network-related information. Collision rates indicate the number of collisions that occur on a network.0 percent collision rate 3-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. the greater the likelihood that collisions occur because of an increase in network traffic. for example: # netstat -i Name Mtu Net/Dest lo0 8232 loopback hme0 1500 sys11 # Address localhost sys11 Ipkts 52559 18973 Ierrs Opkts 0 52559 0 30292 Oerrs Collis Queue 0 0 0 0 0 0 Collision Rates Collisions occur when two or more systems attempt to transmit data on the network at the same time. Inc.1 . In a shared-media topology. Calculate the collision rate as follows: 100 * 12 / 1302 = 1. Revision A. Use collision rates to diagnose network performance problems that are caused by collisions on a network. multiply 100 by the number of collisions.

All Rights Reserved. are the first indication of network overload. q q Input and Output Errors If the netstat command reports large numbers (approximately 20–25 percent) of input or output errors on the network system. Revision A.Introducing Ethernet Concepts In general: q Collision rates higher than 5 percent on a 10-Mbps Ethernet network. hub. switch. Switches minimize collisions by limiting the collision domain to one system. or router A faulty interface Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. and 10 percent on a 100-Mbps Ethernet network. Sun Services. Technical experts use special electronic equipment to detect the elements that cause a collision and to provide a solution.1 3-5 . Inc. Faulty network cabling frequently causes collisions through electrical problems. you can attribute the problem to one of the following reasons: q q q q Duplicate IP addresses used on the same network A faulty cable A faulty port on a concentrator.

Sun assigns the last three octets to the products it manufactures to ensure that each node on an Ethernet network has a unique Ethernet address.org/regauth/oui/oui. The network interface drivers in Sun systems obtain the Ethernet address for the Ethernet interface from a system’s hardware. All Rights Reserved. By default. which include 08:00:20.ieee.txt q The IEEE specification enables the vendor to decide whether to use the host-based addressing approach or the port-based addressing approach. An Ethernet address is 48 bits long and is displayed as 12 hexadecimal digits (six groups of two digits) separated by colons. Sun has various Ethernet prefixes. and 00:03:ba. For systems configured to have more than one interface on the same physical subnet. An example of an Ethernet address is 08:00:20:1e:56:7d. The Ethernet specification describes how bits are encoded on the cable and how devices on the network detect the beginning and the end of a transmission. 00:00:be.Introducing Ethernet Frames Introducing Ethernet Frames An Ethernet frame is a single unit of data transported across the LAN. Revision A. Sun Services. 3-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 . either the NVRAM or the special board. IEEE designates the first three octets as vendor-specific. An Ethernet address is sometimes referred to as a media access control (MAC) address. The list of vendor specific Ethernet addresses can be found at: http://standards. while some large server systems obtain their address from a special board installed in the system. even though each Ethernet interface controller has a built-in Ethernet address. By default. you need a unique Ethernet address that is different from the primary host-based assigned Ethernet address. It is a series of bits with a well-defined beginning and a well-defined end. For example. desktop systems use the address in the nonvolatile random access memory (NVRAM) chip. Inc. Ethernet Addresses An Ethernet address is the device’s unique hardware address. all interface addresses on a system use just one Ethernet address. q The IEEE administers unique Ethernet addresses. Sun uses host-based addressing on its networks interface cards (NICs).

All Rights Reserved. Sun Services. Broadcast Addresses A device uses a broadcast address to send messages to all systems on the local Ethernet network.1 3-7 . it passes the address to the next layer for processing. The last three octets determine the specific multicast’s group identity. Revision A. The Ethernet broadcast address is represented in the form of all 1s in binary format and as ff:ff:ff:ff:ff:ff in hexadecimal format. Inc. In Ethernet multicast addressing. When the Network Interface layer receives an Ethernet frame with a destination address of all 1s. Multicast Addresses A system uses a multicast address to send a message to a subset of systems on the local Ethernet. Describing Ethernet Interfaces Copyright 2005 Sun Microsystems.Introducing Ethernet Frames Types of Ethernet Addresses There are three types of Ethernet addresses: unicast. the value of the first three octets determines if the address is multicast. and multicast. Unicast Addresses Unicast addresses are used for one-to-one communication. You can use a system’s unique Ethernet address as a unicast address. The system uses a unicast address to send a message to another system on the local Ethernet network. broadcast.

Sun network adapters have local Ethernet addresses encoded in their programmable read-only memories (PROMs).MULTICAST. often on the same subnet or collision domain.1 netmask ff000000 hme0: flags=1000843<UP. Sun Services. ok To display the Ethernet address assigned to each interface. execute the banner command at the ok prompt: ok banner Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 360MHz). 128 MB (50 ns) memory installed.MULTICAST.1 . To view the current. execute the ifconfig -a command: # ifconfig -a lo0: flags=1000849<UP.1.LOOPBACK.RUNNING.0. execute the following command: # eeprom local-mac-address? local-mac-address?=false # 3-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.255 ether 8:0:20:b9:72:23 # Set the local-mac-address? variable in the system’s electrically erasable programmable read-only memory (EEPROM) to true to enable the use of port-based Ethernet addresses.Introducing Ethernet Frames Setting a Local Ethernet Address In today’s network environments.0. Inc.BROADCAST.IPv4> mtu 8232 index 1 inet 127.1. No Keyboard OpenBoot 3.168. Revision A. All Rights Reserved. Serial #12153379.1 netmask ffffff00 broadcast 192. each interface on the same network or subnet on a multi-interface system must have a unique Ethernet address. Because an Ethernet address targets systems. many systems have multiple interfaces. To view the current value of the local-mac-address? variable in the EEPROM.168. Ethernet address 8:0:20:b9:72:23. Host ID: 80b97223.IPv4> mtu 1500 index 2 inet 192.19. host-based Ethernet address.RUNNING.

type the following command: # ifconfig hme0 ether a:0:20:f0:ac:61 # To verify a change in the Ethernet address.interface file.RUNNING.1 netmask ffffff00 broadcast 192.255 ether a:0:20:f0:ac:61 # This change of Ethernet address is effective until you reboot the system. host-based addresses.MULTICAST.168. type the following command: # eeprom local-mac-address?=true # You can also use the ifconfig ether command to configure port-based addressing.Introducing Ethernet Frames You can set the local-mac-address? variable to true by using the eeprom command. This enables network drivers to use their own port-based addresses after a reboot and not the system-default.1. modify the /etc/hostname. All Rights Reserved.168.1 3-9 . Sun Services. type the following command: # ifconfig hme0 hme0: flags=1000843<UP. and assigning a local unique number to the last three bytes. Inc. This might be necessary if the interface card cannot supply its own unique Ethernet address. To make the change persistent across reboots. Revision A. To make this change. To change the Ethernet address.1.IPv4> mtu 1500 index 2 inet 192.BROADCAST. You can change the interface Ethernet address of 8:0:20:b9:72:23 from an Ethernet address assigned globally to an address of 0a:0:20:f0:ac:61 assigned locally by changing the seventh bit to 1. Describing Ethernet Interfaces Copyright 2005 Sun Microsystems.

Inc. typically the Ethernet-II frame format is used. while in the 802. Revision A. Oc tet Loc atio n: 1-6 7-1 2 1314 15151 4 (M a Pre 64 am Bits ble .Introducing Ethernet Frames Ethernet-II Frame Analysis The Ethernet-II frame is a single unit of data transported through the LAN. the fourth field is a type field. In the TCP/IP environments.3 format. the fourth field is a frame length field. Sun Services.3) format. =@ @H 4 8 B its 5 =@ @H 48 Bits xim um ) Typ e 16 Bits (Ma xim Da ta um 150 0 Las t 4 Oc tets Byt es) CR 32 C Bits Figure 3-3 Ethernet-II Frame Note – There are two common Ethernet frame formats: the Ethernet-II format and the logical link control (802. 3-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. The primary difference between these formats is that in the Ethernet-II format. The Ethernet specification describes how bits are encoded on the network and how hosts on the network detect the beginning and the end of a transmission. All Rights Reserved. Figure 3-3 shows the Ethernet-II frame format. It is a series of bits with a definite beginning and a definite end.1 .

Sun Services. which consists of header information and data from the higher-level protocols. Revision A. The Ethernet address of the destination host. Table 3-1 shows a description of each frame field. The value is calculated based on frame contents by both the sending and the receiving hosts. ARP. If the two values are not equivalent. The type of data encapsulated in the Ethernet frame. RARP. The cyclic redundancy check (CRC) used for error detection. and IP version 6 (IPv6). All Rights Reserved. Interface synchronization helps the receiving network interfaces determine where the Ethernet frame begins. the frame is discarded. The data payload.Introducing Ethernet Frames The information in each frame is necessary to receive and transmit data. Table 3-1 Ethernet-II Frames Field Preamble Description The 64-bit Ethernet preamble field is used for synchronization and is composed of 1s and 0s. such as IP.1 3-11 . Inc. D addr S addr Type Data CRC Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. The Ethernet address of the source host.

Note – The Sun GigaSwift Ethernet adapters hardware implements jumbo frames. the MTU is 1500 bytes. Inc. to the host itself. For a physical Ethernet interface. Application Layer Application Data Transport Layer Transport Datagram Internet Layer Internet Datagram Network Interface Layer 1500-byte Payload Hardware Layer Figure 3-4 Transportation of Data Across an Ethernet Network 3-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved. or loops back.1 . The loopback interface is a pseudo device that communicates. Revision A. Figure 3-4 shows how application data is broken down according to the maximum frame size across the LAN. while the MTU is 8232 bytes for a loopback interface. The MTU is hardware specific. Sun Services.Introducing Ethernet Frames Maximum Transmission Units The maximum transmission unit (MTU) is the largest amount of data that can be transferred across a physical network. which support MTUs of up to 9194 bytes.

the packet is corrupted and discarded. These are often caused by faulty hardware or software on the sending system. A frame that is between 1518 bytes and 6000 bytes in length. Runts are usually caused by collisions. All Rights Reserved.1 3-13 . Jabbers Long Giant Bad CRC Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. Sun Services. Inc. Table 3-2 Error Conditions Error Runts Definition Packets that are less than 64 bytes. These indicate that a device has electrical problems. Frames that are greater than 1518 bytes. When a host receives a frame. including the header. is too long. A frame that is more than 6000 bytes long. These can be formed by poor wiring and electrical interference. including the header. are too long and are discarded. including the header. Table 3-2 shows some of these error conditions. is too long. the Ethernet interface performs integrity checking to verify Ethernet frame validity. including the header. are too short and are discarded. If the received packet fails the CRC.Introducing Ethernet Frames Ethernet Frame Errors Ethernet frames can be significantly damaged when they traverse a network. These are often caused by faulty hardware or software on the sending system. Revision A. This is also known as a frame check sequence (FCS) error.

1 . and Ethernet frame header information are not displayed.Using Network Utilities Using Network Utilities The Solaris 10 OS includes many different utilities to help you configure and troubleshoot the system’s network interfaces. Inc. sys12 ? Who is 192.168.2. The underlying RPC. Multiple lines of output display for every protocol header in the network packet. Alternatively. Only data that pertains to the highest-level protocol header is displayed. you can capture packets to a file as they are received. 3-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. sys13 ? Who is 192. The snoop utility displays packet data in one of three forms: q Summary – This is the output mode when the -v or -V options are not used on the command line.3. IP.1. To examine only broadcast frames on the hme0 interface in summary mode. type the following: # snoop -d hme0 broadcast Using device /dev/hme (promiscuous 192. Revision A.168. All Rights Reserved.1. use the -v option on the command line. UDP.1.168.12 -> (broadcast) ARP C sys12 -> (broadcast) ARP C sys12 -> (broadcast) ARP C # q mode) Who is 192. an NFS packet only displays NFS information.1. sys11 ? Verbose – To invoke the verbose option. decreasing packet loss under high-traffic conditions. Sun Services. You can use the snoop utility to display the contents of the file. For example.168.1. Using the snoop Utility The superuser can run the snoop utility to capture network packets and to display the packet contents on the screen.

168. sys12 -> sys11 ETHER Type=0800 (IP). Sun Services. sys11 ARP: q Verbose summary – A single line of output is displayed for every protocol or application contained within the packet.1. (broadcast) ETHER: Source = 8:0:20:90:b5:c7.1. TOS=0x0..1.ARP/RARP Frame ----ARP: ARP: Hardware type = 1 ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 1 (ARP Request) ARP: Sender's hardware address = 8:0:20:90:b5:c7 ARP: Sender's protocol address = 192. TOS=0x0. Inc.2 Using the /dev/hme device (promiscuous mode) .168. ID=48009. to examine packets by using verbose summary mode and by filtering the packets by IP address on the hme0 interface.1. All Rights Reserved. ID=45375. size = 98 bytes sys12 -> sys11 IP D=192. sys11 -> sys12 ETHER Type=0800 (IP). You can examine packets by using both verbose summary mode and by filtering the packets by IP address. type the following: # snoop -v -d hme0 broadcast Using device /dev/hme (promiscuous mode) ETHER: ----. size = 98 bytes sys11 -> sys12 IP D=192..2 LEN=84.168.1 LEN=84. TTL=255 sys12 -> sys11 ICMP Echo request (ID: 345 Sequence number: 0) . TTL=255 sys11 -> sys12 ICMP Echo reply (ID: 345 Sequence number: 0) # Describing Ethernet Interfaces Copyright 2005 Sun Microsystems.168. sys12 ARP: Target hardware address = ? ARP: Target protocol address = 192.1. perform the following command: # snoop -d hme0 -V 192.1 3-15 .1 S=192.01 ETHER: Packet size = 60 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff.Using Network Utilities To examine only broadcast packets on the hme0 interface in the verbose mode.168.Ether Header ----ETHER: ETHER: Packet 8 arrived at 13:18:44.2 S=192. Sun ETHER: Ethertype = 0806 (ARP) ETHER: ARP: ----..168. Revision A.168.1. The snoop utility only displays output when there is network traffic and the traffic matches the filter criteria.1.. For example.1.2.

00000 0. contin. and ip. a record counter displays the number of recorded packets. TTL=255 ICMP Echo request (ID: 346 Sequence number: 0) ETHER Type=0800 (IP). type the following command: # snoop -d qfe0 -o /tmp/snooper broadcast # While the snoop utility is capturing information. size = 98 bytes IP D=192.version 2 # To read this format. size = 98 bytes IP D=192. ack.1.00000 0. # file /tmp/snooper /tmp/snooper: snoop capture file .. 2 # 3-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services.. The information in the file that is captured by the snoop utility is in a data-compressed format.1.2 S=192.. 2 2 2 # 0. type the following command: # snoop -i /tmp/snooper -V .1.00000 0.168. # snoop -i /tmp/snooper -V | egrep -iv 'nfs|ack|contin|ftp|ip' .1.. ID=45376. TOS=0x0.168. 1 1 1 .00010 sys12 -> sys11 sys11 -> sys12 ICMP Echo request (ID: 346 Sequence number: 0) ICMP Echo reply (ID: 346 Sequence number: 0) . Revision A. You finish the capture by typing a Control+C key sequence.00010 0. 1 0..168.1 .00000 0..1 LEN=84.. type the following command: # snoop -d hme0 -o /tmp/snooper 192. Inc. ID=48010. pipe the output from the snoop -i command through the egrep command. All Rights Reserved.00010 0.1. and can only be read by executing the snoop -i command. the egrep -iv 'nfs|ack|contin|ftp|ip' command ignores case (-i) and prints all lines except (-v) lines that contain the patterns nfs.168. TOS=0x0.2 LEN=84.168.Using Network Utilities To capture this information to a file..00010 sys12 -> sys11 sys12 -> sys11 sys12 -> sys11 sys11 -> sys12 sys11 -> sys12 sys11 -> sys12 ETHER Type=0800 (IP).2 Using device /dev/hme (promiscuous mode) 2 <Control>-C # To capture broadcast traffic on the hme0 interface and store it in the /tmp/snooper file. TTL=255 ICMP Echo reply (ID: 346 Sequence number: 0) To filter out specific protocols or portions of the network trace. ftp.1 S=192. For example.

Output errors. Table 3-3 The netstat Output Field Descriptions Field Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue Description The name of the device (interface). Input errors. The number of collisions on this interface. Revision A. Inc. The number can be resolved to a name in the /etc/inet/networks file. The network number. use the netstat command with the -i option: # netstat -i Name lo0 hme0 # Mtu Net/Dest 8232 loopback 1500 sys11 Address localhost sys11 Ipkts 83505 21775 Ierrs Opkts 0 83505 0 53541 Oerrs Collis Queue 0 0 0 0 0 0 Table 3-3 shows the descriptions of the output fields from the netstat command.1 3-17 . To display the current usage of the Ethernet interfaces.Using Network Utilities Using the netstat Command The netstat command includes many options and is useful as a network troubleshooting tool. The number of packets that are waiting for transmission. Input packets. All Rights Reserved. The IP address for that interface. Sun Services. The MTU in bytes. Output packets. The address can be resolved to a name in the /etc/inet/hosts file. Describing Ethernet Interfaces Copyright 2005 Sun Microsystems.

IGMP: 123079 messages received .. All Rights Reserved.. IPv4 ipForwarding = 1 ..Using Network Utilities To display protocol-related statistics.. ... UDP udpInDatagrams = 45966 . Sun Services..... To list the parameters for the hme driver. ICMPv4 icmpInMsgs = 3719 ... # rawipInErrors = 0 udpInErrors tcpRtoMin ipDefaultTTL = = = 0 400 255 255 0 0 ipv6DefaultHopLimit = icmpInErrors icmp6InErrors = = Using the ndd Command You use the ndd command to examine and set many parameters associated with networking. TCP tcpRtoAlgorithm = 4 . Revision A... instance lance_mode ipg0 # (read (read (read (read (read (read only) only) only) only) only) and write) (read and write) (read and write) (read and write) 3-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.... use the netstat command with the -s option: # netstat -s <truncated output> RAWIP rawipInDatagrams = 298 . IPv6 ipv6Forwarding = 2 . ....1 .. ICMPv6 icmp6InMsgs = 0 .. Inc. perform the command: # ndd /dev/hme \? ? transceiver_inuse link_status link_speed link_mode ipg1 .

Revision A. use the following command: # ndd -set /dev/hme instance 0 # To view the current link speed of the hme0 interface. Sun Services.1 3-19 . To set the instance to 0. You can read the current parameter value or status information for the parameters that are marked with at least a read. use the ndd command to set the instance parameter first. and a value of 0 indicates that the hme0 interface is running at 10 Mbps. Using the ? parameter lists all parameters for the driver and indicates whether the parameter is read-only or read and write. type the command: # ndd /dev/hme link_speed 1 # The output of 1 indicates that the hme0 interface is currently running at 100 Mbps. For example. All Rights Reserved. Because multiple hme interfaces might exist. you may only change a value if it is marked as read and write. Inc. The instance parameter determines which hme interface is addressed by subsequent ndd commands. The ndd parameters are also available for other network devices and protocols. The following example shows how to use the ndd command to examine the value of the link_speed parameter for the hme0 interface. type the commands: # # # # ndd ndd ndd ndd /dev/arp \? /dev/ip \? /dev/icmp \? /dev/tcp \? Sun Microsystems does not currently provide extensive ndd parameter documentation. to see which parameters are available for other drivers. however. You can adjust most parameters accessible through the ndd command without rebooting the system. Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. except for network card configuration.Using Network Utilities The \ character prevents the shell from interpreting ? as a special character.

Sun might also change the names of parameters in future versions of the Solaris OS. Sun Microsystems does not encourage making parameter changes. 3-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. changing most driver parameters requires you to change the Solaris 10 OS configuration.sun. Sun Services. Because the Solaris 10 OS is preconfigured.Using Network Utilities There are several trade-offs involved in setting driver parameters. A good way to test parameter settings is by using the ndd command on the command line. All Rights Reserved. Inc.com. q Use the ndd command to set parameters that are valid until you reboot the system.1 . You can set device driver parameters in two ways: by using the ndd command or by creating a Service Management Facility (SMF) service. The default settings are suitable for most situations. Revision A. You can also create an SMF service. q Note – Information about setting ndd parameters in system startup scripts can be found in Chapter 4 of the Solaris Tunable Parameters Reference Manual located at the Uniform Resource Locator (URL) http://docs. because adjusting parameters can affect normal system operation.

Match the terms to their definition. e. All Rights Reserved. _____ Type field g. Revision A. Inc. MTU a.1 3-21 . _____ _____ _____ Encapsulation Packet Frame d.Exercise: Reviewing Ethernet Interfaces Exercise: Reviewing Ethernet Interfaces In this exercise. f. you review many Ethernet concepts. A general term that describes the unit of data sent across a packet-switching network The process of passing data from layer to layer in the protocol stack and adding header information to the data at each layer The field in the Ethernet frame that describes the type of data being carried in the frame An address format that reaches a specific host The field in an Ethernet frame used for synchronization purposes The maximum number of bytes that are contained in the payload section in a Network Interface layer frame The unit of data sent from the Ethernet interface to the Hardware layer _____ _____ Unicast b. Preparation Refer to the lecture notes as necessary to perform the tasks listed. Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. Sun Services. _____ Preamble c. Tasks Perform the following steps: 1.

Exercise: Reviewing Ethernet Interfaces 2. Sun Services. execute the snoop utility on the default interface to capture only broadcast frames. Which snoop option displays the size of the entire Ethernet frame in bytes on the summary line? ________________________________________________________ b. Which snoop option displays the most verbose output? ________________________________________________________ Which snoop option displays frames arriving on a non-primary interface? ________________________________________________________ 3. Does the rup command send broadcast frames? ________________________________________________________ Do you see the replies to the rup command? Why? ________________________________________________________ Open a terminal window. Which snoop option captures packets to a file instead of to standard output? ________________________________________________________ c. and what are their purposes? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 4. All Rights Reserved. d. a. # man snoop Look at the various modes and options for capturing and viewing frames available to you. Revision A. Let this command run for the next step. a. In one terminal window. and execute the netstat command to determine the name of your Ethernet interface.1 . 3-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. and type the command: 5. and type the rup command. b. Open another terminal window. log in to another host on your subnet. Using another terminal window. Inc. What are the names of the Ethernet interfaces on your system.

execute the rup command again. The results of the exercise vary. and restart the snoop utility in verbose mode. capturing only broadcast frames. and quit all instances of the snoop utility that you are running. options. Observe the format of the output from the snoop utility running in verbose mode. Note – While you might not understand everything that you see in this section of the exercise. Sun Services. 6. Log off of the remote host. Capture only broadcast frames. you should at least become familiar with the command syntax. 8. execute the rup command again.1 3-23 . Write the command that you use: _____________________________________________________________ 9. and output format of the ndd command. and execute the snoop utility in verbose summary mode. In the terminal window logged in to the remote host.Exercise: Reviewing Ethernet Interfaces Now you use different options of the snoop utility to provide different amounts of output. All Rights Reserved. Write the command that you use: _____________________________________________________________ 7. How do the two formats differ? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 10. Inc. Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. In the terminal window that is logged in to the remote host. Stop the snoop utility that is currently running. Revision A. depending on the type of network interface in the system. Stop the snoop utility.

Write the command that you use: _____________________________________________________________ 13. Inc.Exercise: Reviewing Ethernet Interfaces In this part of the exercise. you manipulate a specific interface on your system. Sun Services. use /dev/hme as the parameter. All Rights Reserved. For example. Use the ndd command to determine the value of the link_status parameter of the primary network interface on your system. Use the appropriate argument with the ndd command to make sure that any instance information retrieved is for the primary network interface.1 . A status of 1 indicates that the interface is up. Write the command that you use: _____________________________________________________________ Do you expect your command from Step 13 to work if you entered it at the command line as the root user? Why? ________________________________________________________ 3-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Write the command that you use: _____________________________________________________________ 12. Use the ndd command to determine the read and write attributes of ndd parameters for your interface driver. A status of 0 indicates that the interface is down. 11. Revision A. What command do you use to make the ndd command set your system’s link_status parameter to 0? _____________________________________________________________ 14. if your system’s interface is an hme0 interface.

1 3-25 . or discoveries that you had during the lab exercises. Revision A. q q q q ! ? Experiences Interpretations Conclusions Applications Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. All Rights Reserved.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss the experiences. Sun Services. Inc. issues.

All Rights Reserved. Sun Services. f Match the terms to their definition. f. Revision A. 2. c Type field g. e Preamble c. e. b a g Encapsulation Packet Frame d. and type the command: Look at the various modes and options for capturing and viewing frames available to you.Exercise Solutions Exercise Solutions Solutions to the exercise are as follows: 1. MTU a. Which snoop option displays the size of the entire Ethernet frame in bytes on the summary line? Which snoop option captures packets to a file instead of to standard output? -S b. -o filename 3-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. # man snoop Open a terminal window. A general term that describes the unit of data sent across a packet-switching network The process of passing data from layer to layer in the protocol stack and adding header information to the data at each layer The field in the Ethernet frame that describes the type of data being carried in the frame An address format that reaches a specific host The field in an Ethernet frame used for synchronization purposes The maximum number of bytes that are contained in the payload section in a Network Interface layer frame The unit of data sent from the Ethernet interface to the Hardware layer d Unicast b. a.1 . Inc.

In one terminal window. 8. All Rights Reserved. -v d. Observe the format of the output from the snoop utility running in the verbose mode.Exercise Solutions c. Open another terminal window. 4. Using another terminal window. depending on your system. Does the rup command send broadcast frames? Yes. Which snoop option displays frames arriving on a non-primary interface? Which snoop option displays the most verbose output? # netstat -i # snoop broadcast 5. Let this command run for the next step. # snoop -v broadcast 7. # snoop -V broadcast Describing Ethernet Interfaces Copyright 2005 Sun Microsystems. What are the names of the Ethernet interfaces on your system. capturing only broadcast frames. Now you use different options of the snoop utility to provide different amounts of output. Do you see the replies to the rup command? Why? No status replies are seen because the replies are sent to the host by using a unicast address. Stop the snoop utility. you will observe the rup utility sending remote status (RSTAT) requests. Revision A. execute the rup command again. the qfe0 interface. In the terminal window logged in to the remote host. and execute the snoop utility in verbose summary mode. b. and type the rup command. log in to another host on your subnet.1 3-27 . -d interface name 3. execute the snoop utility on the default interface to capture only broadcast frames. 6. a. The purpose of the network interface is to provide access to the LAN. Inc. or perhaps the eri0 interface. Sun Services. Capture only the broadcast frames. Stop the snoop utility that is currently running. and what are their purposes? The hme0 interface. and restart the snoop utility in the verbose mode. and execute the netstat command to determine the name of your Ethernet interface.

How do the two formats differ? The -v option executes the verbose mode. Use the appropriate argument of the ndd command to make sure that any instance information retrieved is for the primary network interface. and output format of the ndd command. options.Exercise Solutions 9. depending on the type of network interface in the system. It displays a single summary line for each protocol layer in the packet instead of displaying multiple lines from each layer of encapsulation. Inc. 10. Sun Services. The -V option executes the summary verbose mode. A status of 0 indicates that the interface is down. A status of 1 indicates that the interface is up. All Rights Reserved. Revision A. execute the rup command again.1 . # ndd -set /dev/hme instance 0 12. Note – While you might not understand everything that you see in this section of the exercise. The results of the exercise vary. In this part of the exercise. you should at least become familiar with the command syntax. Use the ndd command to determine the value of the link_status parameter of the primary network interface on your system. and quit all instances of the snoop utility that you are running. 11. It prints packet headers in great detail. Log off of the remote host. In the terminal window that is logged in to the remote host. you manipulate a specific interface on your system. This display consumes many lines per packet and should be used only on selected packets. This is halfway between the summary mode and verbose mode in degree of verbosity. # ndd /dev/hme link_status 3-28 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

For example. if your system’s interface is an hme0 interface. Use the ndd command to determine the read and write attributes of ndd parameters for your interface driver. Sun Services. use /dev/hme as the parameter. # ndd /dev/device_of_interest \? Do you expect your command from Step 13 to work if you entered it at the command line as the root user? Why? The command would fail because the link_status parameter is read only.1 3-29 . Revision A. What command do you use to make the ndd command set your system’s link_status parameter to 0? # ndd -set /dev/hme link_status 0 14. Inc.Exercise Solutions 13. All Rights Reserved. Describing Ethernet Interfaces Copyright 2005 Sun Microsystems.

.

you should be able to: q q Describe ARP Describe RARP The course map in Figure 4-1 shows how this module fits into the current instructional goal. and the /etc/inet/hosts and /etc/ethers databases. the in. All Rights Reserved. Inc. Additionally.Module 4 Describing ARP and RARP Objectives This module describes the Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP). Revision A. Upon completion of this module.rarpd RARP daemon. Sun Services.1 . this module describes the ARP table. Configuring the Network Interface Layer Introducing the TCP/IP Model Introducing LANs and Their Components Course Map Describing Ethernet Interfaces Describing ARP and RARP Figure 4-1 4-1 Copyright 2005 Sun Microsystems.

they need each other’s Ethernet addresses. TCP/IP Layers Application Layer Transport Layer Internet Layer ARP Network Interface Layer Hardware Layer Figure 4-2 ARP in the TCP/IP Model Data is encapsulated into an Ethernet frame before it is transmitted. Figure 4-3 shows the Ethernet frame.Introducing ARP Introducing ARP ARP is the method used to map a 32-bit IP address to a 48-bit Ethernet address. Inc. Figure 4-2 shows the location of the ARP function in the model. Purpose of ARP The ARP function occurs between the Internet and Network Interface layers of the TCP/IP model.1 . Revision A. 4-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. An Ethernet frame includes a destination Ethernet address. ARP supplies the destination Ethernet address information if the sending system does not already know the destination address. All Rights Reserved. Sun Services. Destination Ethernet Address Figure 4-3 Source Ethernet Address Type Data Cyclic Redundancy Check Ethernet Frame When two systems need to communicate.

an address resolution might be required on each network that the message traverses on the path to its final destination.1 sys11 1 192.168.2 sys12 Who is 192. All Rights Reserved.3 is 8:00:20:c0:78:73 Figure 4-4 Address Resolution Process 2 For example.3 sys13 192. The sys12 and sys13 systems recognize that the ARP request contains the IP address and the Ethernet address of the sys11 system.1.168. Sun Services. The broadcast is seen by the sys12 and sys13 systems.Introducing ARP Operation of ARP If the final destination (receiving system) of the message being sent is on the same LAN as the sending system. only one address resolution is required. If the final destination is on a different network.1. 3.168.3? 192. The sys11 system sends an ARP request to the local network by using the Ethernet broadcast address (ff:ff:ff:ff:ff:ff). Inc.1.1 4-3 .1. 192.168. and add this information to their ARP tables if it is not already present. assume that the sys11 system must communicate with the sys13 system: 1. This type of entry is known as an unsolicited entry because the information was not explicitly requested. Figure 4-4 shows a simplification of the address resolution process. Describing ARP and RARP Copyright 2005 Sun Microsystems.168. Revision A.1. The ARP request includes the IP address of the sys13 system. 2.

This table is read each time a destination Ethernet address is required to prepare an Ethernet frame for transmission. 5. The ARP table. Inc. If an Ethernet address does not appear in the ARP table. This value is stored in millisecond and translates to 5 minutes. This type of entry is a solicited entry because the sys11 system requested the information. Use the ndd /dev/ip ip_ire_arp_interval command to display the length of time that solicited ARP entries are cached. The ARP reply includes the Ethernet address of the sys13 system. an ARP request is sent to the local network. whereas unsolicited entries are a result of storing information learned about a host that was performing an ARP request on the local network. This value is stored in milliseconds and translates to 20 minutes.Introducing ARP 4. Revision A. Other hosts that see the ARP request also update their ARP table with the IP and Ethernet addresses of the requesting host. ARP Table ARP responses are stored in the ARP table so that the information is available if it is required again in the near future. held in memory. The sys11 system receives the ARP reply and stores the information about sys13 in its ARP table. The default value is 1200000.1 . All Rights Reserved. stores IP addresses and Ethernet addresses. The sys13 system identifies its own IP address in the ARP request and sends an ARP reply to the sys11 system. and it is sent using the unicast Ethernet address of the sys11 system (8:0:20:b9:72:23). The default value is 300000. Sun Services. 4-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Solicited entries are those for which an Ethernet address was asked specifically by a host. Use the ndd /dev/arp arp_cleanup_interval command to display the length of time that unsolicited ARP entries are cached.

All Rights Reserved. also known as the MAC or the Ethernet address. A system can be configured to publish (advertise) an ARP entry on behalf of systems that cannot respond to ARP requests. M is a mapped entry. P is a published entry. This is used for the 224.0. Sun Services.255. Revision A.0 # Mask --------------255.255.1 4-5 . This indicates whether the entry refers to a host or the multicast address range. U is an unresolved or incomplete entry.0 multicast entry only. This is the interface connected to the network on which this system resides.--------------08:00:20:c0:78:73 SP 08:00:20:b9:72:23 SM 01:00:5e:00:00:00 The fields displayed in the output from the arp -a command are shown in Table 4-1.255 255. For example.255. to examine all entries in the ARP table type the command: # arp -a Net to Media Table: IPv4 Device IP Address -----. q q Phys Addr The physical address for the entry. The IP address or host name of the system to which this entry applies.0.0.255 240. Incomplete entries contain an IP address only. The host mask value applied. Table 4-1 ARP Fields Field Device Description The network device (network interface) for this entry. Complete entries map an IP address to an Ethernet address. Inc. Describing ARP and RARP Copyright 2005 Sun Microsystems.0.0.255. Static entries do not time out. The status of the ARP entry: q q IP Address Mask Flags S is a static entry.0 Flags Phys Addr ----.0.Introducing ARP ARP Table Management The arp command displays and controls the ARP table entries that map IP addresses to Ethernet addresses.-------------------hme0 sys13 hme0 sys11 hme0 224.

Revision A.255 S 01:02:03:04:05:06 Populate an ARP table manually in situations in which the destination device cannot respond to ARP requests. All Rights Reserved.1.255. type the command: # arp -s 192. For example: # arp sys11 sys11 (192.1) at 8:0:20:b9:72:23 permanent published # The keyword permanent relates to the S flag.1.1 .168. Use a published ARP entry when you want a host to answer an ARP request on behalf of another host.168. Sun Services.1.99 # 255. This is a useful option for heterogeneous environments and for some SLIP or PPP configurations in which some hosts cannot respond to ARP requests for themselves. such as a system which is reached through a modem connection. For example.3) at 8:0:20:c0:78:73 # Information about any flags is also displayed. type the command: # arp hostname where hostname is the name of the host or its decimal-dot notated IP address. To add a published ARP table entry.Introducing ARP To examine a specific ARP table entry. execute the command: # arp -s hostname ethernet_address pub 4-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.168.168. For example: # arp sys13 sys13 (192. The keyword published refers to the P flag. To add a static (until reboot) ARP table entry.1. to add a host’s Ethernet address manually to the ARP table.99 1:2:3:4:5:6 Use the arp and grep commands to search for the new table entry: # arp -a | grep 99 hme0 192. type the command: # arp -s hostname ethernet_address The preceding command overrides the default time-to-live (TTL) value for ARP table entries by creating a static entry. Inc.255.

ARP/RARP Frame ----ARP: ARP: Hardware type = 1 Describing ARP and RARP Copyright 2005 Sun Microsystems. execute the command: # arp -d hostname where hostname is the name of the host or its decimal-dot notated IP address.168.99 192. Revision A.Ether Header ----ETHER: ETHER: Packet 1 arrived at 13:47:30.1 4-7 . to remove the static entry that was added. (broadcast) ETHER: Source = 8:0:20:b9:72:23. All Rights Reserved.00038 ETHER: Packet size = 42 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff. type the command: # arp -d 192. For example.99 (192.1. Sun Services. Sun ETHER: Ethertype = 0806 (ARP) ETHER: ARP: ----.Introducing ARP To add ARP table entries from a file. use the ping utility to contact another system on the network that is not listed currently in the system’s ARP table: # ping sys12 sys12 is alive # Observe the output from the snoop utility: Using device /dev/hme (promiscuous mode) ETHER: ----.99) deleted # To view the network traffic generated by an ARP request.168. execute the command: # arp -f filename Entries in the file can be in the following form: hostname ethernet_address [pub] To delete an ARP table entry.168.1. use the snoop utility: # snoop -v -d hme0 arp In a second window.1. Inc.

ARP/RARP Frame ----ARP: ARP: Hardware type = 1 ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 2 (ARP Reply) ARP: Sender’s hardware address = 8:0:20:90:b5:c7 ARP: Sender’s protocol address = 192.168.2.1. sys12 ETHER: ----.1. Sun ETHER: Ethertype = 0806 (ARP) ETHER: ARP: ----. sys11 ARP: <Control>-C# 4-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. sys11 Target hardware address = ? Target protocol address = 192.Ether Header ----ETHER: ETHER: Packet 2 arrived at 13:47:30. All Rights Reserved.1 . Inc.1. sys12 ARP: Target hardware address = 8:0:20:b9:72:23 ARP: Target protocol address = 192.2.168.00038 ETHER: Packet size = 60 bytes ETHER: Destination = 8:0:20:b9:72:23.168. Sun Services.1.Introducing ARP ARP: ARP: ARP: ARP: ARP: ARP: ARP: ARP: ARP: Protocol type = 0800 (IP) Length of hardware address = 6 bytes Length of protocol address = 4 bytes Opcode 1 (ARP Request) Sender’s hardware address = 8:0:20:b9:72:23 Sender’s protocol address = 192. Revision A.1. Sun ETHER: Source = 8:0:20:90:b5:c7.1.168.

(broadcast) ETHER: Source = 8:0:20:90:b5:c7.Ether Header ----ETHER: ETHER: Packet 1 arrived at 12:52:11. and that also has appropriately configured files or network naming service information. Each network boot file has a name that is based on the IP address of each client.00053 ETHER: Packet size = 64 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff. For example: # snoop -v -d hme0 rarp Using device /dev/hme (promiscuous mode) ETHER: ----. responds with the booting system’s IP address. each client uses RARP to obtain its IP address at boot time.Introducing RARP Introducing RARP RARP is the method used to map a 48-bit Ethernet address to a 32-bit IP address. Operation of RARP A system sends a RARP request to the Ethernet broadcast address when the system is booting and does not have any way to determine what its IP address will be without requesting the information over the network. To request the correct network boot file. Inc. Sun ETHER: Ethertype = 8035 (RARP) ETHER: ARP: ----.rarpd). All Rights Reserved. RARP operations include a request and a reply. Any system on the subnet running the RARP server daemon (in. The RARP request is reported as a REVARP request by the snoop utility. Revision A.ARP/RARP Frame ----ARP: ARP: Hardware type = 1 ARP: Protocol type = 0800 (IP) Describing ARP and RARP Copyright 2005 Sun Microsystems. Sun Services. Diskless clients and JumpStart™ software clients depend upon another host or server from which to retrieve a network boot file.1 4-9 . Purpose of RARP RARP is one of the protocols that a system can use when it needs to determine its IP address.

To force a system to perform a RARP boot.0.ARP/RARP Frame ----ARP: ARP: Hardware type = 1 ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 4 (REVARP Reply) ARP: Sender’s hardware address = 8:0:20:b9:72:23 ARP: Sender’s protocol address = 192. OLD-BROADCAST Target hardware address = 8:0:20:90:b5:c7 Target protocol address = ? <Control>-C# The RARP reply is reported as a REVARP reply by the snoop utility. Sun Services.2.168.0. All Rights Reserved. type the command: ok boot net:rarp 4-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Introducing RARP ARP: ARP: ARP: ARP: ARP: ARP: ARP: ARP: Length of hardware address = 6 bytes Length of protocol address = 4 bytes Opcode 3 (REVARP Request) Sender’s hardware address = 8:0:20:90:b5:c7 Sender’s protocol address = 0.1. the OpenBoot™ PROM is configured to use RARP as the network boot strategy.1. sys11 ARP: Target hardware address = 8:0:20:90:b5:c7 ARP: Target protocol address = 192.Ether Header ----ETHER: ETHER: Packet 1 arrived at 12:52:19. Sun ETHER: Source = 8:0:20:b9:72:23. Revision A.0.168. For example: # snoop -v -d hme0 rarp Using device /dev/hme (promiscuous mode) ETHER: ----. Inc.1 . Sun ETHER: Ethertype = 8035 (RARP) ETHER: ARP: ----. sys12 ARP: <Control>-C# By default.00053 ETHER: Packet size = 42 bytes ETHER: Destination = 8:0:20:90:b5:c7.1.

The /etc/ethers file contains the Ethernet address and corresponding host name for a system. the in.rarpd daemon queries the /etc/ethers file (or corresponding network-naming service database) for the host name of the system that is performing the RARP request. is specified in the /etc/nsswitch.Introducing RARP The in. The svc:/network/rarp SMF service enables the in. Note – Before the Solaris 10 OS. All Rights Reserved. Inc.rarpd RARP daemon was started by the /etc/rc3. The host name is resolved to an IP address by using the /etc/inet/hosts file (or corresponding network-naming service database) on the server.server start script if either the /tftpboot directory or the /rplboot directory existed. The /etc/ethers and the /etc/inet/hosts Databases The /etc/ethers and the /etc/inet/hosts files (or the corresponding network-naming service databases) support the Ethernet address-to-IP address relationship. The resulting IP address is returned to the system that made the RARP request. View the /etc/ethers file with any text viewer.d/S16boot.conf file.d/ S15nfs.rarpd RARP daemon. Revision A. The in.server start script. which is needed to respond to RARP requests.1 4-11 . the /etc/ethers file is created on boot servers only. Describing ARP and RARP Copyright 2005 Sun Microsystems. Before the Solaris 9 OS.rarpd RARP Daemon The in. for example: # cat /etc/ethers 8:0:20:c0:78:73 sys13 8:0:20:90:b5:c7 sys12 # Note – Usually. Sun Services. Whether the boot server uses the local /etc/ethers and /etc/inet/hosts files or the corresponding naming service database.rarpd RARP daemon must be running (as the root user) on systems that provide RARP responses to requests.rarpd RARP daemon was started by the /etc/rc3. the in.

in the space provided. You force systems to perform ARP requests. and you view the ARP transactions with the snoop utility. All Rights Reserved. any commands that you use during the exercise so that you can use this exercise as a reference after you have completed this course. Be sure to write.Exercise: Reviewing ARPs and RARPs Exercise: Reviewing ARPs and RARPs In this exercise.1 . Preparation Refer to the lecture notes as necessary to perform the tasks listed. Work with other students to make sure that you all can see the expected results in the next part of this exercise. you become more familiar with the ARP table and the arp command. Revision A. Sun Services. Inc. 4-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

In a terminal window. Revision A.Exercise: Reviewing ARPs and RARPs Tasks Perform the following steps: 1.x) and your host’s own entries. _____________________________________________________________ _____________________________________________________________ To communicate with another host. and check the contents of your ARP table for another host in your subnet that is not currently listed. display the current contents of the ARP table on your host.0. Use the ping command to communicate with a host that is not in your system’s ARP table. _____________________________________________________________ 4. start the snoop utility in verbose summary mode to filter out all but the broadcast frames.0. Use the arp command to delete all host entries except for the multicast entry (224. Observe the new ARP entry for the host with which your system just communicated. All Rights Reserved. ____________________________________________________________ 8. Sun Services. Issue the ping command to a host in your local network that is not currently in your ARP table. Examine the ARP table again. 2. Examine the output from the snoop utility. _____________________________________________________________ 3. ____________________________________________________________ 7.1 4-13 . _____________________________________________________________ 6. the system must first learn the Ethernet address of that host. _____________________________________________________________ 5. In another window. Inc. Open a terminal on your local host. Why did you receive this result? ____________________________________________________________ ____________________________________________________________ Describing ARP and RARP Copyright 2005 Sun Microsystems. _____________________________________________________________ Explain why the table contents contain the entries reported by the arp command.

Inc. Quit the snoop utility. Sun Services. Use the ping command.1 . ____________________________________________________________ 11. Revision A. d. and attempt to contact the host again. ____________________________________________________________ 15. Did you see the ARP request? _______________________________________________________ Why? _______________________________________________________ _______________________________________________________ _______________________________________________________ 16. Start the snoop utility in verbose summary mode to filter out all but the ARP frames. ____________________________________________________________ 10. ____________________________________________________________ 12. All Rights Reserved. Examine the output from the snoop utility. b. Examine the output from the snoop utility. c. b.Exercise: Reviewing ARPs and RARPs 9. Use the ping command. Stop the snoop utility. a. a. Delete the ARP table entry for the host that you previously used. Did you see the ARP request? _______________________________________________________ Why? _______________________________________________________ Did you see the ARP response? _______________________________________________________ Why? _______________________________________________________ _______________________________________________________ _______________________________________________________ 14. ____________________________________________________________ 4-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. ____________________________________________________________ 13. and attempt to contact the host again.

Revision A. issues. Sun Services.1 4-15 . All Rights Reserved. q q q q ! ? Experiences Interpretations Conclusions Applications Describing ARP and RARP Copyright 2005 Sun Microsystems. or discoveries you had during the lab exercise. Inc.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences.

# arp -a Net to Media Table: IPv4 Device IP Address -----.255.255 255.0 Flags Phys Addr ----.255 240.255.255.0. the system must first learn the Ethernet address of that host.-------------------hme0 sys13 hme0 sys12 hme0 sys11 hme0 224. Unsolicited entries generated by ARP requests from other hosts might also be present. To communicate with another host. All Rights Reserved.255 255.255.0. Observe the new ARP entry for the host with which your system just communicated. # ping sys12 sys12 is alive # 3.-------------------hme0 sys13 hme0 sys11 hme0 224.0. 2.0 # Mask --------------255.--------------08:00:20:c0:78:73 08:00:20:90:b5:c7 SP 08:00:20:b9:72:23 SM 01:00:5e:00:00:00 4-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0. published entries and multicast entries by default.--------------08:00:20:c0:78:73 SP 08:00:20:b9:72:23 SM 01:00:5e:00:00:00 Explain why the table contents contain the entries reported by the arp command.0.255. Sun Services.255.0 # Mask --------------255. Examine the ARP table again.255 240.255. Inc.255. Revision A.255.0.0. If the system has previously contacted another system on the LAN.255.0.0 Flags Phys Addr ----.1 . Issue the ping command to a host in your local network that is not currently in your ARP table.Exercise Solutions Exercise Solutions Solutions to the exercise are as follows: 1. # arp -a Net to Media Table: IPv4 Device IP Address -----. In a terminal window. Locally configured interfaces have their own static. display the current contents of the ARP table on your host.255 255. an entry is present.

3) deleted 5.0 240.Exercise Solutions 4. The snoop utility is filtering on broadcasts. # ping sys12 sys12 is alive # 8.255.255 SP 08:00:20:b9:72:23 224.255.0. Why did you receive this result? The following is observed in the terminal running the snoop utility: ________________________________ sys11 -> (broadcast) ETHER Type=0806 (ARP). Open a terminal on your local host.168. resulting in the broadcast requests that are observed in the snoop utility’s output. Inc. which explains why the ARP reply and the ICMP traffic were not observed.1 4-17 . Revision A. and check the contents of your ARP table for another host in your subnet that is not currently listed.0. -d sys12 (192.----.0. All Rights Reserved.1.2) deleted -d sys13 (192.0 SM 01:00:5e:00:00:00 7. Describing ARP and RARP Copyright 2005 Sun Microsystems. Recall that ARP replies are unicasts.x) and your host’s own entries.168.168.0. start the snoop utility in verbose summary mode to filter out all but the broadcast frames. In another window. sys12 ? An address resolution was required because the host did not have the destination host address information in its ARP table. Use the ping command to communicate with a host that is not in your system’s ARP table. # snoop -V broadcast Using device /dev/hme (promiscuous mode) 6.0. size = 42 bytes sys11 -> (broadcast) ARP C Who is 192. # arp sys12 # arp sys13 # Use the arp command to delete all host entries except for the multicast entry (224.--------------sys11 255.1. Examine the output from the snoop utility. Sun Services.1.--------------. # arp -a Net to Device -----hme0 hme0 # Media Table: IPv4 IP Address Mask Flags Phys Addr -------------------.0.2.

sys12 is 8:0:20:90:b5:c7 Stop the snoop utility. Start the snoop utility in verbose summary mode to filter out all but the ARP frames. ________________________________ sys11 -> (broadcast) ETHER sys11 -> (broadcast) ARP C ________________________________ sys13 -> sys11 ETHER sys13 -> sys11 ARP R a. size = 60 bytes 192. Did you see the ARP request? 4-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A.1. All Rights Reserved. Why? The snoop utility is filtering out all but ARP packets. Delete the ARP table entry for the host that you previously used. Examine the output from the snoop utility. Use the ping command. Why? The snoop utility is filtering out all but the ARP packets. # ping sys12 sys12 is alive # 13. size = 42 bytes Who is 192.168. sys12 ? Type=0806 (ARP). # snoop -V arp Using device /dev/hme (promiscuous mode) 11. c.Exercise Solutions 9. Yes.168.2. and attempt to contact the host again.1. d.2) deleted # 12. 14. Use the ping command.1 . Did you see the ARP response? Yes.1. The ARP responses are unicast but are still ARP packets. # ping sys12 sys12 is alive # Type=0806 (ARP). Press the Control+C key sequence to stop the snoop utility. # arp -d sys12 sys12 (192. b.168. Sun Services. Control-C# 10.2. Inc. and attempt to contact the host again.

Quit the snoop utility. No output is seen from the snoop utility.1 4-19 . which explains why you did not see any ARP traffic resulting from the ping command. Did you see the ARP request? No. an ARP request was unnecessary. b. a. Press the Control+C key sequence. Control-C# Describing ARP and RARP Copyright 2005 Sun Microsystems. 16. Sun Services.Exercise Solutions 15. The snoop utility filters out all but ARP packets. therefore. Revision A. All Rights Reserved. Examine the output from the snoop utility. Why? The system resolved the destination Ethernet address by using its local ARP table. Inc.

.

Upon completion of this module. Sun Services. This module also describes subnetting and the variable length subnet mask (VLSM). the IP datagram. including the purpose of IP.1 . and IP address types. All Rights Reserved. Inc. this module explains the purpose of interface configuration files and describes how to configure logical interfaces. Additionally.Module 5 Configuring IP Objectives This module describes the features of IP. you should be able to: q q q q q q Describe the Internet layer protocols Describe the IP datagram Describe the IP address types Describe subnetting and VLSMs Describe the interface configuration files Administer logical interfaces 5-1 Copyright 2005 Sun Microsystems. Revision A.

Sun Services. All Rights Reserved.1 . Configuring the Network Configuring IP Network Multipathing Configuring IP Configuring Routing Configuring IPv6 Describing the Transport Layer Figure 5-1 Course Map 5-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A.Objectives The course map in Figure 5-1 shows how this module fits into the current instructional goal. Inc.

MULTICAST. Internet Protocol version 4 (IPv4) specifies that fragmentation occur at each router. IP provides: q q Connectionless delivery of datagrams on the network Fragmentation and reassembly of data to accommodate data links that implement different sizes of MTUs A companion protocol for IP.168.BROADCAST.Introducing the Internet Layer Protocols Introducing the Internet Layer Protocols IP is implemented at the Internet layer and is documented in RFC 791. fragments are created as units of data that are broken into smaller units for transmission. based on the MTU of the interface through which the IP datagrams must pass. destination unreachable. Revision A. The upper limit on the amount of data in the Ethernet frame is defined by the MTU of the Network Interface layer. Inc. Message types that are sent include echo request. To view the MTU of an interface. redirect. All Rights Reserved.1 netmask ff000000 hme0: flags=1000843<UP. type the ifconfig -a command: # ifconfig -a lo0: flags=1000849<UP. enables systems to send control or error messages to other systems.0.1 5-3 .LOOPBACK. If the amount of application data is larger than the MTU.IPv4> mtu 8232 index 1 inet 127. echo reply. Purpose of IP IP is provided by a loadable kernel module and has two main functions. Application data must fit in the data portion of an Ethernet frame. ICMP.IPv4> mtu 1500 index 2 inet 192.RUNNING.168.RUNNING.0.1.1.1 netmask ffffff00 broadcast 192. and time exceeded. router solicitation.255 ether 8:0:20:b9:72:23 # Configuring IP Copyright 2005 Sun Microsystems. router advertisement.MULTICAST. Sun Services. These messages provide a communication mechanism between the IP layer on one system and the IP layer on another system.

All Rights Reserved. ICMP messages are defined in RFC 792. ICMP Message Types Some common ICMP message types include: q q q q q q Echo request and reply Destination unreachable Router advertisement Router solicitation Redirect Time exceeded Note – To obtain supported ICMP message type information. The ICMP header appears after the IP header and varies depending on the type of ICMP message.h file. 2 0 1 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Type Code Unused Checksum Figure 5-2 ICMP Destination Unreachable Header Template Format 5-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 . use this error messaging feature as a diagnostic tool.Introducing the Internet Layer Protocols Purpose of ICMP ICMP enables IP on one system to send control and error messages to IP on other systems. Inc. Sun Services. Figure 5-2 shows an ICMP header when the destination is unreachable. view the /usr/include/netinet/ip_icmp. such as Network is unreachable. This communication can include a control message. such as the traceroute command. or an error message. Network administrators and system utilities. such as a routing redirect. Revision A. For example.

Inc. 0 2 1 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Type Code Gateway Internet Address Checksum Figure 5-3 ICMP Redirect Message Header Template Format Figure 5-4 shows an ICMP header for an echo request or echo reply message. Sun Services. Revision A.1 5-5 . All Rights Reserved. 0 2 1 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Type Identifier Code Checksum Sequence Number Figure 5-4 ICMP Echo Request or Echo Reply Message Header Template Format Configuring IP Copyright 2005 Sun Microsystems.Introducing the Internet Layer Protocols Figure 5-3 shows an ICMP header for a redirect message.

The header also contains information about which protocol will receive data from IP. All Rights Reserved. Sun Services. These protocols are UDP.1 . Inc. " *EJI Versio n Heade Lengt r h Datag Time t o " *EJI " *EJI Type o Servic f e entifie r " *EJI " *EJI " *EJI Datag ram L ram Id " *EJI ength ent Of fset " *EJI Live Flags ol e IP A Protoc Fragm Check Sourc Destin IP Op tions a sum ddres s ation I P Add ress uired nd Pa dding If Req Figure 5-5 IPv4 Datagram Header Fields 5-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. IP Datagram Header Fields Figure 5-5 shows the IPv4 datagram header fields. Revision A.Introducing the IP Datagram Introducing the IP Datagram IP datagrams are the basic units of information that are passed across a TCP/IP network. such as the source IP address and the destination IP address. The TTL field determines how many routers or hosts can process a datagram before the datagram must be discarded. The datagram header contains information. TCP. and ICMP.

Introducing the IP Datagram The fields in the datagram header are described in Table 5-1. The value assigned by the sender to make reassembly of fragments possible for the receiving system. if required. Inc.1 5-7 . These flags define whether the datagram can be fragmented and whether the datagram is part of a message that was fragmented. Table 5-1 IP Datagram Header Fields Field Version Header length Type of service Datagram length Datagram identifier Flags Description The version of the protocol. The header checksum used to verify that the header is not damaged. Fragment offset Time to live Protocol Checksum Source IP address Destination IP address IP options and padding Refer to RFC 791 for detailed information about the header fields. The maximum number of routers through which the datagram can pass. The Transport layer protocol to which the data in this datagram is delivered. The source system’s IPv4 address. The length of a datagram header. The location of the fragment in the overall set of application data. Information related to fragmentation. The length of the entire datagram. This value must be at least 20 bytes The specified quality of service. The destination system’s IPv4 address. Revision A. measured in bytes. All Rights Reserved. for example 4 (IPv4). Configuring IP Copyright 2005 Sun Microsystems. Optional information and padding. Sun Services.

5-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 .Introducing the IP Datagram IP Datagram Payload The IP datagram payload can contain any one of the following: a UDP datagram. a TCP segment. an ICMP message. Revision A. Sun Services. All Rights Reserved. Inc. or an Internet Group Management Protocol (IGMP) message.

There are three classes of unicast addresses: Class A.Introducing IP Address Types Introducing IP Address Types IPv4 addresses are 32 bits in length.1 5-9 .127 Figure 5-6 Example: 10. Each IPv4 address identifies a network and a unique interface on that network.0 –10. Unicast addresses are used when a system needs to communicate with another system.113 Class A Unicast Addresses If the first bit is 0.150. Figure 5-6 shows the beginning of the address in binary format.255. All Rights Reserved.255 for private networks. that bit and the next seven bits define the network number. Sun Services. Revision A.31). Class B. Unicast Addresses Unicast addresses identify a single interface on a network. and the remaining 24 bits define the host number.214 host addresses. 8-bit fields. These addresses are not routed in the Internet. In addition.1 is reserved for the loopback interface. This addressing scheme is called classful IPv4 addressing. 0 1 . and Class C.0.0.2.102. the 127. Class A Addresses Class A addresses are for very large networks and provide 16.255. Refer to RFC 1918 for additional details. This makes possible up to 128 Class A networks.0 address range cannot be used because 127. each represented by a decimal number between 0–255 (for example.777.0. Inc. or octets.0.182.0. The Internet Assigned Numbers Authority (IANA) has reserved the Class A network 10. They are normally represented as four dot-separated. 129. The value of the high-order bits (first three bits) determines which portion of the IPv4 address is the network number and which portion is the host number. Configuring IP Copyright 2005 Sun Microsystems.0.

13 Class C Unicast Addresses If the first three bits are 110.0. those three and the next 21 bits define the network number.16. Figure 5-7 shows the beginning of the address in binary format. These addresses are not routed in the Internet.255.152 Class C networks.255 Figure 5-8 0 .534 host addresses.0–192.255 for private networks. and the remaining eight bits define the host number.223 0 .191 0 .254.227. 110 192 . The IANA has reserved the Class C networks 192.Introducing IP Address Types Class B Addresses Class B addresses are for large networks and provide 65.0.31.0–172.150.1 .255. Sun Services.255 for private networks. All Rights Reserved.255 Figure 5-7 Example: 129. Revision A.255 Example: 192.168. Class C Addresses Class C addresses are for small-sized and medium-sized networks and provide 254 host addresses.9.168. Refer to RFC 1918 for additional details.097. 10 128 . These addresses are not routed in the Internet. Figure 5-8 shows the beginning of the address in binary format. 5-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. This makes possible 16.384 Class B networks. This makes possible up to 2.2 Class B Unicast Addresses If the first two bits are 10. Inc. those two bits and the next 14 bits define the network number. The IANA has reserved the Class B networks 172. Refer to RFC 1918 for additional details. and the remaining 16 bits define the host number.

Multicast Addresses Multicasting is a very efficient way to send large amounts of data to many systems at the same time.0. An IPv4 multicast address is a destination address for one or more hosts. Configuring IP Copyright 2005 Sun Microsystems.168.255 0 . while a Class A.255 Example: 224.255. or C address is an address for an individual host. All Rights Reserved.1 maps to 01:00:5e:00:00:01. 1110 224 . The IPv4 multicast address maps to an Ethernet multicast address so that the network interface listens for a multicast traffic. the default broadcast address is an address that has a host number of all ones when represented in binary. Revision A. The remaining 28 bits comprise a group identification number for a specific multicast group. Sun Services.1. A multicast address identifies interfaces that belong to a specific multicast group.Introducing IP Address Types Broadcast Addresses A broadcast address is the address that reaches all systems on a particular network.8 Figure 5-9 Multicasting If the first four bits are 1110.1 5-11 . An example of a broadcast address is 192.0. the address is a multicast address. Inc. which makes the first field an integer value between 224 and 239. Figure 5-9 shows the beginning of a multicast address in binary format.239 0 . an IPv4 multicast address of 224.255 0 . The low-order 23 bits of the IPv4 multicast address are placed into the low-order 23 bits of the Ethernet multicast address.0. You use the ifconfig command to configure an interface’s broadcast address. B. Packets that are sent to a multicast address are received by all interfaces that are associated with the multicast address.1. In the Solaris 10 OS. A broadcast means that data is sent to all of the hosts on the LAN. Therefore.

Subnetting You can divide a network into subnets to do the following: q Isolate network traffic within local subnets. therefore reducing contention for network bandwidth Secure or limit access to a subnet Enable localization of specific network protocols to a subnet Permit the association of a subnet with a specific geography or a department Enable administrative work to be broken into logical units q q q q Figure 5-10 shows the basic idea of subnetting. Each router interface must be on a unique network and must have a unique address. or subnets. All Rights Reserved. which is to divide the standard host number field into two parts: the subnet number and the host number on that subnet. Subnetting and VLSMs are two ways of dividing an assigned network address into multiple.1 . Sun Services. Revision A. Two-level Hierarchy Network Number Host Number Three-level Hierarchy Network Number Figure 5-10 Subnetting Subnet Number Host Number 5-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Assigning different IP addresses to different networks is required because of the IP addressing scheme required by routers.Introducing Subnetting and VLSM Introducing Subnetting and VLSM The Internet is composed of many routers that interconnect different networks. Inc. These smaller networks are referred to as subnetworks. smaller networks for use within an organization.

1 5-13 .255. For example.0. you need to be able to determine how much of the IP address represents the network and how much of the IP address represents the host number.0 There are standard netmasks for the three classes of unicast address. Each bit in the netmask is used to state whether the corresponding bit in the IP address forms part of the network number or the host number.240. A netmask is 32 bits in length. Revision A. The corresponding bit in the IP address is part of the host number. All Rights Reserved.0.255. The netmask for a Class C network is 255. Configuring IP Copyright 2005 Sun Microsystems. Netmasks are written by using the same decimal dot-separated notation that is used for IP addresses. The netmask for a Class A network is 255. Each IP address has a netmask associated with it. a netmask which has the first sixteen bits set to 1 and the last sixteen bits set to 0 is written: 255.255. Sun Services.0.0 A netmask which has the first twenty bits set to 1 and the last twelve bits set to 0 is written: 255. The bit values are associated with either the network number or the host number as follows: 1 0 The corresponding bit in the IP address is part of the network number. Inc.255.255.0.0.0.Introducing Subnetting and VLSM Netmasks An IP address contains both the network on which the Solaris OS is located and the host number on the network assigned to that system. The netmask for a Class B network is 255. The netmask is the mechanism by which this is determined.0. In a subnet environment.

) The power of 2 value determines how many extra 1s are required in the netmask. to create 8 separate networks you need three additional 1s in the netmask.255 172.32.224.255.223. this is 255. By using a different netmask.255 172.255.16. for example. you first need to know what power of 2 the number 8 is.534 hosts. This gives a single network of 65.16.127.0 172.16. it is possible to divide this single network in to more.96.0 172.16. Sun Services.255.0 172.255.255 172. each with 8190 hosts. you can do so by changing the netmask.168.31.168. Table 5-2 Netmask Network Addresses Network Number 172. eight smaller networks.255 172.0 172.16.Introducing Subnetting and VLSM For example. This netmask creates eight new.16. smaller networks. Revision A. (Netmasks always create a total number of networks that is a power of 2.63.255 5-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. To do this.0 172.64.191.255 172.128.0 172.1 . The default netmask value (in binary) is: 11111111 11111111 00000000 00000000 The additional 1s are placed in the netmask next to the existing 1s to give: 11111111 11111111 11100000 00000000 Written in decimal format. Inc.16.255 172.16. consider the Class B network 172. and the broadcast address is 172.159.255 172.0.0.95.168. The default netmask for this network is 255.0.0 Broadcast Address 172.0 172.0.192.16.160.224. smaller networks. The network numbers and broadcast addresses of the eight new networks are listed in Table 5-2.16.16. Because the number 8 is the number 2 to the power 3. If you choose to divide this single network into.0.255.16. All Rights Reserved.0.168.16.16.

For example: 11111111 11111111 11111111 11110000 Noncontiguous Netmasks Although RFC 950 recommends the use of contiguous subnet masks only. Inc. high-order bits (that is.1 5-15 . Revision A. the netmask consists of a sequences of 1s followed by a sequence of 0s). All Rights Reserved. RFC 950 recommends the use of contiguous subnet masks only. A contiguous subnet mask is one that uses only contiguous. Sun Services. It is possible to have netmasks in which the 1s and 0s are interleaved. but this is not recommended.Introducing Subnetting and VLSM Contiguous Netmasks Each bit in a netmask is independent of any other bit. nothing prevents the use of noncontiguous subnet masks. Configuring IP Copyright 2005 Sun Microsystems. For example: 11111111 11111111 11111111 01001010 Using noncontiguous subnet masks makes administration of the network more difficult and should be avoided if at all possible.

240. Inc.MULTICAST.0.255 ether 8:0:20:b9:72:23 # 5-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.255 ether 8:0:20:b9:72:23 # ifconfig hme0 down # ifconfig hme0 netmask 255. but it is possible to specify a netmask other than the default. The default behavior is to apply the appropriate class of netmask depending upon the address. Revision A. hexadecimal value preceded by 0x A + (plus) sign A name listed in the /etc/inet/networks file or equivalent naming service database For example: # ifconfig -a lo0: flags=1000849<UP.LOOPBACK. specified as: q q q q Dot-separated decimals A single.168.RUNNING.Introducing Subnetting and VLSM Configuring the Netmask A netmask is configured on each network interface when an IP address is assigned. Sun Services.MULTICAST.1.MULTICAST. When configuring an interface on the command line by using the ifconfig command.IPv4> mtu 8232 index 1 inet 127. use the netmask argument to set the netmask for an interface.LOOPBACK.RUNNING.MULTICAST.168. The netmask argument is followed by the netmask value.1 netmask ffffff00 broadcast 192.0.255.168.1 .0 # ifconfig hme0 up # ifconfig -a lo0: flags=1000849<UP.IPv4> mtu 8232 index 1 inet 127.1.1 netmask ff000000 hme0: flags=1000843<UP.RUNNING.RUNNING.1.0.BROADCAST.168.BROADCAST.IPv4> mtu 1500 index 2 inet 192.1 netmask ff000000 hme0: flags=1000843<UP.0. All Rights Reserved.1 netmask fffff000 broadcast 192.IPv4> mtu 1500 index 2 inet 192.1.

BROADCAST. Inc.MULTICAST.IPv4> mtu 1500 index 2 inet 192.255 ether 8:0:20:b9:72:23 # ifconfig hme0 down # ifconfig hme0 broadcast + # ifconfig hme0 up # ifconfig -a lo0: flags=1000849<UP.1 netmask fffff000 broadcast 192.RUNNING.168.1 5-17 .IPv4> mtu 1500 index 2 inet 192.0.15. the broadcast address must also be changed to reflect the new network.1 netmask ff000000 hme0: flags=1000843<UP. the ifconfig command can be supplied with a netmask as an argument.MULTICAST.1 netmask fffff000 broadcast 192.1.MULTICAST.RUNNING.LOOPBACK.Introducing Subnetting and VLSM The broadcast address for an interface is related to the netmask. The simplest way to do this is to use the broadcast + argument to the ifconfig command: # ifconfig -a lo0: flags=1000849<UP. or it can determine which netmask to use based upon system information.255 ether 8:0:20:b9:72:23 # The /etc/inet/netmasks File The svc:/network/physical SMF service configures the network interfaces at system boot.LOOPBACK.168.RUNNING.168.IPv4> mtu 8232 index 1 inet 127.0.BROADCAST.1 netmask ff000000 hme0: flags=1000843<UP.d/S30network.1.0. When configuring network interfaces.sh in the Solaris 9 OS while earlier releases were configured as part of the S30rootusr. the network interfaces were configured at boot time during the execution of the /etc/rcS.0. Note – Before the Solaris 10 OS. Revision A.168.IPv4> mtu 8232 index 1 inet 127. If the netmask is changed. Sun Services.sh script. This method uses the ifconfig command to configure the network interfaces. All Rights Reserved.RUNNING.MULTICAST.1. Configuring IP Copyright 2005 Sun Microsystems.

Each entry in the /etc/inet/netmasks file contains the netmask definition of a network number. All Rights Reserved. 5-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Introducing Subnetting and VLSM Netmasks for particular networks can be defined in the /etc/inet/netmasks file. The ifconfig command consults the /etc/inet/netmasks file (or equivalent naming-service database) if no netmask is specified as an argument. For every network that is subnetted. Revision A. Sun Services. The /etc/netmasks file is linked symbolically to the /etc/inet/netmasks file.1 . The /etc/inet/netmasks file enables the permanent assignment of a netmask. an individual line is entered into this file. Inc.

IPv4> mtu 1500 index 2 inet 192. Revision A.1.255.MULTICAST.RUNNING.1 netmask ff000000 hme0: flags=1000843<UP.LOOPBACK.168.255 ether 8:0:20:b9:72:23 # Configuring IP Copyright 2005 Sun Microsystems.0 255.15.IPv4> mtu 8232 index 1 inet 127.255 ether 8:0:20:b9:72:23 # ifconfig hme0 down # ifconfig hme0 netmask + broadcast + # ifconfig hme0 up # ifconfig -a lo0: flags=1000849<UP.Introducing Subnetting and VLSM For example: # cat /etc/inet/netmasks # # The netmasks file associates Internet Protocol (IP) address # masks with IP network numbers.255.168.1 netmask ff000000 hme0: flags=1000843<UP. # # network-number netmask # # The term network-number refers to a number obtained from the Internet Network # Information Center.32.1.0. Sun Services.IPv4> mtu 8232 index 1 inet 127.1.MULTICAST. # # Both the network-number and the netmasks are specified in # "decimal dot" notation.0 # 192.0 # The netmask value in the netmask file can be specified when configuring the network interface by using the + (plus) argument with the netmask argument: # ifconfig -a lo0: flags=1000849<UP.MULTICAST.168.MULTICAST.0 255.1.0.LOOPBACK.255. All Rights Reserved.0.RUNNING.1 5-19 .1 netmask ffffff00 broadcast 192.BROADCAST.168. Inc.0.255.BROADCAST.1 netmask fffff000 broadcast 192. e.0.RUNNING.RUNNING.g: # # 128.168.IPv4> mtu 1500 index 2 inet 192.

0 12.253. When an IP network is assigned more than one subnet mask.255. .32 12. Sun Services. 12.255.0 12.254.0 12.254. it is considered a network with VLSMs because the extended-network numbers have different lengths at each subnet level.0 12.0 12.0 12.0 12.3.3.3.254. Revision A.252. which can significantly reduce the amount of routing information at the backbone level within an organization’s routing domain.3.254.254.0 .1.3.0 12.0 . 12.2.254.0.0 12. Multiple subnet masks permit route aggregation. .1 .3. Figure 5-11 shows these additional subnet and host addresses.253.3. .254. All Rights Reserved.0.0. .224 Figure 5-11 Subnet Mask Addresses 5-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0 255.252.64 .0 12.6 OS.0 12.0 12.0 255. q An example of VLSM entries in the /etc/inet/netmasks file is: 12.3.0 12.3.2.255.255.0 12.0.0. .1.0. .3.Introducing Subnetting and VLSM VLSM RFC 950 specifies how an IP network could use subnet masks. 16-bit Subnet Mask 24-bit Subnet Mask 27-bit Subnet Mask 12.0.3.254. 12.255.224 Note – VLSM subnet masks’ syntax has been recognized since the Solaris 2.3.0.3.0. Inc.0.0. Two of the main advantages to assign more than one subnet mask to a given IP network number are: q Multiple subnet masks permit more efficient use of an organization’s assigned IP address space.3.192 12.3.0.0 255.

All Rights Reserved.255. a Class B subnet that is masked with 255.Introducing Subnetting and VLSM One of the major problems with supporting only a single subnet mask across a given network number is that once the mask is selected. Revision A. Inc. For example. Figure 5-12 shows the breakdown of the number of networks and the number of hosts as a result of a fixed subnet mask being applied to the address.0 yields additional subnet and host addresses.     1024 – Two Hosts Per Subnet 64 Subnets Figure 5-12 Breakdown of Hosts and Subnets Configuring IP Copyright 2005 Sun Microsystems. Sun Services.252. it locks the organization into a fixed number of fixed-sized subnets.1 5-21 .

Sun Services. The service assigns an IPv4 address on the local system for each IPv4 interface.1 .interface File The svc:/network/physical SMF service reads the /etc/hostname.interface file. This file is referenced when the /etc/nsswitch.interface file. Note – In the Solaris 9 OS. which is the name of the system. This file is also referenced at system startup when the interfaces are being configured. These files must contain at least one entry: the host name or the IPv4 address that is associated with the network interface. the S30rootusr. 5-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.conf file has the files keyword for host resolution. The /etc/hosts file is linked symbolically to the /etc/inet/hosts file.d/S30network. if the hme0 interface is the primary network interface for a system called sys11. Revision A.sh startup script reads the /etc/hostname. In earlier releases of Solaris. Additional interfaces can be configured by creating additional hostname. All Rights Reserved.interface file must exist on the local system for each interface to be configured.interface file. The /etc/inet/hosts File The /etc/inet/hosts file contains the IPv4 addresses and the host names of the interfaces on your system. At least one /etc/hostname. the /etc/rcS.hme0 and it contains at least one line. The /etc/hostname. Configuration files enable systems to automatically configure interfaces during the boot process.sh script reads the /etc/hostname. Inc.interface files manually. For example. sys11. the file is called /etc/hostname.Introducing the Interface Configuration Files Introducing the Interface Configuration Files System administrators often configure system interfaces from the command line so that the changes are made immediately without having to reboot the system. This configuration must be performed manually each time the system is restarted for any reason because changes made at the command line are not stored in configuration files.

1 sys11 loghost # In this example.0.1 5-23 .1 for the local host. This file establishes the canonical name for the system for applications. Inc. Every system on a TCP/IP network must use the IP address 127. For example. The /etc/nodename File The /etc/nodename file contains one entry: the host name of the local system. the following files must be edited to reflect the new host name: q q q The /etc/inet/hosts file The /etc/nodename file The /etc/hostname. Configuring IP Copyright 2005 Sun Microsystems.Introducing the Interface Configuration Files An example of an /etc/inet/hosts file is: # more /etc/inet/hosts # # Internet host table # 127.1 localhost 192.0.0. If a system requires a host name change. Editing these files is not required in the Solaris 10 OS. the /etc/nodename file contains the entry sys11.168.0. All Rights Reserved.0. Revision A. the IPv4 address 127.0.1. Sun Services. on system sys11. the reserved network address that supports interprocess communication by permitting the local system to send packets to itself.interface file Note – Versions of the Solaris OS before Solaris 10 OS required the /etc/net/*/hosts files to be edited when changing a system’s host name.1 is the loopback address.

including IP addresses that are in different IP classes. You can configure a single. Easier to back up and administer – Backup and maintenance can be done on one host instead of on several hosts. Inc. Sun Services. physical network interface to have many different IP addresses. All Rights Reserved. Example scenarios in which logical interfaces might be applied include: q q q Systems that use high-availability failover Web servers that require multiple web site URLs Servers that run several applications which must appear as separate systems Some advantages of logical interfaces are: q q Lower cost – You do not need to purchase additional Ethernet cards. The ndd command can be used to change this value up to a maximum of 8192. type the command: # ndd /dev/ip ip_addrs_per_if 256 # This represents the physical interface and a further 255 logical interfaces. This is one way in which a single system can appear to be multiple systems. Logical interfaces do not have to exist on the same subnet as the primary interface.1 . Introducing Logical Interfaces Each logical interface is assigned a unique IP address and a unique host name. 5-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. To view the number of logical addresses that can be configured.Administering Logical Interfaces Administering Logical Interfaces Logical interfaces are also referred to as virtual interfaces.

1 www. Web Server With One IP Address hme0 192.168.sys11.1. Sun Services.99 Figure 5-13 System Interfaces Configuring IP Copyright 2005 Sun Microsystems.1 www.1. q Physical network interfaces have names of the form: driver-name physical-unit-number For example: hme0 qfe3 Logical interfaces have names of the form: driver-name physical-unit-number:logical-unit-number For example: hme0:1 qfe3:1 Figure 5-13 shows how a system with one interface can appear as two different systems. Inc.com Web Server Configured With Multiple IP Addresses on a Single Ethernet Interface hme0 192.Administering Logical Interfaces Some disadvantages of logical interfaces are: q Heavy network load – Having many logical addresses tied to a specific Ethernet interface can cause a network performance bottleneck.com www. which can be a lengthy process when a large number of interfaces are configured. All Rights Reserved. Slower system start – Each logical interface must be configured on system boot.168. Revision A.168.com hme0:1 192.sys99.sys11.1 5-25 .1.

169.0.168. All Rights Reserved.MULTICAST.169.255 ether 8:0:20:b9:72:23 # To configure logical network interface 1 on the hme0 physical interface.1 netmask ffffff00 broadcast 192. the logical interface is assigned an IP address of 192.MULTICAST. Notice that the index number is unique for each physical interface.1.255.169.RUNNING. you can configure logical interfaces that are associated with the physical interface by using separate plumb or addif options to the ifconfig command. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.1.0.169. Inc. and is configured as up by the ifconfig command.1.169.1 netmask ff000000 hme0: flags=1000843<UP. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.BROADCAST.1 netmask ffffff00 broadcast 192.RUNNING.168.RUNNING.RUNNING. it has a default netmask of ffffff00 (255.1 up # To view the changes made to the interface. Sun Services.0).0. To view the current configuration of the interfaces on the system before adding a logical interface.1: # ifconfig hme0:1 plumb 192.1 netmask ffffff00 broadcast 192.1 . and it has a broadcast address of 192.RUNNING.255 # The hme0:1 interface is now configured.168.IPv4> mtu 1500 index 2 inet 192.1.BROADCAST.255 ether 8:0:20:b9:72:23 hme0:1: flags=1000843<UP.MULTICAST.1. In this example.168.1. use the ifconfig command. while logical interfaces use the physical interface’s index number. Revision A.1.1.LOOPBACK.MULTICAST.255.IPv4> mtu 8232 index 1 inet 127.IPv4> mtu 8232 index 1 inet 127.LOOPBACK.1. You can assign different values for the netmask and broadcast address if you choose to.Administering Logical Interfaces Configuring Logical Interfaces After a physical interface is plumbed (it has STREAMS set up for IP and is open).IPv4> mtu 1500 index 2 inet 192. 5-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.BROADCAST.1 netmask ff000000 hme0: flags=1000843<UP.MULTICAST.255.0.IPv4> mtu 1500 index 2 inet 192.

LOOPBACK. Inc.IPv4> mtu 8232 index 1 inet 127.1. use the following command: # ifconfig hme0 addif 192.55. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.168.1 netmask ffffff00 broadcast 192.MULTICAST. For example.0.1 5-27 .BROADCAST. to add the next logical interface with an IP address of 192.IPv4> mtu 1500 index 2 inet 192.168.168.RUNNING.1 up Then reboot the system to configure the logical interface.168.MULTICAST. The ifconfig command includes the addif option.RUNNING.IPv4> mtu 1500 index 2 inet 192.255 # The hme0:1 interface is added and is functional. Sun Services.55.1.1 up Created new logical interface hme0:2 # The same results can be achieved by editing the /etc/hostname. # init 6 # To view the changes made to the interface.55.255 ether 8:0:20:b9:72:23 hme0:1: flags=1000843<UP.hme0 file so that its contents are similar to the following: # cat /etc/hostname. which causes the command to use the next available logical interface.0.Administering Logical Interfaces The addif Option It can be tedious to increment the logical interface number each time you add logical interfaces.55. All Rights Reserved.BROADCAST.1 netmask ff000000 hme0: flags=1000843<UP. Configuring IP Copyright 2005 Sun Microsystems.MULTICAST.168.55.1 netmask ffffff00 broadcast 192.1. Revision A.hme0 sys11 up addif 192.168.RUNNING.168.

Sun Services.RUNNING. Use the down option before the unplumb option to make sure that the interface is shut down in the correct order and that no data is lost. For example.55.LOOPBACK.0. 5-28 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. to unconfigure the hme0:1 interface.IPv4> mtu 1500 index 2 inet 192. When you know the logical interface’s IP address.1 netmask ff000000 hme0: flags=1000843<UP.Administering Logical Interfaces Unconfiguring Logical Interfaces To unconfigure a logical interface.BROADCAST. Revision A. use the ifconfig command with the down and unplumb options.168. you will lose your connectivity to the system. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP. but you do not know to which logical interface the address is assigned.1 # Caution – If you are logged in remotely and are using this interface for your connection.0.168.1. For example.MULTICAST.IPv4> mtu 8232 index 1 inet 127.1 .MULTICAST.1.168. type the following: # ifconfig hme0:1 down unplumb # To verify that the interface is removed.255 ether 8:0:20:b9:72:23 # The hme0:1 interface is no longer available. All Rights Reserved.1 netmask ffffff00 broadcast 192. # ifconfig hme0 removeif 192. use the ifconfig command with the removeif option.RUNNING. Inc.

Sun Services.2.1. configure the hme0:1 interface to have an IP address of 172. For example.1. q q Configuring IP Copyright 2005 Sun Microsystems. Task Summary In this exercise.255.168. and the remaining 8 bits represent the host portion of the address.0.255. you define logical interfaces in two ways: by explicitly naming the logical interface and by using a command to automatically add the next available logical interface.1. and a broadcast address of 172. Revision A.18/24.18. All Rights Reserved. The /24 means that the first 24 bits of the address represent the network address.1 5-29 .2. Configure the interface to use a Class C broadcast address. Preparation Refer to the lecture notes as necessary to perform the tasks listed. a netmask of 255. Inc.Exercise: Reviewing IP Exercise: Reviewing IP In this exercise. if your hme0 interface has an address of 192. Define the RFC 1918-compliant address by replacing the 192.18.168 part of your system’s address with 172.255. you accomplish the following: q Use the ifconfig command to define and configure a hme0:1 interface on a different network to the hme0 interface.

Notice that the index for the new logical interface is the same as the physical interface and that no Ethernet address is listed under the new logical interface.18.0.19. then change it so that it begins with 172. Use the ifconfig command to view the system’s interface configuration before making any changes. so that you can easily restore your system to its original state if needed.1.255.0 and a broadcast address of 172. Also notice that the index for the new logical interface is the same as the physical interface and that no Ethernet address is listed under the new logical interface.1.2 in the previous step. Use the ifconfig command to configure the hme0:1 interface with the appropriate IP address and a netmask of 255. Revision A.Exercise: Reviewing IP Tasks Complete the following steps: 1. Sun Services. Be sure to use the appropriate command to cause the interface to function properly.255.1 . if your IP address begins with 192. Use the ifconfig command with the appropriate option to configure the next available logical interface with an IP address that is incremented by 1 in the second octet.18. Write the command that you use: _____________________________________________________________ 3. Write the command that you use: _____________________________________________________________ 5.2 for this interface. Write the command that you use: _____________________________________________________________ 2. Inc.1. All Rights Reserved.255. Configure a netmask of 255. For example if you used 172.168. View the configuration of the interfaces on the system. use 172. Write the command that you use: _____________________________________________________________ 5-30 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. View the configuration of the interfaces on the system. Write the command that you use: _____________________________________________________________ 4.255. For example.255.19. Notice that the next sequential logical interface was defined (hme0:2 in this example). Use the appropriate command to cause the interface to function properly.

Write the command that you use: _____________________________________________________________ 8. Write the command that you use: _____________________________________________________________ Configuring IP Copyright 2005 Sun Microsystems. Sun Services. View the configuration of the interfaces on the system.1 5-31 . Revision A.Exercise: Reviewing IP 6. Use the removeif option of the ifconfig command to remove the first logical interface that you defined. Write the command that you use: _____________________________________________________________ 7. View the configuration of the interfaces on the system. Use the appropriate command to specifically remove the second logical interface that you defined. Notice that the first logical interface is removed. Inc. Write the command that you use: _____________________________________________________________ 9. All Rights Reserved.

q q q q ! ? Experiences Interpretations Conclusions Applications 5-32 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. All Rights Reserved. issues.1 . Inc. Revision A. or discoveries you had during the lab exercise.

0.IPv4> mtu 1500 index 2 inet 192.18.RUNNING.255.VIRTUAL> mtu 8232 index 1 inet 127.168.1 netmask ff000000 hme0: flags=1000843<UP.18.255.1.255 ether 8:0:20:b9:72:23 # 2.BROADCAST.255 # Configuring IP Copyright 2005 Sun Microsystems. All Rights Reserved.18.255 ether 8:0:20:b9:72:23 hme0:1: flags=1000843<UP.IPv4. if your IP address begins with 192.RUNNING. Sun Services.MULTICAST.BROADCAST.2 netmask ffffff00 broadcast 172. # ifconfig hme0:1 plumb 172.1.18.MULTICAST.255.168.1.0.BROADCAST. Use the ifconfig command to configure the hme0:1 interface with the appropriate IP address and a netmask of 255.168.RUNNING.MULTICAST.LOOPBACK.0.255 up # 3.255.MULTICAST.1 netmask ff000000 hme0: flags=1000843<UP.1.168. # ifconfig -a lo0: flags=1000849<UP.IPv4> mtu 1500 index 2 inet 172.1. Notice that the index for the new logical interface is the same as the physical interface and that no Ethernet address is listed under the new logical interface.RUNNING.LOOPBACK.1. For example. View the configuration of the interfaces on the system. Use the appropriate command to cause the interface to function properly.0.0. then change it so that it begins with 172.VIRTUAL> mtu 8232 index 1 inet 127.1 netmask ffffff00 broadcast 192.1 netmask ffffff00 broadcast 192.1. Use the ifconfig command to view the system’s interface configuration before making any changes.1 5-33 .168.0 broadcast 172.IPv4. Inc.MULTICAST.RUNNING.IPv4> mtu 1500 index 2 inet 192.18. Revision A.1.Exercise Solutions Exercise Solutions Solutions to the exercise are as follows: 1. # ifconfig -a lo0: flags=1000849<UP.2 netmask 255. so that you can easily restore your system to its original state if needed.

255.1 netmask ff000000 hme0: flags=1000843<UP.2 netmask ffffff00 broadcast 172.LOOPBACK. use 172.IPv4> mtu 1500 index 2 inet 192.0 and a broadcast address of 172.0 broadcast 172.1.1.18.BROADCAST.1 netmask ff000000 hme0: flags=1000843<UP.1.1.19.IPv4> mtu 1500 index 2 inet 172.19.1.255 hme0:2: flags=1000843<UP.MULTICAST.18.2 # 7. Revision A.168.19.0.1.RUNNING. Be sure to use the appropriate command to cause the interface to function properly.MULTICAST.RUNNING.RUNNING. # ifconfig hme0 removeif 172.VIRTUAL> mtu 8232 index 1 inet 127.BROADCAST. View the configuration of the interfaces on the system.255 # 6.255. All Rights Reserved.RUNNING.MULTICAST.1.18.BROADCAST. # ifconfig hme0 addif 172.2 netmask ffffff00 broadcast 172.MULTICAST.IPv4> mtu 1500 index 2 inet 172.2 netmask 255.1.IPv4> mtu 1500 index 2 inet 172. View the configuration of the interfaces on the system.2 for this interface. Notice that the first logical interface is removed.2 in the previous step.19.MULTICAST.0.BROADCAST.0.255.1. For example if you used 172.168.255.168.1.1 .255 ether 8:0:20:b9:72:23 hme0:2: flags=1000843<UP.MULTICAST.1.RUNNING.IPv4> mtu 1500 index 2 inet 192. # ifconfig -a lo0: flags=1000849<UP.Exercise Solutions 4.168.VIRTUAL> mtu 8232 index 1 inet 127. Also notice that the index for the new logical interface is the same as the physical interface and that no Ethernet address is listed under the new logical interface.1.1.LOOPBACK. Sun Services.RUNNING.255 up Created new logical interface hme0:2 # 5.1. Configure a netmask of 255.2 netmask ffffff00 broadcast 192.MULTICAST.255 # 5-34 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.IPv4.0.19.255 ether 8:0:20:b9:72:23 hme0:1: flags=1000843<UP. # ifconfig -a lo0: flags=1000849<UP.255.2 netmask ffffff00 broadcast 192.IPv4. Use the ifconfig command with the appropriate option to configure the next available logical interface with an IP address that is incremented by 1 in the second octet.19.2 netmask ffffff00 broadcast 172.1. Notice that the next sequential logical interface was defined (hme0:2 in this example).1.BROADCAST. Inc.RUNNING. Use the removeif option of the ifconfig command to remove the first logical interface that you defined.18.19.19.

0. # Configuring IP Copyright 2005 Sun Microsystems.VIRTUAL> mtu 8232 index 1 inet 127.1 5-35 .2 netmask ffffff00 broadcast 192.BROADCAST. Sun Services.0.168.RUNNING.IPv4. Use the appropriate command to specifically remove the second logical interface that you defined.1 netmask ff000000 hme0: flags=1000843<UP.MULTICAST.Exercise Solutions 8.RUNNING.168.LOOPBACK. Revision A.1.1. # ifconfig -a lo0: flags=1000849<UP.255 ether 8:0:20:b9:72:23 View the configuration of the interfaces on the system. All Rights Reserved.IPv4> mtu 1500 index 2 inet 192. # ifconfig hme0:2 down unplumb # 9. Inc.MULTICAST.

.

Revision A. This module also describes the limitations of network interfaces. Inc. Configuring the Network Configuring IP Network Multipathing Configuring IP Configuring Routing Configuring IPv6 Describing the Transport Layer Figure 6-1 Course Map 6-1 Copyright 2005 Sun Microsystems. Upon completion of this module. configuration of IPMP on the command line and at system boot. you should be able to: q q Describe IP multipathing Implement IP multipathing The course map in Figure 6-1 shows how this module fits into the current instructional goal.Module 6 Configuring IP Network Multipathing Objectives This module describes how to configure IP Network Multipathing (IPMP). All Rights Reserved. and troubleshooting.1 . Sun Services. IPMP requirements.

which provides enhanced availability of network connections. Inc. even if the NIC that is in place does not fail. Figure 6-2 shows how a system can have multiple interfaces on the same LAN. Sun Services. If any one of these interfaces fail. the availability of network connectivity is important. Failure of any of these interfaces results in network failure.Increasing Network Availability Increasing Network Availability In today’s computing environments. current network connections through that interface will be migrated to another interface in the group automatically to maintain network connectivity. All Rights Reserved. The Solaris 10 OS includes the IPMP feature.1 . Revision A. IPMP enables multiple interfaces with different IP addresses on the same subnet to be grouped together. GBA GBA GBA GBA! Server Client Figure 6-2 IPMP Configuration 6-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Limitations of Network Interfaces Network interfaces are exposed to failure because they connect to network cables and hardware components in the form of switches or hubs.

IPMP has the following features: q It eliminates a single network adapter as a single point of failure in these cases: q q Network adapter failure Network link failure q It enables interfaces to fail over within approximately 10 seconds when using the default configuration. IPMP also provides increased throughput by spreading the outbound load across interfaces when multiple network adapters are connected to the same IP network. All Rights Reserved. the IP address fails over. Probe-based IPMP utilizes test addresses to monitor the health of interfaces. Link-based IPMP does not utilize test addresses. Instead. It can be configured for use with both IPv4 and IPv6. The network access changes automatically from the failed adapter to the new adapter. If a failure occurs in the network link and an alternate adapter is configured. It enables interfaces to be configured as standby interfaces. It can be configured by adjusting the parameters in the /etc/default/mpathd file. such as to the same Ethernet switch. providing uninterrupted access to the network.1 6-3 . Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. unless they are explicitly chosen by an application. q q q Probe-based IPMP Configurations Compared With Link-based IPMP Configurations There are two methods for configuring IPMP: probe-based and link-based. Revision A.Configuring IP Network Multipathing Configuring IP Network Multipathing IPMP is a product that is included with the Solaris 10 OS and provides enhanced network availability. Introducing IPMP IPMP enables the Solaris 10 OS to recover from network path failures. These types of interfaces are only used for failover and are not used for outbound load spreading. the interface kernel driver performs this function. Sun Services. Inc.

The default configuration for most Sun network adapters has all network interfaces on a system using the same MAC (Ethernet) address. IPMP requires that all interfaces in an IPMP group be connected to the same IP link.1 . You can configure IPMP with a single network interface to take advantage of network failure detection. Interfaces that are to be deployed as part of an IPMP configuration must belong to an IPMP group. you must change the system’s default configuration for MAC addresses to avoid a MAC address conflict. q An IPMP group name must be assigned to interfaces. The in. and notify the networking subsystem. q Multiple network adapter interfaces must be connected on each subnet. Use a meaningful name that does not include spaces when you choose a group name. To use the full benefit of IPMP.mpathd daemon uses the IPMP group names. All Rights Reserved. as a minimum. Therefore.Configuring IP Network Multipathing Probe-based IPMP Configuration Probe-based failure detection for IPMP uses test addresses to detect failures. 6-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc. Revision A. Probe-based IPMP Requirements The following items are required to configure probe-based IPMP on a system: q q The Solaris 8 10/00 OS. Unique MAC addresses must be configured on each network interface. Sun Services. Switched networks use MAC addresses when making decisions about where to send packets. make sure that two or more network interfaces are connected to the same subnet. Each IPMP group has an IPMP group name. must be installed. The IPMP group name is local to the system and is not used across the network.

000 milliseconds (10 seconds) in the /etc/default/mpathd file. Sun Services. the physical interface is considered failed. To detect the failure or repair of interfaces that belong to the IPMP group.0. either by addressing a default router on the local link or by using the all hosts multicast group (224. Adjust the failure detection time by editing the FAILURE_DETECTION_TIME variable from the default value of 10. to monitor the status of each individual interface. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. The IP address that is associated with the failed address is moved to a new logical interface associated with another physical interface in the same IPMP group. The in.1). Inc. q Additional hosts or devices must exist on the same subnet. The in. These addresses are deprecated at configuration time to make sure that they cannot be used as source addresses by other applications. Communications that were taking place continue to function as though the original interface is still working properly. When responses to the ICMP echo requests are not received and a specific time period has elapsed.mpathd daemon. If five consecutive probes do not receive replies. The test interfaces are used to send ICMP echo requests to targets on the local link. the interface is considered failed.mpathd daemon uses test addresses.mpathd daemon sends ICMP echo requests from the test addresses on the IPMP interfaces to targets connected to the local network. to test that the network link is functioning.Configuring IP Network Multipathing q A test address is assigned to an interface. The in. Revision A.0. which must be routable addresses. Interface Failure Detection and Repair Network interfaces on which IPMP is configured are monitored by the in. All Rights Reserved.mpathd daemon determines which targets to probe dynamically. the in.1 6-5 .mpathd daemon can detect both the failure and the repair of an interface by: q Sending ICMP echo requests and receiving ICMP echo replies through the interface Monitoring the internal IFF_RUNNING flag on the interface q An interface has failed if either of these two detection methods indicates a failure. An interface is considered repaired only if both methods report that the interface is operational and can send and receive packets through the interface. The test addresses are used to detect failure and recovery of an interface.

be sure to have at least one additional system on the network that can act as a target.168. the IPMP group should consist of interfaces that each reside on a different interface card. Sun Services.1) system. Configuring Probe-based IPMP by Using Configuration Files This example shows IPMP configuration on an existing configured hme0 interface and on an existing but unconfigured qfe1 interface on the sys11 (192. 6-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. When you configure IPMP. or you can work at the command line to avoid rebooting the system.168.1 .21.1. Revision A.Configuring IP Network Multipathing ICMP echo requests are still attempted through the failed NIC to detect if a physical interface is repaired.1.168. this is a group failure.168. The test addresses are: q q The 192. If no routers exist on the link.1.1. Default routers connected to the link are chosen as targets for probing.1.71 address for the qfe1 interface The data address for the hme0 interface remains as 192. Inc. The multipath group is called mpgrp-one. Note – To maximize the resistance of your configuration to failure. and no fail over is performed. arbitrary hosts on the link are chosen by sending a multicast packet to the all hosts multicast address. This approach minimizes the number of common components in a configuration. and the data address for the qfe1 interface is 192.51 address for the hme0 interface The 192.mpathd daemon flushes all of the current targets and attempts to discover new targets. All Rights Reserved.168. You cannot configure the targets because the in.mpathd daemon determines dynamically which targets to probe. You can configure IPMP by changing configuration files and rebooting. The in. If all the NICs or targets appear to fail at the same time.1.

View the interface configuration.Configuring IP Network Multipathing To configure probe-based IPMP. The following system meets the minimum requirements: # cat /etc/release Solaris 8 10/00 s28s_u2wos_11b SPARC Copyright 2000 Sun Microsystems.MULTICAST. You must know the state of the system if you need to restore it. Assembled 22 January 2005 # Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. 1. complete the following steps. All Rights Reserved. which are described in greater detail in the next sections.0.LOOPBACK. view the system’s interface configuration by executing the command: # ifconfig -a lo0: flags=1000849<UP. Assembled 31 August 2000 # The following system exceeds the minimum requirements: # cat /etc/release Solaris 10 3/05 s10_74L2a SPARC Copyright 2005 Sun Microsystems. Before making any changes to the system. 5. Verify the Solaris OS release. All Rights Reserved. All Rights Reserved.1 netmask ff000000 hme0: flags=1000843<UP.IPv4> mtu 8232 index 1 inet 127.168. Reboot the system. 4.168.255 ether 8:0:20:b9:72:23 # Verify the Solaris OS Release The /etc/release file contains information about the installed version of the Solaris OS. Inc.IPv4> mtu 1500 index 2 inet 192. Use is subject to license terms.1 netmask ffffff00 broadcast 192.1 6-7 . 2.1. Configure unique MAC addresses. 6. Inc. Sun Services.0.RUNNING.MULTICAST.BROADCAST.1.RUNNING. Define IP addresses. Revision A. 3. Configure the interfaces. Inc.

0. Use the eeprom command to change the local-mac-address? variable to true: # eeprom "local-mac-address?=true" # Verify that the local-mac-address? variable is set to true: # eeprom "local-mac-address?" local-mac-address?=true # Note – Depending on the combination of your system’s firmware and hardware architecture. This is indicated by the setting of the local-mac-address? variable to false. Define the IP Addresses Add the data and test IP addresses to the /etc/inet/hosts file for the sake of clarity.168. All Rights Reserved.1.71 sys11-test-qfe1 # # Data address for hme0 # Data address for qfe1 # Test address for hme0 # Test address for qfe1 6-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.168. After editing the /etc/inet/hosts file.168. use the eeprom command to view the contents of the system’s EEPROM: # eeprom "local-mac-address?" local-mac-address?=false # The preceding output indicates that the system is still in its default mode and uses the same MAC address for every interface.21 sys11-data-qfe1 192.1. Sun Services.1 .1 localhost 192. use the cat command to view the new information: # cat /etc/inet/hosts # # Internet host table 127.51 sys11-test-hme0 192.1 sys11 loghost # Modifications made for IPMP 192.1.1.Configuring IP Network Multipathing Configure Unique MAC Addresses To determine if unique MAC addresses are permitted.168.0. Inc. Revision A. you must either plumb an interface or reboot the system to enable unique MAC address assignment after changing the local-mac-address? variable.

hme0 and /etc/hostname. Marks the address as a non-failover address. Revision A. All Rights Reserved. Marks the interface as up. The output from the ifconfig -a command shows NOFAILOVER as one of the flags associated with this interface. Assigns the broadcast address.Configuring IP Network Multipathing Configure the Interfaces Multipath information is placed in the /etc/hostname. Sun Services. Inc. Looks up the netmask in the netmasks database.hme0 file.: Table 6-1 Interface Configuration Entries Entry sys11 netmask + broadcast + Purpose Assigns the address associated with the sys11 name.hme0 sys11 netmask + broadcast + group mpgrp-one up \ addif sys11-test-hme0 deprecated netmask + broadcast + -failover up # Table 6-1 describes the entries in the /etc/hostname. Modify the /etc/hostname. Creates the next unused logical interface.qfe1 files. The + (plus) indicates that the broadcast address should be calculated automatically from the IP address and netmask. Addresses that are marked in this way do not fail over when the network interface fails. Addresses that are marked as deprecated are not used as source addresses for outgoing packets unless either there are no other addresses available on this interface or the application is bound to this address explicitly. The output from the ifconfig -a command shows DEPRECATED as one of the flags associated with this interface. Marks the address as a deprecated address. Assigns mpgrp-one as the name for the IPMP group of which this interface is a member. group mpgrp-one up addif sys11-test-hme0 deprecated -failover Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. and assigns it the IP address associated with the sys11-test-hme0 name.hme0 file to contain contents similar to the following: # cat /etc/hostname.1 6-9 .

type the command touch /etc/notrouter. this is undesirable. rebooting it with two interfaces configured causes it to be configured as a router after the reboot. if your host does not act as a router currently. Revision A.qfe1 file with contents similar to the following: # cat /etc/hostname.1 .Configuring IP Network Multipathing Create the /etc/hostname. you had to disable the automatic configuration of the system as a router. For a system that runs IPMP and is connected to a single IP link. at this point in the procedure. Inc. Sun Services. For example. To prevent this. All Rights Reserved.qfe1 sys11-data-qfe1 netmask + broadcast + group mpgrp-one up \ addif sys11-test-qfe1 deprecated netmask + broadcast + -failover up # Cable the Interfaces You should ensure that all of the interfaces that are part of the IPMP configuration have cables connecting them to the same IP link. Reboot the System Reboot the system to enable IPMP: # init 6 6-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Note – In versions of the Solaris OS before the Solaris 10 OS.

Revision A.NOFAILOVER> mtu 1500 index 3 inet 192.MULTICAST.MULTICAST.0.Configuring IP Network Multipathing View the Interface Configuration To view the configuration of the interfaces when the system is booted.255 qfe1: flags=1000843<UP.BROADCAST.LOOPBACK.BROADCAST.mpathd daemon to ensure that communications are functioning as expected.1.255 This information includes the following: q q The interface’s index number is 2.VIRTUAL> mtu 8232 index 1 inet 127.1 netmask ffffff00 broadcast 192.168. the same as the physical interface.51 netmask ffffff00 broadcast 192.255 # Observe the additional information that is reported by the preceding ifconfig command for the hme0:1 interface: hme0:1: flags=9040843<UP.1.DEPRECATED.1.NOFAILOVER> mtu 1500 index 2 inet 192.mpathd daemon).1.BROADCAST.MULTICAST. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. q q The system remains available to users if either of the interfaces fails or becomes unusable for any reason.168.168.IPv4> mtu 1500 index 2 inet 192.IPv4.1.1. All Rights Reserved. Sun Services.21 netmask ffffff00 broadcast 192.168.168.MULTICAST.255 groupname mpgrp-one ether 8:0:20:ac:9b:21 qfe1:1: flags=9040843<UP.DEPRECATED.RUNNING.BROADCAST.71 netmask ffffff00 broadcast 192.1 6-11 .1 netmask ff000000 hme0: flags=1000843<UP. The RUNNING flag is also monitored by the in.0.1. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.IPv4.1.1.168.DEPRECATED.IPv4.51 netmask ffffff00 broadcast 192.RUNNING.168. The DEPRECATED and NOFAILOVER flags indicate that the interface is not to be used by any application (other than the in.RUNNING.RUNNING.NOFAILOVER> mtu 1500 index 2 inet 192.IPv4> mtu 1500 index 3 inet 192.MULTICAST.MULTICAST.RUNNING.BROADCAST.255 groupname mpgrp-one ether 8:0:20:b9:72:23 hme0:1: flags=9040843<UP. The hme0:1 interface’s MAC address is not shown because logical interfaces use the same MAC address as the physical interface. and the interface must not be failed if a communication failure occurs.1.168.168. Inc.IPv4.168.RUNNING.

This configuration is on the sys11 (192. Sun Services.1. but unconfigured. Configure unique MAC addresses. To configure IPMP. and the data address for the qfe1 interface is 192.168. The following steps demonstrate use of the ifconfig command to configure IPMP on the command line. Configure the hme0 interface as part of an IPMP group.1. qfe1 interface.1. Configure a test address for the qfe1 interface.71 address for the qfe1 interface The data address for the hme0 interface remains 192. Revision A.168. 5.168.168.1. This example shows configuring IPMP on an existing configured hme0 interface and on an existing. 2.1) system. 7. Although not shown in this section. 3. 8.1 . Inc.1. you can also use the ifconfig command to change and delete IPMP group memberships.Configuring IP Network Multipathing Configuring Probe-based IPMP on the Command Line A system can be configured for IPMP without being rebooted if the system’s EEPROM is already configured to support unique MAC addresses. which are described in greater detail in the next sections.1. 6. Configure the qfe1 interface as part of the same IPMP group. 1. where the IPMP group is called mpgrp-one. Verify the Solaris OS release. 4. where the test address is: q q The 192. Configure a test address for the hme0 interface.51 address for the hme0 interface The 192. View the interface configuration. Configure IP addresses.168. complete the following steps. All Rights Reserved. 6-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.21.

1 netmask ffffff00 broadcast 192. All Rights Reserved.1 6-13 .VIRTUAL> mtu 8232 index 1 inet 127.RUNNING. Inc.IPv4> mtu 1500 index 2 inet 192.1. Inc.1.MULTICAST.0.168.0. Before making any changes to the system. Assembled 22 January 2005 # Configure Unique MAC Addresses To determine if unique MAC addresses are permitted.168. view the system’s interface configuration by typing the command: # ifconfig -a lo0: flags=1000849<UP. Revision A.IPv4.MULTICAST.Configuring IP Network Multipathing You must know what state the system is in if you need to restore it. Sun Services. Assembled 31 August 2000 # The following system exceeds the minimum requirements: # cat /etc/release Solaris 10 3/05 s10_74L2a SPARC Copyright 2005 Sun Microsystems. Use is subject to license terms.LOOPBACK. The following system meets the minimum requirements: # cat /etc/release Solaris 8 10/00 s28s_u2wos_11b SPARC Copyright 2000 Sun Microsystems.RUNNING. Inc.255 ether 8:0:20:b9:72:23 # Verify the Solaris OS Release The /etc/release file contains information about the installed version of the Solaris OS. All Rights Reserved. All Rights Reserved.BROADCAST.1 netmask ff000000 hme0: flags=1000843<UP. use the eeprom command to view the contents of the EEPROM: # eeprom "local-mac-address?" local-mac-address?=false # Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.

Sun Services.1 localhost 192.168.1. Verify that the local-mac-address? variable is set to true: # eeprom "local-mac-address?" local-mac-address?=true # Configure the IP Addresses You can add the data and test IP addresses to the /etc/inet/hosts file for the sake of clarity. Use the eeprom command to change the EEPROM’s local-mac-address? variable to true.168.51 sys11-test-hme0 192. All Rights Reserved. you will have to either plumb the interface or reboot the system to enable unique MAC address assignment after changing the local-mac-address? variable.168.71 sys11-test-qfe1 # # Data address for hme0 # Data address for qfe1 # Test address for hme0 # Test address for qfe1 6-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Configuring IP Network Multipathing The preceding output indicates that the system is still in its default mode and uses the same MAC address for each interface.21 sys11-data-qfe1 192.1 sys11 loghost # Modifications made for IPMP 192. Inc.0.0. Type the command: # eeprom "local-mac-address?=true" # Note – Depending on the combination of your system’s firmware and hardware architecture.1.168.1 . use the cat command to view the new information: # cat /etc/inet/hosts # # Internet host table # 127. Revision A.1. This is indicated by the setting of the local-mac-address? variable to false. After editing the /etc/inet/hosts file.1.

BROADCAST.RUNNING.255.255 groupname mpgrp-one ether 8:0:20:b9:72:23 hme0:1: flags=9040843<UP.1.RUNNING. you configure a test address for the hme0 interface.0 # To view the changes to the interface.mpathd daemon recognizes it as a test address that must not fail over (-failover) and must not be used by the system for any application data transmission (deprecated).VIRTUAL> mtu 8232 index 1 inet 127.RUNNING.168.IPv4> mtu 1500 index 2 inet 192.168.MULTICAST.IPv4. mpgrp-one.1.IPv4> mtu 1500 index 2 inet 192. All Rights Reserved. You can assign an alias name to this address by using the /etc/inet/hosts file.51 netmask ffffff00 broadcast 192. Do not use this address for any purpose other than using it for the in.168.VIRTUAL> mtu 8232 index 1 inet 127.168.LOOPBACK.1.0.168. Type the command: # ifconfig hme0 addif 192.0. Sun Services.1.0.1 6-15 . of which the hme0 interface will be a member: # ifconfig hme0 group mpgrp-one To view the changes to the interface.255 # Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.1 netmask ffffff00 broadcast 192. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP. Revision A.MULTICAST.BROADCAST.1 netmask ff000000 hme0: flags=1000843<UP.LOOPBACK.mpathd daemon.NOFAILOVER> mtu 1500 index 2 inet 192. specify the name of the group.0.IPv4.BROADCAST.1.168. When you define the address. mark it so that the in.IPv4. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.MULTICAST.RUNNING.Configuring IP Network Multipathing Configure the hme0 Interface as Part of a Multipath Group To configure the hme0 interface as part of an IPMP group.1.51 deprecated netmask + \ broadcast + -failover up Created new logical interface hme0:1 Setting netmask of hme0:1 to 255.RUNNING.MULTICAST.MULTICAST.1 netmask ffffff00 broadcast 192.1.255 groupname mpgrp-one ether 8:0:20:b9:72:23 # Configure a Test Address for the hme0 Interface Next.255.168.DEPRECATED.1 netmask ff000000 hme0: flags=1000843<UP. Inc.

1 netmask ffffff00 broadcast 192. you configure the qfe1 interface and make it part of the same IPMP group as the hme0 interface. Revision A. The qfe1 interface’s MAC address is different from the hme0 interface’s MAC address.1.RUNNING.168. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.168.MULTICAST.BROADCAST.IPv4.1 .1.RUNNING.0 # ifconfig qfe1 group mpgrp-one up To view the changes to the interface.1.1.255 groupname mpgrp-one ether 8:0:20:ac:9b:21 # Observe the additional information that is reported by the preceding output of the ifconfig command.MULTICAST.168.IPv4> mtu 1500 index 3 inet 192.DEPRECATED.255 qfe1: flags=1000843<UP.0.BROADCAST.RUNNING.IPv4> mtu 1500 index 2 inet 192.NOFAILOVER> mtu 1500 index 2 inet 192.MULTICAST.21 netmask ffffff00 broadcast 192.MULTICAST.168.168.1 netmask ff000000 hme0: flags=1000843<UP.RUNNING. for the qfe1 interface: qfe1: flags=1000843<UP.MULTICAST.255 groupname mpgrp-one ether 8:0:20:b9:72:23 hme0:1: flags=9040843<UP.0.255 groupname mpgrp-one ether 8:0:20:ac:9b:21 This information includes the following: q The interface index number is incremented to 3 because a unique index number is assigned to each non-logical interface as it is configured.Configuring IP Network Multipathing Configure the qfe1 Interface as Part of the IPMP Group Now.21 netmask ffffff00 broadcast 192.1.1.IPv4> mtu 1500 index 3 inet 192.VIRTUAL> mtu 8232 index 1 inet 127.168. Since lo0 is 1 and hme0 is 2.168.1.255. qfe1 is assigned 3.RUNNING.IPv4.1.255. Sun Services.BROADCAST.BROADCAST. Inc.LOOPBACK. All Rights Reserved.168.51 netmask ffffff00 broadcast 192. q 6-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Type the commands: # ifconfig qfe1 plumb sys11-data-qfe1 netmask + broadcast + Setting netmask of qfe1 to 255. which is caused by changing the local-mac-address? variable in the system’s EEPROM.

BROADCAST. You can alias this address to a name by using the /etc/inet/hosts file.1 netmask ff000000 hme0: flags=1000843<UP.MULTICAST.168.21 netmask ffffff00 broadcast 192.BROADCAST.NOFAILOVER> mtu 1500 index 2 inet 192.VIRTUAL> mtu 8232 index 1 inet 127.255 groupname mpgrp-one ether 8:0:20:b9:72:23 hme0:1: flags=9040843<UP.RUNNING.IPv4.1.MULTICAST.RUNNING.RUNNING.BROADCAST.255 groupname mpgrp-one ether 8:0:20:ac:9b:21 qfe1:1: flags=9040843<UP.0.1.168.LOOPBACK. All Rights Reserved. Revision A.1. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.1. you configure a test address for the qfe1 interface.1.1.0 # To view the changes to the interface.255 qfe1: flags=1000843<UP.1.DEPRECATED.DEPRECATED.168.255.IPv4.mpathd daemon recognizes it as a test address that must not fail over (-failover) and must not be used by the system for any application data transmission (deprecated).IPv4.51 netmask ffffff00 broadcast 192. When you define the address.1.168.RUNNING.168.168. Sun Services.NOFAILOVER> mtu 1500 index 3 inet 192. Notice that the qfe1:1 interface MAC address is not shown because logical interfaces use the same MAC address as the physical interface that supports the logical interface.168.168. Type the command: # ifconfig qfe1 addif 192. Do not use this address for any purpose other than using it for the in.1.MULTICAST.71 deprecated netmask + \ broadcast + -failover up Created new logical interface qfe1:1 Setting netmask of qfe1:1 to 255.71 netmask ffffff00 broadcast 192. Inc. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.BROADCAST.MULTICAST. mark it so that the in.mpathd daemon.168.RUNNING.1 netmask ffffff00 broadcast 192. which is the same as the physical interface that supports this logical interface.255.Configuring IP Network Multipathing Configure a Test Address for the qfe1 Interface Now.0.1 6-17 .IPv4> mtu 1500 index 3 inet 192.MULTICAST.255 # The interface’s index number is 3.IPv4> mtu 1500 index 2 inet 192.

mpathd daemon starts. All Rights Reserved.1 .2 00/07/17 SMI" # # Time taken by mpathd to detect a NIC failure in ms.mpathd daemon automatically.d/S69inet start script.mpathd -a Note – Before the Solaris 10 OS.mpathd daemon is started by the svc:network/net-init SMF service: # grep in[.Configuring IP Network Multipathing Start the in. # FAILURE_DETECTION_TIME=10000 # # Failback is enabled by default.mpathd daemon will track all interfaces. If the TRACK_INTERFACES_ONLY_WITH_GROUPS variable is set to no. the in. the ifconfig command’s group option starts the in.mpathd Daemon to Monitor the Interfaces The starting of the in. Revision A. The in.mpathd >/dev/null 2>&1 || /usr/lib/inet/in. Sun Services.mpathd daemon was started during the execution of the /etc/rc2. The minimum time # that can be specified is 100 ms.mpathd daemon is controlled by the TRACK_INTERFACES_ONLY_WITH_GROUPS parameter in the /etc/default/mpathd file. 6-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. the in. Turn off this option to track all network interfaces # on the system # TRACK_INTERFACES_ONLY_WITH_GROUPS=yes # If the TRACK_INTERFACES_ONLY_WITH_GROUPS variable is set to yes. as soon as you use the ifconfig command with the group option in the command.]mpathd /lib/svc/method/net-init /usr/bin/pgrep -x -u 0 in. Inc. To disable failback turn off this opti on # FAILBACK=yes # # By default only interfaces configured as part of multipathing groups # are tracked. including those that are not part of an IPMP group. The contents of this file are: # cat /etc/default/mpathd # #pragma ident "@(#)mpathd.dfl 1. the in. That is.

1.168.1.DEPRECATED.MULTICAST.RUNNING.BROADCAST.1.BROADCAST.MULTICAST.RUNNING.mpathd # View the Interface Configuration Now that IPMP is completely configured.1.BROADCAST.IPv4> mtu 1500 index 3 inet 192. to view the configuration of the interfaces.1.1.1 netmask ff000000 hme0: flags=1000843<UP.168.168. the in.IPv4.0. All Rights Reserved.DEPRECATED.MULTICAST.MULTICAST.mpathd daemon can be started from the command line by running the command as the root user: # /sbin/in.NOFAILOVER> mtu 1500 index 3 inet 192.21 netmask ffffff00 broadcast 192.RUNNING.255 qfe1: flags=1000843<UP.255 groupname mpgrp-one ether 8:0:20:b9:72:23 hme0:1: flags=9040843<UP.0. Inc.168. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP. Revision A.1 netmask ffffff00 broadcast 192.IPv4.1.IPv4> mtu 1500 index 2 inet 192.RUNNING.VIRTUAL> mtu 8232 index 1 inet 127.RUNNING.NOFAILOVER> mtu 1500 index 2 inet 192.168.51 netmask ffffff00 broadcast 192.LOOPBACK. Sun Services.BROADCAST.Configuring IP Network Multipathing If necessary.168.255 groupname mpgrp-one ether 8:0:20:ac:9b:21 qfe1:1: flags=9040843<UP.168.1.MULTICAST.IPv4. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.71 netmask ffffff00 broadcast 192.1 6-19 .168.255 # The system remains available to users if either of the network interfaces fail or become unusable for any reason.

at a minimum. Inc. Sun Services. Link-based IPMP Requirements The following items are required to configure link-based IPMP on a system: q q Solaris 9 12/02 OS. Revision A.Configuring IP Network Multipathing Link-based IPMP Configuration Link-based failure detection for IPMP uses the network interface kernel driver to detect failures and notify the networking subsystem. Network interfaces must use any of the following drivers: q q q q q q q hme eri ce ge bge qfe dmfe q q Unique MAC addresses must be configured on each of the interfaces. must be installed. 6-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. An IPMP group name must be assigned to interfaces.1 . All Rights Reserved.

Reboot the system. Inc. To configure link-based IPMP.MULTICAST.168. 4.LOOPBACK. You must know the state of the system if you need to restore it.168.IPv4.255 ether 8:0:20:b9:72:23 # Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. 3.168. Sun Services.RUNNING. Configure unique MAC addresses. Configure the interfaces. Verify the Solaris OS release. but unconfigured. The multipath group is called ipmp-group0. 5.1.VIRTUAL> mtu 8232 index 1 inet 127.MULTICAST. complete the following steps. view the system’s interface configuration by executing the command: # ifconfig -a lo0: flags=1000849<UP.BROADCAST. 1. View the interface configuration.1.1.IPv4> mtu 1500 index 2 inet 192. 6. configured hme0 interface and on an existing.21.1 netmask ff000000 hme0: flags=1000843<UP.RUNNING. The data address for the hme0 interface remains 192.1.1 6-21 .1 netmask ffffff00 broadcast 192. 2. Revision A.1) system. and the data address for the hme1 interface is 192. All Rights Reserved. which are described in greater detail in the next sections.1. Define IP addresses.0.168.0. hme1 interface on the sys11 (192.168. Before making any changes to the system.1.Configuring IP Network Multipathing Configuring Link-based IPMP by Using Configuration Files This example shows IPMP configuration on an existing.

All Rights Reserved. The following system meets the minimum requirements: # cat /etc/release Solaris 8 10/00 s28s_u2wos_11b SPARC Copyright 2000 Sun Microsystems. Inc. use the eeprom command to view the contents of the system’s EEPROM: # eeprom "local-mac-address?" local-mac-address?=false # The preceding output indicates that the system is still in its default mode and uses the same MAC address for every interface. Use the eeprom command to change the local-mac-address? variable to true: # eeprom "local-mac-address?=true" # Verify that the local-mac-address? variable is set to true: # eeprom "local-mac-address?" local-mac-address?=true 6-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc.1 . Assembled 31 August 2000 # The following system exceeds the minimum requirements: # cat /etc/release Solaris 10 3/05 s10_74L2a SPARC Copyright 2005 Sun Microsystems. Inc.Configuring IP Network Multipathing Verify the Solaris OS Release The /etc/release file contains information about the installed version of the Solaris OS. Assembled 22 January 2005 # Configure Unique MAC Addresses To determine if unique MAC addresses are permitted. All Rights Reserved. Revision A. Use is subject to license terms. Sun Services. All Rights Reserved. This is indicated by the setting of the local-mac-address? variable to false.

1.1. Sun Services.21 sys11-hme1 # Data address for hme1 # Configure the Interfaces Network interfaces are configured in the /etc/hostname.hme1 files.hme0 sys11 netmask + broadcast + group ipmp_group0 up # Create the /etc/hostname. Modify the /etc/hostname. After editing the /etc/inet/hosts file.hme1 file to contain contents similar to the following: # cat /etc/hostname. Reboot the System Reboot the system to enable IPMP: # init 6 Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.1 6-23 .0.1 localhost 192.0.hme1 sys11-hme1 netmask + broadcast + group ipmp_group0 up # Cable the Interfaces You should ensure that all of the interfaces that are part of the IPMP configuration have cables connecting them to the same IP link.168. Revision A.1 sys11 loghost # Data address for hme0 # Modifications made for IPMP 192.hme0 and /etc/hostname.168.hme0 file to contain contents similar to the following: # cat /etc/hostname. Inc. All Rights Reserved.Configuring IP Network Multipathing Define the IP Addresses Add the IP addresses to the /etc/inet/hosts file for the sake of clarity. use the cat command to view the new information: # cat /etc/inet/hosts # # Internet host table 127.

RUNNING.error] No test interface hme1.mpathd indicate that the system is configured for link-based IPMP.0.IPv4> mtu 1500 index 2 inet 192. Sun Services.MULTICAST.MULTICAST.1 netmask ffffff00 broadcast 192.1 netmask ff000000 hme0: flags=1000843<UP.IPv4> mtu 1500 index 3 inet 192.BROADCAST. rather than for probe-based IPMP.IPv4.RUNNING. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.0.1. Dec 16 12:40:33 sys11 address configured on detection on it Dec 16 12:40:33 sys11 address configured on detection on it in.1. disabling probe-based failure in.VIRTUAL> mtu 8232 index 1 inet 127.mpathd -a Messages to the console (and to /var/adm/messages) from in.LOOPBACK. disabling probe-based failure 6-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.BROADCAST.168.1 .255 groupname ipmp_group0 ether 8:0:20:b9:72:23 hme1: flags=1000843<UP.MULTICAST.255 groupname ipmp_group0 ether 8:0:20:ac:9b:21 # To verify that the IPMP daemon is running. use the following command: # pgrep -fl mpathd 119 /usr/lib/inet/in.error] No test interface hme0.mpathd[119]: [ID 975029 daemon.168.Configuring IP Network Multipathing View the Link-based IPMP Configuration To view the configuration of the interfaces when the system is booted.1.mpathd[119]: [ID 975029 daemon. Revision A.21 netmask ffffff00 broadcast 192.RUNNING.1.168. Inc.168. All Rights Reserved.

Sun Services.MULTICAST. You can use this command to take a network interface offline (detach it).255 groupname ipmp_group0 ether 8:0:20:ac:9b:21 hme1:1: flags=1000843<UP.1 netmask ff000000 hme0: flags=89000842<BROADCAST. which forces a failover.1. Reattach the hme0 interface. Inc.0.1.IPv4> mtu 1500 index 3 inet 192. to force a failback: # if_mpadm -r hme0 The message on the console indicates that the failback was successful: Dec 16 13:41:47 sys11 in.LOOPBACK.0.168.0.168.OFFLINE> mtu 0 index 2 inet 0.168.1.0 netmask 0 groupname ipmp_group0 ether 8:0:20:b9:72:23 hme1: flags=1000843<UP.NOFAILOVER.MULTICAST.1.0.MULTICAST.0.168.BROADCAST.1.0.255 Notice.IPv4> mtu 1500 index 3 inet 192. the if_mpadm command can be used. Revision A.VIRTUAL> mtu 8232 index 1 inet 127. Take the hme0 interface offline to force a failover: # if_mpadm -d hme0 The message on the console indicates that the failover was successful: Dec 16 13:24:31 sys11 in.1 6-25 . and a new logical interface hme1:1 is created on the remaining physical interface hme1.168.RUNNING.mpathd[119]: Successfully failed over from NIC hme0 to NIC hme1 To view the current status of the network interfaces. Messages are sent to the console and to /var/adm/messages that indicate any failovers or failbacks which occur. use the ifconfig command: # ifconfig -a lo0: flags=2001000849<UP.RUNNING.Configuring IP Network Multipathing Verify Link-based IPMP Operation To verify the system’s IPMP configuration. The new logical interface has the IP address (192.RUNNING.BROADCAST.mpathd[119]:Successfully failed back to NIC hme0 Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. that the IP address of the hme0 interface is 0.IPv4.1) that was assigned to the physical hme0 interface before it failed.MULTICAST.21 netmask ffffff00 broadcast 192.1 netmask ffffff00 broadcast 192.RUNNING. All Rights Reserved.IPv4.0.

1. 6-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. In this configuration.BROADCAST.LOOPBACK.168. This enables you to monitor the status of the interface by using IPMP and to receive notifications about the interface’s status.1 netmask ff000000 hme0: flags=1000843<UP. With only a single interface in the group.MULTICAST.MULTICAST. Sun Services. and the hme1:1 logical interface is removed automatically. the data address can never move on to a different interface.IPv4> mtu 1500 index 2 inet 192.1. Configuring a Singleton IPMP Group It is possible to configure an IPMP group that contains only one interface.1.BROADCAST.Configuring IP Network Multipathing To view the current status of the network interfaces. and so is always associated with the interface being monitored.168. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.21 netmask ffffff00 broadcast 192.MULTICAST. Revision A.0.255 groupname ipmp_group0 ether 8:0:20:ac:9b:21 # The hme0 interface is reassigned its original IP address. although it is not possible to fail the interface over onto another network interface.255 groupname ipmp_group0 ether 8:0:20:b9:72:23 hme1: flags=1000843<UP.168.IPv4> mtu 1500 index 3 inet 192.IPv4.168.1 netmask ffffff00 broadcast 192.1.RUNNING.0.VIRTUAL> mtu 8232 index 1 inet 127. Inc.RUNNING. it is not necessary to configure a separate test address because the system can use the data address for testing purposes. All Rights Reserved.1 .RUNNING.

0.1 netmask ff000000 hme0 flags=1000843<UP.IPv4> mtu 1500 index 2 inet 192.RUNNING. also set the NOFAILOVER flag on the interface by using the -failover option. Sun Services.0. Revision A.1.Configuring IP Network Multipathing Configure a Single IPMP Group on the Command Line To create a singleton IPMP group. assign a multipath group name to the interface: # ifconfig hme0 group singleton # ifconfig -a lo0: flags=2001000849<UP. Inc. Configure a Single IPMP Group at System Boot To create a singleton IPMP group at system boot.1 6-27 . All Rights Reserved.RUNNING.hme0 sys11 group singleton up # Note – Use IPMP only on a single interface if multiple default routers exist on the local network.255 groupname singleton ether 8:0:20:b9:72:23 # Note – Do not use the deprecated option because this prevents applications from using the interface’s only IP address as a source address. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. ensure that the interface configuration file contains the group option and the IPMP group name: # cat /etc/hostname.LOOPBACK.VIRTUAL> mtu823 2 index 1 inet 127.IPv4. This enables multiple targets to be probed when checking the availability of the network.168.MULTICAST. If the single interface will be included in an IPMP group with multiple interfaces.1.1 netmask ffffff00 broadcast 192.MULTICAST.BROADCAST.168.

168.255 # 6-28 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. If configuration errors occur.168.255 qfe1: flags=1000843<UP.1.168.0 netmask 0 groupname mpgrp-one ether 8:0:20:b9:72:23 hme0:1: flags=89040842<BROADCAST.1.168.1.MULTICAST.1.LOOPBACK.71 netmask ffffff00 broadcast 192.1.51 netmask ffffff00 broadcast 192. Revision A.RUNNING.NOFAILOVER> mtu 1500 index 3 inet 192. Inc.MULTICAST. For example.1 netmask ffffff00 broadcast 192.Configuring IP Network Multipathing Viewing IPMP Operation To verify the system’s failover configuration.OFFLINE> mtu 0 index 2 inet 0.IPv4> mtu 1500 index 3 inet 192.NOFAILOVER.MULTICAST. Also.0. Sun Services. use the if_mpadm command.BROADCAST. or to change the operational status of IPMP interfaces.mpathd[535]: Successfully failed over from NIC hme0 to NIC qfe1 # The message indicates that the failover was successful.MULTICAST.IPv4.168. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP. You can use this command to take an interface offline (detach) by forcing a fail over and verifying that an alternate interface takes over as expected.NOFAILOVER. type the command: # if_mpadm -d hme0 Aug 4 14:00:38 sys11 in.IPv4.168. to detach the hme0 interface.0.1 .RUNNING. To view the status of the interfaces.168.RUNNING. Note – This message appears in the console window and is not seen if you are using an xterm or dtterm window.255 groupname mpgrp-one ether 8:0:20:ac:9b:21 qfe1:1: flags=9040843<UP.255 qfe1:2: flags=1000843<UP.OFFLINE> mtu 1500 index 2 inet 192.MULTICAST.1.IPv4.1.1 netmask ff000000 hme0: flags=89000842<BROADCAST. use the if_mpadm command to reattach a detached interface.IPv4> mtu 1500 index 3 inet 192.IPv4.RUNNING.BROADCAST.DEPRECATED.VIRTUAL> mtu 8232 index 1 inet 127.RUNNING.1.0.0.RUNNING. they appear at this stage.21 netmask ffffff00 broadcast 192.MULTICAST.DEPRECATED.168. All Rights Reserved.BROADCAST.

Configuring IP Network Multipathing The detached interface is assigned an IP address of 0.1.MULTICAST.168.255 groupname mpgrp-one ether 8:0:20:b9:72:23 hme0:1: flags=9040843<UP. and a new logical interface. To reattach an offline interface.mpathd[535]: Successfully failed back to NIC hme0 # Note – This message appears in the console window and is not seen if you are using an xterm or dtterm window.0. The new logical interface has the IP address that was assigned to the physical hme0 interface while it was working. type the command: # if_mpadm -r hme0 Aug 4 14:02:09 sys11 in.BROADCAST.1 netmask ffffff00 broadcast 192.MULTICAST.LOOPBACK.51 netmask ffffff00 broadcast 192.RUNNING.1 netmask ff000000 hme0: flags=1000843<UP.NOFAILOVER> mtu 1500 index 2 inet 192.168.RUNNING.1. To view the status of the interfaces.RUNNING.168.0. The message indicates that the fail back was successful. All Rights Reserved. and the qfe1:2 logical interface is removed automatically.0.168.IPv4.IPv4.1.255 groupname mpgrp-one ether 8:0:20:ac:9b:21 qfe1:1: flags=9040843<UP.21 netmask ffffff00 broadcast 192.MULTICAST.VIRTUAL> mtu 8232 index 1 inet 127.1 6-29 .255 # The hme0 interface is reassigned its original IP address.BROADCAST.168.IPv4> mtu 1500 index 2 inet 192.MULTICAST.1. Inc. Revision A. Sun Services.168. is created automatically on the functional qfe1 physical interface. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.MULTICAST.BROADCAST.0.168.71 netmask ffffff00 broadcast 192.1. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.NOFAILOVER> mtu 1500 index 3 inet 192.168.1.255 qfe1: flags=1000843<UP.DEPRECATED.0.RUNNING.DEPRECATED. qfe1:2.1.IPv4> mtu 1500 index 3 inet 192.RUNNING.1.IPv4.BROADCAST.

0 # After defining a test interface with the ifconfig command.168.mpathd[355]: Test address now configured on interface hme0.mpathd[535]: No test address configured on interface hme0.1. disabling probe-based failure detection on it The message indicates that the in.mpathd daemon with a process identifier (ID) of 535 senses that IPMP is not properly configured. enabling probe-based failure detection on it 6-30 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.51 deprecated netmask + \ > broadcast + -failover up Created new logical interface hme0:1 Setting netmask of hme0:1 to 255.1 . Recall that IPMP requires a test address on a logical interface for each physical interface.VIRTUAL> mtu 8232 index 1 inet 127. For example: # Aug 4 13:54:51 sys11 in.255 groupname mpgrp-one ether 8:0:20:b9:72:23 # The output indicates that the configuration process is not complete. To configure a test interface.1 netmask ffffff00 broadcast 192. the following message appears: # Aug 4 13:55:37 sys11 in.MULTICAST.MULTICAST. It is important to thoroughly test your network interface after you configure IPMP. Inc. use the ifconfig command: # ifconfig hme0 addif 192.1. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.1 netmask ff000000 hme0: flags=1000843<UP.RUNNING. Sun Services.RUNNING.0.IPv4. To investigate further. All Rights Reserved.255.0.168.255.Configuring IP Network Multipathing Troubleshooting an IPMP Configuration Incorrectly configured network interfaces might not properly fail over when connectivity to an interface fails for any reason.1.BROADCAST.IPv4> mtu 1500 index 2 inet 192.168. Revision A. Carefully read messages in the /var/adm/messages file or in the console window to take the proper troubleshooting steps when you configure and test the IPMP.LOOPBACK.

1 netmask ffffff00 broadcast 192.MULTICAST. To view the interface configuration.51 netmask ffffff00 broadcast 192.NOFAILOVER> mtu 1500 index 2 inet 192.168.MULTICAST.LOOPBACK. Be aware that more than one interface is required to provide effective failover. Inc.DEPRECATED.1.mpathd daemon reports that it can now perform failure detection.BROADCAST. Sun Services.RUNNING.168.IPv4.IPv4> mtu 1500 index 2 inet 192.RUNNING.255 # Both the physical and logical interfaces are configured properly.0. All Rights Reserved.1 6-31 .VIRTUAL> mtu 8232 index 1 inet 127.1 netmask ff000000 hme0: flags=1000843<UP.168. use the ifconfig command: # ifconfig -a lo0: flags=1000849<UP.1.255 groupname mpgrp-one ether 8:0:20:b9:72:23 hme0:1: flags=9040843<UP. Revision A.168.BROADCAST.1.RUNNING.IPv4.1.MULTICAST. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.0.Configuring IP Network Multipathing The in.

A logical interface for each physical interface – The in.1 . Work with another student if your system does not have enough interfaces. Revision A. Caution – Remove any interfaces that you configured that are not part of previous exercises before starting this exercise. A data IP address for each physical interface – Users and applications use this address when accessing the system. Verify that your system meets the minimum requirements and has enough network cabling before you continue. An IP address for each logical interface – This is the test address. A second physical interface – This interface must be connected with a network cable. Preparation Refer to the lecture notes as necessary to perform the tasks listed. Inc.Exercise: Configuring IPMP Exercise: Configuring IPMP In this exercise. q q q q 6-32 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Ethernet) are required for this exercise. Sun Services. You need the following information when you configure IPMP in this exercise: q The IPMP group name – This name is required for each physical interface that will be part of the IPMP group. All Rights Reserved. you configure IPMP on your system. At least two interfaces of the same type (for example.mpathd daemon uses this interface to monitor the status of the physical interface.

21.168. q q Assume that the IPMP group name is mpgrp-one.1. Revision A.1.71.168.51.1.168. the physical interface address of 192.1.1 uses test a test address of 192.1 6-33 . The second logical interface’s IP address is 192.168.71.21 uses a test address of 192.1. The first logical interface’s IP address is 192. Write the new physical interface’s IP address: _____________________________________________________________ The test IP address for each logical interface is the physical interface’s IP address plus 50. q q Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. for example.21.1.51.1.168.Exercise: Configuring IPMP Write the names and addresses that you will use: q The IPMP group name is unique to your system.168. the new physical interface’s IP address is 192.168. For example.168. Assuming that the existing IP address is 192. Inc.1. All Rights Reserved. Write the first logical interface’s IP address: _____________________________________________________________ Write the second logical interface’s IP address: _____________________________________________________________ q The following is an example of a complete list of the information that you need when you configure multipathing in the exercise. and the physical interface IP address of 192.1. Write the IPMP group name: _____________________________________________________________ q The new physical interface uses an IP address of your system’s IP address plus 20. the new interface has an address of 192.168. Sun Services.1.

Edit your /etc/inet/hosts file. Revision A. Reboot your system to enable unique MAC address assignment. Configure your system to use unique MAC addresses. 8. Ignore the loopback interface that has an index of 1. and add entries for the interfaces. Write the interface type for index 2: _____________________________________________________________ 6. Verify that your system has a supported version of the Solaris OS. 6-34 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. View and document your system’s current interface information with the ifconfig command. Sun Services. Open a console window to see any messages that might be sent to the console but perform the other steps in a different (non-console) window. Write the command that you use: _________________________________________________ 3. Can the system that displayed the preceding output be configured to support IPMP? Why or why not? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 4. Write the command that you use: _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 2. Inc. Write the command that you use: _____________________________________________________________ 5. Document the existing interface information.1 . Write the command that you use: _____________________________________________________________ 7. so that you can compare the output after you configure IPMP.Exercise: Configuring IPMP Tasks Complete the following steps: 1. Use comments to help limit confusion. All Rights Reserved.

Write the command that you use: ________________________________________________________ c.1 6-35 . Then. Configure a test interface for the physical interface that you just assigned to an IPMP group.Exercise: Configuring IPMP 9. as follows: a. Revision A. Inc. Deprecate the interface. configure the interface so that it is up. q Write the command that you use: ________________________________________________________ Is the daemon running? Why or why not? ________________________________________________________ ________________________________________________________ ________________________________________________________ q 10. Is the daemon running? Why or why not? ________________________________________________________ ________________________________________________________ ________________________________________________________ 11. Write the command that you use: _____________________________________________________________ _____________________________________________________________ Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. Write the command that you use: ________________________________________________________ b. All Rights Reserved. Determine if the IPMP daemon is running on your system. Determine if the IPMP daemon is running on your system. Be sure to set the appropriate netmask and broadcast addresses. Sun Services. and configure failover appropriately. Assign the system’s existing interface to an IPMP group. Configure IPMP on your system without rebooting.

Then. Sun Services. Revision A. Assign the newly plumbed interface to the appropriate IPMP group and bring the interface up. either unplug the network cable to the interface or use the if_mpadm command to detach one of your system’s IPMP interfaces. ________________________________________________________ 13. ________________________________________________________ b. Be sure to configure the netmask and broadcast addresses. Write the command you need if you used the if_mpadm command: ________________________________________________________ Notice that your teammate’s work is frozen for a moment and then continues. Configure a test interface for the physical interface that you just configured. c. Deprecate the interface. Connect to one of your system’s physical IP addresses over the network by using the telnet command. d. Write the command that you need if you used the if_mpadm command: ________________________________________________________ 6-36 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Start typing. Do not assign it membership in the IPMP group yet or bring the interface up. and configure failover appropriately. Repair the interface by reconnecting the network cable or by using the if_mpadm command. Work with another teammate for this step. Write the command that you use: _____________________________________________________________ 14. Verify that the new physical interface is connected to the network before proceeding with the following steps: a. Open an edit session by using an editor of your teammate’s choice in the telnet session. b. All Rights Reserved. Have your teammate: a. Inc. While your teammate is typing. Configure and plumb the second physical interface. even though the interface to which your teammate is connected is disabled.Exercise: Configuring IPMP 12. Specify the appropriate IP address and addresses for broadcast and netmask.1 . configure the interface so that it is up.

While your teammate is typing. even though the interface to which your teammate is connected is disabled. Connect to one of your system’s physical IP addresses over the network by using the telnet command. Document your configuration steps here: _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 16. Inc. d. All Rights Reserved. b. Be sure to make copies of your system’s original configuration files because you will need to restore your system’s configuration later in this exercise. Open an edit session by using an editor of your teammate’s choice in the telnet session. 17. Reboot your system to test the IPMP configuration. Start typing. Configure your system so that the interfaces are configured automatically for IPMP at boot time.Exercise: Configuring IPMP 15. Work with another teammate for this step. Write the command you need if you used the if_mpadm command: ________________________________________________________ Notice that your teammate’s work is frozen for a moment and then continues. Repair the interface by reconnecting the network cable or by using the if_mpadm command.1 6-37 . Look for any error messages relating to interfaces and address assignments. c. Sun Services. Have your teammate: a. Write the command that you need if you used the if_mpadm command: ________________________________________________________ Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. either unplug the network cable to the interface or use the if_mpadm command to detach one of your system’s IPMP interfaces. Write the command that you use: _____________________________________________________________ Pay careful attention to the system’s console while it is booting. Revision A.

complete the following steps and remove the IPMP configuration: a.1 . Restore the first hostname.Exercise: Configuring IPMP 18. Reboot your system. Revision A. To prepare your system for future exercises.interface file that you saved earlier and delete the second interface file. All Rights Reserved. Sun Services. b. 6-38 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc.

Sun Services. Revision A. All Rights Reserved.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences.1 6-39 . issues. Inc. q q q q ! ? Experiences Interpretations Conclusions Applications Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. or discoveries you had during the lab exercise.

IPv4> mtu 1500 index 2 inet 192.RUNNING. so that you can compare the output after you configure IPMP. All Rights Reserved.0. Document the existing interface information.1. Revision A. Use is subject to license terms. Use the eeprom command. Open a console window to see any messages that might be sent to the console but perform the other steps in a different (non-console) window. Verify that your system has a supported version of the Solaris OS.Exercise Solutions Exercise Solutions Solutions to the exercise are as follows: 1. # ifconfig -a lo0: flags=1000849<UP. Inc. Sun Services. View and document your system’s current interface information with the ifconfig command.IPv4. Can the system that displayed the preceding output be configured to support IPMP? Why or why not? Yes.255 ether 8:0:20:b9:72:23 # 5.BROADCAST.1. # cat /etc/release Solaris 10 3/05 s10_74L2a SPARC Copyright 2005 Sun Microsystems. Write the interface type for index 2: hme0 6. This system can be configured with IPMP because it has a version of the operating environment that is at a minimum the Solaris 8 10/00 OS.1 .RUNNING. # dtterm -C & 2. Ignore the loopback interface that has an index of 1.1 netmask ffffff00 broadcast 192. 4. Inc. All Rights Reserved.1 netmask ff000000 hme0: flags=1000843<UP.LOOPBACK.168. Assembled 22 January 2005 # 3.0.168.VIRTUAL> mtu 8232 index 1 inet 127. Configure your system to use unique MAC addresses. # eeprom local-mac-address?=true # 6-40 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.MULTICAST.MULTICAST.

# Existing phys hme0 interface # IPMP logical test addr for hme0 # IPMP phys interface for qfe1 # IPMP logical test addr for qfe1 Determine if the IPMP daemon is running on your system. The following is an example of the /etc/inet/hosts file: # cat /etc/inet/hosts # # Internet host table # 127. Edit your /etc/inet/hosts file.mpathd 603 /usr/lib/inet/in.1.mpathd daemon should be running because you just assigned an IPMP group name to an interface.168.mpathd # q Is the daemon running? Why or why not? No.51 sys11-hme0-ipmp-test 192. Sun Services.1. and add entries for the interfaces. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems. Reboot your system to enable unique MAC address assignment. All Rights Reserved. Use comments to help limit confusion.1 sys11 loghost # entries added for IPMP example 192. Configure multipathing on your system without rebooting. Assign the system’s existing interface to an IPMP group.168. q Write the command that you use: # pgrep -lf in.mpathd daemon should not be running because no interfaces were defined as part of an IPMP group. Write the command that you use: # ifconfig hme0 group mpgrp-one # b.mpathd daemon automatically. as follows: a.1.0.21 sys11-local-qfe1 192.168. # pgrep -lf in.Exercise Solutions 7. Determine if the IPMP daemon is running on your system. # init 6 8.0.mpathd # c. Recall that the group option of the ifconfig command starts the in. 10. Inc. Revision A.168.1 6-41 . Is the daemon running? Why or why not? Yes.71 sys11-qfe1-ipmp-test # 9.1.1 localhost 192. the in. the in.

1.1. Specify the appropriate IP address and addresses for broadcast and netmask. Be sure to configure the netmask and broadcast addresses.1. Revision A. and configure failover appropriately. Deprecate the interface.Exercise Solutions 11. Be sure to set the appropriate netmask and broadcast addresses. All Rights Reserved.168. Deprecate the interface. Then. Do not assign it membership in the IPMP group yet or bring the interface up. enabling probe-based failure detection on it # ifconfig qfe1 plumb 192.1 . configure the interface so that it is up. configure the interface so that it is up. Then.51 deprecated netmask + \ broadcast + -failover up Created new logical interface hme0:1 # 12. # ifconfig hme0 addif 192. Verify that the new physical interface is connected to the network before proceeding with the following steps: a. Inc. disabling probe-based failure detection on it 13.168. Configure and plumb the second physical interface. Assign the newly plumbed interface to the appropriate IPMP group and bring the interface up.mpathd[603]: No test address configured on interface qfe1. Write the command that you use: # ifconfig qfe1 addif 192. Configure a test interface for the physical interface that you just configured.mpathd[603]: Test address now configured on interface qfe1. # ifconfig qfe1 group mpgrp-one up 6-42 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services.71 deprecated netmask 0xffffff00 \ broadcast + -failover up Created new logical interface qfe1:1 # Console message: in.168. Console message: in. Configure a test interface for the physical interface that you just assigned to an IPMP group. and configure failover appropriately.21 netmask 0xffffff00 broadcast + b.

Create a /etc/hostname. Connect to one of your system’s physical IP addresses over the network by using the telnet command. Revision A. Work with another teammate for this step.mpathd[603]: Successfully failed back to NIC qfe1 15.mpathd[603]: Successfully failed over from NIC qfe1 to NIC hme0 Notice that your teammate’s work is frozen for a moment and then continues.hme0 /etc/_hostname.1. b.168. Copy your system’s interface files for future use: Edit the /etc/hostname.71 deprecated netmask 0xffffff00 broadcast + -failover up Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.1 6-43 . Start typing. All Rights Reserved. even though the interface to which your teammate is connected is disabled. Sun Services.1.51 deprecated netmask 0xffffff00 broadcast + -failover up c. Be sure to make copies of your system’s original configuration files because you will need to restore your system’s configuration later in this exercise. While your teammate is typing. a. d. Have your teammate: a. Inc.Exercise Solutions 14. c. Open an edit session by using an editor of your teammate’s choice in the telnet session.hme0 Repair the interface by reconnecting the network cable or by using the if_mpadm command.168. # if_mpadm -r qfe1 # Console message: in. b. # if_mpadm -d qfe1 # Console message: in.hme0 file so that it has contents similar to the following: # cp /etc/hostname. Configure your system so that the interfaces are automatically configured for IPMP at boot time. either unplug the network cable to the interface or use the if_mpadm command to detach one of your system’s IPMP interfaces. sys11 netmask 0xffffff00 broadcast + group mpgrp-one up addif 192.qfe1 file so that it has contents similar to the following: sys11-local-qfe1 netmask 0xffffff00 broadcast + group mpgrp-one up addif 192.

Exercise Solutions 16. Revision A. b. even though the interface to which your teammate is connected is disabled. Start typing. Connect to one of your system’s physical IP addresses over the network by using the telnet command. All Rights Reserved.mpathd[159]: Successfully failed over from NIC qfe1 to NIC hme0 Notice that your teammate’s work is frozen for a moment and then continues. c. Look for any error messages relating to interfaces and address assignments. 6-44 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services. Inc. d. Write the command that you use: # init 6 # Pay careful attention to the system’s console while it is booting.mpathd[159]: Successfully failed back to NIC qfe1 Repair the interface by reconnecting the network cable or by using the if_mpadm command. # if_mpadm -d qfe1 # Console message: in. # if_mpadm -r qfe1 # Console message: in. Work with another teammate for this step. While your teammate is typing.1 . Open an edit session by using an editor of your teammate’s choice in the telnet session. 17. either unplug the network cable to the interface or use the if_mpadm command to detach one of your system’s IPMP interfaces. Have your teammate: a. Reboot your system to test the IPMP configuration.

1 6-45 . complete the following steps and remove the IPMP configuration: a. # cp /etc/_hostname. # init 6 Reboot your system. Inc. Restore the first hostname. All Rights Reserved. Configuring IP Network Multipathing Copyright 2005 Sun Microsystems.qfe0 # rm /etc/hostname.qfe1 b. To prepare your system for future exercises. Revision A.qfe0 /etc/hostname.Exercise Solutions 18.interface file that you saved earlier and delete the second interface file. Sun Services.

.

Upon completion of this module.1 .Module 7 Configuring Routing Objectives This module describes how to configure routing. Revision A. Sun Services. you should be able to: q q q q q q q q q Identify the fundamentals of routing Describe routing table population Describe routing protocol types Describe the routing table Configure static routing Configure dynamic routing Describe classless inter-domain routing (CIDR) Configure routing at system boot Troubleshoot routing 7-1 Copyright 2005 Sun Microsystems. routing schemes. routing types. Inc. All Rights Reserved. and troubleshooting.

Configuring the Network Configuring IP Network Multipathing Configuring IP Configuring Routing Configuring IPv6 Describing the Transport Layer Figure 7-1 Course Map 7-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 . Sun Services. Inc. Revision A. All Rights Reserved.Objectives The course map in Figure 7-1 shows how this module fits into the current instructional goal.

Sun Services. Routers and routing eliminate the concept of one single. Inc. Purpose of Routing Routing is one of the important functions of the Internet layer in the TCP/IP network model.Identifying the Fundamentals of Routing Identifying the Fundamentals of Routing Routers are devices that forward IP datagrams between networks. An IP router can forward IP datagrams based on the information in the IP header and information obtained from its routing table. An IP router connects two or more networks and forwards IP datagrams between them. TCP/IP Layers Application Layer Transport Layer Internet Layer Network Interface Layer Hardware Layer Figure 7-2 TCP/IP Network Model Configuring Routing Copyright 2005 Sun Microsystems. The process of sharing information about networks and routes to networks is called routing. Figure 7-2 shows the layer in the TCP/IP network model in which routing takes place. The process of forwarding IP datagrams to their destinations is called forwarding. This function is primarily supported by IP.1 7-3 . All Rights Reserved. and very busy worldwide network. large. Revision A.

All Rights Reserved. Revision A. An indirect route is a route in which the destination system is not on the same local network as the source system. Note – A router connects two networks running the same protocol stack. A direct route is a route in which the destination system is on the same local network as the source system. Inc. A gateway connects two networks running different protocol stacks. this is called an indirect route. The source system can send the IP datagram to the destination system without any involvement from another system. The IP datagram is sent through one or more routers or gateways on its way to the destination. 7-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. This activity could be thought of as direct delivery of a datagram because no routers are required to complete the transaction. Sun Services.1 . Because the delivery of the datagram is not direct and other systems are involved in the delivery.Identifying the Fundamentals of Routing Types of Routes Routes can be dividing in to two types: direct routes and indirect routes.

Inc. 192.30. All Rights Reserved.168. Revision A.1 7-5 .Identifying the Fundamentals of Routing Figure 7-3 shows an example of direct and indirect routes.168.0 192.4.0 192.1. Sun Services.0 sys11 instructor sys12 sys21 sys13 sys24 Direct Route Indirect Route Figure 7-3 Direct and Indirect Routes Configuring Routing Copyright 2005 Sun Microsystems. The sys11 system has a direct route to the sys13 system and an indirect route to the sys24 system through the sys21 router.168.

Inc. The /etc/defaultrouter file defines one or more static default routes for a system. Revision A.Introducing the Routing Table Introducing the Routing Table The Solaris OS kernel uses a random access memory-based (RAM-based) table. Sun Services. Static routes can be removed through manual intervention only. Static Routes Static routes are permanent entries in the routing table. a system can route directly to its local network or networks because the interfaces are initialized by the ifconfig command. The ifconfig command updates the routing table with static entries for networks that are directly connected to the local network interfaces when an interface is configured as up. called the routing table. Therefore. Static routes can also be added to your system’s routing table manually by using the /etc/defaultrouter file or by using entries placed in the /etc/gateways file. This table is populated with either static or dynamic entries. The /etc/gateways file is used to define static indirect routes to networks and hosts. The most common static entries are the direct routes that a system creates to its local networks. All Rights Reserved. even in single-user mode. to store information needed to deliver IP datagrams to their destinations.1 . A default route defines the router to use for all destinations that do not have an explicit routing table entry. 7-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

Configuring Routing Copyright 2005 Sun Microsystems.routed daemons. The in. Only those entries calculated to be the best paths to a network destination remain in the routing table. the router can forward or deliver datagrams to these networks. Other hosts and routers listen to these periodic announcements and update their routing table with the most current and correct information.Introducing the Routing Table Dynamic Routes Dynamic routes are added to or removed from the routing table by processes. Inc. Revision A.1 7-7 . Sun Services. The svc:/network/initial SMF service enables routing. Routing in the Solaris 10 OS is implemented by the in. When the routing table is updated with information about other reachable networks. All Rights Reserved.routed daemon.routed daemon implements three routing protocols: q q q Routing Information Protocol version 1 (RIPv1) Routing Information Protocol version 2 (RIPv2) ICMP Router Discovery Protocol Routers advertise the networks that they know about. such as the in.

The Internet can be considered to be a set of autonomous systems that are connected together. As a result.Introducing Routing Protocol Types Introducing Routing Protocol Types A single routing protocol cannot efficiently handle all situations because networks can be connected in many different ways. Autonomous Systems An autonomous system (AS).1 . Inc. All Rights Reserved. This broad definition was incorporated into the Internet in an attempt to reduce excessively large routing tables. )5 )5 )5 Figure 7-4 Autonomous Systems An autonomous system number is a unique 16-bit address that is assigned by the Internet Corporation for Assigned Names and Numbers (ICANN). 7-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services. Revision A. is a collection of networks and routers under a single administrative control. different protocols were developed to manage routing in different areas of the Internet. as shown in Figure 7-4.

1 7-9 . Figure 7-5 shows how IGPs are used in networks. Configuring Routing Copyright 2005 Sun Microsystems. 1/2 )5 1/2 )5 )5 Figure 7-5 1/2 Use of IGPs in Networks Many routing protocols are designed to pass routing information within an autonomous system. Sun Services. Inc.Introducing Routing Protocol Types Interior Gateway Protocols Routing within an AS is managed by an Interior Gateway Protocol (IGP). IGPs manage the sharing of routing information between networks in the AS. Revision A. There are two versions of RIP: RIPv1 and RIPv2. RIP is a distance-vector protocol that exchanges route information between IP routers. and are also responsible for sharing information about any external routes that the gateways (the routers which connect the AS to the rest of the Internet) might be advertising to the networks in the AS. Two popular protocols are RIP and the Open Shortest Path First (OSPF) Protocol. in the form of hop counts. All Rights Reserved. Distance-vector algorithms obtain their name from the fact that they compute the least-cost path by using information that is exchanged with other routers that describes reachable networks with their distances.

Inc. All Rights Reserved. Exterior Gateway Protocols An Exterior Gateway Protocol (EGP) is a routing protocol used to forward packets between autonomous systems. Sun Services. such as the Internet or a large corporation’s intranet.Introducing Routing Protocol Types OSPF is a link-state protocol. OSPF provides a view of the entire network and provides the shortest path choices on routes. Revision A.1 . Figure 7-6 shows the role of EGPs in Internet routing. The map on each OSPF router is updated regularly. for example in a large WAN. 7-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. )5 -/2 -/2 -/2 )5 )5 Figure 7-6 Role of EGPs in Internet Routing EGP and the Border Gateway Protocol (BGP) are the two principal protocols that exchange routing information among autonomous systems. OSPF maintains a map of the network topology instead of computing route paths that are based on distance vectors in the way that RIP computes the route paths. EGPs are used between organizations or sites.

BGP generates an error condition. such as the Internet. All Rights Reserved. Configuring Routing Copyright 2005 Sun Microsystems.Introducing Routing Protocol Types EGP was developed in the early 1980s. This eliminates the possibility of looping problems that might arise from complex network topologies. A loop is detected by BGP when the path it receives has an autonomous system listed twice. BGP was developed in the mid 1990s to replace EGP.1 7-11 . The path vector that is implemented by BGP causes the routing information to include a complete path (all autonomous system numbers) from the source to the destination. Revision A. If this occurs. BGP replaces the distance-vector algorithm of EGP with a path-vector algorithm. Sun Services. The concept of an autonomous system developed out of the research and development of EGP. Inc.

168.0 224. Displaying the Routing Table To display the contents of a system’s routing table without interpreting the names of the systems.0.168. All Rights Reserved. The routing table is referenced when a path to another computer is required. use the netstat command with the -r and -n options.-----.168.1.1. Sun Services.1.1 UH 37 132 lo0 7-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0.----.--------192.0.0 192.168.1 U 1 0 hme0 127.----. For example: # netstat -rn Routing Table: IPv4 Destination -------------------192.1 .1 U 1 51 hme0 192. The routing table is often interrogated when you troubleshoot connectivity issues.0 127.168.Working With the Routing Table Working With the Routing Table A system’s routing table is used to store routing information for the system. Revision A.30. Inc.0.0. The -n option causes the IP addresses to be displayed instead of resolving them to names.30.0. The -r option causes the routing table to be displayed.31 U 1 54 qfe0 192.1 # Gateway Flags Ref Use Interface -------------------.

For the localhost entry. G – The delivery system is another system (an indirect route). Inc. This entry can also contain the keyword default to represent a default route.Working With the Routing Table Introducing Routing Table Information Table 7-1 describes the output from the netstat -rn command. q q Ref Use The current number of routes that share the same network interface (Ethernet) address. Table 7-1 Routing Table Entries Field Destination Description The destination network or host address. The number of datagrams that have used this route. All Rights Reserved. not a network. The system that delivers or forwards the datagram. it is a snapshot of the number of datagrams that are received. D – The entry was added dynamically by an ICMP redirect. This field uses the following flags: q q Gateway Flags U – The interface is up. H – Host route. The destination is a system. Revision A.1 7-13 . The status of this route. The local interface used to reach the destination. Interface Configuring Routing Copyright 2005 Sun Microsystems. Sun Services.

Does the network number match one found in the route table? Yes No Encapsulate the datagram by setting the destination Ethernet address to that of the default router found in the route table. and compute the network number. Deliver the frame through the interface connected to the system.Working With the Routing Table Searching the Routing Table Figure 7-7 shows the kernel routing algorithm. No Encapsulate the datagram by setting the destination Ethernet address to that of the router associated with the route table entry. Does the destination IP address match a host-specific route in the route table? Yes Encapsulate the datagram by setting the destination Ethernet address to that of the router associated with the host route table entry. Deliver the frame through the interface connected to the system. Inc. Deliver the packet through the interface frame connected to the system. Extract the destination IP address. All Rights Reserved. Is there a default entry in the route table? Yes No Generate a routing error message through ICMP Figure 7-7 The kernel Routing Algorithm 7-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. Sun Services.1 .

the kernel encapsulates the IP datagram inside an Ethernet frame and sends the frame to the router that is associated with that destination. Sun Services. 4. and delivers the datagram through the interface that is local to the default router. The kernel searches the routing table entries for a matching host IP address. the kernel sets the destination Ethernet address to that of the corresponding router and delivers the frame to that router. which signifies that a default route is configured. Revision A. If a default route is found. The destination network number is then compared with the network numbers of all of the local interfaces (interfaces that are physically attached to the system) for a match. Inc. sets the destination Ethernet address to that of the default router. The error message states either No route to host or Network is unreachable. the kernel encapsulates the IP datagram inside an Ethernet frame and sends it through the matching local interface for delivery. The kernel routing algorithm checks for a default route in the routing table. The kernel extracts the destination IP address from the IP datagram and computes the destination network number. 3. The kernel routing algorithm checks to see if the IP address is on a local network. The router that receives the frame repeats the execution of the route algorithm.Working With the Routing Table The kernel routing algorithm searches for routing table entries in the following order when determining where to send a datagram: 1. 2. 5. the kernel encapsulates the datagram. The kernel routing algorithm checks the routing table for a route to a matching host IP address on a non-local network. but leaves the destination IP address unchanged. leaves the destination IP address unchanged. All Rights Reserved. If a matching number is found.1 7-15 . The kernel searches the routing table for a default entry. Configuring Routing Copyright 2005 Sun Microsystems. If there is no route to the destination. The kernel searches the routing table for a matching network number. If an entry that matches the host IP address is found. The kernel cannot forward the datagram. The kernel routing algorithm checks the routing table for a route to a matching network number. the kernel routing algorithm check generates an ICMP error message. If the destination network number matches that of a local interface network number.

An equivalent file for associating network names and numbers also exists: the /etc/inet/networks file. # # # The loopback network is used only for intra-machine communication # loopback 127 # # Internet networks # arpanet 10 one two three thirty # 192.168. The /etc/networks file is a symbolic link to the /etc/inet/networks file. Inc.168. network number. 7-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 . All Rights Reserved. Sun Services. If the netstat -r command is used instead.30 arpa one two three thirty # Historical When the /etc/inet/networks file is modified. the netstat command attempts to resolve IP addresses to names. . you can use the defined network name in a command instead of a network address.1 */ # # The networks file associates Internet Protocol (IP) network numbers # with network names.Working With the Routing Table Associating Names and Network Numbers The netstat -rn command displays the routing table without resolving any of the IP addresses in the routing table to names.0 1. The fields in the /etc/inet/networks file are organized by network name.4 92/07/14 SMI" /* SVr4.168. . Revision A.2 192. For example: # cat /etc/inet/networks #ident "@(#)networks 1. and nicknames.3 192.1 192. and displays the names instead of the numbers. IP addresses and host names are associated by using the /etc/inet/hosts file. The format of this file is: # # network-name network-number nicnames .168.

Inc.1 7-17 .0.-----.0.Working With the Routing Table To view how defined networks are displayed in the output from the netstat command. Configuring Routing Copyright 2005 Sun Microsystems.0 localhost # Gateway Flags Ref Use Interface -------------------. and the loopback address is replaced by its entry from the /etc/inet/hosts file. Sun Services. use the netstat command with the -r option: # netstat -r Routing Table: IPv4 Destination -------------------one two three thirty 224.--------sys11 U 1 53 hme0 sys11ext UG 1 0 sys11ext UG 1 0 sys11ext U 1 56 qfe0 sys11 U 1 0 hme0 localhost UH 3 132 lo0 Observe that the destination networks are now displayed by name instead of by network number. All Rights Reserved. Revision A.----.----.

Configuring Static Direct Routes Static direct routes are routes to local networks which do not expire from the routing table.Configuring Static Routes Configuring Static Routes You can configure a route that does not change or time-out.-----.----.1 U U UH 1 1 3 77 0 132 qfe0 hme0 lo0 The 127.1.1.. This type of route is called a static route.1 U 1 53 hme0 192.0 .1 entry in the routing table is a loopback route to the local host that is created when the lo0 pseudo interface is configured.0.0.31 192. The ifconfig command builds the direct route entries initially when the network interface is configured during system startup. Revision A.0. 7-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.168. All Rights Reserved. Static routes are not removed from the routing table by the system..----. 192.168.0. .168.0. Inc.1.1 # Gateway Flags Ref Use Interface -------------------.0 127. To view the static direct routes configured by the ifconfig command.30.0.1 .168. A static direct route is added to a network when a network interface is configured as up by the ifconfig command.0..0 224.1 127.0. use the netstat -rn command: # netstat -rn Routing Table: IPv4 Destination -------------------192.. Sun Services.--------192.30.168.

which reduces the processing time spent on each IP datagram. even when the default router is not available.Configuring Static Routes Configuring the /etc/defaultrouter File Default routes are routing table entries that define the default routers to use if no specific host or network routes are available. which eliminate single points-of-failure within a network.routed daemon. All Rights Reserved. This can be an administrative problem on large. Sun Services. evolving networks. The system does not learn about other possible routes. Multiple default routers can be identified. Revision A. Default routes mean that you do not need to define every reachable network because datagrams that are addressed to non-local destinations use a default router in the absence of an explicit route. You must use host names that exist in the system’s /etc/inet/hosts file because no name-resolution services are available at the time that this file is read at system boot. Some advantages of default routing are: q The /etc/defaultrouter file prevents unneeded routing processes from starting. which lists the host names or IP addresses of the default routers. All systems must have a local /etc/defaultrouter file configured properly because this file cannot be administered by a name service. The default entries result in a smaller routing table. The /etc/defaultrouter file is used to define static default routes. Systems that use default route entries do not depend on actual routing protocols.1 7-19 . Default route entries can be either static entries or dynamic entries. q q q Some disadvantages of default routing are: q The default entries created by the /etc/defaultrouter file are always present. A system that is configured with an /etc/defaultrouter file does not execute the in. Inc. q Configuring Routing Copyright 2005 Sun Microsystems. You can define default routers by creating entries in the /etc/defaultrouter file.

The /etc/gateways file also supports the use of directives to control the behavior of the system. All Rights Reserved.routed daemon uses the contents of the /etc/gateways file to add additional static routes to the routing table. Inc.168. use the following directive in the /etc/gateways file: no_ripv1_in if=qfe3 You can disable the RDISC protocol by placing the following directive in the /etc/gateways file: no_rdisc Refer to the gateways man page for more information on the /etc/gateways file. Revision A. For example. Sun Services.routed daemon when the daemon starts. The in. 7-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. to ignore RIPv1 information received on the qfe3 interface.1 .0 gateway sys31ext metric 1 # Note – It is a better practice to use IP addresses rather than the host names because it might not be possible to resolve host names. if it exists.3. Static route entries in the /etc/gateways file use the format: net|host destination gateway gateway metric hops [passive|active|extern] For example: # cat /etc/gateways net 192. For example. you can disable the RIP protocols (RIPv1 and RIPv2) by placing the following directive in the /etc/gateways file: no_rip Use the no_rip_v1in directive when you want your system to ignore RIPv1 information received on a specific interface. is read by the in.Configuring Static Routes Configuring the /etc/gateways File The /etc/gateways file.

All Rights Reserved. Inc. Its basic format is: route delete destination gateway For example. you use the route add command. and change routing table entries. type the command: # route add net 192.1 7-21 .0 network with the sys31ext system as the gateway.168. a network.168. To add routes to the routing table.168.0 sys31ext add net 192. Its basic format is: route add destination gateway The destination can be a host. to add a static route to the 192. type the command: # route add host sys24 sys21ext add host sys24: gateway sys21ext # To add a default route with the instructor system as its gateway.3.Configuring Static Routes Configuring Static Routes on the Command Line The route command enables manual manipulation of the routing table. or a default route. Revision A. For example. you use the route delete command. The route command uses sub-commands to perform its tasks. The route command can be used to add.3. to delete the route to the host sys24 using the gateway sys21ext.0: gateway sys31ext # To add a static route to the sys24 host with the sys21ext system as the gateway. type the command: # route add default instructor add default: gateway instructor # To delete a route. Sun Services.3. type the command: # route delete sys24 sys21ext delete host sys24: gateway sys21ext # Configuring Routing Copyright 2005 Sun Microsystems. remove.

errno 0. use the route get command.DONE.3. type the route monitor command: # route monitor got message of size 124 RTM_DELETE: Delete Route: len 124. use the route flush command. For example: # route flush 192.Configuring Static Routes To retrieve information about a specific route. flags:<UP.0 sys11ext 255. seq 1.GATEWAY.NETMASK> 192.STATIC> locks: inits: sockaddrs: <DST. pid: 633. to retrieve information about the default route.ms rttvar. use the route change command.0 To flush (remove) the routing table of all gateway entries. Revision A.ms 0 0 0 0 0 # hopcount 0 mtu 1500 expire 0 To change the routing table.4. to change the default route from instructor to sys41.STATIC> recvpipe sendpipe ssthresh rtt.GATEWAY. when a route is deleted.1 . Inc. or suspected network partitionings.168.DONE.9 two two default # sys13 sys13 sys11ext 172. to receive the following output. All Rights Reserved. For example.GATEWAY. use the route monitor command.168.255.20. For example. route look-up misses.255. type a command similar to the following: # route change default sys41 change net default: gateway sys41 # To continuously report any changes to the routing table. type the following command: # route get default route to: default destination: default mask: default gateway: instructor interface: hme0 flags: <UP. For example. Sun Services.248 done done done done 7-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

11100000 in binary format.168. For example.255.2.168.168.255.11111111.0 network.3. type the command: # route add 224.168.0 sys31ext -netmask 255.168.255.3. A command similar to the following is identical to the command in the preceding example: # route add net 192.168. type the command: # route add net 192. To define a route that uses a specific netmask to support a network.255.3.0: gateway sys21ext # To add a route manually to the multicast address range of 224–239. For example.2. Inc. Sun Services. to flush the routing table of gateways and to add a route to the 192.0/27 The 255.3.3.0 sys21ext add net 192.0/27 sys31ext add net 192.168.224 add net 192. specify the length of the subnet mask after the destination.0: gateway sys31ext # To achieve the same results in a more concise way. enter: 192.3. Revision A. For example.0 network is 11111111.168. hence the /27 after the network address.11111111.168. type a command similar to the following: # route -f add net 192.Configuring Static Routes To cause the routing table to flush before the remaining options are evaluated.224.168.255.3.0/4 ‘uname -n‘ Note – You can find the command syntax in the /lib/svc/method/net-svc SMF method file.2.0 network that uses a netmask of 255. There are 27 ones (1s) in the binary netmask.0/27: gateway sys31ext # Configuring Routing Copyright 2005 Sun Microsystems. All Rights Reserved.224 netmask for the 192.1 7-23 .255. use the -netmask option with the route command. to add a route to the 192. use the flush option in combination with other options.

This ensures that the in.routed process learns of any changes.30. routes that are added. defined in the /etc/inet/networks file.routed process does not detect any routing table changes that are performed by other programs on the machine.30.routed process. shut down the in.31 # Note – Use of the metric argument in the route command is no longer supported.168. Therefore. Network names can also be used to define routes. and then restart the in.1 . or flushed as a result of the route command. for example.routed process. 7-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.routed process is running. All Rights Reserved. type a command similar to the following: # route add net two 192.Configuring Static Routes Note – The in. Instead. Sun Services.31 add net two: gateway 192. Inc. Revision A. do not perform these types of changes while the in. make the required changes.168. deleted. To add a route to the two network.

RIP is an Application layer protocol. split horizons. RIP maintains only the best route to a destination. RIPv1 and RIPv2 are bundled with the Solaris 10 OS. These stability features include a hop-count limit. RIP version 1 does not support VLSM or CIDR. Inc. Metric = 1 (propagated to route tables) Router Router Source Host Router Destination Metric = 2 (discarded) Host Figure 7-8 Least Hop Count RIP specifies a number of features that make its operation more stable in the face of rapid network topology changes. Distance-Vector Protocols Distance-vector algorithms compute the least-cost path of a route by using information that is exchanged with other routers. Figure 7-8 shows the least hop count between a source host and a destination host. This distance is measured by a metric known as a hop. RIP Version 1 RIP version 1 is a distance-vector protocol that exchanges route information between IP routers.1 7-25 . All Rights Reserved. triggered updates. only the first path with the lowest hop count is maintained. Revision A. Configuring Routing Copyright 2005 Sun Microsystems. hold-down states. This information describes how far away (in distance) reachable networks are from the sending or receiving system. When multiple paths to a destination exist. The efficiency of a route is determined by its distance from the source to the destination. and route poisoning. Sun Services.Configuring Dynamic Routing Configuring Dynamic Routing RIP is a routing protocol that is used commonly on computer systems to provide dynamic routing. The total number of hops is called the hop count.

The hold-down period is usually calculated to be just greater than the period of time that is necessary to update the entire network with a route change. These routers then calculate new routes and send route update messages to inform their neighbors of the route change. This activity begins a wave of route updates that filter through the network. Revision A. In this case. The maximum hop count of RIP greatly restricts its use in large networks but prevents a problem called count to infinity from causing endless network routing loops. This upper limit of 15 does not cause problems since RIP is an IGP and is used within autonomous systems only. Split Horizons Split horizons derive from the fact that it is never useful to send information about a route back in the direction from which it came. Triggered Updates Triggered updates propagate changing route information quickly throughout the network. Hold-down states tell routers to hold down any changes that can affect recently removed routes for a specified period of time. neighboring routers detect this condition. When a route goes down.Configuring Dynamic Routing Hop-Count Limits RIP permits a maximum hop count of 15. As the router becomes aware that new routes are available or that existing routes are not available. A destination greater than 15 hops away is tagged as unreachable. These updates do not instantly arrive at every network device. It is possible that a device that has yet to be informed of a network failure can send a regular update message (indicating that a route that has just gone down is still available) to a device that has just been notified of the network failure. Hold-Down States Hold-down states prevent regular update messages from inappropriately reinstating a route that has gone bad. the latter device now contains (and potentially advertises) incorrect route information.1 . All Rights Reserved. Inc. it advertises this information immediately rather than waiting until the next 30-second (default) advertisement interval occurs. 7-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. The split-horizon rule prohibits this from happening. This helps prevent two-node routing loops. Sun Services.

Configuring Dynamic Routing Route Poisoning When a router learns that a destination is no longer available.0. q Note – RIP version 2 is defined in RFC 2453. This is to ensure that other systems do not attempt to use the bad route. RIPv2 has the following characteristics: q q RIPv2 supports VLSM and non-byte-bounded subnet masks. RIPv2 includes support for simple authentication of messages.9 multicast address is reserved for RIPv2. it issues a triggered update for that destination. while maintaining backward compatibility combined with the simplicity of RIPv1. All Rights Reserved. RIPv2 uses muticast to advertise routes. and the hosts and routers remove the route entry. Inc.0. RIP Version 2 RIP version 2 was developed to address some of the limitations of RIPv1. Configuring Routing Copyright 2005 Sun Microsystems. All other hosts and routers consider the destination as unreachable. The 224.1 7-27 . Sun Services. Revision A. This update includes a hop-count advertisement of 16.

Stopping and Starting the in.routed daemon use the information.routed daemon causes a system to broadcast its own routing information if IP forwarding and IP routing are enabled by the routeadm command. all hosts receive the information. To view the current configuration. A router sends routing information to the networks to which it is directly connected every 30 seconds.routed Daemon The in.pid‘" "/usr/lib/inet/in.routed daemon. only those hosts listening for the RIPv2 multicast address process the information.routed daemon. If RIPv1 broadcasts are being processed. If RIPv2 multicasts are being processed. Routers and non-routers run the in.1 . Inc.routed" "" "kill -TERM ‘cat /var/tmp/in.routed.routed daemon is started at boot time if the ipv4-routing option is specifically enabled by using the routeadm command.ripngd" "-s" "kill -TERM ‘cat /var/tmp/in.Configuring Dynamic Routing The in. or if the /etc/defaultrouter file is empty or does not exist. The routeadm command is used to control whether a system runs the in.pid‘" 7-28 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. Sun Services. You cannot change this time interval. The /usr/sbin/in. type the routeadm command with no arguments: # routeadm Configuration Option IPv4 forwarding IPv4 routing IPv6 forwarding IPv6 routing IPv4 routing daemon IPv4 routing daemon args IPv4 routing daemon stop IPv6 routing daemon IPv6 routing daemon args IPv6 routing daemon stop # Current Configuration default default default default (disabled) (enabled) (disabled) (disabled) Current System State disabled enabled disabled disabled "/usr/sbin/in. The in.ripngd. but only those hosts that run the in.routed daemon can be stopped and started on the command line by using the routeadm command. All Rights Reserved.routed Daemon RIPv1 and RIPv2 are implemented by the /usr/sbin/in.routed routing daemon and whether a system forwards IP packets between networks.

but does not change the current configuration of the system. All Rights Reserved. Inc. To cause the system to revert to default behavior at system boot (start the in.conf file to list the argument as enabled explicitly. Revision A. type the command: # routeadm -u -e ipv4-routing # The -d option changes the contents of the /etc/inet/routing.conf file.routed daemon.conf file to list the argument as disabled explicitly. Note – Using the routeadm command without the -u option causes the configuration to be changed in the /etc/inet/routing.conf file. The -e option changes the contents of the /etc/inet/routing.1 7-29 .Configuring Dynamic Routing To stop the in. Sun Services. type the command: # routeadm -u -d ipv4-routing # To start the in. The -u option updates the system’s current configuration by using the contents of the /etc/inet/routing.routed daemon. type the command: # routeadm -r ipv4-routing # Configuring Routing Copyright 2005 Sun Microsystems.routed daemon unless the /etc/defaultrouter file is not empty).

not between routers. The in. Some disadvantages of the RDISC protocol are: q An advertisement period of 10 minutes can result in a black hole.rdisc daemon is still present in the Solaris 10 OS. such as RIP.0. Sun Services.1 multicast address every 600 seconds (10 minutes).routed process builds a default route entry for each router from which an advertisement is received. A black hole is the time period in which a router path is present in the table.1 . Inc.1 multicast address for these router advertisement messages.0. RFC 1256 specifies the format of related ICMP messages.rdisc daemon.routed daemon advertise their presence by using the 224. create the entry: rdisc_interval=100 7-30 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. to change the advertisement interval to 100 seconds. The default lifetime for a non-advertised route is 30 minutes (three times the advertising time interval). Routers must still run a routing protocol.routed daemon listen to the 224.routed daemon implements the RDISC Protocol. The RDISC protocol provides a default route from hosts to routers. For example. While the in. q The behavior of the RDISC protocol can be controlled by entries in the /etc/gateways file.routed daemon has been enhanced to include equivalent route discovery funtionality. to learn about other networks. All Rights Reserved. Some advantages of the RDISC Protocol are that it: q q q q Is independent of routing protocol Uses a multicast address Results in small routing tables Provides redundancy through multiple default-route entries Note – The RDISC Protocol was previously implemented by using the in.Configuring Dynamic Routing The RDISC Protocol The RDISC Protocol sends and receives router advertisement messages pertaining to default routes. but the router is not actually available. Revision A. it is no longer started at system boot. Non-routers running the in. the in. In the Solaris 10 OS. Routers that run the in.0. The in.0.

Inc. However. All Rights Reserved. which might initiate a denial of service attack if the newly specified router is not a router at all. The drawback to this method of routing is that for every ICMP redirect. Sun Services. it redirects the datagram using the better or only route and reports that route to the sender.com/solutions/blueprints/1200/ network-updt1. ICMP redirects occur when a system uses more than one default route. Figure 7-9 on page 7-32 shows an ICMP redirect process where the sys21 system needs to communicate with the server1 system and has a default route of sys11.Configuring Dynamic Routing ICMP Redirects ICMP provides control and error messages. all of which can be spoofed easily. there is a separate entry in the sending system’s routing table. Refer to the Sun BluePrints™ document Solaris Operating Environment Network Settings for Security. ICMP datagrams are always encapsulated in IP. Revision A. The sending system’s routing table is updated with the new information.sun. This action can lead to a large routing table. If the router determines a more efficient route. available at: http://www. Caution – An attacker might forge redirect errors to install false routes. this method of routing also ensures that the datagrams that are going to all reachable hosts are taking the shortest route. The information does reach the server1 system and the sys11 system sends an ICMP redirect to the sys21 system. There are rules governing valid redirect errors. Use this ndd command to ignore IPv4 ICMP redirect errors: ndd -set /dev/ip ip_ignore_redirect 1. ICMP on a router or gateway attempts to send reports of problems to the original source if an IP datagram cannot be delivered for some reason. Configuring Routing Copyright 2005 Sun Microsystems.pdf.1 7-31 . telling it that the best route to the server1 system is through the instructor system. or if there is only one way to forward the datagram.

Revision A. All Rights Reserved.Configuring Dynamic Routing server1 4 5 Datagram Datagram #telnet server1 sys21 3 ICMP Redirect 1 Datagram 2 Datagram instructor sys11 Figure 7-9 ICMP Redirect 7-32 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 . Sun Services. Inc.

All Rights Reserved. Configuring Routing Copyright 2005 Sun Microsystems.0. CIDR is documented in RFC 1517. and is a way to make more-efficient use of the IP address space.X. The value Y is an integer value that specifies the number of 1s in the netmask.X/Y.Introducing CIDR Introducing CIDR The rapid growth of the Internet in the early 1990s created concerns about the ability to scale and support future growth. The network prefix is expressed in the following notation: X. and the remaining 14 bits identify the host. The first 18 bits identify the network. and RFC 1520. Revision A. and Class C) Block address allocation Hierarchical routing Operation of CIDR CIDR uses classless addresses. dramatically increase the number of routes in the routing table. Netmasks are referred to as network prefixes and are used to create networks of varying sizes. RFC 1518. The solution became known as CIDR. The most severe problems are: q q Impending depletion of Class B networks Increasing the size of routing tables Depletion of Class B networks creates a problem for large organizations because Class C addresses with 254 as their maximum number of host addresses are not large enough. RFC 1519.192.255. Assigning multiple Class C networks to companies will. Class B. over time. Sun Services. Purpose of CIDR A task force was created by the Internet Engineering Task Force (IETF) to develop a solution to the scale and growth problems. Three important features of CIDR that address scalability and growth issues for the Internet are: q q q Elimination of network classes (Class A. Large routing tables cause poor router performance because the router spends excessive time performing address lookups.X. For example. Inc. or supernetting.1 7-33 . using /18 is equivalent to a netmask of 255.

The systems on the supernetted networks must all use the following in order to properly communicate without a router: q q Network address – 192.168.nnnnnnnn.2/24 (11000000.168.ss0000000 10nnnnnn. or 255. Sun Services.255. 0xfffffe00.pp000000. Supernetting is the combining of two or more contiguous network addresses. Evolution of Routing Protocols Classful Routing Protocols Network Route Subnet Route Host Route 10nnnnnn. 192.0) and 192.255. Revision A.10101000.sshhhhhhh Classless Routing Protocols pppppppp.254.00000000 10nnnnnn.1 .0/23 Broadcast address – 192.ssssssss. but they are not used in the Solaris 10 OS.0) can be supernetted by using a prefix of /23 (11000000. or 255. or 255.nnnnnnnn.Introducing CIDR Figure 7-10 shows an example of a CIDR prefix. Inc. The 192.255.168.0 addresses are valid host addresses.2. All Rights Reserved.00000011.ssssssss.3. 0xffffff00.0000001X.00000000.00000000 Prefix Route Prefix Length n = Network s = Subnet h = Host Figure 7-10 CIDR Prefix This use of variable length subnet masks means making efficient use of network address space by supernetting or subnetting.255.1–192.168.pppppppp.2.0).3/24 (11000000.168. For example.3.168. 7-34 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.2.10101000.254 (510 addresses). 0xffffff00.10101000.255 and 192.00000010.255.nnnnnnnn.255 Valid host addresses for this supernetted network range from 192.168.168.3.

0 255. must be used on the router that connects this supernetted network to other networks.255 192.255.--172.255.255. Configuring Routing Copyright 2005 Sun Microsystems.239/23 broadcast + up # ifconfig -a lo0: flags=1000849<UP.2. A range of CIDR addresses is known as a CIDR block.0.-----. CIDR and VLSM make this aggregation and subdivision of address space possible.0 192.168.1 7-35 . even though there can be additional network addresses that are associated with the block.0. Subnetting is the application of a netmask on an IP address to divide the network up into smaller pieces.255 127. CIDR and VLSM permit a portion of the IP address space to be divided into successively smaller pieces.8.3.BROADCAST.LOOPBACK.0/22.3.20.RUNNING.0.0.1 lo0 8232* 0 1 UH # Out In/Fwd ---. an Internet service provider (ISP) could be allocated blocks of address space.106.Introducing CIDR Following is an example that configures an interface on this supernetted network: # ifconfig eri0 plumb 192.168.-----0 0 0 0 10 0 A CIDR and VLSM aware routing protocol.3.255.1 255.2. 204.239 eri0 1500* 0 1 U 127.168.168.221.MULTICAST.168. such as RIPv2.239 netmask fffffe00 broadcast 192. This support of network addresses eliminates the number of entries required in the backbone routing tables.168. for example. All Rights Reserved.0.--------------.6 255. Sun Services.255 ether 0:3:ba:2a:9d:7a # netstat -rnv IRE Table: IPv4 Destination Mask Gateway Device Mxfrg Rtt Ref Flg --------------.255.--------------. For example.IPv4> mtu 8232 index 1 inet 127. The routing table entry for each ISP or organization reflects the first address in the block assigned to it. Inc. These smaller ISPs can then supply an even smaller subset of addresses to a customer or private organization.254 1500* 0 1 UGH 192.3.----. which they then assign in subset address blocks to smaller ISPs.MULTICAST.0.--.---.IPv4> mtu 1500 index 4 inet 192.1 netmask ff000000 eri0: flags=1000843<UP.254.RUNNING. Revision A.

Inc. Figure 7-11 CIDR Network Addresses It can be seen from Figure 7-11 that the four networks being considered have identical values in their first 22 bits. 7-36 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0 204.9.0 204. The networks can therefore be supernetted and a single route can be used to reach all four networks.106. if you consider the first 22 bits only of an address on any of these networks to represent the network portion of the address.1 . You can supernet four Class C networks.0 Figure 7-11 shows the network addresses that can result from applying different network prefixes. Based on 254 clients per Class C network. Therefore.10. every address on the four networks has the same network address.0 204.106. Revision A.106.106. the ISP requires four Class C networks. All Rights Reserved.11. Sun Services. for example: q q q q 204.Introducing CIDR Consider an ISP that requires IP addresses for 1000 clients.8.

106. while minimizing the number of routing table entries required.0. Configuring Routing Copyright 2005 Sun Microsystems.0/22 (1024 Host Addresses) 204.1 7-37 .8.8.536 Host Addresses) Internet 204.0.106. Revision A. All Rights Reserved.106.106.0/16 (65.106.0/20 (4096 Host Addresses) Address Range 204. Inc. Sun Services.Introducing CIDR Figure 7-12 shows an example of supernetting.106.0 Figure 7-12 Supernetting Example An ISP who is given a block of supernetted addresses can then divide the range into different sized blocks to suit the needs of their customers.0.106.0–204.0 204.7.11. 204.106.0/21 Internet Service Provider (2048 Host Addresses) Address Range 204.0.0–204.

IPv4 routing is enabled (the in. the setting is applied.conf file. Sun Services.routed daemon is started).routed daemon. IPv4 forwarding is disabled by default and must be enabled explicitly by using the routeadm command. If either option has not been set explicitly. 7-38 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. IPv4 routing is disabled if the /etc/defaultrouter file is not empty. If the ipv4-routing or ipv4-forwarding options are set explicitly to either enabled or disabled. The /etc/inet/routing.1 . The ipv4-forwarding option refers to whether a system will be configured to forward packets between networks.conf file contains two options regarding route configuration on a Solaris 10 system: ipv4-routing and ipv4-forwarding. All Rights Reserved. Revision A. the system first checks the contents of the /etc/inet/routing. Inc. then the system determines whether or not to enable or disable each option. If the /etc/defaultrouter file is not present. The ipv4-routing option refers to whether a system will start the in. Initializing a Router When a system boots. or is empty.Configuring Routing at Boot Time Configuring Routing at Boot Time The behavior of a Solaris 10 system in regard to route configuration is different to previous versions of the Solaris OS.

Inc. Start Disable IPv4 forwarding /etc/defaultrouter exist? Does Yes Disable IPv4 routing No IPv4 routing enabled by routeadm? No Disable IPv4 routing Yes Enable IPv4 routing IPv4 forwarding enabled by routeadm? No Disable IPv4 forwarding Yes Enable IPv4 forwarding End Figure 7-13 IPv4 Router Initialization Configuring Routing Copyright 2005 Sun Microsystems. Sun Services. All Rights Reserved. Revision A.Configuring Routing at Boot Time Figure 7-13 shows how the /lib/svc/method/net-init method configures a system for IPv4 forwarding and routing.1 7-39 .

2. For example. In the Solaris 10 OS. Verify that the /etc/hostname. Sun Services. all systems with two or more physical network interfaces are multihomed hosts by default. you create the /etc/hostname.1 . Create an /etc/hostname. Inc. 2. All Rights Reserved.routed daemon: # routeadm -u -d ipv4-routing # routeadm -u -e ipv4-routing # The system now functions as a router. Do one of the following: q Turn on IP forwarding on all of the interfaces: Turn on IP forwarding for specific interfaces: # routeadm -u -e ipv4-forwarding q # ifconfig specific_interface router 3.qfe2 file. complete the following steps: 1.Configuring Routing at Boot Time Configuring a Router Without Rebooting To configure a Solaris OS system as a router without rebooting. Stop and restart the in.interface file for each additional network interface that is installed in the system. To create a multihomed host. Initializing a Multihomed Host A multihomed host is a system with two or more physical network interfaces that does not forward IP datagrams between the networks to which it is attached. containing contents similar to the following: # cat /etc/hostname. Revision A. complete the following steps: 1. if the qfe2 interface is to be enabled and known on the network. 7-40 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.qfe2 sample-hostname-for-qfe2 # This causes the interfaces to be configured by the SMF methods at boot time. Become a superuser on the prospective multihomed system.interface and the /etc/inet/hosts files are configured properly.

1 netmask + broadcast + # 2.1 7-41 . use the routeadm command to disable IP forwarding on all interfaces by typing the following command: # routeadm -u -d ipv4_forwarding Configuring Routing Copyright 2005 Sun Microsystems. The entry looks similar to the following: # grep sample /etc/inet/hosts 192. Do either of the two following procedures: q q Reboot the system with the init 6 command.168. Use the ifconfig command to configure the new interface as appropriate. Complete the following steps to enable the configuration without rebooting: 1.1 sample-hostname-for-qfe2 # 4. Use the ifconfig command to enable the interface: Initializing a Non-Router Disabling IP forwarding stops a router from forwarding packets between the networks to which it is connected. but do not enable the interface at this stage: # ifconfig qfe2 plumb 192.Configuring Routing at Boot Time 3. Use the routeadm command to disable IP forwarding explicitly: # routeadm -u -d ipv4_forwarding # 3.19. # ifconfig qfe2 up # The system is now a multihomed host that has connectivity to more than one network and can be used without concern of advertising routes and potentially causing routing issues on any of the networks to which it belongs. Revision A. Sun Services.19. All Rights Reserved. Add an entry to the /etc/inet/hosts file so that the interface can be assigned an IP address at boot time.168. Inc. To initialize a non-router.

Troubleshooting the Router Configuration When troubleshooting a problem. netmask.31 netmask ffffff00 broadcast 192.30.168. Router configuration and troubleshooting relies on mastering other basic network skills.RUNNING.Troubleshooting Routing Troubleshooting Routing One of the most challenging tasks that a network administrator has to perform is troubleshooting routing. if you are configuring the qfe0 interface. check the contents of the /etc/inet/hosts file. to verify that the hostname. and broadcast entries. type the command: 113 Nov 16 14:58 /etc/hostname.qfe.qfe.BROADCAST. q The correct device and file name are defined for the interface. Inc. If the netmask and broadcast addresses are wrong. to determine if the qfe0 interface is configured as expected. If the IP address is set incorrectly. to determine if the qfe interface is in the device tree.30. SUNW. SUNW. verify the following: q The device information tree recognizes the additional interfaces. All Rights Reserved. For example. examine the inet (IP address).255 ether 8:0:20:ac:9b:20 # If the interface is up. For example.168. Sun Services. use the following command: instance instance instance instance #0 #1 #2 #3 # prtconf | grep qfe SUNW.qfe.qfe. and make sure that they are set correctly. use the following command: # ifconfig qfe0 qfe0: flags=1000843<UP.qfe0 -rw-r--r-1 root other # 7-42 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.qfe0 file is correct. # q The ifconfig command reports the interface to be configured as expected. Revision A.qfe0 # ls -al /etc/hostname. For example. and search for the interface with the grep command. check the contents of the /etc/inet/netmasks file.1 . SUNW. Use the prtconf command.MULTICAST.IPv4> mtu 1500 index 3 inet 192.

168. Sun Services.21 sys11-data-qfe1 192.1.30.168.interface file exists in the /etc/inet/hosts file and is associated with the correct address. to determine if qfe0 has an assigned host name of sys11ext. to determine if sys11 has an assigned IP address of 192. type the command: # cat /etc/hostname. For example.51 sys11-test-hme0 192. type the command: # grep sys11 /etc/inet/hosts 192.1 7-43 .1.Troubleshooting Routing q The name that is assigned to the interface is correct.31 sys11ext 192.1.1. Inc.qfe0 sys11ext # q The name that is defined in the hostname.71 sys11-test-qfe1 # # # # # Data address for hme0 Data address for qfe1 qfe0:1 Test address for hme0 qfe1:1 Test address for qfe1 Configuring Routing Copyright 2005 Sun Microsystems. For example.1 sys11 192.1. Revision A. All Rights Reserved.1.168.168.168.168.

168. displays routing table information. Revision A.0.0 127. For example: # netstat -r Routing Table: IPv4 Destination -------------------three one two 192. Sun Services. To report addresses as numbers instead of names. use the -n option with the netstat command.168.168.0.30. This can lead to errors when you configure a new interface.168.30.2.0 192.----.168.1.-----.168.----.31 U 1 176 qfe0 192. For example: # netstat -rn Routing Table: IPv4 Destination -------------------192. when used with the -r option.----.30.32 UG 1 0 192.--------sys33ext UG 1 0 sys11 U 1 189 hme0 sys32ext UG 1 0 sys11ext U 1 175 qfe0 sys11 U 1 0 hme0 localhost UH 3 132 lo0 Observe how some of the destinations have names instead of numbers.Troubleshooting Routing Troubleshooting Network Names The netstat command.168.1 U 1 191 hme0 192.1 U 1 0 hme0 127.0.0 192.0.0 192.168.0.3.0.30.168.1.0.168.-----.0 224.0.1 # Gateway Flags Ref Use Interface -------------------.0 localhost # Gateway Flags Ref Use Interface -------------------.33 UG 1 0 192.1. Inc.--------192.0 224.1 UH 3 132 lo0 7-44 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved.30.----.1 .

1 7-45 . Your /etc/inet/hosts file should have contents similar to the following: # cat /etc/inet/hosts # # Internet host table # 127.4 sys14 # 192.1.2.1 sys31 192.1.168. At times. Inc.168.3.1 sys11 192. Populate your system’s /etc/inet/hosts file with all of the hosts in the class network if this is not already done. Preparation Refer to the lecture notes as necessary to perform the tasks listed.168.4 sys34 # 192. you are instructed to work as a group on the system that is your subnet’s router.2.168.3.168.168.3 sys13 192.3.3 sys33 192.0.4 sys24 # 192.168.2 sys12 192.2.168.31 sys11ext 192.168.168.32 sys21ext 192.30.30.30.1 sys21 192. Sun Services.1.1 localhost # SA-300-S10 host information 192.2 sys32 192.3 sys23 192.30.168.33 sys31ext 192.2.1.168.168. Be sure to watch for prompts in the task steps to ensure that you are working on the correct system.168. Revision A.0.168.3.30 instructor # loghost # router to get to instructor->Internet # router to get to instructor->Internet # router to get to instructor->Internet Configuring Routing Copyright 2005 Sun Microsystems. you configure a Sun Microsystems workstation as a router and use the route command to configure the system’s routing tables manually.Exercise: Reviewing Routing Configuration Exercise: Reviewing Routing Configuration In this exercise.168.2 sys22 192. All Rights Reserved.

168. Inc. Revision A.168.2 sys22 sys32 .0 192.xxx. the command output will not match the solutions properly for the exercises.1 sys11 . Figure 7-14 shows the classroom’s network diagram. All Rights Reserved.3 .1 .0 .0 Internet .31 192. verify that its second interface is not configured.1.168. Sun Services.33 192. If the interface is configured.xxx.xxx 192. instructor xxx.32 .4 sys24 sys34 .30 .Exercise: Reviewing Routing Configuration Caution – If your system is designated by the instructor as being a router.30. Take a few moments to familiarize yourself with the diagram.3 sys23 sys33 .2 .4 Figure 7-14 Classroom Network Diagram 7-46 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0 .4 sys14 .168.1 .2 sys12 .2 sys13 .2.1 sys21 sys31 .3.

Revision A. _____________________________________________________________ _____________________________________________________________ Configuring Routing Copyright 2005 Sun Microsystems. Sun Services. define each of the following routing schemes: a. describe the differences between an interior gateway protocol and an exterior gateway protocol. In your own words. Define the term autonomous system. All Rights Reserved. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 5. In your own words. Dynamic route ________________________________________________________ ________________________________________________________ ________________________________________________________ c. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 4. Default route ________________________________________________________ ________________________________________________________ ________________________________________________________ 2. Give two examples of an interior gateway protocol. Static route ________________________________________________________ ________________________________________________________ ________________________________________________________ b.Exercise: Reviewing Routing Configuration Tasks Complete the following steps: 1. Inc.1 7-47 . What is a multihomed host? _____________________________________________________________ _____________________________________________________________ 3.

and use the ifconfig command or reboot the system to remove the interface configuration. Give two examples of an exterior gateway protocol. Sun Services. _____________________________________________________________ _____________________________________________________________ 7. or C) is assigned to your system? ________________________________________________________ b. write the netmask and broadcast values of the Ethernet interface. How many bits of your IPv4 address are currently being used for your network address? ________________________________________________________ 7-48 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. B. The success of this exercise depends on your system having only one configured physical interface. Reboot the system in order to restore it to a default state for this exercise. Before making any changes to the interfaces. 2. a. If the /etc/defaultrouter file or the /etc/gateways file exists on your system: 1. Explain the purpose of ICMP redirects. Command used: ______________________________________________ Netmask: ____________________________________________________ Broadcast: ___________________________________________________ Caution – Do not proceed if your system has more than one physical interface configured. remove the relevant /etc/hostname. Remove the file/s.Exercise: Reviewing Routing Configuration 6. Revision A. If additional interfaces are configured.1 . Inc. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ Subnet Group: Working on the Routers 8. All Rights Reserved. Which class of IPv4 address (A.interface files.

Write down which route destinations are available. b. Verify that the name to be associated with the second interface that is used in the /etc/hostname. Sun Services. Use the netstat -r command to observe your current routing table. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ Subnet Group: Working on the Routers 13. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ Individually: Working on Non-Router Systems 12. If it does not. Use the netstat command with the -rn options.Exercise: Reviewing Routing Configuration 9. a. edit the /etc/inet/hosts file. Use the ps command to determine if the routing daemon is currently running on the system. Configure the router for your subnet.interface file exists in the /etc/inet/hosts file. Revision A. All Rights Reserved. Create the /etc/hostname. and place an appropriate name in the file. Use the ps command to determine if the routing daemon is currently running on the system. Configuring Routing Copyright 2005 Sun Microsystems. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 10. and place the host name in it so that the second interface is configured automatically at boot time.interface file for your system’s second interface.1 7-49 . What is the difference between this output and the previous netstat -r output? _____________________________________________________________ 11. Inc.

Verify that each router is correctly configured. a. Write the command that you use: _____________________________________________________________ 16. Determine that the routing daemon is running on the router. ________________________________________________________ ________________________________________________________ ________________________________________________________ What does this daemon do? ________________________________________________________ ________________________________________________________ ________________________________________________________ 7-50 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. Write the command that you use: _____________________________________________________________ Note – Do not proceed beyond this point until everyone in the class has completed this step. All Rights Reserved. Display the configuration of each network interface. Which network destinations are now available? ________________________________________________________ ________________________________________________________ ________________________________________________________ c.Exercise: Reviewing Routing Configuration 14. Reboot the router.1 . Inc. Display the contents of the routing table. Sun Services. How many external interfaces are configured and running now? ________________________________________________________ b. Configure IP forwarding and IP routing for IPv4 to become enabled on the next boot of the router. 15.

Exercise: Reviewing Routing Configuration Individually: Working on Non-Router Systems Caution – Do not proceed if your system has more than one physical interface configured. Run the netstat -r command. and record the current network destinations. Determine if the routing daemon is running on each non-router system. Revision A. Complete the following steps: a. Run the ifconfig -a command.1 7-51 . ________________________________________________________ ________________________________________________________ Why is this daemon running? ________________________________________________________ ________________________________________________________ b. Sun Services. The success of this exercise depends on your system having only one configured physical interface. 17. Remove the file/s. and use the ifconfig command or reboot the system to remove the interface configuration. and record the current netmask and broadcast values. If additional interfaces are configured. ________________________________________________________ ________________________________________________________ ________________________________________________________ c. If the /etc/defaultrouter file or the /etc/gateways file exists on your system: 1. ________________________________________________________ ________________________________________________________ ________________________________________________________ Configuring Routing Copyright 2005 Sun Microsystems.interface files. 2. All Rights Reserved. Inc. Reboot the system in order to restore it to a default state for this exercise. remove the relevant /etc/hostname.

0. Write the command that you use: _____________________________________________________________ Subnet Group: Working on Your Router System 20. Start the snoop utility on the router to watch for network traffic associated with multicast address 224.2 as the non-routers reboot.0. Write the command that you use: _____________________________________________________________ Individually: Working on Non-Router Systems 19. Observe the snoop output on the router system. Reboot your non-router workstation. (Hint: Use the icmp option on the snoop command line. Use the ps command on the non-router systems to determine if the routing daemon is now running. Sun Services. Be prepared to see ICMP router advertisements after the next step. Which new type of entry is now present? How was it entered into the routing table? _____________________________________________________________ 22. Inc. Write the command that you use: _____________________________________________________________ Why is this daemon running? _____________________________________________________________ 7-52 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.) Be sure to use the snoop utility on the appropriate interface for the network that you want to monitor.Exercise: Reviewing Routing Configuration Subnet Group: Working on Your Router System 18. Revision A. Individually: Working on Non-Router Systems 21.1 . All Rights Reserved. and observe the change to the routing tables. Use the netstat -r command.

26. Write the command that you use: _____________________________________________________________ 24. as reported by the snoop trace? ________________________________________________________ What protocol did the router notification use? ________________________________________________________ What was the destination IP address of the router notification? ________________________________________________________ b.routed daemon terminated gracefully? ________________________________________________________ What was the ETHER destination. c. What is missing? _________________________________________________ Note – Do not proceed beyond this point until everyone in the class has completed this step. Did you see the router notification when the in. View the output from the snoop utility.routed daemon terminates gracefully. Hint: Look for multicasts and ICMP messages. All Rights Reserved.Exercise: Reviewing Routing Configuration Subnet Group: Working on Your Router System 23. d. Examine the snoop trace. Write the command that you use: _____________________________________________________________ 25. Inc. Revision A. and then start a verbose snoop trace in a separate window on your router system. Terminate the snoop trace that you had running. Use the netstat command to view the routing tables on one of the non-router systems.routed process on the router. Verify that the process has been terminated. Working in a new window. Configuring Routing Copyright 2005 Sun Microsystems. a. use the routeadm command to terminate the in.1 7-53 . Look for the router notification when the in. Write the command that you use: _____________________________________________________________ Individually: Working on Non-Router Systems 27. Sun Services.

Exercise: Reviewing Routing Configuration

Subnet Group: Working on Your Router System
28. Verify that the snoop session started earlier on your router is still running, and then start the in.routed process on your router system, changing the advertisement interval to 90 seconds by placing the appropriate entry in the /etc/gateways file. What entry do you place in the /etc/gateways file? _____________________________________________________________ Which command do you use to restart the in.routed daemon? _____________________________________________________________ Observe ICMP and other traffic as the in.routed daemon is started.

Individually: Working on Non-Router Systems
29. Use the netstat command to view the routing tables on one of the non-router systems to verify that the default route has been inserted into the routing table. Write the command that you use: _____________________________________________________________ In this section, you test to see how long it takes for the default route to be removed when no communications are received from a router. You use the 9 (KILL) signal to kill the in.routed daemon, so that the daemon does not have a chance to advertise that it is going down. 30. On a non-router, use the date and netstat commands to determine how long before the default route entry is removed. Note – The while statement syntax assumes that you are using the Bourne shell: while true > do date; netstat -rn | grep default; sleep 20 > done

7-54

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise: Reviewing Routing Configuration

Subnet Group: Working on Your Router System
31. Simulate a router crash, and kill the in.routed daemon on the router again, but use the 9 (KILL) signal this time. Write the command that you use: _____________________________________________________________

Individually: Working on Non-Router Systems
32. Watch the output from the script, and keep track of the time. When the default entry stops being reported, subtract the start time from the finish time to determine how long the system took to remove the default route entry. Approximately how long did it take for the default entry to be removed from the table? _____________________________________________________________ When done, stop the script by pressing the Control+C key sequence. 33. Stop the in.routed daemon on the non-router systems. Write the command that you use: _____________________________________________________________ Caution – Do not proceed beyond this point until everyone in the class has completed this step.

Individually: Working on All Systems
34. Flush the routing tables on routers first and then the non-router systems. Write the command that you use: _____________________________________________________________

Individually: Working on Non-Router Systems
35. Working on a non-router system, use the ping command to attempt to contact a non-router system on one of the other subnets. What is the response from the ping command? _____________________________________________________________

Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

7-55

Exercise: Reviewing Routing Configuration

Subnet Group: Working on Your Router System
36. Add routes manually to the other subnets by using the route command. Write the commands that you use: _____________________________________________________________ _____________________________________________________________ _____________________________________________________________

Individually: Working on Non-Router Systems
37. Add routes manually by using the route command to the remote subnets. Write the commands that you use. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ Caution – Do not proceed beyond this point until everyone in the class has completed this step.

7-56

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise: Reviewing Routing Configuration

Individually: Working on All Systems
38. Working on all systems, observe the routing tables. Write the command that you use: _____________________________________________________________

Individually: Working on Non-Router Systems
39. Working on a non-router system, use the ping command to attempt to contact a non-router system on one of the other subnets. What is the response from the ping command? _____________________________________________________________ 40. Edit the contents of the /etc/inet/networks file, and add the one, two and three network names. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 41. Observe the changes to the routing table on all non-router systems. Write the command that you use: _____________________________________________________________ Are the networks described in the /etc/inet/networks file present in the routing table? _____________________________________________________________ Note – Do not proceed beyond this point until everyone in the class has completed this step. 42. Reboot the routers. Schedule a job so that the non-routers reboot two minutes later. Check to see if the in.routed daemon was started on each of the non-router systems. Explain why you see the results that you do. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________

Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

7-57

Exercise: Reviewing Routing Configuration

Subnet Group: Working on Your Router System
Perform the following steps to leave your router system in a known routing configuration for subsequent exercises: 43. Configure to enable IPv4 routing when the system next boots. _____________________________________________________________ 44. Configure to enable IPv4 forwarding when the system next boots. _____________________________________________________________ 45. If they exist, remove the /etc/gateways and /etc/defaultrouter files. _____________________________________________________________ Caution – Do not proceed beyond this point until everyone in the class has completed this step. 46. Reboot the system. _____________________________________________________________

Individually: Working on Non-Router Systems
Perform the following steps to leave your non-router system in a known routing configuration for subsequent exercises: 47. Remove the /etc/inet/routing.conf file. _____________________________________________________________ 48. If they exist, remove the /etc/gateways and /etc/defaultrouter files. _____________________________________________________________ 49. Reboot the system _____________________________________________________________

7-58

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Summary

Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues, or discoveries you had during the lab exercise.
q q q q

!
?

Experiences Interpretations Conclusions Applications

Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

7-59

Exercise Solutions

Exercise Solutions
Solutions to the exercise are as follows: 1. In your own words, define each of the following routing schemes: a. Static route Static routes are routes that are do not time-out and must be removed manually. Rebooting the system removes the static entries. The most common static entry is a system that routes datagrams to the locally connected networks. b. Dynamic route Dynamic routing means that the routing environment changes. Dynamic routing identifies other network destinations that are not connected directly but are reachable through a router. After the routing table identifies the other reachable networks, the identified router can forward or deliver the datagrams. c. Default route A default route is a table entry that permits a system to define default routes to use if a route entry for a specific destination does not exist. It is used for all indirectly connected workstations. The default routers must be reliable. There is no need to define every reachable network. All indirectly connected datagram destinations go to the default router. 2. What is a multihomed host? A multihomed host is a host that has more than one physical network interface and does not forward IP datagrams between networks. 3. Define the term autonomous system. An autonomous system is a collection of networks and routers under a single administrative control. This intentionally broad definition was incorporated into the Internet to handle overly large routing tables. 4. In your own words, describe the differences between an interior gateway protocol and an exterior gateway protocol. A routing protocol used within an autonomous system is called an interior gateway protocol. A routing protocol that communicates routes between autonomous systems is called an exterior gateway protocol. 5. Give two examples of an interior gateway protocol. OSPF protocol and RIP.

7-60

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Solutions 6. 7. Give two examples of an exterior gateway protocol. EGP and BGP. Explain the purpose of ICMP redirects. ICMP redirects are used most commonly when a system uses default routing. If the router determines a more efficient way to forward the datagram, it redirects the datagram using the best route and reports the correct route to the sender.

Subnet Group: Working on the Routers
8. Before making any changes to the interfaces, write the netmask and broadcast values of the Ethernet interface.

router# ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255 ether 8:0:20:b9:72:23 The netmask is ffffff00. The broadcast address is 192.168.1.255. Caution – Do not proceed if your system has more than one physical interface configured. If additional interfaces are configured, remove the relevant /etc/hostname.interface files, and use the ifconfig command or reboot the system to remove the interface configuration. The success of this exercise depends on your system having only one configured physical interface. If the /etc/defaultrouter file or the /etc/gateways file exist on your system: 1. Remove the file/s. 2. Reboot the system in order to restore it to a default state for this exercise. a. Which class of IPv4 address (A, B, or C) is assigned to your system? Class C (this might be different in your classroom). b. How many bits of your IPv4 address are currently being used for your network address? Twenty-four bits (this might be different in your classroom).

Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

7-61

Exercise Solutions 9. Use the netstat -r command to observe your current routing table. Write down which routing destinations are available.

router# netstat -r Routing Table: IPv4 Destination -------------------192.168.1.0 224.0.0.0 localhost

Gateway Flags Ref Use Interface -------------------- ----- ----- ------ --------sys11 U 1 0 hme0 sys11 U 1 0 hme0 localhost UH 2 6 lo0

10. Use the netstat command with the -rn options. What is the difference between this output and the previous netstat -r output? The netstat -rn command displays the table in numeric form. router# netstat -rn Routing Table: IPv4 Destination -------------------192.168.1.0 224.0.0.0 127.0.0.1

Gateway Flags Ref Use Interface -------------------- ----- ----- ------ --------192.168.1.1 U 1 0 hme0 192.168.1.1 U 1 0 hme0 127.0.0.1 UH 2 6 lo0

11. Use the ps command to determine if the routing daemon is currently running on the system. router# ps -ef | grep in[.] root 153 1 0 04:42:54 ? 0:00 /usr/sbin/in.routed

The in.routed process is running.

Individually: Working on Non-Router Systems
12. Use the ps command to determine if the routing daemon is currently running on the system. non-router# ps -ef | grep in[.] root 153 1 0 04:45:56 ? 0:00 /usr/sbin/in.routed

7-62

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Solutions

Subnet Group: Working on the Routers
13. Configure the router for your subnet. a. Create the /etc/hostname.interface file for your system’s second interface, and place the host name in it so that the second interface is configured automatically at boot time. For example, if your second interface is qfe0, the contents of the /etc/hostname.qfe0 file should be similar to: router# cat /etc/hostname.qfe0 sys11ext b. Verify that the name to be associated with the second interface that is used in the /etc/hostname.interface file exists in the /etc/inet/hosts file. If it does not, edit the /etc/inet/hosts file, and place an appropriate interface name in the file.

router# grep sys11ext /etc/inet/hosts 192.168.30.31 sys11ext # router to get to instructor->Internet 14. Configure IP forwarding and IP routing for IPv4 to become enabled on the next boot of the router. Write the command that you use: router# routeadm -e ipv4-forwarding router# routeadm -e ipv4-routing Caution – Do not proceed beyond this point until everyone in the class has completed this step. 15. Reboot the router. Write the command that you use: router# init 6

Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

7-63

Exercise Solutions 16. Verify that each router is correctly configured. a. router# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4, VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255 ether 8:0:20:b9:72:23 qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:ac:9b:20

Display the configuration of each network interface.

How many external interfaces are configured and running now? Two interfaces: hme0 and qfe0. The interfaces might be different on your system. b. router# netstat -r Routing Table: IPv4 Destination -------------------192.168.1.0 192.168.2.0 192.168.30.0 224.0.0.0 localhost Display the contents of the routing table.

Gateway Flags Ref Use Interface -------------------- ----- ----- ------ --------sys11 U 1 0 hme0 sys21ext UG 1 0 sys11ext U 1 1 qfe0 sys11 U 1 0 hme0 localhost UH 2 6 lo0 Which network destinations are now available? You should see the following routes if all of the groups in the classroom have configured their routers (you may have to wait up to 5 minutes):
q q q q q q

192.168.1.0 192.168.2.0 192.168.3.0 192.168.30.0 224.0.0.0 127.0.0.1 (localhost)

c.

Determine that the routing daemon is running on the router. 0:00 /usr/sbin/in.routed

router# ps -ef | grep in[.] root 94 1 0 10:52:12 ?

What does this daemon do? The /usr/sbin/in.routed daemon sends ICMP router advertisement messages and RIP messages.
7-64 Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Solutions

Individually: Working on Non-Router Systems
Caution – Do not proceed if your system has more than one physical interface configured. If additional interfaces are configured, remove the relevant /etc/hostname.interface files, and use the ifconfig command or reboot the system to remove the interface configuration. The success of this exercise depends on your system having only one configured physical interface. If the /etc/defaultrouter file or the /etc/gateways file exists on your system: 1. Remove the file/s. 2. Reboot the system in order to restore it to a default state for this exercise. 17. Complete the following steps: a. Determine if the routing daemon is running on each non-router system. 0:00 /usr/sbin/in.routed

non-router# ps -ef | grep in[.] root 156 1 0 13:31:57 ?

Why is this daemon running? The daemon is responsible for listening for ICMP router advertisements and RIP messages. b. Run the netstat -r command, and record the current network destinations.

non-router# netstat -r Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------192.168.1.0 sys12 U 1 1 hme0 192.168.2.0 sys11 UG 1 1 hme0 192.168.30.0 sys11 UG 1 1 hme0 224.0.0.0 sys12 U 1 0 hme0 localhost localhost UH 2 6 lo0 c. Run the ifconfig -a command, and record the current netmask and broadcast values.

non-router# ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4, VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000 hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255 ether 8:0:20:a4:8f:80

Configuring Routing
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

7-65

sys11 -> 224. Sun Services. Inc.1 sys11 -> 224.1 sys11 -> 224. Revision A.0.0. Observe the snoop output on the router system. Reboot your non-router workstation. (Hint: Use the icmp option on the snoop command line.0. Be prepared to see ICMP router advertisements after the next step.2 as the non-routers reboot.0. All Rights Reserved.1 .0. 7-66 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0.Exercise Solutions Subnet Group: Working on Your Router System 18.1 ICMP Router advertisement (Lifetime 1800s [1]: {sys11 0}) ICMP Router advertisement (Lifetime 1800s [1]: {sys11 0}) ICMP Router advertisement (Lifetime 1800s [1]: {sys11 0}) Notice that routers send direct advertisements to the multicast adddress to which clients are listening.0. router# snoop -d hme0 icmp Using device /dev/hme (promiscuous mode) Individually: Working on Non-Router Systems 19.0.) Be sure to use the snoop utility on the appropriate interface for the network that you want to monitor. Start the snoop utility on the router to watch for network traffic associated with multicast address 224. non-router# init 6 Subnet Group: Working on Your Router System 20.

and observe the change to the routing tables.Exercise Solutions Individually: Working on Non-Router Systems 21.--------192. and then start a verbose snoop trace in a separate window on your router system.-------------------. The system learns the default route from routers on the subnet through the router discovery ICMP messages. Use the ps command on the non-router systems to determine if the routing daemon is now running. 22. You can view the configuration by looking at the contents of the /etc/inet/routing. Inc. Use the netstat -r command. 0:00 /usr/sbin/in. router# routeadm -u -d ipv4-routing Configuring Routing Copyright 2005 Sun Microsystems.routed Subnet Group: Working on Your Router System 23.0. non-router# netstat -r Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------. router# snoop -v -d hme0 Using device /dev/hme (promiscuous mode) 24.168. non-router# ps -ef | grep in[.----.conf file. Sun Services. use the routeadm command to terminate the in. Terminate the snoop trace that you had running.routed process on the router.0 sys12 U 1 0 hme0 224.] root 91 1 0 12:36:05 ? Why is this daemon running? The in.-----.1.routed daemon is running because the daemon is invoked by default.0. This is controlled by the routeadm utility. Working in a new window.1 7-67 .0 sys12 U 1 0 hme0 default sys11 UG 1 0 hme0 localhost localhost UH 2 6 lo0 Which new type of entry is now present? How was it entered into the routing table? The newest entry is a default route.----. at boot time. All Rights Reserved. Revision A.

.0. Sun Services.1 . What was the ETHER destination. ETHER: ----. as reported by the snoop trace? 1:0:5e:0:0:1.1.0. 26.27 ETHER: Packet size = 50 bytes ETHER: Destination = 1:0:5e:0:0:1. Verify that the process has been terminated. Hint: Look for multicasts and ICMP messages..168.1. c. Revision A. Inc. Examine the snoop trace. What was the destination IP address of the router notification? 224. What protocol did the router notification use? ICMP..0. View the output from the snoop utility. All Rights Reserved.. . .routed daemon terminated gracefully.1. d. Look for the router notification when the in. Did you see the router notification when the in. sys11 IP: Destination address = 224.routed daemon terminated gracefully? Yes.1 ... 224. a. IP: Protocol = 1 (ICMP) IP: Header checksum = ea98 IP: Source address = 192.1.Exercise Solutions 25.0.0..0..Ether Header ----ETHER: ETHER: Packet 8 arrived at 12:46:52. (multicast) ETHER: Source = 8:0:20:ac:9b:20. b. router# ps -ef | grep routed root 94 1 0 10:52:12 ? 0:00 grep routed 7-68 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun ETHER: Ethertype = 0800 (IP) ETHER: .

and then start the in. All Rights Reserved.-----. What is missing? non-router# netstat -r Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------. Verify that the snoop session started earlier on your router is still running. Output from snoop trace: ETHER: ETHER: ETHER: ETHER: .1 7-69 .Exercise Solutions Individually: Working on Non-Router Systems 27.0 sys12 U 1 0 qfe0 localhost localhost UH 2 6 lo0 The default route through the sys11 system was removed. What entry do you place in the /etc/gateways file? rdisc_interval=90 Which command do you use to restart the in. Sun Services. (multicast) Source = 8:0:20:ac:9b:20.0 sys12 U 1 0 qfme0 224.--------192.0.168.routed process on your router system. . Packet 8 arrived at 16:39:16. Inc.1... changing the advertisement interval to 90 seconds by placing the appropriate entry in the /etc/gateways file.routed daemon? router# routeadm -u -e ipv4-routing Observe ICMP and other traffic as the in. Use the netstat command to view the routing tables on one of the non-router systems.. Sun Configuring Routing Copyright 2005 Sun Microsystems.0.----.-------------------. Note – Do not proceed beyond this point until everyone in the class has completed this step. Revision A.. Subnet Group: Working on Your Router System 28.72 Packet size = 50 bytes Destination = 1:0:5e:0:0:1.----.routed daemon is started.

-----. 30...1.0.0. You use the 9 (KILL) signal to kill the in. you test to see how long it takes for the default route to be removed when no communications are received from a router. On a non-router.1. Individually: Working on Non-Router Systems 29.1 .0. sys11 IP: Destination address = 224.168.----. use the date and netstat commands to determine how long before the default route entry is removed. non-router# while true > do > date > netstat -rn | grep default > sleep 20 > done Tue Dec 4 17:17:44 MST 2004 7-70 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. so that the daemon does not have a chance to advertise that it is going down.0. .Exercise Solutions IP: Source address = 192.168.----.0.-------------------.0 sys12 U 1 0 qfe0 224. Inc.. non-router# netstat -r Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------.1 IP: No options IP: ICMP: ----. Sun Services.0 sys12 U 1 0 qfe0 default sys11 UG 1 0 qfe0 localhost localhost UH 2 6 lo0 In this section.1. Note – The while statement syntax assumes that you are using the Bourne shell. Use the netstat command to view the routing tables on one of the non-router systems to verify that the default route has been inserted into the routing table.routed daemon.0. 224.--------192.. All Rights Reserved.ICMP Header ----ICMP: ICMP: Type = 9 (Router advertisement) ICMP: Code = 0 (Lifetime 270s [1]: {sys11 0}) .1.

... All Rights Reserved. Configuring Routing Copyright 2005 Sun Microsystems. Sun Services.routed Caution – Do not proceed beyond this point until everyone in the class has completed this step.. When done.Exercise Solutions default Tue Dec default .routed daemon on the non-router systems. 33. and kill the in. but use the 9 (KILL) signal this time..routed daemon on the router again.. Stop the in. Revision A.. Inc. Watch the output from the script. non-router# ps -ef | grep in[. .. sys11 4 17:18:04 MST 2004 sys11 UG UG 1 1 0 0 Subnet Group: Working on Your Router System 31. router# pkill -9 in.routed Individually: Working on Non-Router Systems 32. Tue Dec default Tue Dec default Tue Dec Tue Dec .. ..] root 91 1 0 12:36:05 ? non-router# non-router# routeadm -u -d ipv4-routing 0:00 /usr/sbin/in... stop the script by pressing the Control+C key sequence. When the default entry stops being reported. . 4 17:20:24 MST 2004 sys11 4 17:20:44 MST 2004 sys11 4 17:21:04 MST 2004 4 17:21:25 MST 2004 UG UG 1 1 0 0 Approximately how long did it take for the default entry to be removed from the table? Four and a half (4-1/2) minutes.1 7-71 . Simulate a router crash. subtract the start time from the finish time to determine how long the system took to remove the default route entry. and keep track of the time..

168. Inc.168.1. Write the command that you use: router# route flush 192.2.2 sys21ext done Individually: Working on Non-Router Systems non-router# route flush Individually: Working on Non-Router Systems 35.30.3.168.0: gateway 192. Subnet Group: Working on Your Router System 36.168.3.1 .30.168.33 7-72 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Add routes manually to the other subnets by using the route command. use the ping command to attempt to contact a non-router system on one of the other subnets.Exercise Solutions Individually: Working on Your Router System 34. Flush the routing tables on routers first and then the non-router systems.30.168. Sun Services.0 192. All Rights Reserved. non-router# ping sys23 ICMP Host Unreachable from gateway sys12 (192.32 route add net 192.0: gateway 192.168.2.30. router# add net router# router# add net route add net 192.2) to sys23 (192.168.0 192.2) for icmp from sys12 (192. Revision A.33 192.168.168.168.168.32 192.3 What is the response from the ping command? ICMP Host Unreachable from gateway.2.1. Working on a non-router system.

30.Exercise Solutions Individually: Working on Non-Router Systems 37.1 add net 192.3.0 192.0 192.168.168.168.0 sys11 UG 1 0 192. On non-router systems: non-router# netstat -r Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------.168.168.3.1.1 7-73 .168. observe the routing tables.--------sys11 U 1 16 hme0 sys21ext UG 1 0 sys31ext UG 1 0 sys11ext U 1 14 hme0 sys11 U 1 0 hme0 localhost UH 2 6 lo0 Configuring Routing Copyright 2005 Sun Microsystems.168.2.0 192.168.168.2.----.0 sys12 U 1 0 hme0 192.0 sys11 UG 1 0 224.0 192.2.-----.168.0 sys12 U 1 0 hme0 localhost localhost UH 2 6 lo0 non-router# On router systems: router# netstat -r Routing Table: IPv4 Destination -------------------192.0.30.1 add net 192.1. Inc.1.168.168.--------192.30.0 224.0 192.168. Add routes manually by using the route command to the remote subnets. Individually: Working on All Systems 38.1 add net 192.3. Revision A.0: gateway 192.168.0.0 localhost Gateway Flags Ref Use Interface -------------------.1. Sun Services. All Rights Reserved.1.168.168.-------------------.168.168.1.-----.0: gateway 192.1.1 non-router# non-router# route add net 192.168.168.----.1.----.0.1 Caution – Do not proceed beyond this point until everyone in the class has completed this step. Working on all systems.3.0 192. non-router# route add net 192.1 non-router# non-router# route add net 192.0: gateway 192.0.0 sys11 UG 1 0 192.2.30.----.

Check to see if the in. All Rights Reserved.0. 42.30.----.3 41.168. and add the one. Sun Services. Observe the changes to the routing table on all non-router systems. non-router# netstat -r Routing Table: IPv4 Destination -------------------one two three 192. Schedule a job so that the non-routers reboot two minutes later.0 localhost Gateway Flags Ref Use Interface -------------------.0.168. Edit the contents of the /etc/inet/networks file. Revision A.168. non-router# vi /etc/inet/networks non-router# tail -3 /etc/networks one 192. use the ping command to attempt to contact a non-router system on one of the other subnets.1 . Reboot the routers. Explain why you see the results that you do. 7-74 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.2 three 192.Exercise Solutions Individually: Working on Non-Router Systems 39. two and three network names.routed daemon was started on each of the non-router systems. non-router# ping sys23 sys23 is alive What is the response from the ping command? sys23 is alive.1 two 192.-----. Inc.168.0 224.--------sys12 U 1 1 hme0 sys11 UG 1 2 sys11 UG 1 0 sys11 UG 1 0 sys12 U 1 0 hme0 localhost UH 2 6 lo0 Are the networks described in the /etc/inet/networks file present in the routing table? Yes. 40. Working on a non-router system. Caution – Do not proceed beyond this point until everyone in the class has completed this step.----.

Exercise Solutions Subnet Group: Working on Your Router System router# init 6 INIT: New run level: 6 .. Sun Services. rm /etc/defaultrouter Configuring Routing Copyright 2005 Sun Microsystems. If they exist. Configure to enable IPv4 routing when the system next boots. rm /etc/defaultrouter Caution – Do not proceed beyond this point until everyone in the class has completed this step. 46. router# rm /etc/gateways. Revision A. router# routeadm -e ipv4-forwarding 45.a at Tue Dec 4 18:26:39 2004 Subnet Group: Working on Your Router System Perform the following steps to leave your router system in a known routing configuration for subsequent exercises: 43. Individually: Working on Non-Router Systems non-router# at now+2minutes at> init 6 at> ^D<EOT> commands will be executed using /sbin/sh job 1007515599. If they exist. remove the /etc/gateways and /etc/defaultrouter files. Inc. All Rights Reserved.1 7-75 . Reboot the system. router# routeadm -e ipv4-routing 44.. router# init 6 Individually: Working on Non-Router Systems Perform the following steps to leave your non-router system in a known routing configuration for subsequent exercises: 47. remove the /etc/gateways and /etc/defaultrouter files. Configure to enable IPv4 forwarding when the system next boots. non-router# rm /etc/gateways.

conf 49.Exercise Solutions 48. Revision A. Reboot the system.1 . Sun Services.conf file. Inc. Remove the /etc/inet/routing. non-router# init 6 7-76 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved. non-router# rm /etc/inet/routing.

Module 8 Configuring IPv6 Objectives This module describes IPv6 management. Upon completion of this module. Revision A. configuration and troubleshooting. you should be able to: q q q q q q q q q Describe IPv6 Describe IPv6 addressing Describe IPv6 autoconfiguration Describe IPv6 unicast address types Describe IPv6 multicast address types Enable IPv6 Manage IPv6 Configure 6to4 routing Configure IPv6 multipathing 8-1 Copyright 2005 Sun Microsystems. and IPv6 addressing and interfaces. Sun Services.1 . All Rights Reserved. features. Inc.

Objectives The course map in Figure 8-1 shows how this module fits into the current instructional goal. Revision A. Inc. All Rights Reserved. Configuring the Network Configuring IP Network Multipathing Configuring IP Configuring Routing Configuring IPv6 Describing the Transport Layer Figure 8-1 Course Map 8-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services.1 .

q Configuring IPv6 Copyright 2005 Sun Microsystems. A technique for using IP addresses on private networks without exposing them to the Internet is defined in RFC 1918.920. the Internet Architecture Board (IAB) sponsored a working group to address a pending IP address shortage.938. however. This technique helps to alleviate the IP address shortage.768. with a 32-bit address scheme. Routing in the Internet.xxx files.1 8-3 .366. The IAB predicted that all Class B networks would be allocated by 1994 and that all IP addresses would be allocated by 2002 (see Christian Huitema.Introducing IPv6 Introducing IPv6 IPv6 is the most recent version of the IP specification. Second Edition. The Need for IPv6 The IPv4 address shortage is only one reason that IPv6 was developed.431. There is no need to assign manually an IPv6 address. However. Refer to RFC 2460 for a description of IPv6. 2000).211.463. Autoconfiguration allocates IPv6 addresses to systems automatically. as is done in IPv4 by editing the /etc/inet/hosts file and creating /etc/hostname.463. Administrators. IPv4. Inc. still have to administer the name-to-IPv6 address mapping. All Rights Reserved.607. Revision A. In 1991.456 nodes. IPv6 was defined to resolve the following: q IPv4 address shortage – IPv6 implements a 128-bit address scheme that supports 340. Sun Services. provides for more than 4 billion addresses. Autoconfiguration – IPv6 systems configure their IPv6 addresses automatically.347. many of these addresses were not usable because classful addressing techniques wasted large numbers of possible IPv4 addresses.282.

1 . Extension headers are located between the required IPv6 datagram header and the payload. Flows identify a sequence of datagrams from the same source to the same destination when the source requests special handling of the specified datagram sequence by the intervening routers. Inc. Revision A. they provide special treatment of some datagrams without a performance penalty. Simplified header format – This format reduces the number of header fields in an IPv6 datagram from 10 fields to 6 fields. therefore. and the encapsulating security payload (ESP) header provides privacy. q q q q 8-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved. Quality of service – A flow label in the header provides for flows. Authentication and privacy headers – An authentication header (AH) provides the authentication services.Introducing IPv6 Features of IPv6 The IPv6 features are: q Expanded addressing – The address size is increased from 32-bit addresses to 128-bit addresses. Sun Services. Improved extension header and option support – This feature supports extension headers in addition to the primary header.

A unicast datagram is sent to a single machine with the matching destination IPv6 address. Unicast Addressing With the unicast address type.1 8-5 . Unicast addressing is called point-to-point addressing in IPv4. Multicast addressing in IPv6 replaces broadcast addressing in IPv4. Configuring IPv6 Copyright 2005 Sun Microsystems. an address is assigned to a group of systems. and is derived from the system’s MAC address. Inc. For sending messages. IPv6 supports: q q q Unicast addresses Multicast addresses Anycast addresses IPv6 differs from IPv4 in that IPv6 does not provide broadcast addresses as a mechanism for communicating with other hosts on a subnet. All Rights Reserved. Datagrams are delivered to all interfaces as identified by the multicast address. followed by a routable prefix or padding. Multicast Addressing With the multicast address type. The first part of the address is the format prefix. IPv6 has three types of addresses that you can use to communicate across a network. a unique address is assigned to an interface. Address Types Like IPv4. Sun Services. Because of the autoconfiguration capability in IPv6. In IPv6 it is normal for several IPv6 addresses to be assigned to the same physical interface. Revision A.Introducing IPv6 Addressing Introducing IPv6 Addressing IPv6 addressing uses 128 bits. analogous to the IPv4 host portion. it is no more difficult to administer IPv6 addressing than it is with IPv4. The second part of the address is the interface identifier.

Revision A. q 8-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. but not connecting to the Internet. for example: fe80:0000:0000:0000:0a00:20ff:feb5:4137 Eight 16-bit hexadecimal numbers in which 0s (zeros) are represented by a single leading 0. You can only do this once in any address.1 . Datagrams are delivered to the nearest interface member. You can compress leading or embedded 0s (zeros) with a double colon (::).Introducing IPv6 Addressing Anycast Addressing With the anycast address type. Anycast addresses identify the nearest member of a group of systems that provide a particular type of service. an address is assigned to a group of systems. For example: q Link-local addresses are intended to identify hosts on a single network link. To compress an address. They are similar to the way Ethernet addresses are used to communicate on an Ethernet segment or subnet. IPv6 Address Representation RFC 2373 describes how IPv6 128-bit hexadecimal addresses can be represented in multiple ways: q Eight 16-bit hexadecimal numbers. Inc. for example: fe80::a00:20ff:feb5:4137 Format Prefixes The format prefix (FP) in the address indicates the type of IPv6 address that is used. instead of being delivered to all members of a group. for example: fe80:0:0:0:a00:20ff:feb5:4137 q IPv6 permits address compression. as identified by the routing protocol. Sun Services. Site-local addresses are valid across an intranet. They are similar to an organization choosing a random IPv4 address class for the organization. you can represent consecutive 16-bit 0 numbers with double colons (::). All Rights Reserved.

They are similar to an officially registered IPv4 address class for organizations connected to the Internet. The FP represented by 001 should not be confused with 0001. The FP byte is binary. All Rights Reserved. which is equal to 0x1.1 8-7 . unused trailing bits in the byte are not shown. q Table 8-1 shows several common types of IPv6 addresses. the FP represented by 001 is 0x2 or 0x3. Inc. As defined in RFC 2373.Introducing IPv6 Addressing q Aggregatable global addresses are valid across the Internet. Configuring IPv6 Copyright 2005 Sun Microsystems. For example. A multicast address is an identifier for a group of systems. because the two binary values are 0010 and 0011. Revision A. Table 8-1 Initial Allocation of Format Prefixes From RFC 2373 Allocation Link-local unicast addresses Site-local unicast addresses Aggregatable global-unicast addresses Multicast addresses FP (Binary) 1111 1110 10 1111 1110 11 001 1111 1111 FP (Hexadecimal) FE8 FEC 2 or 3 FF Note – Refer to RFC 2373 for information about FPs that are not related to the Solaris OS. Sun Services. A node can belong to any number of multicast groups.

Stateless Autoconfiguration The stateless mechanism permits a host to generate its own addresses by using a combination of information this is available locally and information that is advertised by routers. Stateful autoconfiguration and stateless autoconfiguration. Inc. Stateful autoconfiguration supplies address and service information similar to the way that DHCP provides information in IPv4. In the absence of routers. For this reason. Sun Services. An address is formed by combining the advertised prefix and the interface identifier. All Rights Reserved.Introducing IPv6 Autoconfiguration Introducing IPv6 Autoconfiguration IPv6 address autoconfiguration includes: q Determining what information should be autoconfigured. can coexist and operate together. Revision A. Routers advertise prefixes that identify the subnets associated with a link. 8-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. as defined in IPv6.1 . stateful autoconfiguration is not a preferred configuration method. a host can generate only link-local addresses. link-local addresses are sufficient for permitting communication among systems that are attached to the same link. However. such as addresses and routing prefixes Verifying the uniqueness of link-local addresses on the link q Stateful Autoconfiguration Stateful autoconfiguration requires the additional setup of a DHCP server. while hosts generate an interface identifier that uniquely identifies an interface on a subnet.

Introducing IPv6 Autoconfiguration Interface Identifier Calculation Appendix A of RFC 2373 describes the process of automatically calculating an IPv6 interface identifier address. Inc. MAC Address Convert the address to binary format. Figure 8-2 shows this address. Figure 8-2 2.1 8-9 . Revision A. perform the following steps: 1. 81. Obtain the MAC address. where: q q 08:00:20 is the company identifier (CID) b5:41:37 is the vendor-supplied identifier (VID) To build an interface identifier. Sun Services. Figure 8-3 shows the address in binary format. The following is an example of how a Sun Microsystems workstation computes an IPv6 interface identifier address from its MAC address.  &    * # "  ! % Figure 8-3 Binary Representation of the MAC Address Configuring IPv6 Copyright 2005 Sun Microsystems. The initial MAC address is 08:00:20:b5:41:37.             +1. 81. 08:00:20:b5:41:37 +1. All Rights Reserved.

This unique interface identifier is only 64 bits of the 128-bit address and is called an end-unit identifier-64 (EUI-64). 8-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 . The system receives a neighbor advertisement from any device that is currently using the address. This unique interface identifier is the basis of autoconfigured IPv6 addresses on the system. and include colons to show the IPv6-autoconfigured interface identifier address of 0a00:20ff:feb5:4137. The duplicate address detection algorithm works by sending a neighbor solicitation message to the network that contains the address in question. Figure 8-5 shows the resulting interface identifier. Duplicate Address Detection Systems run a duplicate address detection algorithm on an address before that address is assigned to an interface. MAC Address Conversion to an Interface Identifier Insert two additional octets. MAC Address With 0xFF and 0xFE Octets Convert the binary address to hexadecimal format. between the CID and the VID. All Rights Reserved.             +1.                 +1. Therefore. 81. . 81. - * # "  ! % Figure 8-5 5. This is done without regard to the manner in which the address was obtained. If the address in question is not unique. Revision A. This converts the MAC address to an interface identifier. Inc. .Introducing IPv6 Autoconfiguration 3. Sun Services. Figure 8-4 shows the address after conversion.  )    * # "  ! % Figure 8-4 4. the universal/local bit. if no response is received. 0xFF and 0xFE.  )    . the systems assume that the address is available for use and is assigned to the interface. which is the seventh bit from the left. Toggle bit 7. a unique address must be configured manually.

The first 10 bits of the address prefix identify an address as a link-local address.1 8-11 . Unicast addresses direct datagrams to a single interface or system. as shown in Figure 8-6. Revision A.Introducing Unicast Address Types Introducing Unicast Address Types IPv6. Link-local addresses are not forwarded by routers. or FE8 in hexadecimal. Sun Services. All Rights Reserved. Inc.  *EJI 1111111010 #" *EJI All Zeros (0) $" *EJI Interface ID fe80::a00:20ff:feb5:4137 Figure 8-6 Link-Local Address Format Configuring IPv6 Copyright 2005 Sun Microsystems. supports the concept of unicast addressing. The ability to transmit network data in this way enables systems that are not included in the communication to efficiently ignore network data that is not addressed to them. Link-Local Addresses Link-local addresses are valid on a local network link only. The link-local address format prefix is 1111 1110 10 in binary. like IPv4.

The next level aggregator (NLA) – The address identifier that is assigned to a company or organization by its ISP. Intranet routers can forward site-local addresses through the intranet but not outside of the intranet.The site-local address format prefix is 1111 1110 11 in binary.  *EJI 1111111011 !& *EJI All Zeros (0) $ *EJI Subnet ID $" *EJI Interface ID fec0::0003:a00:20ff:feb5:4137 Figure 8-7 Site-Local Address Format Aggregatable Global-Unicast Addresses Aggregatable global addresses can be routed through the Internet. Revision A. All Rights Reserved. for example. the IANA. The first 10 bits of the address prefix identify an address as a site-local address. The first three bits are always set to 001. An aggregatable global address always starts with 2 or 3 in hexadecimal format. The top-level aggregator (TLA) – The identifying number of the Internet authority that assigned the provider portion of the address. q q 8-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. and they designate that this address is a routable global-unicast address. or FEC in hexadecimal format. ! *EJI ! *EJI 001 TLA ! *EJI NLA $ *EJI SLA $" *EJI Interface ID Figure 8-8 Aggregatable Global-Unicast Address Format The frame format of an aggregatable global-unicast address includes: q A prefix – The assigned prefix for aggregatable global addresses (001). as shown in Figure 8-7. Figure 8-8 shows the frame format of an aggregatable global-unicast address.1 . Inc. Sun Services.Introducing Unicast Address Types Site-Local Addresses Site-local addresses are similar to link-local addresses but can be routed through an intranet.

The first part is the format prefix. The first 64 bits of the address contain a subnet mask. that is. Configuring IPv6 Copyright 2005 Sun Microsystems. the EUI-64 address. An example of a subnet prefix address is: fec0::0003:a00:20ff:feb5:4137/64 The /64 indicates that the subnet prefix is 64 bits in length. Interface ID – The portion of the IP address that derives from the MAC address. This type of address is an IPv4-compatible IPv6 address. The address can be broken into a subnet prefix and a node address or into an interface identifier. All Rights Reserved. The second part is the interface identifier and is analogous to the IPv4 host portion.Introducing Unicast Address Types q The site-level aggregator (SLA) – The subnet address assigned to networks in the company or organization. q q fec0::0003 – The subnet prefix a00:20ff:feb5:4137 – The interface identifier Embedded IPv4 Addresses The IPv6 transition mechanisms include a technique for systems and routers to tunnel IPv6 datagrams dynamically under the IPv4 routing infrastructure. Sun Services. Inc.1 8-13 . and yyyy:yyyy represents the 32 bits of the IPv4 address in hexadecimal format. Revision A. IPv6 systems that use this technique have special IPv6 unicast addresses assigned that carry an IPv4 address in the low-order 32 bits. q Prefix Notation RFC 2373 describes how IPv6 addresses use prefix notation. An example of an embedded IPv4 address in an IPv6 address is: 0000:0000:0000:0000:0000:FFFF:yyyy:yyyy where FFFF indicates that an embedded IPv4 address is present. IPv6 addresses have two parts.

1 local address used by IPv4 systems. or ::1 to send datagrams to themselves. or :: in compressed format. Sun Services. Revision A. 0:0:0:0:0:0:0:1. This address is analogous to the 127. 8-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0.0. 0:0:0:0:0:0:0:0. All Rights Reserved.1 . Loopback Address Types IPv6 systems use the loopback address of 0000:0000:0000:0000:0000:0000:0000:0001.Introducing Unicast Address Types Unspecified Address Types The source address of a system that has not had an address assigned will be all zeros. for example: 0000:0000:0000:0000:0000:0000:0000:0000. Inc.

The fourth flag bit is set to 0 if a well-known IANA-assigned multicast address is used. Sun Services.1 8-15 . A single interface can have multiple IPv6 addresses assigned to it. FP 8 Bits  Flags Scope 4 Bits : 4 Bits :::: Multicast Group ID 112 Bits ff02:0:0:0:0:0:0:1 Figure 8-9 Multicast Address Types Configuring IPv6 Copyright 2005 Sun Microsystems.Introducing Multicast Address Types Introducing Multicast Address Types A datagram addressed to a multicast address is delivered to all systems that are part of the multicast group. Revision A. All Rights Reserved. The FP of 11111111 or FF in hexadecimal format in an address identifies the datagram as being a multicast datagram. An IPv6 multicast address can be thought of as a single identifier for a group of IPv6 systems that belong to the multicast group. Figure 8-9 shows the multicast address types. Inc. including multicast addresses. the fourth bit is set to 1 if a temporary multicast address is used. Purpose of Multicast Addresses The low-order 112 bits in an IPv6 address identify the multicast group to which the datagram belongs. Three of the flag bits are reserved and are always set to 0. Multicast addresses include 4 bits of flags after the initial FF in the format prefix.

Inc. Sun Services. 8-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Route to all members of the group at the same site as the sender. Link-local – FF02. Route to all members of the same organization as the sender. Revision A. RIPv2 routers The multicast addresses for all systems are: q q FF01:0:0:0:0:0:0:1 – Node-local systems FF02:0:0:0:0:0:0:1 – Link-local systems Refer to RFC 2373 for additional IPv6 multicast information. Route to all members of the group on the Internet. Organization-local – FF08. Route to all members of the group on the same link as the sender. The scope bits determine how far the multicast datagram is routed: q Node-local – FF01. All Rights Reserved. the multicast addresses for all routers are: q q q q FF01:0:0:0:0:0:0:2 – Node-local routers FF02:0:0:0:0:0:0:2 – Link-local routers FF05:0:0:0:0:0:0:2 – Site-local routers FF02:0:0:0:0:0:0:9 – Link-local. q q q q For example.Introducing Multicast Address Types Scope Bits Multicast addresses include four scope bits after the flag bits. Global – FF0E. Site-local – FF05. Route to all members of the group on the same node as the sender.1 .

Hosts that join. belong to. which is defined in RFC 1885. Sun Services. Inc.1 8-17 . All Rights Reserved. or leave multicast groups use IGMP version 2 to report this information to local multicast routers. Configuring IPv6 Copyright 2005 Sun Microsystems. Revision A. The following three IGMP version 2 messages are relevant to this introduction: q Membership query – Determines which groups have members on a network Membership report – Reports if a system is part of a multicast group Leave group – Determines when a system leaves a multicast group q q All of the IGMP functionality has moved to ICMP version 6.Introducing Multicast Address Types ICMPv6 Group Membership RFC 2236 describes IGMP version 2 for IPv4.

Note – You can also enable IPv6 during initial installation of the Solaris 10 OS.ndpd daemon can also send unsolicited neighbor advertisements to announce a link-layer address change.1 . All Rights Reserved. A solicitation can be sent if a node does not have an entry for a system in its neighbor cache. Obtain MAC addresses – Neighbor solicitation messages are sent by a node to determine the link-layer address of a neighbor or to verify that a neighbor is still reachable by a cached link-layer address. This eliminates the common duplicate IP address problem experienced on IPv4 networks. Sun Services.ndpd daemon implements the Neighbor Discovery Protocol (ND). This is similar to the ARP in IPv4.Enabling IPv6 Enabling IPv6 You can enable IPv6 from the command line or by creating specific files that are read by the /lib/svc/method/net-init and /lib/svc/method/net-physical SMF methods at boot time. Systems use received neighbor advertisements to update their neighbor cache with the MAC address of the sender. Systems on the same network link use ND for IPv6 to: q Perform address autoconfiguration – Systems configure an address for an interface automatically.ndpd daemon sends unsolicited neighbor advertisements to discover newly available systems. Revision A. The in. q q q 8-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.ndpd Daemon on a Non-Router The in. Systems send router solicitations to prompt routers to send router advertisements. IPv6 neighbor discovery replaced the function that the IPv4’s RDISC protocol provided. Inc. The in. Gather reachability information about paths to active neighbors – The in. hosts had no way of knowing how to locate routers unless the host had a static route defined or it was running a type of routing protocol. Discover routers – In IPv4. Neighbor solicitations are also used for duplicate address detection.

including: q /etc/hostname6. either periodically or in response to a router solicitation message. This enables the host to become part of a network more quickly than it would have if it waited for a normal router advertisement. q q Provide router redirects – A router informs a host of a better first-hop node to reach a particular destination. a suggested hop limit value. This configured system is known as a dual-stack system.1 8-19 . and other information. Revision A. There is no link from the /etc/ipnodes file. hosts can send router solicitations that request routers to generate router advertisements immediately. All Rights Reserved. q Router advertisements contain prefixes used for on-link determination or address configuration.interface file can still contain an IPv6 address or a resolvable host name to disable autoconfiguration and enforce a given IPv6 address. Systems use router advertisements to populate their neighbor cache with the MAC address of the router.interface – This file has similar functionality to the /etc/hostname. Inc. q /etc/inet/ipnodes – This file has similar functionality to the /etc/inet/hosts file. Configuring IPv6 on Non-Routers You configure a system to support both IPv4 and IPv6. Sun Services. rather than at their next scheduled time. IPv6 introduces new files. Configuring IPv6 Copyright 2005 Sun Microsystems. When an interface becomes enabled. The /etc/inet/ipnodes file can contain both IPv6 and IPv4 addresses.Enabling IPv6 Routers advertise their presence with various link and Internet parameters.interface file but contains no IP address or host name information. Refer to RFC 2461 for more information about neighbor discovery. Note – The /etc/hostname6.

or use the ifconfig command to configure the interface manually.MULTICAST. For example. # ifconfig -a lo0: flags=2001000849<UP. # touch /etc/hostname6. the /etc/inet/ipnodes file is consulted first. Inc.VIRTUAL> mtu 823 2 index 1 inet 127.Enabling IPv6 Note – If an application is IPv6-capable.1 .BROADCAST. Revision A. Configuring an Interface for IPv6 To configure an IPv6 interface on a system.IPv4.1. and then the /etc/inet/hosts file is consulted.hme0 # init 6 # INIT: New run level: 6 8-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.interface file and reboot the system.168. complete the following steps: 1. Create the /etc/hostname6. and it can only contain IPv4 addresses.RUNNING.1 netmask ff000000 hme0: flags=1000843<UP.MULTICAST.2 netmask ffffff00 broadcast 192. and then reboot the system.LOOPBACK. to configure IPv6 on a system’s hme0 interface. View the configuration of the system’s interfaces before making any changes. Sun Services.1.0. The /etc/inet/hosts file is the only file that is contacted for IPv4 applications. create a /etc/hostname6. All Rights Reserved.255 ether 8:0:20:90:b5:c7 # 2.IPv4> mtu 1500 index 2 inet 192.0.RUNNING.hme0 file to cause the interface to configure with IPv6.168.

4.1 netmask ff000000 hme0: flags=1000843<UP.1. For example: # uname -n sys11 # ping sys12-v6 sys12-v6 is alive # Configuring IPv6 Copyright 2005 Sun Microsystems.MULTICAST.1.168. you can add an entry to the /etc/inet/ipnodes file to make it look similar to the following: # tail -2 /etc/inet/ipnodes # added for ipnode example fec0::a00:20ff:fe90:b5c7 # sys12-v6 The /etc/inet/ipnodes file on each system on the local link that is running IPv6 can be configured with a similar entry.VIRTUAL> mtu 823 2 index 1 inet 127. Inc.168. to name this system’s IPv6 hme0 interface sys12-v6.RUNNING. View the startup log files in the /var/svc/log directory.RUNNING.IPv4.2 netmask ffffff00 broadcast 192.IPv4> mtu 1500 index 2 inet 192.0. # ifconfig -a lo0: flags=2001000849<UP. Sun Services. Notice how both the lo0 and hme0 interfaces have inet6 components and that each interface has an inet6 address.LOOPBACK.MULTICAST.VIRTUAL> mtu 825 2 index 1 inet6 ::1/128 hme0: flags=2000841<UP.IPv6> mtu 1500 index 2 ether 8:0:20:90:b5:c7 inet6 fe80::a00:20ff:fe90:b5c7/10 # View the system’s interface configuration after the boot.1 8-21 . You can now address a system by its IPv6 interface by using the sys12-v6 host name.IPv6.MULTICAST. All Rights Reserved.0.255 ether 8:0:20:90:b5:c7 lo0: flags=2002000849<UP.LOOPBACK. Configuring IPv6 Name Service Lookup Like IPv4. For example.MULTICAST.BROADCAST.Enabling IPv6 3. Revision A.RUNNING.RUNNING. you can apply names to IPv6 addresses so that you can more easily refer to a system. Recall from a previous step that an IPv6 address was not defined.

All Rights Reserved.1.b.f.two.f. 7.edu.Enabling IPv6 Name service lookup configuration for IPv6 is similar to name service lookup configuration for IPv4.5. Following is an example of an AAAA record and a PTR record: IN AAAA fec0::a00:20ff:feb5:4137 q q sys22. An additional NIS+ IPv6 table is created: ipnodes.org_dir.int.byaddr maps. AAAA (quad A) is available. hosts: files nisplus dns ipnodes: files nisplus dns Troubleshooting a Non-Router Configuration You can use the netstat command with the address-family -f inet6 option to display only IPv6-specific information when you troubleshoot.ip6.1 .byname and ipnodes.0.0.0. perform the command: # netstat -f inet6 -r Routing Table: IPv6 Destination/Mask --------------------------fe80::/10 ff00::/8 default localhost # Gateway --------------------------sys12-v6 sys12-v6 sys12-v6 localhost Flags Ref Use If ----.0.0.0.0.0.-----. Sun Services.4.f. The following are additional files: q Two new NIS IPv6 maps are the ipnodes.0.0.0.--.a.c.byaddr files in IPv4. perform the following command.0. This table has similar functionality to the hosts.0. which uses the g option for groups: # netstat -f inet6 -g Group Memberships: IPv6 8-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. A new DNS record type.2.byname and hosts.f.0.e. The netstat command has multiple forms and produces different types and levels of output depending on the options that are used with the command. The reverse is similar to a normal PTR record but is much longer.two. Revision A.edu. To view only the IPv6 routing table. table in IPv4.e. Inc.----U 1 0 hme0 U 1 0 hme0 U 1 0 hme0 UH 1 0 lo0 To view multicast group information for IPv6 interfaces.0.0. IN PTR sys22.conf file for IPv6 system name resolution.0. q The ipnodes line is used in the nsswitch. These maps have similar functionality to the hosts.org_dir.3.

RUNNING.VIRTUAL> mtu 825 2 index 1 inet6 ::1/128 hme0: flags=2000841<UP. perform the command: # ifconfig -a inet6 lo0: flags=2002000849<UP.1 8-23 .ndpd daemon. except that the IPv6 addresses are 128 bits instead of 32 bits. Revision A. The in. Sun Services. The in.IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:fe90:b5c7/10 # The in.RUNNING.ndpd Daemon on the Router The IPv6 ND is implemented by the in.MULTICAST. Configuring IPv6 Copyright 2005 Sun Microsystems.LOOPBACK. including: q q q q q Router discovery Prefix discovery Address autoconfiguration Address resolution Neighbor unreachability detection IPv6 Routing Information Protocol Routing in IPv6 is almost identical to IPv4 routing in CIDR.MULTICAST.IPv6.Enabling IPv6 If ----lo0 lo0 hme0 hme0 hme0 Group RefCnt --------------------------. Inc. For example. All Rights Reserved. to view the configuration of all IPv6 interfaces.ripngd daemon is the IPv6 routing daemon for the Solaris OS.-----ff02::1:ff00:1 1 ff02::1 1 ff02::202 1 ff02::1:ff90:b5c7 1 ff02::1 2 # You can use the ifconfig command to obtain IPv6-specific information by using the inet6 address family parameter.ndpd daemon implements IPv6 functions.

1 netmask ff000000 hme0: flags=1000843<UP.hme0 /etc/hostname6. to configure the system to configure the hme0 and hme0 interfaces with IPv6 at boot time.168. # ifconfig -a lo0: flags=2001000849<UP. configure the hme0 and hme0 interfaces from the command line as follows: 1. Configuring Interfaces for IPv6 To designate which interfaces are configured with IPv6 at boot time.0.0.30. Inc.RUNNING.31 netmask ffffff00 broadcast 192.255 ether 8:0:20:b9:72:23 # View the configuration of the interfaces.MULTICAST.interface file for each IPv6 interface.ripngd Daemon In normal operation.IPv4> mtu 1500 index 3 inet 192.MULTICAST. If the host is a router. You can activate IPv6 by starting specific processes or by rebooting the system.168.RUNNING. type the following: # touch /etc/hostname6.Enabling IPv6 The in. it supplies copies of its routing table periodically to any directly connected host and network. All Rights Reserved.BROADCAST.168.LOOPBACK.255 ether 8:0:20:ac:9b:20 qfe0: flags=1000843<UP. Configuring an IPv6 Router You can use the command line to configure an IPv4 router to support IPv6. the in.qfe0 # Alternatively.1.168.RUNNING. Use the ifconfig command to configure the hme0 interface. use the touch command to create a /etc/hostname6.VIRTUAL> mtu 823 2 index 1 inet 127. Revision A.IPv4> mtu 1500 index 2 inet 192.1.30. # ifconfig hme0 inet6 plumb up # 8-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.BROADCAST.1 netmask ffffff00 broadcast 192. Sun Services. 2.1 .IPv4.MULTICAST.ripngd process listens on UDP port 521 for routing information datagrams. For example.

Configuring IPv6 Copyright 2005 Sun Microsystems.MULTICAST.conf file to contain the subnet’s prefix configuration information on the routers.RUNNING.MULTICAST.1 netmask ff000000 hme0: flags=1000843<UP.1 8-25 .1.168. Verify that the ipnodes database is defined correctly for your site’s name-service lookup mechanism.IPv6> mtu 1500 index 2 ether 8:0:20:ac:9b:20 inet6 fe80::a00:20ff:feac:9b20/10 qfe0: flags=2000841<UP.RUNNING. # Configuring IPv6 Name Service Lookup in /etc/nsswitch.IPv4> mtu 1500 index 2 inet 192.IPv6> mtu 1500 index 3 ether 8:0:20:b9:72:23 inet6 fe80::a00:20ff:feb9:7223/10 View the configuration of the interfaces.conf The IPv6 name service lookup mechanism is controlled in the same way as IPv4. All Rights Reserved. # ifconfig -a lo0: flags=1000849<UP.31 netmask ffffff00 broadcast 192.Enabling IPv6 3.168.conf ipnodes: files # Configuring the /etc/inet/ndpd.168. # ifconfig qfe0 inet6 plumb up # 4.168. VIRTUAL> mtu 8232 index 1 inet 127.255 ether 8:0:20:b9:72:23 hme0: flags=2000841<UP. You do not advertise link-local addresses on a router because a link-local address cannot be routed.30.30. Sun Services. Revision A.BROADCAST.MULTICAST.255 ether 8:0:20:ac:9b:20 qfe0: flags=1000843<UP.IPv4> mtu 1500 index 3 inet 192.LOOPBACK.conf File Configure the /etc/inet/ndpd. Recall that: q q q A link-local address starts with FE8.0.1 netmask ffffff00 broadcast 192. Use the ifconfig command to configure the qfe0 interface.RUNNING. make sure that the following entry exists if the ipnodes database uses the system’s local file: # grep ipnodes /etc/nsswitch.0. A site-local address starts with FEC.MULTICAST.BROADCAST. An aggregatable global-unicast address starts with 2 or 3.IPv4. For example.MULTICAST. Inc.1.RUNNING.RUNNING.

A site-local address on which the hme0 interface has a prefix of fec0:0:0:9255::0/64.1 . A site-local address on which the qfe0 interface has a prefix of fec0:0:0:9256::0/64. All Rights Reserved. An aggregatable global-unicast address on which the qfe0 interface has a prefix of 2000:0:0:9256::0/64. Define the /etc/inet/ndpd.conf # Send router advertisements out all interfaces ifdefault AdvSendAdvertisements on # # Advertise an unregistered (bogus) site local prefix and global # prefix using the default lifetimes prefix fec0:0:0:9255::0/64 hme0 prefix 2000:0:0:9255::0/64 hme0 # prefix fec0:0:0:9256::0/64 qfe0 prefix 2000:0:0:9256::0/64 qfe0 # 8-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. q q q Complete the following steps: 1.Enabling IPv6 The following example demonstrates how to configure this information: q q Router advertisements are to be sent out to all interfaces.conf file to have the following contents: # cat /etc/inet/ndpd. Inc. An aggregatable global-unicast address on which the hme0 interface has a prefix of 2000:0:0:9255::0/64. Sun Services. Revision A.

VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2100841<UP.IPv6> mtu 1500 index 3 inet6 fe80::a00:20ff:feb9:7223/10 hme0:1: flags=2180841<UP. Revision A.. Inc.RUNNING.MULTICAST.1 8-27 .MULTICAST.MULTICAST.ADDRCONF. Configure the system to send routing redirects. or # routeadm -u -e ipv6-forwarding # /usr/sbin/ndd -set /dev/ip ip6_forwarding 1 # b.MULTICAST.Enabling IPv6 2. All Rights Reserved.LOOPBACK. b.ADDRCONF.RUNNING..RUNNING.ROUTER. 3. complete the following steps: a.RUNNING. a. Sun Services.RUNNING.ADDRCONF. Do one of the following: q q Reboot the system.ROUTER.ADDRCONF. To configure your system without rebooting it.ROUTER.IPv6> mtu 1500 index 2 inet6 2000::9256:a00:20ff:feac:9b20/64 qfe0:2: flags=2180841<UP. # init 6 # INIT: New run level: 6 . # /usr/sbin/ndd -set /dev/ip ip6_ignore_redirect 1 # Configuring IPv6 Copyright 2005 Sun Microsystems. # ifconfig -a inet6 lo0: flags=2002000849<UP.IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:feac:9b20/10 qfe0:1: flags=2180841<UP.ROUTER. Configure the system to ignore routing redirects for IPv6.IPv6> mtu 1500 index 2 inet6 fec0::9256:a00:20ff:feac:9b20/64 # View the IPv6 configuration of the interfaces. # /usr/sbin/ndd -set /dev/ip ip6_send_redirects 1 # c. Observe how the site-local and aggregatable global-unicast addresses are assigned to logical interfaces.ROUTER..IPv6> mtu 1500 index 3 inet6 fec0::9255:a00:20ff:feb9:7223/64 qfe0: flags=2100841<UP. Proceed to the Step 3 to configure the system from the command line.IPv6> mtu 1500 index 3 inet6 2000::9255:a00:20ff:feb9:7223/64 hme0:2: flags=2180841<UP. .RUNNING.RUNNING. Switch IPv6 IP forwarding on.IPv6.MULTICAST.ROUTER.MULTICAST..MULTICAST.

ripngd daemon. Revision A. Inc.ndpd # e.MULTICAST.1 .IPv6> mtu 1500 index 2 inet6 2000::9256:a00:20ff:feac:9b20/64 qfe0:2: flags=2180841<UP.ROUTER.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2100841<UP.ROUTER. Restart it if it is already running.RUNNING. # /usr/lib/inet/in.ADDRCONF.RUNNING.LOOPBACK.MULTICAST.conf file. # /usr/lib/inet/in.ripngd -s # f.ROUTER. Start the in. and force it to supply routing information to the network.IPv6> mtu 1500 index 3 inet6 2000::9255:a00:20ff:feb9:7223/64 hme0:2: flags=2180841<UP.ndpd daemon that reads the /etc/inet/ndpd.RUNNING.IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:feac:9b20/10 qfe0:1: flags=2180841<UP.RUNNING. 8-28 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.ROUTER.MULTICAST.RUNNING.MULTICAST.MULTICAST.ROUTER. Sun Services.ADDRCONF.MULTICAST.IPv6.IPv6> mtu 1500 index 3 inet6 fec0::9255:a00:20ff:feb9:7223/64 qfe0: flags=2100841<UP.ROUTER. All Rights Reserved. Start the in.MULTICAST.ADDRCONF.IPv6> mtu 1500 index 2 inet6 fec0::9256:a00:20ff:feac:9b20/64 # View the interface configuration. # ifconfig -a inet6 lo0: flags=2002000849<UP.IPv6> mtu 1500 index 3 inet6 fe80::a00:20ff:feb9:7223/10 hme0:1: flags=2180841<UP.Enabling IPv6 d.RUNNING.RUNNING.ADDRCONF.

Sun Services. All Rights Reserved. Inc. Start Disable IPv6-forwarding /etc/inet/ndpd.Enabling IPv6 Figure 8-10 shows how the /lib/svc/method/net-init method configures a system for IPv6 forwarding and routing.conf exists? IPv6 routing enabled by routeadm and Yes Enable IPv6-routing No Disa ble IPv6-routing IPv6 forwarding enabled by routeadm? No Disable IPv6 forwarding Yes Enable IPv6 forwarding End Figure 8-10 IPv6 Router Initialization Configuring IPv6 Copyright 2005 Sun Microsystems.1 8-29 . Revision A.

168. Using the 6to4 mechanism. if the boundary router’s IPv4 address 192. 8-30 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. Sun Services. The 2002 prefix is combined with the IPv4 address used on the boundary router to generate the format prefix for all networks served by a particular boundary router. IPv6 Network IPv6 Network Gateway System IPv4 Network Gateway System Figure 8-11 Connecting IPv6 Networks Over an IPv4 Network Implementing the 6to4 mechanism requires the use of a particular IPv6 address prefix. All Rights Reserved.Enabling IPv6 Configuring an IPv6 6to4 Router The 6to4 router mechanism is designed to support the transition from IPv4 to IPv6 addressing. giving the representation c0a8:1e1f.1 . and 31 is 1f in hexadecimal. For example. The IPv4 address of the boundary router needs to be converted to hexadecimal notation as part of the process. The boundary router is configured with one interface running IPv4 and connected to the public internet by using a public IPv4 address. 168 is a8 in hexadecimal.30.31. two IPv6 networks can communicate with each other over an intermediate IPv4 network. The 2002 prefix. Inc. is reserved for 6to4 addresses. A 6to4 tunnel is created and the intermediate network does not need to be IPv6 aware. 30 is 1e in hexadecimal. part of the aggregatable global-unicast address space. 192 is c0 in hexadecimal. Use of the 6to4 mechanism requires a boundary router on each IPv6 network. as shown in Figure 8-11.

To configure a 6to4 tunnel with no IPv6 host address. public IPv4 address on the boundary router in hexadecimal notation A 16-bit subnet ID unique to each subnet – One subnet ID is used by the end point of the tunnel q Configuring a 6to4 Tunnel Configuring a 6to4 tunnel is a two-part process: 1. to configure a 6to4 tunnel with no IPv6 host address and a public IPv4 address of 192. Plumb the 6to4 tunnel: Configure the tunnel end points. Configure the /etc/inet/ndpd.1 8-31 . Revision A. All Rights Reserved.168. Sun Services. Configure a 6to4 tunnel.6to4tun0 inet6 tsrc 192. Calculating 6to4 Network Addresses The 6to4 addresses have a defined format for the network portion of the address: q q A 16-bit prefix that denotes the address as a 6to4 address (2002) A 32-bit. 2. use the syntax: ifconfig ip. A 6to4 tunnel can be configured without specifying explicitly an IPv6 host address. type the command: # ifconfig ip.30.168.6to4tun0 inet6 tsrc IPv4_Address up For example.31. The tunnel end points are the global IPv4 address and an IPv6 host address on a unique subnet within the 6to4 address range. If no IPv6 host address is specified.conf file to advertise 6to4 prefixes to the local IPv6 networks. The tunnel has a unique network number in its prefix.Enabling IPv6 Configuring a 6to4 Boundary Router To configure a system as a 6to4 boundary router. 2.30. The 6to4 tunnel bridges between the local IPv6 networks and the public IPv4 network. the tunnel is configured with a subnet ID of 0 (zero) and a host ID of 1 (one).31 up # # ifconfig ip. perform the following tasks: 1.6to4tun0 inet6 plumb Configuring IPv6 Copyright 2005 Sun Microsystems. Inc.

to configure the tunnel end point as host ID 1 (one) on subnet ffff: # ifconfig ip.RUNNING.MULTICAST.30. Revision A.30.1.IPv4> mtu 1500 index 3 inet 192.6to4tun0: flags=2300041<UP.ROUTER.RUNNING.1 netmask ff000000 hme0: flags=1100843<UP. Sun Services.VIRTUAL> mtu 8232 index 1 inet 127.168.LOOPBACK.31 2002:c0a8:1e1f:ffff::1/64 up # The 6to4 tunnels can be configured at system boot by creating an /etc/hostname.ADDRCONF.0.6to4tun0 inet6 tsrc 192.MULTICAST.IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:fef8:b723/10 ether 8:0:20:f8:b7:23 hme0:1: flags=2180841<UP.BROADCAST.ip. The subnet ID used for the 6to4 tunnel must not be used on any of the local IPv6 networks.ROUTER.MULTICAST.RUNNING.255 ether 8:0:20:f8:b7:23 lo0: flags=2002000849<UP.LOOPBACK. The tunnel configuration can be seen in the output from the ifconfig -a command: # ifconfig -a lo0: flags=2001000849<UP.1 .RUNNING.6to4tun0 file.ROUTER.6to4tun0 inet6 tsrc IPv4_Address IPv6_Address up Note – The 6to4 tunnel end point resides on its own IPv6 subnet.MULTICAST.168.MULTICAST.ip.Enabling IPv6 This configures the tunnel endpoint with a subnet number of zero (0) and a host number of one (1). For example.1.IPv6. Inc.31 2002:c0a8:1e1f:ffff::1/64 up 8-32 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.BROADCAST.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fef8:b723/64 ip.IPv6> mtu 8212 index 4 inet tunnel src 192.MULTICAST.168.168.168.30.RUNNING.30.NONUD.RUNNING.ROUTER. The contents of the file are the arguments that follow the inet6 keyword on the command line. For example: # cat /etc/hostname6. All Rights Reserved.168.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2100841<UP.ROUTER.IPv6> mtu 1500 index 2 inet6 2002:c0a8:1e1f:1:a00:20ff:fef8:b723/64 hme0:2: flags=2180841<UP.IPv4. use the syntax: ifconfig ip.6to4tun0 tsrc 192.MULTICAST.IPv4> mtu 1500 index 2 inet 192.31 netmask ffffff00 broadcast 192.3 netmask ffffff00 broadcast 192.31 tunnel hop limit 60 inet6 2002:c0a8:1e1f::1/64 # To configure a 6to4 tunnel with an explicit IPv6 host address as the tunnel end point.ADDRCONF.RUNNING.168.ROUTER.30.RUNNING.255 ether 8:0:20:f8:b7:23 qfe0: flags=1100843<UP.0.

Inc. # uname -n sys11 # netstat -rn -f inet6 Routing Table: IPv6 Destination/Mask --------------------------2000:0:0:9255::/64 fec0:0:0:9255::/64 2000:0:0:9256::/64 fec0:0:0:9256::/64 2000:0:0:9257::/64 fec0:0:0:9257::/64 fe80::/10 fe80::/10 ff00::/8 ::1 # # uname -n # sys21 # Gateway Flags Ref Use If --------------------------.----2000::9256:a00:20ff:feac:9b20 U 1 0 hme0:1 fec0::9256:a00:20ff:feac:9b20 U 1 0 hme0:2 2000::9255:a00:20ff:feb9:7223 U 1 0 qfe0:1 fec0::9255:a00:20ff:feb9:7223 U 1 0 qfe0:2 fe80::a00:20ff:fec0:449d UG 1 0 qfe0 fe80::a00:20ff:fec0:449d UG 1 0 qfe0 fe80::a00:20ff:feac:9b20 U 1 0 hme0 fe80::a00:20ff:feb9:7223 U 1 2 qfe0 fe80::a00:20ff:feb9:7223 U 1 0 hme0 ::1 UH 1 0 lo0 Configuring IPv6 Copyright 2005 Sun Microsystems.-----. # uname -n sys11 # pgrep -lf ndpd 108 /usr/lib/inet/in.Enabling IPv6 Troubleshooting a Router Configuration To perform basic troubleshooting of an IPv6 router.--.ndpd # # uname -n sys21 # pgrep -lf ndpd 1497 /usr/lib/inet/in.ndpd q View the IPv6 routing table on each router in question. All Rights Reserved. Sun Services. Revision A. confirm that processes are running by examining the routing table. as shown in the following examples: q Determine if the ND daemon is running on each of the routers in question.1 8-33 .----.

Do not attempt to communicate with the link-local address of a system across a router because routers do not forward link-local addresses. Revision A.----2000::9257:a00:20ff:fec0:449d U 1 0 hme0:1 fec0::9257:a00:20ff:fec0:449d U 1 0 hme0:2 2000::9256:a00:20ff:feb8:2b08 U 1 0 qfe0:1 fec0::9256:a00:20ff:feb8:2b08 U 1 0 qfe0:2 fe80::a00:20ff:feb9:7223 UG 1 0 qfe0 fe80::a00:20ff:feb9:7223 UG 1 0 qfe0 fe80::a00:20ff:feb8:2b08 U 1 0 qfe0 fe80::a00:20ff:fec0:449d U 1 1 hme0 Send an ICMP echo request to a remote system to determine if you receive an ICMP echo response from the remote system. # ping fec0::9255:a00:20ff:fec0:449d fec0::9255:a00:20ff:fec0:449d is alive # # ping 2000::9255:a00:20ff:fec0:449d 2000::9255:a00:20ff:fec0:449d is alive # 8-34 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.--.----. Inc. Sun Services. All Rights Reserved.-----.1 .Enabling IPv6 # netstat -rn -f inet6 Routing Table: IPv6 Destination/Mask --------------------------2000:0:0:9257::/64 fec0:0:0:9257::/64 2000:0:0:9256::/64 fec0:0:0:9256::/64 2000:0:0:9255::/64 fec0:0:0:9255::/64 fe80::/10 fe80::/10 # q Gateway Flags Ref Use If --------------------------.

VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2100841<UP.ROUTER.MULTICAST.IPv6> mtu 1500 index 2 inet6 2000::9255:a00:20ff:feb9:7223/64 hme0:2: flags=2180841<UP.IPv6> mtu 1500 index 3 inet6 fec0::9256:a00:20ff:feac:9b20/64 # Modifying the Configuration of an IPv6 Interface Use the ifconfig command to modify IPv6 interface configuration in a similar manner to IPv4 interfaces.RUNNING.IPv6> mtu 1500 index 3 inet6 2000::9256:a00:20ff:feac:9b20/64 qfe0:2: flags=2180841<UP.ROUTER.MULTICAST. All Rights Reserved.RUNNING.ROUTER. Revision A. The family type of IPv6 must be defined in the command after the interface option.RUNNING.IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:feb9:7223/10 hme0:1: flags=2180841<UP.RUNNING.ADDRCONF.1 8-35 .ADDRCONF.RUNNING.RUNNING.ADDRCONF.MULTICAST.ROUTER. Sun Services.MULTICAST.MULTICAST.MULTICAST. or the command changes the configuration of an IPv4 interface.LOOPBACK.IPv6> mtu 1500 index 3 inet6 fe80::a00:20ff:feac:9b20/10 qfe0:1: flags=2180841<UP.ROUTER.ADDRCONF.Managing IPv6 Managing IPv6 The tasks you use to manage IPv6 interfaces are similar to the tasks you use to manage IPv4 interfaces.IPv6> mtu 1500 index 2 inet6 fec0::9255:a00:20ff:feb9:7223/64 qfe0: flags=2100841<UP. Configuring IPv6 Copyright 2005 Sun Microsystems.MULTICAST. Inc.RUNNING. Displaying the State of IPv6 Interfaces Use the ifconfig command with the inet6 option to display the state of the IPv6 interfaces. for example: ifconfig hme0 inet6 configuration options Caution – Be sure to specify the inet6 family.ROUTER. for example: # ifconfig -a inet6 lo0: flags=2002000849<UP.IPv6.

for example: # netstat -f inet6 -r Routing Table: IPv6 Destination/Mask --------------------------fe80::/10 ff00::/8 default localhost # Gateway --------------------------sys11-v6 sys11-v6 sys11-v6 localhost Flags Ref Use If ----.--. All Rights Reserved. for example: # ifconfig qfe0:3 inet6 down unplumb # Troubleshooting IPv6 Interfaces You troubleshoot IPv6 interfaces like you troubleshoot IPv4 interfaces. Therefore.----U 1 0 hme0 U 1 0 hme0 U 1 0 hme0 UH 1 0 lo0 8-36 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. do not spend time attempting to determine why you cannot access a system on another subnet with an IPv6 address that starts with fe8.1 . Sun Services.Managing IPv6 Configuring Logical Interfaces You can configure logical IPv6 interfaces by using the ifconfig command with the inet6 parameter in a similar way as for IPv4. and then use the unplumb parameter.-----. disable the interface. Inc. for example: ifconfig qfe0:3 inet6 plumb configuration options To remove the logical interface. Revision A. Displaying the IPv6 Routing Table You use the netstat command with the address-family -f inet6 option to display the IPv6 routing table. Recall that different FPs are required on addresses destined beyond the local subnet.

______________________________________________ 3. Reboot the system. All Rights Reserved. Inc. Sun Services. Work with another group for these tasks if your system functions as a router in the classroom. you configure IPv6 on a router and on a non-router.Exercise 1: Configuring IPv6 Exercise 1: Configuring IPv6 In this exercise. Create the relevant file to cause your system’s primary interface to be configured with both IPv4 and IPv6. ______________________________________________ Configuring IPv6 Copyright 2005 Sun Microsystems. sysX3.1 8-37 . ______________________________________________ 2. complete the following sections. Task 1 – Configuring IPv6 on the Local Subnet To configure IPv6 on the local subnet. Working on All Non-Router Systems (sysX2. Display the configuration of the system’s interfaces before you make any changes. The exercise consists of the following tasks: q q Configure IPv6 on your local subnet Configure 6to4 routing so that you can contact IPv6 systems on other subnets Configure the whole classroom network to use IPv6 q Preparation Refer to the lecture notes as necessary to perform the tasks listed. Revision A. sysX4) To configure IPv6 on a non-router. complete the following steps: 1.

Use the ps command to determine which routing daemons are currently running on the system. View the current routing table so that you will be able to see the difference after the router is reconfigured later. ______________________________________________ 7.Exercise 1: Configuring IPv6 4. Sun Services. Write the IP address: ______________________________________________ 6.1 . ______________________________________________ 8. All Rights Reserved. Ask another group on your subnet for its link-local IPv6 IP address. View the system’s interface configuration after the boot. Inc. Revision A. ______________________________________________ Write your system’s IPv6 IP address: ______________________________________________ Can this IPv6 IP address be used by systems on other subnets to contact your system? Why or why not? ______________________________________________ ______________________________________________ ______________________________________________ 5. ______________________________________________ ______________________________________________ ______________________________________________ ______________________________________________ 8-38 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. ______________________________________________ Describe why the process or processes are running. Use the ping command to verify that your system can send and receive ICMP echo messages with another local IPv6 system.

ip.168. 3. and use network number 0 (zero) and host number 1 (one) for the tunnel end point. ______________________________________________ Plumb an IPv6 6to4 tunnel.1 8-39 . Also create the necessary file to enable this same configuration at any subsequent boot.30. Enable IPv6 routing. Sun Services.Exercise 1: Configuring IPv6 Task 2 – Configuring 6to4 Routing Complete the steps in the following sections. ______________________________________________ Configuring IPv6 Copyright 2005 Sun Microsystems. 5. 4. Working on Your Subnet’s Router Complete the following steps: 1. ______________________________________________ Enable IPv6 forwarding. All Rights Reserved. ______________________________________________ Configure the IPv6 tunnel using the router’s IPv4 address on the 30.X network (for example 192. From the command line.31). Revision A. Create an /etc/hostname6. ______________________________________________ 2.6to4tun0 file so that the 6to4 tunnel is created automatically with the appropriate source when the system boots. Inc. configure IPv6 on the network interface connected to the local subnet. ______________________________________________ 6.

1 . Sun Services. ______________________________________________ 11. if you are on subnet 192.Exercise 1: Configuring IPv6 7. View the routing table on the router. Revision A.0. ______________________________________________ 10. (For example.conf file to advertise a 6to4 address prefix and a site-local address prefix to your local subnet. Make the subnet ID for both prefixes the same as the subnet ID used in your IPv4 addresses. Reboot the router. sysX3. ______________________________________________ Caution – Do not proceed beyond this point until everyone in the class completes this step. Use the following prefix lines: q For sys11: prefix fec0:0:0:1::0/64 prefix 2002:c0a8:1e1f:1::0/64 hme0 hme0 hme0 hme0 hme0 hme0 q For sys21: prefix fec0:0:0:2::0/64 prefix 2002:c0a8:1e20:2::0/64 q For sys31: prefix fec0:0:0:3::0/64 prefix 2002:c0a8:1e21:3::0/64 8. All Rights Reserved.168. ______________________________________________ 13. Create an /etc/inet/ndpd. ______________________________________________ Working on all Non-Router Systems (sysX2. 8-40 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. ______________________________________________ Log in to the router and view the configuration of its network interfaces.1. View the daemons running on the router. Attempt to contact a system on a different subnet by using its IPv6 6to4 address. Obtain the IPv6 6to4 address of a system on a different subnet. sysX4) Continue as follows: 12. 9. Inc. use 1 (one) as your subnet ID).

Display the router’s interface configuration so that you can back out of the configuration at any stage. if so. All Rights Reserved. Why are the processes running with these options? ______________________________________________ ______________________________________________ ______________________________________________ ______________________________________________ 4. with what options. create them. Revision A. Working on Your Subnet’s Router Work with another teammate’s group for this task if your system functions as a non-router in the classroom. Inc. if any. If they do not. ______________________________________________ ______________________________________________ Configuring IPv6 Copyright 2005 Sun Microsystems.Exercise 1: Configuring IPv6 Task 3 – Configuring IPv6 Across the Whole Network In this section you will remove the 6to4 tunnel just constructed so that you can enable IPv6 across the whole network. Sun Services. Verify that the files that you use to configure the router’s interfaces with IPv6 at boot time exist. processes related to IPv6 routing are running and. ______________________________________________ 2.1 8-41 . Complete the steps in the following sections. Unconfigure the 6to4 tunnel interface. To configure IPv6 on a router. complete the following steps: 1. ______________________________________________ ______________________________________________ 3. Determine which.

Display the configuration of each network interface. 6.2. All Rights Reserved.1.168. 9. ______________________________________________ Verify that each router is configured correctly. Which options are running with each routing daemon. ______________________________________________ 8. and why? ______________________________________________ ______________________________________________ ______________________________________________ ______________________________________________ ______________________________________________ ______________________________________________ 8-42 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.3.0 uses fec0:0:0:1::0/64 and 2000:0:0:1::0/64 192.168. What routes are available? ______________________________________________ Determine which routing daemons are running on the router.0 uses fec0:0:0:2::0/64 and 2000:0:0:2::0/64 192. Sun Services. Be sure to remove an existing prefix 2002 lines.30.0 uses fec0:0:0:30::0/64 and 2000:0:0:30::0/64 q q q Configure the file to cause the routing daemon to advertise IPv6 out of all interfaces. 7.168. Edit the correct file on your router to cause it to use a site-local and an aggregated global-unicast address for each interface on the router.Exercise 1: Configuring IPv6 5. Document your work. Reboot the router systems.0 uses fec0:0:0:3::0/64 and 2000:0:0:3::0/64 192. Revision A.168. View your router’s IPv6 routing table. Use the following addresses: q 192.1 . Inc.

(You may have to wait enough time for the routing information to be updated after the prior step’s system boot) ______________________________________________ 12. site-local. ______________________________________________ Configuring IPv6 Copyright 2005 Sun Microsystems. Either reboot the non-router systems. sysX3. and why? ______________________________________________ ______________________________________________ 13. Display the system’s interface configuration. Notice the logical addresses that provide access to the different networks based on the FP. Display the system’s routing table. or global)? ______________________________________________ 14. Inc.Exercise 1: Configuring IPv6 Working on all Non-Router Systems (sysX2. Sun Services. All Rights Reserved. sysX4) Continue as follows: 10. ______________________________________________ 11.1 8-43 . Which options are running with each routing daemon. Determine which routing daemons are running on each non-router system. What type of routes are in the routing table (link-local. Revision A. or wait a few minutes for the route information to propagate the network. Use the ping command to send ICMP echo requests from a nonrouter system to the site-local address of another non-router system on another subnet to verify that the routing is functioning as expected.

1 . Sun Services. or discoveries you had during the lab exercise. q q q q ! ? Experiences Interpretations Conclusions Applications 8-44 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc. Revision A. issues.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. All Rights Reserved.

RUNNING. Task 1 – Configuring IPv6 on the Local Subnet To configure IPv6 on the local subnet. # 2. . Revision A. sysX3.IPv4.0. Create the relevant file to cause your system’s primary interface to be configured with both IPv4 and IPv6.168.BROADCAST.168.0. Please wait.1. Your results will be different if you are working on different systems.3 netmask ffffff00 broadcast 192.MULTICAST. # touch /etc/hostname6.IPv4> mtu 1500 index 2 inet 192. Sun Services. complete the following sections. # init 6 # INIT: New run level: 6 svc.. sysX4) To configure IPv6 on a non-router. Configuring IPv6 Copyright 2005 Sun Microsystems.LOOPBACK.hme0 3.255 ether 8:0:20:c1:4b:44 Display the configuration of the system’s interfaces before you make any changes.Exercise 1 Solutions Exercise 1 Solutions The following solution is specific to an individual system. .RUNNING. complete the following steps: 1. All Rights Reserved. # ifconfig -a lo0: flags=1000849<UP. Working on All Non-Router Systems (sysX2.startd: The system is coming down.1 netmask ff000000 hme0: flags=1000843<UP.. Inc..1. Reboot the system.MULTICAST. VIRTIAL> mtu 8232 index 1 inet 127..1 8-45 .

other systems cannot contact this IPv6 IP address because the address has an FP of fe8.IPv6> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 View the system’s interface configuration after the boot.RUNNING.IPv6> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841<UP.MULTICAST. Write the IP address: fe80::a00:20ff:fe90:b5c7/10 6.RUNNING.1 . # ping fe80::a00:20ff:fe90:b5c7 fe80::a00:20ff:fe90:b5c7 is alive # 8-46 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.MULTICAST. Sun Services.168. 5.LOOPBACK.1.255 ether 8:0:20:c1:4b:44 lo0: flags=2000849<UP.168. Revision A.0. # ifconfig -a lo0: flags=1000849<UP. VIRTUAL> mtu 8232 index 1 inet 127.0.RUNNING. Write your system’s IPv6 IP address: fe80::a00:20ff:fec1:4b44/10 Can this IPv6 IP address be used by systems on other subnets to contact your system? Why or why not? No.3 netmask ffffff00 broadcast 192.MULTICAST. Ask another group on your subnet for its link-local IPv6 IP address.1. Use the ping command to verify that your system can send and receive ICMP echo messages with another local IPv6 system.RUNNING.IPv4> mtu 1500 index 2 inet 192.1 netmask ff000000 hme0: flags=1000843<UP. # The system’s primary interface is now configured with both the IPv4 and IPv6 protocol stacks.LOOPBACK.IPv4. which is a link-local address and is limited to the local subnet.BROADCAST. Inc.MULTICAST. The FP defines the scope that an IPv6 datagram is able to travel.Exercise 1 Solutions 4. All Rights Reserved.

1 8-47 .routed 0:00 /usr/lib/inet/in.1.ndpd daemon provides the autoconfiguration components of neighbor discovery and is not really considered to be a routing daemon.] root 102 1 0 12:10:10 ? root 109 1 0 12:10:10 ? # Describe why the process or processes are running. 0:00 /usr/sbin/in.-----.0.0. The in. Revision A. netstat -rn Routing Table: IPv4 Destination -------------------192.--------192.0.1 Gateway Flags Ref Use Interface -------------------.1 UH 2 6 lo0 View the current routing table so that you will be able to see the difference after the router is reconfigured later.1.3 U 1 0 hme0 192.0 224. All Rights Reserved. and is listening for IPv4 routing messages after it boots. Use the ps command to determine which routing daemons are currently running on the system.0. Configuring IPv6 Copyright 2005 Sun Microsystems.0 default 127.routed daemon is attempting to locate routers by sending solicitation. Routing Table: IPv6 Destination/Mask --------------------------fe80::/10 ff00::/8 default ::1 Gateway --------------------------fe80::a00:20ff:fec1:4b44 fe80::a00:20ff:fec1:4b44 fe80::a00:20ff:fec1:4b44 ::1 Flags Ref Use If ----.ndpd # ps -ef | grep in[.1. Inc.----U 1 0 hme0 U 1 0 hme0 U 1 0 hme0 UH 1 0 lo0 # 8.3 U 1 2 hme0 192.----.168.168.-----.--.----.168.168. The in.1 UG 1 0 hme0 127.0.1.Exercise 1 Solutions 7. Sun Services.0.

Sun Services.1 .pid‘" "/usr/lib/inet/in.routed" "" "kill -TERM ‘cat /var/tmp/in.ripngd.pid‘" IPv4 IPv4 IPv6 IPv6 # Enable IPv6 forwarding. configure IPv6 on the network interface connected to the local subnet.routed. Working on Your Subnet’s Router 1.ripngd" "-s" "kill -TERM ‘cat /var/tmp/in. Enable IPv6 routing. # ifconfig hme0 inet6 plumb up # touch /etc/hostname6. From the command line. All Rights Reserved. Inc.hme0 # 2. "/usr/sbin/in. Revision A. # routeadm -u -e ipv6-routing # routeadm Configuration Current Current Option Configuration System State --------------------------------------------------------------IPv4 forwarding enabled enabled IPv4 routing enabled enabled IPv6 forwarding enabled enabled IPv6 routing enabled enabled IPv4 routing daemon routing daemon args routing daemon stop IPv6 routing daemon routing daemon args routing daemon stop 3.Exercise 1 Solutions Task 2 – Configuring 6to4 Routing Complete the steps in the following sections. Also create the necessary file to enable this same configuration at any subsequent boot. # routeadm -u -e ipv6-forwarding # 8-48 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

0. Sun Services. Configure the IPv6 tunnel using the router’s IPv4 address on the 30.168.ROUTER.Exercise 1 Solutions 4. Inc.MULTICAST.VIRTUAL> mtu 8232 index 1 inet 127. Make the subnet ID for both prefixes the same as the subnet ID used in your IPv4 addresses.1.1 8-49 .0.168.6to4tun0: flags=2300040<RUNNING.ip.31 up 6.BROADCAST.IPv4> mtu 1500 index 3 inet 192.0 tunnel hop limit 60 inet6 fe80::32:0:10/10 5.0.30.30.0.RUNNING.MULTICAST.IPv6> mtu 65515 index 4 inet tunnel src 0.31 up # cat /etc/hostname6.RUNNING.30. Plumb an IPv6 6to4 tunnel.255 ether 8:0:20:b9:72:23 qfe2: flags=1100843<UP.MULTICAST.IPv4. # ifconfig ip.31 up > /etc/hostname6.168. Create an /etc/inet/ndpd.ip.IPv4> mtu 1500 index 2 inet 192.X network (for example 192. # echo tsrc 192.6to4tun0 file so that the 6to4 tunnel is created automatically with the appropriate source when the system boots. use 1 (one) as your subnet ID).31 netmask ffffff00 broadcast 192.ip.6to4tun0 # cat /etc/hostname6.1 netmask ffffff00 broadcast 192.168. Create an /etc/hostname6. Revision A.BROADCAST.168.30.ROUTER.168.1.30.6to4tun0 inet6 tsrc 192.ip.conf file to advertise a 6to4 address prefix and a site-local address prefix to your local subnet.LOOPBACK.168.31 up ______________________________________________ 7.6to4tun0 tsrc 192.IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:feb9:7223/10 ether 8:0:20:b9:72:23 ip. # ifconfig ip.ROUTER.1.31).168.NONUD.168.ROUTER. (For example.RUNNING.1 netmask ff000000 hme0: flags=1100843<UP.6to4tun0 tsrc 192.MULTICAST.6to4tun0 inet6 plumb # ifconfig -a lo0: flags=2001000849<UP.RUNNING.168. if you are on subnet 192.0.30. All Rights Reserved. Use the following prefix lines: q For sys11: prefix fec0:0:0:1::0/64 prefix 2002:c0a8:1e1f:1::0/64 hme0 hme0 hme0 hme0 q For sys21: prefix fec0:0:0:2::0/64 prefix 2002:c0a8:1e20:2::0/64 Configuring IPv6 Copyright 2005 Sun Microsystems. and use network number 0 (zero) and host number 1 (one) for the tunnel end point.30.255 ether 8:0:20:ac:9b:22 hme0: flags=2100841<UP.

BROADCAST.ROUTER. # ifconfig -a lo0: flags=2001000849<UP.ROUTER.ROUTER.IPv4> mtu 1500 index 3 inet 192.ROUTER.NONUD.6to4tun0: flags=2300041<UP.168.IPv6> mtu 1500 index 2 inet6 2002:c0a8:1e1f:1:a00:20ff:fef8:b723/64 hme0:2: flags=2180841<UP.255 ether 8:0:20:f8:b7:23 lo0: flags=2002000849<UP.ROUTER.ADDRCONF. Sun Services. Log in to the router and view the configuration of its network interfaces.168.BROADCAST.MULTICAST.Exercise 1 Solutions q For sys31: prefix fec0:0:0:3::0/64 prefix 2002:c0a8:1e21:3::0/64 hme0 hme0 # cat /etc/inet/ndpd.IPv4.255 ether 8:0:20:f8:b7:23 qfe0: flags=1100843<UP.RUNNING.30.1 netmask ff000000 hme0: flags=1100843<UP.LOOPBACK.RUNNING. Inc.LOOPBACK.RUNNING.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fef8:b723/64 ip. Revision A.ROUTER.MULTICAST.168.RUNNING. 8-50 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1.RUNNING.1 .IPv6.168.conf # Send router advertisements out all interfaces ifdefault AdvSendAdvertisements on # Advertise an unregistered (bogus) global prefix and a site # local prefix using the default lifetimes # Site-local address prefix fec0:0:0:1::0/64 hme0 # 6to4 address prefix 2002:c0a8:1e1f:1::0/64 hme0 # 8.1 netmask ffffff00 broadcast 192.IPv4> mtu 1500 index 2 inet 192.ADDRCONF.IPv6> mtu 8212 index 4 inet tunnel src 192.MULTICAST.IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:fef8:b723/10 ether 8:0:20:f8:b7:23 hme0:1: flags=2180841<UP.31 tunnel hop limit 60 inet6 2002:c0a8:1e1f::1/64 # Reboot the router. All Rights Reserved. # init 6 9.VIRTUAL> mtu 8232 index 1 inet 127.RUNNING.1.0.MULTICAST.MULTICAST.MULTICAST.0.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2100841<UP.31 netmask ffffff00 broadcast 192.MULTICAST.30.RUNNING.168.30.RUNNING.

# ps -ef | grep in[.30.1.168.1.-----.0 192.0 224.0 192.0.6to4tun0 2002:c0a8:1e1f::1 U 1 1 ip.168.----2002:c0a8:1e1f:1:a00:20ff:fef8:b723 U 1 6 hme0:1 fec0::1:a00:20ff:fef8:b723 U 1 0 hme0:2 2002:c0a8:1e1f::1 U 1 0 ip. All Rights Reserved.ndpd 0:02 /usr/lib/inet/in.----.0. Revision A.6to4tun0 fe80::a00:20ff:fef8:b723 U 1 18 hme0 fe80::a00:20ff:fef8:b723 U 1 0 hme0 ::1 UH 30 494 lo0 11. View the routing table on the router.3 127. 2002:c0a8:1e20:2:a00:20ff:feb6:c5de 13. sysX3.3 192.31 192. Configuring IPv6 Copyright 2005 Sun Microsystems.30.1 Gateway -------------------192.0.1 Flags Ref Use Interface ----.168.168. Attempt to contact a system on a different subnet by using its IPv6 6to4 address.1 8-51 .routed 0:00 /usr/lib/inet/in. Sun Services.--.] root 147 1 root 149 1 root 151 1 # 0 15:42:56 ? 0 15:42:56 ? 0 15:42:56 ? 0:32 /usr/sbin/in.1. Inc.ripngd -s Working on all Non-Router Systems (sysX2. Obtain the IPv6 6to4 address of a system on a different subnet. View the daemons running on the router.-----.0 127.168. # netstat -rn Routing Table: IPv4 Destination -------------------192.0.Exercise 1 Solutions 10.0.32 192.168. # ping 2002:c0a8:1e20:2:a00:20ff:feb6:c5de 2002:c0a8:1e20:2:a00:20ff:feb6:c5de is alive # Caution – Do not proceed beyond this point until everyone in the class completes this step.30.168.0.--------U 1 38 hme0 UG 1 0 qfe0 U 1 34 qfe0 U 1 0 hme0 UH 9 152065 lo0 Routing Table: IPv6 Destination/Mask --------------------------2002:c0a8:1e1f:1::/64 fec0:0:0:1::/64 2002:c0a8:1e1f::/64 2002::/16 fe80::/10 ff00::/8 ::1 # Gateway Flags Ref Use If --------------------------. sysX4) Continue as follows: 12.2.----.

complete the following steps: 1. with what options.ADDRCONF.1.ROUTER.ip. Determine which.30. Inc.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2100841<UP.ROUTER.6to4tun0 inet6 down unplumb # rm /etc/hostname6. # ifconfig -a lo0: flags=2001000849<UP.ROUTER.MULTICAST.IPv4.30.0.RUNNING.BROADCAST.ROUTER.1 netmask ff000000 hme0: flags=1100843<UP.LOOPBACK.30.MULTICAST.NONUD.6to4tun0: flags=2300041<UP.IPv6> mtu 8212 index 4 inet tunnel src 192. if any.] 8-52 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.255 ether 8:0:20:f8:b7:23 lo0: flags=2002000849<UP.ADDRCONF. Working on Your Subnet’s Router Work with another teammate’s group for this task if your system functions as a non-router in the classroom.RUNNING. processes related to IPv6 routing are running and. if so.RUNNING.BROADCAST.MULTICAST.MULTICAST.1.RUNNING. All Rights Reserved.IPv6.IPv6> mtu 1500 index 2 inet6 fe80::a00:20ff:fef8:b723/10 ether 8:0:20:f8:b7:23 hme0:1: flags=2180841<UP.0.168.LOOPBACK.ROUTER.1 netmask ffffff00 broadcast 192. Sun Services. Complete the steps in the following sections.31 netmask ffffff00 broadcast 192.IPv4> mtu 1500 index 2 inet 192.168.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fef8:b723/64 ip.6to4tun0 # 3. # 2.Exercise 1 Solutions Task 3 – Configuring IPv6 Across the Whole Network In this section you will remove the 6to4 tunnel just constructed so that you can enable IPv6 across the whole network.RUNNING. Unconfigure the 6to4 tunnel interface # ifconfig ip.168.1 . Why are the processes running with these options? # ps -ef | grep in[.RUNNING.MULTICAST.31 tunnel hop limit 60 inet6 2002:c0a8:1e1f::1/64 Display the router’s interface configuration so that you can back out of the configuration at any stage.168.MULTICAST.ROUTER.RUNNING.IPv6> mtu 1500 index 2 inet6 2002:c0a8:1e1f:1:a00:20ff:fef8:b723/64 hme0:2: flags=2180841<UP.255 ether 8:0:20:f8:b7:23 qfe0: flags=1100843<UP.IPv4> mtu 1500 index 3 inet 192.MULTICAST.RUNNING. Revision A.168. To configure IPv6 on a router.VIRTUAL> mtu 8232 index 1 inet 127.

If they do not.conf Configuring IPv6 Copyright 2005 Sun Microsystems. Document your work.conf file to contain contents similar to the following: sys21# cat /etc/inet/ndpd. Use the following addresses: q 192. Edit the sys11 router’s /etc/inet/ndpd.168.ripngd -s The in. All Rights Reserved.routed 0:00 /usr/lib/inet/in. Inc. 4.conf # Send router advertisements out all interfaces ifdefault AdvSendAdvertisements on # Advertise an unregistered (bogus) global prefix and a site # local prefix using the default lifetimes # Site-local addresses: prefix fec0:0:0:2::0/64 qfe0 prefix fec0:0:0:30::0/64 hme0 # Aggregatable global unicast addresses prefix 2000:0:0:2::0/64 qfe0 prefix 2000:0:0:30::0/64 hme0 Edit the sys21 router’s /etc/inet/ndpd.1 8-53 .30.1.qfe0 # 5.168. Be sure to remove existing prefix 2002 lines.2.0 uses fec0:0:0:2::0/64 and 2000:0:0:2::0/64 192.0 uses fec0:0:0:3::0/64 and 2000:0:0:3::0/64 192.168.168. This is possible even if this system is not configured as a router. create them. Revision A.conf file to contain contents similar to the following: sys11# cat /etc/inet/ndpd.routed daemon runs to supply routing information to the local networks. Sun Services.ndpd 0:01 /usr/sbin/in. Edit the correct file on your router to cause it to use a site-local and an aggregated global unicast address for each interface on the router.0 uses fec0:0:0:1::0/64 and 2000:0:0:1::0/64 192. # touch /etc/hostname6.Exercise 1 Solutions root root root 161 158 163 1 1 1 0 14:25:20 ? 0 14:25:20 ? 0 14:25:20 ? 0:00 /usr/lib/inet/in.hme0 # touch /etc/hostname6.3.0 uses fec0:0:0:30::0/64 and 2000:0:0:30::0/64 q q q Configure the file to cause the routing daemon to advertise IPv6 out of all interfaces. Verify that the files that you use to configure the router’s interfaces with IPv6 at boot time exist.

Sun Services. Revision A. Inc.Exercise 1 Solutions # Send router advertisements out all interfaces ifdefault AdvSendAdvertisements on # Advertise an unregistered (bogus) global prefix and a site # local prefix using the default lifetimes # Site-local addresses: prefix fec0:0:0:2::0/64 qfe0 prefix fec0:0:0:30::0/64 hme0 # Aggregatable global unicast addresses prefix 2000:0:0:2::0/64 qfe0 prefix 2000:0:0:30::0/64 hme0 8-54 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 . All Rights Reserved.

RUNNING.RUNNING.RUNNING.RUNNING.MULTICAST. Sun Services.IPv6> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2100841<UP. Inc.RUNNING.1 netmask ff000000 hme0: flags=1000843<UP.IPv6> mtu 1500 index inet6 fec0::1:a00:20ff:feb9:7223/64 qfe0: flags=2100841<UP. .ROUTER. 7.ROUTER.30. # ifconfig -a Please wait.IPv6> mtu 1500 index inet6 fec0::30:a00:20ff:feac:9b20/64 2 2 3 3 8.RUNNING..168.RUNNING.RUNNING.1 netmask ffffff00 broadcast 192.ADDRCONF.MULTICAST.IPv4> mtu 1500 index 2 inet 192.MULTICAST. # init 6 # svc.168. What routes are available? # netstat -f inet6 -rn Routing Table: IPv6 Destination/Mask Gateway --------------------------.ADDRCONF. Verify that each router is configured correctly.startd: The system is coming down.1 8-55 .IPv6> mtu 1500 index inet6 2000::30:a00:20ff:feac:9b20/64 qfe0:2: flags=2180841<UP.168.IPv6> mtu 1500 index 2 ether 8:0:20:b9:72:23 inet6 fe80::a00:20ff:feb9:7223/10 hme0:1: flags=2180841<UP.MULTICAST.31 netmask ffffff00 broadcast 192.--------------------------2000:0:0:30::/64 2000::30:a00:20ff:feb9:7223 fec0:0:0:30::/64 fec0::30:a00:20ff:feb9:7223 2000:0:0:1::/64 2000::1:a00:20ff:feac:9b20 fec0:0:0:1::/64 fec0::1:a00:20ff:feac:9b20 2000:0:0:2::/64 fe80::203:baff:fe6b:5d34 UG fec0:0:0:2::/64 fe80::203:baff:fe6b:5d34 UG fe80::/10 fe80::a00:20ff:feb9:7223 U fe80::/10 fe80::a00:20ff:feac:9b20 U ff00::/8 fe80::a00:20ff:feb9:7223 U ::1 ::1 Flags Ref Use If ----.LOOPBACK.Exercise 1 Solutions 6.ROUTER.RUNNING.IPv6> mtu 1500 index 3 ether 8:0:20:ac:9b:20 inet6 fe80::a00:20ff:feac:9b20/10 qfe0:1: flags=2180841<UP. .1.168.MULTICAST. Revision A.MULTICAST. Display the configuration of each network interface.. lo0: flags=1000849<UP.RUNNING.ADDRCONF.30.0.ROUTER.--.ROUTER.255 ether 8:0:20:ac:9b:20 lo0: flags=2000849<UP.IPv6> mtu 1500 index inet6 2000::1:a00:20ff:feb9:7223/64 hme0:2: flags=2180841<UP.ROUTER.0..IPv4.MULTICAST.MULTICAST. View your router’s IPv6 routing table.----U 1 0 hme0:1 U 1 0 hme0:2 U 1 0 qfe0:1 U 1 0 qfe0:2 1 0 hme0 1 0 hme0 1 0 hme0 1 0 qfe0 1 0 hme0 UH 1 0 lo0 Configuring IPv6 Copyright 2005 Sun Microsystems. All Rights Reserved.1.IPv4> mtu 1500 index 3 inet 192.VIRTUAL> mtu 8232 index 1 inet 127.255 ether 8:0:20:b9:72:23 qfe0: flags=1000843<UP.BROADCAST.BROADCAST..MULTICAST. Reboot the router systems.LOOPBACK.ADDRCONF.MULTICAST.-----.

. Please wait.. sysX3. Inc. Which options are running with each routing daemon. This is possible even if this system is not configured as a router. Sun Services...routed process runs to supply routing information to the local networks. This is possible even if this system is not configured as a router. 11. .1 . Either reboot the non-router systems.. The in. sysX4) Continue as follows: 10. # init 6 svc.ripngd -s # ps -ef | grep in[...startd: The system is coming down. Working on all Non-Router Systems (sysX2.ndpd 0:00 /usr/lib/inet/in.ripngd process runs with the -s option to force the process to supply routing information. Use the ping command to send ICMP echo requests from a nonrouter system to the site-local address of another non-router system on another subnet to verify that the routing is functioning as expected. Revision A.routed 0:00 /usr/lib/inet/in. # ping fec0::2:a00:20ff:feb8:30c8 fec0::2:a00:20ff:feb8:30c8 is alive # .] root 107 1 0 12:36:01 ? root 116 1 0 12:36:02 ? root 118 1 0 12:36:02 ? # The in. # ping fec0::2:a00:20ff:feb8:30c8 ICMPv6 Address Unreachable from gateway .. All Rights Reserved. 8-56 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Exercise 1 Solutions 9. . Determine which routing daemons are running on the router..ndpd process provides the autoconfiguration components of neighbor discovery and is not really considered to be a routing daemon. and why? 0:00 /usr/sbin/in. (You may have to wait enough time for the routing information to be updated after the prior step’s system boot). The in. or wait a few minutes for the route information to propagate the network.

RUNNING. fec.ADDRCONF.MULTICAST.RUNNING.LOOPBACK.0.255 ether 8:0:20:c1:4b:44 lo0: flags=2000849<UP.Exercise 1 Solutions 12.1. site-local. site-local. and why? # ps -ef | grep in[. 14. Display the system’s interface configuration. Inc.ADDRCONF.routed 0:00 /usr/lib/inet/in. Notice the logical addresses that provide access to the different networks based on the FP. Revision A.MULTICAST.168.IPv6> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841<UP. and 200 FPs indicate that the system is aware of link-local. Sun Services. Display the system’s routing table.routed daemon is listening for IPv4 routing information.BROADCAST.MULTICAST.IPv4> mtu 1500 index 2 inet 192.RUNNING. What type of routes are in the routing table (link-local.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 # Configuring IPv6 Copyright 2005 Sun Microsystems.MULTICAST. 13.3 netmask ffffff00 broadcast 192.IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP.1 8-57 . or global)? # netstat -rn -f inet6 Routing Table: IPv6 Destination/Mask --------------------------2000:0:0:1::/64 fec0:0:0:1::/64 fe80::/10 ff00::/8 default ::1 # Gateway --------------------------2000::1:a00:20ff:fec1:4b44 fec0::1:a00:20ff:fec1:4b44 fe80::a00:20ff:fec1:4b44 fe80::a00:20ff:fec1:4b44 fe80::a00:20ff:feac:9b20 ::1 Flags Ref Use If ----.RUNNING.RUNNING. # ifconfig -a lo0: flags=1000849<UP.168.1.] root 102 1 0 12:51:52 ? root 109 1 0 12:51:52 ? # 0:00 /usr/sbin/in.0.----U 1 0 hme0:1 U 1 0 hme0:2 U 1 0 hme0 U 1 0 hme0 UG 1 0 hme0 UH 1 0 lo0 The fe8.-----. All Rights Reserved. and global networks. Determine which routing daemons are running on each non-router system.ndpd The in.1 netmask ff000000 hme0: flags=1000843<UP. Which options are running with each routing daemon.IPv4> mtu 8232 index 1 inet 127.IPv6> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 hme0:1: flags=2080841<UP.RUNNING.MULTICAST.MULTICAST.LOOPBACK.--.

This example shows how to configure IPMP on an existing IPv6-configured hme0 interface and on an existing. Sun Services. but unconfigured. but it has a significantly different configuration procedure. View the interface configuration. 8. Inc. 3. 4. Configure a test address for the hme0 interface. 7. Confirm that the system recognizes unique MAC addresses. Observe the IPMP failover. IPv6 multipathing is similar in operation to the multipathing operation in IPv4. Revision A. 5. 6.Configuring IPv6 Multipathing Configuring IPv6 Multipathing You can configure IPv6 multipathing either from the command line or by editing a file to cause multipathing to be configured at boot time.1 . 8-58 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. 2. To configure IPMP at the command-line prompt by using the ifconfig command. which are described in greater detail in the next sections: 1. Verify the Solaris OS release. Configure the hme0 interface as part of a multipath group. complete the following steps. in which the multipath group is called mpgrp6-one. All Rights Reserved. Configuring IPMP Manually You can configure a production server for IPv6 IPMP without rebooting if your system was configured previously to support local MAC addresses. Configure a test address for the qfe1 interface. qfe1 interface. Configure the qfe1 interface as part of the hme0 interface multipath group.

Configuring IPv6 Multipathing View your system’s interface configuration to have a baseline before you make any changes to the system.MULTICAST. so that you know the state of the system if you need to restore the system for any reason.IPv6> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841<UP.ADDRCONF. VIRTUAL> mtu 8232 index 1 inet 127.RUNNING. All Rights Reserved.255 ether 8:0:20:c1:4b:44 lo0: flags=2000849<UP. Inc. Use is subject to license terms.0. All Rights Reserved. Perform the command: # ifconfig -a lo0: flags=1000849<UP. Sun Services.IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP.RUNNING.MULTICAST.1 netmask ff000000 hme0: flags=1000843<UP.IPv4> mtu 1500 index 2 inet 192.0.168.BROADCAST.IPv6> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 hme0:1: flags=2080841<UP.MULTICAST.1. Revision A.168.1 8-59 .MULTICAST.RUNNING. Inc. The following system meets the minimum requirements: # cat /etc/release Solaris 8 10/00 s28s_u2wos_11b SPARC Copyright 2000 Sun Microsystems.IPv4. Inc.LOOPBACK.LOOPBACK.RUNNING.MULTICAST.RUNNING.3 netmask ffffff00 broadcast 192.1.ADDRCONF. Assembled 09 September 2004 # Configuring IPv6 Copyright 2005 Sun Microsystems.MULTICAST.RUNNING. Assembled 31 August 2000 # The following system exceeds the minimum requirements: # cat /etc/release Solaris 10 s10_67 SPARC Copyright 2004 Sun Microsystems.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 # Verifying the Solaris OS Release The /etc/release file contains information about the installed version of the Solaris OS. All Rights Reserved.

of which the hme0 interface will be a part: # ifconfig hme0 group mpgrp6-one # Dec 19 12:49:04 sys13 in. 8-60 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. mpgrp6-one. use the eeprom command to view the contents of the EEPROM: # eeprom local-mac-address? local-mac-address?=false # The preceding output indicates that the system is still in its default mode and uses the same MAC address for each interface.mpathd[309]: Failures cannot be detected on hme0 as no IFF_NOFAILOVER address is available Note – You only see this and subsequent failure messages if you are viewing the console. specify the name of the group.1 . Sun Services. This is indicated by the setting of the local-mac-address? variable to false. You can also set the EEPROM’s local-mac-address? variable from the OpenBoot PROM.Configuring IPv6 Multipathing Configuring Unique MAC Addresses To determine if unique MAC addresses are enabled. Revision A. # eeprom local-mac-address?=true # Verify that the EEPROM’s local-mac-address? variable is set to true: # eeprom local-mac-address? local-mac-address?=true # Note – You must reboot the system for EEPROM changes to take place. All Rights Reserved. Inc. Configuring the hme0 Interface as Part of a Multipath Group To configure the hme0 interface as part of a multipath group. You now use the eeprom command to change the EEPROM’s local-mac-address? variable to true.

MULTICAST.LOOPBACK. Inc.255 groupname mpgrp6-one ether 8:0:20:c1:4b:44 lo0: flags=2002000849<UP.IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP. When you configure the address. Enter the following: # ifconfig hme0 inet6 -failover # Configuring IPv6 Copyright 2005 Sun Microsystems. All Rights Reserved. Revision A.RUNNING.1.MULTICAST.LOOPBACK.MULTICAST.RUNNING. mark it so that the in.RUNNING.3 netmask ffffff00 broadcast 192.168. you configure a test address for the hme0 interface.0. you use the link-local address.ADDRCONF.IPv6> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 groupname mpgrp6-one hme0:1: flags=2080841<UP.MULTICAST.1 netmask ff000000 hme0: flags=1000843<UP.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841<UP.IPv4> mtu 1500 index 2 inet 192.ADDRCONF. To configure an IPv6 test address.1 8-61 .168.RUNNING. Sun Services.Configuring IPv6 Multipathing You can ignore the preceding message because the interface is still being configured.VIRTUAL> mtu 8232 index 1 inet 127.MULTICAST.MULTICAST.RUNNING.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 # Observe the additional information in the preceding ifconfig output for the inet6 hme0 interface output that indicates the new multipath group information: groupname mpgrp6-one Configuring a Test Address for the hme0 Interface Next.IPv6.BROADCAST.IPv4.RUNNING.1.0. View the changes to the interface: # ifconfig -a lo0: flags=2001000849<UP.mpathd daemon recognizes it as a test address that must not fail over (-failover).

MULTICAST.BROADCAST.MULTICAST.3 netmask ffffff00 broadcast 192.255 groupname mpgrp6-one ether 8:0:20:c1:4b:44 lo0: flags=2002000849<UP.RUNNING.NOFAILOVER> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 groupname mpgrp6-one hme0:1: flags=2080841<UP.0.RUNNING. Inc.RUNNING.IPv6.RUNNING.IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP.ADDRCONF.1. use the ifconfig command: # ifconfig -a lo0: flags=2001000849<UP.MULTICAST. Sun Services.Configuring IPv6 Multipathing To view the changes to the interface.RUNNING. Revision A.MULTICAST. You do not need to mark IPv6 test addresses as deprecated.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 # Observe the additional information that is reported by the preceding ifconfig command for the hme0 interface: hme0: flags=a000841<UP.NOFAILOVER> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 groupname mpgrp6-one This information includes the following: q The NOFAILOVER flag indicates that the interface must not be used as a failover interface if another interface in the group fails.RUNNING.0.IPv4.1.ADDRCONF.MULTICAST.168.IPv4> mtu 1500 index 2 inet 192.MULTICAST. 8-62 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.RUNNING. All Rights Reserved.mpathd daemon to ensure that communications are functioning as expected.1 . q Be aware that the logical interface cannot function if the physical interface fails.168.LOOPBACK. The RUNNING flag is monitored by the in.LOOPBACK.IPv6.MULTICAST.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=a000841<UP.IPv6.1 netmask ff000000 hme0: flags=1000843<UP.VIRTUAL> mtu 8232 index 1 inet 127.

IPv4.IPv4> mtu 1500 index 3 inet 192.0.RUNNING.MULTICAST.MULTICAST.RUNNING.IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP.ADDRCONF. Type the following: # ifconfig qfe1 inet6 plumb up To view the changes to the interface. and broadcast addresses.RUNNING. Sun Services.IPv6.RUNNING.MULTICAST.LOOPBACK.168.MULTICAST.RUNNING.RUNNING.RUNNING. use the ifconfig command: # ifconfig -a lo0: flags=2001000849<UP.ADDRCONF.MULTICAST.0. Type the following: # ifconfig qfe1 plumb 192.IPv4> mtu 1500 index 2 inet 192.IPv6> mtu 1500 index 3 ether 8:0:20:b7:4e:5d inet6 fe80::a00:20ff:feb7:4e5d/10 groupname mpgrp6-one qfe1:1: flags=2080841<UP.NOFAILOVER> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 groupname mpgrp6-one hme0:1: flags=2080841<UP.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=a000841<UP.Configuring IPv6 Multipathing Configuring the qfe1 Interface as Part of the hme0 Interface Multipath Group Half of the interface configuration is complete.BROADCAST.MULTICAST.ADDRCONF. you configure the qfe1 interface with IPv4.255 groupname mpgrp6-one ether 8:0:20:c1:4b:44 qfe1: flags=1000843<UP.IPv6> mtu 1500 index 3 inet6 fec0::1:a00:20ff:feb7:4e5d/64 # Configuring IPv6 Copyright 2005 Sun Microsystems.RUNNING. Inc. Now.168. Revision A.IPv6> mtu 1500 index 3 inet6 2000::1:a00:20ff:feb7:4e5d/64 qfe1:2: flags=2080841<UP.MULTICAST.255 groupname mpgrp6-one ether 8:0:20:b7:4e:5d lo0: flags=2002000849<UP.RUNNING.168.168.VIRTUAL> mtu 8232 index 1 inet 127.1.200 netmask + broadcast + group \ > mpgrp6-one up # Configure the new interface to also support IPv6. All Rights Reserved.MULTICAST.1.1.3 netmask ffffff00 broadcast 192.MULTICAST. You do not need to assign the interface to group because the IPv6 interface assumes the same group membership as the IPv4 interface.168.RUNNING. You must also configure it as part of the same IPMP group as the hme0 interface.200 netmask ffffff00 broadcast 192.1.ADDRCONF.IPv6.MULTICAST.1 8-63 .LOOPBACK.1 netmask ff000000 hme0: flags=1000843<UP. netmask.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 qfe1: flags=2000841<UP.BROADCAST.1.

and 3 for qfe1. Configuring an IPv6 Test Address for the qfe1 Interface Now you configure an IPv6 test address for the qfe1 interface.RUNNING.MULTICAST. When you configure the address. mark it so that the in.Configuring IPv6 Multipathing Observe the additional information that is reported by the preceding ifconfig command for the qfe1 interface: qfe1: flags=2000841<UP.mpathd[309]: Failure detection restored on qfe1 as an IFF_NOFAILOVER address is available 8-64 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. 2 for hme0.1 .IPv6> mtu 1500 index 3 ether 8:0:20:b7:4e:5d inet6 fe80::a00:20ff:feb7:4e5d/10 groupname mpgrp6-one The interface index number is incremented to 3 because every physical interface obtains its own index number (which is identical for a physical interface’s different virtual interfaces): 1 for lo0.mpathd daemon recognizes it as a test address that must not be used as a failover interface (-failover) if another interface in the group fails. All Rights Reserved. Sun Services. Revision A. Inc. Perform the command: # ifconfig qfe1 inet6 -failover # Dec 19 14:47:47 sys13 in.

IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP.MULTICAST.RUNNING. All Rights Reserved.NOFAILOVER> mtu 1500 index 3 ether 8:0:20:b7:4e:5d inet6 fe80::a00:20ff:feb7:4e5d/10 groupname mpgrp6-one qfe1:1: flags=2080841<UP. Sun Services.RUNNING.RUNNING.168.RUNNING.168.IPv6.MULTICAST. Revision A.MULTICAST.0.1.MULTICAST.200 netmask ffffff00 broadcast 192.IPv6> mtu 1500 index 3 inet6 fec0::1:a00:20ff:feb7:4e5d/64 # Configuring IPv6 Copyright 2005 Sun Microsystems.1.MULTICAST.IPv6. use the ifconfig command: # ifconfig -a lo0: flags=2001000849<UP.RUNNING.ADDRCONF.ADDRCONF.LOOPBACK.RUNNING.3 netmask ffffff00 broadcast 192.RUNNING.1 8-65 .MULTICAST.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 qfe1: flags=a000841<UP.RUNNING.LOOPBACK.MULTICAST.ADDRCONF.1.1.MULTICAST.1 netmask ff000000 hme0: flags=1000843<UP.MULTICAST.255 groupname mpgrp6-one ether 8:0:20:b7:4e:5d lo0: flags=2002000849<UP.IPv6. Inc.RUNNING.Configuring IPv6 Multipathing To view the changes to the interface.BROADCAST.255 groupname mpgrp6-one ether 8:0:20:c1:4b:44 qfe1: flags=1000843<UP.BROADCAST.VIRTUAL> mtu 8232 index 1 inet 127.ADDRCONF.168.RUNNING.IPv4> mtu 1500 index 2 inet 192.0.IPv4.IPv6> mtu 1500 index 3 inet6 2000::1:a00:20ff:feb7:4e5d/64 qfe1:2: flags=2080841<UP.IPv4> mtu 1500 index 3 inet 192.NOFAILOVER> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 groupname mpgrp6-one hme0:1: flags=2080841<UP.168.MULTICAST.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=a000841<UP.

Revision A. The contents of this file are: # cat /etc/default/mpathd # #pragma ident "@(#)mpathd. use the following command as the root user: # /sbin/in. The minimum time # that can be specified is 100 ms.mpathd daemon is controlled by the TRACK_INTERFACES_ONLY_WITH_GROUPS parameter in the /etc/default/mpathd file. Sun Services.dfl 1.1 . the ifconfig command’s group option starts the in.2 00/07/17 SMI" # # Time taken by mpathd to detect a NIC failure in ms. If you need to start the in. then the /lib/svc/method/net-init SMF method starts the in. Turn off this option to track all network interfaces # on the system # TRACK_INTERFACES_ONLY_WITH_GROUPS=yes # If the TRACK_INTERFACES_ONLY_WITH_GROUPS variable is set to yes. # FAILURE_DETECTION_TIME=10000 # # Failback is enabled by default. Inc. To disable failback turn off this option # FAILBACK=yes # # By default only interfaces configured as part of multipathing groups # are tracked.mpathd Daemon to Monitor the Interfaces The start process of the in.mpathd # 8-66 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.mpathd daemon automatically. All Rights Reserved. If the TRACK_INTERFACES_ONLY_WITH_GROUPS variable is set to no.mpathd daemon at boot time.mpathd daemon from the command line.Configuring IPv6 Multipathing Starting the in.

Configuring IPv6 Copyright 2005 Sun Microsystems.ADDRCONF.BROADCAST.255 groupname mpgrp6-one ether 8:0:20:c1:4b:44 qfe1: flags=1000843<UP.255 groupname mpgrp6-one ether 8:0:20:b7:4e:5d lo0: flags=2002000849<UP.MULTICAST.200 netmask ffffff00 broadcast 192.0.IPv6. Sun Services.MULTICAST.IPv6> mtu 1500 index 3 inet6 2000::1:a00:20ff:feb7:4e5d/64 qfe1:2: flags=2080841<UP.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=a000841<UP.1 8-67 .MULTICAST.IPv6> mtu 1500 index 3 inet6 fec0::1:a00:20ff:feb7:4e5d/64 # The system now remains available to users even if either of the multipath network interfaces fail or become unusable for any reason.168.168.BROADCAST.ADDRCONF.IPv6.MULTICAST.MULTICAST. use the ifconfig command: # ifconfig -a lo0: flags=2001000849<UP. now that multipathing is completely configured.168.1.RUNNING. Revision A.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 qfe1: flags=a000841<UP.VIRTUAL> mtu 8232 index 1 inet 127.NOFAILOVER> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 groupname mpgrp6-one hme0:1: flags=2080841<UP. Inc. All Rights Reserved.IPv6.LOOPBACK.0.1.RUNNING.168.MULTICAST.MULTICAST.RUNNING.IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP.IPv4> mtu 1500 index 2 inet 192.RUNNING.RUNNING.MULTICAST.RUNNING.RUNNING.1.MULTICAST.RUNNING.IPv4.MULTICAST.ADDRCONF.RUNNING.1.1 netmask ff000000 hme0: flags=1000843<UP.NOFAILOVER> mtu 1500 index 3 ether 8:0:20:b7:4e:5d inet6 fe80::a00:20ff:feb7:4e5d/10 groupname mpgrp6-one qfe1:1: flags=2080841<UP.ADDRCONF.Configuring IPv6 Multipathing Viewing the Interface Configuration To view the configuration of the interfaces.3 netmask ffffff00 broadcast 192.LOOPBACK.IPv4> mtu 1500 index 3 inet 192.RUNNING.

1. but unconfigured.LOOPBACK.LOOPBACK.BROADCAST.MULTICAST.1. All Rights Reserved. so that you know the state of the system if you need to restore the system for any reason. Configure unique MAC addresses. which are described in greater detail in the next sections.0. qfe1 interface on the sys13 (192.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841<UP.MULTICAST.RUNNING. complete the following steps.RUNNING.255 ether 8:0:20:c1:4b:44 lo0: flags=2002000849<UP. 6.RUNNING.3) system.IPv6. Inc. Verify the Solaris OS release. 2.168.1 netmask ff000000 hme0: flags=1000843<UP. To configure IPMP.168.1.RUNNING. View your system’s interface configuration to have a baseline before you make any changes to the system.IPv6> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 # 8-68 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.MULTICAST. # ifconfig -a lo0: flags=2001000849<UP. 5. 3.3 netmask ffffff00 broadcast 192. Sun Services. Configure the interfaces. 4.1. Revision A.IPv4.Configuring IPv6 Multipathing Configuring IPMP at Boot Time This example shows IPMP configuration on an existing IPv6-configured hme0 interface and on an existing.MULTICAST.1 . The multipath group is called mpgrp6-one. Observe the IPMP failover.IPv4> mtu 1500 index 2 inet 192.0.168.VIRTUAL> mtu 8232 index 1 inet 127. View the interface configuration. Reboot the system.

Inc. Assembled 31 August 2000 # The following system exceeds the minimum requirements: # cat /etc/release Solaris 10 s10_67 SPARC Copyright 2004 Sun Microsystems. Use is subject to license terms.1 8-69 .Configuring IPv6 Multipathing Verifying the Solaris OS Release The /etc/release file contains information about the installed version of the Solaris OS. Sun Services. All Rights Reserved. Inc. All Rights Reserved. All Rights Reserved. Assembled 09 September 2004 # Configuring IPv6 Copyright 2005 Sun Microsystems. Inc. The following system meets the minimum requirements: # cat /etc/release Solaris 8 10/00 s28s_u2wos_11b SPARC Copyright 2000 Sun Microsystems. Revision A.

# eeprom local-mac-address?=true # Verify that the EEPROM’s local-mac-address? variable is set to true: # eeprom local-mac-address? local-mac-address?=true # Note – You must reboot the system for EEPROM changes to take place. 8-70 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. You now use the eeprom command to change the EEPROM’s local-mac-address? variable to true.Configuring IPv6 Multipathing Configuring Unique MAC Addresses Before attempting to configure MAC addresses. use the eeprom command to view the current value of the local-mac-address? variable: # eeprom local-mac-address? local-mac-address?=false # The preceding output indicates that the system is still in its default mode and uses the same MAC address for each interface. determine if the code in your system’s EEPROM supports unique MAC addresses. You can also set the EEPROM’s local-mac-address? variable from the OpenBoot PROM level. To determine if unique MAC addresses are permitted. Inc. Sun Services. Revision A. All Rights Reserved.1 .

qfe1 file to contain contents similar to the following: # cat /etc/hostname6. group mpgrp6-one up Configure the /etc/hostname. Create the /etc/hostname. Assigns mpgrp6-one as the name for an IPMP group.qfe1 192.qfe1 -failover group mpgrp6-one up # Configuring IPv6 Copyright 2005 Sun Microsystems. Modify the /etc/hostname6.qfe1 files.200 # Create the /etc/hostname6. Inc.hme0 and /etc/hostname6. Marks the interface as a non-failover interface.168.Configuring IPv6 Multipathing Configuring the Interfaces Multipath information is placed in the /etc/hostname6.qfe1 file to contain contents similar to the following: # cat /etc/hostname. Marks the interface as up.1. Interfaces that are marked in this way do not fail over to another physical interface in the multipath group in a failover scenario. and initializes the hardware.hme0 -failover group mpgrp6-one up # where: hme0 hostname6 -failover Assigns an interface.qfe1 file to permit the IPv4 stack to be configured on the qfe1 interface at boot time. Forces the ifconfig command to configure the interface as an IPv6 interface.hme0 file to contain contents similar to the following: # cat /etc/hostname6. All Rights Reserved. Sun Services. Revision A.1 8-71 .

0.168.RUNNING. Inc.VIRTUAL> mtu 8232 index 1 inet 127.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 qfe1: flags=a000841<UP.200 netmask ffffff00 broadcast 192.MULTICAST.MULTICAST.RUNNING.1.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=a000841<UP.LOOPBACK. Sun Services. even if either of the multipath network interfaces fail or become unusable for any reason.168.RUNNING.IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP.MULTICAST.IPv4> mtu 1500 index 2 inet 192.IPv4> mtu 1500 index 3 inet 192. Revision A.BROADCAST. # init 6 # Viewing the Interface Configuration To view the configuration of the interfaces when the system is booted.IPv6> mtu 1500 index 3 inet6 fec0::1:a00:20ff:feb7:4e5d/64 # The system remains available to users.RUNNING.MULTICAST.MULTICAST.MULTICAST.1.1 .ADDRCONF.MULTICAST.RUNNING.IPv6.3 netmask ffffff00 broadcast 192.IPv6.ADDRCONF.ADDRCONF.RUNNING.1 netmask ff000000 hme0: flags=1000843<UP.LOOPBACK.IPv4. use the ifconfig command: # ifconfig -a lo0: flags=2001000849<UP.1.168.1.RUNNING.MULTICAST.MULTICAST.MULTICAST.NOFAILOVER> mtu 1500 index 3 ether 8:0:20:b7:4e:5d inet6 fe80::a00:20ff:feb7:4e5d/10 groupname mpgrp6-one qfe1:1: flags=2080841<UP.255 groupname mpgrp6-one ether 8:0:20:b7:4e:5d lo0: flags=2002000849<UP.RUNNING.0.IPv6.RUNNING.IPv6> mtu 1500 index 3 inet6 2000::1:a00:20ff:feb7:4e5d/64 qfe1:2: flags=2080841<UP.ADDRCONF.RUNNING.NOFAILOVER> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 groupname mpgrp6-one hme0:1: flags=2080841<UP.Configuring IPv6 Multipathing Rebooting the System Reboot system to enable IPMP. All Rights Reserved.168.BROADCAST.255 groupname mpgrp6-one ether 8:0:20:c1:4b:44 qfe1: flags=1000843<UP. 8-72 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

RUNNING.1. This enables you to monitor the status of the interface by using IPMP and to receive notifications about the interface’s status.Configuring IPv6 Multipathing Configure a Singleton IPMP Group in IPv6 It is possible to configure an IPMP group that contains only one IPv6-enabled interface.IPv4.LOOPBACK.MULTICAST.168.0. Revision A. and so are always associated with the monitored interface.ADDRCONF.1 netmask ffffff00 broadcast 192.RUNNING.RUNNING. ensure that the interface configuration file contains the group option and the IPMP group name: # cat /etc/hostname6. Inc.MULTICAST.RUNNING. you should also set the NOFAILOVER flag on the link local by using the -failover option.168. Configuring a Singleton IPMP Group in IPv6 at System Boot To create a singleton IPMP group at system boot.1 8-73 . Sun Services.1 netmask ff000000 hme0 flags=1000843<UP.hme0 group singleton# Configuring IPv6 Copyright 2005 Sun Microsystems.MULTICAST. assign a multipath group name to the interface: # ifconfig hme0 inet6 group singleton # ifconfig -a lo0: flags=2001000849<UP.MULTICAST. With a single interface in the group.IPv4> mtu 1500 index 2 inet 192.ADDRCONF.IPv6> mtu 1500 index 2 inet6 fec0::1:a00:20ff:fec1:4b44/64 # If the single interface will be included in an IPMP group with multiple interfaces in the future.1. although it is not possible to fail the IPv6 addresses over on to another network interface. Configuring a Singleton IPMP Group in IPv6 on the Command Line To create a singleton IPMP group.255 groupname singleton ether 8:0:20:b9:72:23 hme0: flags=2000841<UP.IPv6> mtu 1500 index 2 ether 8:0:20:c1:4b:44 inet6 fe80::a00:20ff:fec1:4b44/10 groupname singleton hme0:1: flags=2080841<UP. All Rights Reserved. data addresses can never move to a different interface.RUNNING.IPv6> mtu 1500 index 2 inet6 2000::1:a00:20ff:fec1:4b44/64 hme0:2: flags=2080841<UP.VIRTUAL> mtu8232 index 1 inet 128.MULTICAST.0.BROADCAST.

You can use any name that you choose for your multipath group. you configure IPv6 multipathing on two interfaces on your systems. you configure IPv6 multipathing. All Rights Reserved. Working on Any System In this section of the exercise.Exercise 2: Configuring IPv6 Multipathing Exercise 2: Configuring IPv6 Multipathing In this exercise. 1. Refer to the lecture notes as necessary to perform the tasks listed. your system runs at half of its potential capacity in the event of a network failure on any of the two NICs. Write the command that you use: _____________________________________________________________ 2. Verify that your operating system release can support multipathing. Write the command that you use: _____________________________________________________________ 8-74 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. so that you know the state of the system if you need to restore the system for any reason. Inc. Tasks Complete the following steps. View your system’s interface configuration to have a baseline before you make any changes to the system. Preparation Unplumb any secondary interfaces that might be configured before beginning this exercise. Sun Services. You use both interfaces for regular network traffic. Revision A.1 . That is.

Write the command that you use: _____________________________________________________________ 8. Write the command that you use: _____________________________________________________________ What command do you use to cause your system to use unique MAC addresses? _____________________________________________________________ Note – You must reboot the system for EEPROM changes to take place. Check your system for interfaces. Use the ifconfig command to verify that the interfaces were configured as expected. Configuring IPv6 Copyright 2005 Sun Microsystems. Use the ifconfig command to verify that the interfaces were configured as expected. as described in the preparation section at the beginning of this exercise. Write the name that you are going to assign to your multipath group: _____________________________________________________________ 4. Configure your first interface as part of the multipath group that you will use. 7. bring down and unplumb any secondary interfaces that might be configured.1 8-75 . Inc. Revision A. Write the command that you use: _____________________________________________________________ 6. Configure a test address for your system’s first multipath interface.Exercise 2: Configuring IPv6 Multipathing 3. and set the failover option appropriately for a multipathing test address. and decide which interfaces that you will use for multipathing. Caution – Before performing the next step. Complete the following fields: Multipath group name: _________________________ First interface: _______________________________ Second interface: _____________________________ IPv4 address for second interface: __________________ 5. Verify that your system is configured to use unique MAC addresses. Sun Services. All Rights Reserved.

Revision A. Sun Services.1 . 8-76 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Plug in the cable. set an appropriate failover option to cause it to function properly as a multipathing test address. Use the ping command to send an echo request every second from any other IPv6 system to a site-local address on your system. All Rights Reserved. 14. and assign it a status of up. Be sure to use the plumb option to enable the interface. While the ping command is running. Configure the IPv4 component of your system’s second interface. and notice that the output from the ping command continues without interruption when the interfaces fail back.Exercise 2: Configuring IPv6 Multipathing 9. Write the command that you use: _____________________________________________________________ 11. assign it to the multipath group. Verify that the multipathing daemon is running. Verify that the multipathing is working as expected. netmask. Be sure to use the plumb option to enable the interface. Inc. Write the command that you use: _____________________________________________________________ 10. 13. Use the ifconfig command to verify that the interfaces were configured as expected. Configure IPv6 on your system’s second multipathing interface. and assign it a status of up. and broadcast address. Assign an IP. simulate a network failure and disconnect the network interface cable connected to the interface that you are using the ping command to detect. 12.

issues. Revision A. q q q q ! ? Experiences Interpretations Conclusions Applications Configuring IPv6 Copyright 2005 Sun Microsystems. All Rights Reserved. Sun Services.1 8-77 . or discoveries you had during the lab exercise. Inc.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences.

VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841<UP.MULTICAST.1 netmask ff000000 hme0: flags=1000843<UP. You use both interfaces for standard network traffic.RUNNING. Inc.IPv6> mtu 1500 index 2 inet6 fec0::2:a00:20ff:feb8:30c8/64 # 8-78 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. you configure IPv6 multipathing on two interfaces on your systems. # ifconfig -a lo0: flags=2001000849<UP.MULTICAST.ADDRCONF. You can use any name that you choose for your multipath group. Your results will be different depending upon the system on which you are working.RUNNING.LOOPBACK.MULTICAST. Working on Any System In this section of the exercise. Task Solutions This section provides solutions to the exercise tasks.ADDRCONF. 1. Sun Services.0.255 ether 8:0:20:b8:30:c8 lo0: flags=2002000849<UP. That is.LOOPBACK. View your system’s interface configuration to have a baseline before you make any changes to the system. Revision A.BROADCAST.2. your system runs at half of its potential capacity in the event of a network failure on any of the two NICs. so that you know the state of the system if you need to restore the system for any reason.168.IPv6> mtu 1500 index 2 ether 8:0:20:b8:30:c8 inet6 fe80::a00:20ff:feb8:30c8/10 hme0:1: flags=2080841<UP.MULTICAST.3 netmask ffffff00 broadcast 192.0.2.IPv4> mtu 1500 index 2 inet 192. All Rights Reserved.RUNNING.168.MULTICAST.IPv4.VIRTUAL> mtu 8232 index 1 inet 127.Exercise 2 Solutions Exercise 2 Solutions The output in the following solution is specific to an individual system.RUNNING.RUNNING.MULTICAST.IPv6.1 .RUNNING.IPv6> mtu 1500 index 2 inet6 2000::2:a00:20ff:feb8:30c8/64 hme0:2: flags=2080841<UP.

IPv4> mtu 1500 index 2 inet 192. Assembled 12 January 2005 This system can support multipathing because it is more recent than the Solaris 8 10/00 OS. All Rights Reserved. # eeprom local-mac-address? local-mac-address?=true # This system assigns unique MAC addresses to each interface.BROADCAST.LOOPBACK.RUNNING.255 ether 8:0:20:b8:30:c8 lo0: flags=2002000849<UP. Verify that your system is configured to use unique MAC addresses.RUNNING. Verify that your operating system release can support multipathing.RUNNING. Write the name that you are going to assign to your multipath group: This solution uses a multipath group name of mp-demo.IPv6> mtu 1500 index 2 ether 8:0:20:b8:30:c8 Configuring IPv6 Copyright 2005 Sun Microsystems.168. and decide which interfaces that you will use for multipathing. Inc. Sun Services.1 8-79 .0.MULTICAST.MULTICAST.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841<UP.VIRTUAL> mtu 8232 index 1 inet 127.0. Revision A.IPv6.LOOPBACK.168.Exercise 2 Solutions 2. Use is subject to license terms.MULTICAST. Inc. # cat /etc/release Solaris 10 3/05 s10_74L2 SPARC Copyright 2005 Sun Microsystems. 4.1 netmask ff000000 hme0: flags=1000843<UP.3 netmask ffffff00 broadcast 192. All Rights Reserved. 3. Check your system for interfaces.IPv4.RUNNING. What command do you use to cause your system to use unique MAC addresses? # eeprom local-mac-address?=true # Note – You must reboot the system for EEPROM changes to take place.2.MULTICAST.2. Complete the following fields: Multipath group name: _________________________ First interface: _______________________________ Second interface: _____________________________ IPv4 address for second interface: __________________ # ifconfig -a lo0: flags=2001000849<UP.

ADDRCONF.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841<UP.168.1 .MULTICAST.RUNNING. q q q Multipath group name – mp-demo First interface – hme0 Second interface – qfe1 The IPv4 address used for the secondary will be the primary interface’s address plus 200.IPv6> mtu 1500 index 2 inet6 2000::2:a00:20ff:feb8:30c8/64 hme0:2: flags=2080841<UP.2.168.IPv6> mtu 1500 index 2 inet6 fec0::2:a00:20ff:feb8:30c8/64 # This solution demonstrates use of the hme0 and qfe1 interfaces. All Rights Reserved.RUNNING. # ifconfig hme0 inet6 group mp-demo # 6.MULTICAST.IPv6> mtu 1500 index 2 inet6 2000::2:a00:20ff:feb8:30c8/64 hme0:2: flags=2080841<UP.LOOPBACK.255 groupname mp-demo ether 8:0:20:b8:30:c8 lo0: flags=2002000849<UP.RUNNING. For example.203 for the secondary interface.MULTICAST. 5.168.Exercise 2 Solutions inet6 fe80::a00:20ff:feb8:30c8/10 hme0:1: flags=2080841<UP.MULTICAST. Configure a test address for your system’s first multipath interface.VIRTUAL> mtu 8232 index 1 inet 127.MULTICAST.2.IPv4> mtu 1500 index 2 inet 192.2.IPv6.IPv6> mtu 1500 index 2 ether 8:0:20:b8:30:c8 inet6 fe80::a00:20ff:feb8:30c8/10 groupname mp-demo hme0:1: flags=2080841<UP. Sun Services.RUNNING.ADDRCONF. Inc.RUNNING. 192.2.MULTICAST.RUNNING.168.RUNNING.LOOPBACK.IPv4.ADDRCONF.1 netmask ff000000 hme0: flags=1000843<UP. Observe that the IPv4 interface has also joined the multipath group.3 netmask ffffff00 broadcast 192.ADDRCONF. 7. # ifconfig hme0 inet6 -failover # 8-80 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.IPv6> mtu 1500 index 2 inet6 fec0::2:a00:20ff:feb8:30c8/64 # Use the ifconfig command to verify that the interfaces were configured as expected.BROADCAST.3 uses 192. The qfe1 interface is not configured for any network traffic at this stage.0. # ifconfig -a lo0: flags=2001000849<UP.MULTICAST. Revision A.0. and set the failover option appropriately for a multipathing test address.RUNNING.MULTICAST. Configure your first interface as part of the multipath group that you will use.

RUNNING.RUNNING.3 netmask ffffff00 broadcast 192. Write the command that you use: # ifconfig qfe1 plumb 192.255.MULTICAST. Be sure to use the plumb option to enable the interface.168.VIRTUAL> mtu 8232 index 1 inet 127.IPv4> mtu 1500 index 2 inet 192.255 ether 8:0:20:b8:30:c9 lo0: flags=2002000849<UP.168.0. Caution – Before performing the next step. 9. and broadcast address. Revision A.MULTICAST.MULTICAST.IPv6> mtu 1500 index 2 inet6 2000::2:a00:20ff:feb8:30c8/64 Configuring IPv6 Copyright 2005 Sun Microsystems.IPv6.3 netmask ffffff00 broadcast 192.2.203 netmask 255.BROADCAST.IPv4.BROADCAST.0.ADDRCONF.MULTICAST.RUNNING.2.IPv6> mtu 1500 index 2 inet6 2000::2:a00:20ff:feb8:30c8/64 hme0:2: flags=2080841<UP.VIRTUAL> mtu 8232 index 1 inet 127.168.MULTICAST.MULTICAST.RUNNING.IPv6.168.MULTICAST. Inc.0 + broadcast + up # ifconfig -a lo0: flags=2001000849<UP. All Rights Reserved.IPv4> mtu 1500 index 2 inet 192.LOOPBACK.LOOPBACK.MULTICAST.RUNNING. and assign it a status of up.203 netmask ffffff00 broadcast 192. Observe that only the IPv6 interface has a test address assigned to it. Sun Services.RUNNING.2.168.IPv6.ADDRCONF.ADDRCONF.IPv4.IPv4> mtu 1500 index 3 inet 192. as described in the preparation section at the beginning of this exercise.168.LOOPBACK.RUNNING.RUNNING. netmask.BROADCAST.2.RUNNING.2.MULTICAST.255.MULTICAST.RUNNING.1 8-81 .NOFAILOVER> mtu 1500 index 2 ether 8:0:20:b8:30:c8 inet6 fe80::a00:20ff:feb8:30c8/10 groupname mp-demo hme0:1: flags=2080841<UP.2.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=a000841<UP.IPv6> mtu 1500 index 2 inet6 fec0::2:a00:20ff:feb8:30c8/64 # Use the ifconfig command to verify that the interfaces were configured as expected.255 groupname mp-demo ether 8:0:20:b8:30:c8 lo0: flags=2002000849<UP. bring down and unplumb any secondary interfaces that might be configured.RUNNING.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=a000841<UP.RUNNING. Configure the IPv4 component of your system’s second interface.LOOPBACK.MULTICAST.1 netmask ff000000 hme0: flags=1000843<UP. Assign an IP.255 groupname mp-demo ether 8:0:20:b8:30:c8 qfe1: flags=1000843<UP.1 netmask ff000000 hme0: flags=1000843<UP.NOFAILOVER> mtu 1500 index 2 ether 8:0:20:b8:30:c8 inet6 fe80::a00:20ff:feb8:30c8/10 groupname mp-demo hme0:1: flags=2080841<UP.MULTICAST.IPv6.0.168. # ifconfig -a lo0: flags=2001000849<UP.0.Exercise 2 Solutions 8.2.

RUNNING.RUNNING. # ifconfig -a lo0: flags=2001000849<UP. Revision A.MULTICAST.MULTICAST.255 groupname mp-demo ether 8:0:20:b8:30:c8 qfe1: flags=1000843<UP.MULTICAST.NOFAILOVER> mtu 1500 index 3 ether 8:0:20:b8:30:c9 inet6 fe80::a00:20ff:feb8:30c9/10 groupname mp-demo qfe1:1: flags=2080841<UP.Exercise 2 Solutions hme0:2: flags=2080841<UP.LOOPBACK.2.MULTICAST.2.0.IPv6.1 .RUNNING.RUNNING.IPv6> mtu 1500 index 2 inet6 fec0::2:a00:20ff:feb8:30c8/64 10.ADDRCONF. Set an appropriate failover option to cause it to function properly as a multipathing test address and assign it a status of up.ADDRCONF.IPv6> mtu 1500 index 3 inet6 fec0::2:a00:20ff:feb8:30c9/64 # 8-82 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.MULTICAST.BROADCAST.MULTICAST.RUNNING.168.168.MULTICAST.MULTICAST.VIRTUAL> mtu 8232 index 1 inet 127.MULTICAST.ADDRCONF.RUNNING.168.2.RUNNING.RUNNING. Configure the new IPv6 multipathing interface to be part of the multipathing group.ADDRCONF.MULTICAST.MULTICAST.VIRTUAL> mtu 8252 index 1 inet6 ::1/128 hme0: flags=a000841<UP. Inc.3 netmask ffffff00 broadcast 192.BROADCAST.RUNNING. All Rights Reserved. Sun Services.RUNNING.IPv6> mtu 1500 index 2 inet6 fec0::2:a00:20ff:feb8:30c8/64 qfe1: flags=a000841<UP.168.LOOPBACK.255 groupname mp-demo ether 8:0:20:b8:30:c9 lo0: flags=2002000849<UP.IPv4.IPv6> mtu 1500 index 3 inet6 2000::2:a00:20ff:feb8:30c9/64 qfe1:2: flags=2080841<UP.IPv6.203 netmask ffffff00 broadcast 192.0.IPv4> mtu 1500 index 3 inet 192. # ifconfig qfe1 inet6 plumb group mp-demo -failover up # 11.RUNNING.ADDRCONF.1 netmask ff000000 hme0: flags=1000843<UP.IPv6.IPv6> mtu 1500 index 2 inet6 2000::2:a00:20ff:feb8:30c8/64 hme0:2: flags=2080841<UP.IPv4> mtu 1500 index 2 inet 192.NOFAILOVER> mtu 1500 index 2 ether 8:0:20:b8:30:c8 inet6 fe80::a00:20ff:feb8:30c8/10 groupname mp-demo hme0:1: flags=2080841<UP. Use the ifconfig command to verify that the interfaces were configured as expected.2.

1 8-83 . time=0. Configuring IPv6 Copyright 2005 Sun Microsystems. time=0. time=0. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=3. the multipathing process is running as expected. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=20. Inc. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=2. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=19. While the ping command is running. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=1. # ping -s fec0::2:a00:20ff:feb8:30c8 PING fec0::2:a00:20ff:feb8:30c8: 56 data bytes 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=0. as can be seen by looking at the ICMP sequence numbers. 14. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=14. ms <Control>-C # Notice how nine seconds worth of data from the ping command was lost. time=0. time=0. 13. time=0. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=16. Verify that the multipathing daemon is running. Use the ping command to send an echo request every second from any other IPv6 system to a site-local address on your system. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=18. and disconnect the network interface cable connected to the interface that you are using the ping command to detect. All Rights Reserved. time=1. time=0.Exercise 2 Solutions 12. # ps -ef|grep mpath root 480 273 root 457 1 # 0 12:34:29 console 0 11:46:17 ? 0:00 grep mpath 0:00 # /usr/lib/inet/in. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=15. and notice that the output from the ping command continues without interruption when the interfaces fail back.mpathd Yes. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=4. time=0. time=0. Verify that the multipathing is working as expected. simulate a network failure. time=0. time=0. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=17. time=0. Plug in the cable. Revision A. Sun Services. ms 64 bytes from fec0::2:a00:20ff:feb8:30c8: icmp_seq=5.

.

Upon completion of this module you should be able to: q q q q Describe Transport layer fundamentals Describe UDP Describe TCP Describe TCP flow control The course map in Figure 9-1 shows how this module fits into the current instructional goal. In addition. Inc. Configuring the Network Configuring IP Network Multipathing Configuring IP Configuring Routing Configuring IPv6 Describing the Transport Layer Figure 9-1 Course Map 9-1 Copyright 2005 Sun Microsystems. including the different characteristics of UDP and TCP.1 . this module explains TCP flow control. Sun Services. Revision A. All Rights Reserved.Module 9 Describing the Transport Layer Objectives This module describes Transport layer fundamentals.

Figure 9-2 shows the position of the Transport layer in the TCP/IP network model. This process is known as end-to-end communication. TCP and UDP. 9-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. To understand the differences between TCP and UDP. are provided by a kernel-loadable module. All Rights Reserved.1 . Revision A. Inc. TCP/IP Layers Application Layer Transport Layer Internet Layer Network Interface Layer Hardware Layer Figure 9-2 Position of the Transport Layer in the TCP/IP Network Model Protocol Characteristics There are two main protocols that operate at the Transport layer. The Transport layer provides a transport service for application data. TCP and UDP. The two protocols associated with the Transport layer.Introducing Transport Layer Fundamentals Introducing Transport Layer Fundamentals The Transport layer transports data to and from the correct application. Application designers decide which transport protocol to use for their application. you must be familiar with the different characteristics of network protocols. Sun Services.

Revision A.1 9-3 .Introducing Transport Layer Fundamentals Connection-Oriented Protocols With connection-oriented protocols. Figure 9-3 illustrates how a connection-oriented protocol could work. Inc.  Figure 9-3 Connection-Oriented Protocol Logical Connection This method of connection: q q Is highly reliable because of acknowledgements Requires more computational processing than connectionless protocols Has more overhead because of connection establishment and termination q Describing the Transport Layer Copyright 2005 Sun Microsystems. you must establish a logical connection with the communication partner before exchanging data. All Rights Reserved. Sun Services.

This method is also suited to protocols that use a broadcast approach to transmit information. and therefore is best suited for use in highly reliable networks.Introducing Transport Layer Fundamentals Connectionless Protocols Figure 9-4 illustrates how a connectionless protocol could work. Inc. Revision A. This method also requires lower overhead because it has no connection and no setup requirements. Mail Figure 9-4 Connectionless Protocol With connectionless protocols. All Rights Reserved.1 . This avoids the protocol having to wait for multiple acknowledgements and having to know how many acknowledgements to expect. Sun Services. Self-contained messages: q q Include the full message Do not require any response The connectionless protocol method has virtually no reliability features. 9-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. establishing a connection before sending data is not necessary. Connectionless protocols transmit self-contained messages.

Sun Services. Figure 9-5 illustrates how interaction in a stateful protocol could work. Revision A. Both systems keep track of the state of the communication session.1 9-5 . A stateless protocol does not support most reliability features. All Rights Reserved. data that is sent can be lost or delivered out-of-sequence. Describing the Transport Layer Copyright 2005 Sun Microsystems. Connectionless protocols are typically stateless. Client Figure 9-6 Server Stateless Protocol The advantages of a stateless protocol are that it has lower overheads and it has a degree of isolation between the client and the server. therefore. Figure 9-6 illustrates how interaction in a stateless protocol could work. Inc. Client Server Figure 9-5 Stateful Protocol Stateless Protocols A stateless protocol is a protocol in which neither the client nor the server system has an obligation to keep track of the state of the communication session.Introducing Transport Layer Fundamentals Stateful Protocols A stateful protocol is a protocol in which part of the data that is exchanged between the client and the server systems includes state information.

The sender retransmits. Sun Services.1 . All Rights Reserved. Figure 9-7 shows how a reliable protocol could work. Inc. Sender Receiver Time Send Packet 1 1 Receive Packet 1 Send Acknowledgement (ACK) 2 Receive ACK Send Packet 2 3 Receive Packet 2 Send ACK 4 Receive ACK Send Packet 3 5 Packet Lost Timeout Resend Packet 3 6 7 Receive Packet 3 Figure 9-7 Reliable Protocol 9-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Introducing Transport Layer Fundamentals Reliable Protocols A reliable protocol requires that each transmission is acknowledged by the receiving host. Revision A. if necessary.

Inc.1 9-7 . Sun Services. All Rights Reserved.Introducing Transport Layer Fundamentals Unreliable Protocols An unreliable protocol does not require that each transmission is acknowledged by the receiving host. Revision A. Figure 9-8 shows how an unreliable protocol could work. Sender Receiver Time 1 Send Packet 1 2 Send Packet 2 3 Send Packet 3 Packet Lost 4 Send Packet 4 Figure 9-8 Unreliable Protocol Describing the Transport Layer Copyright 2005 Sun Microsystems.

Revision A. Figure 9-9 shows an analogy that compares TCP and UDP. and can regulate the flow of information. Inc. Sun Services. and flow regulation depends on which protocol is used. can handle recovery problems.2 Uncertified Figure 9-9 TCP and UDP Analogy 9-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. The TCP/IP protocol stack features two Transport layer protocols. 6+2 Certified 7. All Rights Reserved.1 . The way in which the Transport layer handles error detection. TCP and UDP. the Transport layer handles error detection. In addition.Introducing Transport Layer Fundamentals Transport Protocols in TCP/IP The Transport layer header includes a destination port number that identifies the destination application program on the remote machine and a source port number that identifies the application on the originating machine. the sequence of data.

or delivered out-of-order. UDP is also used by Application layer protocols that transmit information by broadcast mechanisms. UDP does not require that the receiving host acknowledge transmissions. Purpose of UDP UDP gives an application direct access to the Internet layer and includes the source and the destination port numbers. and unreliable protocol. Sun Services. UDP has low overhead. All Rights Reserved.1 9-9 . and flow control. UDP Datagram Header UDP receives incoming data from the application and encapsulates the data in UDP datagrams. duplicated. UDP datagrams have a leading header section. sequencing. shown in Figure 9-10. followed by the data section. UDP packets can be lost. Revision A. Large UDP datagrams can be fragmented by IP. UDP datagrams are sent to the Internet layer for encapsulation and delivery. Inc. and it is designed for high-speed applications that run on reliable networks.Introducing UDP Introducing UDP UDP is a connectionless. that contains the source and destination port numbers. The application program that uses UDP is responsible for reliability. stateless. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Type Source Port Length Destination Port Checksum Figure 9-10 UDP Header Describing the Transport Layer Copyright 2005 Sun Microsystems. if required. UDP is designed for applications that do not require a reliable Transport layer mechanism.

TCP is suited for situations where large volumes of data must travel between systems. Sun Services. All Rights Reserved. and reliable protocol. stateful. 9-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Introducing TCP Introducing TCP TCP is a connection-oriented.1 . Inc. Figure 9-11 shows the segment header with its fields. Revision A. Figure 9-11 TCP Segment Header Notice that the segment header includes sequence and acknowledgment numbers that are used for connection-oriented and stateful connections. Refer to RFC 793 and RFC 3168 for additional information. particularly across multiple routers and gateways. TCP has four main features: q q q q Virtual circuit connection Full-duplex connection Unstructured stream orientation Buffered transfer TCP Segment Header The TCP segment header has many fields.

1 9-11 . and a data section. The content in the data section is not read or translated by TCP.Introducing TCP Virtual Circuit Connection TCP must establish a connection between the sender and receiver before the transmission can start. Sun Services. and it reduces network traffic. TCP segments have a leading header section that contains control information. All Rights Reserved. Describing the Transport Layer Copyright 2005 Sun Microsystems. Revision A. To ensure the efficient flow of data to and from the application. Data can flow fast or slow. TCP provides both input and output buffers to regulate the flow of data. Unstructured Stream Orientation Data originating from the Application layer flows to TCP as a stream of bytes. This stream of bytes is divided into packets called segments. source and destination port numbers. Buffered Transfer Data that comes from the application is a flowing stream. TCP then sends the segments to the Internet layer for encapsulation and delivery. The input and output buffers also enable the application to see TCP as a full-duplex connection. The TCP protocol software sends control information for one stream back to the source in the segments that carry data in the opposite direction. As seen previously. Inc. A full-duplex connection consists of two independent streams of data that flow in opposite directions. This is similar to making a phone call: the line must be established before you can begin to talk. This process is called piggybacking. Full-Duplex Connection TCP connections provide concurrent transfer in both directions.

Lost segments are detected if a transmission timeout occurs before an acknowledgement for the segment is received. TCP has sophisticated algorithms to optimize flow control on both the sender side and the receiver side. Each TCP segment from the receiving side carries an acknowledgement and a window advertisement. The size contained in the window advertisements varies over time. Revision A. Receiver-Side Window Advertisements A TCP window advertisement determines the maximum amount of data that can be sent before the sender must wait for an acknowledgement from the receiver. 9-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. it is considered a sliding window. Depending upon the severity of the congestion. The congestion-avoidance algorithm slowly increases the window’s size by increasing it only one segment at a time for each successful transmission. By advertising its window size. Each acknowledgement specifies that a particular segment was received. TCP maintains a congestion window on the sending side. As acknowledgements begin to be received.1 . TCP can use either a slow-start or congestion-avoidance algorithm to begin to increase the size of the congestion window. therefore. Sun Services. TCP doubles the size of the congestion window. TCP reduces the congestion window size by one-half. Inc. The algorithm that implements flow control on both the sender side and the receiver side follows what is known as the sliding window principle. If congestion is detected. If congestion continues. and each window advertisement specifies how many additional bytes the receiver is prepared to accept. The slow-start algorithm quickly increases window size by doubling it for each successful transmission. Sender-Side Congestion Window To avoid network congestion. With window advertisements. the receiving side manages flow control. All Rights Reserved. the congestion window can be reduced in size by one-half multiple times. the receiving host continually informs the sending host of how much data it is prepared to receive.Introducing TCP Flow Control Introducing TCP Flow Control TCP is more than a basic send-receive-acknowledge-send progression. The congestion window adjusts the amount of data that can be sent according to the number of segments that were recently lost or acknowledged in transit.

the largest window that can be used is 216 or 64 kilobytes (Kbyte).1 9-13 . such as satellite networks. Revision A. which permits larger TCP window advertisement sizes to enhance performance over high-delay. Inc. RFC 1323 introduces a mechanism to increase the window size to 230 or 1 gigabyte (Gbyte). Therefore. Describing the Transport Layer Copyright 2005 Sun Microsystems. A standard TCP header uses a 16-bit field to report the receiver window size to the sender. Sun Services. All Rights Reserved. high-bandwidth networks.Introducing TCP Flow Control TCP Large Window The Solaris 10 OS implements RFC 1323.

d. Sun Services. Why would an application programmer use an unacknowledged transmission protocol? ____________________________________________________________ ____________________________________________________________ 9-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved. Inc. stateful. Revision A. 2.1 . A protocol that establishes a communication session before sending data A reliable. Match the terms to their definition. Tasks Complete the following steps: 1. and connection-oriented Transport layer protocol An unacknowledged Transport layer protocol A principle that optimizes TCP flow control _____ _____ UDP b. _____ _____ Connection-oriented protocol TCP c. you: q q Define Transport layer terms Describe why an application programmer uses an unacknowledged transmission protocol Review the differences between TCP and UDP q Preparation Refer to the lecture notes as necessary to perform the tasks listed.Exercise: Describing the Transport Layer Exercise: Describing the Transport Layer In this exercise. Sliding window a.

Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. All Rights Reserved.1 9-15 . Inc. issues. Sun Services. q q q q ! ? Experiences Interpretations Conclusions Applications Describing the Transport Layer Copyright 2005 Sun Microsystems. Revision A. or discoveries you had during the lab exercise.

Sun Services. 2. and connection-oriented Transport layer protocol An unacknowledged Transport layer protocol A principle that optimizes TCP flow control c UDP b. A protocol that establishes a communication session before sending data A reliable. d. Revision A. stateful. d Match the terms to their definition. Sliding window a. All Rights Reserved. 9-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 .Exercise Solutions Exercise Solutions Solutions to the exercise are as follows: 1. Inc. Why would an application programmer use an unacknowledged transmission protocol? UDP has less overhead than TCP. a b Connection-oriented protocol TCP c. UDP is best suited for short bursts of communication or broadcast communication.

including gathering needed information.Module 10 Configuring DNS Objectives This module describes the basic components of DNS. editing the BIND configuration file and other relevant files.1 . Upon completion of this module. All Rights Reserved. server types. Revision A. including the Berkeley Internet name domain (BIND). This module also describes DNS configuration. top-level domains. Configuring and Managing Network Applications Configuring the Solaris™ IP Filter Firewall Configuring DNS Configuring DHCP Figure 10-1 Course Map Configuring NTP 10-1 Copyright 2005 Sun Microsystems. Inc. Sun Services. and resource records. you should be able to: q q q Describe the basics of DNS Configure a DNS server Troubleshoot a DNS server by using basic utilities The course map in Figure 10-1 shows how this module fits into the current instructional goal. and performing basic troubleshooting procedures. the name resolution process. zones of authority.

Introducing DNS Basics Introducing DNS Basics The DNS name space is composed of a set of hierarchical domains arranged in a manner similar to the branches of an inverted tree. a domain can span a large physical area. however.2. q q q q 10-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc. The Solaris 10 OS implements the BIND 9. Sun Microsystems. Branches represent collections of names in a common domain. A single network can consist of hosts that belong to many different domains. does not support this action. You can download and compile the latest version.org/. BIND BIND is the most frequently used implementation of DNS in the UNIX environment. not physical entity. Revision A. In BIND 8 the daemon is /usr/sbin/in. Is an index for looking up information in the DNS distributed database. Sun Services. In BIND 9 the daemon is /usr/sbin/named. Note – Earlier versions of the Solaris OS implemented the BIND 8 software. http://www.1 . Can be broken into subdomains and can delegate authority for those subdomains to another group of administrators. Represents nodes or systems by name in the DNS naming tree. In other words. Top-Level Domains A domain: q Is a collection of names that identifies network hosts and is a logical. The latest versions of the BIND software are available from the Internet Systems Consortium’s (ISC) Web site.isc. All Rights Reserved. which might not be in physical proximity. version 9. A domain is maintained by a group of administrators. Inc.4 software.named. Can be branches or leaves in the DNS tree. Leaves represent individual nodes and are considered domains unto themselves.

not ICANN. gov.) Networking organizations and ISPs Non-profit and other organizations Reverse address lookups Country-based domains. Configuring DNS Copyright 2005 Sun Microsystems. edu. Top-level domains are below the root domain. The second level is usually the first place that the ICANN delegates authority for a domain to some other local organization.) Military organizations (U. org and arpa. The IANA controls the root domain.S.S.1 10-3 . authorizes domain registrars to sell domain names. Second-level domains are below the top-level domains.org Web site. Table 10-1 DNS Top-Level Domain Examples Domain com edu gov mil net org arpa ca Description Commercial organizations (predominately in the United States (U. The second-level domain. The ICANN. This domain is a place holder containing names and servers for the top-level domains.)) Educational organizations Governmental organizations (U. Canada in this example Top-level domains have two main categories: organizational domains and geographical domains.Introducing DNS Basics The top of the DNS hierarchy contains a nameless root domain.icann.icann. is controlled by administrators of Sun Microsystems. Sun Services. available at the http://www.com. All top-level domains are controlled currently by the ICANN. Geographical domains are based on the physical location of the domain. Table 10-1 shows top-level domains and their descriptions. for example. Inc. Organizational domains are based on the function or the purpose of the domain. The ICANN non-profit group is the governing body of all IP address assignments and domain names and controls the root domain. Top-level domains (TLDs) include currently domains such as com.org/tlds URL.S. sun. All Rights Reserved. Revision A. The proposals for new TLDs are available at the http://www.

Introducing DNS Basics An organization can break up their second-level domains into lower-level domains. A university might divide its domain into department-based domains. Inc. All servers also cache information. There is a 255-character maximum for a fully qualified domain name (FQDN). The following are some of the more common server types. All Rights Reserved. a large.1 . contains information for domains over which the server has naming control in the form of resource records in the servers’ configuration files) Consist of at least one domain and its associated data Can span one or more domains q q Server Types DNS implements name resolution. Lower-level domains can be split into more lower-level domains as needed. a system might be a primary server for one zone and a secondary server for a different zone. For example. Sun Services. the name space also divides into various zones of authority. or as-needed basis. Revision A. This is usually done on an organizational. Fully qualified is analogous to an absolute path in a file name. Note that a single system can fulfill more than one role. For example. Zones of Authority In addition to dividing the name space into administrative domains. All domains are subject to naming length restrictions. The types of server are: q q q q q Root servers Primary servers Secondary servers Caching-only servers Forwarding servers 10-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. These zones: q Are the portion of the name space for which a server is authoritative (that is. which are described in more detail in this section. political. and a 63-character limit for an individual domain name. multinational corporation might divide its domain into country-based domains.

root file. The ICANN does not permit a domain to be registered officially as a subdomain of a top-level domain until a site demonstrates two working DNS servers. Primary servers have the following features: q q They are the system on which all changes are made to the zone. and four serve the root domain only. 2004) 13 root servers. There are (as of September. Configuring DNS Copyright 2005 Sun Microsystems. Revision A. the keyword master indicates the primary server. it is not frequently done. therefore. Of these servers.internic.. (See the following sections for definitions of authoritative and non-authoritative servers.. ICANN maintains the root servers. B. from the ftp://ftp.root-servers. maintaining multiple primary servers is difficult and is prone to having errors occur. The root servers are currently named A. All Rights Reserved.root URL.root-servers.Introducing DNS Basics Root Servers Root servers maintain data about each of the top-level zones.net.) They provide update information and synchronize secondary servers when the secondary servers request information. nine serve the root and top-level domains.net.rs. q q Secondary Servers Each domain should have at least one secondary server.conf file. They can specify the delegation of authority for subdomains. Primary Servers Each DNS zone must have a primary server. They are authoritative servers for all zones that they serve. Although DNS does not prohibit having more than one primary server. Sun Services.1 10-5 . In the /etc/named. Inc. which contains a list of the current root servers. You can download a current copy of the named. and so on.net/domain/named. and the servers are moved to a common domain for consistent naming purposes.

They reduce overhead that is associated with secondary servers that perform zone transfers from primary servers. that is.Introducing DNS Basics Secondary servers have the following features: q q There can be one or more secondary servers per zone. Caching-only servers are servers that are not authoritative for any zone. They obtain a copy of the zone information through zone transfers for all domains that they serve from the appropriate primary server or from another secondary server for the zone. The server that is used as a forwarder builds up a rich cache of information. Sun Services. If no reply is received from the forwarders. and to wait for a reply. 10-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. q q q Forwarding Servers Forwarding servers are DNS servers intended to act as focal points for all off-site DNS queries. the size of the cache grows. q Caching-Only Servers All DNS servers cache information for any domain for which they are not authoritative. Caching-only servers have the following features: q They provide a rich cache of the most commonly accessed namespace information. but instead caches responses from other. the name server resumes normal operations and contacts the remote name servers itself.1 . They permit DNS client access to naming information that is locally cached without the expense of setting up a primary or a secondary DNS server. Off-site queries are queries for remote information. They are never authoritative for any domain. Designating a server as a forwarding server causes all off-site requests to consult initially the forwarding server or servers. authoritative. with the exception of the loopback address. their answers to queries are considered highly accurate. Inc. Forwarding servers have the following features: q q All off-site queries go through forwarders first. which reduces the number of redundant off-site requests. They are authoritative for all of the zones that they serve. Over time. All Rights Reserved. name servers. Revision A.

Answer Types Answers that are returned from DNS servers can be described as authoritative or non-authoritative. Usually correct.conf file on the local servers. Answers from non-authoritative DNS servers are: q q q Sourced from a server cache Usually correct Can be incorrect if the server’s cache contains stale data Name-Resolution Process DNS name resolution is the process of translating a domain name to an IP address or translating an IP address to a domain name. then the name server may not contact remote name servers on its own. Configuring DNS Copyright 2005 Sun Microsystems. Because humans administer the DNS. Sun Services. Name resolution begins with client-side resolver code. Resolver code is built into the operating system libraries and is available to programs that use system interface calls.1 10-7 .Introducing DNS Basics q q Special setup on forwarders is not required. it is possible for incorrect data to enter the DNS database. q Note – If a name server uses the directive forward only in addition to the forwarders directive. Answers from authoritative DNS servers are: q q Sourced from a disk-based file. Revision A. Inc. The local server can still contact the remote site if forwarders fail to respond to queries. All Rights Reserved. Servers using forwarders are configured by adding a forwarder directive to the /etc/named.

Inc.1 .conf file Is activated by a reference to DNS in the /etc/nsswitch. All Rights Reserved. Revision A.Introducing DNS Basics Client-resolver code: q q Does not cache any information Queries the DNS servers that are specified in the /etc/resolv. Sun Services.conf file hosts entry q 10-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

Name Server Figure 10-2 DNS Name Resolution Process Configuring DNS Copyright 2005 Sun Microsystems.net name to an IP address. Revision A.conf File 2 /etc/inet/hosts File 3 LDAP Hosts Database 4 /etc/resolv. 1 /etc/nsswitch.1 10-9 .internic.net. All Rights Reserved. Figure 10-2 shows a client attempting to resolve the ftp. Name Server Local Name Server 11 12 internic.Introducing DNS Basics A DNS client uses the following steps to query a name server to resolve name-to-address or address-to-name requests. Sun Services. Inc.conf File Local Name Server 5 6 Cache Local Name Server 7 8 root Name Server Local Name Server 9 10 net.

If the address is in the local cache.net. ftp.1 sys11 # loghost # router to get to instructor The following steps describe the DNS name-resolution process. The client system consults the local /etc/inet/hosts file and does not find an entry. 4..conf file has the following contents: # cat /etc/nsswitch.internic.conf . The client system consults the /etc/resolv.0. to the LDAP server and finds no address. 3. All Rights Reserved. the Lightweight Directory Access Protocol (LDAP) server. and you do all of the work.168. The client system consults the /etc/nsswitch.conf file to determine the name resolution search list and the address of the DNS servers.conf file to determine the name resolution order.31 sys11ext 192.. Sun Services.internic. A recursive query states: “I will wait for the answer. the order is the local file.net.168. and then the DNS server.0.30.” The client waits until the local server completes name resolution.. to the local DNS server.Introducing DNS Basics The following describes the DNS name-resolution process where the /etc/nsswitch. 5. # The /etc/inet/hosts file has the following contents: # cat /etc/inet/hosts # Internet host table 127..1. 1. 10-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. 6. Revision A. The client system sends a query asking for the IP address of the Internet name.1 ... In this example. ftp. Inc. The local DNS server consults the contents of its cached information in case this query has been recently resolved. 2. The client system resolver routine sends a recursive DNS query asking for the IP address for the Internet name.1 localhost 192. hosts: files ldap dns . it is returned to the client as a non-authoritative answer.

The net domain server that is contacted returns the best information it has. The root server returns these names and addresses along with a TTL value that specifies how long the local DNS server can cache this information. The root server returns the best information it has. cache time-out values. 9. including the server addresses. and the email address of the DNS administrator.net server returns the IP addresses of the Internet name.net. and the client can proceed. 11.internic. the general format of any resource record is: [name] [ttl] class type data Configuring DNS Copyright 2005 Sun Microsystems. 10. the only information you are guaranteed is that the root server has the names and addresses of all the net domain servers. Resource records can also include information about a particular system including its IP address. The local DNS server contacts one of the net domain servers returned from the previous query and transmits the same iterative query that was previously sent to a root server.net. which are the names and addresses of the internic. Inc. ftp. Sun Services.1 10-11 .net servers and a TTL value. An internic. and I will do all of the work. All Rights Reserved. it contacts one of the root servers and sends an iterative query. An iterative query states: “Send me the best answer you have.” In this example. 12. The local DNS server returns the requested address to the client system.Introducing DNS Basics 7. Revision A. the assumption is that the answer is not cached and that a root server must be contacted. If the local DNS server does not have cached information about the net or internic domains. and its contact information. Resource Records Resource records are entries contained in the name server zone files and are not case sensitive. along with a TTL value. Although each type of resource record has specific syntax. A resource record can contain information that pertains to a particular domain. ftp. In this case. 8. The local DNS server contacts one of the internic. its domain name.net domain servers and makes the same query for the IP address for the Internet name.internic.

Record Types DNS zone files can contain blank lines and comments. the type field. hours. ttl class type data Depending on the record type and other shortcuts being taken. and an email address. Inc.edu and one.one. Because DNS is a distributed database. an IP address. days.1 . Table 10-3 on page 10-13 shows commonly used resource record types. Comments begin with a semicolon. Examples of a record type with multiple arguments include a host name. which can also be expressed as 1d. not all of the fields are always required. All Rights Reserved. Some record types specify a single argument in this field. 10-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Table 10-2 Resource Record Fields Field name Description Specifies the domain name for which the resource record is defining information. Specifies the type of network. and other record types specify multiple arguments in this field. This value is expressed in seconds. The sys12. Specifies the type of information that is defined for the domain in field 1.edu names are examples of domain names. Sun Services. Defines the appropriate data for this resource record and depends on the record type specified in field 4. which represents one day in seconds.Introducing DNS Basics Resource records have the fields shown in Table 10-2. and so on. this record also defines the possible key values that are used in DNS queries. Specifies the cache TTL value that is given to remote DNS servers when they query the information specified by this record. The examples in this module only use the IN or Internet class. An example is 86400. Revision A.

The pointer (PTR) record specifies a host name for an IP address (used for inverse lookups and IP address-to-host names).edu. 192. The start of authority (SOA) record identifies the primary name server. q sys12. The address (A) record specifies an IP address for a host name.2 The A resource record type: IN one. Revision A. Configuring DNS Copyright 2005 Sun Microsystems.) 691200 .) 3600 .Introducing DNS Basics Table 10-3 shows examples of record types and their purposes. contact information. ( 20040923 . The canonical name (CNAME) record defines a host name alias (www can substitute for a specific host name).edu. The name server (NS) record specifies the name server for a domain. negative caching info. Inc. SOA NS A PTR CNAME AAAA Following are examples of resource record types: q The SOA resource record type: $TTL 8h . expire (8days) 3600 ) .edu.one. IN SOA instructor.thirty.edu.edu.one. retry (1hr.thirty. kept for 1 hour q The NS resource record type: IN NS A sys12.168. Sun Services. The quad-A (AAAA) record specifies an IPv6 address for a host name. root.1. version number 10800 .1 10-13 . Table 10-3 Examples of Resource Record Types Record Type $TTL Purpose The $TTL record identifies the cache TTL value that remote DNS servers receive when they query the information specified by this record. refresh (3hrs. All Rights Reserved.instructor. and default cache TTL values for all resource records in the domain.

edu.edu. Revision A.192 q www. 10-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1. sys12. or control statement.168.x versions.one. This directive. Inc. The $TTL directive identifies the cache TTL value that remote DNS servers receive when they query the information specified by this directive. was not available for use until BIND 8. All Rights Reserved.Introducing DNS Basics q The PTR resource record type: IN PTR CNAME sys12.2. Sun Services. The CNAME resource record type: IN 2.one.one.1 .edu.

Gathering Information When you configure a DNS server.Configuring a DNS Server Configuring a DNS Server The DNS server daemon is the /usr/sbin/named process. checks that the system is configured as a DNS client with an /etc/resolv. This information consists of name-to-address translations. Revision A. Sun Services. This daemon provides a service in the SMF.1 10-15 .conf file. The named daemon is started at boot time only if the /etc/named. supply the server with the following types of information: q q The names and addresses of root servers. All Rights Reserved. Other services used for managing application and daemons that require DNS. The following svcs command is used to determine the status of the DNS-related services: # svcs -a | grep dns disabled Oct_22 disabled Oct_22 svc:/network/dns/client:default svc:/network/dns/server:default The following svcadm commands enable the DNS naming service and the default client service: # svcadm enable svc:/network/dns/server:default # svcadm enable svc:/network/dns/client:default # svcs -a | grep dns online 23:02:34 svc:/network/dns/client:default online 23:08:27 svc:/network/dns/server:default Note – The DNS client service will not start any new processes. will have a dependency on the DNS client service to ensure that the system is a DNS client.conf file exists and the appropriate SMF service is enabled. such as LDAP. Configuring DNS Copyright 2005 Sun Microsystems. Inc. but when enabled. The information required to resolve all domains for which the server is authoritative.

10-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. or a caching-only server Specify the server’s zones of authority Indicate the location of the server’s data files Apply security selectively for specific zones Define logging specifications Apply options selectively for a set of zones q q q q q The named daemon reads the /etc/named.conf file contains statements and can contain comments. Statements end with a semicolon (.conf file when the daemon is started by the SMF. This information is sometimes referred to as parenting or delegating.Configuring a DNS Server q The information needed to resolve all reverse domains for which the server is authoritative. A BIND version 4. Revision A.x named. The /etc/named. This information consists of address-to-name translations. a secondary.conf.).9. can follow either # or //.x and later versions use a new configuration file.conf file contains statements that: q q Indicate the location of the file that includes the root servers Establish the server as a primary. that replaced the /etc/named. The /etc/named. q Editing the BIND Configuration File BIND version 8. The names and addresses of servers for all domains that are one level below the domains being served by this server.). Comments can start with /* and end with */. Inc. All Rights Reserved. and each statement in the block is terminated with a semicolon (. The configuration file directs the named daemon either to other servers or to local data files for a specified domain.9. and can extend to the end of the line. Sun Services.boot file used in versions 4.conf file by running the /usr/sbin/named-bootconf script.1 .x.x and earlier. /etc/named. they can contain a block of statements enclosed within curly braces ({}).boot file can be converted to a named.

and sets default values for other statements.conf statements and their definitions. Controls global server configuration options. Inc. Revision A.1 10-17 . options zone Configuring DNS Copyright 2005 Sun Microsystems. All Rights Reserved.conf File Statement acl Definition Defines a named IP address match list used for access control. No forward references are permitted. It applies options selectively on a per-zone basis. Defines a zone.Configuring a DNS Server Table 10-4 shows /etc/named. Sun Services. The address match list designates one or more IP addresses or IP prefixes. Table 10-4 Statement Definitions for the /etc/named. rather than to all zones. The named IP address match list must be defined by an acl statement before it can be used elsewhere.

conf options { DIRECTORY "/var/named".192.1 .arpa" in { type master. }. file "loop. }.}.168.0/24.}.Configuring a DNS Server Figure 10-3 shows the contents of the /etc/named.back".168.0.edu" in { type master. }. file "reverse. Inc. zone "0. }. file "forward.conf File 10-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. zone "1.back Figure 10-3 The /etc/named.rzone loop. zone ". }.127.rzone".in-addr.in-addr. /etc/named. All Rights Reserved.arpa" in { type master. acl "nets"{ {192. zone "one. file "named.1. Revision A. }. /* This is a comment */ // This is a comment # This is a comment /var/named named.zone reverse. allow-transfer {"nets".root forward.conf file.zone"." in { type hint. Sun Services.root".

33.33 . C. A. Revision A.NET. 3600000 IN NS B.41.PSI. .NET.NET.root URL: .NET.12 < Part of file truncated> . 3600000 A 202.ROOT-SERVERS. Accordingly. The following is a modified (the IN entries for servers D–L have been removed in order to conserve space on this page) excerpt taken from the named.NET . End of File Configuring DNS Copyright 2005 Sun Microsystems. 3600000 A 192. .root file available at the ftp://ftp. Sun Services. it is not imperative that this file be precisely up-to-date.NET. 3600000 IN NS A. 3600000 IN NS M. formerly NS1.EDU . All Rights Reserved.NET.root File The /var/named/named. .INTERNIC.net/ domain/named. The name daemon uses this list that is returned from the root server and does not use the servers that are specified in the hints file again until the TTL value expires on the cached root-server information.ROOT-SERVERS.ROOT-SERVERS. Inc.ROOT-SERVERS. M.internic. .4 .ROOT-SERVERS.rs.0.27. .Configuring a DNS Server Editing the named. formerly C. .9. The information in this file is described as hints to the named daemon because the daemon attempts to contact one of the root servers listed until one of the servers responds.ISI. formerly NS.4. housed in Japan.ROOT-SERVERS.NET .1 10-19 . but it should be checked every few months because root servers change from time to time.NET.ROOT-SERVERS. 3600000 IN NS C.12.0. B. 3600000 A 198.107 . 3600000 A 128. operated by WIDE . The responding root server returns a list of root servers.ROOT-SERVERS.root file specifies name-to-address mappings for the root servers.NET.

as appropriate. All Rights Reserved. A. q q q The NS and A records combine to define the name and address of a single root server. The NS record type indicates that a name server is being defined for the root domain. contains an IP address. Note the trailing dot associated with this field. This field is historic and is not used in this file. Sun Services. This field is historic and is not used in this file.Configuring a DNS Server In the first record: q q The dot (. The TTL field is 3600000 seconds. the fourth data field contains the IP address of the root server that is specified in the first field.1 . This file specifies additional pairs of records. For A records. q q q In the second record: q The first (domain) field contains the FQDN of the root server that is defined in the previous record. The record type. The IN class stands for Internet. Inc. 10-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. The TTL field is 3600000 seconds. Revision A.) in the first field denotes the root domain. The fifth field of the first record (the data field) is the FQDN of a root server.

See Figure 10-3 on page 10-18 for more information on this example. Serial 3600 . IN NS sys13.one. root.Configuring a DNS Server Editing the Forward Domain File The forward domain file (db. this file must specify an SOA record and NS records for all name servers for this domain.edu. All Rights Reserved. Inc.edu.---------------------------------------------------------------------------------@ IN SOA sys12.168.{name} {ttl} Class NS Nameserver Name .edu.1 10-21 . Revision A. $TTL 86400 .------------------------------------------------sys11 IN A 192.1 sys12 IN A 192.sys12.one.4 localhost IN A 127. . Minimum (24 Hours) . ( 2005010101 .1. Refresh (1 Hour) 1800 . . In addition.------------------------------------------------------router IN CNAME sys11 dns IN CNAME sys12 The $TTL directive sets the default time to live for the zone’s information to eight hours. Sun Services.{name} {ttl} Class A IP Address . in this example) contains the mappings of host names to IP addresses for all systems in the domain that are being served by this name server.3 sys14 IN A 192.{name} {ttl} Class SOA Origin Postmaster . Expire (1 Week) 86400 ) .168.edu. .1.168.one.1.0.-----------------------------------------------------IN NS sys12.one.one. Retry (30 Minutes) 6048000 .168.{name} {ttl} Class CNAME Canonical Name .0. .1.1 . Configuring DNS Copyright 2005 Sun Microsystems.edu.2 sys13 IN A 192.

Any time you make changes to this file.domain_name. in seconds. The administrator is usually the root user. q q q q q q q You should define an NS record for all name servers in this domain that you want to be recognized by DNS servers. Data field argument 7 – The negative caching timer (Minimum) is the default value of time that the server keeps negative responses from other authoritative servers. Sun Services. a zone transfer needs to occur.one. Data field argument 2 (root. Data field argument 6 – The expire timer is the time interval in seconds after which.edu.1 . in this case). The @ also defines the default origin that determines the domain appended to any partially qualified domain name in the configuration file’s resource records. and.edu.one.) – This is the name of the primary master server for this domain in FQDN format.edu) – This is an email address. The actual value for the @ comes from the second field of the appropriate record in the named.sys12. remember to update this number in such a way that it gets larger. All Rights Reserved. if a secondary server cannot contact the primary server or another secondary server. the entire zone data should be discarded. Data field argument 3 – This is the version (Serial) number that the secondary slave servers use to determine if they need to perform a zone transfer to get a fresh copy of zone data. in seconds. It is always safe to start at 1 and add 1 with each change. Inc. This prevents the secondary servers that have lost contact with the rest of the name servers from continuing to give out potentially stale information. as shown in this example.conf file that references this file.Configuring a DNS Server The SOA record is mandatory and has the following items: q An at sign (@) in the name field – This is a shortcut for the domain that is being served (one. or to use today’s date. Revision A. after which the secondary servers check back if a normal refresh failed. Note that the @ is replaced with a dot in the SOA record because the @ has special meaning in this file. 10-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Data field argument 5 – The retry timer is the time interval. that you can use to report problems with the domain. in the format of DNS_admin_name. after which the secondary servers should check to determine if the serial number has changed. Data field argument 1 (sys12. if it has. Data field argument 4 – The refresh timer is the time interval. This timer is usually set to a smaller value than the refresh timer.

The names that are not fully qualified have the domain name origin (the value of the @ in the SOA record by default) appended to them.1 10-23 . All Rights Reserved.168.Configuring a DNS Server Most of the remaining resource records are address records for each system in the domain. The CNAME record in this instance is similar to the following entry in a /etc/inet/hosts file: 192. Sun Services. Inc.1. Revision A. The CNAME record defines host aliases. Most of the host names are not fully qualified. Configuring DNS Copyright 2005 Sun Microsystems. This shorthand method can save typing and improve the readability and maintainability of the file.1 sys11 router The localhost entry specifies the loopback address for all hosts. or nicknames for hosts.

The following is an example of a reverse domain file: . . ( 2005010101 .{name} {ttl} Class PTR Real Name . as indicated in the /etc/named.one.{name} {ttl} Class SOA Origin Postmaster . Inc.{name} {ttl} Class NS Nameserver Name . $TTL 86400 .-----------------------------------------------1 IN PTR sys11.edu. Because these resource records do not end with a . Refresh (1 Hour) 1800 .---------------------------------------------------------------------------------@ IN SOA sys12.conf file in which this reverse file is referenced.one.in-addr.edu. Serial 3600 . Retry (30 Minutes) 6048000 .one. web servers. (dot). Expire (1 Week) 86400 ) . .sys12.edu.Configuring a DNS Server Editing the Reverse Domain File Reverse domain files (db. reverse domain.192. All Rights Reserved.one.one. . the value of the @ is appended to each record. The argument field of the PTR record should contain the FQDN of the name of the system at which the record points. q 10-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. 4 IN PTR sys14.in-addr. .edu.arpa. 2 IN PTR sys12.edu.one. Address-to-name translation is important and is used by various utilities.192.edu. root.168. 3 IN PTR sys13.arpa.1 . The address-to-name mappings are defined with the PTR record type. BIND. This completes the reverse address-to-name mapping. such as NFS.one.-----------------------------------------------------IN NS sys12.192. and sendmail.168. IN NS sys13. Observe the following about this file: q The @ (at the top of this resource record) in this example refers to the 1.1.168. Information for the "reverse" domain 1. The domain field in the PTR record contains the host portion of the IP address. in this example) contain mappings for address-to-name translation. Sun Services. Minimum (24 Hours) .one.edu.edu.

{name} {ttl} Class NS Nameserver Name . . q q q Configuring DNS Copyright 2005 Sun Microsystems.one. in this example.{name} {ttl} Class PTR Real Name . 127.-----------------------------------------------------IN NS sys12.edu.0.Configuring a DNS Server Editing the Reverse Loopback Domain File Reverse loopback domain files specify the reverse loopback domain address-to-name translation.{name} {ttl} Class SOA Origin Postmaster . Here is an example (db. Refresh (1 Hour) 1800 . Expire (1 Week) 86400 ) .-----------------------------------------------1 IN PTR localhost. IN NS sys13. Minimum (24 Hours) .one.1 10-25 . Use all other lines as shown in this example. Serial 3600 . The contents are hard-coded.one.edu.0) of a reverse loopback domain file: $TTL 86400 .one. Retry (30 Minutes) 6048000 .in-addr.edu. . Sun Services. root. The only items that you change from domain to domain in the SOA record are the host name (first) argument and the email address used to report problems.127. with the exception that the server name changes depending upon on which server the file is installed.---------------------------------------------------------------------------------@ IN SOA sys12. ( 2005010101 .edu. Every name server is the master for its own loopback address. Observe the following about this file: q You can use the @ when the domain name is the same as the origin.sys12. . All Rights Reserved.arpa. Inc. You must specify the name of the system being configured on the NS line. Revision A. This file is required on all DNS servers. .

This enables nomadic DHCP users to have access to systems and services without manual administration.Configuring a DNS Server Configuring Dynamic Updates Dynamic updates cause a DNS server to be updated automatically with DHCP host information from a DHCP server. Log in as root on the DNS primary server.168. Sun Services. edit the /etc/named. allow-update { 127.1.1. Inc. 192. Restart the named process by using the svcadm commands. zone "1. }.1 .168.1.0.0. allow-update { 127. For example: # svcadm restart svc:/network/dns/server:default # or # svcadm disable svc:/network/dns/server:default # svcadm enable svc:/network/dns/server:default 10-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. 2. complete the following steps: 1.1.168.0.arpa" in { type master. For example: zone "one. All Rights Reserved.2. }.conf file. 192. }. file "db.1".168.0. and add allow-update statements to both the forward and reverse zones. To configure a server to permit dynamic updates to occur.192.2.in-addr.one. file "db.edu" in { type master. }.192. Revision A.edu".

DNS can be vulnerable to unauthorized access.x.3. file "forward.conf configuration file.0 has access to the resource records for this zone. only systems with the IP addresses 192. }. Configuring DNS Copyright 2005 Sun Microsystems. You can restrict queries for a specific zone by using the allow-query keyword as an argument to the zone statement. }. For example: zone "one. You can restrict queries to all zones by using the allow-query keyword as an argument to the options statement for the zone. }.x. }.3.xxx receive responses from the name server. By default. The IP address list determines which systems receive responses from the server.168. servers respond to any query or request for a zone transfer. Two important security considerations are the control of name queries and the control of zone transfers. 192.1. Beginning with BIND version 8.3/24.1/24.168.168.edu" in { type master.168.zone". The allow-query statement enables you to establish an IP address-based access list for queries. In this case. For example: options { allow-query { 192. You can modify this behavior by using the allow-query and allow-transfer keywords.1 10-27 .Configuring a DNS Server Configuring Security Because of the nature of the Internet. You can apply this access list to a specific zone or to all queries that are received by the server. security features are implemented through the /etc/named. In this case. All Rights Reserved. allow-query { 192. only subnet 192. Revision A. Sun Services.3/24. Inc.xxx and 192.168.168.

1. }.3/32.168. 10-28 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. }.0/24. the allow-transfer keyword can limit which systems may receive a zone transfer from a name server.168. For example: options { allow-transfer { 192. You can configure ACLs by using the acl keyword to build an ACL list that can be used as an argument to the allow-query and allow-transfer keywords.0/24.3. Inc.168. }. if you want.1. For example: acl "local" { 192. }. 192. }. The allow-transfer keyword can also be applied to a specific zone. allow-query { "local". Sun Services. Revision A. Another feature that often is associated with restricting queries and transfers is access control lists (ACLs).1 .Configuring a DNS Server In the same manner.edu" in { type master. You can restrict zone transfers from a name server by using allow-transfer in the options statement. All Rights Reserved. zone "one. allow-transfer { "local".2. }. 192. The list of IP addresses used in the previous examples could be replaced by an ACL.168.0/24.

masters { 192.192.1.slave".slave"." { type hint.168.arpa" { type slave. and the slave keyword denotes a secondary server for a domain when used as arguments to the type directive. masters { 192.in-addr. file "db. Sun Services. file "db. An example of an /etc/named.Configuring a DNS Server Configuring Secondary DNS Servers The contents of the /etc/named.1. Inc. masters { 192. }.2.192.127. Configuring DNS Copyright 2005 Sun Microsystems.1 10-29 .0.conf file on the secondary DNS server can be less complex than that of the primary server. zone "one. }.in-addr.1. All Rights Reserved. zone ".0.edu. zone "0.conf file for a secondary server is: options { directory "/var/named".0.conf file must contain keywords that are appropriate to both functions. }. }. The master keyword denotes a primary server for a domain.127.root".slave".168.2.168. file "db.168. }.168.2. }. Revision A. }.edu" { type slave.arpa" in { type slave. zone "1.one. the /etc/named. If a server is to act as both a primary server for some domains and a secondary server for other domains.1. file "db. }.

The server or servers listed can be the primary server or secondary servers. q q q Secondary servers start the named daemon during the boot process if the /etc/named. except that the secondary name server is always listed as the primary for the loopback address. The IP address from which the secondary server should download its zone files is listed following the masters keyword. 10-30 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.backup and reverse. Revision A. Sun Services. Inc. Secondary servers are configured with and use the same syntax for a reverse loopback domain file as the primary name server uses.1 .conf file exists. The daemon is started by SMF. All Rights Reserved. The reverse.rbackup files and their contents are created automatically by the secondary server’s named daemon after the primary name server is contacted successfully. Up to 10 IP addresses can be listed.Configuring a DNS Server Observe the following about this file: q Secondary servers are configured with and use the same root server hints file as the primary name server.

conf:32: unknown option ’zonee’ Missing required keywords are reported: sys12# named-checkconf /etc/named.conf:32: missing ’. Revision A. The named-checkconf command is used to check the /etc/named.192.1 dns_master_load: db.edu/IN: loaded serial 2005010101 OK Typographical errors in the SOA record are detected: sys12# named-checkzone one.1 zone one.1 file is reported: # named-checkzone one.168. All Rights Reserved.168.edu db.edu/IN: has no NS records Configuring DNS Copyright 2005 Sun Microsystems. Inc.168. Missing punctuation can be detected: sys12# named-checkconf /etc/named.edu db.1 zone one. Sun Services.edu’: type not present The named-checkzone command is used to check the any of the zone files.conf file.1:10: unknown RR type 'SA0' zone one. A clean one.1 10-31 .192.168.192.’ before ’zone’ Misspelled keywords are exposed: sys12# named-checkconf /etc/named. These commands report syntax errors.192.1: unknown class/type Missing NS records are reported: sys12# named-checkzone one.168.168.edu db.conf:38: zone ’one.192.conf and database files.edu zone in the db.edu/IN: loading master file db.192.Configuring a DNS Server Checking Configuration and Database Files The named-checkconf and named-checkzone commands can be used to check the integrity of the named.

conf and /etc/resolv. Sun Services. Inc.conf file by editing the hosts entry and adding the dns keyword. Do not specify host names. make sure that the files keyword is listed first. To ensure proper network interface configuration during the boot process.2 nameserver 192. The client attempts to use the loopback address if there is no nameserver keyword or if the /etc/resolv.3 Observe that the search keyword specifies domain names to append to queries that were not specified in the FQDN format. Modify the /etc/nsswitch. The nameserver keyword specifies the IP address of the DNS servers to query. and the search path to use for queries.edu domain search one.conf file for DNS clients of the one. The /etc/nsswitch.edu nameserver 192. If both "domain" and "search" keywords are present.1. .168. The following example shows a hosts entry configured for DNS: hosts: files dns The /etc/resolv.conf file does not exists. In general.edu three.conf file specifies the resolver library routines to be used for resolving host names and addresses.1 . list the name servers that are nearer to the local network first.1. Revision A. resolv.conf files. The first domain listed following the search keyword designates the client’s domain. Starting the Client Service The following svcadm command enables the DNS default client service: # svcadm enable svc:/network/dns/client:default # svcs -a | grep dns online 23:02:34 svc:/network/dns/client:default 10-32 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.168.Configuring a DNS Server Configuring DNS Clients All DNS clients require the presence of the /etc/nsswitch. then the last one in the file is used and the other one(s) are ignored.conf file specifies the name servers that the client must use. You can use up to three nameserver keywords to increase your chances of finding a responsive server. All Rights Reserved. Note that the DNS server must also be configured as a DNS client if it intends to use its own DNS services. the client’s domain name.edu two.

}. print-severity yes. Test representative samples. Inc. category queries { logfile. A logging channel controls the destination of the logged data. print-category yes. and test several servers in other domains to ensure that you have correctly identified the root servers.conf(4)) to cause the named process to write to a log file that you specify. Logging starts as soon as the logging statement in the /etc/named. you cannot test every record in your domain files. }.conf file and restart the named daemon: logging { channel logfile { file "/var/named/bind-log". Implementing named Logging Use logging (named. severity debug 9. logfile.Troubleshooting the DNS Server by Using Basic Utilities Troubleshooting the DNS Server by Using Basic Utilities Usually.1 10-33 . category default { default_syslog. print-time yes. so the logging statement should be the first entry in that file.conf file is parsed. }. Add the following to the top of the primary DNS system's /etc/named. Following is a description of each of the example entries: q q q /var/named/bind-log – File to hold logged data print-time yes – Print time of the event severity debug 9 – Debug output of level 9 and below to be logged print-category yes – Log category information print-severity yes – Log severity information q q Configuring DNS Copyright 2005 Sun Microsystems. All Rights Reserved. }. Revision A. Sun Services.

923 client: debug 3: client 192.arpa IN PTR Jan 12 16:02:19.inaddr.1.1.1#32810: query 'one. } – Log queries q Following is an example of logged information during query using the dig command: sys12# tail -f /var/named/bind-log Jan 12 16:02:19.1.1.1#32811: UDP request Jan 12 16:02:19.168.925 client: debug 3: client 192.1.168.918 client: debug 3: client 192.1.168.1#32811: query Jan 12 16:02:19.924 client: debug 5: client 192.918 security: debug 3: client 192.1#32810: query: one.919 client: debug 3: client 192.168.919 client: debug 3: client 192.1.925 client: debug 3: client 192.1.1.1#32810: sendto Jan 12 16:02:19.1#32810: next Jan 12 16:02:19.168.edu/IN' approved Jan 12 16:02:19.1.1#32810: UDP request Jan 12 16:02:19.1#32811: sendto Jan 12 16:02:19.1.918 queries: info: client 192.918 client: debug 3: client 192.918 security: debug 3: client 192.inaddr.1.925 client: debug 3: client 192.168.168.Troubleshooting the DNS Server by Using Basic Utilities The category section describes how the channel information is used.1#32811: recursion available: approved Jan 12 16:02:19.925 client: debug 3: client @94f88: udprecv 10-34 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.924 client: debug 3: client 192.168.1#32811: request is not signed Jan 12 16:02:19.1. Following is a description of each of the example entries: q category default { default_syslog.168.919 client: debug 3: client 192.1#32811: next Jan 12 16:02:19.1.168.920 client: debug 3: client @94f88: udprecv Jan 12 16:02:19.168.1#32811: endrequest Jan 12 16:02:19.168.919 client: debug 3: client 192.1#32811: send Jan 12 16:02:19.924 security: debug 3: client 192.1.918 client: debug 5: client 192.1#32811: v6 synthesis denied Jan 12 16:02:19.1. Sun Services.168.168.arpa/IN' approved Jan 12 16:02:19.1.edu IN A Jan 12 16:02:19.192. Inc.1#32810: recursion available: approved Jan 12 16:02:19. Revision A.168.1.1. All Rights Reserved.1#32811: query '4.1#32810: senddone Jan 12 16:02:19.924 queries: info: client 192.168.1.168.1.918 security: debug 3: client 192.168.1. logfile. } – Log to syslog and logfile category queries { logfile.924 security: debug 3: client 192.168.924 security: debug 3: client 192.1.924 client: debug 3: client 192.168.924 security: debug 9: client 192.192.1.1#32810: endrequest Jan 12 16:02:19.924 client: debug 3: client 192.168.1#32810: request is not signed Jan 12 16:02:19.168.168.1#32811: using view '_default' Jan 12 16:02:19.919 client: debug 3: client 192.1.1#32810: using view '_default' Jan 12 16:02:19.1.1.168.1#32811: query: 4.168.1#32811: senddone Jan 12 16:02:19.1 .1#32810: send Jan 12 16:02:19.1#32810: query Jan 12 16:02:19.168.168.

For example.4 Jan 11 12:04:32 sys12 named[634]: [ID 873579 daemon. Revision A.rzone: file not found Jan 11 12:04:35 sys12 named[634]: [ID 873579 daemon.warning] named.crit] exiting (due to fatal error) Configuring DNS Copyright 2005 Sun Microsystems.notice] starting BIND 9.Troubleshooting the DNS Server by Using Basic Utilities Examining the/var/adm/messages File The named daemon sends messages to the syslogd daemon by using the daemon facility.arpa/IN: loading master file one. the following highlighted entry shows that zone files without TTLs are now rejected: Jan 11 12:04:31 sys12 named[634]: [ID 873579 daemon.in-addr.2. Sun Services.192.root:5: no TTL specified.error] zone 1. Inc.168. Messages that are sent with level notice or higher are written to the /var/adm/messages file by default. All Rights Reserved. The contents of this file often show where configuration errors were made.notice] couldn't add command channel ::1#953: address not available Jan 11 12:04:33 sys12 named[669]: [ID 873579 daemon.1 10-35 . zone rejected Jan 11 12:04:33 sys12 named[669]: [ID 873579 daemon.

->>HEADER<<. the domain information groper (dig) utility was also bundled with the Solaris OS.one.. global options: printcmd . AUTHORITY SECTION: one.2) WHEN: Wed Jan 12 16:56:12 2005 MSG SIZE rcvd: 72 .edu . Query time: 4 msec SERVER: 192.168.168. but is marked as obsolete with a notification that it might be removed in a future release..edu sys11.edu .2 one. As of the Solaris 9 OS.1.one. QUERY: 1. The dig utility is now preferred and does the following: q Sends queries and displays replies for any of the valid resource record types Queries the DNS server of your choice Debugs almost any domain that is not protected by a firewall q q Executing Forward Queries The syntax used for forward queries is as follows: dig @DNS_server domain_name system_name A typical debug query testing forward resolution might look like the following: # dig @192. 86400 IN SOA sys12.edu. In the Solaris 10 OS. QUESTION SECTION: .edu.edu. ADDITIONAL: 0 .edu. root.opcode: QUERY... ..1.1 . Sun Services.. Got answer: .2#53(192. the primary test tool bundled with BIND was the nslookup utility. .sys12.Troubleshooting the DNS Server by Using Basic Utilities Using the dig Utility Before the Solaris 9 OS.. AUTHORITY: 1. flags: qr aa rd ra. 2005010101 3600 1800 6048000 86400 .. All Rights Reserved.2. status: NOERROR. .4 <<>> @192.one.one..edu sys11. <<>> DiG 9.2 one. ->>HEADER<<.opcode: QUERY.1. ANSWER: 0. Inc. the nslookup utility is included.one. id: 1334 . Revision A.1... id: 1440 10-36 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Got answer: . IN A .168.168.. status: NOERROR.

edu. .edu.edu. ANSWER: 0.one.edu.168. Executing Reverse Queries The syntax used for reverse queries is as follows: dig @DNS_server domain_name -x IP_address A typical debug query testing reverse resolution might look like the following: # dig @192.edu -x 192.. ADDITIONAL SECTION: sys12.168.3 Query time: 3 msec SERVER: 192. Inc. QUESTION SECTION: ...one.edu.. An answer number (on the flags line) greater than zero usually indicates success..1. ADDITIONAL: 0 .2 192.one.1 . ->>HEADER<<.1 86400 86400 IN IN NS NS sys12...1.opcode: QUERY.. .one. AUTHORITY SECTION: IN A Configuring DNS Copyright 2005 Sun Microsystems. id: 1881 .edu.2. QUERY: 1.sys11.2 one.168. .168. . sys13.1.edu. <<>> DiG 9.1. global options: printcmd . .168.1.. status: NOERROR. ANSWER: 1. sys13.2 one. Sun Services.edu. Got answer: .1 10-37 .edu. .2#53(192. AUTHORITY: 2. flags: qr aa rd ra.4 <<>> @192.1.1 ..2) WHEN: Wed Jan 12 16:56:12 2005 MSG SIZE rcvd: 119 The ANSWER SECTION lists the answer retrieved from the DNS server.1..one. .168. ANSWER SECTION: sys11..edu -x 192. ADDITIONAL: 2 ..168. Revision A. flags: qr aa rd ra.1.one. QUERY: 1. IN A 86400 IN A 192. . 86400 86400 IN IN A A 192..168.. one. AUTHORITY: 1.Troubleshooting the DNS Server by Using Basic Utilities .one. AUTHORITY SECTION: one. QUESTION SECTION: .168. All Rights Reserved.1.

192.edu.one. QUESTION SECTION: .one. Revision A. .. Sun Services.edu.3 Query time: 3 msec SERVER: 192. .1.1.arpa.. .1 .opcode: QUERY..in-addr. sys13.168.in-addr. ADDITIONAL: 2 ..168.edu. id: 1932 .1. 86400 ...arpa.one.edu.in-addr. .1.one.168..1.arpa. status: NOERROR. Got answer: . QUERY: 1.168.. All Rights Reserved.sys12. IN PTR . ADDITIONAL SECTION: sys12.192.1.. sys12. PTR sys11.. 86400 IN ..168.Troubleshooting the DNS Server by Using Basic Utilities one.in-addr. ANSWER: 1.edu. 86400 86400 IN IN A A 192.edu. ANSWER SECTION: 1.. ->>HEADER<<. root. IN IN NS NS sys13. .1.one.2) WHEN: Wed Jan 12 16:55:11 2005 MSG SIZE rcvd: 72 . Inc. 86400 IN SOA sys12. . 86400 1.168..2#53(192. Query time: 4 msec SERVER: 192.168.1..arpa. .1. AUTHORITY: 2.2 192.edu.2) WHEN: Wed Jan 12 16:55:11 2005 MSG SIZE rcvd: 141 10-38 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.one.168.edu. AUTHORITY SECTION: 1. 2005010101 3600 1800 6048000 86400 ..192. flags: qr aa rd ra.one.192.168.168.2#53(192.

1 10-39 . Inc. Display status of the server. Change the debugging level.Troubleshooting the DNS Server by Using Basic Utilities Dumping a Snapshot of the DNS Database by Using the rndc Utility The remote name daemon controller command. Flushes all of the server's caches. Restart the server. Stop the server without saving pending updates. Reload configuration file and new zones only. sys12# rndc dumpdb All of the options for the rndc utility are listed when it is invoked without any as follows: # rndc Usage: rndc [-c config] [-s server] [-p port] [-k key-file ] [-y key] [-V] command command is one of the following: reload reload zone refresh zone reconfig stats querylog dumpdb stop halt trace trace level notrace flush flush [view] status *restart Reload configuration file and zones. Flushes the server's cache for a view. [class [view]] Reload a single zone. Sun Services. Write server statistics to the statistics file.4 Clearing the Cache Clear the server’s cached data by restarting the named daemon. * == not yet implemented Version: 9. Toggle query logging. Set debugging level to 0. Increment debugging level by one.2. rndc. is used to dump the currently cached contents of the server.db). [class [view]] Schedule immediate maintenance for a zone. For example: sys12# svcs -a | grep dns online 5:09:02 svc:/network/dns/client:default Configuring DNS Copyright 2005 Sun Microsystems. Save pending updates to master files and stop the server. Revision A. All Rights Reserved. Dump cache(s) to the dump file (named_dump.

1.2) WHEN: Wed Jan 12 06:59:29 2005 MSG SIZE rcvd: 72 10-40 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. ->>HEADER<<. global options: printcmd .2 one. IN A . Revision A.1. Inc.1.sys12...168..1 . ANSWER: 0.edu.168. The following example shows an improper use of the dig command attempting a reverse query: sys13# dig @192.2 one. .edu 192.1.1.4 <<>> @192. AUTHORITY SECTION: one.2. Got answer: . $DATE 20050112135516 Dump Examples Examining dumped caches is often a very productive way to troubleshoot errors.. flags: qr aa rd ra.edu..edu 192.2#53(192.1.168.edu.. . 2005010101 3600 1800 6048000 86400 .db . ADDITIONAL: 0 . Query time: 2 msec SERVER: 192. status: NOERROR. All Rights Reserved. <<>> DiG 9..one.one.168.edu. QUESTION SECTION: .opcode: QUERY. 86400 IN SOA sys12.1 . .168. Sun Services.168.Troubleshooting the DNS Server by Using Basic Utilities online 5:09:25 svc:/network/dns/server:default sys12# svcadm disable svc:/network/dns/server:default sys12# svcs -a | grep dns disabled 6:54:30 svc:/network/dns/server:default online 5:09:02 svc:/network/dns/client:default sys12# svcadm enable svc:/network/dns/server:default sys12# svcs -a | grep dns online 5:09:02 svc:/network/dns/client:default online 6:54:45 svc:/network/dns/server:default Verify that the cache has been cleared using the rndc command: sys12# rndc dumpdb sys12# cat /var/named/named_dump. QUERY: 1. Cache dump of view '_default' . ..1 . id: 1328 . root...one. AUTHORITY: 1.

edu -x 192.168.1.2 two.168.1.edu -x 192.. ADDITIONAL: 0 .. authanswer .168. 86381 A sys12# instructor.168.1. The following example shows a successful reverse query: sys13# dig @192.. All Rights Reserved. sys12# rndc dumpdb sys12# cat /var/named/named_dump. . . IN A . QUERY: 1.168.. Cache dump of view '_default' . Got answer: .30 The NXDOMAIN in the dumped data indicates that a non existent (NX) domain was requested. root.edu.1...db . AUTHORITY SECTION: . flags: qr rd ra.1 10-41 .192. 2005010101 3600 1800 6048000 86400 . . needed for reverse queries). authauthority 192.2) WHEN: Wed Jan 12 06:59:29 2005 MSG SIZE rcvd: 90 The highlighted entries shown above indicate an unsuccessful reverse resolution request. Inc. <<>> DiG 9. AUTHORITY: 1. QUESTION SECTION: . ->>HEADER<<. additional instructor.2.168. status: NXDOMAIN. 86381 IN NS . $DATE 20050112135930 . .2#53(192.4 <<>> @192.1.opcode: QUERY.thirty.-$NXDOMAIN 192. global options: printcmd Configuring DNS Copyright 2005 Sun Microsystems. the IP address was mistaken for a domain.thirty. .edu.instructor..1.edu.1 .thirty.1 .2. 10781 \-ANY .30.168. Query time: 4 msec SERVER: 192. Sun Services. 10800 IN SOA instructor.Troubleshooting the DNS Server by Using Basic Utilities . Because the incorrect syntax was used (missing -x option. Revision A.1.edu. Dumping the cached data provides insights.thirty.168.. ANSWER: 0..2.2 two.1. id: 1204 ..168.

Sun Services. 2005010101 3600 1800 6048000 86400 .1 address. id: 1982 . . IN IN NS NS sys23. IN PTR . . 86400 .edu.1. id: 1174 .. All Rights Reserved. status: NOERROR. AUTHORITY SECTION: two. ->>HEADER<<.in-addr.edu..opcode: QUERY.168.. Got answer: .arpa.168.edu domain.. QUERY: 1. root. 10-42 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.2#53(192.192.2#53(192. Inc.192. ANSWER SECTION: 1.. 86400 IN . The second highlighted QUESTION and ANSWER sections are for the specified request for information about the 192.. Query time: 6 msec SERVER: 192. AUTHORITY: 2.edu.192.edu. ANSWER: 0.arpa.in-addr..168. A forwarding of the request is required for information about the two. IN A .. flags: qr rd ra.two. Examining the cached data details the resolution process.two.2) WHEN: Wed Jan 12 08:07:30 2005 MSG SIZE rcvd: 109 The first highlighted QUESTION section indicates that the query is requesting data that is not locally authoritative.edu..edu..edu. .1 .168. sys22.1.two. AUTHORITY: 1..sys22.. . .two.opcode: QUERY.arpa..168.192.2) WHEN: Wed Jan 12 08:07:30 2005 MSG SIZE rcvd: 72 . 10800 IN SOA sys22.168. status: NOERROR.db . ADDITIONAL: 0 .2. QUESTION SECTION: .1.2.two.1.2. Revision A.Troubleshooting the DNS Server by Using Basic Utilities .. Got answer: .. PTR sys21. Query time: 11 msec SERVER: 192.in-addr.168. QUERY: 1.168.1.. flags: qr rd ra..168. ADDITIONAL: 0 . AUTHORITY SECTION: 2.. QUESTION SECTION: .two.arpa.in-addr. . 86400 2. ANSWER: 1. sys12# rndc dumpdb sys12# cat /var/named/named_dump.. ->>HEADER<<.

30.edu.edu. 86353 . authanswer .two.2.edu.192.2. Inc. Configuring DNS Copyright 2005 Sun Microsystems.in-addr. glue two.in-addr. The last highlighted entry shows the pointer information cached for the requested IP address. All Rights Reserved. 86353 . authanswer 1.two.30 sys22.192.168.168.-$NXRRSET 192.2. .168.Troubleshooting the DNS Server by Using Basic Utilities . 86353 86353 .edu.two.arpa zone (sys22.thirty. The first highlight entry shows the forwarding of the request to the instructor.168. authauthority 10753 .two.edu. 86353 86353 .edu. Revision A. 86353 IN NS NS NS PTR A NS NS \-A A A instructor.192.arpa.two.edu. 86353 .edu. sys23. The second highlighted entry shows that server supplying the and of the authoritative server for the 2.168.in-addr.thirty. glue sys23.edu. 86353 . glue sys22.3 The first three entries in the cached data show the resolution process.168.thirty. sys23. sys22. sys21.two. $DATE 20050112150759 . authauthority 2.2 192.edu.1 10-43 .edu).edu. Sun Services. 192.two.arpa. additional instructor.two. Cache dump of view '_default' .

edu.two.edu sys21.edu. Cache dump of view '_default' .1.2.two.edu.edu.168. 86357 NS 86357 NS .two.1 .30. authanswer sys21.2.2 two.edu. 192.thirty.thirty. All Rights Reserved. Inc. 86357 A .edu <dig output omitted> sys12# rndc dumpdb sys12# cat /var/named/named_dump.168. additional instructor.1 192. authanswer . authauthority 10757 \-A . glue sys23.db .edu.two.30 sys22. glue sys22.2.two.3 Forcing the named Daemon to Reread the Configuration and Changed Zone Files You can use the rndc utility with the reconfig command to cause the named process to reload its configuration file and implement any changes to the zone files as follows: sys12# rndc reconfig 10-44 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. 86357 A .168.2 192. sys23. $DATE 20050112151434 . 86357 IN NS . Revision A.edu. . Sun Services. 86357 A .Troubleshooting the DNS Server by Using Basic Utilities This next example cache dump shows a similar resolution for a forward query: sys13# dig @192. authauthority two. 86357 A instructor.edu.-$NXRRSET 192.168.168. .two.

A significant difference between ndc in BIND 8 and rndc in BIND 9 is that rndc uses its own configuration file.conf. As of the Solaris 10 OS. All Rights Reserved. sys12# /usr/sbin/rndc-confgen # Start of rndc. The rndc.conf file.conf file has an entry for a rndc-key. Name servers have always been controlled by administrators sending signals. secret "jZOP5nh//i9t7BwHivvNzA==". Inc.conf file in place if the named. Remote clients are authorized specifically to control the daemon by establishing. Revision A.conf file specifies which server controls and algorithm the server should use.conf key "rndc-key" { algorithm hmac-md5.conf file and the appropriate key information in the rndc. Without a rndc-key reference in the /etc/named. Implementing this security requires an rndc-key reference entry in the /etc/name. }.notice] command channel listening on 127. such as SIGHUP and SIGINT.conf and /etc/named. and it can be used both interactively and non-interactively. the following messages appear in the /var/adm/messages file: Jan 12 08:22:12 sys12 named[1346]: [ID 873579 daemon. configuring and using secret keys.conf files.notice] couldn't add command channel ::1#953: address not available You can continue to use the rndc utility. Configuring DNS Copyright 2005 Sun Microsystems. options { default-key "rndc-key".Troubleshooting the DNS Server by Using Basic Utilities Managing a DNS Server by Using the rndc Utility Administrators use the remote name daemon control program (rndc) to control the operation of a name server.1 10-45 . the rndc utility replaces the ndc utility as the name daemon control application.conf file.0. Sun Services. rndc. Use the rndc-confgen utility to generate the proper contents for the rndc. Securing Control Sessions The rndc utility supports security using key-based authentication.0. You need only a rndc. The rndc utility provides a finer granularity of control.1#953 Jan 12 08:22:12 sys12 named[1346]: [ID 873579 daemon. albeit in a non-secure manner.

# End of rndc. }. # secret "jZOP5nh//i9t7BwHivvNzA==".conf # Use with the following in named.0. default-port 953. default-server 127. default-port 953. Revision A. }.0.0.1.1 . Add the named. # End of named.1.conf file.conf. options { default-key "rndc-key".0. } keys { "rndc-key".conf file: sys12# cat /etc/named. All Rights Reserved.0.0.0.Troubleshooting the DNS Server by Using Basic Utilities default-server 127. Sun Services. }. # # controls { # inet 127.1 port 953 # allow { 127.conf sys12# Copy the rndc-key section into a new file called /etc/rndc. The following is an example of a finished /etc/named.conf options { directory "/var/named". Inc. # }. sys12# cat /etc/rndc. // added to stop couldn't add command channel ::1#953 messages // from showing up in /var/adm/messages // following is output from /usr/sbin/rndc-confgen 10-46 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. }.conf key "rndc-key" { algorithm hmac-md5.0. # }.conf. adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5.conf section to the /etc/named. }. secret "jZOP5nh//i9t7BwHivvNzA==".1. Be sure to remove the comment indentifiers (#).

}.1 10-47 .0. }.conf file: sys12# rndc dumpdb Jan 12 10:13:40 sys12 named[1431]: invalid command from 127.0.0. or the key is invalid. secret "jZOP5nh//i9t7BwHivvNzA==". sys12# Configuring DNS Copyright 2005 Sun Microsystems. Sun Services. and examining the resulting /var/adm/messages file entries: sys12# svcadm disable svc:/network/dns/server:default sys12# svcadm enable svc:/network/dns/server:default sys12# tail -4 /var/adm/messages Jan 12 08:58:48 sys12 named[1402]: [ID 873579 daemon. } keys { "rndc-key".. Inc.1 port 953 allow { 127.1.. All Rights Reserved.2. Test the rndc.notice] starting BIND 9.0.key by stopping and starting the named process. this host is not authorized to connect.0.4 Jan 12 08:58:48 sys12 named[1402]: [ID 873579 daemon. controls { inet 127.key addition . // end of rndc. }.1#32839: bad auth rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol.notice] running The daemon starting without the command channel message implies a successful key configuration The rndc command can now be used securely.0. Revision A.0.0. using the rndc utility.1#953 Jan 12 08:58:48 sys12 named[1402]: [ID 873579 daemon.notice] command channel listening on 127.Troubleshooting the DNS Server by Using Basic Utilities key "rndc-key" { algorithm hmac-md5. You will see an error message similar to the following if either there is a problem with the contents of the rndc.

db . Now test to verify that the rndc utility works as expected: sys12# rndc status number of zones: 5 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON server is up and running Flushing the Memory Cache You can use the rndc utility to flush the memory cache. All Rights Reserved. Inc. Cache dump of view '_default' . Revision A. Before making any changes. sys12# rndc status number of zones: 5 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON server is up and running 10-48 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. . $DATE 20050113141237 sys12# Changing the Debug Level of the Daemon Use the rndc utility to change the debug level of the server. determine the current debug level of the daemon. Sun Services.1 . sys12# rndc flush sys12# rndc dumpdb sys12# cat /var/named/named_dump.Troubleshooting the DNS Server by Using Basic Utilities Server Status The rndc utility can be used to query server status and report statistics.

838 general: debug 'trace 8' Jan 13 07:17:37. Sun Services. All Rights Reserved. sys12# rndc trace sys12# rndc status number of zones: 5 debug level: 1 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON server is up and running Assign the debug level to a specific level.929 general: debug 'status' Jan 13 07:17:34. the debug level is shown along with the logged messages: sys12# tail -f /var/named/bind-log Jan 13 07:12:37. Revision A.598 general: debug 'status' Jan 13 07:17:15.249 general: debug 'trace' Jan 13 07:17:17.149 general: debug 'status' 1: received control channel command 1: received control channel command 1: received control channel command 1: received control channel command 1: received control channel command 1: received control channel command Configuring DNS Copyright 2005 Sun Microsystems. sys12# rndc trace 8 sys12# rndc status number of zones: 5 debug level: 8 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON server is up and running sys12# If logging is enabled.Troubleshooting the DNS Server by Using Basic Utilities Increment the debug level by one. Inc.1 10-49 .548 general: debug 'dumpdb' Jan 13 07:17:02.

respectively.in-addr.edu. The instructor has set up a root domain server for use in this lab. you configure DNS.1 .in-addr.loopback domains. q q The self-contained root server (instructor) serves the . 30..168. The domains to be set up are named one.Exercise: Configuring DNS Exercise: Configuring DNS In this exercise.192. The system and server-client functions for these exercises are listed in Table 10-5.edu. two. make sure that: q The classroom network is not connected to the public Internet because the names and addresses used are not registered with the ICANN. Preparation Refer to the lecture notes as necessary to perform the tasks listed. All Rights Reserved. DNS client DNS client 10-50 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc. Sun Services..arpa. edu. Revision A... Before starting this lab.(root). Table 10-5 Exercise Host Functions Host instructor sysX1 sysX2 sysX3 sysX4 Function Root DNS name server Router Primary DNS name server..arpa.edu. DNS client Secondary DNS name server. and three. and 127.

complete the following steps. and move as a team to each system that is to be configured. perform the following: 1. You can create the file yourself. Tasks To configure DNS. q What is the purpose of the /etc/named. such as the nslookup utility. or you can use the template file that your instructor makes available to you.Exercise: Configuring DNS Task Summary In this exercise. You practice using troubleshooting tools. Your first task is to configure your domain’s primary DNS server. Set up the /etc/named.conf file keywords? q q zone ___________________________________________________ ___________________________________________________ q options ___________________________________________________ ___________________________________________________ 2. team up with the other students on your subnet. In this way. All Rights Reserved. and clients on your subnet. Sun Services.conf file? ______________________________________________________ ______________________________________________________ ______________________________________________________ What is the purpose of the following /etc/named. Revision A. ______________________________________________________ Configuring DNS Copyright 2005 Sun Microsystems. Work as a team. you experience most of the aspects of configuring DNS.conf file for your domain on the system that will be your domain’s primary DNS server.1 10-51 . a DNS secondary server. Working on the Primary DNS Server To configure your domain’s primary DNS server. and configure a DNS primary server. Inc. Create the /var/named directory.

q What is the purpose of a domain’s zone file? ___________________________________________________ ___________________________________________________ ___________________________________________________ What is the purpose of the SOA resource record? ___________________________________________________ ___________________________________________________ What is the purpose of the CNAME resource record? ___________________________________________________ ___________________________________________________ ___________________________________________________ q q 10-52 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. You can create the file yourself. You can create the file yourself. Sun Services. All Rights Reserved. Set up the /var/named/db. q What is the purpose of the db.1 . Revision A. or you can use the template file that your instructor makes available to you.root file for your domain on the system that will be your domain’s primary DNS server. Inc.root file? ___________________________________________________ ___________________________________________________ ___________________________________________________ Where can you obtain a current copy of the current root name servers? ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ What is the purpose of the following resource record types? q q q NS ___________________________________________________ q A ___________________________________________________ 4. Set up the zone file for your domain on the system that will be your domain’s primary DNS server. or you can use the template file that your instructor makes available to you.Exercise: Configuring DNS 3.

You can create the file yourself. Your next task is to configure name resolution on all of your systems. q What is the purpose of the reverse lookup zone file? ___________________________________________________ What is the purpose of the PTR resource record? ___________________________________________________ q 6. Inc. Sun Services.conf file? ___________________________________________________ ___________________________________________________ What effect does the dns keyword have on this file? ___________________________________________________ ___________________________________________________ ___________________________________________________ q 8. Working on All Systems To configure name resolution on all systems.conf file on your DNS server and DNS clients.dns file to the /etc/nsswitch. You can create the file yourself. or you can use the template file that your instructor makes available to you. Revision A.1 10-53 .conf file.conf file? ___________________________________________________ ___________________________________________________ ___________________________________________________ Configuring DNS Copyright 2005 Sun Microsystems. Working on all of your DNS clients and DNS servers. Write the command that you use: ___________________________________________________ q What is the purpose of the /etc/nsswitch. q What is the purpose of the /etc/resolv. Set up the /etc/resolv. or you can use the template file that your instructor makes available to you. Set up the reverse lookup file for your domain on the system that will be your domain’s primary DNS server. perform the following: 7. Set up the loopback file for your domain on the system that will be your domain’s primary DNS server.Exercise: Configuring DNS 5. copy the /etc/nsswitch. All Rights Reserved.

1 . Before continuing. Use the svcs command to verify that the services are online. Inc.Exercise: Configuring DNS q What is the purpose of the domain keyword? ___________________________________________________ ___________________________________________________ What is the purpose of the namesserver keyword? ___________________________________________________ ___________________________________________________ q Working on the Primary DNS Server Continue as follows: 9. Revision A. Working on the Client Systems Note – Since the client service was just enabled on the primary name server. 11. ___________________________________________________ ___________________________________________________ b. c. Use the svcadm command to enable the default client service and verify that it is enabled. Use the svcadm command to enable both the name server daemon and the DNS client. Sun Services. troubleshoot to eliminate any DNS-related error messages that appear in the /var/adm/messages file. Check the /var/adm/messages file for DNS error messages. ___________________________________________________ ___________________________________________________ 10-54 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Start the name server daemon on your DNS server: a. ___________________________________________________ 10. All Rights Reserved. ___________________________________________________ Check that the server daemon is running. this step does not have to be done on those systems.

1 10-55 . Working on the Primary DNS Server Continue as follows: 16. Use the techniques that are described in the lecture part of the module. Revision A. View the dumped DNS data to look for errors. a. Inc. Use the following command: Your final task is to configure a secondary DNS server. Use the techniques that are described in the lecture part of the module. Update both the forward and reverse zone files on the primary server to support the secondary name server. For example. testing both your local domain and your remote domain servers as they become available. list the contents of the domain by querying the primary name server for its resource records. Test and debug your setup by using the dig utility. Working on the Primary DNS Server Continue as follows: 14. Working on the Secondary DNS Server To configure a secondary DNS server: 15. sys12# rndc dumpdb b. _________________________________________________________ _________________________________________________________ _________________________________________________________ Configuring DNS Copyright 2005 Sun Microsystems. Write the updates that you use in each file. Test your DNS server. Sun Services. Test and debug as required. 13. All Rights Reserved. Create the /var/named directory.Exercise: Configuring DNS Working on Any System Troubleshoot DNS-related errors as follows: 12. Take a snapshot of the DNS information in memory.

Add the secondary name server to the /etc/resolv. Set up the /var/named/db. Use the svcs command to verify that the services are online. Set up the /etc/named.conf file on the DNS clients and servers in your domain.1 . _____________________________________________________ Check that the server daemon is running. You can create the file yourself. __________________________________________________________ 10-56 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Verify that the new zone files have been created in the /var/named directory. You can create the file yourself.Exercise: Configuring DNS Working on All Systems Continue as follows: 17.conf file for your domain on the system that will be your domain’s secondary DNS server. or you can use the template file that your instructor makes available to you. Start the name server daemon on your DNS server: a. __________________________________________________________ 22. Use the svcadm command to enable both the name server daemon and the DNS client. Sun Services. 19. All Rights Reserved.root file for your domain on the system that will be your domain’s secondary DNS server. 20. Revision A. or you can use the template file that your instructor makes available to you. Verify that the secondary name server performs forward lookup requests as expected. Write the updates that you put in the file: _________________________________________________________ _________________________________________________________ Working on the Secondary DNS Server Continue as follows: 18. _____________________________________________________ _____________________________________________________ b. _____________________________________________________ 21. c. Inc.

Sun Services.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. or discoveries you had during the lab exercise.1 10-57 . All Rights Reserved. q q q q ! ? Experiences Interpretations Conclusions Applications Configuring DNS Copyright 2005 Sun Microsystems. issues. Revision A. Inc.

Revision A. You can create the file yourself. Sun Services.Exercise Solutions Exercise Solutions Solutions to this exercise are provided in the following section. Set up the /etc/named.192. Your first task is to configure your domain’s primary DNS server.192. }.root".conf file for your domain on the system that will be your domain’s primary DNS server. file "db. file "db. Inc.in-addr.conf options { directory "/var/named". Working on the Primary DNS Server To configure your domain’s primary DNS server. }.edu".1". or you can use the template file that your instructor makes available to you. zone ". file "db. Your /etc/named. Task Solutions To configure DNS. }. perform the following: 1. All Rights Reserved.edu" { type master. zone "one.conf file should be similar to the following: sys12# cat /etc/named." { type hint.168. 10-58 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 .one. }. zone "1.arpa" { type master.168. complete the following steps.

{name} {ttl} Class A IP Address .conf file specifies the directory that contains the other configuration files. rather than to all zones.1 10-59 .edu.in-addr.arpa" in { type master. The named.{name} {ttl} Class NS Nameserver Name . Create the /var/named directory. 604800 IN A 192.Exercise Solutions zone "0.30. Sun Services. .conf file? The /etc/named. . file "db.0. db.--------------------------------------------------------instructor. the root servers. All Rights Reserved. or you can use the template file that your instructor makes available to you. 3. Set up the /var/named/db. the domains served by this server.127. 604800 IN NS instructor.168.conf file keywords? q zone It defines a zone of authority and applies options selectively on a per-zone basis.0". }.-------------------------------------------------------------.0.thirty. q What is the purpose of the following /etc/named.edu. Revision A. Inc.root . Your /var/named/db. You can create the file yourself.thirty. q What is the purpose of the /etc/named.conf file is the configuration file read by the named daemon at system start up. .root file for your domain on the system that will be your domain’s primary DNS server. 2. q options It controls global server configuration options and sets default values for other statements.root file should be similar to the following: sys12# mkdir /var/named sys12# cat /var/named/db.30 # Configuring DNS Copyright 2005 Sun Microsystems. . and the type of server that this system will be for each of those domains.root .127.

Non-root servers can begin queries at the root level if no other information is available. or you can use the template file that your instructor makes available to you. q What is the purpose of the following resource record types? q NS The NS record (name server record) identifies the name server of a domain. or the root. . 4. db.1 .net/domain/named. Expire (1 Week) 86400 ) . You can create the file yourself. q Where can you obtain a current copy of the current root name servers? You can retrieve them from the ftp://ftp.edu. Inc.edu.one.Exercise Solutions q What is the purpose of the db. This file’s contents directs non-root servers to root servers. q A The A record (address record) yields an IP address that corresponds to a host name.one.{name} {ttl} Class NS Nameserver Name . Your /var/named/db.internic.root URL.one. Sun Services. 10-60 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved. of the DNS hierarchy. and they maintain data about each of the top-level zones.one. Retry (30 Minutes) 6048000 .sys12. .edu .rs. ( 2005010101 .one.root file? Root servers are positioned at the top.one.edu. Refresh (1 Hour) 1800 . Be sure to check that the file’s syntax is correct.edu $TTL 86400 . Serial 3600 . Minimum (24 Hours) .---------------------------------------------------------------------------------@ IN SOA sys12. Revision A.edu file should be similar to the following: sys12# cat /var/named/db. root. .-----------------------------------------------------IN NS sys12. Set up the zone file for your domain on the system that will be your domain’s primary DNS server.{name} {ttl} Class SOA Origin Postmaster .

1. or you can use the template file that your instructor makes available to you.1 file should be similar to the following: sys12# cat /var/named/db.192. db.3 sys14 IN A 192. Configuring DNS Copyright 2005 Sun Microsystems.1 $TTL 86400 .1.edu. q What is the purpose of the CNAME resource record? The CNAME record defines an alias for a host name.1. Serial 3600 . Minimum (24 Hours) . contact information.192. In addition.168.0. Refresh (1 Hour) 1800 .168.1 .Exercise Solutions .1 10-61 .one. You can create the file yourself. .168.{name} {ttl} Class A IP Address .1 . 5.{name} {ttl} Class SOA Origin Postmaster .sys12.edu.168.0. .one.168.168. ( 2005010101 .192. Inc.{name} {ttl} Class CNAME Canonical Name . Revision A.------------------------------------------------------router IN CNAME sys11 dns IN CNAME sys12 q What is the purpose of a domain’s zone file? This file contains the mappings of names to IP addresses for all systems in the domain being served by this name server. q What is the purpose of the SOA resource record? The SOA record identifies the primary server.1 sys12 IN A 192. this file must specify an SOA record and NS records for all name servers for this domain.1. . root. Sun Services. and cache time-out values for the entries in the domain.------------------------------------------------sys11 IN A 192.2 sys13 IN A 192.4 localhost IN A 127. Your /var/named/db. Set up the reverse lookup file for your domain on the system that will be your domain’s primary DNS server.168. Expire (1 Week) 86400 ) . All Rights Reserved. Retry (30 Minutes) 6048000 .---------------------------------------------------------------------------------@ IN SOA sys12.

Your next task is to configure name resolution on all of your systems.one. q What is the purpose of the reverse lookup zone file? This file contains mappings for address-to-name translation.edu. . . Set up the loopback file for your domain on the system that will be your domains primary DNS server. .1 . q 6. root.127. Expire (1 Week) 86400 ) .edu.edu.edu.{name} {ttl} Class SOA Origin Postmaster .0.-----------------------------------------------------IN NS sys12. db.one. 3 IN PTR sys13. .Exercise Solutions . Inc. ( 2005010101 . . 10-62 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services.127. What is the purpose of the PTR resource record? The PTR record specifies a host name for an IP address. Minimum (24 Hours) .0 .0.{name} {ttl} Class PTR Real Name . 4 IN PTR sys14.edu.{name} {ttl} Class PTR Real Name . Revision A. or you can use the template file that your instructor makes available to you. Refresh (1 Hour) 1800 .-----------------------------------------------1 IN PTR sys11.0 $TTL 86400 . .127.0.edu. Your /var/named/db. .---------------------------------------------------------------------------------@ IN SOA sys12.sys12.{name} {ttl} Class NS Nameserver Name .one. All Rights Reserved.edu.one.edu.one.one. Retry (30 Minutes) 6048000 . 2 IN PTR sys12. You can create the file yourself.-----------------------------------------------1 IN PTR localhost.one. Serial 3600 .-----------------------------------------------------IN NS sys12.0 file should be similar to the following: sys12# cat /var/named/db.{name} {ttl} Class NS Nameserver Name .one.

1. q What effect does the dns keyword have on this file? The dns keyword causes the dns resolver library routine to be added when resolving host names and addresses. All Rights Reserved.168. Set up the /etc/resolv.conf file specifies which resolver library routines are to be used in resolving host names and addresses. Its position in the hosts line determines the order in which it is used.conf domain one. copy the /etc/nsswitch. Revision A.conf file on your DNS server and DNS clients. Inc. Configuring DNS Copyright 2005 Sun Microsystems. q What is the purpose of the namesserver keyword? The nameserver keyword specifies DNS servers to query by IP address. Working on all of your DNS clients and DNS servers. 8.conf q What is the purpose of the /etc/nsswitch. q What is the purpose of the domain keyword? The domain keyword specifies domain names to append to names that were not specified in the FQDN format and in what order to append them.dns file to the /etc/nsswitch.conf file. Write the command that you use: # cp /etc/nsswitch.1 10-63 .2 q What is the purpose of the /etc/resolv.Exercise Solutions Working on All Systems To configure name resolution on all systems.conf file should have contents similar to the following: # cat /etc/resolv.conf file? This file specifies the resolver library routines that the domain search list applies to any names that are not specified in the FQDN form and specifies the IP addresses of DNS servers to query.conf file? The etc/nsswitch.edu nameserver 192. Sun Services. perform the following: 7.dns /etc/nsswitch. Your system’s /etc/resolv.

notice] running Check that the server daemon is running. Check the /var/adm/messages file for DNS error messages. Before continuing. All Rights Reserved. troubleshoot to eliminate any DNS-related error messages that appear in the /var/adm/messages file.1#953 Jan 12 13:23:18 sys12 on ::1#953 Jan 12 13:23:18 sys12 named[1516]: [ID 873579 daemon. sys12# svcs -a | grep dns online 14:53:08 svc:/network/dns/server:default online 14:56:04 svc:/network/dns/client:default c. sys12# svcadm enable svc:/network/dns/server:default sys12# svcadm enable svc:/network/dns/client:default b. Use the svcs command to verify that the services are online. Revision A.0. sys12# tail -4 /var/adm/messages Jan 12 13:23:18 sys12 Jan 12 13:23:18 sys12 on 127. Inc. Start the name server daemon on your DNS server: a. 10-64 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0. sys12# pgrep named 97 10.1 . Working on the Client Systems Note – Since the client service was just enabled on the primary name servers. 11. Use the svcadm command to enable both the name server daemon and the DNS client.2. Use the svcadm command to enable the default client service and verify that it is enabled.Exercise Solutions Working on the Primary DNS Server Continue as follows: 9.notice] command channel listening named[1516]: [ID 873579 daemon. this step does not have to be done on those systems.. Sun Services.notice] command channel listening named[1516]: [ID 873579 daemon.notice] starting BIND 9..4 named[1516]: [ID 873579 daemon. # svcadm enable svc:/network/dns/client:default # svcs -a | grep dns online 15:02:34 svc:/network/dns/client:default .

. Configuring DNS Copyright 2005 Sun Microsystems.. ADDITIONAL SECTION: IN A 86400 IN A 192.168. 86400 IN SOA sys12.. Inc.2) WHEN: Wed Jan 12 13:27:39 2005 MSG SIZE rcvd: 72 .2 one. AUTHORITY SECTION: one.2. list the contents of the domain by querying the primary name server for its resource records. Got answer: .1 10-65 ..opcode: QUERY. flags: qr aa rd ra. .edu sys11. QUESTION SECTION: .sys12.4 <<>> @192.opcode: QUERY.168... QUERY: 1..one.edu..edu. .one. Test and debug your setup by using the dig utility. AUTHORITY SECTION: one. <<>> DiG 9. global options: printcmd . ANSWER: 1.one. Sun Services..one. ->>HEADER<<..1 86400 IN NS sys12. 13. id: 106 . . QUESTION SECTION: . .edu.1. ..168.sys11.. ANSWER: 0. root. id: 53 . For example. ADDITIONAL: 2 .1. IN A .. status: NOERROR.. ANSWER SECTION: sys11.1.edu.168. Test and debug as required.. AUTHORITY: 2.one.1. ADDITIONAL: 0 .2#53(192. ->>HEADER<<.Exercise Solutions Working on Any System Troubleshoot DNS-related errors as follows: 12. Use the techniques that are described in the lecture part of the module.edu.edu .edu. status: NOERROR..one. Query time: 3 msec SERVER: 192. Got answer: .2 one.edu. QUERY: 1.one. flags: qr aa rd ra.. # dig @192.one.edu sys11. AUTHORITY: 1.edu . .1. testing both your local domain and your remote domain servers as they become available. Revision A. All Rights Reserved.168.edu. 2005010101 3600 1800 6048000 86400 .

one..168.1. .168. .one. Revision A.2) WHEN: Wed Jan 12 13:27:39 2005 MSG SIZE rcvd: 119 The preceding output indicates that the 192.1.1... 10-66 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.168.2 Query time: 2 msec SERVER: 192.168.1 . Sun Services.edu. Inc. .1.. 86400 IN A 192. .2 DNS server determined that the sys11.168. All Rights Reserved.2#53(192.Exercise Solutions sys12.1.1.edu system has an IP address of 192.

a.edu. Use the techniques that are described in the lecture part of the module. $DATE 20050112203358 The dumped cache file is currently empty because the server has been started recently and no queries have been cached at this time.1 10-67 . sys13# mkdir /var/named Working on the Primary DNS Server Continue as follows: 16. Take a snapshot of the DNS information in memory. sys12# rndc dumpdb b. Revision A. Configuring DNS Copyright 2005 Sun Microsystems. Use the following command: Working on the Secondary DNS Server To configure a secondary DNS server: 15. Your final task is to configure a secondary DNS server. sys12# view /var/named/named_dump. Sun Services. added under the existing name server configuration: .one.Exercise Solutions Working on the Primary DNS Server Continue as follows: 14. The addition to the forward zone file should be similar to the following. Test your DNS server.db . All Rights Reserved. Write the updates that you use in each file. Cache dump of view '_default' .-----------------------------------------------------IN NS sys12. Inc. IN NS sys13.one. Update both the forward and reverse zone files on the primary server to support the secondary name server. . View the dumped DNS data to look for errors. Create the /var/named directory.{name} {ttl} Class NS Nameserver Name .edu.

added under the existing name server configuration: .conf domain one. 10-68 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1. Your /etc/named.edu nameserver 192. file "db.conf file for your domain on the system that will be your domain’s secondary DNS server.-----------------------------------------------------IN NS sys12.168.1 .one. Add the secondary name server to the /etc/resolv.conf file should be similar to the following: sys13# cat /etc/named. Revision A.2 nameserver 192. Set up the /etc/named.edu. Working on All Systems Continue as follows: 17.conf file should be similar to the following: # cat /etc/resolv.Exercise Solutions The addition to the reverse zone file should be similar to the following. }.conf file on the DNS clients and servers in your domain." { type hint.conf options { directory "/var/named". IN NS sys13. }. or you can use the template file that your instructor makes available to you.edu.root".1. Inc. All Rights Reserved. Sun Services.3 Working on the Secondary DNS Server Continue as follows: 18.168. You can create the file yourself.{name} {ttl} Class NS Nameserver Name . zone ". Write the updates that you put in the file: Your /etc/resolv.one.

.{name} {ttl} Class NS Nameserver Name . }. Inc.2. Your /var/named/db.edu. }.127.{name} {ttl} Class A IP Address .in-addr.2.2. file "db. masters { 192.127. Set up the /var/named/db.slave". }.1. db.192.in-addr.168.1.30.root .arpa" in { type slave. 19.-------------------------------------------------------------. file "db. Revision A.30 sys13# Configuring DNS Copyright 2005 Sun Microsystems.thirty.0.slave". zone "1. }. .168. Sun Services. 604800 IN A 192. }.0.one.edu.arpa" { type slave.168.slave". .1. file "db. 604800 IN NS instructor.1.Exercise Solutions zone "one. All Rights Reserved.1 10-69 .168.168.192.thirty.edu" { type slave. zone "0.0. You can create the file yourself. or you can use the template file that your instructor makes available to you.root .root file for your domain on the system that will be your domain’s secondary DNS server.--------------------------------------------------------instructor.edu. masters { 192.168. }.root file should be similar to the following: sys13# cat /var/named/db. masters { 192.

edu – Designates the name to query sys11# dig @192. This example demonstrates using the dig utility where: q q q @192. sys13# svcadm enable svc:/network/dns/server:default sys13# svcadm enable svc:/network/dns/client:default b.one.1.edu.192. ADDITIONAL: 0 .slave db.edu – Designates the domain of interest sys14.one. sys13# ls -al total 20 drwxr-xr-x 3 drwxr-xr-x 45 -rw------1 -rw------1 -rw------1 -rw-r--r-1 Check that the server daemon is running. All Rights Reserved. Use the svcadm command to enable both the name server daemon and the DNS client. sys13# pgrep in.168.. db. Inc. ANSWER: 0.1 . Got answer: ..named 853 21. . sys13# svcs -a | grep dns online 14:53:08 svc:/network/dns/server:default online 14:56:04 svc:/network/dns/client:default c.168.4 .3 one.3 – Designates which DNS server to use one.slave db.2. Verify that the secondary name server performs forward lookup requests as expected. IN A 10-70 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. QUERY: 1.4 . ->>HEADER<<.edu -x 192.168.. Verify that the new zone files have been created in the /var/named directory.1.4 <<>> @192. root root root root root root root sys root root root root 512 1024 353 430 460 405 Jan Jan Jan Jan Jan Jan 12 11 12 12 12 12 05:14 16:50 13:36 13:56 13:46 05:13 ..1. Revision A.one.edu -x 192..1. Sun Services.edu.3 one. id: 2032 .opcode: QUERY. flags: qr aa rd ra.Exercise Solutions 20.127. global options: printcmd . Use the svcs command to verify that the services are online. QUESTION SECTION: .1.168.0. Start the name server daemon on your DNS server: a.. <<>> DiG 9. status: NOERROR.0.168.slave db. AUTHORITY: 1.1.root 22. You could use one of a few tools to test DNS lookup requests.168.

sys13.1.168.1 10-71 ..one. .arpa. 86400 1.3) WHEN: Wed Jan 12 14:25:50 2005 MSG SIZE rcvd: 141 Configuring DNS Copyright 2005 Sun Microsystems. . 86400 .edu.168.in-addr. AUTHORITY SECTION: 1. All Rights Reserved. . AUTHORITY: 2.edu. sys12. 86400 IN SOA sys12. QUERY: 1.one. Sun Services. .. id: 322 .1.edu. ..one.one..edu. status: NOERROR. ADDITIONAL: 2 .Exercise Solutions .arpa.. ANSWER SECTION: 4.192.192.192.3) WHEN: Wed Jan 12 14:25:50 2005 MSG SIZE rcvd: 72 .168.one. ADDITIONAL SECTION: sys12. IN PTR .. 2005010101 3600 1800 6048000 86400 . .edu.in-addr.168. Got answer: .edu.192. Inc.. root.2 192. flags: qr aa rd ra. AUTHORITY SECTION: one..4.edu.arpa. QUESTION SECTION: .1. ->>HEADER<<.in-addr. .sys12. 86400 86400 IN IN A A 192.168. ANSWER: 1.1. PTR sys14..arpa.in-addr.1.168.168.....3#53(192..one.1.1.168. 86400 IN ..168.168.one..edu. Revision A.3#53(192.3 Query time: 1 msec SERVER: 192.opcode: QUERY. IN IN NS NS sys13. Query time: 3 msec SERVER: 192.1.

.

including the purpose of DHCP and client and server functions. Configuring and Managing Network Applications Configuring the Solaris™ IP Filter Firewall Configuring DNS Configuring DHCP Figure 11-1 Course Map Configuring NTP 11-1 Copyright 2005 Sun Microsystems. This module explains how to configure DHCP and how to troubleshoot a DCHP server. Upon completion of this module.Module 11 Configuring DHCP Objectives This module explains the fundamentals of DHCP. All Rights Reserved. you should be able to: q q q q q Describe the fundamentals of DHCP Configure a DHCP server Configure and manage DHCP clients Troubleshoot a DHCP server Troubleshoot a DHCP client The course map in Figure 11-1 shows how this module fits into the current instructional goal.1 . Sun Services. Revision A. Inc.

All Rights Reserved. q Purpose of DHCP DHCP reduces the cost of managing networks by eliminating the need to manually assign or change IP addresses repeatedly.1 . q Without DHCP. Revision A. These IP addresses can then be used by other clients. such as: q q q IP address Boot server IP address DNS domain. you assign an IP address to each computer manually. With DHCP. you assign a new IP address to that computer manually. in effect. replaces the need for using RARP and the /etc/bootparams file. which. Routers can be configured to act as a BOOTP relay agent. Support is available for DHCP clients in the Solaris 10 OS. DHCP also makes it easier to renumber the network if the ISP is changed. DHCP evolved from the bootstrap protocol (BOOTP). q 11-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. DNS server. If a computer moves to another location in a different part of the network. you configure the DHCP server to distribute IP addresses from a central point. DHCP also reclaims IP addresses that are no longer needed or if the time period for their use has expired. Support is available for clients that need to boot over a network. and default router q q q Lease periods are provided for IP address assignments.Introducing the Fundamentals of DHCP Introducing the Fundamentals of DHCP DHCP enables you to provide network-related information to client systems through a centrally located server system. Inc. You configure the DHCP server to send a new IP address automatically when a computer is moved to a different place on the network and requests a new IP address at boot time. Sun Services. IP addresses are assigned to each system when an organization sets up its computer network. The DHCP server would be reconfigured to provide the new IP addresses offered from this new ISP. DHCP provides the following enhanced functionality: q Messages include network configuration for clients.

Introducing the Fundamentals of DHCP DHCP Client Functions DHCP has two client functions. Inc. All Rights Reserved. the dhcpagent daemon acquires an IP address that is valid for the network attached to the client’s hardware interface.1 11-3 . Revision A. Sun Services. DHCP supplies: q q Sufficient information to properly configure the network interface Parameters needed by system-level and application-level software Figure 11-2 shows the DHCP client functions. The client’s dhcpagent daemon: q q q q q Constructs and sends packets Listens for responses from servers Caches the configuration information received Releases or renews leases Configures the interfaces with sufficient information to enable communications with the network through the interface Configuring DHCP Copyright 2005 Sun Microsystems. DHCP Configure Network Interfaces • IP Address • Netmask • Router Parameters (System and Application) • NIS Server • WWW Server • NTP Server Figure 11-2 DHCP Client Functions To perform the first function.

Client DHCP Server Time 1 DHCPDISCOVER DHCPOFFER All DHCP offers are evaluated and DHCPREQUEST is sent 3 2 DHCPACK 4 Figure 11-3 DHCP Client-Server Interaction 11-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Figure 11-3 shows the interaction between a DHCP client and server.Introducing the Fundamentals of DHCP DHCP Server Functions The DHCP server manages the IP address space of networks connected directly to that server and also manages remote networks connected by BOOTP relay agents.dhcpd daemon runs on the DHCP server. Sun Services. Inc.1 . The in. Revision A. All Rights Reserved.

Client BOOTP Relay DHCP Server Time DHCPDISCOVER DHCPDISCOVER 2 DHCPOFFER All DHCP requests are evaluated and DHCPREQUEST is sent 4 DHCPACK 5 Figure 11-4 DHCP Client-Server BOOTP The BOOTP relay picks up incoming requests from clients and forwards them to the DHCP server. This common data access can be achieved by using NIS+ tables or by using NFS to share the DHCP network tables. Configuring DHCP Copyright 2005 Sun Microsystems. Copies cannot be used. A primary DHCP server passes IP addresses to clients. Revision A. The DHCP server replies to the BOOTP relay. A primary DHCP server can give an IP address to a client that is requesting a new configuration from the range of IP addresses for which it is responsible. DHCP servers can be primary or secondary servers. The IP address is defined during the installation and configuration of the software on the server. All Rights Reserved. Sun Services.1 11-5 . as long as each server is responsible for a different IP address range. Every primary DHCP server also acts as a secondary server. Primary and secondary DHCP servers must have access to the exact same data source that contains the IP addresses being served to clients.Introducing the Fundamentals of DHCP Figure 11-4 shows the difference that a BOOTP relay makes for a client that is attempting to contact a server. Inc. A secondary DHCP server confirms existing configurations supplied previously by a primary DHCP server when the primary DHCP server cannot respond to requests for confirmation. which then forwards the response on to the client. Multiple primary-DHCP servers can exist on the same network.

and initialize the dhcptab file and DHCP network tables for any networks.Introducing the Fundamentals of DHCP The dhcpconfig command and the dhcpmgr utility are available for use to configure DHCP servers and BOOTP relay servers. Inc. Revision A. All Rights Reserved. configure the DHCP service database type and location. 11-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services.1 . These utilities enable you to set startup options.

qfe0 UPDATE_TIMEOUT=15 LOGGING_FACILITY=7 BOOTP_COMPAT=automatic # Configuring DHCP Copyright 2005 Sun Microsystems. type the command: # cat /etc/inet/dhcpsvc. All Rights Reserved. Revision A. To view the configuration information.Configuring a DHCP Server Configuring a DHCP Server Configuring a DHCP server on the network consists mainly of configuring and starting the DHCP server daemon. The DHCP server’s configuration information is stored in the /etc/inet/dhcpsvc.1 11-7 . Inc.conf DAEMON_ENABLED=TRUE RUN_MODE=server RESOURCE=SUNWfiles PATH=/var/dhcp CONVER=1 VERBOSE=TRUE ICMP_VERIFY=TRUE INTERFACES=hme0. This file is created when the configuration commands are run and should never be edited manually. Sun Services.conf file. This file was the /etc/default/dhcp file prior to the Solaris 9 OS.

The dhcpconfig command does not check the validity of user input as it is entered. Comparisons of how these two methods work is as follows: q The dhcpmgr utility enables you to view the information gathered from system files and to change the information if needed. Inc. The dhcpmgr utility checks the validity of user input as it is entered. The dhcpconfig command is faster.1 . Revision A. Use this process if you are an advanced user and want to use scripts. All Rights Reserved. Sun Services.Configuring a DHCP Server Configuring DHCP by Using Different Methods Use the graphical dhcpmgr (DHCP Manager) utility or the command-line dhcpconfig (DHCP configuration) command to configure a DHCP server. Select options and enter data to create the dhcptab and DHCP network tables that the DHCP server uses. but you must specify values for many options. You can change non-essential options after the initial configuration. The dhcpmgr utility speeds up the configuration process by omitting prompts for non-essential server options by using default values for them. q q 11-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. The dhcpconfig command enables you to specify the network information using command-line options.

Configuring a DHCP Server Performing Initial DHCP Server Configuration by Using the dhcpmgr Utility Use the dhcpmgr utility to configure. or the Sun Java Desktop System. To start the dhcpmgr utility. networks. The DHCP Manager runs in an X-window system. addresses. To configure the server. # /usr/sadm/admin/bin/dhcpmgr & Figure 11-5 Choose Server Configuration Window Configuring DHCP Copyright 2005 Sun Microsystems. Figure 11-5 enables you to configure the server as a DHCP server. and manage DHCP services. Revision A. such as macros. the windows in this section do not appear. and policies. edit. If the system is not configured as a DHCP server or a BOOTP relay. Sun Services. the Choose Server Configuration window appears. GNOME.1 11-9 . complete the following steps: 1. This example uses the default Configure as the DHCP server. Note – If the server is already configured. such as the Common Desktop Environment (CDE). All Rights Reserved. define. type the command: This example uses the sys12 system to demonstrate how to configure a basic DHCP server by using the dhcpmgr utility. Inc.

1 .Configuring a DHCP Server 2. Revision A. Sun Services. Figure 11-6 DHCP Configuration Wizard – Step 1 Window 3. All Rights Reserved. The DHCP Configuration Wizard – Step 1 window appears. and click >. Click OK. Inc. Figure 11-6 shows you where to select the data storage format. Select Text files. 11-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

All Rights Reserved. Figure 11-7 shows you where to enter a path for the data store. Accept the default path name. Configuring DHCP Copyright 2005 Sun Microsystems. Figure 11-7 DHCP Configuration Wizard – Step 2 Window 4. Sun Services. and click >. This example uses the default directory. Inc. Revision A.1 11-11 .Configuring a DHCP Server The DHCP Configuration Wizard – Step 2 window appears.

11-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Configuring a DHCP Server The DHCP Configuration Wizard – Step 3 window appears. Figure 11-8 enables you to specify the name service in which to store host records. and click >.1 . Inc. Revision A. Sun Services. All Rights Reserved. Select /etc/hosts. Figure 11-8 DHCP Configuration Wizard – Step 3 Window 5.

All Rights Reserved.Configuring a DHCP Server The DHCP Configuration Wizard – Step 4 window appears. Figure 11-9 shows you where to specify the length of the lease. Configuring DHCP Copyright 2005 Sun Microsystems. Accept the defaults of 1 and days. Sun Services. Figure 11-9 DHCP Configuration Wizard – Step 4 Window 6. and click >.1 11-13 . Revision A. Inc. This example uses the defaults 1 and days.

Revision A.Configuring a DHCP Server The DHCP Configuration Wizard – Step 5 window appears.1 . Do not accept a DNS domain or DNS server. All Rights Reserved. This example uses the default of no DNS. Inc. Figure 11-10 shows you where to specify the DNS domain and DNS servers. Sun Services. and click >. Figure 11-10 DHCP Configuration Wizard – Step 5 Window 7. 11-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

This example uses the 192.1. Sun Services. and click >.0 network. All Rights Reserved.1 11-15 .168. Revision A. Configuring DHCP Copyright 2005 Sun Microsystems. Inc. Figure 11-11 shows you where to specify the network address and a subnet mask. type a subnet mask.Configuring a DHCP Server The DHCP Configuration Wizard – Step 6 window appears. Figure 11-11 DHCP Configuration Wizard – Step 6 Window 8. Specify a network address by either selecting one or typing one.

Configuring a DHCP Server The DHCP Configuration Wizard – Step 7 window appears. Select either Local-Area (LAN) or Point-to-Point. 11-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Figure 11-12 DHCP Configuration Wizard – Step 7 Window 9.1 . Click >. Figure 11-12 shows you where to specify information about the network. 11. All Rights Reserved. Select either Use router discovery protocol or type the router information in the Use router field. Sun Services. 10. This example uses the defaults Local-Area (LAN) and Use router discovery protocol. Inc. Revision A.

Inc. This example uses the defaults of no NIS domain and no NIS server. Figure 11-13 DHCP Configuration Wizard – Step 8 Window 12. Revision A. If appropriate.1 11-17 . 13. If appropriate. Sun Services.Configuring a DHCP Server The DHCP Configuration Wizard – Step 8 window appears. and click Add for each NIS server that you are specifying. Figure 11-13 shows you where to specify the NIS domain and servers. Configuring DHCP Copyright 2005 Sun Microsystems. All Rights Reserved. Click >. type the NIS server IP address in the NIS Servers field. type the NIS domain configuration in the NIS Domain field. 14.

Configuring a DHCP Server The DHCP Configuration Wizard – Step 9 window appears. 17. Inc. Revision A. and click Add for each NIS+ server that you are specifying.1 . If appropriate. Figure 11-14 shows you where to specify the NIS+ domain and servers. All Rights Reserved. Sun Services. Figure 11-14 DHCP Configuration Wizard – Step 9 Window 15. 16. If appropriate. Click >. 11-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. type the NIS+ domain configuration in the NIS+ Domain field. This example uses the defaults of no NIS+ domain and no NIS+ server. type the NIS+ server IP address in the NIS+ Servers field.

This example uses the sample information indicated previously. click Finish. Review the information and. Sun Services. All Rights Reserved. Figure 11-15 shows you a summary of the information you entered previously. Configuring DHCP Copyright 2005 Sun Microsystems.1 11-19 . Figure 11-15 DHCP Configuration Wizard – Step 10 Window 18.Configuring a DHCP Server The DHCP Configuration Wizard – Step 10 window appears. Revision A. Inc. if the information is correct.

11-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Figure 11-16 shows you where to indicate that you want to configure addresses for the server.Configuring a DHCP Server The DHCP Configuration Manager Window closes. Figure 11-16 Start Address Wizard Window 19.1 . Revision A. All Rights Reserved. and the Start Address Wizard window appears. Sun Services. Click Yes to proceed with address configuration. the main DHCP Manager Window appears. The DHCP network file will now be populated. Inc.

Inc. Modify the number of IP addresses to use.1 11-21 . Revision A.Configuring a DHCP Server Adding Addresses by Using the dhcpmgr Utility Use the procedures described in this section to add addresses by using the dhcpmgr utility. Configuring DHCP Copyright 2005 Sun Microsystems. This figure shows you where to specify the number of IP addresses to configure. All Rights Reserved. Note – The following steps are a continuation of initial server configuration. 2. The DHCP Address Configuration Wizard – Step 1 window appears as shown in Figure 11-17. Sun Services. This example uses five addresses and a comment of net1. Figure 11-17 DHCP Address Configuration Wizard – Step 1 Window 1. Add a comment if necessary. Click >. 3.

This example uses sys12-dhcp for the root name. Inc. 11-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 . Sun Services. Figure 11-18 shows you where to specify the DHCP server and starting IP address. In this example. Revision A. 5. and the starting IP address is changed to 192.Configuring a DHCP Server The DHCP Address Configuration Wizard – Step 2 window appears. If appropriate. 6. Verify that Managed by Server and Starting IP Address display the correct information. the Managed by Server field is set to the default.168. select Generate Client Names. Figure 11-18 DHCP Address Configuration Wizard – Step 2 Window 4. All Rights Reserved. Click >.1.10.

Figure 11-19 shows you the IP addresses that you specified in the previous step.Configuring a DHCP Server The DHCP Address Configuration Wizard – Step 3 window appears. Inc. Sun Services. Figure 11-19 DHCP Address Configuration Wizard – Step 3 Window 7. Configuring DHCP Copyright 2005 Sun Microsystems. Verify that the address information is correct. and click >. All Rights Reserved. Revision A.1 11-23 .

Figure 11-20 DHCP Address Configuration Wizard – Step 4 Window 8. Revision A. Select Configuration Macro from the drop-down list box and verify that Addresses are unusable is unchecked. click View. All Rights Reserved. Inc. To exit the contents window. Click >. 9. Figure 11-20 shows you the name of the macro to be associated with the DHCP interface.Configuring a DHCP Server The DHCP Address Configuration Wizard – Step 4 window appears. 11-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. If you want to view the contents of the selected macro. 10.1 . Sun Services. click OK.

and click >. routers.Configuring a DHCP Server The DHCP Address Configuration Wizard – Step 5 window appears. mail servers. Sun Services. Revision A. Figure 11-21 DHCP Address Configuration Wizard – Step 5 Window Note – Normally. Inc. Select either Dynamic or Permanent. This example uses the default of Dynamic.1 11-25 . Figure 11-21 shows you where to specify the type of lease. Configuring DHCP Copyright 2005 Sun Microsystems. and systems that provide services use permanent lease types. 11. All Rights Reserved.

1 . 11-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Review the information.Configuring a DHCP Server The DHCP Address Configuration Wizard – Step 6 window appears. Figure 11-22 shows the information that you entered in previous steps. Inc. Sun Services. Figure 11-22 DHCP Address Configuration Wizard – Step 6 Window 12. Revision A. and click Finish. All Rights Reserved.

1.10 sys13-dhcp-10 #net1 192.1.168. Figure 11-23 shows the information that you have provided.1.15 sys13-dhcp-15 #net1 192.11 sys13-dhcp-11 #net1 192.1. Revision A.168.19 sys13-dhcp-19 #net1 # Configuring DHCP Copyright 2005 Sun Microsystems.1.13 sys13-dhcp-13 #net1 192.168.16 sys13-dhcp-16 #net1 192. use the grep command: # grep dhcp /etc/inet/hosts 192. Inc.1.168. To view the information that the dhcpmgr utility added to the /etc/inet/hosts file. 14.Configuring a DHCP Server The DHCP Manager Window appears.1.1. Figure 11-23 DHCP Manager Window 13.14 sys13-dhcp-14 #net1 192.168.1 11-27 .168. Sun Services.18 sys13-dhcp-18 #net1 192.168. Choose Exit from the File menu to close the DHCP Manager window.168.168.17 sys13-dhcp-17 #net1 192.168. All Rights Reserved.12 sys13-dhcp-12 #net1 192.1.1.

for example. All Rights Reserved.Configuring a DHCP Server Using the dhcpconfig Command Use the dhcpconfig command when you configure a DHCP server with scripts. Configuring a DHCP Server To configure a DHCP server for the first time. which is one of the following: SUNWfiles. For SUNWnisplus. This command has options that enable you to: q q q Configure and unconfigure a DHCP server Convert to a new data store Import data to and export data from other DHCP servers Note – The dhcpconfig command is no longer menu-driven as it was in previous versions of the Solaris OS.1 . /var/dhcp. Revision A. SUNWbinfiles. For SUNWfiles and SUNWbinfiles. -p location The dhcpconfig command uses the appropriate system and network configuration files. this is an NIS+ table name. This option is the data-store-dependent location where the DHCP data is maintained. on the DHCP server to determine values that are not provided on the command line. Inc. this is an absolute path name. type the command by using the following format: /usr/sbin/dhcpconfig -D -r datastore -p location where: -D -r datastore This option specifies to configure the DHCP service. /etc/inet/netmasks or others. This option is a data resource. Sun Services. such as /etc/inet/hosts. or SUNWnisplus. 11-28 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

After the datastore location and type are established.1.1 Added network macro to dhcptab . The examples use the ASCII datastore format because the resulting files are viewed more easily. Inc.Configuring a DHCP Server To configure (-D) a system for DHCP services using ASCII files for datastore (-r) and locate (-p) the datastore files in the /var/dhcp directory. enter the following: # /usr/sbin/dhcpconfig -D -r SUNWfiles -p /var/dhcp Created DHCP configuration file.168.168. Added "Locale" macro to dhcptab. # Configuring DHCP Copyright 2005 Sun Microsystems. Created dhcptab. type the command: # /usr/sbin/dhcpconfig -N 192.168.0 network (-N) and the 192. DHCP server started. Revision A.1. Sun Services.1. To configure the system to provide DHCP services for the 192. Created network table. All Rights Reserved. Added server macro to dhcptab .1 11-29 .192.0.1. # Note – Using the ASCII datastore format (SUNWfiles) is much slower than storing the files in the binary datastore format (SUNWbinfiles).168. you must configure the appropriate files to function as a DHCP server.1.sys12.0 -t 192.168.1 router (-t).

168. Figure 11-24 shows the interaction between the client ID and the client and the server addresses. 11-30 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. SUNWfiles.30 Figure 11-24 The DHCP Network File One DHCP network file exists for each network that is served by the DHCP server. DHCP Network 92. The name always includes an IP address and an identifier about the file type (SUNWbinfiles.Configuring a DHCP Server Introducing DHCP Network Files DHCP network files contain the ranges of IP addresses that the DHCP server assigns and controls for networks. Revision A.1.0 Client ID IP Address and Configuration Parameters 00 Client Address: 192. Sun Services.168.1 . or SUNWnisplus). The name of each file is determined from the datastore format and the network address of the network that it supports. such as SUNWfiles1_192_168_1_0.30.168.30. These files map the client identifiers of DHCP clients to IP addresses and the associated configuration parameters of each IP address assigned to these clients. All Rights Reserved. There is no table or file with the name SUNWfiles. Inc.1 Server Address: 192.

or NIS+ tables.1 11-31 . Sun Services. type the command: # cat SUNWfiles1_192_168_1_0 # SUNWfiles1_192_168_1_0 # # Do NOT edit this file by hand -. depending on the datastore used. Using the pntadm Command Use the pntadm command to manage DHCP network tables to: q q q Add and remove networks under DHCP management Add.168. All Rights Reserved.168.use pntadm(1M) or dhcpmgr(1M) instead # The DHCP network tables can exist as ASCII text files.0 network. binary files.30.Configuring a DHCP Server To view the initial contents of the DHCP network file.0 Configuring DHCP Copyright 2005 Sun Microsystems.30.0 DHCP Network To create a table for the 192. and modify IP address records within network tables View tables You can use any one of the following option flags with the pntadm command: -C -A -M -P -D -r -p Creates a DHCP network table Adds an entry to a DHCP network table Modifies an entry made to a DHCP network table Views changes made to a DHCP network table Deletes an entry from a DHCP network table Uses the supplied datastore resource. delete. not the default path Creating a Table for the 192. Binary files are faster and more efficient and are recommended for networks with a DHCP client base of many thousands of systems.30.168. Inc. type the command: # pntadm -C 192. not the default database Uses the supplied path. Revision A.

Sun Services.30.168.0 Table To add an entry to the SUNWfiles1_192.168. type the command: # ls /var/dhcp | grep 30 SUNWfiles1_192_168_30_0 # To view the initial contents of the new table.Configuring a DHCP Server Note – You can use an alias name for this network in place of the network number if the alias is defined in the /etc/inet/networks file.30. Inc. type the command: # cat /var/dhcp/SUNWfiles1_192_168_30_0 # SUNWfiles1_192_168_30_0 # # Do NOT edit this file by hand -. use the cat command: # cat /var/dhcp/SUNWfiles1_192_168_30_0 # SUNWfiles1_192_168_30_0 # # Do NOT edit this file by hand -.1 . type the command: # pntadm -r SUNWfiles -p /var/dhcp -A 192.30.168.168.1|00|00|192. Revision A.1 192.use pntadm(1M) or dhcpmgr(1M) instead # Adding an Entry to the SUNWfiles1_192. All Rights Reserved.168.1.2|0|8214847195300495361|UNKNOWN| # 11-32 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.use pntadm(1M) or dhcpmgr(1M) instead 192.30.0 To view the table and observe the changes made by the pntadm command.0 table located in the /var/dhcp directory. To verify that the network table was created.168.30.

0 table to change the macro name (-m) to mymacro.1.30.168.168.30. Sun Services. type the following: # pntadm -P 192. and to set the flags field to MANUAL and PERMANENT.0 # To view the changes. where MANUAL is represented by 2 and PERMANENT is represented by 1.30.1|00|03|192.2 192.30.168.1 Server IP 192.30.0 To verify the changes.168.168. type the command: # pntadm -M 192.168. Inc.30.30. type the command: # pntadm -M 192.1 11-33 .168. All Rights Reserved.168.30.30.2 192. type the command: # pntadm -D 192. type the command: # pntadm -P 192.30.2|0|8214847195300495362|mymacro| # To change the 192.168.168.168.0 Configuring DHCP Copyright 2005 Sun Microsystems.1 -n 192.1 entry of the SUNWfiles1_192.2 (-n). To view the changes by using the table.168. which represents the sum of 2 and 1.1.30.168.168.30.30.0 Client ID Flags 00 03 Client IP 192.168. Refer to the DHCP network man page for more information.168.1.168.2 Lease Expiration Zero Macro mymacro Comment # To delete the 192.30.30.168.30.30.1 entry to 192. type the command: # cat /var/dhcp/SUNWfiles1_192_168_30_0 # SUNWfiles1_192_168_30_0 # # Do NOT edit this file by hand -.168.30.Configuring a DHCP Server Modifying an Entry to the SUNWfiles1_192.0 Table To modify the 192. Revision A.168.1 -m mymacro -f ’PERMANENT+MANUAL’ 192.2 Lease Expiration Zero Macro mymacro Comment # Note – Observe that the Flags value is 03.168.2 Server IP 192.2 entry from the 192.168.0 table.use pntadm(1M) or dhcpmgr(1M) instead # 192.0 Client ID 00 Flags 03 Client IP 192.30.

30.0 # To list the remaining DHCP tables. 11-34 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1.168.0 # Introducing the dhcptab Table Use the dhcptab configuration table to organize groups of configuration parameters as macro definitions.0 192.30.168.0 # To remove the 192.168. type the command: # pntadm -P 192.168. type the command: # pntadm -R 192.30.0 table.1. Inc. Sun Services.168. type the command: # pntadm -L 192. View the contents of the dhcptab table by using the Macros and Options tabs in the DHCP Manager.30.Configuring a DHCP Server To verify the changes. All Rights Reserved. or by using the dhtadm -P command on the command line. The DHCP server uses these macros to return groups of configuration parameters to DHCP and BOOTP clients.0 Client ID Flags Client IP Server IP Lease Expiration Macro Comment # Removing DHCP Network Tables To list the existing DHCP tables.1 . Revision A.168. type the command: # pntadm -L 192. The preferred methods of managing the dhcptab table are through the use of the dhcpmgr utility or dhtadm command. You can reference one macro in the definition of other macros.

20. Macros are collections of symbols that are associated with an IP address and are used to define the set of information that is given to a DHCP client system To create the DHCP service configuration table.168.20. type the command: # dhtadm -C To add a symbol called NewSym to the dhcptab table.1:DNSserv=192.1.168.168.LAN.168. type the command: # dhtadm -A -m NewMacro ’:Timeserv=192.1:’ # To view the changes. type the command: # dhtadm -A -s NewSym -d ’Vendor=SUNW. All Rights Reserved.IP.1.1.1.1.168.255.Configuring a DHCP Server Using the dhtadm Command Use the dhtadm command to manage the DHCP service configuration table. type the command: # dhtadm -P Name Type Value ================================================== NewMacro Macro :Timeserv=192.PCW.1:Broadcst=192.168.1.1: 192.1:DNSserv=192.1.1 11-35 .255: sys12 Macro :Include=Locale:Timeserv=192.PCW.IP. Revision A. dhcptab.168. You can specify one of the following option flags: -C -A -M -D Creates the DHCP table Adds a symbol or macro definition to the DHCP table Modifies an existing symbol or macro definition Deletes a symbol or macro definition Symbols are individual parameters to which values can be assigned.LAN. Sun Services.255.0’ -r SUNWfiles -p /var/dhcp To add a macro called NewMacro to the dhcptab table.1.1:LeaseTim=86400:LeaseNeg: Locale Macro :UTCoffst=-25200: NewSym Symbol Vendor=SUNW.1. dhcptab.168. Inc.0:Router=192.0 Macro :Subnet=255.1.0 # Configuring DHCP Copyright 2005 Sun Microsystems.

type the command: # dhtadm -P Name Type Value ================================================== NewMacro Macro :DNSserv=192.LAN. type the command: # dhtadm -P Name Type Value ================================================== NewMacro Macro :DNSserv=192.1.168.0 Macro :Subnet=255.255: sys12 Macro :Include=Locale:Timeserv=192. Sun Services.PCW.168.1.LAN. type the command: # dhtadm -M -m NewMacro -e ’LeaseTim=3600’ # To view the changes.255. type the command: # dhtadm -D -s NewSym # To verify the changes.1.0 Macro :Subnet=255.255.1.168.0 # To delete the NewSym symbol from the dhcptab table.168.0 Macro :Subnet=255.0 # To define a value for the LeaseTim symbol.0:Router=192.1:Broadcst=192.168.1. Inc.1.1.255: sys12 Macro :Include=Locale:Timeserv=192.PCW.255.255.1.1. In this example. type the command: # dhtadm -P Name Type Value ================================================== NewMacro Macro :DNSserv=192.168. Revision A.1.1:LeaseTim=3600: 192.IP.Configuring a DHCP Server You can modify an existing symbol or macro definition.1.0:Router=192. to remove the Timeserv symbol from the NewMacro macro.1 .168.168.1:Broadcst=192.255: sys12 Macro :Include=Locale:Timeserv=192.1:Broadcst=192.1.1:LeaseTim=86400:LeaseNeg: Locale Macro :UTCoffst=-25200: NewSym Symbol Vendor=SUNW.1.168.1:LeaseTim=3600: 192.168.168. type the command: # dhtadm -M -m NewMacro -e ’Timeserv=’ To view the changes.1:LeaseTim=86400:LeaseNeg: Locale Macro :UTCoffst=-25200: NewSym Symbol Vendor=SUNW.168.20.1: 192.1.0:Router=192.20.168.255.255. All Rights Reserved.1:LeaseTim=86400:LeaseNeg: Locale Macro :UTCoffst=-25200: # 11-36 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.168.168.IP.1.1.1.

1:LeaseTim=86400:LeaseNeg: Locale Macro :UTCoffst=-25200: # Table 11-1 shows the items that are created during DHCP configuration. The UTCoffst option.168. LeaseTim and LeaseNeg.255: sys12 Macro :Include=Locale:Timeserv=192. Inc.0 Macro :Subnet=255. Contents Data store type and location. /etc/inet/dhcpsvc.168. type the command: # dhtadm -D -m NewMacro To verify the changes. if you select negotiable leases. The options apply to all clients that use addresses owned by the server.1 11-37 . which is set to point to the server’s primary IP address. The dhcptab table The Locale macro (optional) Creates a dhcptab table if it does not already exist. The server macro.1:Broadcst=192.1. Contains the local time zone’s offset in seconds from Coordinated Universal Time.255. type the command: # dhtadm -P Name Type Value ================================================== 192.Configuring a DHCP Server To delete the NewMacro macro from the dhcptab table.168.conf Description Records keywords and values for server configuration options.168. named to match the server’s node name The Locale macro.1.255.dhcpd daemon to start the DHCP daemon when the system boots. Table 11-1 Items Created During DHCP Server Configuration Item The service configuration file. if DNS is configured. Contains options with values determined by input from the administrator who configured the DHCP server. Configuring DHCP Copyright 2005 Sun Microsystems. Revision A. Options used with the in. Macros and options with assigned values. and DNSdmain and DNSserv.1.0:Router=192. Sun Services. All Rights Reserved.1. The options: Palatinoerv.

Creates an empty table until you create the IP addresses for the network.Configuring a DHCP Server Table 11-1 Items Created During DHCP Server Configuration (Continued) Item The network address macro. None. The options apply to all clients that are located on the network specified by the macro name. maximum transfer unit (MTU). The DHCP network table for the network 11-38 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. if NIS is configured. Revision A. until you add the IP addresses. Inc. All Rights Reserved. if NIS+ is configured. NISdmain and NISservs. which is named the same as the network address of the client’s network Description Contains options with values determined by input from the administrator who configured the DHCP server. Contents The options: Subnet Router or RDiscvyF Broadcst. if the network is a LAN. Sun Services. and NIS+dom and NIS+serv.1 .

Configuring DHCP Copyright 2005 Sun Microsystems. 4. 2. Configure the /etc/default/dhcpagent file on the DHCP client so that it releases its IP address if it is rebooted or shut down. complete the following steps to configure the DHCP client to request dynamic host names: 1. This is a requirement for a successful DHCP configuration of the client. You do not need to do anything else on the Solaris 10 OS client to use DHCP. This causes the DHCP client to relinquish its address when it reboots or is shut down properly. Sun Services. which is hme0 in this example. Configuring a DHCP Client to Request a Dynamic Host Name If a client system is already running the Solaris 10 OS and is not using DHCP. read-only memory (CD-ROM).hme0 Note – Verify that the /etc/hostname. # touch /etc/dhcp.Configuring and Managing DHCP Clients Configuring and Managing DHCP Clients Configuring DHCP clients is an easy process. otherwise. you are prompted to use DHCP to configure network interfaces. Configuring a DHCP Client When you install the Solaris 10 OS from the installation compact disc.1 11-39 . Log in as the root user on the DHCP client system. Edit the /etc/default/dhcpagent file. If your client is not a Solaris 10 OS client. Enable DHCP on the client by creating the appropriate file for the external interface. All Rights Reserved. the interface will not be plumbed. Inc. Most management is performed on the DHCP server side. consult the client’s documentation for configuration instructions.interface file exists for the interface being configured using DHCP. Revision A. and remove the # in front of the RELEASE_ON_SIGTERM=yes parameter. If you select yes in the installation script. the DHCP client software is enabled on your system during Solaris 10 OS installation. 3.

Inc.Configuring and Managing DHCP Clients 5. All rights reserved. 11-40 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Log in as the root user on the DHCP client system.1 . for example: Copyright 1983-2004 Sun Microsystems. Reboot the client. 3. and watch the system console as the system boots. Find the keyword REQUEST_HOSTNAME in the /etc/default/dhcpagent file. To have the client perform a full DHCP negotiation upon rebooting. complete the following steps to configure the DHCP client to use its own host name: 1. Use is subject to license terms. Revision A. the file contents in this example are: # cat /etc/hostname. Sun Services. Inc. type the commands: REQUEST_HOSTNAME=yes 4.dhc # init 6 Note – The state file is written only when the dhcpagent process is terminated and the dhcpagent program is not configured to release its IP address on termination. inet hostname # pkill dhcpagent # rm /etc/dhcp/interface.qfe0 inet dhcp-hostname-test # 5. If a client system is already running the Solaris 10 OS and is not using DHCP. For example. All Rights Reserved. 2. Edit the /etc/default/dhcpagent file. 6.interface file on the client system. and verify that the entry is not formatted as a comment and is set to yes: Edit the /etc/hostname. Hostname: sys13-dhcp-14 Configuring a DHCP Client to Use its Own Host Name DHCP clients running the Solaris 10 OS can be configured to use their own hostname instead of a hostname supplied by the DHCP server. and enter the following: where hostname is the name you want the client to use. Observe the hostname.

Depending on how the DHCP server is configured. If your client is not a Solaris 10 OS client. it can also update naming services with the client’s host name. Inc. Sun Services. All Rights Reserved. Configuring DHCP Copyright 2005 Sun Microsystems.1 11-41 . Revision A. consult the client’s documentation for configuration instructions.Configuring and Managing DHCP Clients The DHCP server makes sure that the host name is not in use by another system on the network before the server assigns it to the client.

This might occur if the IP address record is deleted from the DHCP network table after the address is selected. 11-42 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A.n. No corresponding dhcp network record The IP address considered for a DHCP client does not have a record in a network table. but the DHCP server cannot find the DHCP network table for that address. Sun Services.Troubleshooting a DHCP Server Troubleshooting a DHCP Server IP address allocation errors are reported using the syslog facility or as server debug output.n. disabling The IP address considered for a DHCP client is already in use. The following are possible IP address allocation errors and solutions: q There is no n.n. This type of problem can occur when a client attempts to obtain or verify an IP address. and correct either the DHCP server database or the host’s network configuration. Use the dhcpmgr utility or the pntadm command to view the DHCP network table.1 .n.n dhcp-network table for DHCP client’s network This error message means that a client requests a specific IP address or seeks to extend a lease on its current IP address. The DHCP network table might have been deleted by mistake. All Rights Reserved. q ICMP ECHO reply to OFFER candidate n.n. Recreate the DHCP network table by adding the network again using the dhcpmgr utility or the pntadm command.n. Determine the correct ownership of the address.n. create it with the DHCP Manager (select Create from the Edit menu on the Address tab) or use the pntadm command. This might occur if more than one DHCP server owns the address or if an address is manually configured for a non-DHCP network client. If the IP address is missing.n. but before the duplicate address check is complete. q ICMP ECHO reply to the OFFER candidate is n. Inc.

n was manually allocated. Use the DHCP Manager or the pntadm command to create new IP addresses for this network. client ID has n other records). and that address is marked “unusable. ignoring request The record for the requested IP address is not in the DHCP network table. Use the DHCP Manager or the pntadm command to make the address usable.n.n. q Manual allocation (n. create it with the dhcpmgr utility (select Create from the Edit menu on the Address tab) or use the pntadm command. Should have 0.n.n. No dynamic address will be allocated. Inc. Configuring DHCP Copyright 2005 Sun Microsystems. Revision A. The client’s ID is assigned a manually allocated address. therefore.n.” The server cannot allocate a different address to this client. Use the DHCP Manager or the pntadm command to make the address usable. q n. The server selects the last manually assigned address it finds in the network table. or manually allocate a different address to the client. q n. q No more IP addresses on n. the server drops the request.n.n.n. All IP addresses that are currently managed by DHCP on the specified network are allocated.n. Use the dhcpmgr utility or the pntadm command to view the DHCP network table and.n is unavailable.n currently marked as unusable The requested IP address cannot be offered because it is marked unusable in the network table.Troubleshooting a DHCP Server q DHCP network record for n. Sun Services. The client that has the specified client ID is manually assigned more than one IP address.n. if the IP address is missing. Use the DHCP Manager or the pntadm command to modify IP addresses to remove the additional manual allocations.n. All Rights Reserved.1 11-43 .n network. There should be only one address.

In the DHCP Manager.n.n.n. Client: clientID is trying to renew n. The client’s ID should be bound to the specified IP address. This problem might occur if the client is not compliant with the updated DHCP. Offer expired for client: n. Update the client software. All Rights Reserved. This problem occurs if you delete a client’s record while the client is still using the IP address.n.Troubleshooting a DHCP Server q Client: clientID lease for n. edit the address properties to add the client ID. and the offer expired. The lease was not negotiable.1 . select Modify from the Service menu. If it is not.n. Use the DHCP Manager or the pntadm command to examine the network table. and it has timed out. Inc. restart the DHCP agent on the client by typing the commands: q # ifconfig interface dhcp release # ifconfig interface dhcp start 11-44 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. but the client took too long to respond. The DHCP server does not renew the lease. q q Client: clientID REQUEST is missing requested IP option. so the DHCP server ignores the request. If this request times out. Sun Services. The client restarts the protocol to obtain a new lease.n. To enable the client to receive a new lease immediately.n. RFC 2131. increase the cache-offer timeout for the DHCP server. The IP address recorded in the DHCP network table for this client does not match the IP address that the client specified in its renewal request. and correct if necessary.n expired.n The server made an IP address offer to the client. Revision A. The client’s request did not specify the offered IP address. The client issues another discover message. an IP address it has not leased.

Troubleshooting DHCP Clients

Troubleshooting DHCP Clients
The problems you might encounter with a DHCP client fall into the following categories:
q q

Problems communicating with the DHCP server Problems with inaccurate DHCP configuration information

After you enable the client software and reboot the system, the client tries to reach the DHCP server to obtain its network configuration. If the client fails to reach the server or if the client does not receive correct information, you can see error messages, such as: DHCP or BOOTP server not responding Need router-ip to communicate with TFTP server TFTP server’s IP address not known! Before you determine the problem, you must gather diagnostic information from both the client and the server, and analyze this information. To gather information, you can:
q q q

Run the client in debug mode. Run the server in debug mode. Start the snoop utility to monitor network traffic.

You can perform these tasks separately or concurrently. The information you gather can help you determine if the problem is with the client, server, or a relay agent.

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-45

Exercise: Configuring a DHCP Server and Client

Exercise: Configuring a DHCP Server and Client
In this exercise, you configure a basic DHCP server and client configuration.

Preparation
Before performing this exercise, do the following:
q

Refer to your network diagram to determine the function of each system on your subnet. Refer to the lecture notes as necessary to perform the tasks listed.

q

Note – Use the default configuration parameters in these exercises unless otherwise specified. The exercise examples show the DHCP server as 192.168.X.3 and the DHCP client as 192.168.X.4. The complete system and server-client functions for these exercises are shown in Table 11-2. Table 11-2 Exercise Host Functions Host Instructor sysX1 sysX2 sysX3 sysX4 Function Root DNS name server Router Primary DNS name server, DNS client Secondary DNS name server, DNS client, DHCP server DNS client, DHCP client

11-46

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise: Configuring a DHCP Server and Client

Task Summary
In this exercise, you accomplish the following tasks:
q q q

Configure a DHCP server. Configure a DHCP client. Use the snoop utility to view DHCP client server interaction.

Task 1 – Configuring the DHCP Server
Complete the steps in this section.

Working on the sysX3 System
In this part of the exercise, use the DHCP Manager graphical user interface (GUI) utility (dhcpmgr utility) to configure a DHCP server on your subnet. Permit the network wizard to start and configure at least five hosts with the address range starting at 192.168.xxx.xxx, where xxx.xxx is provided by the instructor depending on the classroom setup. Note – Use the default configuration parameters in this task unless otherwise specified. This example uses the sys13 system to demonstrate configuring a basic DHCP server with the dhcpmgr GUI utility. To configure the DHCP server, complete the following steps: 1. 2. 3. 4. Start the dhcpmgr utility. Initially configure the DHCP server. Add at least five addresses. To view the information that the dhcpmgr utility added to the /etc/inet/hosts file, use the grep command.

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-47

Exercise: Configuring a DHCP Server and Client

Task 2 – Configuring the DHCP Client
Complete the steps in this section.

Working on the sysX4 System
This example uses the sys14 system as the DHCP client. To configure the DHCP client, complete the following steps: 1. 2. 3. 4. Log in as the root user on the DHCP client. Enable DHCP on the client. Configure the /etc/default/dhcpagent file on the DHCP client so that it releases its IP address if it is rebooted or is shut down. Reboot the client, and watch the system console as the system boots.

Task 3 – Using the snoop Utility to View DHCP Client-Server Interaction
An important part of troubleshooting DHCP issues is using the snoop utility to observe the network interaction between the server and the client. To view DHCP client-server interaction, complete the following steps: 1. Start the snoop utility on any system on the subnet other than the DHCP client. Be sure to use the snoop utility on an interface that is on the same subnet as the DHCP client, which is hme0 in this example. Have the snoop utility write to the /tmp/dhcp-snoop.snp file. Reboot the DHCP client system. After the DHCP client is booted, stop the snoop utility by pressing the Control+C key sequence. View the summary of the captured information.

2. 3. 4.

11-48

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise: Configuring a DHCP Server and Client 5. Use the snoop utility to convert the trace data to ASCII text, and output that text to the /tmp/dhcp-snoop.txt file for viewing with any text editor that provides easy navigation and searching of the data. Use the view utility to view the trace data in the /tmp/dhcp-snoop.txt file. Look for messages, such as DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK, in the trace. Observe the ETHER destination addresses, the source and destination IP addresses, and the DHCP messages. Prevent the client system from continuing to act as a DHCP by removing the /etc/dhcp.* files and rebooting the system.

6.

7.

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-49

Exercise Summary

Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues, or discoveries you had during the lab exercise.
q q q q

!
?

Experiences Interpretations Conclusions Applications

11-50

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Solutions

Exercise Solutions
Solutions to the exercise are provided in this section.

Task 1 – Configuring the DHCP Server
Complete the steps in this section.

Working on the sysX3 System
In this part of the exercise, use the DHCP Manager GUI utility (dhcpmgr utility) to configure a DHCP server on your subnet. Permit the network wizard to start and configure at least five hosts with the address range starting at 192.168.xxx.xxx, where xxx.xxx is provided by the instructor depending on the classroom setup. Note – Use the default configuration parameters in this task unless otherwise specified. This example uses the sys13 system to demonstrate configuring a basic DHCP server with the dhcpmgr GUI utility. To configure the DHCP server, complete the following steps: 1. 2. Start the dhcpmgr utility. Initially configure the DHCP server. # /usr/sadm/admin/bin/dhcpmgr &

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-51

Exercise Solutions If the system is not configured as a DHCP server or BOOTP relay, Figure 11-25 appears.

Figure 11-25 Choose Server Configuration Window Perform the following: a. Click OK. The DHCP Configuration Wizard – Step 1 window in Figure 11-26 appears.

Figure 11-26 DHCP Configuration Wizard – Step 1 Window

11-52

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Solutions b. Select Text files, and click >. The DHCP Configuration Wizard – Step 2 window in Figure 11-27 appears. This example uses the default directory.

Figure 11-27 DHCP Configuration Wizard – Step 2 Window c. Accept the default path name, and click >.

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-53

Exercise Solutions The DHCP Configuration Wizard – Step 3 window in Figure 11-28 appears.

Figure 11-28 DHCP Configuration Wizard – Step 3 Window d. Select /etc/hosts, and click >.

11-54

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Solutions The DHCP Configuration Wizard – Step 4 window in Figure 11-29 appears. This example uses the defaults 1 and days.

Figure 11-29 DHCP Configuration Wizard – Step 4 Window e. Accept the defaults of 1, days, and Clients can renew their leases, then click >.

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-55

Exercise Solutions The DHCP Configuration Wizard – Step 5 window in Figure 11-30 appears. This example uses the default DNS information.

Figure 11-30 DHCP Configuration Wizard – Step 5 Window f. Accept the default DNS domain and DNS servers, and click >.

11-56

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Configuring DHCP Copyright 2005 Sun Microsystems. Figure 11-31 DHCP Configuration Wizard – Step 6 Window g. All Rights Reserved. Specify a network address by either selecting one or typing one.0 network.168. This example uses the 192. Inc.1 11-57 .Exercise Solutions The DHCP Configuration Wizard – Step 6 window in Figure 11-31 appears. type a subnet mask. and click >.1. Sun Services. Revision A.

Figure 11-32 DHCP Configuration Wizard – Step 7 Window h. Select Use router discovery protocol. i. j. Select Local-Area (LAN). Sun Services. Inc. Click >. Revision A. This example uses the defaults of Local-Area (LAN) and Use router discovery protocol.1 . 11-58 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.Exercise Solutions The DHCP Configuration Wizard – Step 7 window in Figure 11-32 appears. All Rights Reserved.

This example uses the defaults of no NIS Domain and no NIS Servers. Accept the defaults.1 11-59 . Figure 11-33 DHCP Configuration Wizard – Step 8 Window k. Sun Services. Click >. as shown. Configuring DHCP Copyright 2005 Sun Microsystems. l. Inc. Revision A.Exercise Solutions The DHCP Configuration Wizard – Step 8 window in Figure 11-33 appears. no entries. All Rights Reserved.

Revision A. This example uses the defaults of no NIS+ domain and no NIS+ servers. Figure 11-34 DHCP Configuration Wizard – Step 9 Window m. Accept the default of no entries. as shown. Inc.Exercise Solutions The DHCP Configuration Wizard – Step 9 window in Figure 11-34 appears. Click >. 11-60 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services. All Rights Reserved. n.1 .

Review the information and. This example uses the sample information indicated previously. click Finish. Revision A. Figure 11-35 DHCP Configuration Wizard – Step 10 Window o.Exercise Solutions The DHCP Configuration Wizard – Step 10 window in Figure 11-35 appears. All Rights Reserved. Inc. if the information is correct. Configuring DHCP Copyright 2005 Sun Microsystems.1 11-61 . Sun Services.

the main DHCP Manager Window appears.Exercise Solutions The DHCP Configuration Manager Window closes. Inc. 11-62 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Click Yes to proceed with address configuration. and the Start Address Wizard window in Figure 11-36 appears. Revision A. Figure 11-36 Start Address Wizard Window p. All Rights Reserved.1 . Sun Services.

Perform the following: a. All Rights Reserved. Configuring DHCP Copyright 2005 Sun Microsystems.1 11-63 . (This is the comment appended to the end of each DHCP-managed IP address line added to the /etc/inet/hosts file). This example uses five addresses and a comment of net1. Revision A. b. Sun Services. Figure 11-37 DHCP Address Configuration Wizard – Step 1 Window 3. Add at least five addresses. Add the comment net1 in this example. Inc. Enter 5 in the Number of IP Addresses field. c.Exercise Solutions The DHCP Address Configuration Wizard – Step 1 window in Figure 11-37 appears. Click >.

This example allows client name generation and uses sys13-dhcp for the root name. g. e.168. f.1 .1. and the starting IP address must be changed to 192.10. All Rights Reserved. the Managed by Server field is set to the default. Select Generate Client Names. Figure 11-38 DHCP Address Configuration Wizard – Step 2 Window d. 11-64 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. In this example. Click >. Verify that Managed by Server and Starting IP Address fields display the correct information.Exercise Solutions The DHCP Address Configuration Wizard – Step 2 window in Figure 11-38 appears. Inc. Revision A. Type a name in the Root Name field. Sun Services.

All Rights Reserved. Sun Services. Verify that the address information is correct. Figure 11-39 DHCP Address Configuration Wizard – Step 3 Window h. Inc. and click >.Exercise Solutions The DHCP Address Configuration Wizard – Step 3 window in Figure 11-39 appears.1 11-65 . Revision A. Configuring DHCP Copyright 2005 Sun Microsystems.

Inc.Exercise Solutions The DHCP Address Configuration Wizard – Step 4 window in Figure 11-40 appears. Use the default Configuration Macro and verify that Addresses are unusable is checked.1 . j. All Rights Reserved. 11-66 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Revision A. Click >. Figure 11-40 DHCP Address Configuration Wizard – Step 4 Window i. Sun Services.

Inc. and click >. This example uses the default Dynamic. Figure 11-41 DHCP Address Configuration Wizard – Step 5 Window k. Revision A. All Rights Reserved. Configuring DHCP Copyright 2005 Sun Microsystems.Exercise Solutions The DHCP Address Configuration Wizard – Step 5 window in Figure 11-41 appears. Sun Services.1 11-67 . Select Dynamic.

1 . and click Finish. All Rights Reserved. Sun Services. Figure 11-42 DHCP Address Configuration Wizard – Step 6 Window l.Exercise Solutions The DHCP Address Configuration Wizard – Step 6 window in Figure 11-42 appears. Review the information. 11-68 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Note – You can continue without problems if one or two addresses are already in use from earlier exercises. Revision A. Inc.

Select Exit from the File menu to close the DHCP Manager window. All Rights Reserved.1. The command syntax used to enable the DHCP client is: # touch /etc/dhcp.168. which is hme0 in this example. use the grep command: # grep dhcp /etc/inet/hosts 192. Working on the sysX4 System This example uses the sys14 system as the DHCP client.hme0 Configuring DHCP Copyright 2005 Sun Microsystems.11 sys13-dhcp-11 #net1 192.168.168. Create the appropriate file for the external interface. To view the information that the dhcpmgr utility added to the/etc/inet/hosts file. Inc. Log in as the root user on the DHCP client. Enable DHCP on the client.1 11-69 . 4.1. Figure 11-43 DHCP Manager Window m.13 sys13-dhcp-13 #net1 192.168.168.1. 2.Exercise Solutions The DHCP Manager window in Figure 11-43 appears. To configure the DHCP client.12 sys13-dhcp-12 #net1 192. complete the following steps: 1.1. Sun Services.14 sys13-dhcp-14 #net1 # Task 2 – Configuring the DHCP Client Complete the steps in this section. Revision A.1.10 sys13-dhcp-10 #net1 192.

# snoop -d hme0 -o /tmp/dhcp-snoop. Inc.10 Version Generic 64-bit Copyright 1983-2005 Sun Microsystems. # init 6 3.interface file exists for the interface being configured using DHCP. complete the following steps: 1. Hostname: sys13-dhcp-14 All rights reserved. Inc. Edit the /etc/default/dhcpagent file. the interface is not plumbed. Revision A. Task 3 – Using the snoop Utility to View DHCP Client-Server Interaction An important part of troubleshooting DHCP issues is using the snoop utility to observe the network interaction between the server and the client. stop the snoop utility by pressing the Control+C key sequence. 4. otherwise.snp file. Configure the /etc/default/dhcpagent file on the DHCP client so that it releases its IP address if it is rebooted or is shut down. Be sure to use the snoop utility on an interface that is on the same subnet as the DHCP client. This is a requirement for a successful DHCP configuration of the client. and watch the system console as the system boots. Have the snoop utility write to the /tmp/dhcp-snoop. Reboot the DHCP client system. and remove the # in front of the RELEASE_ON_SIGTERM=yes parameter. Use is subject to license terms. After the DHCP client has booted. 11-70 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. You should see something similar to the following: SunOS Release 5. All Rights Reserved. which is hme0 in this example.1 .Exercise Solutions Note – Verify that the /etc/hostname. Reboot the client. Sun Services. 3. To view DHCP client-server interaction. Start the snoop utility on any system on the subnet other than the DHCP client.snp Using device /dev/hme (promiscuous mode) 2.

1.. and the DHCP messages.168.168. 192.14. .168.0.14 DHCP/BOOTP DHCPOFFER ? -> (multicast) ETHER Type=0001 (LLC/802.3).14 DHCP/BOOTP DHCPACK OLD-BROADCAST -> (broadcast) ARP C Who is 192. View the summary of the captured information. ..168.168.14 -> (broadcast) ARP C Who is 192. = normal reliability Configuring DHCP Copyright 2005 Sun Microsystems. ETHER: Ethertype = 0800 (IP) ETHER: IP: ----.1. and DHCPACK. Sun Services.1.snp | more 0.00656 0. 105 106 107 108 109 110 111 112 .79455 0. DHCPREQUEST.. Revision A..83990 ETHER: Packet size = 342 bytes ETHER: Destination = 0:3:ba:68:45:39..one.37637 0. Use the snoop utility to convert the trace data to ASCII text. in the trace.168..14.61469 0.1 11-71 . ETHER: Source = 0:3:ba:68:44:d3.00432 OLD-BROADCAST -> BROADCAST DHCP/BOOTP DHCPDISCOVER sys13.1.. DHCPOFFER.1..14 ? 5. and output that text to the /tmp/dhcp-snoop..edu -> 192...0 . All Rights Reserved.00096 1.edu DHCP/BOOTP DHCPRELEASE 0.1.1..1 -> 192... = 0 (precedence) IP: ..txt 6. = normal throughput IP: . DHCPRELEASE: ETHER: ----..txt file.02589 fe80::203:baff:fe6b:5e06 -> ff02::9 RIPng R (6 destinations) 1.one.96445 192.edu -> 192. .one. Observe the ETHER destination addresses.edu -> 192.. 24 . 1 2 . .1. 192..IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx..51914 192.01810 0.14 ? 192.txt file for viewing with any text editor that provides easy navigation and searching of the data.. # snoop -i /tmp/dhcp-snoop. Use the view utility to view the trace data in the /tmp/dhcp-snoop.255 RIP R (3 destinations) 1. the source and destination IP addresses.one.1..168..168.168.snp > /tmp/dhcp-snoop. = normal delay IP: .. 0.168.14 -> sys13. such as DHCPDISCOVER.14 ICMP Echo request (ID: 4 Sequence number: 0) sys13.Exercise Solutions 4.168.. Look for messages. size = 52 bytes OLD-BROADCAST -> BROADCAST DHCP/BOOTP DHCPREQUEST sys13..Ether Header ----ETHER: ETHER: Packet 24 arrived at 9:31:56.00254 1.1..1.. # snoop -v -i /tmp/dhcp-snoop. Inc.

UDP Header ----Source port = 68 Destination port = 67 (BOOTPS) Length = 308 Checksum = B341 ----. 192.0.168..1.1.0 Relay agent address (giaddr) = 0.14 Your client address (yiaddr) = 0. Sun Services... = last fragment Fragment offset = 0 bytes Time to live = 255 seconds/hops Protocol = 17 (UDP) Header checksum = 1cfd Source address = 192.3.14 Destination address = 192...168. = not ECN capable transport .. . .0 = no ECN congestion experienced Total length = 328 bytes Identification = 55877 Flags = 0x4 ..0..0. Revision A.(Options) field options ----Message type = DHCPRELEASE Error Message = DHCP agent is exiting DHCP Server Identifier = 192. sys13.1. Inc..0. = do not fragment ..0 Client hardware address (chaddr) = 00:03:BA:68:44:D3 ----. ...168.0 Next server address (siaddr) = 0.1.0...14..168.0.Dynamic Host Configuration Protocol ----Hardware address type (htype) = 1 (Ethernet (10Mb)) Hardware address length (hlen) = 6 octets Relay agent hops = 0 Transaction ID = 0x6fdf1bbf Time since boot = 0 seconds Flags = 0x0000 Client address (ciaddr) = 192.edu No options ----.1.Exercise Solutions IP: IP: IP: IP: IP: IP: IP: IP: IP: IP: IP: IP: IP: IP: IP: UDP: UDP: UDP: UDP: UDP: UDP: UDP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: . .. All Rights Reserved.one.0.168..3 DHCPDISCOVER: 11-72 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.0.1.1 .

... = 0 (precedence) IP: ..0..Dynamic Host Configuration Protocol ----DHCP: DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb)) DHCP: Hardware address length (hlen) = 6 octets DHCP: Relay agent hops = 0 DHCP: Transaction ID = 0x926aa722 DHCP: Time since boot = 48 seconds Configuring DHCP Copyright 2005 Sun Microsystems..0 = no ECN congestion experienced IP: Total length = 328 bytes IP: Identification = 4 IP: Flags = 0x4 IP: . All Rights Reserved....255. ... = not ECN capable transport IP: .. Inc. ..0 . Revision A..0.1...1 11-73 .. ETHER: Ethertype = 0800 (IP) ETHER: IP: ----. ..0... 0. .Exercise Solutions ETHER: ----.. Sun Services.. OLD-BROADCAST IP: Destination address = 255. = do not fragment IP: . (broadcast) ETHER: Source = 0:3:ba:68:44:d3.... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 7aa1 IP: Source address = 0.95251 ETHER: Packet size = 342 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff. BROADCAST IP: No options IP: UDP: ----...0.255.IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. ..Ether Header ----ETHER: ETHER: Packet 105 arrived at 9:34:5. = normal reliability IP: .0....255.UDP Header ----UDP: UDP: Source port = 68 UDP: Destination port = 67 (BOOTPS) UDP: Length = 308 UDP: Checksum = E7EC UDP: DHCP: ----. .. = normal delay IP: ..0. = normal throughput IP: ..

Sun Services.Exercise Solutions DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: Flags = 0x0000 Client address (ciaddr) = 0.UltraAX-i2" Requested Options: 1 (Subnet Mask) 3 (Router) 6 (DNS Servers) 12 (Client Hostname) 15 (DNS Domain Name) 28 (Broadcast Address) 43 (Vendor Specific Options) DHCPOFFER: 11-74 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 .0 Relay agent address (giaddr) = 0. Inc.0 Next server address (siaddr) = 0.0 Client hardware address (chaddr) = 00:03:BA:68:44:D3 ----.0.0.0 Your client address (yiaddr) = 0.0.0.0.0.(Options) field options ----Message type = DHCPDISCOVER Maximum DHCP Message Size = 1472 bytes IP Address Lease Time = -1 seconds Client Class Identifier = "SUNW.0. All Rights Reserved. Revision A.0.

Exercise Solutions ETHER: ----- Ether Header ----ETHER: ETHER: Packet 107 arrived at 9:34:6.96163 ETHER: Packet size = 359 bytes ETHER: Destination = 0:3:ba:68:44:d3, ETHER: Source = 0:3:ba:68:45:39, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = not ECN capable transport IP: .... ...0 = no ECN congestion experienced IP: Total length = 345 bytes IP: Identification = 42935 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 4f7a IP: Source address = 192.168.1.3, sys13.one.edu IP: Destination address = 192.168.1.14, 192.168.1.14 IP: No options IP: UDP: ----- UDP Header ----UDP: UDP: Source port = 67 UDP: Destination port = 68 (BOOTPC) UDP: Length = 325 UDP: Checksum = 84B8 UDP: DHCP: ----- Dynamic Host Configuration Protocol ----DHCP: DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb)) DHCP: Hardware address length (hlen) = 6 octets DHCP: Relay agent hops = 0 DHCP: Transaction ID = 0x926aa722 DHCP: Time since boot = 48 seconds

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-75

Exercise Solutions DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: Flags = 0x0000 Client address (ciaddr) = 0.0.0.0 Your client address (yiaddr) = 192.168.1.14 Next server address (siaddr) = 0.0.0.0 Relay agent address (giaddr) = 0.0.0.0 Client hardware address (chaddr) = 00:03:BA:68:44:D3 ----- (Options) field options ----Message type = DHCPOFFER DHCP Server Identifier = 192.168.1.3 UTC Time Offset = -25200 seconds RFC868 Time Servers at = 192.168.1.3 IP Address Lease Time = 86400 seconds DNS Domain Name = one.edu DNS Servers at = 192.168.1.2 DNS Servers at = 192.168.1.3 Broadcast Address = 192.168.1.255 Perform Router Discovery Flag flag = 0x1 Subnet Mask = 255.255.255.0 Client Hostname = sys13-dhcp-14

DHCPREQUEST:

11-76

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Solutions ETHER: ----- Ether Header ----ETHER: ETHER: Packet 109 arrived at 9:34:8.13256 ETHER: Packet size = 342 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:3:ba:68:44:d3, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = not ECN capable transport IP: .... ...0 = no ECN congestion experienced IP: Total length = 328 bytes IP: Identification = 5 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 7aa0 IP: Source address = 0.0.0.0, OLD-BROADCAST IP: Destination address = 255.255.255.255, BROADCAST IP: No options IP: UDP: ----- UDP Header ----UDP: UDP: Source port = 68 UDP: Destination port = 67 (BOOTPS) UDP: Length = 308 UDP: Checksum = 9B2C UDP: DHCP: ----- Dynamic Host Configuration Protocol ----DHCP: DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb)) DHCP: Hardware address length (hlen) = 6 octets DHCP: Relay agent hops = 0 DHCP: Transaction ID = 0x21a95f6 DHCP: Time since boot = 48 seconds

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-77

Exercise Solutions DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: Flags = 0x0000 Client address (ciaddr) = 0.0.0.0 Your client address (yiaddr) = 0.0.0.0 Next server address (siaddr) = 0.0.0.0 Relay agent address (giaddr) = 0.0.0.0 Client hardware address (chaddr) = 00:03:BA:68:44:D3 ----- (Options) field options ----Message type = DHCPREQUEST IP Address Lease Time = 86400 seconds Maximum DHCP Message Size = 1472 bytes Requested IP Address = 192.168.1.14 DHCP Server Identifier = 192.168.1.3 Client Class Identifier = "SUNW.UltraAX-i2" Requested Options: 1 (Subnet Mask) 3 (Router) 6 (DNS Servers) 12 (Client Hostname) 15 (DNS Domain Name) 28 (Broadcast Address) 43 (Vendor Specific Options)

DHCPACK:

11-78

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Exercise Solutions ETHER: ----- Ether Header ----ETHER: ETHER: Packet 110 arrived at 9:34:8.15066 ETHER: Packet size = 359 bytes ETHER: Destination = 0:3:ba:68:44:d3, ETHER: Source = 0:3:ba:68:45:39, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = not ECN capable transport IP: .... ...0 = no ECN congestion experienced IP: Total length = 345 bytes IP: Identification = 44125 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 4ad4 IP: Source address = 192.168.1.3, sys13.one.edu IP: Destination address = 192.168.1.14, 192.168.1.14 IP: No options IP: UDP: ----- UDP Header ----UDP: UDP: Source port = 67 UDP: Destination port = 68 (BOOTPC) UDP: Length = 325 UDP: Checksum = 84B8 UDP: DHCP: ----- Dynamic Host Configuration Protocol ----DHCP: DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb)) DHCP: Hardware address length (hlen) = 6 octets DHCP: Relay agent hops = 0 DHCP: Transaction ID = 0x21a95f6 DHCP: Time since boot = 48 seconds

Configuring DHCP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

11-79

Exercise Solutions DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: Flags = 0x0000 Client address (ciaddr) = 0.0.0.0 Flags = 0x0000 Client address (ciaddr) = 0.0.0.0 Your client address (yiaddr) = 192.168.1.14 Next server address (siaddr) = 0.0.0.0 Relay agent address (giaddr) = 0.0.0.0 Client hardware address (chaddr) = 00:03:BA:68:44:D3 ----- (Options) field options ----Message type = DHCPACK DHCP Server Identifier = 192.168.1.3 UTC Time Offset = -25200 seconds RFC868 Time Servers at = 192.168.1.3 IP Address Lease Time = 86400 seconds DNS Domain Name = one.edu DNS Servers at = 192.168.1.2 DNS Servers at = 192.168.1.3 Broadcast Address = 192.168.1.255 Perform Router Discovery Flag flag = 0x1 Subnet Mask = 255.255.255.0 Client Hostname = sys13-dhcp-14 7. # rm /etc/dhcp.* # init 6 Prevent the client system from continuing to act as a DHCP by removing the /etc/dhcp.* files and rebooting the system.

11-80

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Module 12

Configuring NTP
Objectives
This module introduces how to configure the Network Time Protocol (NTP). This module also introduces NTP basics, including how computers keep time, the uses of NTP, and NTP terms. This module also describes how to configure an NTP server and an NTP client. In addition, this module describes how to troubleshoot NTP, including how to view logs and how to use the snoop utility. Upon completion of this module, you should be able to:
q q q q

Identify NTP basics Configure an NTP server Configure an NTP client Troubleshoot NTP

The course map in Figure 12-1 shows how this module fits into the current instructional goal.

Configuring and Managing Network Applications
Configuring the Solaris™ IP Filter Firewall

Configuring DNS

Configuring DHCP Figure 12-1 Course Map

Configuring NTP

12-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Identifying NTP Basics

Identifying NTP Basics
Before you configure NTP, you must be aware of some basic computer clock and NTP-related concepts.

How Computers Keep Time
This section describes how computers keep time. This is a high-level introduction and is not meant to be all inclusive. When the system is not running the Solaris OS, the time-of-day chip maintains basic 24-hour time. This time is copied into a 64-bit counter used by the kernel to maintain 24-hour time for a running system. Sun systems use a combination of an oscillator and a 64-bit counter to keep track of time. A specific number of oscillations cause an interrupt that, if processed, will cause the counter to increment. The Sun system central processing units (CPUs) generate the regular interrupts. By default, 100 interrupts are generated per second. For the system’s counter to increment, the CPUs interrupt must be processed by the kernel. Each interrupt that gets processed is known as a clock tick. However, not all interrupts get processed. This is often due to high system loads and higher priority tasks that take precedence within the kernel. Therefore, gradually, a clock will fall slightly behind because not all time interrupts are processed. However, the controller boards in Sun FIre™ 12k to 25k high-end servers use a real-time clock, not the normal 100 interrupts per second method. This makes them excellent NTP servers, since the clock does not drift as it does on a regular server or workstation. However, making them an NTP client can cause issues with the SMS software. Note – The 32-bit time counter would reach its limit in the year 2038. The 64-bit time counter was started at 0 at midnight, January 1, 1970 Greenwich Mean Time (GMT). The counter will reach its limit in about 290 million years. Variation in the frequency of the oscillator and delays to the kernel interrupt routine cause clock drifts. NTP disciplines the system clock frequency and time, producing more accurate timing mechanisms for the system.

12-2

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Identifying NTP Basics

Uses of NTP
Many network applications need synchronized clocks to properly function. For example:
q

Encryption – This application often uses time as a component of encryption keys. Network management – This application uses time to determine exactly when something took place. Logging – The syslog facility uses time to display system events. File systems – Applications time stamp files when they are created or modified. Many backup applications are configured to use time as a criteria for determining backups, so that clock synchronization between the backup server and other systems is important. Cluster Nodes – Individual nodes in a Sun Cluster configuration use NTP to ensure that they all agree on the time.

q

q q

q

NTP Terms
Several terms are used when describing time-related topics. These terms are described in Table 12-1. Table 12-1 NTP Terms Term Reference clock Strata Description A clock that provides current time by accurately following a time standard, such as Coordinated Universal Time (UTC). NTP servers are arranged in a hierarchy of levels, called strata. A stratum-1 server is more accurate than a stratum-10 server. There are 16 strata. A highly available NTP server that has its own reference clock. The smallest increment in time that a clock offers. For example, a wristwatch usually has a resolution of one second. The smallest increase in time that a computer program can use.

Stratum-1 server Resolution

Precision

Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

12-3

Identifying NTP Basics Table 12-1 NTP Terms (Continued) Term Jitter Accuracy Reliability Wander Drift file Description The difference of the differences experienced when repeatedly measuring time. How close a clock follows an official time reference, such as UTC. The length of time that a clock can remain accurate within a specified range. All clocks suffer from frequency variations. This variation is called wander. A file that contains the frequency offset of the local system’s clock oscillator. Drift file contents can be used by protocols, like NTP, to cause a system’s clock to be more accurate. The default location for Sun’s NTP drift file is /var/ntp/ntp.drift. The NTP daemon. A file that causes the xntpd daemon to start in either the client or the server mode and provides configuration statements that control the behavior of the xntpd daemon. You can use the fudge command in the ntp.conf file as a keyword to configure reference clocks in special ways, such as defining calibration constants to force a time offset to a particular external-time standard. A general term used for various actions carried out by some protocol, which helps keep a local clock better synchronized to an official time source, such as UTC.

xntpd The ntp.conf file

The fudge command

Discipline

12-4

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Configuring an NTP Server

Configuring an NTP Server
The /etc/inet/ntp.server file is a template for configuring an NTP server. Copy this file to /etc/inet/ntp.conf, and edit it to meet your network’s requirements. When viewing contents of the /etc/inet/ntp.server file, remember that an NTP server is also an NTP client. The xntpd daemon is started at system boot if the /etc/inet/ntp.conf file exists and the NTP service is enabled by the SMF. The xntpd daemon starts in either the client or the server mode, depending on the contents of the ntp.conf file. The following steps describe the behavior of the xntpd daemon: 1. Broadcast NTP servers advertise every 64 seconds, by means of a multicast address (224.0.1.1), that they are NTP servers. Any NTP client that is not configured with the unicast address of an NTP server multicasts to this same address when the xntpd daemon is started. View the line that causes the system to act as an NTP server by typing the following:

# grep broadcast /etc/inet/ntp.server broadcast 224.0.1.1 ttl 4 # 2. 3. Local NTP servers answer the multicast advertisements. The NTP client sends time request packets to all of the NTP servers by using the servers’ unicast addresses. Included in the time request packet is the client’s local time. The NTP server replies by inserting UTC time into the packet and then returns the packet to the client. The client compares its original request time with its own time when it receives the response from the server. This enables the client to determine how long the packet was in transit on the network. The client uses the UTC time value from the NTP server after it receives several responses from the NTP server. It can take up to five minutes for an NTP client to synchronize with an NTP server.

4. 5.

6.

Configuring NTP
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

12-5

Configuring an NTP Server Table 12-2 shows the parts of an NTP server’s configuration file and their descriptions. Table 12-2 NTP Configuration File Parts Part server 127.127.1.0 prefer Description The IP address of the preferred NTP server. In this case, the loopback network is used, indicating the use of a local clock. The server keyword indicates an IP address of an NTP server from which time will be received. If the system is a stratum-1 server, then you use X in the 127.127.X.0 syntax to identify a reference clock source. If X is set to 1, the system uses its local clock as the reference clock source. If the server is a stratum-2 (or higher), this entry is an IP address of another NTP server to contact for time information. The prefer keyword means that if multiple systems of the same strata are used to getting clock information, a preferred server is the one that is always used when performing calculations. The fudge entry is available to change (fudge) the stratum that the server advertises. The address the server uses to advertise to the network along with the TTL value to use in IP datagrams. The configuration entry that enables authentication and the monitoring facility. The location of the drift file. The location of NTP statistics. The conventional name of the key file used for authentication. The encryption identifier. (Refer to RFC 1305 for more information.) The key identifier. (Refer to RFC 1305 for more information.)

fudge 127.127.1.0 stratum 0 broadcast 224.0.1.1 ttl 4

enable auth monitor driftfile /var/ntp/ntp.drift statsdir /var/ntp/ntpstats/ keys /etc/inet/ntp.keys trustedkey 0 controlkey 0

Note – Different types of facilities, such as loopstats or clockstats, can also be enabled (refer to the xntpd man page for more details).

12-6

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Sun Services.XType. Comment out the fudge keyword because special configuration is not needed for the local reference clock. and change the server IP address to 127.1.0 stratum 0 to: server 127.conf # 2.XType. Create a drift file as specified by the driftfile /var/ntp/ntp.0 stratum 0 # vi /etc/inet/ntp. but should not.127. use their own undisciplined local clock as an official. # touch /var/ntp/ntp.127. 3.0. reliable time source. To use an undisciplined local clock.0 fudge 127. complete the following steps: 1.conf file. # cp /etc/inet/ntp. Verify that the file exists.drift -rw-r--r-1 root root # Configuring NTP Copyright 2005 Sun Microsystems.drift # ls -al /var/ntp/ntp. Inc.conf Note – Choices for XType are listed in the comments of the /etc/inet/ntp. 0 Aug 16 11:06 /var/ntp/ntp.127.1 12-7 .server file. Open the /etc/inet/ntp. Copy the /etc/inet/ntp. Change: server 127.0 prefer # fudge 127.127.1.drift entry in the /etc/inet/ntp. where the number 1 represents the undisciplined local clock.Configuring an NTP Server Using an Undisciplined Local Clock NTP servers can.server /etc/inet/ntp.drift # Note – The xntpd daemon creates the contents of the drift file dynamically.XType. All Rights Reserved.server file to the /etc/inet/ntp.conf file for editing.conf file. Revision A.127. 4.

the fudge keyword can be used to alter this behavior.0. This is due to the NTP polling value of 6.1.1 . Start the NTP daemon by using the svcadm command.98016) 11:15:04.1. until they establish their correct stratum level. NTP detects this.98016) Note – Notice the 64-second interval between NTP advertisements sent out. Revision A. Systems that use their own clock as a time source advertise themselves as a stratum-4 server by default. Verify that the NTP daemon is running. When a local clock is configured to act as an accurate source of time. # snoop | grep -i ntp Using device /dev/hme (promiscuous mode) sys11 -> 224. Inc. Use the snoop utility to view NTP server multicast advertisements.1.0.. NTP servers and clients that are in the process of synchronization have a stratum level of 0 (zero) initially.Configuring an NTP Server 5. # 6.0. 12-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. # pgrep -lf ntp 1585 /usr/lib/inet/xntpd # 7. # svcadm -v enable svc:/network/ntp network/ntp enabled.0.conf file.98017) 11:12:56.1 NTP broadcast .. Configure the Stratum You can configure the stratum of an NTP server manually by editing the fudge entry in the /etc/inet/ntp.1 NTP broadcast sys11 -> 224. All Rights Reserved.98017) 11:14:00. .1 NTP broadcast sys11 -> 224. However. The fudge configuration entry can use the stratum option to override the stratum level sent out with the NTP server’s time advertisements.1 NTP broadcast sys11 -> 224. This is useful when you do not have access to an external NTP server and you have to synchronize with another system manually.. Sun Services.1.. The polling value can be seen by using the snoop -v command. [st=1] [st=1] [st=1] [st=1] (2004-08-16 (2004-08-16 (2004-08-16 (2004-08-16 11:11:52. Note – The snoop utility output includes the stratum level of the server. 26 is 64.

# cp /etc/inet/ntp.0 stratum 0 3.0 stratum 0 to: server external-time-server-a server external-time-server-b server external-time-server-c # fudge 127. and change the server entry. Comment out the fudge keyword because special configuration is not needed for an external reference clock. complete the following steps: 1.udel.conf # 2. # vi /etc/inet/ntp.conf # touch /var/ntp/ntp.127.127.XType. Verify that the file exists. Refer to http://www. Inc. Copy the /etc/inet/ntp.conf file for editing. Change: server 127.XType.drift # ls -al /var/ntp/ntp.html for links to lists of public NTP servers.drift -rw-r--r-1 root root # Configuring NTP Copyright 2005 Sun Microsystems.drift entry in the /etc/inet/ntp.server file to the /etc/inet/ntp.eecis.Configuring an NTP Server Using External NTP Reference Servers Determine which NTP servers are reachable by your NTP server.XType.edu/~mills/ntp/servers.0 fudge 127.1 12-9 . To use external NTP reference servers. 0 Aug 16 14:41 /var/ntp/ntp. You must notify the NTP server’s administrators of your intention to use their NTP server as a reference server so that the administrator can properly size NTP servers for the additional NTP load.conf file. Sun Services.server /etc/inet/ntp. Open the /etc/inet/ntp. All Rights Reserved.127.conf file.drift # 4. Create a drift file as specified by the driftfile /var/ntp/ntp. Revision A.

which was introduced in the Solaris 8 OS. Check to see if the NTP daemon is running. You can query or configure a running xntpd daemon by using the xntpdc utility. use the tail command with the follow (-f) option. the polling interval increases to 17 minutes and 4 seconds (that is. Start the NTP daemon by using the svcadm command. # svcadm -v svc:/enable network/ntp network/ntp enabled. Inc. or 210 seconds). # xntpdc xntpdc> ? Commands available: addpeer addrefclock broadcast clkbug ctlstats debug dmpeers enable host hostnames keytype leapinfo monlist passwd addserver clockstat delay exit iostats listpeers peers addtrap clrtrap delrestrict fudge kerninfo loopinfo preset authinfo controlkey disable help keyid memstats pstats 12-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems..Configuring an NTP Server 5. Revision A. # pgrep -lf ntp 1595 /usr/lib/inet/xntpd # Note – NTP servers and client that are synchronizing with specific servers defined in the /etc/inet/ntp. Use the ? command to view a list of commands available inside xntpdc.conf file use a 64-second polling interval initially. To view the logged information in pseudo real-time.. You can view statistical information interactively or on the command-line. 6. The xntpdc command provides an extensive view of the state of the xntpd daemon. 1024 seconds. For example: # tail -f /var/adm/messages Aug 16 14:25:37 sys11 xntpd[1614]: [ID 450285 daemon.error] 0 makes a poor control keyid . All Rights Reserved. Sun Services. When time synchronization is established. Managing Daemons By default.1 . all NTP messages are sent to the syslog facility.

2ce5f000 Tue.003906 s 0.30] c4cc99b1. perform the command: # svcadm -v enable svc:/network/ntp network/ntp enabled.31441 s [192.conf file exists and the NTP service was enabled by SMF. perform the command: # svcadm -v disable svc:/network/ntp network/ntp disabled. For example.168.345 ppm 0. Inc. the sysinfo command displays information about the current configuration: xntpdc> sysinfo system peer: system peer mode: leap indicator: stratum: precision: root distance: root dispersion: reference ID: reference time: system flags: frequency: stability: broadcastdelay: authdelay: xntpdc> quit # instructor client 00 2 -14 0. Aug 17 2004 15:50:25. To stop the daemon.Configuring an NTP Server quit restrict timerstats untrustedkey xntpdc> readkeys showpeer traps version requestkey sysinfo trustedkey reset sysstats unconfig reslist timeout unrestrict The commands can be used to display and configure the NTP setup.000 ppm 38.30.1 12-11 . All Rights Reserved. You can stop the service manually by using the svcadm command. Sun Services.000122 s The NTP service is started automatically at boot time if the /etc/inet/ntp. Revision A. # Configuring NTP Copyright 2005 Sun Microsystems. # To start the daemon.00081 s 0.175 auth monitor pll stats kernel_sync -16.

0.0.06 224.00 0. Revision A. 1 u 29 64 377 0.LCL.1.1 . Inc.Configuring an NTP Server Determining NTP Peers The ntpq utility is the standard NTP query program.0. Use the ntpq utility to identify NTP peers on the network.0 ntpq> exit # 12-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services.69 0. All Rights Reserved.1 0.000 16000.0 16 64 0 0.000 0. For example: # ntpq ntpq> peers remote refid st t when poll reach delay offset disp ============================================================================== *instructor .

1 12-13 . Establishing Basic Configuration To initialize the file configuration. # svcadm -v enable svc:/network/ntp network/ntp enabled.client /etc/inet/ntp. Start the NTP daemon by using the svcadm command.client file contains only one entry.1.client multicastclient 224. perform the following: 1.d/xntpd start 1676 /sbin/sh /etc/init. the xntpd daemon is started by the SMF method to maintain synchronization. # pgrep -lf ntp 1680 /usr/sbin/ntpdate -s -m 224. # pgrep -lf ntp # 2. Configuring NTP Copyright 2005 Sun Microsystems.conf # The /etc/inet/ntp.d/xntpd start # Check to determine if the NTP daemon is running.conf file to be created. uses the ntpdate command to synchronize the client’s clock to UTC. as it does with NTP servers. complete the following step: Copy the /etc/inet/ntp. Revision A. Sun Services.Configuring an NTP Client Configuring an NTP Client Configuration of an NTP client also requires the /etc/inet/ntp.0.client file to the /etc/inet/ntp. # The SMF NTP method. which configures the client to use the default multicast address to solicit for servers. All Rights Reserved. After the ntpdate command is executed. Inc.1 1679 /sbin/sh /etc/init.1. /lib/svc/method/xntp.0.1 Starting the NTP Client Daemon To start the NTP client daemon. # tail -1 /etc/inet/ntp. # cp /etc/inet/ntp.conf file.

Refer to the ntpdate(1M) man page for further details. All Rights Reserved. Inc. Revision A. The ntpdate command might perform this initial setting by means of a step or a slew. # pgrep -lf ntp # 12-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. # The xntpd daemon is no longer running.1 .Configuring an NTP Client Note – The ntpdate command runs automatically to gather NTP inputs and to set the initial time on this system. Stopping the NTP Client Daemon Stop the NTP client daemon by using the svcadm command. # svcadm -v disable network/ntp network/ntp disabled. Sun Services.

notice] using kernel phase-lock loop 0041. est.notice] trying ttl 1 for multicast server synchronisation Aug 17 15:21:46 sys11 ntpdate[1680]: [ID 558725 daemon.30 offset 0.00000 # Configuring NTP Copyright 2005 Sun Microsystems. drift correction 0. Sun Services. to troubleshoot NTP. Inc.004158 sec Aug 17 15:22:48 sys11 xntpd[1676]: [ID 702911 daemon. Viewing Messages Log messages result from setting the time forward on the system.notice] adjust tim e server 192. such as viewing system error logs and using the snoop utility. Revision A.1 12-15 .4) Aug 17 15:22:48 sys11 xntpd[1676]: [ID 301315 daemon.notice] tickadj = 5. After receiving multiple updates from the NTP servers. the client changes its time and writes a message to the /var/adm/messages file.notice] xntpd 3-5.168. All Rights Reserved. hz = 100 Aug 17 15:22:48 sys11 xntpd[1676]: [ID 266339 daemon.30. The system sends out its periodic (every 64 seconds) NTP requests with the incorrect time. # tail -50 /var/adm/messages | grep -i ntp Aug 17 15:21:46 sys11 ntpdate[1680]: [ID 318594 daemon. The NTP servers respond with the correct time.93 e+sun 03/08/29 16:23:05 (1. tick = 10000.Troubleshooting NTP Troubleshooting NTP Use a combination of tools. tvu_maxslew = 495.notice] no server suitable for synchronisation found yet Aug 17 15:21:46 sys11 ntpdate[1680]: [ID 147394 daemon.

Troubleshooting NTP Using the snoop Utility To view NTP server multicast advertisements.0. sys11 -> sys12 sys12 -> sys11 sys12 -> sys11 4.1 NTP broadcast -> 224.1 NTP broadcast -> 224.98016) Clients synchronize with servers using unicast packets.1.1 NTP broadcast -> 224.98016) 11:15:04. NTP NTP client [st=0] (2004-08-17 15:25:21. The client then takes action to change its own time. use the snoop utility.0. The NTP server responds with the correct time. 3.1.32955) Note that the client is at stratum 0 initially. NTP server [st=1] (2004-08-17 15:24:17.32839) The NTP server responds again with the correct time. The NTP client sends a message to an NTP server with its idea of the local time.0. Eventually.98017) 11:12:56.1 NTP broadcast [st=1] [st=1] [st=1] [st=1] (2004-08-16 (2004-08-16 (2004-08-16 (2004-08-16 11:11:52. Inc.0. # snoop port Using device sys11 sys11 sys11 sys11 <Control>-C# ntp /dev/hme (promiscuous mode) -> 224. All Rights Reserved. NTP client [st=0] (2004-08-17 15:24:17. as follows: 1. Sun Services. based on NTP time advertisements received from one or more NTP servers. Revision A. the NTP client acknowledges that its time is incorrect. 2. Information about the actions taken by the NTP client is sent to the syslog facility for proper processing.1 .32834) This exchange between the NTP server and the NTP client repeats many times. sys11 -> sys12 12-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1.32958) server [st=1] (2004-08-17 15:25:21.1.98017) 11:14:00. It sets the correct stratum level after synchronization is established.

Configuring NTP Copyright 2005 Sun Microsystems. Inc. you configure NTP. you configure an NTP server and an NTP client on your subnet. Team up with other students in your subnet group so that you can experience most aspects of NTP configuration. This configuration must be completed at least five minutes before this exercise starts so that the NTP server has an opportunity to initialize itself properly. Task Summary In this exercise.Exercise: Configuring NTP Exercise: Configuring NTP In this exercise. All Rights Reserved. Revision A. Preparation Refer to the lecture notes as necessary to perform the tasks listed. The instructor’s system must be configured as a stratum-0 server even though the system might be using its local clock.1 12-17 . it broadcasts NTP updates to your local subnet. After the NTP server is configured. Your NTP server uses the instructor system as an external NTP server. Sun Services.

While you edit the file. Verify that your router is receiving NTP updates from the instructor system. In another window. and modify the server entry so that your system looks to the instructor system for NTP updates. Working on Your Subnet Group’s Router To configure your subnet’s router as an NTP server.1 . Edit the NTP configuration file. Copy and rename the NTP configuration template in preparation for specifying configurations in that file the next time the NTP service is enabled. Be sure not to let snoop run continually). perform the following: 1.Exercise: Configuring NTP Tasks Your first task is to configure your subnet’s router as an NTP server. Start the snoop utility on your router system’s to observe NTP traffic between the router and the instructor system. Write the command that you use: _____________________________________________________________ 6. Write the command that you use: _____________________________________________________________ 5. Ensure that the instructor system is your preferred server. Inc. Create a drift file as specified by the drift file entry in the configuration file. (Either use the -c 1 option to the snoop command so that only one NTP broadcast packet is captured or remember to terminate the snoop session when you are finished with this step. Write the command that you use. Sun Services. comment out the fudge and keys entries and modify the broadcast entry. All Rights Reserved. and write the output of the command: _____________________________________________________________ 4. Write the commands that you use: _____________________________________________________________ 2. determine if the NTP daemon is running on your system. Write the command that you use: _____________________________________________________________ 3. Revision A. 12-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.

Sun Services. terminate the snoop session. Copy and rename the NTP client configuration template to specify the configuation of the NTP service when it is enabled.1 12-19 . Write the command that you use: _____________________________________________________________ 10. Write the command that you use. Revision A. Write the command that you use: _____________________________________________________________ 9. Write the command that you use: _____________________________________________________________ Your second task is to configure an NTP client on any of the remaining systems on your subnet. When you are finished. Start the NTP daemon. and write your answer: _____________________________________________________________ _____________________________________________________________ 11. and view the NTP transactions that can be seen on the snoop trace that is running. When you are finished.Exercise: Configuring NTP 7. terminate the snoop session. be prepared to examine the trace carefully. continue as follows: 8. Start a snoop session on the appropriate interface on the client. Write the commands that you use: _________________________________________________ Configuring NTP Copyright 2005 Sun Microsystems. Use the snoop utility to verify that your system is receiving the NTP broadcasts from your subnet’s NTP server. In the window running the snoop trace on the NTP client. Determine if the NTP daemon is running. After you start the NTP service in the next step. Watch the transactions for a few minutes to see your system’s time becoming synchronized with the instructor’s stratum-0 NTP server. All Rights Reserved. Inc. Working on a Non-Router System To configure an NTP client on remaining systems on your subnet.

Sun Services. Revision A.1 . Inc. (Hint: Use X-Off (Control+S key sequence) to stop the snoop trace from scrolling and use X-On (Control+Q key sequence) to enable scrolling again. 12-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Examine the snoop trace and locate the part of the snoop trace where the client time changed to match the server’s time. Start the NTP daemon and verify that it is running. All Rights Reserved. Write the commands that you use: _____________________________________________________________ 13.Exercise: Configuring NTP 12.

Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. Revision A. or discoveries you had during the lab exercise.1 12-21 . Inc. Sun Services. issues. All Rights Reserved. q q q q ! ? Experiences Interpretations Conclusions Applications Configuring NTP Copyright 2005 Sun Microsystems.

1 netmask ff000000 hme0: flags=1000843<UP.168.VIRTUAL> mtu 8232 index 1 inet 127.RUNNING.0.BROADCAST.30.IPv6> mtu 8252 index 1 inet6 ::1/128 hme0: flags=2100841<UP.0 network.MULTICAST.168.MULTICAST. Verify that your router is receiving NTP updates from the instructor system.31 netmask ffffff00 broadcast 192. Task Solutions Your first task is to configure your subnet’s router as an NTP server.MULTICAST.IPv6> mtu 1500 index 2 ether 8:0:20:b9:72:23 inet6 fe80::a00:20ff:feb9:7223/10 hme0:1: flags=2180841<UP.168.30.MULTICAST.30.RUNNING.RUNNING.IPv4> mtu 1500 index 3 inet 192.168.ROUTER.LOOPBACK.BROADCAST. All Rights Reserved.255 ether 8:0:20:ac:9b:20 lo0: flags=2000849<UP.1.RUNNING.ROUTER.IPv6> mtu 1500 index inet6 fec0::30:a00:20ff:feac:9b20/64 2 2 3 3 12-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. # ifconfig -a lo0: flags=1000849<UP.ROUTER.RUNNING.IPv4. Write the commands that you use: First.1 netmask ffffff00 broadcast 192.ADDRCONF. Sun Services.1.0.IPv6> mtu 1500 index 3 ether 8:0:20:ac:9b:20 inet6 fe80::a00:20ff:feac:9b20/10 qfe0:1: flags=2180841<UP.IPv6> mtu 1500 index inet6 2000::30:a00:20ff:feac:9b20/64 qfe0:2: flags=2180841<UP.MULTICAST. Working on Your Subnet Group’s Router To configure your subnet’s router as an NTP server.Exercise Solutions Exercise Solutions Solutions to this exercise are provided in the following section.168.ADDRCONF.ADDRCONF.IPv4> mtu 1500 index 2 inet 192.MULTICAST.ROUTER.RUNNING. Inc.ROUTER.IPv6> mtu 1500 index inet6 2000::1:a00:20ff:feb9:7223/64 hme0:2: flags=2180841<UP. determine which interface is on the instructor system’s 192.RUNNING.255 ether 8:0:20:b9:72:23 qfe0: flags=1000843<UP.ADDRCONF.MULTICAST.1 .IPv6> mtu 1500 index inet6 fec0::1:a00:20ff:feb9:7223/64 qfe0: flags=2100841<UP.RUNNING. Be sure not to let snoop run continually).LOOPBACK.RUNNING.RUNNING. Revision A.MULTICAST.MULTICAST. perform the following: 1.MULTICAST.ROUTER. (Either use the -c 1 option to the snoop command so that only one NTP broadcast packet is captured or remember to terminate the snoop session when you are finished with this step.

# vi /etc/inet/ntp. Create a drift file as specified by the drift file entry in the configuration file. Write the command that you use: # touch /var/ntp/ntp.1 12-23 .keys #trustedkey 0 #requestkey 0 #controlkey 0 Change the broadcast entry to be similar to the following: broadcast 192. # cp /etc/inet/ntp.30.168.168. 2. Write the command that you use: Copy the /etc/inet/ntp.conf file.XType.30 prefer # fudge 127.conf file. and modify the server entry so that your system looks to the instructor system for NTP updates. Ensure that the instructor system is your preferred server.edu -> 192.server /etc/inet/ntp. All Rights Reserved.0 stratum 0 Change the keys entries to be similar to the following: #keys /etc/inet/ntp.thirty. comment out the fudge and keys entries and modify the broadcast entry.conf Change the server and fudge entries to be similar to the following: server 192. Sun Services. Revision A.server file to the /etc/inet/ntp. Edit the NTP configuration file. While you edit the file.168.255 NTP (2004-11-05 09:41:20.conf 3.127.drift Configuring NTP Copyright 2005 Sun Microsystems.30. Inc.83034) 1 packets captured # broadcast [st=1] You can continue to configure your system as an NTP server because it is receiving NTP updates from the instructor system that is acting as a stratum-0 server. Edit the /etc/inet/ntp.Exercise Solutions Use a combination of the snoop and grep utilities to look for NTP updates on the interface (qfe0) closest to the instructor system as follows: # snoop -d qfe0 -c 1 port ntp Using device /dev/qfe (promiscuous mode) instructor.1. Copy and rename the NTP configuration template in preparation for specifying configurations in that file for the next time the NTP service is enable.255 ttl 4 4.

Write the command that you use.. # snoop -d qfe0 port ntp Using device /dev/qfe (promiscuous mode) instructor -> 192. 7. 12-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.30.1 . the NTP daemon is not running. Write the command that you use: Start the snoop utility on the 192...45062) instructor -> sys11ext NTP server [st=1] (2004-11-05 10:09:39. Write the command that you use: # svcadm enable svc:/network/ntp:default svc:/network/ntp:default enabled # # snoop -d qfe2 port ntp Using device /dev/qfe (promiscuous mode) sys11ext -> instructor NTP client [st=0] (2004-11-05 10:05:14. In another window.168. Start the snoop utility on your router system’s to observe NTP traffic between the router and the instructor system. All Rights Reserved.Exercise Solutions 5. as expected.168.. Sun Services. determine if the NTP daemon is running on your system. Revision A.30. Start the NTP daemon.79242) . Inc. Watch the transactions for a few minutes to see your system’s time becoming synchronized with the instructor’s stratum-0 NTP server.0 network. and view the NTP transactions that can be seen on the snoop trace that is running. and write the output of the command: # pgrep -lf ntp 1142 snoop -d qfe0 port ntp No. 6.255 NTP broadcast [st=1] (2004-11-05 10:04:48. Your second task is to configure an NTP client on any of the remaining systems on your subnet.83026) .

Write the command that you use: # cp /etc/inet/ntp. Revision A. Start a snoop session on the appropriate interface on the client. Write the commands that you use: # svcadm -v enable svc:/network/ntp svc:/network/ntp:default enabled. Start the NTP daemon and verify that it is running. All Rights Reserved. In the window running the snoop trace on the NTP client.168.08248) You can continue with configuring your system as an NTP client because it is receiving NTP updates from your router system.one. 11. # # pgrep -lf ntp 1528 /usr/lib/inet/xntpd Configuring NTP Copyright 2005 Sun Microsystems.client /etc/inet/ntp.conf 10. as expected. Write the command that you use: # snoop -d hme0 port ntp Using device /dev/hme (promiscuous mode) sys11.. Determine if the NTP daemon is running. When you are finished. be prepared to examine the trace carefully. Inc. Use the snoop utility to verify that your system is receiving the NTP broadcasts from your subnet’s NTP server.. the NTP daemon is not running.1. 9.255 NTP broadcast [st=2] (2004-11-05 10:18:16.Exercise Solutions Working on a Non-Router System To configure an NTP client on remaining systems on your subnet. # snoop -d hme0 port ntp . Write the command that you use. continue as follows: 8.edu -> 192. After you start the NTP service in the next step. Copy and rename the NTP client configuration template to specify the configuation of the NTP service when it is enabled. which acts as a stratum-2 server. and write your answer: # pgrep -lf ntp No.1 12-25 . 12. Sun Services. terminate the snoop session.

168.edu sys11. .one.0. Sun Services.edu sys12.02497) {observe that server’s time is 15:57 while client’s time is 15:58} sys11.one.edu sys11.one.168.edu sys12.1.02645) server [st=2] (2005-02-02 15:57:47.one.one.0.1.one.1.255 sys11.edu sys12.168.one.edu sys12.02556) server [st=2] (2005-02-02 15:57:47..one.one.1 NTP 224.one. sys12.one.1 .edu sys11.255 NTP NTP NTP NTP NTP server [st=2] (2005-02-02 15:59:22.edu -> -> -> -> -> sys12.1 NTP 224.1.one.edu sys11.Exercise Solutions 13.edu sys12.61010) broadcast [st=2] (2005-02-02 15:57:47.edu sys12.one.. All Rights Reserved.0. (Hint: Use X-Off (Control+S key sequence) to stop the snoop trace from scrolling and use X-On (Control+Q key sequence) to enable scrolling again.edu NTP client [st=0] (2005-02-02 15:58:11.edu 192.1.edu sys11.one.one.edu sys12.edu sys11.06518) client [st=0] (2005-02-02 15:58:38.06474) client [st=0] (2005-02-02 15:58:38.72968) server [st=2] (2005-02-02 16:00:26.61026) client [st=0] (2005-02-02 15:58:14.edu sys11.one.one.72945) broadcast [st=2] (2005-02-02 16:00:59.61016) client [st=0] (2005-02-02 15:58:13.one.one.one.06304) client [st=0] (2005-02-02 15:58:38. Examine the snoop trace and locate the part of the snoop trace where the client time changed to match the server’s time.edu sys11.61034) client [st=0] (2005-02-02 15:58:12.0.one.06343) client [st=0] (2005-02-02 15:59:22.edu -> -> -> -> -> -> -> -> -> sys12.255 NTP sys11.1 NTP 192.edu sys12.one.edu sys11.one.1.one.1.1.255 sys11.one.edu sys12.edu -> -> -> -> -> -> 224.064 12-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.02602) server [st=2] (2005-02-02 15:57:47.1 NTP 224.06425) client [st=0] (2005-02-02 15:58:38.one.edu sys12.edu 192.edu sys12. Inc.edu sys12.one.168.one.06560) broadcast [st=2] (2005-02-02 15:58:51.72971) {observe that the client has updated its time to that of the server} sys11.72968) broadcast [st=2] (2005-02-02 15:59:55.edu NTP NTP NTP NTP NTP NTP NTP NTP NTP server [st=2] (2005-02-02 15:57:47.edu sys11.edu sys11.one.one.one.one. Revision A.edu 192.06379) client [st=0] (2005-02-02 16:00:26.edu sys12.

you should be able to: q q Identify Solaris IP Filter firewall basics Configure the Solaris IP Filter firewall behavior The course map in Figure 13-1 shows how this module fits into the current instructional goal.Module 13 Configuring the Solaris™ IP Filter Firewall Objectives This module introduces how to configure the Solaris IP Filter host-based firewall. including how the firewall decides whether or not to pass a packet and how rules for the firewall can be defined based on various criteria. This module also introduces the basics of the Solaris IP Filter firewall. Revision A. All Rights Reserved. Upon completion of this module. Configuring and Managing Network Applications Configuring the Solaris™ IP Filter Firewall Configuring DNS Configuring DHCP Figure 13-1 Course Map Configuring NTP 13-1 Copyright 2005 Sun Microsystems. Sun Services. Inc.1 .

free access between networks where all the systems are known is not necessarily a problem. forward all traffic that arrives at one of its interfaces to another network. a firewall is selective about the traffic that it forwards. The rules in the firewall can be based on characteristics of traffic such source and destination IP addresses for both individual hosts and networks. Unlike an IP router. and can decide not to permit certain traffic to be forwarded.1 . Inc. and to control the access that systems inside the network have to the rest of the Internet. In a controlled or constrained environment. This is the purpose of a firewall. An IP router will. To avoid this situation. on port numbers and payload types. Anyone on the Internet can attempt to access any of the systems in any manner. The decision to forward or not to forward traffic is controlled by a set of rules defined on the firewall. All Rights Reserved. Solaris IP Filter firewall is a utility that enables a Solaris 10 OS system to act as a firewall. Revision A. Sun Services. Access restrictions can be applied to systems outside the network looking to access systems inside the network.conf file. The Solaris IP Filter firewall is an integral part of the Solaris 10 OS and can be configured on Solaris 10 OS systems acting as routers and on individual hosts. When connecting a network to external networks. An unprotected network connected to the Internet by an IP router exposes all of the systems on the network to the whole Internet. the network can be connected by using some form of device that is more restrictive in the access it permits. A firewall is a device which runs some software designed to control traffic between networks. 13-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. the /etc/ipf/ipf. permitting free access. An IP router can be considered to be an open door between networks. by default. similar to an IP router.Identifying Firewall Basics Identifying Firewall Basics IP routers are used to connect networks together and to pass traffic between the networks. unrestricted access is typically not desirable. The behavior of the Solaris IP Filter firewall is controlled by a configuration file.

conf file. The pfil kernel module is loaded on an individual network interface when the interface is plumbed if packet filtering has been enabled for that type of interface (hme.Configuring the Behavior of the Solaris IP Filter Firewall Configuring the Behavior of the Solaris IP Filter Firewall When defining packet filtering rules in the /etc/ipf/ipf. All Rights Reserved. Sun Services. the pfil kernel module must be loaded on each network interface on the system on which packet filtering is to be applied. Inc. The default configuration in the Solaris 10 OS is that packet filtering is not enabled for any network interface. Revision A. and so on). remember the action specified in the rule. stop matching and perform the action. the Solaris IP Filter firewall performs the following tasks: 1.conf file. 4. Each rule in the file contains: q q q An action A direction Criteria which are compared against the packet to determine whether the packet matches the rule The default behavior of the Solaris IP Filter firewall is to read every rule in the /etc/ipf/ipf. Enabling Packet Filtering With the Solaris IP Filter Firewall For the Solaris IP Filter firewall to function. it is necessary to understand how the Solaris IP Filter firewall reads this file and compares any packet against the rules in the file. 5. If the packet matches. qfe.1 13-3 . Compare the packet against the direction and criteria in the rule. When processing a packet. Each rule in the file tells the Solaris IP Filter firewall to either permit or deny the packet to be sent or received. 2. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. If the end of the rules is reached or the matched rule contains the quick keyword. Discard any action remembered previously. 3. If no rules match. Packet filtering is enabled on a particular network interface type by uncommenting the line relating to the network interface type in the /etc/ipf/pfil. pass the packet.ap file.

plumbed network interfaces to which you choose to apply filtering must be unplumbed and plumbed. you can use the autopush command to read changes to the /etc/ipf/pfil. Sun Services. # cat /etc/ipf/pfil. # # Format of the entries in this file is: # #major minor lastminor modules #le #qe #hme #qfe #eri #ce #bge #be #vge #ge #nf #fa #ci #el #ipdptp #lane #dmfe # -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 pfil pfil pfil pfil pfil pfil pfil pfil pfil pfil pfil pfil pfil pfil pfil pfil pfil Any existing.ap # IP Filter pfil autopush setup # # See autopush(1M) manpage for more information. 13-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc. Like other SMF services.1 .ap Solaris IP Filter Services The svc:/network/pfil and the svc:/network/ipfilter SMF services control the pfild daemon process. Revision A. use the svcs and svcadm commands to manage these filtering services. # autopush -f /etc/ipf/pfil.ap file before you unplumb and plumb the interfaces.ap file contains a list of network interfaces. For example.Configuring the Behavior of the Solaris IP Filter Firewall The /etc/ipf/pfil. All Rights Reserved. Remove the leading comment character from the appropriate lines for the interface for which filtering is to be configured.

Revision A.. Inc. Figure 13-2 shows how filtering works when based upon traffic direction. All Rights Reserved. There are two action keywords: block and pass.. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. Sun Services. The action states whether the Solaris IP Filter firewall will permit or deny the packet if the rule is matched. Traffic Flow hme0 hme1 Block/pass in on hme0 Block/pass out on hme1 Internet Traffic Flow hme0 hme1 Corporate Network Block/pass out on hme0 Block/pass in on hme1 Figure 13-2 Filtering Based Upon Traffic Direction Using the block keyword The block keyword is an action keyword which tells the Solaris IP Filter firewall that the packet should be blocked (dropped) if the packet matches the rule.1 13-5 .conf file starts with an action.Configuring the Behavior of the Solaris IP Filter Firewall Configuring the Solaris IP Filter Firewall Actions Every rule in the /etc/ipf/ipf. All rules to block packets use this keyword: block .

Using the in Keyword The in keyword is used for rules that relate to packets arriving at the system from the network. Revision A. 13-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All rules to permit packets to pass use this keyword: pass . Sun Services..1 . Configuring Packet Direction The second keyword in all packet filtering rules is a direction keyword.. Any rule that contains the in keyword is applied only to packets arriving at the system from the network.. The direction keyword relates to the movement of the packet in relation to the system on which the Solaris IP Filter firewall is running.. All Rights Reserved.. There are two direction keywords in the Solaris IP Filter firewall: in and out.Configuring the Behavior of the Solaris IP Filter Firewall Using the pass keyword The pass keyword is the action keyword that tells the Solaris IP Filter firewall that the packet should be accepted or sent if the packet matches the rule. Inc. All rules that are intended to block packets arriving at a system start with the following: block in .. All rules that are intended to pass packets arriving at a system start with the following: pass in .

13 ftppxy nat-setup server BASIC_2. The /usr/share/ipfilter/examples directory contains IPFilter examples to help you define rules. # ls /usr/share/ipfilter/examples BASIC.. is found between the direction keyword and the matching keywords in the rule.NAT example.9 example.7 example. All rules that are intended to block packets leaving a system start with the following: block out ... If a packet matches a rule containing the quick keyword.4 example. Sun Services.conf BASIC_1. The quick keyword is used to change this behavior.11 example. Revision A.FW example.2 ip_rules nat.Configuring the Behavior of the Solaris IP Filter Firewall Using the out Keyword The out keyword is used for rules that relate to packets leaving the system to go out on to the network.5 example. then the Solaris IP Filter firewall stops matching at that rule and applies the action contained in the rule.10 example.eg tcpstate example.1 13-7 .8 example. The quick keyword.sr firewall Using the quick keyword Recall that the default behavior of the Solaris IP Filter firewall is to find every rule that matches and remember the action from the last rule matched. All Rights Reserved. Any rule containing the out keyword is applied only to packets leaving the system. Inc. if present.FW example. Configuring Filter Rules This section describes how to configure filter rules.12 ftp-proxy mkfilters pool.. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.3 example. All rules that are intended to pass packets leaving a system start with the following: pass out . The remaining rules are not processed against the packet for matches.6 example.1 example.

Revision A. use the rule: block in quick all To permit all packets arriving at a system to be passed. For example. Sun Services.Configuring the Behavior of the Solaris IP Filter Firewall To define a rule that will block any incoming packet matching the rule and will stop the Solaris IP Filter firewall from processing any further rules. Matching All Packets The all keyword is used to match every packet either arriving or leaving at a system.. start the rule with: block in quick . Configuring Filtering on a Specific Network Interface The Solaris IP Filter firewall applies each rule to every network interface on the system by default. All Rights Reserved. Use of the on keyword enables you to apply a rule to a particular network interface only.. use the rule: pass in all To permit all packets arriving at a system to be passed and to stop processing rules at this point use the rule: pass in quick all Configuring Specific Matching This section describes how to configure specific matching for filters. use the rule: block in all To block every packet arriving at a system and stop processing rules at this point. Inc..1 . 13-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. to block every packet arriving at a system. start the rule with: pass out quick .. To define a rule that will permit any outgoing packet matching the rule and will stop the Solaris IP Filter firewall from processing any further rules.

conf file. To filter packets based on the destination IP address. use the suffix /16 or /255. the to keyword is used. The from and to keywords take IP addresses as arguments. the from keyword is used.168. To specify a Class C network.1.255. The rule: block out from any to 192.255.168. For example.30/32 will block any packets leaving the current system which have the host 192. For example. Revision A.ap file. use the rules: pass in quick on hme0 all pass out quick on hme0 all Configuring Filtering on IP Address The Solaris IP Filter firewall can filter packets based on their source and destination IP addresses. the rule: pass in from 192.0. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.255.30. Sun Services.168.255. To match any IP address.0. To apply a rule to a specific interface. to permit all packets arriving and leaving the hme0 interface and to stop further processing rules at this point. All Rights Reserved. You should not use the interface identifier lo0 in the /etc/ipf/ipf.1.168. use the keyword any.0/24 to any will permit any packets originating from the Class C network 192. To specify a Class B network.255.255. use the on keyword followed by the name of the interface.0. To specify an IP address for a single host.30.30 as their destination.1 13-9 . To filter packets based on the source IP address.Configuring the Behavior of the Solaris IP Filter Firewall Note – The Solaris IP Filter firewall does not filter the loopback interface. IP addresses are suffixed by a netmask value specified by using prefix notation.0 and intended for any destination to enter the system from the network on any network interface. Note that the lo identifier does not appear in the /etc/ipf/pfil. Inc. use the suffix /24 or /255. use the suffix /32 or /255.

2 and is intended for the 192. the rule block out on qfe0 from 192. IP addresses can be used as both source and destination addresses.168.0 network.168. the rule: block in on qfe0 from any to 192.0/24 will block any packets arriving at the qfe0 network interface from any source IP address which are intended for the 192.168.168. Sun Services.3.1.168.0/24 will block any packet leaving the qfe0 interface which originated from the host 192. Inc. All Rights Reserved.1. 13-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1 .0 network. For example. Revision A.1.2/32 to 192.1.Configuring the Behavior of the Solaris IP Filter Firewall Network interfaces and IP addresses can be combined in rules.3. For example.168.

Some common ICMP types are shown in Table 13-2. All Rights Reserved. The protocols which can be filtered are TCP. The icmp-type keyword can be used to specify a single ICMP type value for the rule. use the rule: block in on hme0 proto icmp from any to any In this form. All ICMP packets contain a type value in the ICMP header. The proto keyword is used to filter on protocol type. Table 13-1 shows the keywords and the protocols to which they relate. Table 13-1 Protocol Keywords Keyword icmp tcp udp tcp/udp Protocols Filtered ICMP TCP UDP Both TCP and UDP For example. to block all ICMP packets arriving on the hme0 interface. Revision A. Table 13-2 ICMP Type Values and Keywords ICMP Type Echo reply Echo request Router advertisement Router solicitation Value 0 8 9 10 Keyword echorep echo routerad routersol Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. Sun Services.Configuring the Behavior of the Solaris IP Filter Firewall Configuring Filtering on Protocol Type and Port Number The Solaris IP Filter firewall is also capable of filtering traffic based on the network protocol contained in a packet. Inc. this rule blocks all ICMP packets. The proto keyword is followed by a second keyword that identifies the protocol or protocols to be filtered. UDP and ICMP.1 13-11 .

The type value can be specified numerically or textually. Port-based filtering can be applied to the source address or the destination address. to permit a system to receive ICMP router discovery solicitations on the hme0 interface connected to the 192. anonymous-client port assignments. When writing rules for protocols like Telnet and FTP. use the rules: pass in quick on hme0 proto icmp from 192. FTP and telnet.conf(4) man page for details. to block the default telnet server port (23) the keywords port = 23 are appended to the rule. 13-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Some applications.Configuring the Behavior of the Solaris IP Filter Firewall Note – A complete list of ICMP type values can be found in the /usr/include/netinet/ip_icmp. The icmp-type keyword is appended to the end of a rule to make the rule apply to a specific type of ICMP packet. but to block all other ICMP traffic on the hme0 interface. use the rule: block out quick on qfe0 proto icmp from any to any icmp-type echorep Filtering of TCP and UDP packets can be restricted to a particular port by using the port = keywords. use a well-known port on the server side and an anonymous port for the client.0/24 to any icmp-type 10 pass out quick on hme0 proto icmp from any to 192. for example.168. Inc.0 network and to send router advertisements on the same interface. For example. routing protocols.168.1. The port to which the rule is to apply is specified after the equal sign (=). for example. use the same port on the server and the client.1. All Rights Reserved.h file. it is important to understand the manner in which the applications you are filtering uses ports. Revision A. the keep state keywords are a convenient way to avoid having to know the per-session. Other applications.168.1 . Note – When configuring filtering based upon port number. For example. Sun Services.1. Note that the spaces on either sides of the equals sign are required.0/24 icmp-type 9 block in quick on hme0 proto icmp from any to any block out quick on hme0 proto icmp from any to any To block outgoing ICMP echo replies (responses to the ping command) on the qfe0 interface. See the ipf.

1/32 port = 23 to 192.168. Inc. All Rights Reserved.0/24 Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.0/24 to any port = 23 block in quick proto tcp from any to any port = 23 To permit incoming RPC requests to the rpcbind daemon from the 192.168.1.1. Sun Services.0 network on the hme0 interface only.Configuring the Behavior of the Solaris IP Filter Firewall To block all incoming packets intended for the telnet server port (port 23).0 network. Revision A.1 13-13 .168.1.0 to any port = 111 block in quick on hme0 proto tcp/udp from any to any port = 111 To permit packets to leave the telnet server port if they are intended for the local subnet.168. use the rules: pass in quick proto tcp from 192. use the rule: block in quick proto tcp from any to any port = 23 To block all incoming telnet packets except those originating from the 192. use the rules: pass in quick on hme0 proto tcp/udp from 192. use the rule: pass out quick proto tcp from 192.168.168.1.1.1.

Revision A.conf file. The -F option is combined with one of three choices of the rules to clear: -Fa -Fi -Fo Flush all rules (both input and output) Flush input rules only Flush output rules only For example. If a flush option is specified after an add rules option. the new rules will be added. All Rights Reserved. the flush option must be specified first. you can load the new rules by combining a flush operation and an add operation in one command: # ipf -Fa -f /etc/ipf/ipf.conf # Note – Options to the ipf command are executed in the order in which they are specified on the command line. Sun Services. To clear the existing rules and load a new or updated set. Inc. The -f option takes the name of a file containing the new rules as an argument. to clear all of the input rules. The rules found in the file are appended to any existing rules: # ipf -f /etc/ipf/ipf.conf # The ipf command can also be used to remove rules from the current configuration. then flushed along with the old rules.1 .Configuring the Behavior of the Solaris IP Filter Firewall Changing and Updating the Solaris IP Filter Firewall Configuration The ipf command is used to update the set of filtering rules in place on a system. type the command: # ipf -Fi # If you have made changes to the rule set in the /etc/ipf/ipf. 13-14 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. The -F (flush) option is used to clear rules. The -f option is used to add filtering rules.

Inc. Running the ipfstat command with no arguments displays statistics about the Solaris IP Filter firewall: # ipfstat bad packets: in 0 out 0 input packets: blocked 37 passed 71 nomatch 71 counted 0 short 0 output packets: blocked 0 passed 77 nomatch 50 counted 0 short 0 input packets logged: blocked 0 passed 0 output packets logged: blocked 0 passed 0 packets logged: input 0 output 0 log failures: input 0 output 0 fragment state(in): kept 0 lost 0 fragment state(out): kept 0 lost 0 packet state(in): kept 0 lost 0 packet state(out): kept 0 lost 0 ICMP replies: 0 TCP RSTs sent: 0 Invalid source(in): 0 Result cache hits(in): 13 (out): 27 IN Pullups succeeded: 0 failed: 0 OUT Pullups succeeded: 10 failed: 0 Fastroute successes: 0 failures: 0 TCP cksum fails(in): 0 (out): 0 IPF Ticks: 1426 Packet log flags set: (0) none # The ipfstat command can also be used to display the rules being used currently by using the -io option: # ipfstat -io empty list for ipfilter(out) block in proto tcp from any to 192.Configuring the Behavior of the Solaris IP Filter Firewall Viewing the Solaris IP Filter Firewall Configuration The ipfstat command is used to display information about the behavior and configuration of the Solaris IP Filter firewall. Revision A.1 13-15 . and then the in rules are listed.2. Sun Services. The out rules are listed in order first.168. All Rights Reserved.conf file. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.0/24 port = telnet # Note – The ipfstat -io command does not display the rules in the same sequence as they are listed in the /etc/ipf/ipf.

168. The ipmon command can log information to standard output.738002 p len 20 52 -S IN 23/07/2004 15:27:59.1. to a file.168.0 to any port = 111 block in log quick on hme0 proto tcp/udp from any to any port = 111 Configuring the Solaris IP Filter Firewall to Log to Standard Output To display logged information on standard output.978075 p len 20 52 -S IN 23/07/2004 15:27:45.168.2.2.607407 p len 20 52 -S IN 23/07/2004 15:27:38.23 PR tc hme0 @0:1 b 192.2.168. to log any packets which are received on the hme0 interface and intended for the rpcbind daemon.1.Configuring the Behavior of the Solaris IP Filter Firewall Configuring Logging in the Solaris IP Filter Firewall The Solaris IP Filter firewall includes the ability to log its actions.168.2. The log keyword is placed immediately after the direction keyword in a rule. Configuring Logging of a Rule Match To configure a rule match to be logged by the Solaris IP Filter firewall.121993 p len 20 40 -R IN Control-C# hme0 @0:1 b 192.23 PR tc hme0 @0:1 b 192.32861 -> 192.23 PR tc hme0 @0:1 b 192. but which do not originate from the 192. use the ipmon command: # ipmon 23/07/2004 15:27:35.2.32861 -> 192.168.1. Inc.32861 -> 192.168.1.2.2.168.32861 -> 192. and any matches of that rule are sent to the /dev/ipl device. The /dev/ipl device can be monitored by running the ipmon command. Revision A. Logged information is sent to the /dev/ipl device. or send the information to the syslogd daemon. add the log keyword to the block rule in the following example: pass in quick on hme0 proto tcp/udp from 192.2.168.32861 -> 192. the log keyword is used.2.1.168.2. For example.2.2. All Rights Reserved.23 PR tc hme0 @0:1 b 192.23 PR tc 13-16 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.1.2.168.2.248572 p len 20 52 -S IN 23/07/2004 15:28:03. Sun Services.0 network.168.1.1 .2.

Revision A. and so the /etc/syslog.warning local0. All Rights Reserved.txt <Control>-C # The ipmon process can be instructed to run as a daemon by using the -D option: # ipmon -D /var/tmp/filterlog2. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.notice local0.Configuring the Behavior of the Solaris IP Filter Firewall Configuring the Solaris IP Filter Firewall to Log to a File To capture logged information to a file. Inc. Sun Services.error local0. The Solaris IP Filter firewall sends packets by using the local0 facility. supply the name of the file to log to as an argument to the ipmon command: # ipmon /var/tmp/filterlog. as show in Table 13-3. Packets matching a logged rule.info Meaning Packets that are logged and are short. This information tells you that the packet matches the rule. but that do not have the action associated with the rule applied. Packets blocked by Solaris IP Filter firewall. but has been matched by a later rule in the /etc/ipf/ipf. Table 13-3 Solaris IP Filter Firewall Message Levels Message Level local0.conf file subsequently.txt # Configuring the Solaris IP Filter Firewall to Log by Using Syslog The -s option to the ipmon command causes log information to be sent to the syslogd daemon. Packets passed by Solaris IP Filter firewall.conf file must be configured appropriately to record logging information sent to it by the ipmon command. The Solaris IP Filter firewall generates messages at four levels.1 13-17 .

notice # touch /var/adm/ipflog # pkill -HUP syslogd # ipmon -D -s # .Configuring the Behavior of the Solaris IP Filter Firewall To configure the ipmon command to run as a daemon and to send logging information by using the syslogd daemon to the /var/adm/ipflog file: # cat /etc/syslog. Sun Services. Inc..conf local0.. /var/adm/ipflog 13-18 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved.1 . Revision A.

issue the appropropriate svcadm commands on the appropriate systems to once again enable them. by performing the following: q q Configuring packet filtering rules Restricting access to a subnet Preparation Caution – Before beginning this exercise. the Solaris IP Filter firewall. There is no preparation for this exercise. Configurations on other group’s router firewall. Team up with other students in your subnet group so that you can experience most aspects of the Solaris IP Filter firewall configuration. If the services are not running. Task Summary In this exercise. All Rights Reserved. for example. you configure the Solaris OS IP filter.Exercise: Configuring the Solaris IP Filter Firewall Exercise: Configuring the Solaris IP Filter Firewall In this exercise.1 13-19 . Revision A. Also. you configure packet filtering on your subnet’s router and on client systems in your subnet. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. Sun Services. be aware of what other subnet groups are doing. can influence behavior that you observe locally. Inc. check that DNS services are running as they were in the prior DNS exercise.

The first set of exercise steps is to configure packet filtering in order to prevent any telnet requests from reaching your system. After you verify that telnet access is permitted. Working on a Non-Router System on Your Subnet To enable the packet filter to block all incoming telnet requests to your system. Use the ifconfig command to determine to which interface to apply filter rules. Determine the current status of the svc:/network/ipfilter and svc:/network/pfil services by using the svcs command. Revision A. All Rights Reserved. Edit the Solaris IP Filter firewall’s autopush configuration file to specify the network interface for packet filtering on your system. _____________________________________________________________ 3.Exercise: Configuring the Solaris IP Filter Firewall Task 1 – Configuring Firewall Rules In the first part of the lab you will configure the Solaris IP Filter firewall’s rules to show how to enable and disable access to services on a host and a network.1 . Which file do you edit? _____________________________________________________________ 13-20 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services. _____________________________________________________________ 4. perform the following: 1. terminate the telnet session. Use another system to verify that your network is functioning properly and that your system can be accessed with the telnet utility. Do this by removing the comment from the appropriate interface learned in the previous step. Inc. _____________________________________________________________ 2.

1.168. and write the command that you use. Edit the /etc/ipf/ipf. Your file should have contents similar to the following: sys12# cat /etc/ipf/ipf. Enable the packet filter. After you verify that telnet access is permitted. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. ________________________________________________________ Verify that the service started. All Rights Reserved.2/32 port = 23 # 6. The system is not secure at this point. it is possible to use the telnet utility to access from another system to your system.conf file and add the relevant rules to block all incoming telnet requests to your system. a.conf file. filtering rules do not take effect when the service is enabled. although a rule to block telnet access was established and the ipfilter service enabled.conf # # IP Filter rules to be loaded during startup # # See ipf(4) manpage for more information on # IP Filter rules syntax. block in proto tcp from any to 192. ________________________________________________________ 7.conf # # ipf. Revision A. and write the command that you use. Inc. Sun Services. terminate the telnet session.1 13-21 . Start the service. b. _____________________________________________________________ Caution – Although you added a blocking rule in the /etc/ipf/ip. Verify that.Exercise: Configuring the Solaris IP Filter Firewall 5.

Force the autopush configuration file to be read by using the following command: Unplumb your system’s interface. ________________________________________________________ b.Exercise: Configuring the Solaris IP Filter Firewall 8. 10. Sun Services. use another system and attempt to use the telnet utility to determine if your system permits a telnet connection. From the command line force the pfild daemon to read the rule file by performing the following steps.conf file: _____________________________________________________________ Did you put the new rule before or after the existing rule? Why? _____________________________________________________________ _____________________________________________________________ 13-22 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. ________________________________________________________ 9. Edit the Solaris IP Filter firewall configuration file by adding a new rule that: q sys12# autopush -f /etc/ipf/pfil.) a. q Write the rule that you entered in the /etc/ipf/ipf.1 . mask. ________________________________________________________ d. All Rights Reserved. (You can also reboot the system to accomplish the same effect. Inc. but block telnet requests from all other networks and not process any other rules. Revision A. Plumb your system’s interface to load the packet filter into the interface’s IP stack. Permits incoming telnet access only from other hosts on your local subnet Stops processing of subsequent rules by using the quick keyword. such as IP address. Use the ifconfig command to determine the configuration of your system’s interfaces. and broadcast address. _____________________________________________________________ The next steps are to configure your system to permit incoming telnet requests from the local subnet. As done previously.ap c. Document the relevant interface information.

conf 12. Verify that the systems can properly communicate across subnets by establishing an appropriate telnet session that passes through your router system. _____________________________________________________________ 15.) Which file do you edit? _____________________________________________________________ 16. Validate that the new configuration is working.1 13-23 . _____________________________________________________________ Working on the Router on Your Subnet The next steps configure your router to block all telnet requests from outside your subnet to any system on your subnet. Update the Solaris IP Filter firewall configuration to include the new rule by using the following ipf command: sys12# ipf -Fa -f /etc/ipf/ipf. All Rights Reserved. Revision A. Terminate the telnet session after you verify successful communication. _____________________________________________________________ Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. Sun Services. Edit the Solaris IP Filter firewall’s autopush configuration file to specify the network interfaces for packet filtering on your router system. Do this by removing the comments from the appropriate interfaces.Exercise: Configuring the Solaris IP Filter Firewall 11. _____________________________________________________________ 13. Edit the relevant file on your router system and add rules to block all incoming telnet requests to your local subnet that do not originate from the local subnet. Inc. 14. Attempt to establish a telnet session to your system from a host on the local subnet and from a host on another subnet. (The ifconfig command shows the interfaces. Display the new rule set by using the ipfstat command. Document the file that you edit and your rules.

All Rights Reserved. and routing information. d. c. Inc. ________________________________________________________ The next steps block your non-router system from sending any outgoing ICMP echo replies.1 . Document the relevant interface information. Verify that the rule functions as expected by using the telnet command. ________________________________________________________ 18. ________________________________________________________ Verify that the service started. From the command line force the pfild daemon to read the rule file by performing the following steps. Sun Services. Verify the status of the svc:/network/ipfilter service. and write the command that you use. mask. Start the service. Unplumb your system’s interfaces. ________________________________________________________ c.Exercise: Configuring the Solaris IP Filter Firewall 17. such as IP address. 13-24 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. and write the command that you use.) a. Enable the packet filter by performing the following steps: a. ________________________________________________________ b. Revision A.ap b. Force the autopush configuration file to be read by using the following command: Determine the configuration of your system’s interfaces. and write the command that you use. ________________________________________________________ Plumb and restore your system’s interface configurations to load the packet filter into the interface’s IP stack. broadcast address. ________________________________________________________ e. sys11# autopush -f /etc/ipf/pfil. (You can also reboot the system to accomplish the same effect.

Write the rule that you entered in the /etc/ipf/ipf.1 13-25 . Update the Solaris IP Filter firewall configuration to include the new rule by using the ipf command. Update the Solaris IP Filter firewall’s configuration file to include a rule on the last line that blocks outgoing ICMP echo replies from the host. _____________________________________________________________ 23. Inc. Test that the new rule is functioning correctly by using the ping command from the test system again.Exercise: Configuring the Solaris IP Filter Firewall Working on a Non-Router System on Your Subnet Continue as follows on the same non-router system on which you have been working: 19. Verify that a local system can successfully perform DNS lookups across routers. Verify the rules by using the ipfstat command. _____________________________________________________________ 20. (Successful completion of this step will aide you in later steps when you write rules to specifically allow DNS through firewalls.conf 22. _____________________________________________________________ 24. Revision A. Use the dig command to find the IP address of a system on another network. Sun Services. verify that you are now able to contact your system from another system on your local subnet by using the ping command.conf file: _____________________________________________________________ 21. Before establishing a blocking rule. sys12# ipf -Fa -f /etc/ipf/ipf. All Rights Reserved.) _____________________________________________________________ Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.

All Rights Reserved. _____________________________________________________________ Working on Each Non-Router System on Your Subnet Continue as follows on the same non-router system on which you have been working: 4. _____________________________________________________________ _____________________________________________________________ 2. 13-26 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. It is not a necessary part of the Solaris IP Filter firewall’s configuration. and write and document the new rules that you entered in the /etc/ipf/ipf. _____________________________________________________________ The reboot is performed as an easy way to flush cached information on the non-router systems. Remove all of the rules in the /etc/ipf/ipf. Edit the Solaris IP Filter firewall’s rules to block all traffic on the router. 5. Working on the Router on Your Subnet Perform the following: 1.Exercise: Configuring the Solaris IP Filter Firewall Task 2 – Disabling Services In the second part of the lab you restrict access to your subnet by disabling all services except a defined set. Update the Solaris IP Filter firewall configuration to include the new rules by using the ipf command.conf file. _____________________________________________________________ 3. Verify the rules by using the ipfstat command.conf file. Reboot all of the non-router systems. Sun Services. Remove all existing rules currently in the configuration file.1 . Revision A. Inc.

conf file: _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 7. write the rules that you entered in the /etc/ipf/ipf. Verify the rules by using the ipfstat command. Update the Solaris IP Filter firewall configuration to use the new rules by using the ipf command.1 13-27 . Before the existing block out all and block in all rules. _____________________________________________________________ _____________________________________________________________ Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. Test that the new rules function correctly by checking the configuration of the routing tables on the non-router hosts and by snooping the network to look for routing packets. Revision A. Inc. All Rights Reserved. _____________________________________________________________ 8.Exercise: Configuring the Solaris IP Filter Firewall Working on the Router on Your Subnet Continue as follows on the same router system on which you have been working: 6. Sun Services. Update the Solaris IP Filter firewall configuration to permit routing information traffic to be sent and received. _____________________________________________________________ Working on a Non-Router System on Your Subnet Continue as follows on the non-router system on which you have been working: 9.

Use the dig command to find the IP address of a system on another network. At the beginning of the configuration file. _____________________________________________________________ 13-28 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. _____________________________________________________________ _____________________________________________________________ 11. Revision A. Verify the rules by using the ipfstat command. write the rules that you entered in the /etc/ipf/ipf.Exercise: Configuring the Solaris IP Filter Firewall Working on the Router on Your Subnet Continue as follows on the same router system on which you have been working: 10. _____________________________________________________________ Working on a Non-Router System on Your Subnet Continue as follows on a non-router system on the same subnet on which you have been working: 13.conf file. Update the Solaris IP Filter firewall configuration to include the new rule by using the ipf command.1 . Inc. Be sure to query a DNS server on that other network. Sun Services. Update the Solaris IP Filter firewall configuration to permit DNS traffic to be sent and received. _____________________________________________________________ 12. All Rights Reserved.

_____________________________________________________________ 17. Update the Solaris IP Filter firewall configuration to include the new rule by using the ipf command. Write the rules that you entered in the /etc/ipf/ipf. Update the Solaris IP Filter firewall configuration to permit FTP traffic to pass from the local subnet to the instructor system only.conf file. Inc. be more responsive to the DNS traffic. Log any traffic that matches one of the rules that you define. Assume that your system will get more DNS traffic than FTP traffic. Verify the rules by using the ipfstat command. you can proceed with writing rules to allow FTP through the router firewall system. Revision A. appropriately. _____________________________________________________________ 15.1 13-29 . Placing the new FTP rules after the DNS rules would recognize this and. Even though this group of steps is to be performed on your router system. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 16. Hint: Use the keep state keywords in your rules. Once you verify this. _____________________________________________________________ Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. All Rights Reserved. verify that your firewalls are functioning properly by insuring that you cannot initiate an FTP session from your non-router system to the instructor machine.Exercise: Configuring the Solaris IP Filter Firewall Working on the Router on Your Subnet Continue as follows on the same router system on which you have been working: 14. before configuring rules for FTP. Sun Services.

View the log file created by the ipmon command.1 . Inc. Sun Services. You will now be using FTP to connect to another system on another subnet across your firewall router. 19. All Rights Reserved. Revision A. Use FTP to access the instructor system. _____________________________________________________________ Working on a Non-Router System on Your Subnet Continue as follows on any non-router system on your subnet.Exercise: Configuring the Solaris IP Filter Firewall 18.log file. _____________________________________________________________ 13-30 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Use the ipmon command as a daemon to log information to the /var/tmp/ipfilter. Use FTP to access a system on another subnet. _____________________________________________________________ What behavior do you see? _____________________________________________________________ 20. _____________________________________________________________ What behavior do you see? _____________________________________________________________ Working on the Router on Your Subnet Complete as follows on the same router system on which you have been working: 21.

Inc.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences.1 13-31 . All Rights Reserved. q q q q ! ? Experiences Interpretations Conclusions Applications Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. or discoveries you had during the lab exercise. Revision A. issues. Sun Services.

1 . Now you can proceed with configuring the firewall and have confidence that your working blocking rule will be responsible for blocking telnet requests and not some other networking issue. Working on a Non-Router System on Your Subnet To enable the packet filter to block all incoming telnet requests to your system. These solutions use sys12 as the example non-router system and sys11 as the example router system.edu Escape character is '^]'. Sun Services. Revision A. The first set of exercise steps is to configure packet filtering in order to prevent any telnet requests from reaching your system.10 Generic January 2005 Welcome to SA300-S10_A on sys12 sys12# exit Connection to sys12. SunOS 5. Solution results vary accordingly.edu Sun Microsystems Inc.one. terminate the telnet session..one. sys13# This proves that your system responds to the telnet request as expected.. sys13# telnet sys12 Trying 192. Connected to sys12.one.1. Use another system to verify that your network is functioning properly and that your system can be accessed with the telnet utility. All Rights Reserved. After you verify that telnet access is permitted.2.168. login: root Password: Last login: Mon Dec 20 03:46:26 from sys13. Task 1 Solutions In the first part of the lab you will configure the Solaris IP Filter firewall’s rules to show how to enable and disable access to services on a host and a network.edu closed by foreign host. perform the following: 1.Exercise Solutions Exercise Solutions Solutions to this exercise are provided in the following sections. 13-32 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc.

168.1.1 netmask ff000000 hme0: flags=1000843<UP. Edit the /etc/ipf/ipf.2/32 port = 23 # Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems..2 netmask ffffff00 broadcast 192.VIRTUAL> mtu 8232 index 1 inet 127.RUNNING.. Revision A.LOOPBACK.ap .RUNNING.1.MULTICAST.255 4.IPv4.. Do this by removing the comment from the appropriate interface learned in the previous step.MULTICAST..Exercise Solutions 2.conf # # IP Filter rules to be loaded during startup # # See ipf(4) manpage for more information on # IP Filter rules syntax. Determine the current status of the svc:/network/ipfilter and svc:/network/pfil services by using the svcs command. Sun Services.168. sys12# svcs -a | grep network | egrep "pfil|ipf" disabled 8:31:38 svc:/network/ipfilter:default online 8:31:42 svc:/network/pfil:default 3. #qe hme #qfe .conf file and add the relevant rules to block all incoming telnet requests to your system.IPv4> mtu 1500 index 2 inet 192.ap file.1.BROADCAST.0.168. Inc. Your configuration file should look similar to the following: sys12# cat /etc/ipf/pfil. Edit the Solaris IP Filter firewall’s autopush configuration file to specify the network interface for packet filtering on your system. 5. sys12# ifconfig -a inet lo0: flags=2001000849<UP. Your file should have contents similar to the following: sys12# cat /etc/ipf/ipf. All Rights Reserved.conf # # ipf. Which file do you edit? The /etc/ipf/pfil.1 13-33 . block in proto tcp from any to 192.0. Use the ifconfig command to determine to which interface to apply filter rules.

Start the service. Connected to sys12.1. Verify that the service started. b. Verify that. Sun Services.. After you verify that telnet access is permitted. and write the command that you use.edu closed by foreign host.one.2.10 Generic January 2005 Welcome to SA300-S10_A on sys12 sys12# exit Connection to sys12. 13-34 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. The system is not secure at this point.one.168. filtering rules do not take effect when the service is enabled.conf file.Exercise Solutions 6. it is possible to use the telnet utility to access from another system to your system. Inc.1 . Escape character is '^]'. Revision A. sys13# Caution – Although you added a blocking rule in the /etc/ipf/ip. All Rights Reserved.one. although a rule to block telnet access was established and the ipfilter service enabled.edu Sun Microsystems Inc. SunOS 5. Enable the packet filter. the service is configured to run automatically on subsequent system boots. sys12# svcadm enable svc:/network/ipfilter:default sys12# svcs -a | grep -i ipf online 3:48:09 svc:/network/ipfilter:default 7.. and write the command that you use. sys13# telnet sys12 Trying 192. a. Note that when enabled in this manner.edu. terminate the telnet session. login: root Password: Last login: Mon Dec 20 03:46:26 from sys13.

Inc.1.1 netmask ff000000 hme0: flags=1000843<UP.1. and broadcast address. As done previously. Use the ifconfig command to determine the configuration of your system’s interfaces..VIRTUAL> mtu 8232 index 1 inet 127. From the command line force the pfild daemon to read the rule file by performing the following steps. Sun Services. Document the relevant interface information.0.RUNNING. Revision A.1.Exercise Solutions 8.) a.LOOPBACK. Force the autopush configuration file to be read by using the following command: Unplumb your system’s interface. sys12# ifconfig -a inet lo0: flags=2001000849<UP.1 13-35 . d. mask.MULTICAST. sys12# autopush -f /etc/ipf/pfil.168. Plumb your system’s interface to load the packet filter into the interface’s IP stack. sys13# telnet sys12 Trying 192. such as IP address.255 b. (You can also reboot the system to accomplish the same effect.IPv4. telnet: Unable to connect to remote host: Connection timed out sys13# You should observe that telnet access is now blocked.168. All Rights Reserved.1.1.2 netmask 0xffffff00 broadcast 192.168.BROADCAST.2.0.168..ap c.168. use another system and attempt to use the telnet utility to determine if your system permits a telnet connection.MULTICAST.IPv4> mtu 1500 index 3 inet 192. sys12# ifconfig hme0 down unplumb sys12# ifconfig hme0 plumb 192.255 up 9.2 netmask ffffff00 broadcast 192. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.RUNNING.

168.1.168.0/24 to 192. All Rights Reserved. sys13# telnet 192.2.1. Escape character is ’^]’.168. Sun Services.1 .168.168. Inc. You should observe that telnet access succeeds on the local subnet only. Edit the Solaris IP Filter firewall configuration file by adding a new rule that: q Permits incoming telnet access only from other hosts on your local subnet Stops processing of subsequent rules by using the quick keyword. it should be placed before the old rule to permit local telnet access only.. Attempt to establish a telnet session to your system from a host on the local subnet and from a host on another subnet.2/32 port = telnet block in proto tcp from any to 192.1.Exercise Solutions The next steps are to configure your system to permit incoming telnet requests from the local subnet. the old rule attempts to block the telnet requests and then the new rule permits telnet access from the local subnet. but block telnet requests from all other networks and not process any other rules. 10.168.1. Update the Solaris IP Filter firewall configuration to include the new rule by using the following ipf command: sys12# ipf -Fa -f /etc/ipf/ipf.2/32 port = 23 Did you put the new rule before or after the existing rule? Why? Because you used the quick keyword in the new rule. Validate that the new configuration is working.2 Trying 192.conf file: pass in quick proto tcp from 192.1.2/32 port = telnet 13.1..1. 11. Revision A. Connected to sys12. q Write the rule that you entered in the /etc/ipf/ipf.conf 12. login: sys22# telnet 192.168..168.1. If you place it after the old the rule.168.. Display the new rule set by using the ipfstat command.1.0/24 to 192. 13-36 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.2 Trying 192. sys12# ipfstat -io empty list for ipfilter(out) pass in quick proto tcp from 192.2.

1.1.1. sys21# telnet 192. Verify that the systems can properly communicate across subnets by establishing an appropriate telnet session that passes through your router system. Edit the Solaris IP Filter firewall’s autopush configuration file to specify the network interfaces for packet filtering on your router system..Exercise Solutions Working on the Router on Your Subnet The next steps configure your router to block all telnet requests from outside your subnet to any system on your subnet. Your configuration file should look similar to the following: sys11# cat /etc/ipf/pfil. Now that you have established successful communication you can have confidence that subsequent failed sessions will be the result of a firewall configured properly..) Which file do you edit? The /etc/ipf/pfil.. Escape character is '^]'. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.168. #qe hme qfe #eri .. Connected to 192. 14.thirty Sun Microsystems Inc.ap .1. Sun Services.168. SunOS 5.10 Generic January 2005 Welcome to SA300-S10_A on sys11 sys11# exit Connection to 192.1 Trying 192... Do this by removing the comments from the appropriate interfaces. All Rights Reserved. Terminate the telnet session after you verify successful communication. login: root Password: Last login: Mon Dec 20 05:54:27 from sys21ext.168. and not some other networking issue. 15. Inc.168.1 13-37 .ap file. Revision A.1.1 closed by foreign host. (The ifconfig command shows the interfaces.1.

BROADCAST. sys11# ifconfig hme0 down unplumb sys11# ifconfig qfe2 down unplumb 13-38 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.BROADCAST.MULTICAST. Inc.RUNNING. and routing information. c. sys11# cat /etc/ipf/ipf.168. sys11# svcadm enable svc:/network/ipfilter:default sys11# svcs -a | grep ipfilter online 5:56:23 svc:/network/ipfilter:default 18. Sun Services.1 netmask ffffff00 broadcast 192. sys11# svcs -a | grep ipfilter disabled 8:31:38 svc:/network/ipfilter:default b. Unplumb your system’s interfaces. Revision A.conf block in on qfe2 proto tcp from any to 192. Start the service.IPv4> mtu 1500 index 2 inet 192.1.0.0. (You can also reboot the system to accomplish the same effect.255 qfe2: flags=1100843<UP.MULTICAST.0/24 port = 23 17.ROUTER.MULTICAST.Exercise Solutions 16. sys11# ifconfig -a inet lo0: flags=2001000849<UP.RUNNING. such as IP address. Edit the relevant file on your router system and add rules to block all incoming telnet requests to your local subnet that do not originate from the local subnet.31 netmask ffffff00 broadcast 192. and write the command that you use.168.1 netmask ff000000 hme0: flags=1100843<UP.LOOPBACK.ROUTER. and write the command that you use. Verify the status of the svc:/network/ipfilter service. Verify that the service started.30.168. From the command line force the pfild daemon to read the rule file by performing the following steps. Document the relevant interface information.255 c.1 . Enable the packet filter by performing the following steps: a.30. All Rights Reserved. mask. broadcast address.IPv4> mtu 1500 index 3 inet 192. sys11# autopush -f /etc/ipf/pfil.1. Force the autopush configuration file to be read by using the following command: Determine the configuration of your system’s interfaces. Document the file that you edit and your rules.IPv4.RUNNING. and write the command that you use.ap b.) a.1.168.VIRTUAL> mtu 8232 index 1 inet 127.168.

30.Exercise Solutions d.1. Write the rule that you entered in the /etc/ipf/ipf. sys21# telnet 192. sys11# ifconfig hme0 plumb 192.conf file: block out quick proto icmp from any to any icmp-type 0 Note that even though the first rule uses the quick keyword.168. Sun Services.1 netmask 0xffffff00 broadcast + up sys11# ifconfig qfe2 plumb 192. All Rights Reserved. sys13# ping sys12 sys12 is alive sys13# 20. Plumb and restore your system’s interface configurations to load the packet filter into the interface’s IP stack.168..1. Inc. Update the Solaris IP Filter firewall’s configuration file to include a rule on the last line that blocks outgoing ICMP echo replies from the host. Revision A.1 13-39 . The next steps block your non-router system from sending any outgoing ICMP echo replies. Before establishing a blocking rule. Working on a Non-Router System on Your Subnet Continue as follows on the same non-router system on which you have been working: 19. third rule because the first rule will not match ICMP traffic and therefore the quick keyword will not apply.31 netmask 0xffffff00 broadcast + up e..168. Verify that the rule functions as expected by using the telnet command. ping traffic will reach this new. telnet: Unable to connect to remote host: Connection timed out sys21# You should observe that local telnet traffic is permitted but traffic initiated from another subnet is not. verify that you are now able to contact your system from another system on your local subnet by using the ping command.1.168.1 Trying 192. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.1.

168. root. Verify the rules by using the ipfstat command.. id: 1914 . global options: printcmd ..arpa.2. Verify that a local system can successfully perform DNS lookups across routers.2..sys22. IN A ..168.4.2.in-addr. 86400 IN NS sys23..edu. 86400 IN SOA sys22.edu.168.. 2005010101 3600 1800 6048000 86400 . QUERY: 1. ->>HEADER<<. AUTHORITY: 2.arpa.2.in-addr.168..1.arpa.1 .2 two.168.two.1.2/32 port = telnet # 23.4 .) sys13# dig @192.edu... Query time: 4 msec .168. ANSWER: 1. 86400 IN NS sys22. Got answer: . Inc.192. id: 1194 . . WHEN: Wed Jan 12 08:19:05 2005 .edu -x 192. Test that the new rule is functioning correctly by using the ping command from the test system again.edu.2) . All Rights Reserved.two.1.168.2/32 port = telnet block in proto tcp from any to 192.2#53(192.two.in-addr.. AUTHORITY SECTION: 2.168.2 two.conf 22.opcode: QUERY.168.2.edu.2.168. Use the dig command to find the IP address of a system on another network. flags: qr aa rd ra. Revision A.192. ->>HEADER<<. Update the Solaris IP Filter firewall configuration to include the new rule by using the ipf command. ..opcode: QUERY.Exercise Solutions 21.. IN PTR . ANSWER: 0. QUESTION SECTION: .two.edu.arpa.4 . ADDITIONAL SECTION: 13-40 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems..0/24 to 192.168.two.168. SERVER: 192. sys12# ipf -Fa -f /etc/ipf/ipf. (Successful completion of this step will aid you in later steps when you write rules to specifically allow DNS through firewalls.edu -x 192. ANSWER SECTION: 4. AUTHORITY: 1. AUTHORITY SECTION: two. 2. status: NOERROR. ADDITIONAL: 2 .4 <<>> @192.. Got answer: .two.192.2..2.2.edu. status: NOERROR.168. ADDITIONAL: 0 .in-addr.192. Sun Services. QUERY: 1. 86400 IN PTR sys24... QUESTION SECTION: . sys13# ping sys12 no answer from sys12 24. flags: qr aa rd ra. <<>> DiG 9. sys12# ipfstat -io block out quick proto icmp from any to any icmp-type echorep pass in quick proto tcp from 192. MSG SIZE rcvd: 72 .

2. Remove all existing rules currently in the configuration file.edu.Exercise Solutions sys22. Inc. SERVER: 192. sys11# ipf -Fa -f /etc/ipf/ipf.3 Task 2 Solutions In the second part of the lab you restrict access to your subnet by disabling all services except a defined set. 86400 IN . Revision A.168. and write and document the new rules that you entered in the /etc/ipf/ipf.. 86400 IN sys23.1 13-41 .two.2 192. Reboot all of the non-router systems.2. sys12# init 6 Remove all of the rules in the /etc/ipf/ipf.conf file. The /etc/ipf/ipf.168..2#53(192. Working on the Router on Your Subnet Perform the following: 1. 5. Edit the Solaris IP Filter firewall’s rules to block all traffic on the router.edu..168.conf file should be empty. Verify the rules by using the ipfstat command. Sun Services.two.. sys11# ipfstat -io block out all block in all # Working on Each Non-Router System on Your Subnet Continue as follows on the same non-router system on which you have been working: 4.2. MSG SIZE rcvd: 141 A A 192. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems. Update the Solaris IP Filter firewall configuration to include the new rules by using the ipf command. All Rights Reserved. WHEN: Wed Jan 12 08:19:05 2005 . Query time: 1 msec .2.2) .168.conf file. block in all block out all 2.conf 3.

Revision A.Exercise Solutions The reboot is performed as an easy way to flush cached information on the non-router systems. Verify the rules by using the ipfstat command. It is not a necessary part of the Solaris IP Filter firewall’s configuration.conf 8.1 . Sun Services. Before the existing block out all and block in all rules. Working on the Router on Your Subnet Continue as follows on the same router system on which you have been working: 6. All Rights Reserved. write the rules that you entered in the /etc/ipf/ipf. Update the Solaris IP Filter firewall configuration to permit routing information traffic to be sent and received.conf file: pass pass pass pass pass pass in quick proto udp from any to any port = 520 out quick proto udp from any to any port = 520 in quick proto udp from any to any port = 521 out quick proto udp from any to any port = 521 in quick proto icmp from any to any icmp-type 10 out quick proto icmp from any to any icmp-type 9 7. sys11# ipf -Fa -f /etc/ipf/ipf. sys11# ipfstat -io pass out quick proto udp from any to any port = route pass out quick proto udp from any to any port = ripngd pass out quick proto icmp from any to any icmp-type routerad block out all pass in quick proto udp from any to any port = route pass in quick proto udp from any to any port = ripngd pass in quick proto icmp from any to any icmp-type routersol block in all 13-42 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Inc. Update the Solaris IP Filter firewall configuration to use the new rules by using the ipf command.

0. sys11# ipf -Fa -f /etc/ipf/ipf.168.-------------------.0. All Rights Reserved.0. for example) or in the snoop trace (router advertisements for example.0.) Working on the Router on Your Subnet Continue as follows on the same router system on which you have been working: 10.. Verify the rules by using the ipfstat command.168.--------192.1. Test that the new rules function correctly by checking the configuration of the routing tables on the non-router hosts and by snooping the network to look for routing packets.----.----.255 RIP R (3 destinations) .1.1. Revision A. Update the Solaris IP Filter firewall configuration to permit DNS traffic to be sent and received.1.-----.168.0 192.1 UG 1 0 hme0 127.168. Sun Services.. sys11# ipfstat -io pass out quick proto udp from any to any port = domain keep state Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.. Update the Solaris IP Filter firewall configuration to include the new rule by using the ipf command.conf file. write the rules that you entered in the /etc/ipf/ipf.1 UH 4 77 lo0 sys12# sys12# snoop .1.1 13-43 .2 U 1 0 hme0 224.255 RIP R (3 destinations) sys11 -> 192. sys11 -> 192.1 127. You should see evidence of routing information in the routing table (a default route.conf 12.0. but no other non-routing services.Exercise Solutions Working on a Non-Router System on Your Subnet Continue as follows on the non-router system on which you have been working: 9.0 192. pass in quick proto udp from any to any port = 53 keep state pass out quick proto udp from any to any port = 53 keep state 11..168.1. At the beginning of the configuration file.168. sys12# netstat -rn -f inet Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------.0.2 U 1 0 hme0 default 192. Inc.

2.2.168.1 .168..edu.4 .168.in-addr..edu.edu..two.two. ADDITIONAL SECTION: sys22.. 86400 IN SOA sys22.168. ->>HEADER<<. ADDITIONAL: 0 . status: NOERROR..2) . All Rights Reserved.168..192.192..168.opcode: QUERY.two.2 two.2. QUESTION SECTION: . id: 1194 . ANSWER: 0. ANSWER SECTION: 4.two.. Got answer: .4 <<>> @192. flags: qr aa rd ra. ANSWER: 1. Be sure to query a DNS server on that other network.168.edu. MSG SIZE rcvd: 72 . Revision A.2 sys23. AUTHORITY: 2. ..192. 2005010101 3600 1800 6048000 86400 .2. Sun Services.in-addr. QUERY: 1.opcode: QUERY. Query time: 4 msec .in-addr. . flags: qr aa rd ra.2 two.2.192. QUESTION SECTION: . ADDITIONAL: 2 .2. 86400 IN A 192.2.2.two.. 2.2.2. AUTHORITY SECTION: 2.arpa. Inc.arpa. QUERY: 1.2#53(192. <<>> DiG 9.168.two.. AUTHORITY SECTION: two.4. 86400 IN NS sys22. 86400 IN PTR sys24.edu. ->>HEADER<<.edu. AUTHORITY: 1.edu.2.edu.two.3 13-44 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems..168.arpa.edu -x 192.. id: 1914 . 86400 IN NS sys23. sys13# dig @192.168.Exercise Solutions pass out quick proto udp from any to any port = route pass out quick proto udp from any to any port = ripng pass out quick proto icmp from any to any icmp-type routerad block out all pass in quick proto udp from any to any port = domain keep state pass in quick proto udp from any to any port = route pass in quick proto udp from any to any port = ripng pass in quick proto icmp from any to any icmp-type routersol block in all Working on a Non-Router System on Your Subnet Continue as follows on a non-router system on the same subnet on which you have been working: 13. global options: printcmd . Use the dig command to find the IP address of a system on another network.two..edu -x 192. root.168.sys22..edu.. IN A . IN PTR .in-addr.arpa. SERVER: 192.4 . WHEN: Wed Jan 12 08:19:05 2005 . Got answer: . 86400 IN A 192..168. status: NOERROR.

. Inc.. Sun Services.2) WHEN: Wed Jan 12 08:19:05 2005 MSG SIZE rcvd: 141 Working on the Router on Your Subnet Continue as follows on the same router system on which you have been working: 14.2. sys12# ftp 192...168.168. Revision A. you can proceed with writing rules to allow FTP through the router firewall system.2#53(192.30. before configuring rules for FTP. verify that your firewalls are functioning properly by ensuring that you cannot initiate an FTP session from your non-router system to the instructor machine.1 13-45 .168. Once you verify this. Even though this group of steps is to be performed on your router system. All Rights Reserved. ..Exercise Solutions . .30 ftp: connect: Connection timed out ftp> bye sys12# Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.2. Query time: 1 msec SERVER: 192.

1. Hint: Use the keep state keywords in your rules.168.30/32 port = 20 keep state pass in quick proto udp from any to any port = route pass in quick proto udp from any to any port = ripng pass in quick proto icmp from any to any icmp-type routersol block in all 18.0/24 to 192.168.30.Exercise Solutions 15.30.0/24 to 192.30/32 port = 20 keep state pass in log quick on qfe2 from 192.30/32 port = 20 keep state pass out log quick on qfe2 from 192.168.168.log file.168.168.1.168. appropriately. Update the Solaris IP Filter firewall configuration to permit FTP traffic to pass from the local subnet to the instructor system only.30/32 port = 21 keep state pass out log quick on qfe2 from 192.30/32 port = 21 keep state pass in log quick on qfe2 from 192.1.168.30.168.0/24 to 192.30. sys11# ipfstat -io pass out quick proto udp from any to any port = domain keep state pass out log quick on hme0 from 192.168.0/24 to 192.30.168.30/32 port = 21 keep state out log quick on hme0 from 192.168. Log any traffic that matches one of the rules that you define.0/24 to 192. Sun Services.30/32 port = 21 keep state in log quick on qfe2 from 192.168.1.0/24 to 192.1.log 13-46 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Placing the new FTP rules after the DNS rules would recognize this and.30.168.168.30. Update the Solaris IP Filter firewall configuration to include the new rule by using the ipf command.168.0/24 to 192.30/32 port = 21 keep state pass out log quick on hme0 from 192.30/32 port = 21 keep state in log quick on hme0 from 192.30/32 port = 20 keep state pass out quick proto udp from any to any port = route pass out quick proto udp from any to any port = ripng pass out quick proto icmp from any to any icmp-type routerad block out all pass in quick proto udp from any to any port = domain keep state pass in log quick on hme0 from 192.168.30/32 port = 20 keep state out log quick on hme0 from 192.168.30.168.30.30/32 port = 20 keep state in log quick on qfe2 from 192.conf file. pass pass pass pass pass pass pass pass in log quick on hme0 from 192.168.168.30/32 port = 20 keep state 16. Revision A.30.30/32 port = 20 keep state out log quick on qfe2 from 192.0/24 to 192.1.0/24 to 192.0/24 to 192.168.0/24 to 192.168.168. All Rights Reserved.0/24 to 192.1.0/24 to 192.0/24 to 192.1 . Use the ipmon command as a daemon to log information to the /var/tmp/ipfilter.30.1. Inc.30. Assume that your system will get more DNS traffic than FTP traffic. Write the rules that you entered in the /etc/ipf/ipf. sys11# ipf -Fa -f /etc/ipf/ipf.30.168.168.30/32 port = 21 keep state out log quick on qfe2 from 192. Verify the rules by using the ipfstat command. # ipmon -D /var/tmp/ipfilter.1.168.conf 17.1.30. be more responsive to the DNS traffic.30.1.30.1.168.30/32 port = 21 keep state pass in log quick on hme0 from 192.168.168.1.168.0/24 to 192.1.1.1.168.0/24 to 192.

Name (192.30.168.168.1 13-47 .168. 20.30 Connected to 192. Revision A.thirty. 19.Exercise Solutions Working on a Non-Router System on Your Subnet Continue as follows on any non-router system on your subnet.30.2. Sun Services. Inc.3 ftp: connect: Connection timed out ftp> What behavior do you see? The attempt to connect fails. 220 instructor.30:root): What behavior do you see? The attempt to connect succeeds.30.edu FTP server ready. sys13# ftp 192. Use FTP to access a system on another subnet. Use FTP to access the instructor system. All Rights Reserved. You will now be using FTP to connect to another system on another subnet across your firewall router. sys13# ftp 192.30. Configuring the Solaris™ IP Filter Firewall Copyright 2005 Sun Microsystems.168.

168.1.224950 qfe0 @0:2 len 20 40 -A K-S OUT 03/02/2005 14:13:12. sys11# cat /var/tmp/ipfilter.30.32788 -> 192.168.3.168.21 PR tcp p 192.274309 hme0 @0:2 len 20 40 -A K-S IN 03/02/2005 14:13:12.223821 qfe0 @0:2 len 20 52 -S K-S OUT 03/02/2005 14:13:12.21 -> 192.30.168.30.168.30.21 PR tcp 13-48 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.32788 -> 192.21 -> 192.3.30.30.168.168.3.32788 -> 192.30.32788 -> 192.30.30.3.168.30.3.168.1 .1.32788 PR tcp p 192.274326 qfe0 @0:2 len 20 40 -A K-S OUT p 192.3.30.3.30.168.21 PR tcp p 192.168.1.32788 PR tcp p 192.168.Exercise Solutions Working on the Router on Your Subnet Complete as follows on the same router system on which you have been working: 21.32788 PR tcp p 192.log 03/02/2005 14:13:12.1.224270 qfe0 @0:2 len 20 52 -AS K-S IN 03/02/2005 14:13:12.1. All Rights Reserved.224930 hme0 @0:2 len 20 40 -A K-S IN 03/02/2005 14:13:12.30.21 PR tcp p 192.224486 hme0 @0:2 len 20 52 -AS K-S OUT 03/02/2005 14:13:12.30.168.1.168.30.30.168.1.168.3.168.168. Revision A.1. Sun Services.274058 qfe0 @0:2 len 20 85 -AP K-S IN 03/02/2005 14:13:12.1.30. Inc.21 PR tcp p 192.30.21 -> 192.168.21 PR tcp p 192.3.223769 hme0 @0:2 len 20 52 -S K-S IN 03/02/2005 14:13:12.32788 PR tcp p 192.30.32788 -> 192.1.274078 hme0 @0:2 len 20 85 -AP K-S OUT 03/02/2005 14:13:12.168.3.32788 -> 192.30.21 -> 192. View the log file created by the ipmon command.

1 . Using NTP to Control and Synchronize System Clocks – Part I: Introduction to NTP. Sun BluePrints OnLine part number 816-1475-10. All Rights Reserved. Sun Microsystems. Inc. System Administration Guide: Advanced Administration. part number 806-4077-10. Sun BluePrints OnLine part number 816-0092-10. q q q q q q q Bibliography1-1 Copyright 2005 Sun Microsystems. part number 806-4078-10. Sun Microsystems. part number 806-7009-10. Inc. Revision A. Sun Services. Sun Microsystems. System Administration Guide: IP Services. Using NTP to Control and Synchronize System Clocks – Part II: Basic NTP Administration and Architecture. Inc.Bibliography Sun Microsystems Publications The following publications are available from Sun Microsystems: q Sun Microsystems. and LDAP). Inc. Inc. part number 806-4075-11. Using NTP to Control and Synchronize System Clocks – Part III: NTP Monitoring and Troubleshooting. Inc. part number 806-4074-10. Inc. Sun Microsystems. Sun BluePrints OnLine part number 816-2353-10. Inc. System Administration Guide: Naming and Directory Services (DNS. Inc. System Administration Guide: Security Services. Solaris Tunable Parameters Reference Manual. Sun Microsystems. Sun Microsystems. NIS. Sun Microsystems.

Sun Certified Net Administration for Solaris 8 Study Guide. Huitema. Upper Saddle River. IPv6 The New Internet Protocol. DNS & BIND. Rick. San Francisco: Morgan Kaufmann. Upper Saddle River.. Douglas. Routing in the Internet. Comer. Comer. Charles E.. 2000.1 . All Rights Reserved.. NJ: Prentice Hall. 1995. q q q q q q q q The following book can be used when studying for the Solaris 8 Network Certification Exam: Bushnell. NJ: Prentice Hall. Ethernet: The Definitive Guide. Sebastopol. Bibliography-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Third Edition. Pete. CA: Addison-Wesley. Menlo Park. Inc. NJ: Prentice Hall. 1999. Upper Saddle River. 1995. Second Edition. Spurgeon. Perlman. Sebastopol. 2002. 1999. NJ: Prentice Hall. NJ: Prentice-Hall. Vol. Routing in the Internet. Christian. Huitema. Christian. and Cricket Liu. CA: O’Reilly & Associates. CA: O’Reilly & Associates. Paul. 2001. Loshin.Books Books The following books were used to create this course: q Albitz. Internetworking With TCP/IP. Inc. Second Edition. Radia. Inc. Second Edition. Inc. Fourth Edition. Douglas E. Englewood Cliffs. Christian. Revision A. IPv6 Clearly Explained. Upper Saddle River. Sun Services. NJ: Prentice Hall. 1991.. 1. Inc. 1998. Inc. Upper Saddle River. Huitema. Internetworking with TCP/IP. 1999. Second Edition. Interconnections. Inc.

Available: www. The Solaris OS online manual pages. Sun Services. All Rights Reserved. Information on Time and Frequency Services. [Online]. Available: http://www. David.Online References Online References Many online references were used to create this course. q q q q Bibliography Copyright 2005 Sun Microsystems. Windl. Inc.sun.htm.edu/~mills/ntp/. [Online].ntp.com/solutions/blueprints/ Sun BluePrints Web site. Last accessed: 03/04/2000.com Web site.1 Bibliography-3 .org/ntpfaq/NTP-a-faq. last accessed: 2000. Dalton. The http://docs. including: q Mills. U. and D.udel. Revision A.sun. What about NTP?: Understanding and Using the Network Time Protocol (A First Try on a Non-Technical Mini-HOWTO and FAQ on NTP).eecis. The http://www.

Rekhter. and E. Moskowitz. Inc. 1998. Network Working Group Request for Comments: 2462. Network Working Group Request for Comments: 1305. q q q q q q q Bibliography-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems.RFCs RFCs Many RFCs were used to create this course. Karrenberg. Hinden.. and T. Revision A. Network Working Group Request for Comments: 2461. Thomson. David. Implementation and Analysis. All Rights Reserved.. Y. Lear. G. Sun Services. including: q q RFC 1323: TCP Extensions for High Performance. Version 6 (IPv6) Specification. 1998. 1997. and W. Network Working Group Request for Comments: 2460. Hinden. D. J. de Groot. B. 1996. 1998. Narten. and S... Fenner. RFC 2373: IP Version 6 Addressing Architecture. Deering. Network Working Group Request for Comments: 2463. and S. Conta. RFC 2461: Neighbor Discovery for IP Version 6 (IPv6). Nordmark. Deering. and S. 1998.. 1998.. Network Working Group Request for Comments: 2373. RFC 1305: Network Time Protocol (Version 3) Specification. Network Working Group Request for Comments: 1918.1 . Narten. RFC 2463: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification. A. E. Simpson. RFC 1918: Address Allocation for Private Internets. Deering. Version 2. RFC 2460: Internet Protocol. Network Working Group Request for Comments: 2236. Mills. R. S. T. R. RFC 2236: Internet Group Management Protocol. 1992. W. RFC: 2462: IPv6 Stateless Address Autoconfiguration.

A ACL (access control list) ACLs provide a higher level of file security than the standard UNIX file permissions. Sun Services. A 10BASE-T network has a data transfer rate of 10 megabits per second and uses unshielded twisted-pair wiring. such as login procedures.1 . Revision A. word processing or inventory tracking). which handles services. Application layer In the International Standards Organization/Open Systems Interconnection (ISO/OSI) model of network standards. ANSI American National Standards Institute. application A program that combines all the functions necessary for the user to accomplish a particular set of tasks (for example. All Rights Reserved.Glossary/Acronyms Numerals 10BASE-T An evolution of Ethernet technology that succeeded 10BASE-5 and 10BASE-2 as the most popular method of physical network implementation. ACLs give a file owner the ability to permit access to that file or directory to one or more specific users or groups and to set the default permissions for specific users or groups. AH Authentication header. Glossary-1 Copyright 2005 Sun Microsystems. file and print server operation. and other basic functions. Inc. the seventh layer.

caching-only server A domain name server that is not authoritative for any domain. It does not have aliasing or history capabilities. A cache increases effective memory transfer rates and processor speed. AS Autonomous system. The Ethernet broadcast address is all 1s (ff:ff:ff:ff:ff:ff in hexadecimal). C cache A buffer of high-speed memory filled at medium speed from main memory.1 . Sun Services. This server queries servers that have authority for the information needed and caches that data. ARP is limited to networks that support hardware broadcast. B BCC Block-check character. Glossary-2 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. the broadcast address represents broadcasts to the network.ARP (Address Resolution Protocol) The Internet protocol that dynamically maps Internet addresses to physical (hardware) addresses on local area networks. Inc. often with instructions or the most frequently accessed information. Bourne shell The Bourne shell is the default shell for the Solaris Operating Environment. All Rights Reserved. ASCII (American Standard Code for Information Interchange) A standard assignment of 7-bit numeric codes to characters. broadcast address One of three types of Ethernet addresses. A host sends a message to all hosts on the local Ethernet using a broadcast address. boot (bootstrap) To load the system software into memory and start it. Revision A. BIND Berkeley Internet Name Domain.

CDE (Common Desktop Environment) This is a graphical user interface between the user and the operating system. Inc. accepted. client-server model A client-server environment is a network environment that contains at least one of each of the following: q Server – A host or a process that provides services to other systems on the network. It features two to three twists per inch used in 10BASE-T and 100BASE-TX networks.1 Glossary-3 . Sun Services. It provides built-in menus for users to select and run utilities and programs without using the Solaris 2. Glossary/Acronyms Copyright 2005 Sun Microsystems. Category 3 Category 3 twisted-pair cabling is a voice-grade cable. CCITT Comite Consultatif Internationale de Telegraphie et Telephonie. and it enables routing information to be aggregated to reduce the size of routing tables on backbone routers.canonical Characteristic of adhering to standard. CIDR enables more efficient allocation of IP address space. It enables users to control multiple working documents or applications on the screen at the same time. or authoritative procedures or principles.x OE commands. CIDR (classless inter-domain routing) This type of routing was introduced as a stop-gap solution to the Class B IPv4 address exhaustion and routing table explosion. Revision A. Category 5 Category 5 twisted-pair cable is a data-grade cable. All Rights Reserved. q CNAME Canonical name. Client – A host or a process that uses services provided by servers. It is used to determine if the file contents have changed. It features two to three twists per foot and is used in 10BASE-T and 100BASE-T4 networks. checksum A checksum is a number that is calculated from the binary bytes of the file.

datagram The Internet Protocol (IP) datagram is the basic unit of information that is passed on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. maintaining. Inc. Revision A. de-encapsulation The process of removing a header from a segment of data when systems are communicating with each other. D daemon A process that performs a particular system task. All Rights Reserved.1 . CSMA/CD (carrier sense multiple access/collision detection) The Ethernet access method protocol used to control packet transmission and flow over the Ethernet hardware. and releasing services between network entities.connectionless A type of data transfer in which self-contained messages are delivered without acknowledgement of receipt. Datagrams contain at least data and destination addresses. Glossary-4 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. Sun Services. CRC (cyclical redundancy check) A system of error checking performed at both the sending and receiving station after a block-check character (BCC) has been accumulated. the second layer. User Datagram Protocol (UDP) is an example of a protocol in which a connection is not necessary. Transmission Control Protocol (TCP) is an example of a connection-oriented protocol. decryption The process of converting coded data to plain text. connection-oriented A type of data transfer in which a connection with another system must be established before exchanging data. which enables establishing. Data Link layer In the International Standards Organization/Open Systems Interconnection (ISO/OSI) model.

EEPROM (electrically erasable programmable read-only memory) A nonvolatile PROM that can be written to as well as read from. and so on. It is required for the Network Information Service (NIS) database to work properly. In Sun workstations. domain The name assigned to a group of systems on a local network that share administrative files. encapsulation The process of adding a header to a segment of data when systems are communicating with each other. an EEPROM holds information about the current system configuration. DHCP selects an IP address from a preconfigured pool. Glossary/Acronyms Copyright 2005 Sun Microsystems.DHCP (Dynamic Host Configuration Protocol) This automatically assigns Internet Protocol (IP) addresses to Transmission Control Protocol/Internet Protocol (TCP/IP) client computers when the client joins the network. which is used to decrypt the information. This enables Internet communications using only host names. DNS (Domain Name System) DNS provides translations of host names into Internet Protocol (IP) addresses. Sun Services. ESP Encapsulation security payload. Revision A. called a key. All Rights Reserved. encryption The process of protecting information from unauthorized use by making the information unintelligible. EGPs Exterior gateway protocols. Inc. alternate boot paths. Encryption is based on a code.1 Glossary-5 . Ethernet A type of local area network that enables real-time communication between machines connected directly through cables. E EBCDIC Extended Binary Coded Decimal Interchange Code. This eliminates the need to maintain a static list of addresses for each client.

An example of a complete Ethernet address is 8:0:20:le:56:7:d.com. Glossary-6 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. hierarchy A classification of relationships in which each item except the top one (called the root) is a specialized form of the item above it. Inc. each one of them having their own authority.sun. An Ethernet address is a unique hardware address.Ethernet address The physical address of an individual Ethernet controller board. All Rights Reserved. The Ethernet address of every Sun workstation is unique and coded into a chip on the motherboard. H hierarchal domains A tree of domains or namespaces. Additional Ethernet interfaces are assigned different Ethernet addresses. where andy is the name of a host. andy.1 . Ethernet MAC address The physical address also known as the media access controller (MAC) or Ethernet address. It is called the hardware address or media access control (MAC) address. Revision A. Sun Services. FP Format prefix. FQDN (fully qualified domain name) A domain name that ends with a dot followed by a domain label of length zero (the root). EUI End-unit identifier. frame A series of bits with a well-defined beginning and a well-defined end. Each item can have one or more items below it in the hierarchy. It is 48 bits long. F FCS Frame check sequence. For example.

IANA Internet Assigned Numbers Authority. Revision A. The name must be unique on the network. and sequencing of data. reliability. or if multiple packets will arrive in the order they were sent. IGMP Internet Group Management Protocol. All Rights Reserved.1 Glossary-7 . The IP does not determine whether the packet will be delivered. and metropolitan area networks. Glossary/Acronyms Copyright 2005 Sun Microsystems. token bus.host name A unique name identifying a host machine connected to a network. ICMP (Internet Control Message Protocol) A network layer protocol that provides for routing. I IAB Internet Architecture Board. IP (Internet Protocol) The basic protocol of the Internet. IEEE (Institute of Electrical and Electronics Engineers) The standards organization that is responsible for developing networking standards relating to Ethernet. Sun Services. Inc. token ring. flow control. how long it will take. IGP (Interior Gateway Protocol) The protocol that enables the exchange or routing information between collaborating routers on the Internet. Protocols built on top of this protocol add the functions of connection and reliability. The hostname command determines a system’s host. Examples of IGPs include Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). hub The central device through which all hosts in a twisted-pair Ethernet installation are connected. ICANN Internet Corporation for Assigned Names and Numbers. It enables the unreliable delivery of individual packets from one host to another.

IPsec Internet Protocol Security Architecture. Each 8-bit field. 129. is represented by a decimal number between 0 and 255. IPv6 (Internet Protocol version 6) A new version designed to be an evolutionary step from the current version. ISO (International Organization for Standardization) An international standards body that reviews and approves independently designed products for use within specific industries. IPv6 is an increment to IPv4.31. for example.1 . a unique 32-bit number that identifies each host in a network. Glossary-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. user name. or octet. all for a provider fee. IPMP Internet Protocol Messaging Protocol. An IPv4 address is a unique number assigned to a host on a network.150. if that network has been registered with the Internet governing organization. This often includes a phone number access code. Internet Protocol version 4 (IPv4). All Rights Reserved. In addition.182. separated by periods. and software. such as the ISO/OSI model for computer networks. ISO also develops standards for information exchange. IPv6 provides a platform for new Internet functionality.IP address In Transmission Control Protocol/Internet Protocol (TCP/IP). IP network number The first octet or octets of an Internet Protocol (IP) address that uniquely identify an IP network within an organization. IPv4 addresses are 32 bits divided into four 8-bit fields. It is a 32-bit addressing scheme currently used as the dominant scheme. IPG Internet Gateway Protocol. Deploying IPv6. Revision A. IPv4 (Internet Protocol version 4) One of two versions of IP addressing. Inc. Sun Services. using defined transition mechanisms. and on the Internet. ISP (Internet service provider) A company providing an Internet package. does not disrupt current operations.

functions. JPG Joint Pictures Group. All Rights Reserved. mirror Disk mirroring is a feature that guards against component failure by writing the same data to two or more disk drives at the same time. L LAN (local area network) A group of computer systems in close proximity that can communicate by way of some connecting hardware and software.1 Glossary-9 .J JPEG Joint Pictures Expert Group. Glossary/Acronyms Copyright 2005 Sun Microsystems. memory. master server The server that maintains the master copy of the network information service database. layer One of a set of services. and protocols that span all open systems. It manages devices. MMF Multimode fiber. Sun Services. The kernel also controls the functions between the system programs and the system hardware. It has a disk and a complete copy of the operating system. M MAC Media access control. and daemons. JumpStart process An automatic installation process available in a network environment that enables system administrators to categorize machines and automatically install systems based on the machine’s category. swap. processes. Inc. K kernel The master program (core) of the Solaris Operating Environment. Revision A.

which converts it to a datagram.1 . Glossary-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. when the TCP adds an information header to a packet of data for decoding by the TCP on the remote machine.x Operating Environment is Network Information Service Plus (NIS+). NDP Neighbor Discovery Protocol. The default name service product available in the Solaris 2. The address is formatted into an initial domain part that is standardized for each of several addressing domains. the systems so connected. All Rights Reserved. the first three octets must contain a value of 01. The MTU is hardware specific. For example. consisting of up to 20 octets. Sun Services.5E. used to locate an Open Systems Interconnection (OSI) transport entity. N name service A name service provides a means of identifying and locating resources (traditionally host names and Internet Protocol [IP] addresses) available to a network. It is then passed to the Network layer. the hardware connecting various systems. network segment In Integrated Services Digital Network (ISDN). multicast address One of three types of Ethernet address. Informally.MTU (maximum transmission unit) An MTU is the largest amount of data that can be transferred across a given physical network. In Ethernet multicast addressing. and a domain-specific part that is the responsibility of the addressing authority for that domain. which enables routing and switching blocks of data between two devices that support Transport layer protocols over a connection. Network layer In the International Standards Organization/Open Systems Interconnection (ISO/OSI) model of network standards. Inc. the multicast address is used to send a message to a subset of hosts on a network. Revision A. which converts it to a frame. the expanded packet is referred to as a segment. The last three octets are used to assign host group identity. the MTU for a physical Ethernet interface is 1500 bytes. network Technically. It then goes to the Data Link layer. network address The address.00. enabling them to communicate. the third layer.

NFS (Network File System) A file system distributed by Sun that provides transparent access to remote file systems on heterogeneous networks. NIC Network interface card. NIS (Network Information Service) The Sun Operating System 4.0 (minimum) network information service. A distributed network database containing key information about the systems and the users on the network. The NIS database is stored on the master server and all the slave servers. See also NIS+. NIS+ (Network Information Service Plus) The Sun Operating System 5.0 (minimum) network information service. NIS+ replaces NIS, the Sun OS 4.0 (minimum) NIS. NLA Next level aggregator. node A node is an addressable point on a network. Each node in a Sun network has a different name. A node can connect a computing system, a terminal, or various other peripheral devices to the network. NS Name server. NSCD Name service cache daemon. NTP Network Time Protocol. NVRAM Nonvolatile random access memory.

O
OpenBoot PROM OpenBoot programmable read-only memory. OS (operating system) A collection of programs that monitor the use of the system and supervise the other programs executed by it.

Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Glossary-11

OSI (Open Systems Interconnection) OSI is an international standardization program that was developed to facilitate communications among computers from different manufacturers. OSPF Open Shortest Path First.

P
PDU Packet data unit. peer-to-peer communication The communications between peer devices. Physical layer In the International Standards Organization/Open Systems Interconnection (ISO/OSI) model of network standards, the first layer, which supplies the mechanical, electrical, and procedural means of establishing, maintaining, and releasing physical connections. PID (process identification number) A unique, system-wide, identification number assigned to a process. Also called process ID, process number. PLM Physical layer medium. PPP (Point-to-Point Protocol) A way to connect to the Internet; PPP also provides error-checking features. PROM (programmable read-only memory) A permanent memory chip programmed by the user rather than at the chip manufacturer, as is true with a read-only memory (ROM). You need a PROM programmer or burner to write data onto a PROM. PROM has been mostly replaced by erasable programmable read-only memory (EPROM), a type of PROM that can be erased by ultraviolet light and reprogrammed. protocol A way to transmit data between devices. A computer or device must have a correct protocol to be able to communicate successfully with other computers or devices. PTR DNS pointer record.

Glossary-12

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

R
RARP (Reverse Address Resolution Protocol) RARP is an Internet Protocol that maps a physical (hardware) address to an Internet address. Diskless clients use RARP to find its Internet address at startup. RDISC Router discovery. RFC Request for Comment. RIP (Routing Information Protocol) RIP provides for automated distribution of routing information between systems. RPC (remote procedure call) This is an easy and popular paradigm for implementing the client-server model of distributed computing. A request is sent to a remote system to execute a designated procedure, using supplied arguments. The result is returned to the caller. There are many variations of this, resulting in a variety of different RPC protocols. run level One of the eight initialization states in which a system can run. A system can run in only one initialization state at a time. The default run level for each system is specified in the /etc/inittab file. run level 2 A multiuser mode without remote resources available. All daemons are running except for remote file-sharing daemons. run level S A single-user mode in which the operating system is running, but all users are logged out and most system processes, such as print and mail, are not running. Only one user (the superuser) is logged in to the system. Run level S is convenient for doing backups because, because no users are logged in, all data is stable.

S
SLA Site-level aggregator.

Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Glossary-13

slave server A server system that maintains a copy of the Network Information Service (NIS) database. It has a disk and a complete copy of the operating system. SLIP (Serial-Line Internet Protocol) An Internet protocol used to run Internet Protocol (IP) over serial lines such as telephone circuits or RS-232 cables interconnecting two systems. The Point-to-Point Protocol (PPP) is the preferred protocol. SMF Service Management Framework. SNMP (Simple Network Management Protocol) The network management of choice for Transmission Control Protocol/Internet Protocol-based (TCP/IP-based) Internets. snoop This command captures network packets and displays their contents. The command can be run only by the superuser. SOA (start of authority) An SOA record marks the beginning of a zone’s authority and defines parameters that affect an entire zone. stateful A type of data transfer where part of the data sent from the client to the server includes the status of the client. Transmission Control Protocol (TCP) is an example of a stateful protocol. stateless A type of data transfer where the server has no obligation to keep track of the state of the client. User Datagram Protocol (UDP) is an example of a stateless protocol. subnetwork A collection of International Standards Organization/Open Systems Interconnection (ISO/OSI) end systems and intermediate systems under the control of a single administrative domain and using a single network access protocol; for example, private X.25 networks and a collection of bridged LANs.

Glossary-14

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

T
TCP (Transmission Control Protocol) A communications protocol that ensures data is sent between computers on the Internet. TCP/IP (Transmission Control Protocol/Internet Protocol) An Internet protocol that provides for the reliable delivery of data streams from one host to another. SunOS networks run on TCP/IP by default. Also called Internet Protocol suite. See also IP. TLA Top-level aggregator. TP Twisted pair. TP-PLM Twisted-pair physical layer medium. Transport layer In the International Standards Organization/Open Systems Interconnection (ISO/OSI) model of network standards, the fourth layer, which controls the transfer of data between session layer entities. TTL (time-to-live) Complete entries in the Address Resolution Protocol (ARP) table have a TTL value and a period during which they are considered to be valid entries (normally 30 minutes). TTL is also used in Domain Name System (DNS) zone files.

U
UDP (User Datagram Protocol) This protocol is a transport protocol in the Internet suite of protocols. It uses Internet Protocol (IP) for delivery, and provides for exchange of datagrams without acknowledgements or guaranteed delivery. UTC Coordinated Universal Time. This is the official standard for current time. Several institutions contribute their calculations of the current time, and UTC is a combination of these estimates. UTP Unshielded twisted-pair.

Glossary/Acronyms
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Glossary-15

V
VLAN Virtual local area network. VLSM Variable length subnet mask.

W
WAN (wide area network) WANs are slower-speed networks typically used by organizations to connect their local area networks. WANs are often built from leased telephone lines capable of moving data at speeds of 56 kilobits per second to 1.55 megabits per second. A WAN might be used to bridge a company’s office on two opposite ends of town or on opposite ends of a continent.

Glossary-16

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Index
Numerics
1000BASE-CX media system 2-11 1000BASE-LX media system 2-11 1000BASE-SX media system 2-11 1000BASE-T media system 2-11 100BASE-FX media system 2-10 100BASE-T4 media system 2-10 100BASE-TX media system 2-9 10BASE-T media system 2-9 IPv6 anycast 8-6 multicast 8-5 representation 8-6 types 8-5 unicast 8-5 link-local 8-6 loopback type 8-14 multicast 3-7, 5-11, 8-7 network number 5-9 scope bits 8-16 site-local 8-6 test 6-5 unicast 3-7, 5-9 unspecified type 8-14 address-to-name translation 10-24, 10-25 aggregatable global address 8-7, 8-12 anycast address 8-6 Application layer common protocols 1-9 description 1-4, 1-8 formatting data 1-9 functions 1-9 presenting data 1-9 transporting data 1-9 ARP adding entries from a file 4-6 adding permanent table entries 4-6 adding table entries 4-6 cache 4-4

A
access list 10-27 access method, Ethernet 3-2 addif option 5-27 address aggregatable global 8-7 broadcast 3-7, 5-11 Class A 5-9 Class B 5-10 Class C 5-10 classful 5-9 define test 8-61 detecting duplicates 8-10 embedded IPv4 8-13 Ethernet 3-6 host number 5-9 IP 5-9 IPv4 5-9

Index-1
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

cache management 4-5 cache times 4-4 control table entries 4-5 deleting table entries 4-7 description 1-13, 4-2 display table entries 4-5 Ethernet frame 4-2 operation 4-2 process 4-3 removing static entries 4-7 removing table entries 4-6 searching for new cache entries 4-6 table entries 4-5 TCP/IP model 4-2 time to live 4-6 arp utility 4-5 ASCII 1-9 autonomous system 7-8

B
banner command 3-8 BASE 2-8 baseband 2-8 BIND 10-24 bridges 2-12 bridging devices 2-12 broadcast addresses 3-7, 5-11 buffered transfer 9-11 bus configurations 2-2

C
capture network packets 3-14 carrier sense 3-2 carrier sense multiple access/collision detection. See CSMA/CD changing host name 5-23 CIDR block 7-35 operation 7-33 purpose 7-33 Class A address 5-9 Class B address 5-10 Class C address 5-10

classful address 5-9 classless inter-domain routing. See CIDR CNAME record 10-23 coaxial cable 2-8 collision detection 3-2 rates 3-4 collision rates 3-4 commands banner 3-8 eeprom 3-8 ndd 4-4 route 7-24 communication architecture 1-2 computers keeping time 12-2 networking fundamentals 1-2 configuration errors file 10-35 configuring default route 7-19 DHCP address 11-21 to 11-38 initial 11-9, 11-20 server 11-28 DHCP client 11-39 DNS client 10-32 dynamic routing 7-25 interface for IPv6 8-20 IPMP at boot time 8-68 manually 8-58 IPv6 autoconfiguration 8-3, 8-8 interfaces 8-24 multipathing 8-58 name service lookup 8-21, 8-25 on non-router 8-19 router 8-24 logical interfaces 5-26, 8-36 multipathing 6-6, 6-21 ndpd.conf file 8-25 NTP client 12-13 NTP server 12-5 router troubleshooting 7-42 routing

Index-2

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

at boot time 7-38 without rebooting 7-40 secondary DNS server 10-29 static route 7-18 static route manually 7-21 stratum of a NTP server 12-8 troubleshooting routers 8-33 connectionless communication 1-8 connection-oriented communication 1-8 connection-oriented protocol 9-3 connections, full-duplex and virtual circuit 9-11 contiguous netmask 5-15 contiguous subnet masks 5-15 CRC 1-5 creating DHCP tables 11-31 CSMA/CD Ethernet access method 3-2 structure 3-3 cyclical redundancy check (CRC) 1-5

D
daemons /usr/sbin/in.routed 7-28 in.dhcpd 11-4 in.mpathd 6-4, 6-18, 8-66 in.ndpd 8-18, 8-23 in.rarpd 4-9, 4-11 in.ripngd 8-24 in.routed 7-20 xntpd 12-7 data communication 1-2 data encapsulation 1-11, 4-2 data format 1-2 data transfer 1-2 datagram connectionless delivery of 5-3 header fields 5-6 IP 5-6 IP fields 5-6 payload 5-8 default route 7-6, 7-19 define test address 8-61 destination IP address 7-15

network 7-17 network number 7-15 DHCP adding table entries 11-32 address configuration 11-21, 11-38 client functions 11-3 configuration file 11-7 configuring client 11-39 servers 11-7, 11-28 creating tables 11-31 description 1-14 dhcptab table 11-34 functionality 11-2 fundamentals 11-2 graphical manager 11-8 initial configuration 11-9 to 11-20 managing tables 11-31 server 10-26 server functions 11-4 troubleshooting clients 11-45 dhcp_network file 11-30 dhcpconfig utility 11-8, 11-28 dhcpmgr utility 11-8 dhcptab table 11-34 dhtadm utility 11-34 direct route 7-4 directory, /tftpboot 4-11 discover routers 8-18 diskless clients 4-9 displaying ARP data 4-4 ARP table entries 4-6 IPv6 route table 8-36 route table 7-12 state of IPv6 interfaces 8-35 distance-vector algorithms 7-11, 7-25 DNS access list 10-27 allow-query BIND file 10-27 allow-transfer BIND file 10-27 configuring server 10-29 configuring the client 10-32 description 1-14 dynamic updates 10-26

Index
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Index-3

restricting queries 10-28 reverse-domain file 10-24 security 10-27 server 10-25 troubleshooting the server 10-33 Domain Name System. See DNS drift file 12-7 duplicate address detection 8-10 Dynamic Host Configuration Protocol. See DHCP dynamic route 7-7 dynamic routing, configuring 7-25

Ethernet-II frames 3-10 Exterior Gateway Protocol (EGP) 7-10

F
failover 6-2 FAILURE_DETECTION_TIME variable 6-5 features of a protocol stack 1-3 File Transfer Protocol (FTP) 1-9, 1-14 files /etc/default/dhcp 11-7 /etc/default/mpathd 6-3, 6-5, 6-18, 8-66 /etc/defaultrouter 7-6, 7-19 /etc/ethers 4-11 /etc/gateways 7-20 /etc/hostname.hme0 5-27 /etc/hostname.interface 5-22, 5-23 /etc/inet/dhcpsvc.conf 11-7 /etc/inet/hosts 3-17, 4-11, 5-23 /etc/inet/netmasks 5-18 /etc/inet/networks 7-16 /etc/inet/ntp.conf 12-7, 12-11 /etc/inet/ntp.server 12-5 /etc/named.conf 10-27 /etc/net/hosts 5-22 /etc/netmask 5-18 /etc/nodename 5-23 /etc/nsswitch.conf 4-11 /usr/include/netinet/ip_icmp.h 5-4 /var/adm/messages 10-35 /var/ntp/ntp.drift 12-7 dhcp_network 11-30 interface configuration 5-22 ndpd.conf 8-25 ntp.conf 12-8 one-backup 10-30 one-rbackup 10-30 flow control 9-12 flushing route table 7-23 format prefix 8-6 formatting data, Application layer functions 1-9 fragmentation 5-3

E
EBCDIC 1-9 EEPROM 3-8 eeprom command 3-8 EGP 7-10 electrically erasable programmable read-only memory (EEPROM) 3-8 embedded IPv4 address 8-13 enabling IPv6 8-18 Ethernet access method 3-2 address mapping 4-5 addresses 3-6 ARP 4-2 changing the address 3-9 displaying the address 3-8 displaying the state 3-4 elements 3-2 frame header information 3-14 frames 3-2, 3-6, 3-10 permanent change to address 3-9 statistics 3-4 switches 2-13 topology 3-3 viewing the address 3-8 Ethernet frames bad CRC 3-13 error conditions 3-13 giant 3-13 jabbers 3-13 long 3-13 runts 3-13

Index-4

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

frame check sequence 3-13 frames, Ethernet 3-2 framing packets 1-5 FTP 1-9, 1-14 fudge entry 12-8 full-duplex connection 9-11 transmission 3-4 full-duplex transmission 3-4 function, \? 3-19

G
group membership 8-17

H
half-duplex transmission 3-4 hardware address 4-5 header fields, IP 5-7 hme driver 3-18 hme interfaces 3-19 hme0 interface 3-19, 5-22 hold-down state 7-26 hop count 7-25 hop-count limit 7-26 host alias 10-23 host name, changing 5-23 host nickname 10-23 host-based addressing media 3-6 host-based approach, Ethernet addresses 3-6 HTTP 1-15 http 1-4, 12-9 hubs intelligent 2-3 non-intelligent 2-3 shared 2-12 Hypertext Transfer Protocol (HTTP) 1-15

I
IANA 5-9 ICMP definition 5-3

description 1-13 error detection 1-7 functions 5-3 message types 5-4 message-type file 5-4 purpose 5-3, 5-4 redirect 7-31 routing data 1-7 ICMPv6 group membership 8-17 IEEE 802.3 standard 2-9, 3-2 IEEE identifiers 2-8 if_mpadm utility 6-28 ifconfig utility addif option 5-27 configuring logical interfaces 5-26 unconfiguring logical interfaces 5-28 viewing the MTU of an interface 5-3 IGP 7-9 IMAP4 1-14 in.dhcpd daemon 11-4 in.mpathd daemon failure detection 6-5 multipath group 6-4 repair detection 6-5 starting 6-18, 8-66 in.ndpd daemon 8-18, 8-23 in.rarpd daemon 4-9, 4-11 in.rdisc process 7-30 in.ripngd daemon 8-24 in.routed daemon 7-20 incrementing interface number 5-27 indirect route 7-4 initializing multihomed host 7-40 non-router 7-41 input errors, network system 3-5 instance of hme interface 3-19 instance parameter 3-19 Institute of Electrical and Electronics Engineers, Inc. (IEEE) identifiers 2-8 intelligent hubs 2-3 interface configuration files 5-22 interface failure definition 6-5 interface identifier 8-8 interface identifier calculation 8-9 interface repair definition 6-6

Index
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

Index-5

interfaces hme 3-19 hme0 3-19 logical 5-24 virtual 5-24 Internet Assigned Numbers Authority (IANA) 5-9 Internet Control Message Protocol. See ICMP Internet Gateway Protocol (IGP) 7-9 Internet layer description 1-4, 1-6 functions 1-6 ICMP 1-7 IP 1-7 Internet Message Access Protocol version 4 (IMAP4) 1-14 Internet Protocol. See IP IP address mapping 4-5 address types 5-9 datagram 5-3, 5-6, 7-15 datagram header fields 5-6 datagram payload 5-8 description 1-13 fragmenting data 1-7 header fields 5-7 ICMP 5-3 MTUs 5-3 purpose 5-3 routing 7-3 routing data 1-7 IPMP configuring at boot time 8-68 features 6-3 manual configuration 8-58 requirements 6-4, 6-20 IPv4 address shortage 8-3 addresses 5-9 IPv6 address representation 8-6 address shortage 8-3 address types 8-5 aggregatable global address 8-7, 8-12 anycast address 8-6

authentication 8-4 autoconfiguration 8-3, 8-8 configure on non-router 8-19 configuring interfaces 8-20, 8-24 configuring multipathing 8-58 configuring name service lookup 8-21 displaying interfaces 8-35 displaying route table 8-36 embedded IPv4 address 8-13 enabling 8-18 expanded addressing 8-4 format prefix 8-6 interface troubleshooting 8-36 IPMP configuration 8-58 link-local address 8-6 managing 8-35 multicast address 8-5, 8-7 name service lookup 8-25 privacy header 8-4 RFC 8-3 RIP 8-23 router configuration 8-24 site-local address 8-6 stateful autoconfiguration 8-8 stateless autoconfiguration 8-8 unicast address 8-5

J
JumpStart software clients 4-9

L
LAN media 2-8 network devices 2-12 link speed 3-19 link-local address 8-6, 8-11 link-state protocol 7-10 localhost entry 7-18 local-mac-address? variable 3-8 logical interfaces administering 5-24 configuring 5-26, 8-36

Index-6

Network Administration for the Solaris™ 10 Operating System
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A.1

8-25 name-service database 4-11 names-to-IP addresses 10-21 ND 8-18 ndc utility 10-45 ndd parameters 3-19 ndd utility 3-18. See MTU media access control address. 8-58 troubleshooting 6-30 multiple access 3-2 M MAC address banner command 3-8 files 4-11 ifconfig utility 3-8 setting 3-8 viewing 3-8 managing DHCP tables 11-31 IPv6 8-35 NTP daemons 12-10 mappings to host names 10-21 maximum transfer unit. 6-2 Network Interface layer description 1-4 protocols IEEE 802. 6-21. ICMP 5-4 monitoring route table changes 7-22 MTU data size 3-12 description 3-12 fragmentation 5-3 Internet layer 5-3 maximum frame size 3-12 multicast address description 3-7. All Rights Reserved. See MAC address media systems 1000BASE-CX 2-11 1000BASE-LX 2-11 1000BASE-SX 2-11 1000BASE-T 2-11 100BASE .description 5-24 incrementing 5-27 removeif option 5-28 unconfiguring 5-28 loopback address type 8-14 loopback interface 3-12 multihomed host 7-40 multipath. Inc.4 1-6 IEEE 802.1 Index-7 .5 1-6 PPP 1-12 SLIP 1-12 TCP/IP 3-2 network is unreachable 7-15 Index Copyright 2005 Sun Microsystems. Sun Services. 3-20.TX 2-9 100BASE-FX 2-10 100BASE-T4 2-10 10BASE-T 2-9 messages. 3-19. 5-11 format prefixes 8-7 IPv6 8-5 purpose 8-15 scope bits 8-16 N name daemon control program (ndc) 10-45 name server 10-20 name service lookup 8-21. Revision A. viewing operation 6-28 multipathing configuring 6-6.conf file 8-25 Neighbor Discovery Protocol (ND) 8-18 netmask contiguous 5-15 definition 5-18 file 5-18 noncontiguous 5-15 netstat utility displaying collisions 3-4 displaying Ethernet interfaces 3-17 field descriptions 3-17 -i option 3-17 input and output errors 3-5 network devices bridges 2-12 LANs 2-12 switches 2-12 Network File System (NFS) 1-9 network interface card (NIC) 3-6. 4-4 ndpd.

1 . 7-44 network number 5-18 network overload 3-5 network packets. See NTP network topologies and OSPF 7-10 bus configurations 2-2 describing 2-2 ring configurations 2-4 star configurations 2-3 NFS 1-9 NIC 3-6. Ethernet addresses 3-6 Post Office Protocol. capturing 3-14 network performance problems 3-4 network protocols 1-2 Network Time Protocol. Application layer functions 1-9 process.rdisc 7-30 programmable read-only memory (PROM) 4-10 Index-8 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. 10-21 nslookup utility 10-36 NTP basic concepts 12-2 configuration file parts 12-6 configuring a server 12-5 configuring clients 12-13 configuring stratum of a NTP server 12-8 configuring the stratum 12-8 external reference servers 12-9 fudge entry 12-8 functions 12-3 managing daemons 12-10 multicast advertisement 12-8 ntpg utility 12-12 peers 12-12 query program 12-12 snoop utility 12-16 terms 12-3 troubleshooting 12-15 undisciplined local clock 12-7 xntpdc utility 12-10 ntp. Ethernet addresses 3-6 noripin directive 7-20 NS record 10-20. All Rights Reserved. Sun Services.network model concepts 1-3 functions 1-3 layered model 1-3 layers 1-3 rules 1-3 structure 1-3 network name 7-16. Revision A. Inc. version 3 (POP3) 1-14 PPP 1-12 prefix notation 8-13 presenting data. 6-2 no route to host 7-15 noncontiguous netmasks 5-15 noncontiguous subnet masks 5-15 non-intelligent hubs 2-3 nonvolatile random access memory (NVRAM). in.conf file 12-8 ntpq utility 12-12 NVRAM 3-6 O one-backup file 10-30 one-rbackup file 10-30 output errors 3-5 P packet data unit 1-5 parameters instance 3-19 TRACK_INTERFACES_ONLY_WITH_ GROUPS 8-66 path-vector algorithm 7-11 PDU 1-5 peer-to-peer description 1-10 encapsulation 1-11 physical network interface 5-25 piggybacking 9-11 pntadm utility 11-31 Point-to-Point Protocol (PPP) 1-12 POP3 1-14 port-based address 3-8 port-based approach.

8-23 root name server 10-20 route command 7-24 route poisoning 7-27 route table description 7-12 display 7-12 fields 7-13 flush 7-23 monitoring changes 7-22 netmask 7-23 protocol 7-10 search order 7-14 updates 7-6.1 Index-9 . See RARP reverse loopback 10-25 reverse-domain file 10-24 RFC documents 1-4 listings 1-4 ring configurations 2-4 RIP 7-7. 7-31 router advertisement 8-19 configuration 8-24 discover 8-18 troubleshooting 8-22 Router Discovery (RDISC) Protocol 8-18 routing add route 7-24 advertisement 7-7 autonomous system 7-8 broadcast 7-28 configuring at boot time 7-38 configuring without rebooting 7-40 default 7-6. Sun Services. 9-8 telnet 1-9 Transport layer 9-2. 8-18 reducing network traffic 9-11 reference clock 12-3 reliable protocol 9-6 remote procedure call (RPC) 3-14 removeif option 5-28 Request for Comment. Inc. 9-8 unreliable 9-7 R RARP /etc/ethers files 4-11 /etc/inet/hosts files 4-11 description 1-13 in. 7-19 direct 7-4 dynamic 7-7 fundamentals 7-3 hold-down state 7-26 hops 7-25 indirect 7-4 initialization 7-38 initializing non-router 7-41 Index Copyright 2005 Sun Microsystems. See RFC retransmit message 9-6 REVARP request 4-9 Reverse Address Resolution Protocol.protocol stack features 1-3 protocol statistics 3-18 protocols connection-oriented 9-3 EGP 7-10 FTP 1-9.rarp daemon 4-11 operation 4-9 performing a boot 4-10 PROM 4-10 TCP/IP Internet layer protocol description 1-13 RDISC Protocol 7-30. All Rights Reserved. 1-14 functions 1-2 ICMP 5-3 IGP 7-9 IP 5-3 link-state 7-10 NFS 1-9 RDISC 7-30 reliable 9-6 SLIP 1-12 SMTP 1-9 SNMP 1-9 SSH 1-9 stack 1-2 stateful 9-5 stateless 9-5 TCP 9-2. Revision A. 9-8 UDP 9-2.

d/S69inet 4-11. Inc.sh 5-17. 8-23 RPC 3-14 RUNNING flag 6-5 S scope bits 8-16 scripts /etc/rc2. 9-10 flow control 9-12 header information 9-11 high-bandwidth network 9-13 large window 9-13 network congestion 9-12 protocol 1-8. 9-8 receiver-side window advertisements 9-12 reliability 1-8 satellite networks 9-13 segment acknowledgement 9-12 segments 1-8 Index-10 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. 8-29 /etc/rc2.route poisoning 7-27 route table 7-6 split horizons 7-26 static 7-6 triggered updates 7-26 troubleshooting 7-42 Routing Information Protocol (RIP) 7-7. 6-18 secure shell 1-9 security DNS 10-27 restricting queries 10-28 segment type 2-8 self-contained messages 9-4 semantics in network protocols 1-2 sender side congestion window 9-12 sequencing 1-2 Serial Line Internet Protocol (SLIP) 1-12 servers DHCP configuration 11-7 stratum 12-3 Simple Mail Transfer Protocol (SMTP) 1-9. 1-14 site-local address 8-6. 1-14 SNMP 1-9. 5-17. 8-12 SLIP 1-12 SMTP 1-9. Sun Services. Revision A. 6-18. 1-14 snoop utility capture network packets 3-14 NTP 12-16 reading the file 3-16 summary mode 3-14 using 3-14 verbose mode 3-14 SOA record 10-22 speed matching 1-2 split horizons 7-26 SSH 1-9 standby interface 6-3 star configurations 2-3 stateful autoconfiguration 8-8 protocol 9-5 stateless autoconfiguration 8-8 protocol 9-5 static routes configuring 7-18 configuring manual 7-21 definition 7-6 strata 12-3 stratum-1 server 12-3 subnet address 5-21 subnet masks contiguous 5-15 noncontiguous 5-15 subnetting 5-12 switches 2-12 switching devices 2-12 T TCP congestion window 9-12 datagram header 9-10 description 1-13. 7-7. 9-2. 7-39. 1-14 Simple Network Management Protocol (SNMP) 1-9.1 . All Rights Reserved.d/S72inetsvc 5-17 /etc/rcSd/S30network.

TCP/IP ARP 4-2 common protocols 1-12 model 1-1 Network Interface layer 3-2 peer-to-peer communication 1-10 PPP 1-12 protocol stack 9-8 protocols 1-12 SLIP protocol 1-12 TCP/IP layer model Application layer 1-4 common hardware platform 1-4 Internet layer 1-4 Network Interface layer 1-4 primary functions 1-5 Transport layer 1-4 telnet protocol 1-9. See UDP utilities arp 4-5 dhcpconfig 11-8. Revision A. 3-5 nslookup 10-36 ntpg 12-12 ntpq 12-12 pntadm 11-31 snoop 3-14. buffered 9-11 transmission full-duplex 3-4 half-duplex 3-4 Transmission Control Protocol. 9-8 reliability 1-8. 8-5 types 8-11 unreliable protocol 9-7 unspecified address type 8-14 unstructured stream orientation 9-11 User Datagram Protocol. 3-19. 7-44 tools 3-17 twisted-pair 2-8 U UDP datagram header 9-9 datagrams 1-8 description 1-13. 5-9. Inc. 9-8 transport server 9-2 transporting data. Application layer functions 1-9 triggered updates 7-26 troubleshooting DHCP clients 11-45 DNS server 10-33 IPv6 interface 8-36 multipathing 6-30 network names 7-44 non-router configuration 8-22 NTP 12-15 router configuration 7-42. See TCP/IP Transport layer connectionless communication 1-8 connection-oriented communication 1-8 description 1-4. 9-9 unconfiguring logical interfaces 5-28 undisciplined local clock 12-7 unicast addresses description 3-7. See TCP Transmission Control Protocol/Internet Protocol. 5-26 ndc 10-45 ndd 3-18. 8-33 routing 7-42. 1-14 test address 6-5. Sun Services. 9-9 procedure call 3-14 protocol 9-2.1 Index-11 . 11-28 dhcpmgr 11-8 dhtadm 11-34 if_mpadm 6-28 ifconfig 5-3. 1-7 error detection 9-8 fundamentals 9-2 protocol 9-2. All Rights Reserved. 3-20 netstat 3-4. 12-16 xntpdc 12-10 Index Copyright 2005 Sun Microsystems. 8-61 time keeping 12-2 time-to-live 10-20 timing in network protocols 1-2 TRACK_INTERFACES_ONLY_WITH_GROUPS parameter 8-66 transfer.

Sun Services.V variable length subnet mask (VLSM) 5-20 variables FAILURE_DETECTION_TIME 6-5 local-mac-address? 3-8 virtual circuit connection 9-11 virtual interfaces 5-24 Virtual Local Area Network (VLAN) 2-5 VLAN 2-5 VLSM 5-20 W web servers 10-24 window advertisement 9-12 X xntpd daemon 12-7 xntpdc utility 12-10 Index-12 Network Administration for the Solaris™ 10 Operating System Copyright 2005 Sun Microsystems. All Rights Reserved. Revision A.1 . Inc.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer: Get 4 months of Scribd and The New York Times for just $1.87 per week!

Master Your Semester with a Special Offer from Scribd & The New York Times