Networking Enhancements

The following networking features and enhancements have been added to the Solaris 10 8/07 release.

IPsec Tunnel Reform

Solaris now implements IPsec Tunnel Mode per RFC 2401. Inner-packet selectors can be specified on a per-tunnel-interface basis using the new “tunnel” keyword of ipsecconf(1M). IKE and PF_KEY handle Tunnel Mode identities for Phase 2/Quick Mode. Interoperability with other IPsec implementations is greatly increased.

For more information, see Transport and Tunnel Modes in IPsec in System Administration Guide: IP Services.

Packet Filter Hooks

The packet filter hooks feature includes the following significant functionalities:

• Improved performance in comparison with the STREAMS module approach

• Capability to intercept packets between zones

The packet filter hooks feature is part of a new API that is internal to the kernel. Developers can use the API to work with IP inside the kernel or to intercept packets.

SMF Enhancements to Routing Management

Starting with this release, routeadm(1M) is enhanced to manage SMF-based routing daemon services. Also, service conversions for the following commands are provided:

• in.routed(1M)

• in.ripngd(1M)

• in.rdisc(1M)

• in.ndpd(1M)

As a result, these services can be managed through standard SMF commands such as svcadm and svccfg, and utilize the restart capabilities that SMF provides.

Quagga Software Routing Suite

Quagga Software Routing Suite delivers a set of IETF routing protocols for Solaris, including OSPF and BGP, allowing for high-availability deployment of Solaris through dynamic routing, manageable through SMF 'routeadm'.

Quagga is a community fork of the GNU Zebra software previously included in Solaris, providing many updates and some new features. For more information, see /etc/quagga/README.Solaris.

DHCPv6 Client

Starting with this release, the Solaris OS supports Dynamic Host Configuration Protocol for IPv6 (DHCPv6), as described in RFC 3315. DHCPv6 enables Solaris to acquire IPv6 addresses automatically from the local DHCP servers without manual configuration.

For more information, see the following man pages:

• dhcpagent(1M)

• in.ndpd(1M)

• ifconfig(1M)

• ndpd.conf(4)

• dhcpinfo(1)

Single Hosts File

Starting with this release, the Solaris OS does not have two separate hosts files. /etc/inet/hosts is the single hosts file that contains both IPv4 and IPv6 entries. Solaris system administrators do not need to maintain IPv4 entries in two hosts files that are always synchronized. For backward compatibility, the /etc/inet/ipnodes file is replaced with a symbolic link of the same name to /etc/inet/hosts.

For more information, see the hosts(4) and the ipnodes(4) man pages.

Large Send Offload

Large Send Offload (LSO) is a hardware off-loading technology. LSO off-loads TCP Segmentation to NIC hardware to improve the network performance by reducing the workload on the CPUs. LSO is helpful for 10Gb network adoption on systems with slow CPU threads or lack of CPU resource. This feature integrates basic LSO framework in Solaris TCP/IP stack, so that any LSO-capable NIC might be enabled with LSO capability.

x86: nge Driver Updated to Support Jumbo Framework

Starting with this release, the nge driver has been updated to enable Jumbo Frame support. The nge driver's default MTU has been raised to 9 Kbytes, that improves system performance and lowers CPU utilization significantly.

For more information, see the nge(7D) man page.

NFSv4 Domain Name Configurable During Installation

For information about this feature, see NFSv4 Domain Name Configurable During Installation.