Configuring Multihomed Hosts
In Oracle Solaris, a system with more than one interface is considered a multihomed host. A multihomed host does not forward IP packets. However, you can configure a multihomed host to run routing protocols. You typically configure the following types of systems as multihomed hosts:
-
NFS servers, particularly those servers that function as large data centers, can be attached to more than one network in order to share files among a large pool of users. These servers do not need to maintain routing tables.
-
Database servers can have multiple network interfaces to provide resources to a large pool of users, just like NFS servers.
-
Firewall gateways are systems that provide the connection between a company's network and public networks such as the Internet. Administrators set up firewalls as a security measure. When configured as a firewall, the host does not pass packets between the networks that are attached to the host's interfaces. However, the host can still provide standard TCP/IP services, such as ssh to authorized users.
Note –When multihomed hosts have different types of firewalls on any of their interfaces, take care to avoid unintentional disruption of the host's packets. This problem arises particularly with stateful firewalls. One solution might be to configure stateless firewalling. For more information about firewalls, refer to Firewall Systems in System Administration Guide: Security Services or the documentation for your third-party firewall.
How to Create a Multihomed Host
-
On the prospective multihomed host, assume the Primary Administrator role, or become superuser.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
-
Configure and plumb each additional network interface that was not configured as part of the Oracle Solaris installation.
Refer to How to Configure a Physical Interface After System Installation.
-
Verify that IP forwarding is not enabled on the multihomed host.
# routeadm
The routeadm command without options reports the state of the routing daemons. The following output from routeadm shows that IPv4 forwarding is enabled:
Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 routing disabled disabled IPv6 routing disabled disabled IPv4 forwarding enabled disabled IPv6 forwarding disabled disabled Routing services "route:default ripng:default" -
Turn off packet forwarding, if it is enabled on the system.
Use either of the following commands:
-
For the routeadm command, type the following:
# routeadm -d ipv4-forwarding -u
-
To use SMF, type the following:
# svcadm disable ipv4-forwarding
-
-
(Optional) Turn on dynamic routing for the multihomed host.
Use either of the following commands to enable the in.routed daemon:
-
For the routeadm command, type the following:
# routeadm -e ipv4-routing -u
-
To use SMF, type the following:
# svcadm enable route:default
-
Example 5–6 Configuring a Multihomed Host
The following example shows how to configure the multihomed host that is shown in Figure 5–3. In the example, the system has the host name hostc. This host has two interfaces, which are both connected to network 192.168.5.0.
To begin, you would display the status of the system's interfaces.
# dladm show-link
hme0 type: legacy mtu: 1500 device: hme0
qfe0 type: legacy mtu: 1500 device: qfe0
qfe1 type: legacy mtu: 1500 device: qfe1
qfe2 type: legacy mtu: 1500 device: qfe2
qfe3 type: legacy mtu: 1500 device: qfe3
# ifconfig -a
lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.5.82 netmask ff000000 broadcast 192.255.255.255
ether 8:0:20:c1:1b:c6
|
The dladm show-link command reports that hostc has two interfaces with a total of five possible links. However, only hme0 has been plumbed. To configure hostc as a multihomed host, you must add qfe0 or another link on the qfe NIC. First, you would physically connect the qfe0 interface to the 192.168.5.0 network. Then you would plumb the qfe0 interface, and make the interface persist across reboots.
# ifconfig qf0 plumb up
# ifconfig qfe0 192.168.5.85
# ifconfig -a
lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.5.82 netmask ff0000 broadcast 192.255.255.255
ether 8:0:20:c1:1b:c6
qfe0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.5.85 netmask ff000000 broadcast 192.255.255.255
ether 8:0:20:e1:3b:c4
# vi /etc/hostname.qfe0
192.168.5.85
255.0.0.0
|
Reboot the system, using the reconfiguration command:
# reboot -- -r |
Next, you would add the qfe0 interface to the hosts database:
# vi /etc/inet/hosts 127.0.0.1 localhost 192.168.5.82 host3 #primary network interface for host3 192.168.5.85 host3-2 #second interface |
Then, you would check the state of packet forwarding and routing on host3:
# routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing enabled enabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
|
The routeadm command reports that dynamic routing through the in.routed daemon and packet forwarding are currently enabled. However, you would need to disable packet forwarding:
# svcadm disable ipv4-forwarding |
You can also use the routeadm commands as shown in How to Create a Multihomed Host to turn off packet forwarding. When packet forwarding is disabled, host3 becomes a multihomed host.
- © 2010, Oracle Corporation and/or its affiliates