| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris Administration: Network Interfaces and Network Virtualization Oracle Solaris 11 Express 11/10 |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris Administration: Network Interfaces and Network Virtualization Oracle Solaris 11 Express 11/10 |
2. NWAM Configuration and Administration (Overview)
Overview of NWAM Configuration
Description of the Automatic and User NCPs
Property Values of System-Defined Locations
How NWAM Profiles Are Activated
Location Activation Selection Criteria
Using the nwamcfg Command to Configure Profiles
Using the nwamadm Command to Administer Profiles
Description of the NWAM Policy Engine Daemon (nwamd)
Description of the NWAM Repository Daemon (netcfgd)
SMF Network Services and the NWAM Process
Refresh and Restart Behavior of the NWAM Service
Authorizations and Profiles That Are Related to NWAM
Authorizations That Are Required to Use the NWAM User Interfaces
3. NWAM Profile Configuration (Tasks)
4. NWAM Profile Administration (Tasks)
5. About the NWAM Graphical User Interface
Part II Administering Single Interfaces
6. Overview of the Networking Stack
7. Datalink Configuration and Administration
8. Configuring an IP Interface
9. Configuring Wireless Interface Communications on Oracle Solaris
Part III Administering Interface Groups
11. Administering Link Aggregations
Part IV Network Virtualization and Resource Management
15. Introducing Network Virtualization and Resource Control (Overview)
16. Planning for Network Virtualization and Resource Control
17. Configuring Virtual Networks (Tasks)
18. Using Link Protection in Virtualized Environments
19. Managing Network Resources
NWAM manages network configuration by storing preferred property values in the form of profiles on the system. NWAM then determines which profile should be activated, depending on current network conditions, and subsequently activates that profile. The NWAM profiles implementation is a primary component of NWAM.
Network profiles are collections of properties that determine how the network is configured and how it operates, depending on current network conditions.
The following are the profile types and configuration objects that comprise NWAM configuration:
Network Configuration Profiles (NCPs)
Location profiles
External Network Modifiers (ENMs)
Known WLANs
The two primary network profile types are the NCP and the Location profile. To effect autoconfiguration of the network through NWAM, exactly one NCP and one Location profile must be active on the system at all times.
The NCP specifies the configuration of the local network, including the configuration of individual components, such as physical links and IP interfaces. Each NCP consists of individual configuration objects that are called Network Configuration Units (NCUs). Each NCU represents a physical link or an interface and is made up of properties that define the configuration for that link or interface. The process of configuring a user-defined NCP involves creating NCUs for that NCP. For more information, see Description of an NCU.
A Location profile contains system-wide network configuration information, such as the following:
Conditions under which the Location profile is activated
Which name service to use
Domain name
Set of IP Filter rules
IPsec policy
For more information, see Description of a Location Profile.
ENMs are NWAM profiles that are for external applications that are capable of creating and modifying network configuration. NWAM can be configured to activate and deactivate these external applications under conditions that you specify when you create the ENM.
Known WLANs are NWAM profiles that are used to maintain a list of known wireless networks to which you have connected previously. For more information, see Description of an ENM and About Known WLANs.
An NCP defines the network configuration of a system. The NCUs that make up an NCP specify how to configure the various network links and interfaces, for example, which interface or interfaces should be brought up, and under what conditions that interface should be brought up, as well as how the IP address for the interface is obtained. There are two NCP types: Automatic and user-defined. The Automatic NCP is a system-defined profile that is automatically created by NWAM. This profile cannot be created, modified or removed. User-defined NCPs are profiles that you create to meet the needs of your particular network configuration. A user-defined NCP can be modified and removed by the user.
The Automatic NCP is a representation of all of the links and interfaces that are currently in the system. The content of the Automatic NCP changes if network devices are added or removed. However, the configuration preferences that are associated with the Automatic NCP cannot be edited. The Automatic NCP is created to provide access to a profile that utilizes DHCP and address autoconfiguration that make it possible to obtain IP addresses for the system. This profile also implements a link selection policy that favors wired links over wireless links. If the specification of an alternate IP configuration policy, or an alternate link selection policy is required, you would create additional user-defined NCPs on your system.
NCUs are the individual configuration objects that make up an NCP. NCUs represent the individual physical links and interfaces that are on a system. The process of configuring a user-defined NCP includes creating NCUs that specify how and under what conditions each link and interface should be configured.
There are two types of NCUs:
Link NCUs
Link NCUs, for example, physical devices, are Layer 2 entities in the Open Systems Interconnection (OSI) model.
Interface NCUs
Interface NCUs, specifically, IP interfaces, are Layer 3 entities in the OSI model.
Link NCUs represent data links. There are several different classes of data links:
Physical links (Ethernet or WiFi)
Tunnels
Aggregations
Virtual local area networks (VLANs)
Virtual network interface cards (VNICs)
Note - The current NWAM implementation includes support for basic network configuration of physical links (Ethernet and WiFi) only. Although not actively supported by NWAM, you can configure your network by using several advanced networking technologies, such as VNICs and bridging, without the need to disable the network/physical:nwam service.
However, if you are configuring your system to use IP Multipathing (IPMP) , you must disable the network/physical:nwam network service and then enable the network/physical:default network service. For instructions, see How to Switch From Autoconfiguration Mode to Traditional Networking Mode.
The Automatic NCP is a system-defined profile that is made up of one link NCU and one interface NCU for each physical link that is present in the system. The NCU activation policy in this NCP is to prefer connected, wired links over wireless links, and to plumb both IPv4 and IPv6 on each enabled link. DHCP is used to obtain IPv4 addresses. Stateless Autoconf and DHCP is used to obtain IPv6 addresses. The Automatic NCP changes dynamically when new links are inserted or removed from the system. All NCUs that correspond to the Automatic NCP are also added or removed at the same time. The profile is updated by NWAM automatically.
User NCPs are created and managed by the user. You must explicitly create and remove NCUs from the specified profile. Note that it is possible to create NCUs that do not correlate to any link that is currently present in the system. You can also remove NCUs that do not correlate to any link that is present in the system. In addition, you can determine the policy for the User NCP. For example, you can allow multiple links and interfaces to be enabled on the system at a given time, as well as specify different dependency relationships between NCUs and static IP addresses.
The link and interface NCU properties that make up the User NCP are the same set of properties that make up the Automatic NCP. The only difference is that the User NCP consists of NCUs that contain values that you specify. Whereas, the link and interface NCU properties that make up the Automatic NCP are preset by NWAM, based on the links and interfaces that are present in the system and detected by NWAM.
For step-by-step instructions on creating a User NCP and adding and removing NCUs to this NCP, see Creating a User-Defined NCP.
A Location profile provides additional networking details after the basic IP connectivity has been established. Locations contain network configuration information that is comprised of a set of properties that relate to network configuration on a system-wide level.
A Location profile consists of certain network configuration information, for example, a name service and firewall settings, that are applied together, when required. Also, because a location does not necessarily correspond to a physical location, you can set up several Location profiles to meet different networking needs. For example, one location can be used when you are connected to the company intranet. Another location can be used when you are connected to the public Internet by using a wireless access point that is located in your office.
By default, two Location profiles are predefined by the system:
NoNet
The NoNet location has very specific activation conditions. This profile is applied by NWAM to a stand-alone system when no local interfaces have an assigned IP address. The profile is also activated as an interim location, when NWAM transitions between user-defined locations. You can modify the NoNet location after it is activated on your system for the first time. A read-only copy of the original NoNet location is stored on the system, in case you want to restore the default settings for this location.
Automatic
The Automatic location is activated if there are networks available, but no other Location profile supersedes it. You can modify the Automatic location after it has been activated on your system for the first time. A read-only copy of the original Automatic location is stored on the system, in case you want to restore the default settings for this location.
Note - The Automatic location should not be confused with the Automatic NCP. The Automatic location is a Location profile type that defines system-wide network properties after the initial network configuration of a system takes place. The Automatic NCP specifies link and interface network configuration on a system.
User-defined locations are profiles that you create with values that you specify for system-wide network configuration. User-defined locations are identical to system-defined locations, except that a user-defined location is configured with values that you set, while system-defined locations have preset values.
For more information about creating user-defined locations, see Creating a Location Profile.
ENMs are profiles that pertain to applications that are external to NWAM. These applications can create and modify network configuration. ENMs are included in the NWAM design as a means of creating and removing customized network configuration that is not an NCP or a Location profile. An ENM can also be defined as a service or application that directly modifies network configuration when it is enabled or disabled. You can configure NWAM to activate and deactivate ENMs under conditions that you specify. Unlike an NCP or a Location profile, where only one of each profile type can be active on the system at any given time, multiple ENMs can potentially be active on the system at the same time. The ENMs that are active on a system at any given time are not necessarily dependent on the NCP or Location profile that is also enabled on the system at the same time.
Although there are several external applications and services for which you can create an ENM, the obvious example is the VPN application. After you install and configure VPN on your system, you can create an ENM that automatically activates and deactivates the application under the conditions that you specify.
Note - It is important to understand that NWAM does not have the capability to automatically learn about external applications that are capable of directly modifying the network configuration on a system. To manage the activation or deactivation of a VPN application, or any external application or service, you must first install the application, then create an ENM for it by using either the CLI or the NWAM GUI.
Persistent information about any network configuration that is performed by an ENM is not stored or tracked by NWAM in exactly the same way that information about an NCP or a Location profile is stored. However, NWAM is capable of noting an externally initiated network configuration, and then based on any configuration changes that are made to the system by an ENM, reevaluate which Location profile should be active, and subsequently activates that location. An example would be switching to a location that is activated conditionally when a certain IP address is in use. If the NWAM service is restarted at any time, the network configuration that is specified by the default NCP is reinstated. ENMs are restarted as well, possibly tearing down and recreating network configuration in the process.
For information about creating and modifying the properties of an ENM, see Creating an ENM Profile.
Known WLANs are configuration objects that NWAM uses to manage wireless networks that are known to the system. NWAM maintains a global list of these known wireless networks. This information is then used to determine the order in which NWAM attempts to connect to available wireless networks. If a wireless network that exists in the Known WLAN list is available, NWAM automatically connects to that network. If two or more known wireless networks are available, NWAM attempts to connect to the wireless network with the highest priority (lowest number). Any new wireless network that NWAM connects to is automatically added to the top of the known WLAN list and becomes the current highest priority wireless network.
Known WLANs are selected in priority order, with a priority that is assigned by an unsigned integer. A lower number indicates a higher priority in the known WLAN list. The first time you connect to a wireless network, NWAM automatically adds that WLAN to the list. When a new WLAN is added, it assumes the highest priority in this list. The NWAM default behavior is to prefer more recently connected WLANs over WLANs that you connected to previously. At no time can any known WLANs share the same priority. If a new WLAN is added to the list with same priority value as an existing WLAN, the existing entry is shifted to a lower priority value. Subsequently, the priority value of every other WLAN in the list is dynamically shifted to a lower priority value.
One or more key names can also be associated with a known WLAN. Key names enable you to create your own keys by using the dladm create-secobj command. You can then associate these keys with WLANs by adding the secure object names to the known WLAN keyname property. For more information, see the dladm(1M) man page.
For more information about using the NWAM command-line utilities to manage WLANs, see Performing a Wireless Scan and Connecting to Available Wireless Networks.
|