The following features are new or have changed in this release.
Support for the Wired Equivalent Privacy (WEP) wireless network security standard has been removed. Consequently, Oracle Solaris WiFi drivers can no longer perform encryption or decryption by using WEP. For more information, see Administering Wireless Networks in Oracle Solaris.
Persistent network configuration is now managed through the Service Management Facility (SMF). This change aligns network configuration with other system components that use SMF as a core storage repository. It also enables you to apply customized network configuration during an installation by specifying network component settings in system configuration profiles.
In an SMF service, a class of objects having persistent configuration is represented as a property group and shares the name of the class. The classes are as follows:
IP interfaces and protocol-specific configuration (IP, SCTP, TCP, and ICMP)
Static IP routes
Known wireless local area networks (WLANs)
External network modifiers (ENMs)
Each class or property group would contain children property groups corresponding to the objects in the class. For example, under datalink group, you can specify configurations for specific datalink groups on the system, such as a net0, ether0, net1, and so on.
During an installation, you can use system configuration profiles that would implement defined network configuration on target installation clients as shown in the following example:
<service name="network/datalink-management" version="1" type="service"> <instance name="default"> <property_group name="datalinks" type="application"> <!-- specify jumbo frames (mtu=9000) for net0 physical datalink --> <property_group name="net0" type="datalink-phys"> <propval name="mtu" type="count" value="9000"/> </property_group> <!-- specify custom physical datalink name ether0 for e1000g1 device --> <property_group name="ether0" type="datalink-phys"> <propval name="devname" type="astring" value="e1000g1"/> </property_group> </property_group> </instance> </service>
For a summary of changes as a consequence of SMF-managed network configuration, see Datalink Properties.
A substantial portion of the functionality of the Network Auto-Magic (NWAM) feature that was introduced in Oracle Solaris 11 has been removed. In particular, network profiles, including the network configuration profile (NCP) and the Location profile, are now unsupported.
NCPs and Location profiles – The removal includes all system-defined NCPs (Automatic and DefaultFixed) as well as user-define NCPs. In Oracle Solaris 11.4, you configure the network only through available command lines.
With the removal of Location profiles, the svc:/network/location SMF service is removed as well. Note that because the various naming services are not automatically changed, there is no need to save or restore any location-related system-wide network configuration if you previously configured this information by using a Location profile.
Known wireless local area networks (WLANs) – This type of network profile is still supported. However, you no longer administer WLANs by using the netcfg command. Instead, you use new dladm subcommands to create and manage this type of configuration. This change enables you to continue to use Known WLANs on notebook PCs. See Administering Known WLANs.
The subcommands that you use to scan and select wireless networks have also been removed. Instead, you use the existing dladm subcommands, scan-wifi and connect-wifi, to connect to wireless networks. The show-events subcommand is still supported because it provides a means to listen for events that the nwamd daemon sends out.
For more information, see Administering Wireless Networks in Oracle Solaris.
External network modifiers (ENMs) – This type of profile is still supported, as they provide an easy way to run scripts, especially if those scripts have to run automatically whenever certain networking conditions are met. These conditions could include an interface obtaining an IP address or a link state changing.
You continue to use the netcfg command to create and modify ENMs, and the netadm command to enable and disable ENMs, as well as check ENM status.
Because ENMs are the only type of configuration object (or profile) that you configure with the netcfg command in Oracle Solaris 11.4, the enm keyword and –p profile-type option has been removed. As a result, the syntax that you use to create an ENM has been simplified, as shown in the following example:
netcfg> create myenm $ netadm enable myenm
For more information, see Administering External Network Modifiers in Oracle Solaris.
Network configuration during an installation – The removal of support for NCPs and Location profiles has also changed how the network can be configured during an installation, depending on the installation method that you use.
Changes for each installation method are as follows:
Text installations – During a text installation, the Automatic and Manual options are no longer available. Instead, you must select a network interface to configure and then specify whether to configure the IP address for that interface statically or by using DHCP. The None option that enables you to skip networking during an installation and configure the network afterwards is still available.
Automated Installations (AI) – If you previously used system configuration profiles to specify the Automatic NCP for the netcfg/active_ncp property of the svc:/network/physical:default SMF service, you will need to run the sysconfig create-profile command to select which interfaces to configure and then create a new system configuration profile based on the new information.
Upgrading from Oracle Solaris 11 to Oracle Solaris 11.4 – The existing network configuration is upgraded as follows:
The existing settings for the currently active NCP and Location profile are retained. However, due to the removal of support for the NWAM reactive mode, the system will behave as though any previously active interfaces were configured to use the DefaultFixed NCP upon reboot.
Known WLANs are migrated under dladm control and will continue to work. However, you must now use dladm subcommands rather the netcfg command to administer this type of configuration. See Administering Wireless Networks in Oracle Solaris.
Network administration GUI (formerly NWAM) is removed – Support for network administration and the monitoring of network connectivity from the desktop is removed in Oracle Solaris 11.4.
This feature is useful in configuring kernel zones. If you do not know in advance the exact MAC address and VLAN ID for a kernel zone, you can specify the prefixes of allowable MAC addresses and VLAN ID ranges instead. This capability enables a kernel zone to communicate to the global host which MAC address and VLAN ID to use when the system boots.
On kernel zones, the output of the dladm show-phys –o command would include the ALLOWED-ADDRESSES and ALLOWED-IDS columns:
$ dladm show-phys -o link,media,device,allowed-addresses,allowed-vids LINK MEDIA DEVICE ALLOWED-ADDRESSES ALLOWED-VIDS net0 Ethernet zvnet0 fa:16:3f, 100-199, fa:80:20:21:22 400-498,500
The ADDRESS column, which displays the MAC address of a physical datalink, is still supported.
A new –name option has been added to the route command. This option enables you to specify a name when adding, modifying, deleting, or displaying information about a persistent (static) route. In previous releases you could only refer to a route by its destination and gateway. Note that you can only use this option for persistent (static) routes.
For more information, see Creating Persistent (Static) Routes in Configuring an Oracle Solaris 11.4 System as a Router or a Load Balancer and the route(8) man page.
You can now create a SR-IOV-enabled DLMP aggregation by grouping several SR-IOV-enabled NICs and configure SR-IOV VNICs on the SR-IOV-enabled DLMP aggregated ports. Similarly, you can also create a DLMP aggregation by grouping multiple InfiniBand host channel adapter (HCA) ports and configure IPoIB VNICs over this DLMP aggregation. For more information, see DLMP Aggregation of SR-IOV NICs and DLMP Aggregation of InfiniBand Host Channel Adapter (HCA) Ports in Managing Network Datalinks in Oracle Solaris 11.4.
Client-side support for network access control for wired networks through the IEEE 802.1X feature is included in this release. You can use this feature to restrict the use of IEEE 802 LAN service access points (ports) and to secure communications between authenticated devices. See Chapter 3, Protecting Networks With IEEE 802.1X Certificates in Securing the Network in Oracle Solaris 11.4.