Disabling IP Forwarding Routing Protocols on Application Servers
By default, the Solaris operating environment will configure systems using more than one network interface to be an IP forwarding router. Application servers are typically multihomed, which mean that they contain more than one network interface but do not run IP routing protocols or forward IP packets. If you do not disable the IP forwarding and routing protocols on multihomed application servers, the servers may experience poor performance.
NFS servers and database servers are a couple of examples of multihomed application servers. The purpose of these application servers is to provide a presence on multiple networks. These networks usually contain dedicated routing devices (routers, layer-3 switches, or dedicated Sun systems) in the network infrastructure that provide the IP forwarding routing services.
To maximize the performance of your multihomed desktop or application server, we recommend disabling the IP forwarding and routing protocols. One method of disabling IP forwarding is to create an /etc/notrouter file and then reboot your system.
-
# /usr/bin/touch /etc/notrouter
-
Shut down and reboot the system.
-
After rebooting your system, verify that IP forwarding has been disabled in the kernel.
# /usr/sbin/ndd /dev/ip ip_forwarding
If you receive a 0 result, your system will never forward IP packets. If you receive non-zero result, your system may still forward IP packets.
If you received non-zero result, your system may contain an /etc/defaultrouter file. The existence of this file may prevent the /etc/init.d/inetinit boot script from detecting the /etc/notrouter file. You may want to remove the /etc/defaultrouter file or, alternatively, force the ndd parameter, ip_forwarding, to equal 0.
For more information, refer to the TCP/IP and Data Communications Administration Guide shipped with the Solaris documentation.
- © 2010, Oracle Corporation and/or its affiliates