Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: IP Services Oracle Solaris 10 1/13 Information Library |
Part I Introducing System Administration: IP Services
1. Oracle Solaris TCP/IP Protocol Suite (Overview)
2. Planning Your TCP/IP Network (Tasks)
3. Introducing IPv6 (Overview)
4. Planning an IPv6 Network (Tasks)
5. Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)
6. Administering Network Interfaces (Tasks)
What's New in Administering Network Interfaces
Interface Administration (Task Map)
Basics for Administering Physical Interfaces
Oracle Solaris Interface Types
Administering Individual Network Interfaces
How to Obtain Interface Status
How to Configure a Physical Interface After System Installation
How to Remove a Physical Interface
SPARC: How to Ensure That the MAC Address of an Interface Is Unique
Administering Virtual Local Area Networks
VLAN Tags and Physical Points of Attachment
Planning for VLANs on a Network
How to Plan a VLAN Configuration
Back-to-Back Link Aggregations
Requirements for Link Aggregations
How to Create a Link Aggregation
7. Configuring an IPv6 Network (Tasks)
8. Administering a TCP/IP Network (Tasks)
9. Troubleshooting Network Problems (Tasks)
10. TCP/IP and IPv4 in Depth (Reference)
13. Planning for DHCP Service (Tasks)
14. Configuring the DHCP Service (Tasks)
15. Administering DHCP (Tasks)
16. Configuring and Administering the DHCP Client
17. Troubleshooting DHCP (Reference)
18. DHCP Commands and Files (Reference)
19. IP Security Architecture (Overview)
21. IP Security Architecture (Reference)
22. Internet Key Exchange (Overview)
24. Internet Key Exchange (Reference)
25. IP Filter in Oracle Solaris (Overview)
27. Introducing IPMP (Overview)
28. Administering IPMP (Tasks)
Part VI IP Quality of Service (IPQoS)
29. Introducing IPQoS (Overview)
30. Planning for an IPQoS-Enabled Network (Tasks)
31. Creating the IPQoS Configuration File (Tasks)
32. Starting and Maintaining IPQoS (Tasks)
33. Using Flow Accounting and Statistics Gathering (Tasks)
Note - The original Solaris 10 release and earlier versions of the Solaris OS do not support Link Aggregations. To create link aggregations for these earlier Solaris releases, use Sun Trunking, as described in the Sun Trunking 1.3 Installation and Users Guide.
Oracle Solaris supports the organization of network interfaces into link aggregations. A link aggregation consists of several interfaces on a system that are configured together as a single, logical unit. Link aggregation, also referred to as trunking, is defined in the IEEE 802.3ad Link Aggregation Standard.
The IEEE 802.3ad Link Aggregation Standard provides a method to combine the capacity of multiple full-duplex Ethernet links into a single logical link. This link aggregation group is then treated as though it were, in fact, a single link.
The following are features of link aggregations:
Increased bandwidth – The capacity of multiple links is combined into one logical link.
Automatic failover/failback – Traffic from a failed link is failed over to working links in the aggregation.
Load balancing – Both inbound and outbound traffic is distributed according to user selected load-balancing policies, such as source and destination MAC or IP addresses.
Support for redundancy – Two systems can be configured with parallel aggregations.
Improved administration – All interfaces are administered as a single unit.
Less drain on the network address pool – The entire aggregation can be assigned one IP address.
The basic link aggregation topology involves a single aggregation that contains a set of physical interfaces. You might use the basic link aggregation in the following situations:
For systems that run an application with distributed heavy traffic, you can dedicate an aggregation to that application's traffic.
For sites with limited IP address space that nevertheless require large amounts of bandwidth, you need only one IP address for a large aggregation of interfaces.
For sites that need to hide the existence of internal interfaces, the IP address of the aggregation hides its interfaces from external applications.
Figure 6-3 shows an aggregation for a server that hosts a popular web site. The site requires increased bandwidth for query traffic between Internet customers and the site's database server. For security purposes, the existence of the individual interfaces on the server must be hidden from external applications. The solution is the aggregation aggr1 with the IP address 192.168.50.32. This aggregation consists of three interfaces,bge0 through bge2. These interfaces are dedicated to sending out traffic in response to customer queries. The outgoing address on packet traffic from all the interfaces is the IP address of aggr1, 192.168.50.32.
Figure 6-3 Basic Link Aggregation Topology
Figure 6-4 depicts a local network with two systems, and each system has an aggregation configured. The two systems are connected by a switch. If you need to run an aggregation through a switch, that switch must support aggregation technology. This type of configuration is particularly useful for high availability and redundant systems.
In the figure, System A has an aggregation that consists of two interfaces, bge0 and bge1. These interfaces are connected to the switch through aggregated ports. System B has an aggregation of four interfaces, e1000g0 through e1000g3. These interfaces are also connected to aggregated ports on the switch.
Figure 6-4 Link Aggregation Topology With a Switch
The back-to-back link aggregation topology involves two separate systems that are cabled directly to each other, as shown in the following figure. The systems run parallel aggregations.
Figure 6-5 Basic Back-to-Back Aggregation Topology
In this figure, device bge0 on System A is directly linked to bge0 on System B, and so on. In this way, Systems A and B can support redundancy and high availability, as well as high-speed communications between both systems. Each system also has interface ce0 configured for traffic flow within the local network.
The most common application for back-to-back link aggregations is mirrored database servers. Both servers need to be updated together and therefore require significant bandwidth, high-speed traffic flow, and reliability. The most common use of back-to-back link aggregations is in data centers.
If you plan to use a link aggregation, consider defining a policy for outgoing traffic. This policy can specify how you want packets to be distributed across the available links of an aggregation, thus establishing load balancing. The following are the possible layer specifiers and their significance for the aggregation policy:
L2 – Determines the outgoing link by hashing the MAC (L2) header of each packet
L3 – Determines the outgoing link by hashing the IP (L3) header of each packet
L4 – Determines the outgoing link by hashing the TCP, UDP, or other ULP (L4) header of each packet
Any combination of these policies is also valid. The default policy is L4. For more information, refer to the dladm(1M) man page.
If your aggregation topology involves connection through a switch, you must note whether the switch supports the link aggregation control protocol (LACP). If the switch supports LACP, you must configure LACP for the switch and the aggregation. However, you can define one of the following modes in which LACP is to operate:
Off mode – The default mode for aggregations. LACP packets, which are called LACPDUs are not generated.
Active mode – The system generates LACPDUs at regular intervals, which you can specify.
Passive mode – The system generates an LACPDU only when it receives an LACPDU from the switch. When both the aggregation and the switch are configured in passive mode, they cannot exchange LACPDUs.
See the dladm(1M) man page and the switch manufacturer's documentation for syntax information.
Your link aggregation configuration is bound by the following requirements:
You must use the dladm command to configure aggregations.
An interface that has been plumbed cannot become a member of an aggregation.
All interfaces in the aggregation must run at the same speed and in full-duplex mode.
You must set the value for MAC addresses to “true” in the EEPROM parameter local-mac-address? For instructions, refer to SPARC: How to Ensure That the MAC Address of an Interface Is Unique.
Before You Begin
Note - Link aggregation only works on full-duplex, point-to-point links that operate at identical speeds. Make sure that the interfaces in your aggregation conform to this requirement.
If you are using a switch in your aggregation topology, make sure that you have done the following on the switch:
Configured the ports to be used as an aggregation
If the switch supports LACP, configured LACP in either active mode or passive mode
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in Oracle Solaris Administration: Basic Administration.
# dladm show-link
# ifconfig -a
# dladm create-aggr -d interface -d interface [...]key
Represents the device name of the interface to become part of the aggregation.
Is the number that identifies the aggregation. The lowest key number is 1. Zeroes are not allowed as keys.
For example:
# dladm create-aggr -d bge0 -d bge1 1
# ifconfig aggrkey plumb IP-address up
For example:
# ifconfig aggr1 plumb 192.168.84.14 up
# dladm show-aggr
You receive the following output:
key: 1 (0x0001) policy: L4 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:b5:a7 1000 Mbps full up attached bge1 0:3:ba:8:22:3b 0 Mbps unknown down standby
The output shows that an aggregation with the key of 1 and a policy of L4 was created.
For example, you would create the following file for the aggregation that is created in this procedure:
# vi /etc/hostname.aggr1 192.168.84.14
# reboot -- -r
# ifconfig -a . . aggr1: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.84.14 netmask ff000000 broadcast 192.255.255.
Example 6-4 Creating a Link Aggregation
This example shows the commands that are used to create a link aggregation with two devices, bge0 and bge1, and the resulting output.
# dladm show-link ce0 type: legacy mtu: 1500 device: ce0 ce1 type: legacy mtu: 1500 device: ce1 bge0 type: non-vlan mtu: 1500 device: bge0 bge1 type: non-vlan mtu: 1500 device: bge1 bge2 type: non-vlan mtu: 1500 device: bge2 # ifconfig -a lo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e # dladm create-aggr -d bge0 -d bge1 1 # ifconfig aggr1 plumb 192.168.84.14 up # dladm show-aggr key: 1 (0x0001) policy: L4 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:b5:a7 1000 Mbps full up attached bge1 0:3:ba:8:22:3b 0 Mbps unknown down standby # ifconfig -a lo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e aggr1: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.84.14 netmask ff000000 broadcast 192.255.255.255 ether 0:3:ba:7:84:5e
Note that the two interfaces that were used for the aggregation were not previously plumbed by ifconfig.
This procedure shows how to make the following changes to an aggregation definition:
Modifying the policy for the aggregation
Changing the mode for the aggregation
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in Oracle Solaris Administration: Basic Administration.
# dladm modify-aggr -Ppolicy key
Represents one or more of the policies L2, L3, and L4, as explained in Policies and Load Balancing.
Is a number that identifies the aggregation. The lowest key number is 1. Zeroes are not allowed as keys.
If the switch runs LACP in passive mode, be sure to configure active mode for your aggregation.
# dladm modify-aggr -l LACP mode -t timer-value key
Indicates the LACP mode in which the aggregation is to run. The values are active, passive, and off.
Indicates the LACP timer value, either short or long.
Is a number that identifies the aggregation. The lowest key number is 1. Zeroes are not allowed as keys.
Example 6-5 Modifying a Link Aggregation
This example shows how to modify the policy of aggregation aggr1 to L2 and then turn on active LACP mode.
# dladm modify-aggr -P L2 1 # dladm modify-aggr -l active -t short 1 # dladm show-aggr key: 1 (0x0001) policy: L2 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:b5:a7 1000 Mbps full up attached bge1 0:3:ba:8:22:3b 0 Mbps unknown down standby
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in Oracle Solaris Administration: Basic Administration.
# dladm remove-aggr -d interface
Example 6-6 Removing Interfaces From an Aggregation
This example shows how to remove the interfaces of the aggregation aggr1.
# dladm show-aggr key: 1 (0x0001) policy: L2 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:b5:a7 1000 Mbps full up attached bge1 0:3:ba:8:22:3b 0 Mbps unknown down standby # dladm remove-aggr -d bge1 1 # dladm show-aggr key: 1 (0x0001) policy: L2 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:b5:a7 1000 Mbps full up attached
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in Oracle Solaris Administration: Basic Administration.
# dladm delete-aggr key
Is a number that identifies the aggregation. The lowest key number is 1. Zeroes are not allowed as keys.
Example 6-7 How to Delete an Aggregation
This example shows how to remove the aggregation aggr1.
# dladm show-aggr key: 1 (0x0001) policy: L2 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state # dladm delete-aggr -d 1
In the same manner as configuring VLANs over an interface, you can also create VLANs on a link aggregation. VLANs are described in Administering Virtual Local Area Networks. This section combines configuring VLANs and link aggregations.
Before You Begin
Create the link aggregation. Note the value of the aggregation's key which you will need when you create the VLANs over the aggregation. To create link aggregations, refer to How to Create a Link Aggregation.
# dladm show-aggr
# ifconfig aggrVIDkey plumb
where
The ID of the VLAN
The key of the link aggregation over which the VLAN is created. The key must be in a 3–digit format. For example, if the aggregation's key is 1, then the key number that is included in the name of the VLAN is 001.
Example 6-8 Configuring Multiple VLANs Over a Link Aggregation
In this example, two VLANs are configured on a link aggregation. The output of the dladm show-aggr command indicates that the link aggregation's key is 1. The VLANs are assigned VIDs 193 and 194, respectively.
# dladm show-aggr key: 1 (0x0001) policy: L4 address: 0:3:ba:7:84:5e (auto) device address speed duplex link state bge0 0:3:ba:7:b5:a7 1000 Mbps full up attached bge1 0:3:ba:8:22:3b 0 Mbps unknown down standby # ifconfig aggr193001 plumb # ifconfig aggr193001 192.168.10.0/24 up # ifconfig aggr194001 plumb # ifconfig aggr194001 192.168.20.0/24 up # vi /etc/hostname.aggr193001 192.168.10.0/24 # vi /etc/hostname.aggr194001 192.168.20.0/24