Solaris 10 5/09 Release Notes

Networking Issues

The following networking bugs apply to the Solaris 10 release.

DR and showdevices Do Not Work After XSCF Reboot (6821108)

After rebooting the XSCF service processor on OPL systems, IPsec communications are lost. The following error message is seen on XSCF service processor:

XSCF> showdevices -d 0

Can't get device information from DomainID 0.

The following message is seen in the /var/adm/messages file on the domain:

Apr  7 11:19:20 domain-0 sckmd: [ID 205163 daemon.error] 
PF_KEY error: type=ADD, errno=17: File exists, diagnostic code=0: No diagnostic

This problem occurs because the existing Security Associations (SAs) on the domain are not deleted properly, and so the addition of the new SAs fail.

Workaround 1: Reboot the XSCF service processor twice. Half the SAs are deleted the first time and the remaining half are deleted the second time. The second addition succeeds and IPsec communication is reestablished.

Workaround 2: Delete the IPsec SAs twice on each domain before rebooting the service processor.

If you do not use IPsec for anything else on the system, the ipseckey flush will display all the SAs. If you use IPsec for other things, perform the following steps to display all SAs:

  1. Get the IP addresses:

    # /usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp
    Domain Address:
    SP Address:
  2. Delete the SPIs twice using the ipseckey and prtdscp utilities:

    # ipseckey delete ah spi 0xff00 dst 
    `/usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp -s`
    #  ipseckey delete ah spi 0xff00 dst 
    `/usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp -s`
    # ipseckey delete ah spi 0xff dst 
    `/usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp -d`
    # ipseckey delete ah spi 0xff dst 
    `/usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp -d`

    When the service processor reboots, the keys are added correctly.

x86: bnx Driver Does Not Support Broadcom NetXtreme II 5709 Chipset (6637053)

The Broadcom NetXtreme II 5709 (BCM5709) chipset is not supported in the Solaris 10 5/09 release.

Workaround: Download the bnx driver from the web site.

Note –

Existing chipsets might experience performance regression issues when the downloaded driver is installed.

SPARC: NFS/RDMA Connection Errors (6229077)

Connection errors might occur between an NFS server and client that are using Remote Direct Memory Access (RDMA). Because of these errors, the buffer pool resources are exhausted and the system panics. The following error message is displayed:

rpcib: WARNING: rib_rbuf_alloc: No free buffers!

Workaround: Choose one of the following workarounds:

For more information, see the mount_nfs(1M) and nfs(4) man pages.

Login Fails on iSCSI Target With Two Portals and One Bad Portal (6476060)

If an iSCSI target or an array returns more than one IP address as part of its send target response, the initiator takes into account only the last address in the list and not the first one, as it used to prior to this release. As a result, if the last IP address is bad or invalid, the connection to this target fails.

Workaround: Return the different target portal group tags (TPGT) for each entry in its send target response. The initiator tries to establish a connection to all the IP addresses so that the connection succeeds.

System Domain of Interpretation Is Not Configurable (6314248)

The system Domain of Interpretation (DOI) is not configurable. When the Solaris Management Console is used to create a new trusted network template, the Solaris Management Console sets the DOI to 0 and Solaris Trusted Extensions does not function correctly. Various error messages are displayed.

Workaround: Set the DOI to 1 using the Solaris Management Console.

IP Forwarding Disabled by Default in Solaris 10 OS

In this Solaris release, IP forwarding is disabled by default. This setting applies to both IPv4 and IPv6 regardless of other system configurations. Systems with multiple IP interfaces that formerly forwarded IP packets by default no longer have this automatic feature. To enable IP forwarding in multihomed systems, administrators must manually perform additional configuration steps.

Workaround: The command routeadm enables IP forwarding. The configuration changes that are the result of routeadm usage persist across system reboots.

For more information about IP forwarding, see the routeadm(1M) man page.

Zone Not Booting When IP Address Belongs to a Failed IP Network Multipathing Group (6184000)

A zone can be configured so that the zone's IP address becomes part of an IP Network Multipathing (IPMP) group. The configuration process is documented in How to Extend IP Network Multipathing Functionality to Shared-IP Non-Global Zones in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

If all the network interfaces in the IPMP group fail, a zone does not boot if it has an IP address that is part of the IPMP group.

The following example illustrates the result if you attempt to boot the zone.

# zoneadm -z my-zone boot 
zoneadm: zone 'my-zone': bge0:1: 
could not set default interface for multicast: Invalid argument 
zoneadm: zone 'my-zone': call to zoneadmd failed

Workaround: Repair at least one network interface in the group.