Like datalinks, IP interfaces also have properties that you can customize for your specific network environment. For each interface, two sets of properties exist, one set for IPv4 and the another set for IPv6.
To manage IP interface properties, three ipadm subcommands are available:
show-ifprop [–p property] [interface] – Displays a property of an IP interface and its current value. Omitting the –p property option will list all the properties of the specific IP interface. If you do not specify an IP interface, then all the properties of all the IP interfaces are listed.
set-ifprop –p property=value interface – Assigns a value to the IP interface's property.
reset-ifprop –p property interface – Resets the specific property to its default values.
Some properties, including the MTU property, are common to both datalinks and IP interfaces. Thus, you can have one MTU value for a datalink and a different MTU value for the interface that is configured over that link. In addition, you can have different MTU values that apply to the IPv4 and IPv6 packets that traverse that IP interface.
When setting MTU properties for an IP interface, keep the following key points in mind:
The value of the MTU setting of an IP interface cannot be larger than the value of the MTU setting of a datalink. In such cases, the ipadm command displays an error message.
If an IP interface's MTU value is different than a datalink's MTU value, IP packets are limited to the MTU value of the IP interface. For example, if a datalink has an MTU value of 9000 bytes and an IP interface as an MTU value of 1500 bytes, IP packets are limited to 1500 bytes. However, other Layer 3 protocols that are using the underlying Layer 2 protocol can send packets up to 9000 bytes.
For instructions on customizing datalink properties, including information about how the MTU setting of a datalink impacts the MTU setting of an IP interface, see Customizing Datalink Properties.
On a network, a host system can receive data packets that are destined for another host. By enabling packet forwarding on the receiving local system, that system can forward the data packet to the destination host. This process is referred to as IP forwarding and is disabled by default in Oracle Solaris.
Packet forwarding is managed by a property that you can set on both IP interfaces, as well as for the TCP/IP protocol. If you want to be selective about how packets are forwarded, you can enable packet forwarding on the IP interface. For example, you might have a system that has multiple NICs, where some NICs are connected to the external network, while other NICs are connected to a private network. You can therefore enable packet forwarding only on some of the interfaces, rather than on all of the interfaces.
You can also enable packet forwarding globally on a system by setting the property of the TCP/IP protocol. See Enabling Global Packet Forwarding in Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle Solaris 11.4.
For example, you can enable packet forwarding on an IP interface as follows:
$ ipadm set-ifprop -p forwarding=on -m protocol-version interface
where protocol-version is either IPv4 or IPv6. You must run this command separately for IPv4 and IPv6 packets.
The following example shows how you might enable only IPv4 packet forwarding on a system:
$ ipadm show-ifprop -p forwarding net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 forwarding ipv4 rw off off off on,off net0 forwarding ipv6 rw off -- off on,off $ ipadm set-ifprop -p forwarding=on -m ipv4 net0 $ ipadm show-ifprop net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE ... net0 forwarding ipv4 rw on on off on,off
You can customize IP address properties to manage the following network configuration parameters:
Whether an IP address can be used as a source address for outbound packets
Whether the IP address belongs to a global or non–global zone
Whether the IP address is a private address
Use the following ipadm subcommands when working with IP address properties:
show-addrprop –p property addrobj – Displays address properties, depending on the options that you use.
To display the properties of all the IP addresses, do not specify a property or an address object. To display the values of a single property for all the IP addresses, specify only that property. To display all the properties of a specific address object, specify just the address object.
set-addrprop –p property=value addrobj – Assigns values to address properties. Note that you can only set one address property at a time.
reset-addrprop –p property addrobj – Restores any default values to the address property.
As an example, suppose you want to change the netmask of an IP address. The IP address is configured on the IP interface net3 and is identified by the address object name net3/v4. The following example shows how to revise the netmask:
$ ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/? static ok 127.0.0.1/8 net3/v4 static ok 198.51.100.3/24 $ ipadm show-addrprop -p prefixlen net3/v4 ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE net3/v4 prefixlen rw 24 24 24 1-30,32 $ ipadm set-addrprop -p prefixlen=8 net3/v4 $ ipadm show-addrprop -p prefixlen net3/v4 ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE net3/v4 prefixlen rw 8 24 24 1-30,32