|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: IP Services Oracle Solaris 11 Express 11/10|
This section explains how to modify the configuration of IPv6-enabled interfaces on nodes that are hosts or servers. In most instances, you should use address autoconfiguration for IPv6-enabled interfaces, as explained in Stateless Autoconfiguration Overview. However, you can modify the IPv6 address of an interface, if necessary, as explained in the tasks of this section.
The following table lists different tasks to modify an existing IPv6 network. The table includes a description of what each task accomplishes and the section in the current documentation where the specific steps to perform the task are detailed.
An IPv6 temporary address includes a randomly generated 64-bit number as the interface ID, instead of an interface's MAC address. You can use temporary addresses for any interfaces on an IPv6 node that you want to keep anonymous. For example, you might want to use temporary addresses for the interfaces of a host that needs to access public web servers. Temporary addresses implement IPv6 privacy enhancements. These enhancements are described in RFC 3041, available at “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”.
You enable a temporary address in the /etc/inet/ndpd.conf file for one or more interfaces, if needed. However, unlike standard, autoconfigured IPv6 addresses, a temporary address consists of the 64-bit subnet prefix and a randomly generated 64-bit number. This random number becomes the interface ID segment of the IPv6 address. A link-local address is not generated with the temporary address as the interface ID.
Be aware that temporary addresses have a default preferred lifetime of one day. When you enable temporary address generation, you may also configure the following variables in the /etc/inet/ndpd.conf file:
Time span in which the temporary address exists, after which the address is deleted from the host.
Elapsed time before the temporary address is deprecated. This time span should be shorter than the valid lifetime.
Duration of time before the expiration of the preferred lifetime, during which the host should generate a new temporary address.
You express the duration of time for temporary addresses as follows:
n number of seconds, which is the default
n number of hours (h)
n number of days (d)
ifdefault TmpValidLifetime duration
This syntax specifies the valid lifetime for all interfaces on a host. The value for duration should be in seconds, hours, or days. The default valid lifetime is 7 days. You can also use TmpValidLifetime with the if interface keywords to specify the valid lifetime for a temporary address of a particular interface.
if interface TmpPreferredLifetime duration
This syntax specifies the preferred lifetime for the temporary address of a particular interface. The default preferred lifetime is one day. You can also use TmpPreferredLifetime with the ifdefault keyword to specify the preferred lifetime for the temporary addresses on all interfaces of a host.
Note - Default address selection gives a lower priority to IPv6 addresses that have been deprecated. If an IPv6 temporary address is deprecated, default address selection chooses a nondeprecated address as the source address of a packet. A nondeprecated address could be the automatically generated IPv6 address, or possibly, the interface's IPv4 address. For more information about default address selection, see Administering Default Address Selection.
ifdefault TmpRegenAdvance duration
This syntax specifies the lead time in advance of address deprecation for the temporary addresses of all interfaces on a host. The default is 5 seconds.
# pkill -HUP in.ndpd # /usr/lib/inet/in.ndpd
The command output displays the t flag on the CURRENT field of temporary addresses.
Example 5-3 Temporary Address Variables in the /etc/inet/ndpd.conf File
The following example shows a segment of an /etc/inet/ndpd.conf file with temporary addresses enabled for the primary network interface.
ifdefault TmpAddrsEnabled true ifdefault TmpValidLifetime 14d ifdefault TmpPreferredLifetime 7d ifdefault TmpRegenAdvance 6s
Example 5-4 ipadm show-addr Command Output with Temporary Addresses Enabled
This example shows the output of the ipadm show-addr command after temporary addresses are created. Note that only IPv6–related information is included in the sample output.
# ipadm show-addr -o all ADDROBJ TYPE STATE CURRENT PERSISTENT ADDR lo0/v6 static ok U---- --- ::1/128 bge0/v6 addrconf ok U---- --- fe80::a00:20ff:feb9:4c54/10 bge0/v6a static ok U---- --- 2001:db8:3c4d:15:a00:20ff:feb9:4c54/64 bge0/? addrconf ok U--t- --- 2001:db8:3c4d:15:7c37:e7d1:fc9c:d2cb/64
Note that for the address object bge0/?, the t flag is set under the CURRENT field. The flag indicates that the corresponding address has a temporary interface ID.
To set up name service support for IPv6 addresses, see Configuring Name Service Support for IPv6.
To configure IPv6 addresses for a server, see How to Configure a User-Specified IPv6 Token.
To monitor activities on IPv6 nodes, see Chapter 6, Administering a TCP/IP Network (Tasks).
The 64-bit interface ID of an IPv6 address is also referred to as a token, as introduced in IPv6 Addressing Overview. During address autoconfiguration, the token is associated with the interface's MAC address. In most cases, nonrouting nodes, that is IPv6 hosts and servers, should use their autoconfigured tokens.
However, using autoconfigured tokens can be a problem for servers whose interfaces are routinely swapped as part of system maintenance. When the interface card is changed, the MAC address is also changed. Servers that depend on having stable IP addresses can experience problems as a result. Various parts of the network infrastructure, such as DNS or NIS, might have stored specific IPv6 addresses for the interfaces of the server.
To avoid address change problems, you can manually configure a token to be used as the interface ID in an IPv6 address. To create the token, you specify a hexadecimal number of 64 bits or less to occupy the interface ID portion of the IPv6 address. During subsequent address autoconfiguration, Neighbor Discovery does not create an interface ID that is based on the interface's MAC address. Instead, the manually created token becomes the interface ID. This token remains assigned to the interface, even when a card is replaced.
Note - The difference between user-specified tokens and temporary addresses is that temporary addresses are randomly generated, rather than explicitly created by a user.
The next instructions are particularly useful for servers whose interfaces are routinely replaced. They also are valid for configuring user-specified tokens on any IPv6 node.
Note - Ensure that the interface has no configured IPv6 address.
# ipadm show-if IFNAME STATE CURRENT PERSISTENT lo0 ok -m-v------4- --- bge0 ok bm--------4- --- # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8
This output shows that the network interface bge0 exists with no configured IPv6 address.
Use the following form of the ipadm command for each interface to have a user-specified interface ID (token):
# ipadm create-addr -T addrconf -i interface-ID addrobj
For example, you would use the following command to configure interface bge0 with a token:
# ipadm create-addr -T addrconf -i ::1a:2b:3c:4d/64 bge0/v6add
Note - After the address object has been created with the token, you can no longer modify the token.
Repeat this step for every interface that will have a user-specified token.
# pkill -HUP -in.ndpd
Example 5-5 Configuring a User-Specified Token on an IPv6 Interface
The following example shows bge0 being configured with an IPv6 address and a token.
# ipadm show-if IFNAME STATE CURRENT PERSISTENT lo0 ok -m-v------4- --- bge0 ok bm--------4- --- # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 # ipadm create-addr -T addrconf -i ::1a:2b:3c:4d/64 bge0/v6 # pkill -HUP -in.ndpd # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v6 static ok ::1/128 bge0/v6 addrconf ok fe80::1a:2b:3c:4d/10 bge0/v6 addrconf ok 2002:a08:39f0:1:1a:2b:3c:4d/64
After the token is configured, the address object bge0/v6 has both a link local address as well as an address with 1a:2b:3c:4dconfigured for its interface ID. Note that this token can no longer be modified for this interface after bge0/v6 was created.
To update the name services with the IPv6 addresses of the server, see Configuring Name Service Support for IPv6.
To monitor server performance, see Chapter 6, Administering a TCP/IP Network (Tasks).
When you plan for IPv6 on a server, you must make a few decisions as you enable IPv6 on the server's interfaces. Your decisions affect the strategy to use for configuring the interface IDs, also known as tokens, of an interface's IPv6 address.
The next procedure assumes the following:
Oracle Solaris is already installed on the server.
You enabled IPv6 on the server's interfaces either during Oracle Solaris installation or later, using the procedures in Configuring an IPv6 Interface.
If applicable, upgrade the application software to support IPv6. Note that many applications that run on the IPv4 protocol stack also successfully run on IPv6. For more information, refer to How to Prepare Network Services for IPv6 Support.
For more information, refer to Configuring an IPv6 Router.
By default, IPv6 address autoconfiguration uses the MAC address of an interface when creating the interface ID portion of the IPv6 address. If the IPv6 address of the interface is well known, swapping one interface for another interface can cause problems. The MAC address of the new interface will be different. During address autoconfiguration, a new interface ID is generated.
For an IPv6-enabled interface that you do not plan to replace, use the autoconfigured IPv6 address, as introduced in IPv6 Address Autoconfiguration.
For IPv6-enabled interfaces that must appear anonymous outside the local network, consider using a randomly generated token for the interface ID. For instructions and an example, refer to How to Configure a Temporary Address.
For IPv6-enabled interfaces that you plan to swap on a regular basis, create tokens for the interface IDs. For instructions and an example, refer to How to Configure a User-Specified IPv6 Token.