| Skip Navigation Links | |
| Exit Print View | |
|
System Administration Guide: IP Services |
Part I Introducing System Administration: IP Services
1. Oracle Solaris TCP/IP Protocol Suite (Overview)
2. Planning Your TCP/IP Network (Tasks)
3. Introducing IPv6 (Overview)
4. Planning an IPv6 Network (Tasks)
5. Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)
6. Administering Network Interfaces (Tasks)
7. Configuring an IPv6 Network (Tasks)
8. Administering a TCP/IP Network (Tasks)
9. Troubleshooting Network Problems (Tasks)
10. TCP/IP and IPv4 in Depth (Reference)
13. Planning for DHCP Service (Tasks)
14. Configuring the DHCP Service (Tasks)
15. Administering DHCP (Tasks)
16. Configuring and Administering the DHCP Client
17. Troubleshooting DHCP (Reference)
18. DHCP Commands and Files (Reference)
19. IP Security Architecture (Overview)
21. IP Security Architecture (Reference)
22. Internet Key Exchange (Overview)
24. Internet Key Exchange (Reference)
25. IP Filter in Oracle Solaris (Overview)
28. Administering Mobile IP (Tasks)
29. Mobile IP Files and Commands (Reference)
30. Introducing IPMP (Overview)
31. Administering IPMP (Tasks)
Configuring and Administering IPMP Groups (Task Map)
Administering IPMP on Interfaces That Support Dynamic Reconfiguration (Task Map)
How to Configure an IPMP Group With Multiple Interfaces
Configuring Standby Interfaces
How to Display the IPMP Group Membership of an Interface
How to Add an Interface to an IPMP Group
How to Remove an Interface From an IPMP Group
How to Move an Interface From One IPMP Group to Another Group
Replacing a Failed Physical Interface on Systems That Support Dynamic Reconfiguration
How to Remove a Physical Interface That Has Failed (DR-Detach)
How to Replace a Physical Interface That Has Failed (DR-Attach)
Recovering a Physical Interface That Was Not Present at System Boot
How to Recover a Physical Interface That Was Not Present at System Boot
How to Configure the /etc/default/mpathd File
Part VII IP Quality of Service (IPQoS)
32. Introducing IPQoS (Overview)
33. Planning for an IPQoS-Enabled Network (Tasks)
34. Creating the IPQoS Configuration File (Tasks)
35. Starting and Maintaining IPQoS (Tasks)
36. Using Flow Accounting and Statistics Gathering (Tasks)
This section provides procedures for configuring IPMP groups. It also describes how to configure an interface as a standby.
Before you configure interfaces on a system as part of an IPMP group, you need to do some preconfiguration planning.
The following procedure includes the planning tasks and information to be gathered prior to configuring the IPMP group. The tasks do not have to be performed in sequence.
An IPMP group usually consists of at least two physical interfaces that are connected to the same IP link. However, you can configure a single interface IPMP group, if required. For an introduction to IPMP groups, refer to IPMP Interface Configurations. For example, you can configure the same Ethernet switch or the same IP subnet under the same IPMP group. You can configure any number of interfaces into the same IPMP group.
You cannot use the group parameter of the ifconfig command with logical interfaces. For example, you can use the group parameter with hme0, but not with hme0:1.
For instructions, refer to SPARC: How to Ensure That the MAC Address of an Interface Is Unique.
Any non-null name is appropriate for the group. You might want to use a name that identifies the IP link to which the interfaces are attached.
All interfaces in the same group must have the same STREAMS modules configured in the same order.
You can print out a list of STREAMS modules by using the ifconfig interface modlist command. For example, here is the ifconfig output for an hme0 interface:
# ifconfig hme0 modlist
0 arp
1 ip
2 hmeInterfaces normally exist as network drivers directly below the IP module, as shown in the output from ifconfig hme0 modlist. They should not require additional configuration.
However, certain technologies, such as NCA or IP Filter, insert themselves as STREAMS modules between the IP module and the network driver. Problems can result in the way interfaces of the same IPMP group behave.
If a STREAMS module is stateful, then unexpected behavior can occur on failover, even if you push the same module onto all of the interfaces in a group. However, you can use stateless STREAMS modules, provided that you push them in the same order on all interfaces in the IPMP group.
ifconfig interface modinsert module-name
ifconfig hme0 modinsert ip
If one interface is configured for IPv4, then all interfaces of the group must be configured for IPv4. Suppose you have an IPMP group that is composed of interfaces from several NICs. If you add IPv6 addressing to the interfaces of one NIC, then all interfaces in the IPMP group must be configured for IPv6 support.
The interfaces that are grouped together should be of the same interface type, as defined in /usr/include/net/if_types.h. For example, you cannot combine Ethernet and Token ring interfaces in an IPMP group. As another example, you cannot combine a Token bus interface with asynchronous transfer mode (ATM) interfaces in the same IPMP group.
IPMP is not supported for interfaces using Classical IP over ATM.
This section contains configuration tasks for a typical IPMP group with at least two physical interfaces.
For an introduction to multiple interface IPMP groups, refer to IPMP Group.
For planning tasks, refer to Planning for an IPMP Group.
To configure an IPMP group with only one physical interface, refer to Configuring IPMP Groups With a Single Physical Interface.
The following steps for configuring an IPMP group also apply when configuring VLANs into an IPMP group.
You need to have already configured the IPv4 addresses, and, if appropriate, the IPv6 addresses of all interfaces in the prospective IPMP group.
 | Caution - You must configure only one IPMP group for each subnet or L2 broadcast domain. For more information, see Basic Requirements of IPMP |
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
# ifconfig interface group group-name
For example, to place hme0 and hme1 under group testgroup1, you would type the following commands:
# ifconfig hme0 group testgroup1 # ifconfig hme1 group testgroup1
Avoid using spaces in group names. The ifconfig status display does not show spaces. Consequently, do not create two similar group names where the only difference is that one name also contains a space. If one of the group names contains a space, these group names look the same in the status display.
In a dual-stack environment, placing the IPv4 instance of an interface under a particular group automatically places the IPv6 instance under the same group.
You need to configure a test address only if you want to use probe-based failure detection on a particular interface. Test addresses are configured as logical interfaces of the physical interface that you specify to the ifconfig command.
If one interface in the group is to become the standby interface, do not configure a test address for that interface at this time. You configure a test address for the standby interface as part of the task How to Configure a Standby Interface for an IPMP Group.
Use the following syntax of the ifconfig command for configuring a test address:
# ifconfig interface addif ip-address parameters -failover deprecated up
For example, you would create the following test address for the primary network interface hme0:
# ifconfig hme0 addif 192.168.85.21 netmask + broadcast + -failover deprecated up
This command sets the following parameters for the primary network interface hme0:
Address set to 192.168.85.21
Netmask and broadcast address set to the default value
-failover and deprecated options set
Note - You must mark an IPv4 test address as deprecated to prevent applications from using the test address.
You can always view the current status of an interface by typing ifconfig interface. For more information on viewing an interface's status, refer to How to Get Information About a Specific Interface.
You can get information about test address configuration for a physical interface by specifying the logical interface that is assigned to the test address.
# ifconfig hme0:1
hme0:1: flags=9000843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER>
mtu 1500 index 2
inet 192.168.85.21 netmask ffffff00 broadcast 192.168.85.255# ifconfig interface inet6 -failover
Physical interfaces with IPv6 addresses are placed into the same IPMP group as the interfaces' IPv4 addresses. This happens when you configure the physical interface with IPv4 addresses into an IPMP group. If you first place physical interfaces with IPv6 addresses into an IPMP group, physical interfaces with IPv4 addresses are also implicitly placed in the same IPMP group.
For example, to configure hme0 with an IPv6 test address, you would type the following:
# ifconfig hme0 inet6 -failover
You do not need to mark an IPv6 test address as deprecated to prevent applications from using the test address.
# ifconfig hme0 inet6
hme0: flags=a000841<UP,RUNNING,MULTICAST,IPv6,NOFAILOVER> mtu 1500 index 2
inet6 fe80::a00:20ff:feb9:17fa/10
groupname testThe IPv6 test address is the link-local address of the interface.
For IPv4, add the following line to the /etc/hostname.interface file:
interface-address <parameters> group group-name up \
addif logical-interface -failover deprecated <parameters> up
In this instance, the test IPv4 address is configured only on the next reboot. If you want the configuration to be invoked in the current session, do steps 1, 2, and, optionally 3.
For IPv6, add the following line to the /etc/hostname6.interface file:
-failover group group-name up
This test IPv6 address is configured only on the next reboot. If you want the configuration to be invoked in the current session, do steps 1, 2, and, optionally, 5.
You can add new interfaces to an existing group on a live system. However, changes are lost across reboots.
Example 31-1 Configuring an IPMP Group With Two Interfaces
Suppose you want to do the following:
Have the netmask and broadcast address set to the default value.
Configure the interface with a test address 192.168.85.21.
You would type the following command:
# ifconfig hme0 addif 192.168.85.21 netmask + broadcast + -failover deprecated up
You must mark an IPv4 test address as deprecated to prevent applications from using the test address. See How to Configure an IPMP Group With Multiple Interfaces.
To turn on the failover attribute of the address, you would use the failover option without the dash
All test IP addresses in an IPMP group must use the same network prefix. The test IP addresses must belong to a single IP subnet.
Example 31-2 Preserving an IPv4 IPMP Group Configuration Across Reboots
Suppose you want to create an IPMP group called testgroup1 with the following configuration:
Physical interface hme0 with the data address 192.168.85.19
A logical interface with the test address 192.168.85.21
Note - In this example, physical interface and data address are paired together. Likewise for logical interface and test address. However, no inherent relationships exist between an interface “type” and the address type.
deprecated and -failover options set
Netmask and broadcast address set to the default value
You would add the following line to the /etc/hostname.hme0 file:
192.168.85.19 netmask + broadcast + group testgroup1 up \
addif 192.168.85.21 deprecated -failover netmask + broadcast + up
Similarly, to place the second interface hme1 under the same group testgroup1 and to configure a test address, you would add the following line:
192.168.85.20 netmask + broadcast + group testgroup1 up \
addif 192.168.85.22 deprecated -failover netmask + broadcast + upExample 31-3 Preserving an IPv6 IPMP Group Configuration Across Reboots
To create a test group for interface hme0 with an IPv6 address, you would add the following line to the /etc/hostname6.hme0 file:
-failover group testgroup1 up
Similarly, to place the second interface hme1 in group testgroup1 and to configure a test address, you would add the following line to the /etc/hostname6.hme1 file:
-failover group testgroup1 up
During IPMP group configuration, in.mpathd outputs a number of messages to the system console or to the syslog file. These messages are informational in nature and indicate that the IPMP configuration functions correctly.
This message indicates that interface hme0 was added to IPMP group testgroup1. However, hme0 does not have a test address configured. To enable probe-based failure detection, you need to assign a test address to the interface.
May 24 14:09:57 host1 in.mpathd[101180]: No test address configured on interface hme0; disabling probe-based failure detection on it. testgroup1
This message appears for all interfaces with only IPv4 addresses that are added to an IPMP group.
May 24 14:10:42 host4 in.mpathd[101180]: NIC qfe0 of group testgroup1 is not plumbed for IPv6 and may affect failover capability
This message should appear when you have configured a test address for an interface.
Created new logical interface hme0:1 May 24 14:16:53 host1 in.mpathd[101180]: Test address now configured on interface hme0; enabling probe-based failure detection on it
If you want the IPMP group to have an active-standby configuration, go on to How to Configure a Standby Interface for an IPMP Group.
Probe-based failure detection involves the use of target systems, as explained in Probe-Based Failure Detection. For some IPMP groups, the default targets used by in.mpathd is sufficient. However, for some IPMP groups, you might want to configure specific targets for probe-based failure detection. You accomplish probe-based failure detection by setting up host routes in the routing table as probe targets. Any host routes that are configured in the routing table are listed before the default router. Therefore, IPMP uses the explicitly defined host routes for target selection. You can use either of two methods for directly specifying targets: manually setting host routes or creating a shell script that can become a startup script.
Consider the following criteria when evaluating which hosts on your network might make good targets.
Make sure that the prospective targets are available and running. Make a list of their IP addresses.
Ensure that the target interfaces are on the same network as the IPMP group that you are configuring.
The netmask and broadcast address of the target systems must be the same as the addresses in the IPMP group.
The target host must be able to answer ICMP requests from the interface that is using probe-based failure detection.
$ route add -host destination-IP gateway-IP -static
Replace the values of destination-IP and gateway-IP with the IPv4 address of the host to be used as a target. For example, you would type the following to specify the target system 192.168.85.137, which is on the same subnet as the interfaces in IPMP group testgroup1.
$ route add -host 192.168.85.137 192.168.85.137 -static
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
For example, you could create a shell script called ipmp.targets with the following contents:
TARGETS="192.168.85.117 192.168.85.127 192.168.85.137"
case "$1" in
'start')
/usr/bin/echo "Adding static routes for use as IPMP targets"
for target in $TARGETS; do
/usr/sbin/route add -host $target $target
done
;;
'stop')
/usr/bin/echo "Removing static routes for use as IPMP targets"
for target in $TARGETS; do
/usr/sbin/route delete -host $target $target
done
;;
esac # cp ipmp.targets /etc/init.d
# chmod 744 /etc/init.d/ipmp.targets
# chown root:sys /etc/init.d/ipmp.targets
# ln /etc/init.d/ipmp.targets /etc/rc2.d/S70ipmp.targets
The S70 prefix in the file name S70ipmp.targets orders the new script properly with respect to other startup scripts.
Use this procedure if you want the IPMP group to have an active-standby configuration. For more information on this type of configuration, refer to IPMP Interface Configurations.
You must have configured all interfaces as members of the IPMP group.
You should not have configured a test address on the interface to become the standby interface.
For information on configuring an IPMP group and assigning test addresses, refer to How to Configure an IPMP Group With Multiple Interfaces.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
# ifconfig interface plumb \ ip-address other-parameters deprecated -failover standby up
A standby interface can have only one IP address, the test address. You must set the -failover option before you set the standby up option. For <other-parameters>, use the parameters that are required by your configuration, as described in the ifconfig(1M) man page.
For example, to create an IPv4 test address, you would type the following command:
# ifconfig hme1 plumb 192.168.85.22 netmask + broadcast + deprecated -failover standby up
Defines hme1 as the physical interface to be configured as the standby interface.
Assigns this test address to the standby interface.
Indicates that the test address is not used for outbound packets.
Indicates that the test address does not fail over if the interface fails.
Marks the interface as a standby interface.
For example, to create an IPv6 test address, you would type the following command:
# ifconfig hme1 plumb -failover standby up
# ifconfig hme1
hme1: flags=69040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,
STANDBY,INACTIVE mtu 1500
index 4 inet 192.168.85.22 netmask ffffff00 broadcast 19.16.85.255
groupname testThe INACTIVE flag indicates that this interface is not used for any outbound packets. When a failover occurs on this standby interface, the INACTIVE flag is cleared.
Note - You can always view the current status of an interface by typing the ifconfig interface command. For more information on viewing interface status, refer to How to Get Information About a Specific Interface.
Assign the standby interface to the same IPMP group, and configure a test address for the standby interface.
For example, to configure hme1 as the standby interface, you would add the following line to the /etc/hostname.hme1 file:
192.168.85.22 netmask + broadcast + deprecated group test -failover standby up
Assign the standby interface to the same IPMP group, and configure a test address for the standby interface.
For example, to configure hme1 as the standby interface, add the following line to the /etc/hostname6.hme1 file:
-failover group test standby up
Example 31-4 Configuring a Standby Interface for an IPMP Group
Suppose you want to create a test address with the following configuration:
Physical interface hme2 as a standby interface
Test address of 192.168.85.22
deprecated and -failover options set
Netmask and broadcast address set to the default value
You would type the following:
# ifconfig hme2 plumb 192.168.85.22 netmask + broadcast + \ deprecated -failover standby up
The interface is marked as a standby interface only after the address is marked as a NOFAILOVER address.
You would remove the standby status of an interface by typing the following:
# ifconfig interface -standby
When you have only one interface in an IPMP group, failover is not possible. However, you can enable failure detection on that interface by assigning the interface to an IPMP group. You do not have to configure a dedicated test IP address to establish failure detection for a single interface IPMP group. You can use a single IP address for sending data and detecting failure.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Use the following syntax to assign the single interface to an IPMP group.
# ifconfig interface group group-name
The following example assigns the interface hme0 into the IPMP group v4test:
# ifconfig hme0 group v4test
After this step is performed, IPMP enables link-based failure detection on the interface.
In addition, you can also use the -failover subcommand of the ifconfig command to enable probe-based failure detection. The following example enables probe-based failure detection on hme0 by using the IP address currently assigned to hme0:
# ifconfig hme0 -failover
Note that unlike multiple-interface groups, the same IP address can act as both a data address and a test address. To enable applications to use the test address as a data address, test addresses must never be marked deprecated on single-interface IPMP groups.
Use the following syntax to assign a single interface to an IPMP group:
# ifconfig interface inet6 group group-name
For example, to add the single interface hme0 into the IPMP group v6test, type the following:
# ifconfig hme0 inet6 group v6test
After this step is performed, IPMP enables link-based failure detection on the interface.
In addition, you can also use the -failover subcommand of the ifconfig command to enable probe-based failure detection. The following example enables probe-based failure detection on hme0 by using the IP address currently assigned to hme0:
# ifconfig hme0 inet6 -failover
Note that unlike multiple-interface groups, the same IP address can act as both a data address and a test address. To enable applications to use the test address as a data address, test addresses must never be marked deprecated on single-interface IPMP groups.
In a single physical interface configuration, you cannot verify whether the target system that is being probed has failed or whether the interface has failed. The target system can be probed through only one physical interface. If only one default router is on the subnet, turn off IPMP if a single physical interface is in the group. If a separate IPv4 and IPv6 default router exists, or multiple default routers exist, more than one target system needs to be probed. Hence, you can safely turn on IPMP.
|