JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: IP Services     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Part I TCP/IP Administration

1.  Planning an IPv4 Addressing Scheme (Tasks)

2.  Planning an IPv6 Addressing Scheme (Overview)

3.  Planning an IPv6 Network (Tasks)

4.  Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)

5.  Enabling IPv6 on a Network (Tasks)

Configuring an IPv6 Interface

Enabling IPv6 on an Interface (Task Map)

How to Enable an IPv6 Interface for the Current Session

How to Turn Off IPv6 Address Autoconfiguration

Configuring an IPv6 Router

IPv6 Router Configuration (Task Map)

How to Configure an IPv6-Enabled Router

Modifying an IPv6 Interface Configuration for Hosts and Servers

Modifying an IPv6 Interface Configuration (Task Map)

Using Temporary Addresses for an Interface

How to Configure a Temporary Address

Configuring an IPv6 Token

How to Configure a User-Specified IPv6 Token

Administering IPv6-Enabled Interfaces on Servers

How to Enable IPv6 on a Server's Interfaces

Configuring Name Service Support for IPv6

How to Add IPv6 Addresses to DNS

How to Display IPv6 Name Service Information

How to Verify That DNS IPv6 PTR Records Are Updated Correctly

How to Display IPv6 Information Through NIS

6.  Administering a TCP/IP Network (Tasks)

7.  Configuring IP Tunnels

8.  Troubleshooting Network Problems (Tasks)

9.  TCP/IP and IPv4 in Depth (Reference)

10.  IPv6 in Depth (Reference)

Part II DHCP

11.  About DHCP (Overview)

12.  Planning for DHCP Service (Tasks)

13.  Configuring the DHCP Service (Tasks)

14.  Administering DHCP (Tasks)

15.  Configuring and Administering the DHCP Client

16.  Troubleshooting DHCP (Reference)

17.  DHCP Commands and Files (Reference)

Part III IP Security

18.  IP Security Architecture (Overview)

19.  Configuring IPsec (Tasks)

20.  IP Security Architecture (Reference)

21.  Internet Key Exchange (Overview)

22.  Configuring IKE (Tasks)

23.  Internet Key Exchange (Reference)

24.  IP Filter in Oracle Solaris (Overview)

25.   IP Filter (Tasks)

Part IV Networking Performance

26.  Integrated Load Balancer Overview

27.  Configuration of Integrated Load Balancer Tasks

28.  Virtual Router Redundancy Protocol (Overview)

29.  VRRP Configuration (Tasks)

30.  Implementing Congestion Control

Part V IP Quality of Service (IPQoS)

31.  Introducing IPQoS (Overview)

32.  Planning for an IPQoS-Enabled Network (Tasks)

33.  Creating the IPQoS Configuration File (Tasks)

34.  Starting and Maintaining IPQoS (Tasks)

35.  Using Flow Accounting and Statistics Gathering (Tasks)

36.  IPQoS in Detail (Reference)

Glossary

Index

Modifying an IPv6 Interface Configuration for Hosts and Servers

This section explains how to modify the configuration of IPv6-enabled interfaces on nodes that are hosts or servers. In most instances, you should use address autoconfiguration for IPv6-enabled interfaces, as explained in Stateless Autoconfiguration Overview. However, you can modify the IPv6 address of an interface, if necessary, as explained in the tasks of this section.

Modifying an IPv6 Interface Configuration (Task Map)

The following table lists different tasks to modify an existing IPv6 network. The table includes a description of what each task accomplishes and the section in the current documentation where the specific steps to perform the task are detailed.

Task
Description
For Instructions
Turn off IPv6 address autoconfiguration.
Use this task if you need to manually configure the interface ID portion of the IPv6 address.
Create a temporary address for a host.
Hide a host's interface ID by configuring a randomly created temporary address that is used as the lower 64 bits of the address.
Configure a token for the interface ID of a system.
Create a 64-bit token to be used as the interface ID in an IPv6 address.

Using Temporary Addresses for an Interface

An IPv6 temporary address includes a randomly generated 64-bit number as the interface ID, instead of an interface's MAC address. You can use temporary addresses for any interfaces on an IPv6 node that you want to keep anonymous. For example, you might want to use temporary addresses for the interfaces of a host that needs to access public web servers. Temporary addresses implement IPv6 privacy enhancements. These enhancements are described in RFC 3041, available at “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”.

You enable a temporary address in the /etc/inet/ndpd.conf file for one or more interfaces, if needed. However, unlike standard, autoconfigured IPv6 addresses, a temporary address consists of the 64-bit subnet prefix and a randomly generated 64-bit number. This random number becomes the interface ID segment of the IPv6 address. A link-local address is not generated with the temporary address as the interface ID.

Be aware that temporary addresses have a default preferred lifetime of one day. When you enable temporary address generation, you may also configure the following variables in the /etc/inet/ndpd.conf file:

valid lifetime TmpValidLifetime

Time span in which the temporary address exists, after which the address is deleted from the host.

preferred lifetime TmpPreferredLifetime

Elapsed time before the temporary address is deprecated. This time span should be shorter than the valid lifetime.

address regeneration

Duration of time before the expiration of the preferred lifetime, during which the host should generate a new temporary address.

You express the duration of time for temporary addresses as follows:

n

n number of seconds, which is the default

n h

n number of hours (h)

n d

n number of days (d)

How to Configure a Temporary Address

  1. If necessary, enable IPv6 on the host's interfaces

    Refer to How to Enable an IPv6 Interface for the Current Session.

  2. Edit the /etc/inet/ndpd.conf file to turn on temporary address generation.
    • To configure temporary addresses on all interfaces of a host, add the following line to /etc/inet/ndpd.conf:

      ifdefault TmpAddrsEnabled true
    • To configure a temporary address for a specific interface, add the following line to /etc/inet/ndpd.conf:

      if interface TmpAddrsEnabled true 
  3. (Optional) Specify the valid lifetime for the temporary address.
    ifdefault TmpValidLifetime duration

    This syntax specifies the valid lifetime for all interfaces on a host. The value for duration should be in seconds, hours, or days. The default valid lifetime is 7 days. You can also use TmpValidLifetime with the if interface keywords to specify the valid lifetime for a temporary address of a particular interface.

  4. (Optional) Specify a preferred lifetime for the temporary address, after which the address is deprecated.
    if interface TmpPreferredLifetime duration

    This syntax specifies the preferred lifetime for the temporary address of a particular interface. The default preferred lifetime is one day. You can also use TmpPreferredLifetime with the ifdefault keyword to specify the preferred lifetime for the temporary addresses on all interfaces of a host.


    Note - Default address selection gives a lower priority to IPv6 addresses that have been deprecated. If an IPv6 temporary address is deprecated, default address selection chooses a nondeprecated address as the source address of a packet. A nondeprecated address could be the automatically generated IPv6 address, or possibly, the interface's IPv4 address. For more information about default address selection, see Administering Default Address Selection.


  5. (Optional) Specify the lead time in advance of address deprecation, during which the host should generate a new temporary address.
    ifdefault TmpRegenAdvance duration

    This syntax specifies the lead time in advance of address deprecation for the temporary addresses of all interfaces on a host. The default is 5 seconds.

  6. Change the configuration of the in.ndpd daemon.
    # pkill -HUP in.ndpd
    # /usr/lib/inet/in.ndpd
  7. Verify that temporary addresses have been created by issuing the ipadm show-addr command, as shown in Example 5-4.

    The command output displays the t flag on the CURRENT field of temporary addresses.

Example 5-3 Temporary Address Variables in the /etc/inet/ndpd.conf File

The following example shows a segment of an /etc/inet/ndpd.conf file with temporary addresses enabled for the primary network interface.

ifdefault TmpAddrsEnabled true

ifdefault TmpValidLifetime 14d

ifdefault TmpPreferredLifetime 7d

ifdefault TmpRegenAdvance 6s

Example 5-4 ipadm show-addr Command Output with Temporary Addresses Enabled

This example shows the output of the ipadm show-addr command after temporary addresses are created. Note that only IPv6–related information is included in the sample output.

# ipadm show-addr -o all
ADDROBJ   TYPE     STATE CURRENT PERSISTENT ADDR
lo0/v6    static   ok    U----   ---        ::1/128
bge0/v6   addrconf ok    U----   ---        fe80::a00:20ff:feb9:4c54/10
bge0/v6a  static   ok    U----   ---        2001:db8:3c4d:15:a00:20ff:feb9:4c54/64
bge0/?    addrconf ok    U--t-   ---        2001:db8:3c4d:15:7c37:e7d1:fc9c:d2cb/64

Note that for the address object bge0/?, the t flag is set under the CURRENT field. The flag indicates that the corresponding address has a temporary interface ID.

See Also

Configuring an IPv6 Token

The 64-bit interface ID of an IPv6 address is also referred to as a token, as introduced in IPv6 Addressing Overview. During address autoconfiguration, the token is associated with the interface's MAC address. In most cases, nonrouting nodes, that is IPv6 hosts and servers, should use their autoconfigured tokens.

However, using autoconfigured tokens can be a problem for servers whose interfaces are routinely swapped as part of system maintenance. When the interface card is changed, the MAC address is also changed. Servers that depend on having stable IP addresses can experience problems as a result. Various parts of the network infrastructure, such as DNS or NIS, might have stored specific IPv6 addresses for the interfaces of the server.

To avoid address change problems, you can manually configure a token to be used as the interface ID in an IPv6 address. To create the token, you specify a hexadecimal number of 64 bits or less to occupy the interface ID portion of the IPv6 address. During subsequent address autoconfiguration, Neighbor Discovery does not create an interface ID that is based on the interface's MAC address. Instead, the manually created token becomes the interface ID. This token remains assigned to the interface, even when a card is replaced.


Note - The difference between user-specified tokens and temporary addresses is that temporary addresses are randomly generated, rather than explicitly created by a user.


How to Configure a User-Specified IPv6 Token

The next instructions are particularly useful for servers whose interfaces are routinely replaced. They also are valid for configuring user-specified tokens on any IPv6 node.

  1. Verify that the interface you want to configure with a token exists.

    Note - Ensure that the interface has no configured IPv6 address.


    # ipadm show-if
    IFNAME     STATE    CURRENT      PERSISTENT
    lo0        ok       -m-v------4- ---
    bge0       ok       bm--------4- ---
    # ipadm show-addr
    ADDROBJ      TYPE       STATE   ADDR
    lo0/v4       static     ok      127.0.0.1/8

    This output shows that the network interface bge0 exists with no configured IPv6 address.

  2. Create one or more 64-bit hexadecimal numbers to be used as tokens for the node's interfaces. For examples of tokens, refer to Link-Local Unicast Address.
  3. Configure each interface with a token.

    Use the following form of the ipadm command for each interface to have a user-specified interface ID (token):

    # ipadm create-addr -T addrconf -i interface-ID addrobj

    For example, you would use the following command to configure interface bge0 with a token:

    # ipadm create-addr -T addrconf -i ::1a:2b:3c:4d/64 bge0/v6add

    Note - After the address object has been created with the token, you can no longer modify the token.


    Repeat this step for every interface that will have a user-specified token.

  4. Update the IPv6 daemon with your changes.
    # pkill -HUP -in.ndpd

Example 5-5 Configuring a User-Specified Token on an IPv6 Interface

The following example shows bge0 being configured with an IPv6 address and a token.

# ipadm show-if
IFNAME     STATE    CURRENT      PERSISTENT
lo0        ok       -m-v------4- ---
bge0       ok       bm--------4- ---

# ipadm show-addr
ADDROBJ      TYPE       STATE   ADDR
lo0/v4       static     ok      127.0.0.1/8

# ipadm create-addr -T addrconf -i ::1a:2b:3c:4d/64 bge0/v6
# pkill -HUP -in.ndpd
# ipadm show-addr
ADDROBJ      TYPE       STATE   ADDR
lo0/v6       static     ok      ::1/128
bge0/v6      addrconf   ok      fe80::1a:2b:3c:4d/10
bge0/v6      addrconf   ok      2002:a08:39f0:1:1a:2b:3c:4d/64

After the token is configured, the address object bge0/v6 has both a link local address as well as an address with 1a:2b:3c:4dconfigured for its interface ID. Note that this token can no longer be modified for this interface after bge0/v6 was created.

See Also

Administering IPv6-Enabled Interfaces on Servers

When you plan for IPv6 on a server, you must make a few decisions as you enable IPv6 on the server's interfaces. Your decisions affect the strategy to use for configuring the interface IDs, also known as tokens, of an interface's IPv6 address.

How to Enable IPv6 on a Server's Interfaces

Before You Begin

The next procedure assumes the following:

If applicable, upgrade the application software to support IPv6. Note that many applications that run on the IPv4 protocol stack also successfully run on IPv6. For more information, refer to How to Prepare Network Services for IPv6 Support.

  1. Ensure that an IPv6 subnet prefix is configured on a router on the same link as the server.

    For more information, refer to Configuring an IPv6 Router.

  2. Use the appropriate strategy for the interface ID for the server's IPv6-enabled interfaces.

    By default, IPv6 address autoconfiguration uses the MAC address of an interface when creating the interface ID portion of the IPv6 address. If the IPv6 address of the interface is well known, swapping one interface for another interface can cause problems. The MAC address of the new interface will be different. During address autoconfiguration, a new interface ID is generated.

    • For an IPv6-enabled interface that you do not plan to replace, use the autoconfigured IPv6 address, as introduced in IPv6 Address Autoconfiguration.

    • For IPv6-enabled interfaces that must appear anonymous outside the local network, consider using a randomly generated token for the interface ID. For instructions and an example, refer to How to Configure a Temporary Address.

    • For IPv6-enabled interfaces that you plan to swap on a regular basis, create tokens for the interface IDs. For instructions and an example, refer to How to Configure a User-Specified IPv6 Token.