Chapter 8 Administering a TCP/IP Network (Tasks)

This chapter contains tasks for administering a TCP/IP network. The following topics are covered:

• Major TCP/IP Administrative Tasks (Task Map)

• Monitoring the Interface Configuration With the ifconfig Command

• Monitoring Network Status With the netstat Command

• Probing Remote Hosts With the ping Command

• Administering and Logging Network Status Displays

• Displaying Routing Information With the traceroute Command

• Monitoring Packet Transfers With the snoop Command

• Administering Default Address Selection

The tasks assume that you have an operational TCP/IP network at your site, either IPv4-only or dual-stack IPv4/IPv6. If you want to implement IPv6 at your site but have not done so, refer to following chapters for more information:

• To plan an IPv6 implementation, refer to Chapter 4, Planning an IPv6 Network (Tasks).

• To configure IPv6 and create a dual-stack network environment, refer to Chapter 7, Configuring an IPv6 Network (Tasks).

Major TCP/IP Administrative Tasks (Task Map)

The following table lists other miscellaneous tasks to administer the network after initial configuration, such as displaying network information. The table includes a description of what each task accomplishes and the section in the current documentation where the specific steps to perform the task are detailed.

Monitoring the Interface Configuration With the ifconfig Command

You use the ifconfig command to manually assign IP addresses to interfaces and to manually configure interface parameters. In addition, Oracle Solaris startup scripts run ifconfig to configure pseudo interfaces, such as 6to4 tunnel endpoints.

This book contains many tasks that use the various options of the versatile ifconfig command. For a complete description of this command, its options, and its variables, refer to the ifconfig(1M) man page. The basic syntax of ifconfig follows:

ifconfig interface [protocol-family]

How to Get Information About a Specific Interface

Use the ifconfig command to determine basic information about the interfaces of a particular system. For example, a simple ifconfig query can tell you the following:

• Device names of all interfaces on a system

• All IPv4 and, if applicable, all IPv6 addresses that are assigned to the interfaces

• Whether these interfaces are currently configured

The following procedure shows how to use the ifconfig command to obtain basic configuration information about a system's interfaces.

1. On the local host, assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Obtain information about a particular interface.

   # ifconfig interface

   The output from the ifconfig command has the following format:

   • Status line

     The first line in the ifconfig command output includes the interface name and status flags currently associated with the interface. Also, the status line includes the maximum transmission unit (MTU) that is configured for the particular interface and an index number. Use the status line to determine the current state of the interface.

   • IP address information line

     The second line of the ifconfig output includes the IPv4 address or IPv6 address that is configured for the interface. For an IPv4 address, the configured netmask and broadcast address are also displayed.

   • MAC address line

     When you run the ifconfig command as superuser or with a similar role, the ifconfig output contains a third line. For an IPv4 address, the third line shows the MAC address (Ethernet layer address) that is assigned to the interface. For an IPv6 address, the third line in the output shows the link-local address that the IPv6 in.ndpd daemon generates from the MAC address.

Example 8–1 Basic Interface Information From the ifconfig Command

The following example shows how to obtain information about the eri interface on a particular host by using the ifconfig command.

# ifconfig eri
eri0: flags=863<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 1
      inet 10.0.0.112 netmask ffffff80 broadcast 10.8.48.127
      ether 8:0:20:b9:4c:54 
	

The next table describes the variable information in an ifconfig query and also includes the description of how the variable might be displayed on the screen and the type of information that is being provided. The preceding output is used as an example.

How to Display Interface Address Assignments

Routers and multihomed hosts have more than one interface and, often, more than one IP address assigned to each interface. You can use the ifconfig command to display all addresses that are assigned to the interfaces of a system. You can also use the ifconfig command to display only IPv4 or IPv6 address assignments. To additionally display the MAC addresses of the interfaces, you must first log in as superuser or assume the appropriate role.

For more information on the ifconfig command, see the ifconfig(1M) man page.

1. On the local system, assume the Network Management role or become superuser.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Obtain information about all interfaces.

   You can use variations of the ifconfig -a command to do the following:

   • View all addresses of all interfaces on the system.

     # ifconfig -a

   • View all IPv4 addresses that are assigned to a system's interfaces.

     # ifconfig -a4

   • If the local system is IPv6-enabled, display all IPv6 addresses that are assigned to a system's interfaces.

     ifconfig -a6

Example 8–2 Displaying Addressing Information for All Interfaces

This example shows entries for a host with solely a primary network interface, qfe0. Nevertheless, the ifconfig output shows that three forms of addresses are currently assigned to qfe0: loopback (lo0), IPv4 (inet), and IPv6 (inet6). In the IPv6 section of the output, note that the line for interface qfe0 displays the link-local IPv6 address. The second address for qfe0 is displayed on the qfe0:1 line.

% ifconfig -a
lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
qfe0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 
        inet 10.0.0.112 netmask ffffff80 broadcast 10.0.0.127
        ether 8:0:20:b9:4c:54 
lo0: flags=2000849 <UP,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
        inet6 ::1/128 
qfe0: flags=2000841 <UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        ether 8:0:20:b9:4c:54 
        inet6 fe80::a00:20ff:feb9:4c54/10 
qfe0:1: flags=2080841 <UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
        inet6 2001:db8:3c4d:48:a00:20ff:feb9:4c54/64 

Example 8–3 Displaying Addressing Information for All IPv4 Interfaces

This example shows the IPv4 address that is configured for a multihomed host. You do not need to be logged in as superuser to run this form of the ifconfig command.

% ifconfig -a4
lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
qfe0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 10.0.0.112 netmask ffffff80 broadcast 10.0.0.127
        ether 8:0:20:b9:4c:54 
qfe1: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 10.0.0.118 netmask ffffff80 broadcast 10.0.0.127
        ether 8:0:20:6f:5e:17

Example 8–4 Displaying Addressing Information for All IPv6 Interfaces

This example shows only the IPv6 addresses that are configured for a particular host. You do not need to be logged in as superuser to run this form of the ifconfig command.

% ifconfig -a6
lo0: flags=2000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
        inet6 ::1/128 
qfe0: flags=2000841 <UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        ether 8:0:20:b9:4c:54 
        inet6 fe80::a00:20ff:feb9:4c54/10
qfe0:1: flags=2080841 <UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
        inet6 2001:db8:3c4d:48:a00:20ff:feb9:4c54/64 

This output from ifconfig shows the following three types of IPv6 address forms that are assigned to the single interface of a host:

lo0

IPv6 loopback address.

inet6 fe80::a00:20ff:feb9:4c54/10

Link-local address that is assigned to the primary network interface.

inet6 2001:db8:3c4d:48:a00:20ff:feb9:4c54/64

IPv6 address, including subnet prefix. The term ADDRCONF in the output indicates that this address was autoconfigured by the host.

Monitoring Network Status With the netstat Command

The netstat command generates displays that show network status and protocol statistics. You can display the status of TCP, SCTP, and UDP endpoints in table format. You can also display routing table information and interface information.

The netstat command displays various types of network data, depending on the selected command-line option. These displays are the most useful for system administration. The basic syntax for netstat follows:

netstat [-m] [-n] [-s] [-i | -r] [-faddress-family]

This section describes the most commonly used options of the netstat command. For a detailed description of all netstat options, refer to the netstat(1M) man page.

How to Display Statistics by Protocol

The netstat -s option displays protocol statistics for the UDP, TCP, SCTP, ICMP, and IP protocols.

You can use your Oracle Solaris user account to obtain output from the netstat command.

1. Display the protocol status.

   $ netstat -s

Example 8–5 Network Protocol Statistics

The following example shows the output of the netstat -s command. Parts of the output have been truncated. The output can indicate areas where a protocol is having problems. For example, statistical information from ICMPv4 and ICMPv6 can indicate where the ICMP protocol has found errors.

RAWIP
        rawipInDatagrams    =  4701     rawipInErrors       =     0
        rawipInCksumErrs    =     0     rawipOutDatagrams   =     4
        rawipOutErrors      =     0

UDP
        udpInDatagrams      = 10091     udpInErrors         =     0
        udpOutDatagrams     = 15772     udpOutErrors        =     0

TCP     tcpRtoAlgorithm     =     4     tcpRtoMin           =   400
        tcpRtoMax           = 60000     tcpMaxConn          =    -1
        .
        .
        tcpListenDrop       =     0     tcpListenDropQ0     =     0
        tcpHalfOpenDrop     =     0     tcpOutSackRetrans   =     0

IPv4    ipForwarding        =     2     ipDefaultTTL        =   255
        ipInReceives        =300182     ipInHdrErrors       =     0
        ipInAddrErrors      =     0     ipInCksumErrs       =     0
        .
        .
        ipsecInFailed       =     0     ipInIPv6            =     0
        ipOutIPv6           =     3     ipOutSwitchIPv6     =     0

IPv6    ipv6Forwarding      =     2     ipv6DefaultHopLimit =   255
        ipv6InReceives      = 13986     ipv6InHdrErrors     =     0
        ipv6InTooBigErrors  =     0     ipv6InNoRoutes      =     0
        .
        .
        rawipInOverflows    =     0     ipv6InIPv4          =     0
 
       ipv6OutIPv4         =     0     ipv6OutSwitchIPv4   =     0

ICMPv4  icmpInMsgs          = 43593     icmpInErrors        =     0
        icmpInCksumErrs     =     0     icmpInUnknowns      =     0
        .
        .
        icmpInOverflows     =     0

ICMPv6  icmp6InMsgs         = 13612     icmp6InErrors       =     0
        icmp6InDestUnreachs =     0     icmp6InAdminProhibs =     0
        .
        .
        icmp6OutGroupQueries=     0     icmp6OutGroupResps  =     2
        icmp6OutGroupReds   =     0

IGMP:
      12287 messages received
          0 messages received with too few bytes
          0 messages received with bad checksum
      12287 membership queries received
SCTP  sctpRtoAlgorithm     =  vanj    
      sctpRtoMin           =  1000 
      sctpRtoMax           = 60000
      sctpRtoInitial       =  3000
      sctpTimHearBeatProbe =     2
      sctpTimHearBeatDrop  =     0
      sctpListenDrop       =     0
      sctpInClosed         =     0 

How to Display the Status of Transport Protocols

You can display the status of the transport protocols through the netstat command. For detailed information, refer to the netstat(1M) man page.

1. Display the status of the TCP and SCTP transport protocols on a system.

   $ netstat

2. Display the status of a particular transport protocol on a system.

   $ netstat -P transport-protocol

   Values for the transport-protocol variable are tcp, sctp, or udp.

Example 8–6 Displaying the Status of the TCP and SCTP Transport Protocols

This example shows the output of the basic netstat command. Note that IPv4-only information is displayed.

$ netstat

TCP: IPv4
   Local Address     Remote Address    Swind Send-Q  Rwind Recv-Q      State
----------------- -------------------- ----- ------  ----- ------     -------
lhost-1.login      abc.def.local.Sun.COM.980 49640      0     49640    0 ESTABLISHED
lhost-1.login      ghi.jkl.local.Sun.COM.1020 49640     1     49640    0 ESTABLISHED
remhost-1.1014     mno.pqr.remote.Sun.COM.nfsd 49640    0     49640    0 TIME_WAIT
SCTP:                  
Local Address    Remote Address  Swind  Send-Q  Rwind  Recv-Q StrsI/O  State 
---------------- --------------  -----  ------ ------ ------  ------   -------
 *.echo            0.0.0.0            0       0 102400      0   128/1   LISTEN
 *.discard         0.0.0.0            0       0 102400      0   128/1   LISTEN
 *.9001            0.0.0.0            0       0 102400      0   128/1   LISTEN

Example 8–7 Displaying the Status of a Particular Transport Protocol

This example shows the results when you specify the -P option of netstat.

$ netstat -P tcp
   
TCP: IPv4
   Local Address     Remote Address    Swind Send-Q  Rwind Recv-Q      State
----------------- -------------------- ----- ------  ----- ------     -------
lhost-1.login      abc.def.local.Sun.COM.980 49640      0     49640    0 ESTABLISHED
lhost.login        ghi.jkl.local.Sun.COM.1020 49640     1     49640    0 ESTABLISHED
remhost.1014       mno.pqr.remote.Sun.COM.nfsd 49640    0     49640    0 TIME_WAIT

TCP: IPv6
 Local Address    Remote Address        Swind Send-Q Rwind Recv-Q   State If 
---------------- ---------------------- ------ ----- ------ ----------- -----
localhost.38983   localhost.32777       49152      0 49152      0 ESTABLISHED      
localhost.32777   localhost.38983       49152      0 49152      0 ESTABLISHED      
localhost.38986   localhost.38980       49152      0 49152      0 ESTABLISHED      

How to Display Network Interface Status

The i option of the netstat command shows the state of the network interfaces that are configured on the local system. With this option, you can determine the number of packets a system transmits and receives on each network.

1. Display the status of interfaces on the network.

   $ netstat -i

Example 8–8 Network Interface Status Display

The next example shows the status of IPv4 and IPv6 packet flow through the host's interfaces.

For example, the input packet count (Ipkts) that is displayed for a server can increase each time a client tries to boot, while the output packet count (Opkts) remains steady. This outcome suggests that the server is seeing the boot request packets from the client. However, the server does not know to respond to them. This confusion might be caused by an incorrect address in the hosts, ipnodes, or ethers database.

However, if the input packet count is steady over time, then the machine does not see the packets at all. This outcome suggests a different type of failure, possibly a hardware problem.

Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue 
lo0   8232 loopback      localhost      142    0     142    0     0      0     
hme0  1500 host58        host58        1106302 0     52419  0     0      0     

Name  Mtu  Net/Dest      Address                    Ipkts  Ierrs Opkts  Oerrs Collis
lo0   8252 localhost     localhost                   142    0     142    0     0     
hme0  1500 fe80::a00:20ff:feb9:4c54/10 fe80::a00:20ff:feb9:4c54 1106305 0 52422 0  0

How to Display the Status of Sockets

The -a option of the netstat command enables you to view the status of sockets on the local host.

1. Type the following to display the status of sockets and routing table entries:

   You can use your user account to run this option of netstat.

   % netstat -a

Example 8–9 Displaying All Sockets and Routing Table Entries

The output of the netstat -a command shows extensive statistics. The following example shows portions of typical netstat -a output.

UDP: IPv4
   Local Address         Remote Address     State
-------------------- -------------------- -------
      *.bootpc                              Idle
host85.bootpc                               Idle
      *.*                                   Unbound
      *.*                                   Unbound
      *.sunrpc                              Idle
      *.*                                   Unbound
      *.32771                               Idle
      *.sunrpc                              Idle
      *.*                                   Unbound
      *.32775                               Idle
      *.time                                Idle
       .
       .
      *.daytime                             Idle
      *.echo                                Idle
      *.discard                             Idle
      
UDP: IPv6
   Local Address                     Remote Address                   State      If  
--------------------------------- --------------------------------- ---------- -----
      *.*                                                           Unbound   
      *.*                                                           Unbound   
      *.sunrpc                                                      Idle      
      *.*                                                           Unbound   
      *.32771                                                       Idle      
      *.32778                                                       Idle      
      *.syslog                                                      Idle      
      .
      .
TCP: IPv4
   Local Address        Remote Address    Swind Send-Q Rwind Recv-Q  State
-------------------- -------------------- ----- ------ ----- ------ -------
      *.*                  *.*                0      0 49152      0 IDLE
localhost.4999             *.*                0      0 49152      0 LISTEN
      *.sunrpc             *.*                0      0 49152      0 LISTEN
      *.*                  *.*                0      0 49152      0 IDLE
      *.sunrpc             *.*                0      0 49152      0 LISTEN
      .
      .
      *.printer            *.*                0      0 49152      0 LISTEN
      *.time               *.*                0      0 49152      0 LISTEN
      *.daytime            *.*                0      0 49152      0 LISTEN
      *.echo               *.*                0      0 49152      0 LISTEN
      *.discard            *.*                0      0 49152      0 LISTEN
      *.chargen            *.*                0      0 49152      0 LISTEN
      *.shell              *.*                0      0 49152      0 LISTEN
      *.shell              *.*                0      0 49152      0 LISTEN
      *.kshell             *.*                0      0 49152      0 LISTEN
      *.login  
       .
       .
            *.*                0      0 49152      0 LISTEN
   *TCP: IPv6
 Local Address            Remote Address        Swind Send-Q Rwind Recv-Q   State If
----------------------- ----------------------- ----- ------ ----- ------    ----
   *.*                         *.*                0      0 49152      0      IDLE
   *.sunrpc                    *.*                0      0 49152      0      LISTEN
   *.*                         *.*                0      0 49152      0      IDLE
   *.32774                     *.*                0      0 49152

How to Display the Status of Transmissions for Packets of a Specific Address Type

Use the -f option of the netstat command to view statistics related to packet transmissions of a particular address family.

1. View statistics for transmissions of either IPv4 or IPv6 packets.

   $ netstat -f inet | inet6

   To view IPv4 transmission information, type inet as the argument to netstat -f. Use inet6 as the argument to netstat -f to view IPv6 information.

Example 8–10 Status of IPv4 Packet Transmission

The following example shows output from the netstat -f inet command.

TCP: IPv4
   Local Address        Remote Address    Swind Send-Q Rwind Recv-Q  State
-------------------- -------------------- ----- ------ ----- ------ -------
host58.734         host19.nfsd       49640      0 49640      0 ESTABLISHED
host58.38063       host19.32782      49640      0 49640      0 CLOSE_WAIT
host58.38146       host41.43601      49640      0 49640      0 ESTABLISHED
host58.996         remote-host.login 49640      0 49206      0 ESTABLISHED

Example 8–11 Status of IPv6 Packet Transmission

The following example shows output from the netstat -f inet6 command.

TCP: IPv6
 Local Address          Remote Address        Swind Send-Q Rwind Recv-Q   State    If
------------------ ------------------------- ----- ------ ----- ------ --------- -----
localhost.38065         localhost.32792       49152   0 49152      0    ESTABLISHED  
localhost.32792         localhost.38065       49152   0 49152      0    ESTABLISHED 
localhost.38089         localhost.38057       49152   0 49152      0    ESTABLISHED 

How to Display the Status of Known Routes

The -r option of the netstat command displays the routing table for the local host. This table shows the status of all routes that the host knows about. You can run this option of netstat from your user account.

1. Display the IP routing table.

   $ netstat -r

Example 8–12 Routing Table Output by the netstat Command

The following example shows output from the netstat -r command.

Routing Table: IPv4
  Destination           Gateway           Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
host15               myhost               U         1  31059  hme0
10.0.0.14            myhost               U         1      0  hme0
default              distantrouter        UG        1      2  hme0
localhost            localhost            UH        42019361  lo0

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use   If  
--------------------------- --------------------------- ----- --- ------ -----
2002:0a00:3010:2::/64    2002:0a00:3010:2:1b2b:3c4c:5e6e:abcd U  1      0 hme0:1
fe80::/10                fe80::1a2b:3c4d:5e6f:12a2    U       1     23 hme0 
ff00::/8                 fe80::1a2b:3c4d:5e6f:12a2    U       1      0 hme0 
default                  fe80::1a2b:3c4d:5e6f:12a2    UG      1      0 hme0 
localhost                localhost                   UH      9  21832 lo0 

The following table describes the meaning of the various parameters of the screen output of the netstat —r command.

Probing Remote Hosts With the ping Command

You can use the ping command to determine the status of a remote host. When you run ping, the ICMP protocol sends a datagram to the host that you specify, asking for a response. ICMP is the protocol responsible for error handling on a TCP/IP network. When you use ping, you can find out whether an IP connection exists for the specified remote host.

The following is the basic syntax of ping:

/usr/sbin/ping host [timeout]

In this syntax, host is the name of the remote host. The optional timeout argument indicates the time in seconds for the ping command to continue trying to reach the remote host. The default is 20 seconds. For additional syntax and options, refer to the ping(1M) man page.

How to Determine if a Remote Host Is Running

1. Type the following form of the ping command:

   $ ping hostname

   If host hostname is accepting ICMP transmissions, this message is displayed:

   hostname is alive

   This message indicates that hostname responded to the ICMP request. However, if hostname is down or cannot receive the ICMP packets, you receive the following response from the ping command:

   no answer from hostname

How to Determine if a Host Is Dropping Packets

Use the -s option of the ping command to determine if a remote host is running but nevertheless losing packets.

1. Type the following form of the ping command:

   $ ping -s hostname

Example 8–13 ping Output for Detecting Packet Dropping

The ping -s hostname command continually sends packets to the specified host until you send an interrupt character or a time out occurs. The responses on your screen resemble the following:

& ping -s host1.domain8
PING host1.domain8 : 56 data bytes
64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=0. time=1.67 ms
64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=1. time=1.02 ms
64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=2. time=0.986 ms
64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=3. time=0.921 ms
64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=4. time=1.16 ms
64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=5. time=1.00 ms
64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=5. time=1.980 ms

^C

----host1.domain8  PING Statistics----
7 packets transmitted, 7 packets received, 0% packet loss
round-trip (ms)  min/avg/max/stddev = 0.921/1.11/1.67/0.26

The packet-loss statistic indicates whether the host has dropped packets. If ping fails, check the status of the network that is reported by the ifconfig and netstat commands. Refer to Monitoring the Interface Configuration With the ifconfig Command and Monitoring Network Status With the netstat Command.

Administering and Logging Network Status Displays

The following tasks show how to check the status of the network by using well-known networking commands.

How to Control the Display Output of IP-Related Commands

You can control the output of the netstat and ifconfig commands to display IPv4 information only, or both IPv4 and IPv6 information.

1. Create the /etc/default/inet_type file.

2. Add one of the following entries to /etc/default/inet_type, as required for your network:

   • To display IPv4 information only:

     DEFAULT_IP=IP_VERSION4

   • To display both IPv4 and IPv6 information:

     DEFAULT_IP=BOTH

     Or

     DEFAULT_IP=IP_VERSION6

     For more information about the inet_type file, see the inet_type(4) man page.

   ---

   Note –

   The -4 and -6 flags in the ifconfig command override the values set in the inet_type file. The -f flag in the netstat command also overrides the values set in the inet_type file.

   ---

Example 8–14 Controlling Output to Select IPv4 and IPv6 Information

• When you specify the DEFAULT_IP=BOTH or DEFAULT_IP=IP_VERSION6 variable in the inet_type file, you should have the following output:

  % ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 10.10.0.1 netmask ff000000 qfe0: flags=1000843 mtu 1500 index 2 inet 10.46.86.54 netmask ffffff00 broadcast 10.46.86.255 ether 8:0:20:56:a8 lo0: flags=2000849 mtu 8252 index 1 inet6 ::1/128 qfe0: flags=2000841 mtu 1500 index 2 ether 8:0:20:56:a8 inet6 fe80::a00:fe73:56a8/10 qfe0:1: flags=2080841 mtu 1500 index 2 inet6 2001:db8:3c4d:5:a00:fe73:56a8/64

• When you specify the DEFAULT_IP=IP_VERSION4 or DEFAULT_IP=IP_VERSION6 variable in the inet_type file, you should have the following output:

  % ifconfig -a lo0: flags=849 mtu 8232 inet 10.10.0.1 netmask ff000000 qfe0: flags=843 mtu 1500 inet 10.46.86.54 netmask ffffff00 broadcast 10.46.86.255 ether 8:0:20:56:a8

How to Log Actions of the IPv4 Routing Daemon

If you suspect a malfunction of routed, the IPv4 routing daemon, you can start a log that traces the daemon's activity. The log includes all packet transfers when you start the routed daemon.

1. On the local host, assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Create a log file of routing daemon actions:

   # /usr/sbin/in.routed /var/log-file-name

   ---

   Caution –

   On a busy network, this command can generate almost continuous output.

   ---

Example 8–15 Network Log for the in.routed Daemon

The following example shows the beginning of the log that is created by the procedure How to Log Actions of the IPv4 Routing Daemon.

-- 2003/11/18 16:47:00.000000 --
Tracing actions started
RCVBUF=61440
Add interface lo0  #1   127.0.0.1      -->127.0.0.1/32   
   <UP|LOOPBACK|RUNNING|MULTICAST|IPv4> <PASSIVE> 
Add interface hme0 #2   10.10.48.112    -->10.10.48.0/25   
    <UP|BROADCAST|RUNNING|MULTICAST|IPv4> 
turn on RIP
Add    10.0.0.0        -->10.10.48.112      metric=0  hme0  <NET_SYN>
Add    10.10.48.85/25  -->10.10.48.112      metric=0  hme0  <IF|NOPROP>

How to Trace the Activities of the IPv6 Neighbor Discovery Daemon

If you suspect a malfunction of the IPv6 in.ndpd daemon, you can start a log that traces the daemon's activity. This trace is displayed on the standard output until terminated. This trace includes all packet transfers when you start the in.ndpd daemon.

1. Assume the Primary Administrator role, or become superuser, on the local IPv6 node.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Start a trace of the in.ndpd daemon.

   # /usr/lib/inet/in.ndpd -t

3. Terminate the trace as needed by typing Control-C.

Example 8–16 Trace of the in.ndpd Daemon

The following output shows the beginning of a trace of in.ndpd.

# /usr/lib/inet/in.ndpd -t
Nov 18 17:27:28 Sending solicitation to  ff02::2 (16 bytes) on hme0
Nov 18 17:27:28         Source LLA: len 6 <08:00:20:b9:4c:54>
Nov 18 17:27:28 Received valid advert from fe80::a00:20ff:fee9:2d27 (88 bytes) on hme0
Nov 18 17:27:28         Max hop limit: 0
Nov 18 17:27:28         Managed address configuration: Not set
Nov 18 17:27:28         Other configuration flag: Not set
Nov 18 17:27:28         Router lifetime: 1800
Nov 18 17:27:28         Reachable timer: 0
Nov 18 17:27:28         Reachable retrans timer: 0
Nov 18 17:27:28         Source LLA: len 6 <08:00:20:e9:2d:27>
Nov 18 17:27:28         Prefix: 2001:08db:3c4d:1::/64
Nov 18 17:27:28                 On link flag:Set
Nov 18 17:27:28                 Auto addrconf flag:Set
Nov 18 17:27:28                 Valid time: 2592000
Nov 18 17:27:28                 Preferred time: 604800
Nov 18 17:27:28         Prefix: 2002:0a00:3010:2::/64
Nov 18 17:27:28                 On link flag:Set
Nov 18 17:27:28                 Auto addrconf flag:Set
Nov 18 17:27:28                 Valid time: 2592000
Nov 18 17:27:28                 Preferred time: 604800

Displaying Routing Information With the traceroute Command

The traceroute command traces the route an IP packet follows to a remote system. For technical details about traceroute, see the traceroute(1M) man page.

You use the traceroute command to uncover any routing misconfiguration and routing path failures. If a particular host is unreachable, you can use traceroute to see what path the packet follows to the remote host and where possible failures might occur.

The traceroute command also displays the round trip time for each gateway along the path to the target host. This information can be useful for analyzing where traffic is slow between the two hosts.

How to Find Out the Route to a Remote Host

1. Type the following to discover the route to a remote system:

   % traceroute destination-hostname

   You can run this form of the traceroute command from your user account.

Example 8–17 Using the traceroute Command to Show the Route to a Remote Host

The following output from the traceroute command shows the seven–hop path a packet follows from the local system nearhost to the remote system farhost. The output also shows the times for a packet to traverse each hop.

istanbul% traceroute farhost.faraway.com
	traceroute to farhost.faraway.com (172.16.64.39), 30 hops max, 40 byte packets
	 1  frbldg7c-86 (172.16.86.1)  1.516 ms  1.283 ms  1.362 ms
	 2  bldg1a-001 (172.16.1.211)  2.277 ms  1.773 ms  2.186 ms
	 3  bldg4-bldg1 (172.16.4.42)  1.978 ms  1.986 ms  13.996 ms
	 4  bldg6-bldg4 (172.16.4.49)  2.655 ms  3.042 ms  2.344 ms
	 5  ferbldg11a-001 (172.16.1.236)  2.636 ms  3.432 ms  3.830 ms
	 6  frbldg12b-153 (172.16.153.72)  3.452 ms  3.146 ms  2.962 ms
	 7  sanfrancisco (172.16.64.39)  3.430 ms  3.312 ms  3.451 ms

How to Trace All Routes

This procedure uses the -a option of the traceroute command to trace all routes.

1. Type the following command on the local system:

   % traceroute -ahost-name

   You can run this form of the traceroute command from your user account.

Example 8–18 Tracing All Routes to a Dual-Stack Host

This example shows all possible routes to a dual-stack host.

% traceroute -a v6host.remote.com
traceroute: Warning: Multiple interfaces found; using 2::56:a0:a8 @ eri0:2
traceroute to v6host (2001:db8:4a3b::102:a00:fe79:19b0),30 hops max, 60 byte packets
 1  v6-rout86 (2001:db8:4a3b:56:a00:fe1f:59a1)  35.534 ms  56.998 ms * 
 2  2001:db8::255:0:c0a8:717  32.659 ms  39.444 ms *
 3  farhost.faraway.COM (2001:db8:4a3b::103:a00:fe9a:ce7b)  401.518 ms  7.143 ms *
 4  distant.remote.com (2001:db8:4a3b::100:a00:fe7c:cf35)  113.034 ms  7.949 ms *
 5  v6host (2001:db8:4a3b::102:a00:fe79:19b0)  66.111 ms *  36.965 ms

traceroute to v6host.remote.com  (192.168.10.75),30 hops max,40 byte packets
 1  v6-rout86 (172.16.86.1)  4.360 ms  3.452 ms  3.479 ms
 2  flrmpj17u.here.COM (172.16.17.131)  4.062 ms  3.848 ms  3.505 ms
 3  farhost.farway.com (10.0.0.23)  4.773 ms *  4.294 ms
 4  distant.remote.com (192.168.10.104)  5.128 ms  5.362 ms *
 5  v6host  (192.168.15.85)  7.298 ms  5.444 ms *
 

Monitoring Packet Transfers With the snoop Command

You can use the snoop command to monitor the state of data transfers. snoop captures network packets and displays their contents in the format that you specify. Packets can be displayed as soon as they are received, or saved to a file. When snoop writes to an intermediate file, packet loss under busy trace conditions is unlikely. snoop itself is then used to interpret the file.

To capture packets to and from the default interface in promiscuous mode, you must assume the Network Management role or become superuser. In summary form, snoop displays only the data that pertains to the highest-level protocol. For example, an NFS packet only displays NFS information. The underlying RPC, UDP, IP, and Ethernet frame information is suppressed but can be displayed if either of the verbose options is chosen.

Use snoop frequently and consistently to become familiar with normal system behavior. For assistance in analyzing packets, look for a recent white paper and RFC, and seek the advice of an expert in a particular area, such as NFS or NIS. For details on using snoop and its options, refer to the snoop(1M) man page.

How to Check Packets From All Interfaces

1. On the local host, assume the Network Management role or become superuser.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Print information about the interfaces that are attached to the system.

   # ifconfig -a

   The snoop command normally uses the first non-loopback device, typically the primary network interface.

3. Begin packet capture by typing snoop without arguments, as shown in Example 8–19.

4. Use Control-C to halt the process.

Example 8–19 Output From the snoop Command

The basic snoop command returns output that resembles the following, for a dual-stack host.

% snoop
Using device /dev/hme (promiscuous mode)
farhost.remote.com -> myhost       RLOGIN C port=993 
    myhost -> farhost.remote.com   RLOGIN R port=993 Using device /dev/hme
router5.local.com -> router5.local.com ARP R 10.0.0.13, router5.local.com is
    0:10:7b:31:37:80
router5.local.com -> BROADCAST     TFTP Read "network-confg" (octet)
farhost.remote.com -> myhost       RLOGIN C port=993 
    myhost ->   nisserve2          NIS C MATCH 10.0.0.64 in ipnodes.byaddr
nisserve2 ->    myhost             NIS R MATCH No such key
    blue-112 -> slave-253-2        NIS C MATCH 10.0.0.112 in ipnodes.byaddr
myhost -> DNSserver.local.com      DNS C 192.168.10.10.in-addr.arpa. Internet PTR ?
DNSserver.local.com  myhost        DNS R 192.168.10.10.in-addr.arpa. Internet PTR 
   niserve2.
.
.
farhost.remote.com-> myhost        RLOGIN C port=993 
    myhost -> farhost.remote.com   RLOGIN R port=993 fe80::a00:20ff:febb:
.
fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (5 destinations)

The packets that are captured in this output show a remote login section, including lookups to the NIS and DNS servers for address resolution. Also included are periodic ARP packets from the local router and advertisements of the IPv6 link-local address to in.ripngd.

How to Capture snoop Output Into a File

1. On the local host, assume the Network Management role or become superuser.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Capture a snoop session into a file.

   # snoop -o filename

   For example:

   # snoop -o /tmp/cap Using device /dev/eri (promiscuous mode) 30 snoop: 30 packets captured

   In the example, 30 packets have been captured in a file named /tmp/cap. The file can be in any directory with enough disk space. The number of packets that are captured is displayed on the command line, enabling you to press Control-C to abort at any time.

   snoop creates a noticeable networking load on the host machine, which can distort the results. To see the actual results, run snoop from a third system.

3. Inspect the snoop output captures file.

   # snoop -i filename

Example 8–20 Contents of a snoop Output Captures File

The following output shows a variety of captures such as you might receive as output from the snoop -i command.

# snoop -i /tmp/cap
1   0.00000 fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 
    ICMPv6 Neighbor advertisement
2   0.16198 farhost.com   -> myhost     RLOGIN C port=985 
3   0.00008 myhost -> farhost.com       RLOGIN R port=985 
10  0.91493    10.0.0.40 -> (broadcast)  ARP C Who is 10.0.0.40, 10.0.0.40 ?
34  0.43690 nearserver.here.com  -> 224.0.1.1  IP  D=224.0.1.1 S=10.0.0.40 LEN=28, 
      ID=47453, TO =0x0, TTL=1
35  0.00034  10.0.0.40 -> 224.0.1.1    IP  D=224.0.1.1 S=10.0.0.40 LEN=28, ID=57376, 
     TOS=0x0, TTL=47  

How to Check Packets Between an IPv4 Server and a Client

1. Establish a snoop system off a hub that is connected to either the client or the server.

   The third system (the snoop system) checks all the intervening traffic, so the snoop trace reflects what is actually happening on the wire.

2. On the snoop system, assume the Network Management role or become superuser.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

3. Type snoop with options and save the output to a file.

4. Inspect and interpret the output.

   Refer to RFC 1761, Snoop Version 2 Packet Capture File Format for details of the snoop capture file.

How to Monitor IPv6 Network Traffic

You can use the snoop command to display only IPv6 packets.

1. On the local node, assume the Network Management role or become superuser.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Capture IPv6 packets.

   # snoop ip6

   For more information on the snoop command, see the snoop(1M) man page.

Example 8–21 Displaying Only IPv6 Network Traffic

The following example shows typical output such as you might receive from running the snoop ip6 command on a node.

# snoop ip6
fe80::a00:20ff:fecd:4374 -> ff02::1:ffe9:2d27 ICMPv6 Neighbor solicitation
fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 ICMPv6 Neighbor 
      solicitation
fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 ICMPv6 Neighbor 
      solicitation
fe80::a00:20ff:febb:e09 -> ff02::9      RIPng R (11 destinations)
fe80::a00:20ff:fee9:2d27 -> ff02::1:ffcd:4375 ICMPv6 Neighbor solicitation

Administering Default Address Selection

Oracle Solaris enables a single interface to have multiple IP addresses. For example, technologies, such as network multipathing (IPMP) enable multiple network interface cards (NICs) to connect to the same IP link layer. That link can have one or more IP addresses. Additionally, interfaces on IPv6-enabled systems have a link-local IPv6 address, at least one IPv6 routing address, and an IPv4 address for at least one interface.

When the system initiates a transaction, an application makes a call to the getaddrinfo socket. getaddrinfo discovers the possible address in use on the destination system. The kernel then prioritizes this list to find the best destination to use for the packet. This process is called destination address ordering. The Oracle Solaris kernel then selects the appropriate format for the source address, given the best destination address for the packet. The process is known as address selection. For more information on destination address ordering, see the getaddrinfo(3SOCKET) man page.

Both IPv4-only and dual-stack IPv4/IPv6 systems must perform default address selection. In most circumstances, you do not need to change the default address selection mechanisms. However, you might need to change the priority of address formats to support IPMP or to prefer 6to4 address formats, for example.

How to Administer the IPv6 Address Selection Policy Table

The following procedure explains how to modify the address selection policy table. For conceptual information about IPv6 default address selection, refer to ipaddrsel Command.

Do not change the IPv6 address selection policy table, except for the reasons shown in the next task. You can cause problems on the network with a badly constructed policy table. Be sure to save a backup copy of the policy table, as is done in the next procedure.

1. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Review the current IPv6 address selection policy table.

   # ipaddrsel # Prefix Precedence Label ::1/128 50 Loopback ::/0 40 Default 2002::/16 30 6to4 ::/96 20 IPv4_Compatible ::ffff:0.0.0.0/96 10 IPv4

3. Make a backup copy of the default address policy table.

   # cp /etc/inet/ipaddrsel.conf /etc/inet/ipaddrsel.conf.orig

4. Use a text editor to add your customizations to /etc/inet/ipaddrsel.conf.

   Use the following syntax for entries in /etc/inet/ipaddrsel:

   prefix/prefix-length precedence label [# comment ]

   Here are some common modifications that you might want to make to your policy table:

   • Give the highest priority to 6to4 addresses.

     2002::/16 50 6to4 ::1/128 45 Loopback

     The 6to4 address format now has the highest priority, 50. Loopback, which previously had a 50 precedence, now has a 45 precedence. The other addressing formats remain the same.

   • Designate a specific source address to be used in communications with a specific destination address.

     ::1/128 50 Loopback 2001:1111:1111::1/128 40 ClientNet 2001:2222:2222::/48 40 ClientNet ::/0 40 Default

     This particular entry is useful for hosts with only one physical interface. Here 2001:1111:1111::1/128 is preferred as the source address on all packets that are bound for destinations within network 2001:2222:2222::/48. The 40 priority gives higher precedence to the source address 2001:1111:1111::1/128 than to other address formats configured for the interface.

   • Favor IPv4 addresses over IPv6 addresses.

     ::ffff:0.0.0.0/96 60 IPv4 ::1/128 50 Loopback . .

     The IPv4 format ::ffff:0.0.0.0/96 has its precedence changed from the default 10 to 60, the highest priority in the table.

5. Load the modified policy table into the kernel.

   ipaddrsel -f /etc/inet/ipaddrsel.conf

6. If the modified policy table has problems, restore the default IPv6 address selection policy table.

   # ipaddrsel -d

How to Modify the IPv6 Address Selection Table for the Current Session Only

When you edit the /etc/inet/ipaddrsel.conf, file, any modifications that you make persist across reboots. If you want the modified policy table to exist only in the current session, follow this procedure.

1. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Copy the contents of /etc/inet/ipaddrsel into filename, where filename represents a name of your choice.

   # cp /etc/inet/ipaddrsel filename

3. Edit the policy table in filename to your specifications.

4. Load the modified policy table into the kernel.

   # ipaddrsel -f filename

   The kernel uses the new policy table until you reboot the system.