Networking Enhancements

The Solaris 9 release includes the following networking enhancements.

Sun ONE Directory Server

---

Note –

The Sun ONE Directory Server 5.1 is available within the Solaris 9 operating system. The Sun ONE Directory Server 5.2 is available as a component product in the Java Enterprise System. For further information about the Java Enterprise System, see Sun Java Enterprise System Joins Solaris.

---

The Solaris 9 release provides an integrated version of the Sun ONE Directory Server (formerly iPlanet Directory Server). This server is a Lightweight Directory Access Protocol (LDAP) directory server. The Sun ONE Directory Server is a powerful, distributed directory server that is designed to manage an enterprise-wide directory of users and resources. This scalable directory service can be used for intranet applications, extranets with trading partners, and e-commerce applications to reach customers over the Internet.

The Directory Server is managed through the Sun ONE Console, the graphical user interface that is provided with the Sun ONE Directory Server. Administrators use the Console to grant access rights, manage databases, configure the directory, and replicate the data to multiple directory servers. Users access the data through any LDAP-enabled client application, such as applications that were developed with the Sun ONE Software Developers Kits (SDKs) for C and the Java programming language.

Configuration for setup of the Sun ONE Directory Server has been simplified by using idsconfig. Server and client configuration information is available in the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

See also the iPlanet Directory Server 5.1 Collection (Solaris Edition) at http://docs.sun.com. This collection includes the following books:

• iPlanet Directory Server 5.1 Deployment Guide

• iPlanet Directory Server 5.1 Administrator's Guide

• iPlanet Directory Server 5.1 Configuration, Command, and File Reference

• iPlanet Directory Server 5.1 Schema Reference

For licensing terms about the Sun ONE Directory Server 5.1, refer to the binary code license.

---

Note –

The following name changes have been made for features in the Sun Open Net Environment (Sun ONE):

• Sun ONE Console (formerly iPlanet Console)

• Sun ONE Directory Server Application Integration SDK (formerly iPlanet Directory Server Application Integration SDK)

---

Naming Service Support for Lightweight Directory Access Protocol (LDAP)

Naming service support has been enhanced in the Solaris 9 release. Changes include the following:

• Simplified configuration for setup of the Sun ONE Directory Server 5.1 (formerly iPlanet Directory Server 5.1) by using idsconfig.

• A more robust security model – Supports strong authentication and TLS-encrypted sessions. A client's proxy credentials are no longer stored in a client's profile on the directory server.

• ldapaddent command – Enables you to populate and dump data onto the server.

• Service search descriptors and attribute mapping.

• New profile schemas.

For information on security features in the Solaris 9 release, including the Secure LDAP Client, see Security Enhancements. For further information, see the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

NIS+-to-LDAP Migration Tools

The Solaris 9 release announces end-of-software support for NIS+ and the move to the LDAP-based naming environment. This release includes migration tools to use for migrating from NIS+ to LDAP. For more information on the NIS+ announcement, refer to the following Web site:

http://www.sun.com/directory/nisplus/transition.html

A detailed discussion of how to migrate from the NIS+ naming service to LDAP is included in the System Administration Guide: Naming and Directory Services (FNS and NIS+).

---

Note –

In the Solaris 9 9/02 Update release, this “Transitioning From NIS+ to LDAP” appendix moved to the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

---

IP Security Architecture for IPv6

The IPsec security framework has been enhanced in the Solaris 9 release to enable secure IPv6 datagrams between machines. For the Solaris 9 release, only the use of manual keys is supported when using IPsec for IPv6.

---

Note –

The IPsec security framework for IPv4 was introduced in the Solaris 8 release. The Internet Key Exchange (IKE) Protocol is available for IPv4.

---

For further information, see Chapter 19, IPsec (Overview), in System Administration Guide: IP Services.

Enhanced inetd Command

The inetd networking command has been enhanced to support the monitoring and filtering of incoming requests for network services. The server can be configured to log the client host name of incoming requests and thus enhance network security. The inetd command uses the same mechanism that is used by the Tcp-wrappers 7.6 utility. For information about Tcp-wrappers 7.6, see Freeware Enhancements.

For further information, see the inetd(1M), hosts_access(4), and hosts_options(4) man pages.

Solaris FTP Client

The Solaris FTP client has been enhanced to include support for the following:

• Using passive mode to connect to a remote host from behind a firewall

• Restarting a failed transfer from the beginning of the transfer or from a certain offset

• Setting the TCP window size to enhance the performance of file transfers

• Detecting that the remote system is another UNIX system and setting the default transfer mode appropriately for optimized performance

For information on the ftp command, see the ftp(1) man page.

Trivial File Transfer Protocols (TFTP) Enhancements

The Solaris TFTP client and server have been enhanced to support TFTP option extensions, negotiations of the blocksize, time-out interval, and transfer size.

For further information, see the tftp(1) and in.tftpd(1M) man pages. See also the RFCs 2347, 2348, and 2349.

Support for IPv6 Over ATM

Support for using IPv6 over asynchronous transfer mode (ATM) networks as specified by RFC 2492 has been introduced in the Solaris 9 release.

For further information, see the System Administration Guide: IP Services.

Enhanced snoop Packet Capture

The snoop packet capture and display tool has been enhanced to decode and filter both AppleTalk and SCTP packets.

See the snoop(1M) man page for further information on this command.

Solaris PPP 4.0

Solaris PPP 4.0 enables a system in one location to communicate over telephone lines or leased communications media with a system at a remote location. This implementation of the Point-to-Point Protocol (PPP) is based on the widely used Australian National University (ANU) PPP. Solaris PPP 4.0 is entirely new for the Solaris operating environment. PPP 4.0 is easily configured through a set of files. PPP 4.0 supports synchronous communications and asynchronous communications. PPP 4.0 provides Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP) authentication. Because Solaris PPP 4.0 is highly configurable, customers can easily tailor PPP to fit their remote communications needs. Also provided is the asppp2pppd conversion script for migrating from the earlier Solaris PPP (asppp) to Solaris PPP 4.0.

PPP 4.0 now includes the PPPoE feature, which enables the use of tunneling with PPP. Support for PPPoE was introduced in the Solaris 8 10/01 release.

For further information, see the PPP section in the System Administration Guide: Resource Management and Network Services and the pppd(1M) man page.

For information on licensing terms, refer to the incorporated material at the following locations:

/var/sadm/pkg/SUNWpppd/install/copyright

/var/sadm/pkg/SUNWpppdu/install/copyright

/var/sadm/pkg/SUNWpppg/install/copyright

Sun Internet FTP Server

Sun Internet FTP Server^TM is fully compatible with the Solaris 8 FTP software. The FTP Server offers new capabilities and new performance improvements for Solaris 9 users.

The Solaris 9 FTP Server is based on WU-ftpd. Originally developed by Washington University, WU-ftpd is widely used for the distribution of bulk data over the Internet. WU-ftpd is the preferred standard for large FTP sites.

Extensions to the Sun RPC Library

The RPC library extensions project extends the Sun ONC+^TM RPC library with an asynchronous protocol. Programming interfaces have been added to the Transport Independent Remote Procedure Calls to provide one-way asynchronous messaging and nonblocking I/O.

For further information on ONC+ development, see the ONC+ Developer’s Guide.

Enhancements to sendmail

The following new features are available in sendmail version 8.12, which is included in the Solaris 9 operating environment:

• A new configuration file, submit.cf

• New command-line options

• New and revised configuration file options

• New defined macros

• New macros that are used to build the configuration file

• New and revised m4 configuration macros

• New compile flags

• New delivery agent flags

• New queue features

• New uses for LDAP

• A method for identifying IPv6 addresses in configuration

• Changes to mail.local(1M)

• Changes to mailstats(1)

• Changes to makemap(1M)

• A new maintenance utility, editmap(1M)

The following details might be of particular interest:

• Per RFC 2476, sendmail now listens for submissions on port 587, a feature that was added but not mentioned, in version 8.10.

• Because the AutoRebuildAliases option is no longer available, newaliases must be run manually now in order for changes to /etc/mail/aliases to become effective. Also, because sendmail is no longer setuid root, only root can run newaliases.

For further information, see the Chapter 25, Mail Services (Tasks), in System Administration Guide: Resource Management and Network Services. The chapters on mail services provide overview information and procedures for setting up and modifying your mail service. Also provided are procedures for troubleshooting, some background information, and details about the new features.

---

Note –

Version 8.10 of sendmail was first made available in the Solaris 8 4/01 operating environment. Version 8.12 of sendmail is available in the Solaris 9 operating environment.

---

Solaris Network Cache and Accelerator (NCA)

The Solaris Network Cache and Accelerator (NCA) has been improved with the addition of a sockets interface to NCA. With minimal modifications, any web server can communicate through the sockets interface. Web servers such as Apache, Sun ONE Web Server (formerly iPlanet Web Server), and Zeus are able to make use of NCA performance by using standard socket library functions. Also, NCA now supports vectored sendfile, which provides support for AF_NCA. Finally, the ncab2clf command has been enhanced. New options enable you to skip records before a selected date and to process a particular number of records when converting log files.

For more information about NCA, see Chapter 2, Managing Web Cache Servers, in System Administration Guide: Resource Management and Network Services.

IP Network Multipathing

IP network multipathing provides your system with recovery from single-point failures with network adapters and increased traffic throughput. As of the Solaris 8 10/00 release, the system switches all the network accesses automatically from a failed adapter to an alternate adapter. The alternate adapter must be connected to the same IP link. This process ensures uninterrupted access to the network. When you have multiple network adapters connected to the same IP link, you achieve increased traffic throughput by spreading the traffic across multiple network adapters.

In the Solaris 8 4/01 release, dynamic reconfiguration (DR) uses IP network multipathing to decommission a specific network device. This process has no impact on existing IP users.

The Solaris 8 7/01 release introduced the new IP network multipathing Reboot Safe feature, which saves the IP address in the following conditions. A failed NIC is removed from the system by using dynamic reconfiguration. A reboot occurs prior to reinsertion of a functioning NIC. In these circumstances, the system attempts, but fails, to plumb an interface for the missing NIC. Rather than lose the IP address, the IP network multipathing Reboot Safe feature transfers the IP address to another NIC in the IP network multipathing interface group.

For more information, see Chapter 26, IP Network Multipathing Topics, in System Administration Guide: IP Services.

SPARC: IP Network Multipathing DLPI Link-Up and Link-Down Notification Support

Link-down notifications enable the IP multipathing daemon to detect physical link failures faster. When a network interface is started, the IP multipathing daemon attempts to enable link-up and link-down notifications from the network interface driver. A link-down notification is generated when the interface detects the loss of the physical link to the network. A link-up notification is generated when the physical link is restored. The driver must support this feature in order for the notification procedure to work. The RUNNING flag is unset when a link-down notification is received, and set when a link-up notification is received. The IP multipathing daemon uses the RUNNING flag to monitor the physical link state.

For more information, see the IP network multipathing chapters in the System Administration Guide: IP Services.

Mobile Internet Protocol

Mobile Internet Protocol (Mobile IP) enables the transfer of information to and from mobile computers, such as laptop and wireless communications. The mobile computer can change its location to a foreign network and still access and communicate with and through the mobile computer's home network. The Solaris implementation of Mobile IP supports only IPv4.

As of the Solaris 8 4/01 release, Mobile IP enables system administrators to set up reverse tunnels. A reverse tunnel can be set up from the mobile node's care-of address to the home agent. This reverse tunnel ensures a topologically correct source address for the IP data packet. By using reverse tunnels, system administrators can also assign private addresses to mobile nodes.

For more information on the Mobile Internet Protocol, see Chapter 22, Mobile IP Topics, in System Administration Guide: IP Services.

Mobile Internet Protocol (Mobile IP) Agent Advertisements Over Dynamic Interfaces

Dynamically created interfaces are interfaces that are configured after the mipagent daemon starts. You can now configure the foreign agent implementation to send advertisements over dynamically created interfaces. You can also enable or disable some unsolicited advertisements over the advertising interfaces.

For more information on Mobile Internet Protocol, see Chapter 22, Mobile IP Topics, in System Administration Guide: IP Services.

Berkeley Internet Name Domain

An updated version of Berkeley Internet Name Domain (BIND) has been integrated in the Solaris 9 release. The updated version is BIND version 8.2.4.

BIND functionality includes the following:

• In.named configuration options – See the named.conf(4) and the named-bootconf(1M) man pages.

• Extensions to the resolver()(3RESOLV) interface that are safe to use in multithreaded applications.

• The addition of the ndc command and the dnskeygen command – The ndc command is used to start, stop, or reconfigure in.named. The dnskeygen command is used to create transaction signatures (TSIG) and DNSSEC keys. See the dig(1M) man page for instructions on how to gather information from the DNS servers. See also the ndc(1M) and dnskeygen(1M) man pages.

For more information, see the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Networking Freeware

See Freeware Enhancements for information about GNU wget 1.6, Ncftp Client 3.0.3, and Samba 2.2.2 in the Solaris 9 release.

• Ncftp Client 3.0.3 uses the File Transfer Protocol (FTP) and is an alternative to the UNIX ftp program.

• GNU wget 1.6 retrieves files from the Web by using HTTP and FTP.

• Samba 2.2.2 is a free SMB and CIFS client and server for UNIX and other operating systems.