Documentation Home
> System Administration Guide: IP Services
System Administration Guide: IP Services
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z
Preface
Part I Introducing System Administration: IP Services
Chapter 1 Oracle Solaris TCP/IP Protocol Suite (Overview)
What's New in This Release
Introducing the TCP/IP Protocol Suite
Protocol Layers and the Open Systems Interconnection Model
OSI Reference Model
TCP/IP Protocol Architecture Model
Physical Network Layer
Data-Link Layer
Internet Layer
IP Protocol
ARP Protocol
ICMP Protocol
Transport Layer
TCP Protocol
SCTP Protocol
UDP Protocol
Application Layer
Standard TCP/IP Services
UNIX “r” Commands
Name Services
Directory Service
File Services
Network Administration
Routing Protocols
How the TCP/IP Protocols Handle Data Communications
Data Encapsulation and the TCP/IP Protocol Stack
Application Layer: Where a Communication Originates
Transport Layer: Where Data Encapsulation Begins
TCP Segmentation
Establishing a TCP Connection
UDP Packets
Internet Layer: Where Packets Are Prepared for Delivery
IP Datagrams
Data-Link Layer: Where Framing Takes Place
Physical Network Layer: Where Frames Are Sent and Received
How the Receiving Host Handles the Packet
TCP/IP Internal Trace Support
Finding Out More About TCP/IP and the Internet
Computer Books About TCP/IP
TCP/IP and Networking Related Web Sites
Requests for Comments and Internet Drafts
Part II TCP/IP Administration
Chapter 2 Planning Your TCP/IP Network (Tasks)
Network Planning (Task Map)
Determining the Network Hardware
Deciding on an IP Addressing Format for Your Network
IPv4 Addresses
IPv4 Addresses in CIDR Format
DHCP Addresses
IPv6 Addresses
Private Addresses and Documentation Prefixes
Obtaining Your Network's IP Number
Designing an IPv4 Addressing Scheme
Designing Your IPv4 Addressing Scheme
IPv4 Subnet Number
Designing Your CIDR IPv4 Addressing Scheme
Using Private IPv4 Addresses
How IP Addresses Apply to Network Interfaces
Naming Entities on Your Network
Administering Host Names
Selecting a Name Service and Directory Service
Network Databases
Using NIS or DNS as the Name Service
Using Local Files as the Name Service
Domain Names
Administrative Subdivisions
Planning for Routers on Your Network
Network Topology Overview
How Routers Transfer Packets
Chapter 3 Introducing IPv6 (Overview)
Major Features of IPv6
Expanded Addressing
Address Autoconfiguration and Neighbor Discovery
Header Format Simplification
Improved Support for IP Header Options
Application Support for IPv6 Addressing
Additional IPv6 Resources
IPv6 Requests for Comments and Internet Drafts
Web Sites
IPv6 Network Overview
IPv6 Addressing Overview
Parts of the IPv6 Address
Abbreviating IPv6 Addresses
Prefixes in IPv6
Unicast Addresses
Global Unicast Address
Public Topology
Site Topology and IPv6 Subnets
Interface ID
Transitional Global Unicast Addresses
Link-Local Unicast Address
Multicast Addresses
Anycast Addresses and Groups
IPv6 Neighbor Discovery Protocol Overview
IPv6 Address Autoconfiguration
Stateless Autoconfiguration Overview
Overview of IPv6 Tunnels
Chapter 4 Planning an IPv6 Network (Tasks)
IPv6 Planning (Task Maps)
IPv6 Network Topology Scenario
Preparing the Existing Network to Support IPv6
Preparing the Network Topology for IPv6 Support
Preparing Network Services for IPv6 Support
Preparing Servers for IPv6 Support
How to Prepare Network Services for IPv6 Support
How to Prepare DNS for IPv6 Support
Planning for Tunnels in the Network Topology
Security Considerations for the IPv6 Implementation
Preparing an IPv6 Addressing Plan
Obtaining a Site Prefix
Creating the IPv6 Numbering Scheme
Creating a Numbering Scheme for Subnets
Creating an IPv6 Addressing Plan for Nodes
Chapter 5 Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)
What's New in This Chapter
Before You Configure an IPv4 Network (Task Map)
Determining Host Configuration Modes
Systems That Should Run in Local Files Mode
Network Configuration Servers
Systems That Are Network Clients
Mixed Configurations
IPv4 Network Topology Scenario
Adding a Subnet to a Network (Task Map)
Network Configuration Task Map
Configuring Systems on the Local Network
How to Configure a Host for Local Files Mode
How to Set Up a Network Configuration Server
Configuring Network Clients
How to Configure Hosts for Network Client Mode
How to Change the IPv4 Address and Other Network Configuration Parameters
Packet Forwarding and Routing on IPv4 Networks
Routing Protocols Supported by Oracle Solaris
IPv4 Autonomous System Topology
Configuring an IPv4 Router
How to Configure an IPv4 Router
Routing Tables and Routing Types
Configuring Routes
How to Add a Static Route to the Routing Table
Configuring Multihomed Hosts
How to Create a Multihomed Host
Configuring Routing for Single-Interface Systems
How to Enable Static Routing on a Single-Interface Host
How to Enable Dynamic Routing on a Single-Interface Host
Monitoring and Modifying Transport Layer Services
How to Log the IP Addresses of All Incoming TCP Connections
How to Add Services That Use the SCTP Protocol
How to Use TCP Wrappers to Control Access to TCP Services
Administering Interfaces in Solaris 10 3/05
What's New in This Section
Configuring Physical Interfaces in Solaris 10 3/05
How to Add a Physical Interface After Installation in Solaris 10 3/05 ONLY
How to Remove a Physical Interface in Solaris 10 3/05 ONLY
Configuring VLANs in Solaris 10 3/05 ONLY
How To Configure Static VLANs in Solaris 10 3/05 ONLY
Chapter 6 Administering Network Interfaces (Tasks)
What's New in Administering Network Interfaces
Interface Administration (Task Map)
Administering Individual Network Interfaces
How to Obtain Interface Status
How to Configure a Physical Interface After System Installation
How to Remove a Physical Interface
SPARC: How to Ensure That the MAC Address of an Interface Is Unique
Basics for Administering Physical Interfaces
Network Interface Names
Plumbing an Interface
Oracle Solaris Interface Types
Administering Virtual Local Area Networks
Overview of VLAN Topology
VLAN Tags and Physical Points of Attachment
Planning for VLANs on a Network
How to Plan a VLAN Configuration
Configuring VLANs
How to Configure a VLAN
Overview of Link Aggregations
Link Aggregation Basics
Back-to-Back Link Aggregations
Policies and Load Balancing
Aggregation Mode and Switches
Requirements for Link Aggregations
How to Create a Link Aggregation
How to Modify an Aggregation
How to Remove an Interface From an Aggregation
How to Delete an Aggregation
How to Configure VLANs Over a Link Aggregation
Chapter 7 Configuring an IPv6 Network (Tasks)
Configuring an IPv6 Interface
Enabling IPv6 on an Interface (Task Map)
How to Enable an IPv6 Interface for the Current Session
How to Enable Persistent IPv6 Interfaces
How to Turn Off IPv6 Address Autoconfiguration
Configuring an IPv6 Router
IPv6 Router Configuration (Task Map)
How to Configure an IPv6-Enabled Router
Modifying an IPv6 Interface Configuration for Hosts and Servers
Modifying an IPv6 Interface Configuration (Task Map)
Using Temporary Addresses for an Interface
How to Configure a Temporary Address
Configuring an IPv6 Token
How to Configure a User-Specified IPv6 Token
Administering IPv6-Enabled Interfaces on Servers
How to Enable IPv6 on a Server's Interfaces
Tasks for Configuring Tunnels for IPv6 Support (Task Map)
Configuring Tunnels for IPv6 Support
How to Manually Configure IPv6 Over IPv4 Tunnels
How to Manually Configure IPv6 Over IPv6 Tunnels
How to Configure IPv4 Over IPv6 Tunnels
How to Configure a 6to4 Tunnel
How to Configure a 6to4 Tunnel to a 6to4 Relay Router
Configuring Name Service Support for IPv6
How to Add IPv6 Addresses to DNS
Adding IPv6 Addresses to NIS
How to Display IPv6 Name Service Information
How to Verify That DNS IPv6 PTR Records Are Updated Correctly
How to Display IPv6 Information Through NIS
How to Display IPv6 Information Independent of the Name Service
Chapter 8 Administering a TCP/IP Network (Tasks)
Major TCP/IP Administrative Tasks (Task Map)
Monitoring the Interface Configuration With the ifconfig Command
How to Get Information About a Specific Interface
How to Display Interface Address Assignments
Monitoring Network Status With the netstat Command
How to Display Statistics by Protocol
How to Display the Status of Transport Protocols
How to Display Network Interface Status
How to Display the Status of Sockets
How to Display the Status of Transmissions for Packets of a Specific Address Type
How to Display the Status of Known Routes
Probing Remote Hosts With the ping Command
How to Determine if a Remote Host Is Running
How to Determine if a Host Is Dropping Packets
Administering and Logging Network Status Displays
How to Control the Display Output of IP-Related Commands
How to Log Actions of the IPv4 Routing Daemon
How to Trace the Activities of the IPv6 Neighbor Discovery Daemon
Displaying Routing Information With the traceroute Command
How to Find Out the Route to a Remote Host
How to Trace All Routes
Monitoring Packet Transfers With the snoop Command
How to Check Packets From All Interfaces
How to Capture snoop Output Into a File
How to Check Packets Between an IPv4 Server and a Client
How to Monitor IPv6 Network Traffic
Administering Default Address Selection
How to Administer the IPv6 Address Selection Policy Table
How to Modify the IPv6 Address Selection Table for the Current Session Only
Chapter 9 Troubleshooting Network Problems (Tasks)
What's New in Troubleshooting Network Problems
General Network Troubleshooting Tips
Running Basic Diagnostic Checks
How to Perform Basic Network Software Checking
Common Problems When Deploying IPv6
IPv4 Router Cannot Be Upgraded to IPv6
Problems After Upgrading Services to IPv6
Current ISP Does Not Support IPv6
Security Issues When Tunneling to a 6to4 Relay Router
Known Issues With a 6to4 Router
Implementing Static Routes at the 6to4 Site (Bug ID 4709338)
Configuring Tunnels with the Same Source Address (Bug ID 4152864)
Chapter 10 TCP/IP and IPv4 in Depth (Reference)
What's New in TCP/IP and IPv4 in Depth
TCP/IP Configuration Files
/etc/hostname.interface File
/etc/nodename File
/etc/defaultdomain File
/etc/defaultrouter File
hosts Database
/etc/inet/hosts File Format
Initial /etc/inet/hosts File
Loopback Address
Host Name
Multiple Network Interfaces
How Name Services Affect the hosts Database
When Local Files Provide the Name Service
ipnodes Database
netmasks Database
What Is Subnetting?
Creating the Network Mask for IPv4 Addresses
/etc/inet/netmasks File
inetd Internet Services Daemon
Network Databases and the nsswitch.conf File
How Name Services Affect Network Databases
nsswitch.conf File
Changing nsswitch.conf
bootparams Database
Wildcard Entry for bootparams
ethers Database
Other Network Databases
networks database
protocols Database
services Database
Routing Protocols in Oracle Solaris
Routing Information Protocol (RIP)
ICMP Router Discovery (RDISC) Protocol
Network Classes
Class A Network Numbers
Class B Network Numbers
Class C Network Numbers
Chapter 11 IPv6 in Depth (Reference)
What's New in IPv6 in Depth
IPv6 Addressing Formats Beyond the Basics
6to4-Derived Addresses
6to4-Derived Addressing on a Host
IPv6 Multicast Addresses in Depth
IPv6 Packet Header Format
IPv6 Extension Headers
Dual-Stack Protocols
Oracle Solaris 10 IPv6 Implementation
IPv6 Configuration Files
ndpd.conf Configuration File
IPv6 Interface Configuration File
/etc/inet/ipaddrsel.conf Configuration File
IPv6-Related Commands
ipaddrsel Command
Reasons for Modifying the IPv6 Address Selection Policy Table
6to4relay Command
Syntax of 6to4relay
ifconfig Command Extensions for IPv6 Support
netstat Command Modifications for IPv6 Support
snoop Command Modifications for IPv6 Support
route Command Modifications for IPv6 Support
ping Command Modifications for IPv6 Support
traceroute Command Modifications for IPv6 Support
IPv6-Related Daemons
in.ndpd Daemon, for Neighbor Discovery
in.ripngd Daemon, for IPv6 Routing
inetd Daemon and IPv6 Services
Considerations When Configuring a Service for IPv6
IPv6 Neighbor Discovery Protocol
ICMP Messages From Neighbor Discovery
Autoconfiguration Process
Obtaining a Router Advertisement
Prefix Configuration Variables
Address Uniqueness
Neighbor Solicitation and Unreachability
Duplicate Address Detection Algorithm
Proxy Advertisements
Inbound Load Balancing
Link-Local Address Change
Comparison of Neighbor Discovery to ARP and Related IPv4 Protocols
IPv6 Routing
Router Advertisement
Router Advertisement Prefixes
Router Advertisement Messages
IPv6 Tunnels
Configured Tunnels
6to4 Automatic Tunnels
Topology of a 6to4 Tunnel
Packet Flow Through the 6to4 Tunnel
Considerations for Tunnels to a 6to4 Relay Router
Packet Flow Between a 6to4 Site and a Native IPv6 Site
IPv6 Extensions to Oracle Solaris Name Services
DNS Extensions for IPv6
Changes to the nsswitch.conf File
Changes to Name Service Commands
NFS and RPC IPv6 Support
IPv6 Over ATM Support
Part III DHCP
Chapter 12 About Oracle Solaris DHCP (Overview)
About the DHCP Protocol
Advantages of Using Oracle Solaris DHCP
How DHCP Works
Oracle Solaris DHCP Server
DHCP Server Management
DHCP Data Store
The dhcptab Table
DHCP Network Tables
DHCP Manager
DHCP Command-Line Utilities
Role-Based Access Control for DHCP Commands
DHCP Server Configuration
IP Address Allocation
Network Configuration Information
About DHCP Options
About DHCP Macros
Macro Processing by the DHCP Server
Order of Macro Processing
Size Limit for DHCP Macros
Oracle Solaris DHCP Client
Chapter 13 Planning for DHCP Service (Tasks)
Preparing Your Network for the DHCP Service (Task Map)
Mapping Your Network Topology
Network Topology to Avoid
Determining the Number of DHCP Servers
Updating System Files and Netmask Tables
Making Decisions for Your DHCP Server Configuration (Task Map)
Selecting a Host to Run the DHCP Service
Choosing the DHCP Data Store
Setting a Lease Policy
Determining Routers for DHCP Clients
Making Decisions for IP Address Management (Task Map)
Number and Ranges of IP Addresses
Client Host Name Generation
Default Client Configuration Macros
Dynamic and Permanent Lease Types
Reserved IP Addresses and Lease Type
Planning for Multiple DHCP Servers
Planning DHCP Configuration of Your Remote Networks
Selecting the Tool for Configuring DHCP
DHCP Manager Features
dhcpconfig Features
Comparison of DHCP Manager and dhcpconfig
Chapter 14 Configuring the DHCP Service (Tasks)
Configuring and Unconfiguring a DHCP Server Using DHCP Manager
Configuring DHCP Servers
How to Configure a DHCP Server (DHCP Manager)
Configuring BOOTP Relay Agents
How to Configure a BOOTP Relay Agent (DHCP Manager)
Unconfiguring DHCP Servers and BOOTP Relay Agents
DHCP Data on an Unconfigured Server
How to Unconfigure a DHCP Server or a BOOTP Relay Agent (DHCP Manager)
Configuring and Unconfiguring a DHCP Server Using dhcpconfig Commands
How to Configure a DHCP Server (dhcpconfig -D)
How to Configure a BOOTP Relay Agent (dhcpconfig -R )
How to Unconfigure a DHCP Server or a BOOTP Relay Agent (dhcpconfig -U)
Chapter 15 Administering DHCP (Tasks)
About DHCP Manager
DHCP Manager Window
DHCP Manager Menus
Starting and Stopping DHCP Manager
How to Start and Stop DHCP Manager
Setting Up User Access to DHCP Commands
How to Grant Users Access to DHCP Commands
Starting and Stopping the DHCP Service
How to Start and Stop the DHCP Service (DHCP Manager)
How to Enable and Disable the DHCP Service (DHCP Manager)
How to Enable and Disable the DHCP Service (dhcpconfig -S)
DHCP Service and the Service Management Facility
Modifying DHCP Service Options (Task Map)
Changing DHCP Logging Options
How to Generate Verbose DHCP Log Messages (DHCP Manager)
How to Generate Verbose DHCP Log Messages (Command Line)
How to Enable and Disable DHCP Transaction Logging (DHCP Manager)
How to Enable and Disable DHCP Transaction Logging (Command Line)
How to Log DHCP Transactions to a Separate syslog File
Enabling Dynamic DNS Updates by a DHCP Server
How to Enable Dynamic DNS Updating for DHCP Clients
Client Host Name Registration
Customizing Performance Options for the DHCP Server
How to Customize DHCP Performance Options (DHCP Manager)
How to Customize DHCP Performance Options (Command Line)
Adding, Modifying, and Removing DHCP Networks (Task Map)
Specifying Network Interfaces for DHCP Monitoring
How to Specify Network Interfaces for DHCP Monitoring (DHCP Manager)
How to Specify Network Interfaces for DHCP Monitoring (dhcpconfig)
Adding DHCP Networks
How to Add a DHCP Network (DHCP Manager)
How to Add a DHCP Network (dhcpconfig)
Modifying DHCP Network Configurations
How to Modify the Configuration of a DHCP Network (DHCP Manager)
How to Modify the Configuration of a DHCP Network (dhtadm)
Removing DHCP Networks
How to Remove a DHCP Network (DHCP Manager)
How to Remove a DHCP Network (pntadm)
Supporting BOOTP Clients With the DHCP Service (Task Map)
How to Set Up Support of Any BOOTP Client (DHCP Manager)
How to Set Up Support of Registered BOOTP Clients (DHCP Manager)
Working With IP Addresses in the DHCP Service (Task Map)
Adding IP Addresses to the DHCP Service
How to Add a Single IP Address (DHCP Manager)
How to Duplicate an Existing IP Address (DHCP Manager)
How to Add Multiple IP Addresses (DHCP Manager)
How to Add IP Addresses (pntadm)
Modifying IP Addresses in the DHCP Service
How to Modify IP Address Properties (DHCP Manager)
How to Modify IP Address Properties (pntadm)
Removing IP Addresses From the DHCP Service
Marking IP Addresses as Unusable by the DHCP Service
How to Mark IP Addresses as Unusable (DHCP Manager)
How to Mark IP Addresses as Unusable (pntadm)
Deleting IP Addresses From the DHCP Service
How to Delete IP Addresses From DHCP Service (DHCP Manager)
How to Delete IP Addresses From the DHCP Service (pntadm)
Assigning a Reserved IP Address to a DHCP Client
How to Assign a Consistent IP Address to a DHCP Client (DHCP Manager)
How to Assign a Consistent IP Address to a DHCP Client (pntadm)
Working With DHCP Macros (Task Map)
How to View Macros Defined on a DHCP Server (DHCP Manager)
How to View Macros Defined on a DHCP Server (dhtadm)
Modifying DHCP Macros
How to Change Values for Options in a DHCP Macro (DHCP Manager)
How to Change Values for Options in a DHCP Macro (dhtadm)
How to Add Options to a DHCP Macro (DHCP Manager)
How to Add Options to a DHCP Macro (dhtadm)
How to Delete Options From a DHCP Macro (DHCP Manager)
How to Delete Options From a DHCP Macro (dhtadm)
Creating DHCP Macros
How to Create a DHCP Macro (DHCP Manager)
How to Create a DHCP Macro (dhtadm)
Deleting DHCP Macros
How to Delete a DHCP Macro (DHCP Manager)
How to Delete a DHCP Macro (dhtadm)
Working With DHCP Options (Task Map)
Creating DHCP Options
How to Create DHCP Options (DHCP Manager)
How to Create DHCP Options (dhtadm)
Modifying DHCP Options
How to Modify DHCP Option Properties (DHCP Manager)
How to Modify DHCP Option Properties (dhtadm)
Deleting DHCP Options
How to Delete DHCP Options (DHCP Manager)
How to Delete DHCP Options (dhtadm)
Modifying the Oracle Solaris DHCP Client's Option Information
Supporting Oracle Solaris Network Installation With the DHCP Service
Supporting Remote Boot and Diskless Boot Clients (Task Map)
Setting Up DHCP Clients to Receive Information Only (Task Map)
Converting to a New DHCP Data Store
How to Convert the DHCP Data Store (DHCP Manager)
How to Convert the DHCP Data Store (dhcpconfig -C)
Moving Configuration Data Between DHCP Servers (Task Map)
How to Export Data From a DHCP Server (DHCP Manager)
How to Export Data From a DHCP Server (dhcpconfig -X)
How to Import Data on a DHCP Server (DHCP Manager)
How to Import Data on a DHCP Server (dhcpconfig -I)
How to Modify Imported DHCP Data (DHCP Manager)
How to Modify Imported DHCP Data (pntadm, dhtadm)
Chapter 16 Configuring and Administering the DHCP Client
About the Oracle Solaris DHCP Client
DHCPv6 Server
Differences Between DHCPv4 and DHCPv6
The Administrative Model
MAC Address and Client ID
Protocol Details
Logical Interfaces
Option Negotiation
Configuration Syntax
DHCP Client Startup
DHCPv6 Communication
How DHCP Client Protocols Manage Network Configuration Information
How the DHCPv4 Client Manages Network Configuration Information
How the DHCPv6 Client Manages Network Configuration Information
DHCP Client Shutdown
Enabling and Disabling an Oracle Solaris DHCP Client
How to Enable the Oracle Solaris DHCP Client
How to Disable an Oracle Solaris DHCP Client
DHCP Client Administration
ifconfig Command Options Used With the DHCP Client
Setting DHCP Client Configuration Parameters
For DHCPv4
For DHCPv4 and DHCPv6
DHCP Client Systems With Multiple Network Interfaces
DHCPv4 Client Host Names
How to Enable an Oracle Solaris DHCPv4 Client to Request a Specific Host Name
DHCP Client Systems and Name Services
Setting Up DHCP Clients as NIS+ Clients
How to Set Up Oracle Solaris DHCP Clients as NIS+ Clients
DHCP Client Event Scripts
Chapter 17 Troubleshooting DHCP (Reference)
Troubleshooting DHCP Server Problems
NIS+ Problems and the DHCP Data Store
Cannot Select NIS+ as the DHCP Data Store
NIS+ Is Not Adequately Configured for DHCP Data Store
NIS+ Access Problems for the DHCP Data Store
IP Address Allocation Errors in DHCP
Troubleshooting DHCP Client Configuration Problems
Problems Communicating With the DHCP Server
How to Run the DHCP Client in Debugging Mode
How to Run the DHCP Server in Debugging Mode
How to Use snoop to Monitor DHCP Network Traffic
Output from DHCP Client in Debugging Mode
Output from the DHCP Server in Debugging Mode
DHCP snoop Output
Problems With Inaccurate DHCP Configuration Information
Problems With the DHCP Client-Supplied Host Name
DHCP Client Does Not Request a Host Name
DHCP Client Does Not Get Requested Host Name
Chapter 18 DHCP Commands and Files (Reference)
DHCP Commands
Running DHCP Commands in Scripts
Files Used by the DHCP Service
DHCP Option Information
Determining if Your Site Is Affected
Differences Between dhcptags and inittab Files
Converting dhcptags Entries to inittab Entries
Part IV IP Security
Chapter 19 IP Security Architecture (Overview)
What's New in IPsec?
Introduction to IPsec
IPsec RFCs
IPsec Terminology
IPsec Packet Flow
IPsec Security Associations
Key Management in IPsec
IPsec Protection Mechanisms
Authentication Header
Encapsulating Security Payload
Security Considerations When Using AH and ESP
Authentication and Encryption Algorithms in IPsec
Authentication Algorithms in IPsec
Encryption Algorithms in IPsec
IPsec Protection Policies
Transport and Tunnel Modes in IPsec
Virtual Private Networks and IPsec
IPsec and NAT Traversal
IPsec and SCTP
IPsec and Solaris Zones
IPsec and Logical Domains
IPsec Utilities and Files
Changes to IPsec for the Solaris 10 Release
Chapter 20 Configuring IPsec (Tasks)
Protecting Traffic With IPsec (Task Map)
Protecting Traffic With IPsec
How to Secure Traffic Between Two Systems With IPsec
How to Use IPsec to Protect a Web Server From Nonweb Traffic
How to Display IPsec Policies
How to Generate Random Numbers on a Solaris System
How to Manually Create IPsec Security Associations
How to Verify That Packets Are Protected With IPsec
How to Configure a Role for Network Security
How to Manage IKE and IPsec Services
Protecting a VPN With IPsec
Examples of Protecting a VPN With IPsec by Using Tunnels in Tunnel Mode
Protecting a VPN With IPsec (Task Map)
Description of the Network Topology for the IPsec Tasks to Protect a VPN
How to Protect a VPN With an IPsec Tunnel in Tunnel Mode Over IPv4
How to Protect a VPN With an IPsec Tunnel in Tunnel Mode Over IPv6
How to Protect a VPN With an IPsec Tunnel in Transport Mode Over IPv4
How to Protect a VPN With an IPsec Tunnel in Transport Mode Over IPv6
How to Prevent IP Spoofing
Chapter 21 IP Security Architecture (Reference)
IPsec Service Management Facility
ipsecconf Command
ipsecinit.conf File
Sample ipsecinit.conf File
Security Considerations for ipsecinit.conf and ipsecconf
ipsecalgs Command
Security Associations Database for IPsec
Utilities for Key Generation in IPsec
Security Considerations for ipseckey
IPsec Extensions to Other Utilities
ifconfig Command and IPsec
auth_algs Security Option
encr_auth_algs Security Option
encr_algs Security Option
snoop Command and IPsec
Chapter 22 Internet Key Exchange (Overview)
What's New in IKE?
Key Management With IKE
IKE Key Negotiation
IKE Key Terminology
IKE Phase 1 Exchange
IKE Phase 2 Exchange
IKE Configuration Choices
IKE With Preshared Keys
IKE With Public Key Certificates
IKE and Hardware Acceleration
IKE and Hardware Storage
IKE Utilities and Files
Changes to IKE for the Solaris 10 Release
Chapter 23 Configuring IKE (Tasks)
Configuring IKE (Task Map)
Configuring IKE With Preshared Keys (Task Map)
Configuring IKE With Preshared Keys
How to Configure IKE With Preshared Keys
How to Refresh IKE Preshared Keys
How to View IKE Preshared Keys
How to Add an IKE Preshared Key for a New Policy Entry in ipsecinit.conf
How to Verify That IKE Preshared Keys Are Identical
Configuring IKE With Public Key Certificates (Task Map)
Configuring IKE With Public Key Certificates
How to Configure IKE With Self-Signed Public Key Certificates
How to Configure IKE With Certificates Signed by a CA
How to Generate and Store Public Key Certificates on Hardware
How to Handle a Certificate Revocation List
Configuring IKE for Mobile Systems (Task Map)
Configuring IKE for Mobile Systems
How to Configure IKE for Off-Site Systems
Configuring IKE to Find Attached Hardware (Task Map)
Configuring IKE to Find Attached Hardware
How to Configure IKE to Find the Sun Crypto Accelerator 1000 Board
How to Configure IKE to Find the Sun Crypto Accelerator 4000 Board
Changing IKE Transmission Parameters (Task Map)
Changing IKE Transmission Parameters
How to Change the Duration of Phase 1 IKE Key Negotiation
Chapter 24 Internet Key Exchange (Reference)
IKE Service Management Facility
IKE Daemon
IKE Policy File
IKE Administration Command
IKE Preshared Keys Files
IKE Public Key Databases and Commands
ikecert tokens Command
ikecert certlocal Command
ikecert certdb Command
ikecert certrldb Command
/etc/inet/ike/publickeys Directory
/etc/inet/secret/ike.privatekeys Directory
/etc/inet/ike/crls Directory
Chapter 25 Oracle Solaris IP Filter (Overview)
What's New in Oracle Solaris IP Filter
Packet Filter Hooks
IPv6 Packet Filtering for Oracle Solaris IP Filter
Introduction to Oracle Solaris IP Filter
Information Sources for Open Source IP Filter
Oracle Solaris IP Filter Packet Processing
Guidelines for Using OpenSolaris IP Filter
Using Oracle Solaris IP Filter Configuration Files
Working With Oracle Solaris IP Filter Rule Sets
Using Oracle Solaris IP Filter's Packet Filtering Feature
Configuring Packet Filtering Rules
Using Oracle Solaris IP Filter's NAT Feature
Configuring NAT Rules
Using Oracle Solaris IP Filter's Address Pools Feature
Configuring Address Pools
Packet Filter Hooks
Oracle Solaris IP Filter and the pfil STREAMS Module
IPv6 for Oracle Solaris IP Filter
Oracle Solaris IP Filter Man Pages
Chapter 26 Oracle Solaris IP Filter (Tasks)
Configuring Oracle Solaris IP Filter
How to Enable Oracle Solaris IP Filter
How to Re-Enable Oracle Solaris IP Filter
How to Enable Loopback Filtering
Deactivating and Disabling Oracle Solaris IP Filter
How to Deactivate Packet Filtering
How to Deactivate NAT
How to Disable Packet Filtering
Working With the pfil Module
How to Enable Oracle Solaris IP Filter in Previous Oracle Solaris 10 Releases
How to Activate a NIC for Packet Filtering
How to Deactivate Oracle Solaris IP Filter on a NIC
How to View pfil Statistics for Oracle Solaris IP Filter
Working With Oracle Solaris IP Filter Rule Sets
Managing Packet Filtering Rule Sets for Oracle Solaris IP Filter
How to View the Active Packet Filtering Rule Set
How to View the Inactive Packet Filtering Rule Set
How to Activate a Different or Updated Packet Filtering Rule Set
How to Remove a Packet Filtering Rule Set
How to Append Rules to the Active Packet Filtering Rule Set
How to Append Rules to the Inactive Packet Filtering Rule Set
How to Switch Between Active and Inactive Packet Filtering Rule Sets
How to Remove an Inactive Packet Filtering Rule Set From the Kernel
Managing NAT Rules for Oracle Solaris IP Filter
How to View Active NAT Rules
How to Remove NAT Rules
How to Append Rules to the NAT Rules
Managing Address Pools for Oracle Solaris IP Filter
How to View Active Address Pools
How to Remove an Address Pool
How to Append Rules to an Address Pool
Displaying Statistics and Information for Oracle Solaris IP Filter
How to View State Tables for Oracle Solaris IP Filter
How to View State Statistics for Oracle Solaris IP Filter
How to View NAT Statistics for Oracle Solaris IP Filter
How to View Address Pool Statistics for Oracle Solaris IP Filter
Working With Log Files for Oracle Solaris IP Filter
How to Set Up a Log File for Oracle Solaris IP Filter
How to View Oracle Solaris IP Filter Log Files
How to Flush the Packet Log File
How to Save Logged Packets to a File
Creating and Editing Oracle Solaris IP Filter Configuration Files
How to Create a Configuration File for Oracle Solaris IP Filter
Oracle Solaris IP Filter Configuration File Examples
Part V Mobile IP
Chapter 27 Mobile IP (Overview)
What's New in Mobile IP
Introduction to Mobile IP
Mobile IP Functional Entities
How Mobile IP Works
Agent Discovery
Agent Advertisement
Agent Advertisement Over Dynamic Interfaces
Agent Solicitation
Care-of Addresses
Mobile IP With Reverse Tunneling
Limited Private Addresses Support
Mobile IP Registration
Network Access Identifier (NAI)
Mobile IP Message Authentication
Mobile Node Registration Request
Registration Reply Message
Foreign Agent Considerations
Home Agent Considerations
Dynamic Home Agent Discovery
Routing Datagrams to and From Mobile Nodes
Encapsulation Methods
Unicast Datagram Routing
Broadcast Datagrams
Multicast Datagram Routing
Security Considerations for Mobile IP
Chapter 28 Administering Mobile IP (Tasks)
Creating the Mobile IP Configuration File (Task Map)
Creating the Mobile IP Configuration File
How to Plan for Mobile IP
How to Create the Mobile IP Configuration File
How to Configure the General Section
How to Configure the Advertisements Section
How to Configure the GlobalSecurityParameters Section
How to Configure the Pool Section
How to Configure the SPI Section
How to Configure the Address Section
Modifying the Mobile IP Configuration File (Task Map)
Modifying the Mobile IP Configuration File
How to Modify the General Section
How to Modify the Advertisements Section
How to Modify the GlobalSecurityParameters Section
How to Modify the Pool Section
How to Modify the SPI Section
How to Modify the Address Section
How to Add or Delete Configuration File Parameters
How to Display Current Parameter Values in the Configuration File
Displaying Mobility Agent Status
How to Display Mobility Agent Status
Displaying Mobility Routes on a Foreign Agent
How to Display Mobility Routes on a Foreign Agent
Chapter 29 Mobile IP Files and Commands (Reference)
Overview of the Solaris Mobile IP Implementation
Mobile IP Configuration File
Configuration File Format
Sample Configuration Files
mipagent.conf-sample File
mipagent.conf.fa-sample File
mipagent.conf.ha-sample File
Configuration File Sections and Labels
General Section
Advertisements Section
GlobalSecurityParameters Section
Pool Section
SPI Section
Address Section
Mobile Node
Mobility Agent
Mobile Node Identified by Its NAI
Default Mobile Node
Configuring the Mobility IP Agent
Mobile IP Mobility Agent Status
Mobile IP State Information
netstat Extensions for Mobile IP
snoop Extensions for Mobile IP
Part VI IPMP
Chapter 30 Introducing IPMP (Overview)
Why You Should Use IPMP
Oracle Solaris IPMP Components
Multipathing Daemon, in.mpathd
IPMP Terminology and Concepts
IP Link
Physical Interface
Network Interface Card
IPMP Group
Failure Detection and Failover
Repair Detection and Failback
Target Systems
Outbound Load Spreading
Dynamic Reconfiguration
Basic Requirements of IPMP
IPMP Addressing
Data Addresses
Test Addresses
IPv4 Test Addresses
IPv6 Test Addresses
Preventing Applications From Using Test Addresses
IPMP Interface Configurations
Standby Interfaces in an IPMP Group
Common IPMP Interface Configurations
Checking the Status of an Interface
IPMP Failure Detection and Recovery Features
Link-Based Failure Detection
Probe-Based Failure Detection
Group Failures
Detecting Physical Interface Repairs
What Happens During Interface Failover
IPMP and Dynamic Reconfiguration
Attaching NICs
Detaching NICs
Reattaching NICs
NICs That Were Missing at System Boot
Chapter 31 Administering IPMP (Tasks)
Configuring IPMP (Task Maps)
Configuring and Administering IPMP Groups (Task Map)
Administering IPMP on Interfaces That Support Dynamic Reconfiguration (Task Map)
Configuring IPMP Groups
Planning for an IPMP Group
How to Plan for an IPMP Group
Configuring IPMP Groups
How to Configure an IPMP Group With Multiple Interfaces
Configuring Target Systems
How to Manually Specify Target Systems for Probe-Based Failure Detection
How to Specify Target Systems in a Shell Script
Configuring Standby Interfaces
How to Configure a Standby Interface for an IPMP Group
Configuring IPMP Groups With a Single Physical Interface
How to Configure a Single Interface IPMP Group
Maintaining IPMP Groups
How to Display the IPMP Group Membership of an Interface
How to Add an Interface to an IPMP Group
How to Remove an Interface From an IPMP Group
How to Move an Interface From One IPMP Group to Another Group
Replacing a Failed Physical Interface on Systems That Support Dynamic Reconfiguration
How to Remove a Physical Interface That Has Failed (DR-Detach)
How to Replace a Physical Interface That Has Failed (DR-Attach)
Recovering a Physical Interface That Was Not Present at System Boot
How to Recover a Physical Interface That Was Not Present at System Boot
Modifying IPMP Configurations
How to Configure the /etc/default/mpathd File
Part VII IP Quality of Service (IPQoS)
Chapter 32 Introducing IPQoS (Overview)
IPQoS Basics
What Are Differentiated Services?
IPQoS Features
Where to Get More Information About Quality-of-Service Theory and Practice
Books About Quality of Service
Requests for Comments (RFCs) About Quality of Service
Web Sites With Quality-of-Service Information
IPQoS Man Pages
Providing Quality of Service With IPQoS
Implementing Service-Level Agreements
Assuring Quality of Service for an Individual Organization
Introducing the Quality-of-Service Policy
Improving Network Efficiency With IPQoS
How Bandwidth Affects Network Traffic
Using Classes of Service to Prioritize Traffic
Differentiated Services Model
Classifier (ipgpc) Overview
IPQoS Classes
IPQoS Filters
Meter (tokenmt and tswtclmt) Overview
Marker (dscpmk and dlcosmk) Overview
Flow Accounting (flowacct) Overview
How Traffic Flows Through the IPQoS Modules
Traffic Forwarding on an IPQoS-Enabled Network
DS Codepoint
Per-Hop Behaviors
Expedited Forwarding
Assured Forwarding
Packet Forwarding in a Diffserv Environment
Chapter 33 Planning for an IPQoS-Enabled Network (Tasks)
General IPQoS Configuration Planning (Task Map)
Planning the Diffserv Network Topology
Hardware Strategies for the Diffserv Network
IPQoS Network Topologies
IPQoS on Individual Hosts
IPQoS on a Network of Server Farms
IPQoS on a Firewall
Planning the Quality-of-Service Policy
QoS Policy Planning Aids
QoS Policy Planning (Task Map)
How to Prepare a Network for IPQoS
How to Define the Classes for Your QoS Policy
Defining Filters
How to Define Filters in the QoS Policy
How to Plan Flow Control
How to Plan Forwarding Behavior
How to Plan for Flow Accounting
Introducing the IPQoS Configuration Example
IPQoS Topology
Chapter 34 Creating the IPQoS Configuration File (Tasks)
Defining a QoS Policy in the IPQoS Configuration File (Task Map)
Tools for Creating a QoS Policy
Basic IPQoS Configuration File
Configuring the IPQoS Example Topology
Creating IPQoS Configuration Files for Web Servers
How to Create the IPQoS Configuration File and Define Traffic Classes
How to Define Filters in the IPQoS Configuration File
How to Define Traffic Forwarding in the IPQoS Configuration File
How to Enable Accounting for a Class in the IPQoS Configuration File
How to Create an IPQoS Configuration File for a Best-Effort Web Server
Creating an IPQoS Configuration File for an Application Server
How to Configure the IPQoS Configuration File for an Application Server
How to Configure Forwarding for Application Traffic in the IPQoS Configuration File
How to Configure Flow Control in the IPQoS Configuration File
Providing Differentiated Services on a Router
How to Configure a Router on an IPQoS-Enabled Network
Chapter 35 Starting and Maintaining IPQoS (Tasks)
Administering IPQoS (Task Map)
Applying an IPQoS Configuration
How to Apply a New Configuration to the IPQoS Kernel Modules
How to Ensure That the IPQoS Configuration Is Applied After Each Reboot
Enabling syslog Logging for IPQoS Messages
How to Enable Logging of IPQoS Messages During Booting
Troubleshooting with IPQoS Error Messages
Chapter 36 Using Flow Accounting and Statistics Gathering (Tasks)
Setting Up Flow Accounting (Task Map)
Recording Information About Traffic Flows
How to Create a File for Flow-Accounting Data
Gathering Statistical Information
Chapter 37 IPQoS in Detail (Reference)
IPQoS Architecture and the Diffserv Model
Classifier Module
IPQoS Selectors
Meter Module
tokenmt Metering Module
Configuring tokenmt as a Single-Rate Meter
Configuring tokenmt as a Two-Rate Meter
Configuring tokenmt to Be Color Aware
tswtclmt Metering Module
Marker Module
Using the dscpmk Marker for Forwarding Packets
Expedited Forwarding (EF) PHB
Assured Forwarding (AF) PHB
Supplying a DSCP to the Marker
Using the dlcosmk Marker With VLAN Devices
IPQoS Configuration for Systems With VLAN Devices
flowacct Module
flowacct Parameters
Flow Table
flowacct Records
Using acctadm with the flowacct Module
IPQoS Configuration File
action Statement
Module Definitions
class Clause
filter Clause
params Clause
ipqosconf Configuration Utility
Glossary
© 2010, Oracle Corporation and/or its affiliates