For most cases, the default values of protocol properties suffice to set up a functional network. However, these values can be reset and customized if necessary.
To manage protocol properties, you use the following ipadm subcommands:
Displays current property settings of a protocol. If you omit the –p property option, then the property settings of all protocols are displayed.
Assigns a value to one or more properties of a protocol. To remove a property value, use the -= qualifier in the property=value pair.
Resets a specific protocol property to its default value.
See also Configuring and Managing Network Components in Oracle Solaris 11.4.
The sample cases in this section describe ways to configure protocol properties.
Packet forwarding is a property common to both the interface and the TCP/IP protocol so you can set the property's scope of implementation.
Packet forwarding on the interface level limits the function to that interface. If set on the protocol level, packet forwarding is global across all interfaces.
On the interface level such as net0, you would use the set-ifprop subcommand:
$ ipadm set-ifprop -p forwarding=on -m ipv4|ipv6 net0
On the protocol or global level, you would use the set-prop command:
$ ipadm set-prop -p forwarding=on ipv4|ipv6
The property can be set on both interface and protocol at the same time. Thus, although forwarding is enabled globally, you can still selectively implement the functionality on each interface.
On transport protocols such as TCP, UDP, and SCTP, ports 1-1023 are privileged ports by default. Port numbers greater than 1023 are non-privileged.
You can extend the range of privileged ports beyond 1023, or mark specific ports in the non-privileged range as privileged. Processes that bind to a privileged port must be running with root permissions.
Setting up privileged ports involves the following properties:
Beginning of the range of non-privileged port numbers. By default, the port number is 1024.
Ports outside of the privileged range that are set as privileged. You can assign multiple values to this property.
Suppose that you want to set TCP ports 3001 and 3050 as privileged ports, with access restricted to just the root role. First, you check the lowest number for a non-privileged port, which in the following output is 1024. Therefore, you can proceed with designating ports 3001 and 3050 as privileged.
$ ipadm show-prop -p smallest-nonpriv-port tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp smallest-nonpriv-port rw 1024 -- 1024 1024-32768 $ ipadm set-prop -p extra-priv-ports+=3001 tcp $ ipadm set-prop -p extra-priv-ports+=3050 tcp $ ipadm show-prop -p extra-priv-ports tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp extra-priv-ports rw 2049,4045 2049,4045 2049,4045 1-65535 3001,3050 3001,3050
To remove an extra-privileged port, use the -= qualifier. For example:
$ ipadm set-prop -p extra-priv-ports-=3050 tcp $ ipadm show-prop -p extra-priv-ports tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp extra-priv-ports rw 2049,4045 2049,4045 2049,4045 1-65535 3001 3001
Network congestion typically occurs in the form of router buffer overflows where nodes send more packets than the network can accommodate. Oracle Solaris supports the following algorithms that prevent traffic congestion by establishing controls on the sending systems:
|
Beginning with Oracle Solaris 11.4, the Data Center TCP (DCTCP) algorithm is supported for TCP traffic only. To achieve the most benefits from using DCTCP, follow these guidelines:
Use switches that support Explicit Congestion Notification (ECN) marking, as specified in Section 5 of RFC 3168 (https://tools.ietf.org/html/rfc3168#section-5).
DCTCP requires that systems on both ends of the TCP connection have ECN. In Oracle Solaris, DCTCP auto-enables ECN for the specific connection that is using DCTCP. If the system on the other end is running a different OS, make sure ECN is enabled there also.
DCTCP is beneficial where round-trip time (RTT) is low. Thus, lower configurations for the minimum Retransmission Timeout (min RTO) and delayed acknowledgement (ACK) timeout are recommended.
To apply congestion control, set the following TCP properties:
Comma-separated list of algorithms that are currently operational. Except for DCTCP, these algorithms apply to both TCP and SCTP traffic. You can specify multiple algorithms that you want to use.
Algorithm that is automatically used when applications do not explicitly any for socket options. The value applies to both global and non-global zones.
This property must always have a defined algorithm.
The following syntax adds (+=) or removes (-=) algorithms for congestion control.
$ ipadm set-prop -p cong-enabled+=|-=algorithm[,algorithm,...] tcp
To replace the default algorithm, type:
$ ipadm set-prop -p cong-default=algorithm tcp
In the following example, the default algorithm for the TCP protocol is changed from newreno to cubic. Then, the vegas algorithm is removed from the list of enabled algorithms.
$ ipadm show-prop -p cong_default,cong_enabled tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp cong-default rw newreno newreno newreno newreno,cubic, dctcp, highspeed, vegas tcp cong-enabled rw newreno, newreno, newreno newreno,cubic, cubic,dctcp, cubic,dctcp, dctcp, highspeed, highspeed, highspeed, vegas vegas vegas $ ipadm set-prop -p cong-enabled-=vegas tcp $ ipadm set-prop -p cong-default=cubic tcp $ ipadm show-prop -p cong_default,cong_enabled tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp cong-default rw cubic cubic newreno newreno,cubic, dctcp, highspeed tcp cong-enabled rw newreno, newreno, newreno newreno,cubic, cubic,dctcp, cubic,dctcp, dctcp, highspeed highspeed highspeed, vegas
In this release, the SO_REUSEPORT socket option can support two or more listeners to bind to the same address/port pair. For TCP and SCTP sockets, any new incoming connection requests are distributed across those listeners. For a UDP socket, any incoming datagrams are distributed across bound sockets.
Oracle Solaris supports the following SO_REUSEPORT algorithms:
rr – Round robin
src-ip – Hashing on source IP address
src-ip-port – Hashing on source IP address and source port
src-dst-ip – Hashing on source and destination IP address
src-dst-ip-ports – Hashing on all four tuples
The following example shows how to change the algorithm that the SO_REUSEPORT option uses for UDP sockets. The current algorithm is first determined and then replaced.
$ ipadm show-prop -p reuseport-lbalg udp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE udp reuseport-lbalg rw src-dst- -- src-dst- rr,src-ip, ip-ports ip-ports src-ip-port, src-dst-ip, src-dst-ip-ports $ ipadm set-prop -p reuseport-lbalg=src-dst-ip udp $ ipadm show-prop -p reuseport-lbalg udp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE udp reuseport-lbalg rw src-dst-ip src-dst-ip src-dst- rr,src-ip, ip-ports src-ip-port, src-dst-ip, src-dst-ip-ports
By default, the TCP receive buffer is 128 KB. Because applications do not use available bandwidth uniformly, a connection latency might require you to change the buffer size.
For example, Secure Shell performs additional checksum and encryption on the data stream, and consequently causes overhead on bandwidth use. Likewise, some applications perform bulk transfers. For both these cases, adjusting buffer sizes would increase efficiency in bandwidth use.
To calculate the appropriate receive buffer size, first use the ping -s host command to determine the value of the connection latency. Then, multiply the connection latency by the available bandwidth to obtain the bandwidth delay product (BDP). The appropriate receive buffer size approximates the BDP.
Note, however, that the use of bandwidth also depends on a variety of conditions which can further change the calculations.
The following example shows how to increase the buffer size to 164 KB:
$ ipadm show-prop -p recv-buf tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp recv-buf rw 128000 -- 128000 2048-1048576 $ ipadm set-prop -p recv-buf=164000 tcp $ ipadm show-prop -p recv-buf tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp recv-buf rw 164000 164000 128000 2048-1048576
Oracle Solaris does not provide a preferred set value for the buffer size because the preferred size varies depending on the circumstance. Consider the following examples where different values are set for the BDP in each network with specific conditions:
BDP = 128 MBps * 0.001 s = 128 kB
BDP = 128 MBps * 0.1 s = 12.8 MB
BDP = 2.6 MBps * 0.175 = 470 kB
If you cannot compute the BDP, use the following guidelines:
For bulk transfers over a LAN, the default value of the buffer size (128 KB) is sufficient.
For most WAN deployments, the receive buffer size should be in the 2 MB range.
Caution - Increasing the TCP receive buffer size increases the memory footprint of many network applications. |