Basic Network Configuration in Oracle Solaris 11

Version 5

    by Alexandre Borges

     

    This article, which is Part 1 of a two-part series, focuses on Oracle Solaris 11 features that enable administrators to configure basic network functionality.

     

    Doubtless, it's important to know how to monitor and configure all the details for a system's network. For example, you might want to know how many network interfaces exist, what their status is, and what their speed is, and you might also want to configure a network interface. In addition, you might wonder how easy is it to administer the network after configuring it. All of these questions will be answered in this article, which is a review of Oracle Solaris 11 network configuration.

     

    Prerequisites

     

    To perform the examples shown in this series of articles, use Oracle VM VirtualBox to create one virtual machine (VM),  which has 2 GB of RAM and 50 GB of free disk space. (If you are short on disk space, you could allocate only 25 GB of disk space for this article, but you will need 50 GB for Part 2.) Download and install Oracle Solaris 11 for x86 as the guest operating system for the VM. For more information about Oracle VM VirtualBox, see the Oracle VM VirtualBox User Manual.

     

    Note: Throughout this article, I used the host name solaris113-1.

     

    I created four virtual network interfaces on the  virtual machine. I could have used only one, but having four interfaces provided more flexibility to create the examples shown in this article.

     

    To add the virtual network interfaces, in the Oracle VM VirtualBox Manager GUI, select the virtual machine and then select Settings -> Network. The dialog box shown in Figure 1 appears, in which you can activate each of the four interfaces by selecting the Enable Network Adapter checkbox and choosing Bridged Adapter from the Attached to list.

     

    f1.png

    Figure 1. Adding virtual network interfaces

     

    Afterwards, turn on both virtual machines that have Oracle Solaris 11 installed.

     

    Configuring and Administering the Network Service

     

    Before working with the network interfaces, an appropriate suggestion would be to check whether the network service is online (using the svcs -a command), determine what services it is dependent on (using the svcs -d command), and determine what services are dependent on it (using the svcs -D command), as shown in Listing 1. Future troubleshooting operations will almost certainly require this information.

     

    root@solaris113-1:~# svcs -a | grep network/physical:default
    online         22:19:30 svc:/network/physical:default

     

    root@solaris113-1:~# svcs -d svc:/network/physical:default
    STATE          STIME    FMRI
    disabled       22:18:42 svc:/network/install:default
    online         22:18:46 svc:/network/netcfg:default
    online         22:18:54 svc:/system/name-service/upgrade:default
    online         22:19:03 svc:/network/ip-interface-management:default
    online         22:19:04 svc:/network/loopback:default
    online         22:19:04 svc:/network/ipmp:default
    online         22:19:05 svc:/network/datalink-management:default
    online         22:19:13 svc:/milestone/config:default
    online         22:19:17 svc:/system/manifest-import:default
    online         22:19:18 svc:/network/physical:upgrade
    online         22:19:18 svc:/network/location:upgrade

     

    root@solaris113-1:~# svcs -D svc:/network/physical:default
    STATE          STIME    FMRI
    disabled       22:18:42 svc:/network/ipfilter:default
    disabled       22:18:48 svc:/network/dns/multicast:default
    online         22:19:35 svc:/system/identity:node
    online         22:19:40 svc:/network/location:default
    online         22:19:42 svc:/system/identity:domain
    online         22:19:43 svc:/milestone/network:default
    online         22:19:44 svc:/network/iptun:default
    online          0:20:16 svc:/network/ssh:default
    online          0:20:23 svc:/milestone/self-assembly-complete:default

    Listing 1

     

    So far, so good. As we can see in Listing 1, the network service is enabled (online). Therefore, the first step to configure network services on Oracle Solaris 11 is to become familiar with the existing network interfaces by executing the dladm show-phys command with its options, as shown in Listing 2:

     

    root@solaris113-1:~# dladm show-phys
    LINK              MEDIA                STATE      SPEED  DUPLEX    DEVICE
    net0              Ethernet             up         1000   full      e1000g0
    net1              Ethernet             up         1000   full      e1000g1
    net2              Ethernet             up         1000   full      e1000g2
    net3              Ethernet             up         1000   full      e1000g3

     

    root@solaris113-1:~# dladm show-phys -P
    LINK              DEVICE       MEDIA                FLAGS
    net0              e1000g0      Ethernet             -----
    net1              e1000g1      Ethernet             -----
    net2              e1000g2      Ethernet             -----
    net3              e1000g3      Ethernet             -----

     

    root@solaris113-1:~# dladm show-phys -m
    LINK                SLOT     ADDRESS            INUSE CLIENT
    net0                primary  8:0:27:32:85:80    yes   e1000g0
    net1                primary  8:0:27:91:41:30    yes   e1000g1
    net2                primary  8:0:27:15:42:10    yes   e1000g2
    net3                primary  8:0:27:fd:4b:87    yes   e1000g3

    Listing 2

     

    In Listing 2, the first and second commands (dladm show-phys and dladm show-phys -P) show the physical network cards installed in the system (net0, net1, net2, and net3 are the data link names) and the respective real device names (e1000g0, e1000g1, e1000g2, and e1000g3). All the interfaces are 1 GbE devices (1000) that are online (up). The last command in Listing 2 shows the in-use network interfaces' MAC addresses.

     

    It's feasible to run one more command to gather additional information about the existing network interface, as shown in Listing 3:

     

    root@solaris113-1:~# dladm show-link
    LINK                CLASS     MTU    STATE    OVER
    net0                phys      1500   up       --
    net1                phys      1500   up       --
    net2                phys      1500   up       --
    net3                phys      1500   up       --

    Listing 3

     

    There isn't any new information in Listing 3 because we already listed all the data link interfaces that represent real interfaces. These interfaces aren't used in any link aggregation or IP network multipathing (IPMP) configuration, so the OVER column is empty.

     

    Moving forward, other questions come up, for example, what network protocols are bound to these interfaces, what's the loopback interface, and are all interfaces working?  The answers can be obtained by executing the command shown in Listing 4:

     

    root@solaris113-1:~# ipadm show-if
    IFNAME     CLASS    STATE    ACTIVE OVER
    lo0        loopback ok       yes    --
    net0       ip       ok       yes    --
    net1       ip       ok       yes    --
    net2       ip       ok       yes    --
    net3       ip       ok       yes    --

    Listing 4

     

    Nice. The output in Listing 4 shows the network protocol (IP), the loopback interface (shown in the first line), and that all interfaces are healthy (indicated by ok in the STATE column). Really, Oracle Solaris 11 is great! The Internet Protocol (IP) is bound to all the interfaces, and the IP addresses can be displayed through the command shown in Listing 5:

     

    root@solaris113-1:~# ipadm show-addr
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.111/24
    net1/v4           dhcp     ok           192.168.1.112/24
    net2/v4           dhcp     ok           192.168.1.114/24
    net3/v4           dhcp     ok           192.168.1.113/24
    lo0/v6            static   ok           ::1/128
    net0/v6           addrconf ok           fe80::a00:27ff:fe32:8580/10
    net1/v6           addrconf ok           fe80::a00:27ff:fe91:4130/10
    net2/v6           addrconf ok           fe80::a00:27ff:fe15:4210/10
    net3/v6           addrconf ok           fe80::a00:27ff:fefd:4b87/10

    Listing 5

     

    The ipadm show-addr output in Listing 5 provides lots of information. Each data link interface is associated with an address object (lo4/v4, net0/v4, net1/v4, and so on). Furthermore, the TYPE column explains whether the address was obtained from the DHCP service or whether it was statically configured (other values can appear, such as addrconf when talking about IPv6 and from-gz in the case of using non-global zones). The ADDR column shows us the IP address and its respective mask.

     

    The STATE column could show values other than ok, for example, down. In addition, duplicate and tentative both indicate a problem with a duplicated IP address. Other bad scenarios can also happen, such as the network interface where the address object was configured fails, which is indicated by inaccessible.

     

    As we can see, all the IPv4 addresses have come from the DHCP service. Nonetheless, it's very easy to assign an address using a manual method. To demonstrate this practice, it's necessary to delete an existing address object (for example, net3/v4) and then re-create it with a chosen IP address, as shown in Listing 6:

     

    root@solaris113-1:~# ipadm delete-addr net3/v4
    root@solaris113-1:~# ipadm show-addr
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.111/24
    net1/v4           dhcp     ok           192.168.1.112/24
    net2/v4           dhcp     ok           192.168.1.114/24
    lo0/v6            static   ok           ::1/128
    net0/v6           addrconf ok           fe80::a00:27ff:fe32:8580/10
    net1/v6           addrconf ok           fe80::a00:27ff:fe91:4130/10
    net2/v6           addrconf ok           fe80::a00:27ff:fe15:4210/10
    net3/v6           addrconf ok           fe80::a00:27ff:fefd:4b87/10

     

    root@solaris113-1:~# ipadm create-addr -T static -a 192.168.1.140/24 net3/v4

     

    root@solaris113-1:~# ipadm show-addr
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.111/24
    net1/v4           dhcp     ok           192.168.1.112/24
    net2/v4           dhcp     ok           192.168.1.114/24
    net3/v4           static   ok           192.168.1.140/24
    lo0/v6            static   ok           ::1/128
    net0/v6           addrconf ok           fe80::a00:27ff:fe32:8580/10
    net1/v6           addrconf ok           fe80::a00:27ff:fe91:4130/10
    net2/v6           addrconf ok           fe80::a00:27ff:fe15:4210/10
    net3/v6           addrconf ok           fe80::a00:27ff:fefd:4b87/10

     

    root@solaris113-1:~# ipadm show-addrprop net3/v4
    ADDROBJ     PROPERTY   PERM CURRENT         PERSISTENT DEFAULT        POSSIBLE
    net3/v4     broadcast  r-   192.168.1.255   --         192.168.1.255  --
    net3/v4     deprecated rw   off             --         off            on,off
    net3/v4     prefixlen  rw   24              24         24             1-30,32
    net3/v4     private    rw   off             --         off            on,off
    net3/v4     reqhost    r-   --              --         --             --
    net3/v4     transmit   rw   on              --         on             on,off
    net3/v4     zone       rw   global          --         global         --

    Listing 6

     

    Fantastic! In Listing 6, we deleted the old IP address object using the command ipadm delete-addr, we created a new one using the same name (net3/v4), and we assigned a manual address (192.168.1.140/24). The best news is that this manual address is persistent; it won't be reset after an init 6 or shutdown -y -g0 command. Finally, the IP address was bound to the global zone, as shown by the ipadm show-addrprop command.

     

    To keep determining characteristics related to IP, it is also possible to collect information about IPv4, too, as shown in Listing 7:

     

    root@solaris113-1:~# ipadm show-prop ipv4
    PROTO PROPERTY      PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
    ipv4  forwarding    rw   off          --           off          on,off
    ipv4  ttl           rw   255          --           255          1-255
    ipv4  hostmodel     rw   weak         --           weak         strong,
                                                                    src-priority,
                                                                    weak

    Listing 7

     

    From the output in Listing 7, it's clear that IPv4 forwarding is disabled.

     

    Onward. A very common mistake is to confuse the address object (net2/v4, for example) with the network interface. Deleting an address object erases the IP address, but it doesn't remove the interface, as shown in Listing 8:

     

    root@solaris113-1:~# ipadm delete-addr net2/v4
    root@solaris113-1:~# ipadm show-addr | grep v4
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.111/24
    net1/v4           dhcp     ok           192.168.1.112/24
    net3/v4           static   ok           192.168.1.140/24

     

    root@solaris113-1:~# ipadm show-if
    IFNAME     CLASS    STATE    ACTIVE OVER
    lo0        loopback ok       yes    --
    net0       ip       ok       yes    --
    net1       ip       ok       yes    --
    net2       ip       ok       yes    --
    net3       ip       ok       yes    --

    Listing 8

     

    As we can see in Listing 8, the address object net2/v4 isn't shown anymore, but the interface net2 is still there. If we wish to delete the interface, too, we need to run the following commands:

     

    root@solaris113-1:~# ipadm delete-ip net2
    root@solaris113-1:~# ipadm show-if
    IFNAME     CLASS    STATE    ACTIVE OVER
    lo0        loopback ok       yes    --
    net0       ip       ok       yes    --
    net1       ip       ok       yes    --
    net3       ip       ok       yes    --

     

    The reverse steps are feasible, so we can re-create the interface and reassociate an IP address, as shown in Listing 9:

     

    root@solaris113-1:~# ipadm create-ip net2
    root@solaris113-1:~# ipadm show-if
    IFNAME     CLASS    STATE    ACTIVE OVER
    lo0        loopback ok       yes    --
    net0       ip       ok       yes    --
    net1       ip       ok       yes    --
    net2       ip       down     no     --
    net3       ip       ok       yes    --

     

    root@solaris113-1:~# ipadm show-addr | grep v4
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.111/24
    net1/v4           dhcp     ok           192.168.1.112/24
    net3/v4           static   ok           192.168.1.140/24

     

    root@solaris113-1:~# ipadm create-addr -T dhcp net2/v4
    root@solaris113-1:~# ipadm show-addr | grep v4
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.111/24
    net1/v4           dhcp     ok           192.168.1.112/24
    net2/v4           dhcp     ok           192.168.1.114/24

    Listing 9

     

    That is very important: Initially the net2 interface was created, but it had a down status, as shown by the ipadm show-if command in Listing 9. Afterwards, a DHCP address was assigned to the net2 interface by the ipadm create-addr command in Listing 9, and the status was automatically changed to OK. Amazing.

     

    Additional information about DHCP, such as lease and renew time, can be seen by executing the following command:

     

    root@solaris113-1:~# ipadm show-addr -d
    ADDROBJ           STATE        ADDR                                          CID-TYPE CID-VALUE
                       BEGIN                             EXPIRE                            RENEW
    net0/v4           ok           192.168.1.106/24                              default  0x01080027328580
                       January  5, 2014 07:54:56 PM BRST January  6, 2014 07:54:56 PM BRST January  6, 2014 07:41:10 AM BRST
    net1/v4           ok           192.168.1.107/24                              default  0x01080027914130
                       January  5, 2014 07:55:19 PM BRST January  6, 2014 07:55:19 PM BRST January  6, 2014 08:05:17 AM BRST
    net2/v4           ok           192.168.1.105/24                              default  0x01080027154210
                       January  5, 2014 07:54:56 PM BRST January  6, 2014 07:54:56 PM BRST January  6, 2014 08:02:52 AM BRST

     

    And network interfaces can be taken down, as shown in Listing 10:

     

    root@solaris113-1:~# ipadm show-addr | grep v4
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.106/24
    net1/v4           dhcp     ok           192.168.1.107/24
    net2/v4           dhcp     ok           192.168.1.105/24
    net3/v4           static   ok           192.168.1.140/24

     

    root@solaris113-1:~# ipadm down-addr net2/v4
    ipadm: cannot mark the address down: Operation not supported

    Listing 10

     

    Wow! As shown in Listing 10, permanently taking down an interface that has a DHCP address isn't allowed. However, you can temporarily take down such an interface:

     

    root@solaris113-1:~# ipadm down-addr -t net2/v4
    root@solaris113-1:~# ipadm show-addr | grep v4
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.106/24
    net1/v4           dhcp     ok           192.168.1.107/24
    net2/v4           dhcp     down         192.168.1.105/24
    net3/v4           static   ok           192.168.1.140/24

     

    Bringing a network interface up is easy:

     

    root@solaris113-1:~# ipadm up-addr -t net2/v4

     

    For network interfaces with an assigned static address, bringing an interface up or taking it down is even easier:

     

    root@solaris113-1:~# ipadm down-addr net3/v4
    root@solaris113-1:~# ipadm show-addr | grep v4
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.106/24
    net1/v4           dhcp     ok           192.168.1.107/24
    net2/v4           dhcp     ok           192.168.1.105/24
    net3/v4           static   down         192.168.1.140/24

     

    root@solaris113-1:~# ipadm up-addr net3/v4
    root@solaris113-1:~# ipadm show-addr | grep v4

     

    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.106/24
    net1/v4           dhcp     ok           192.168.1.107/24
    net2/v4           dhcp     ok           192.168.1.105/24
    net3/v4           static   ok           192.168.1.140/24

     

    Finally, in case it's necessary to configure the default gateway to access the internet, manual configuration can be quickly done:

     

    root@solaris113-1:~# route -p add default 192.168.1.1

     

    root@solaris113-1:~# netstat -rn -f inet | grep default
    default              192.168.1.1          UG        2         48  

     

    Oracle Solaris 11 is always fantastic!

     

    See Also

     

    Here are some links to other things I've written:

     

     

    And here are some Oracle Solaris 11 resources:

     

     

    About the Author

     

    Alexandre Borges is an Oracle ACE for Oracle Solaris and he teaches courses on Malware Analysis, Memory Forensic Analysis, Digital Forensic Analysis, Software Exploitation, and Hacking. He is also an Oracle instructor, (ISC)2 CISSP instructor, Brocade instructor, EC-Council instructor, and he has been writing articles for the Oracle Technology Network on a regular basis since 2013. He was awarded the title of Instructor of the Year twice for his performance teaching Sun Microsystems courses. Additionally, he has spoken at several conferences and universities about IT security.

     

     

    Revision 1.0, 01/12/2016

     

    Follow us:
    Blog | Facebook | Twitter | YouTube