The following networking bugs apply to the Solaris 10 release.
After rebooting the XSCF service processor on OPL systems, IPsec communications are lost. The following error message is seen on XSCF service processor:
XSCF> showdevices -d 0 Can't get device information from DomainID 0. |
The following message is seen in the /var/adm/messages file on the domain:
Apr 7 11:19:20 domain-0 sckmd: [ID 205163 daemon.error] PF_KEY error: type=ADD, errno=17: File exists, diagnostic code=0: No diagnostic |
This problem occurs because the existing Security Associations (SAs) on the domain are not deleted properly, and so the addition of the new SAs fail.
Workaround 1: Reboot the XSCF service processor twice. Half the SAs are deleted the first time and the remaining half are deleted the second time. The second addition succeeds and IPsec communication is reestablished.
Workaround 2: Delete the IPsec SAs twice on each domain before rebooting the service processor.
If you do not use IPsec for anything else on the system, the ipseckey flush will display all the SAs. If you use IPsec for other things, perform the following steps to display all SAs:
Get the IP addresses:
# /usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp Domain Address: 192.168.224.2 SP Address: 192.168.224.1 |
Delete the SPIs twice using the ipseckey and prtdscp utilities:
# ipseckey delete ah spi 0xff00 dst `/usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp -s` # ipseckey delete ah spi 0xff00 dst `/usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp -s` # ipseckey delete ah spi 0xff dst `/usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp -d` # ipseckey delete ah spi 0xff dst `/usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp -d` |
When the service processor reboots, the keys are added correctly.
The Broadcom NetXtreme II 5709 (BCM5709) chipset is not supported in the Solaris 10 5/09 release.
Workaround: Download the bnx driver from the http://www.broadcom.com/support/ethernet_nic/downloaddrivers.php web site.
Existing chipsets might experience performance regression issues when the downloaded driver is installed.
Connection errors might occur between an NFS server and client that are using Remote Direct Memory Access (RDMA). Because of these errors, the buffer pool resources are exhausted and the system panics. The following error message is displayed:
rpcib: WARNING: rib_rbuf_alloc: No free buffers! |
Workaround: Choose one of the following workarounds:
Configure the NFS server to enable TCP. In the /etc/default/nfs file, change (NFSD_PROTOCOL=tcp).
Mount the NFS file system from the client side with the proto=tcp mount option.
For more information, see the mount_nfs(1M) and nfs(4) man pages.
If an iSCSI target or an array returns more than one IP address as part of its send target response, the initiator takes into account only the last address in the list and not the first one, as it used to prior to this release. As a result, if the last IP address is bad or invalid, the connection to this target fails.
Workaround: Return the different target portal group tags (TPGT) for each entry in its send target response. The initiator tries to establish a connection to all the IP addresses so that the connection succeeds.
The system Domain of Interpretation (DOI) is not configurable. When the Solaris Management Console is used to create a new trusted network template, the Solaris Management Console sets the DOI to 0 and Solaris Trusted Extensions does not function correctly. Various error messages are displayed.
Workaround: Set the DOI to 1 using the Solaris Management Console.
In this Solaris release, IP forwarding is disabled by default. This setting applies to both IPv4 and IPv6 regardless of other system configurations. Systems with multiple IP interfaces that formerly forwarded IP packets by default no longer have this automatic feature. To enable IP forwarding in multihomed systems, administrators must manually perform additional configuration steps.
Workaround: The command routeadm enables IP forwarding. The configuration changes that are the result of routeadm usage persist across system reboots.
To enable IPv4 forwarding, type routeadm -e ipv4-forwarding .
To enable IPv6 forwarding, type routeadm -e ipv6-forwarding .
To apply the enabled IP-forwarding configuration to the currently running system, type routeadm -u.
For more information about IP forwarding, see the routeadm(1M) man page.
A zone can be configured so that the zone's IP address becomes part of an IP Network Multipathing (IPMP) group. The configuration process is documented in How to Extend IP Network Multipathing Functionality to Shared-IP Non-Global Zones in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
If all the network interfaces in the IPMP group fail, a zone does not boot if it has an IP address that is part of the IPMP group.
The following example illustrates the result if you attempt to boot the zone.
# zoneadm -z my-zone boot zoneadm: zone 'my-zone': bge0:1: could not set default interface for multicast: Invalid argument zoneadm: zone 'my-zone': call to zoneadmd failed |
Workaround: Repair at least one network interface in the group.