Customizing Protocol Properties

Language:

For most cases, the default values of protocol properties suffice to set up a functional network. However, these values can be reset and customized if necessary.

Commands for Setting Protocol Properties

To manage protocol properties, you use the following ipadm subcommands:

ipadm show-prop –p property protocol: Displays current property settings of a protocol. If you omit the –p property option, then the property settings of all protocols are displayed.
ipadm set-prop –p property=value[, property=value, ...] protocol: Assigns a value to one or more properties of a protocol. To remove a property value, use the -= qualifier in the property=value pair.
ipadm reset-prop –p property protocol: Resets a specific protocol property to its default value.

Configuring Protocol Properties: Sample Cases

The sample cases in this section describe ways to configure protocol properties.

Enabling Global Packet Forwarding

Packet forwarding is a property common to both the interface and the TCP/IP protocol so you can set the property's scope of implementation.

Packet forwarding on the interface level limits the function to that interface. If set on the protocol level, packet forwarding is global across all interfaces.

On the interface level such as net0, you would use the set-ifprop subcommand:
```
$ ipadm set-ifprop -p forwarding=on -m ipv4|ipv6 net0
```
On the protocol or global level, you would use the set-prop command:
```
$ ipadm set-prop -p forwarding=on ipv4|ipv6
```

The property can be set on both interface and protocol at the same time. Thus, although forwarding is enabled globally, you can still selectively implement the functionality on each interface.

Setting Up a Privileged Port

On transport protocols such as TCP, UDP, and SCTP, ports 1-1023 are privileged ports by default. Port numbers greater than 1023 are non-privileged.

You can extend the range of privileged ports beyond 1023, or mark specific ports in the non-privileged range as privileged. Processes that bind to a privileged port must be running with root permissions.

Setting up privileged ports involves the following properties:

smallest-nonpriv-port: Beginning of the range of non-privileged port numbers. By default, the port number is 1024.
extra-priv-ports: Ports outside of the privileged range that are set as privileged. You can assign multiple values to this property.

Suppose that you want to set TCP ports 3001 and 3050 as privileged ports, with access restricted to just the root role. First, you check the lowest number for a non-privileged port, which in the following output is 1024. Therefore, you can proceed with designating ports 3001 and 3050 as privileged.

$ ipadm show-prop -p smallest-nonpriv-port tcp
PROTO PROPERTY                PERM   CURRENT   PERSISTENT   DEFAULT   POSSIBLE
tcp   smallest-nonpriv-port   rw     1024      --           1024      1024-32768

$ ipadm set-prop -p extra-priv-ports+=3001 tcp
$ ipadm set-prop -p extra-priv-ports+=3050 tcp
$ ipadm show-prop -p extra-priv-ports tcp
PROTO   PROPERTY           PERM   CURRENT     PERSISTENT   DEFAULT     POSSIBLE
tcp     extra-priv-ports   rw     2049,4045   2049,4045    2049,4045   1-65535
                                  3001,3050   3001,3050

To remove an extra-privileged port, use the -= qualifier. For example:

$ ipadm set-prop -p extra-priv-ports-=3050 tcp
$ ipadm show-prop -p extra-priv-ports tcp
PROTO   PROPERTY           PERM   CURRENT     PERSISTENT   DEFAULT     POSSIBLE
tcp     extra-priv-ports   rw     2049,4045   2049,4045    2049,4045   1-65535
                                  3001        3001

Implementing Traffic Congestion Control

Network congestion typically occurs in the form of router buffer overflows where nodes send more packets than the network can accommodate. Oracle Solaris supports the following algorithms that prevent traffic congestion by establishing controls on the sending systems:

Algorithm	Oracle Solaris Name	Description
NewReno	`newreno`	Default algorithm in Oracle Solaris. This control mechanism includes a sender's congestion window, slow start, and congestion avoidance.
HighSpeed	`highspeed`	One of the best known and simplest modifications of NewReno for high-speed networks.
CUBIC	`cubic`	Currently the default algorithm in Linux 2.6. Changes the congestion avoidance phase from linear window increase to a cubic function.
Vegas	`vegas`	A classic delay-based algorithm that attempts to predict congestion without triggering actual packet loss.
DCTCP	`dctcp`	An algorithm that is based on the Explicit Congestion Notification (ECN) extension and is designed for traffic within a datacenter to predict and estimate congestion.

Beginning with Oracle Solaris 11.4, the Data Center TCP (DCTCP) algorithm is supported for TCP traffic only. To achieve the most benefits from using DCTCP, follow these guidelines:

Use switches that support Explicit Congestion Notification (ECN) marking, as specified in Section 5 of RFC 3168 (https://tools.ietf.org/html/rfc3168#section-5).

DCTCP requires that systems on both ends of the TCP connection have ECN. In Oracle Solaris, DCTCP auto-enables ECN for the specific connection that is using DCTCP. If the system on the other end is running a different OS, make sure ECN is enabled there also.
DCTCP is beneficial where round-trip time (RTT) is low. Thus, lower configurations for the minimum Retransmission Timeout (min RTO) and delayed acknowledgement (ACK) timeout are recommended.

To apply congestion control, set the following TCP properties:

cong-enabled

Comma-separated list of algorithms that are currently operational. Except for DCTCP, these algorithms apply to both TCP and SCTP traffic. You can specify multiple algorithms that you want to use.

cong-default

Algorithm that is automatically used when applications do not explicitly any for socket options. The value applies to both global and non-global zones.

This property must always have a defined algorithm.

The following syntax adds (+=) or removes (-=) algorithms for congestion control.

$ ipadm set-prop -p cong-enabled+=|-=algorithm[,algorithm,...] tcp

To replace the default algorithm, type:

$ ipadm set-prop -p cong-default=algorithm tcp

Note - No sequence rules exist for add and removing algorithms.

In the following example, the default algorithm for the TCP protocol is changed from newreno to cubic. Then, the vegas algorithm is removed from the list of enabled algorithms.

$ ipadm show-prop -p cong_default,cong_enabled tcp
PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
tcp   cong-default          rw   newreno      newreno      newreno      newreno,cubic,
                                                                        dctcp,
                                                                        highspeed,
                                                                        vegas
tcp   cong-enabled          rw   newreno,     newreno,     newreno      newreno,cubic,
                                 cubic,dctcp, cubic,dctcp,              dctcp,
                                 highspeed,   highspeed,                highspeed,
                                 vegas        vegas                     vegas        
  
$ ipadm set-prop -p cong-enabled-=vegas tcp
$ ipadm set-prop -p cong-default=cubic tcp

$ ipadm show-prop -p cong_default,cong_enabled tcp
PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
tcp   cong-default          rw   cubic        cubic        newreno      newreno,cubic,
                                                                        dctcp,
                                                                        highspeed
tcp   cong-enabled          rw   newreno,     newreno,     newreno      newreno,cubic,
                                 cubic,dctcp, cubic,dctcp,              dctcp,
                                 highspeed    highspeed                 highspeed,
                                                                        vegas

Enabling Multiple Listeners on TCP, SCTP, and UDP Ports

In this release, the SO_REUSEPORT socket option can support two or more listeners to bind to the same address/port pair. For TCP and SCTP sockets, any new incoming connection requests are distributed across those listeners. For a UDP socket, any incoming datagrams are distributed across bound sockets.

Oracle Solaris supports the following SO_REUSEPORT algorithms:

rr – Round robin
src-ip – Hashing on source IP address
src-ip-port – Hashing on source IP address and source port
src-dst-ip – Hashing on source and destination IP address
src-dst-ip-ports – Hashing on all four tuples

The following example shows how to change the algorithm that the SO_REUSEPORT option uses for UDP sockets. The current algorithm is first determined and then replaced.

$ ipadm show-prop -p reuseport-lbalg udp
PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
udp   reuseport-lbalg       rw   src-dst-     --           src-dst-     rr,src-ip,
                                 ip-ports                  ip-ports     src-ip-port,
                                                                        src-dst-ip,
                                                                        src-dst-ip-ports

$ ipadm set-prop -p reuseport-lbalg=src-dst-ip udp
$ ipadm show-prop -p reuseport-lbalg udp
PROTO PROPERTY              PERM CURRENT      PERSISTENT   DEFAULT      POSSIBLE
udp   reuseport-lbalg       rw   src-dst-ip   src-dst-ip   src-dst-     rr,src-ip,
                                                           ip-ports     src-ip-port,
                                                                        src-dst-ip,
                                                                        src-dst-ip-ports

Changing the TCP Receive Buffer Size

By default, the TCP receive buffer is 128 KB. Because applications do not use available bandwidth uniformly, a connection latency might require you to change the buffer size.

For example, Secure Shell performs additional checksum and encryption on the data stream, and consequently causes overhead on bandwidth use. Likewise, some applications perform bulk transfers. For both these cases, adjusting buffer sizes would increase efficiency in bandwidth use.

To calculate the appropriate receive buffer size, first use the ping -s host command to determine the value of the connection latency. Then, multiply the connection latency by the available bandwidth to obtain the bandwidth delay product (BDP). The appropriate receive buffer size approximates the BDP.

Note, however, that the use of bandwidth also depends on a variety of conditions which can further change the calculations.

The following example shows how to increase the buffer size to 164 KB:

$ ipadm show-prop -p recv-buf tcp
PROTO PROPERTY   PERM CURRENT   PERSISTENT   DEFAULT  POSSIBLE
tcp   recv-buf   rw   128000       --        128000   2048-1048576
$ ipadm set-prop -p recv-buf=164000 tcp
$ ipadm show-prop -p recv-buf tcp
PROTO PROPERTY   PERM CURRENT   PERSISTENT   DEFAULT  POSSIBLE
tcp   recv-buf   rw   164000    164000       128000   2048-1048576

Oracle Solaris does not provide a preferred set value for the buffer size because the preferred size varies depending on the circumstance. Consider the following examples where different values are set for the BDP in each network with specific conditions:

Typical 1 Gbps local area network (LAN) where 128 KB is the default value of the buffer size:

BDP = 128 MBps * 0.001 s = 128 kB

Theoretical 1Gbps wide area network (WAN) with 100 ms latency:

BDP = 128 MBps * 0.1 s = 12.8 MB

Europe-to-U.S. link (bandwidth measured by uperf)

BDP = 2.6 MBps * 0.175 = 470 kB

If you cannot compute the BDP, use the following guidelines:

For bulk transfers over a LAN, the default value of the buffer size (128 KB) is sufficient.
For most WAN deployments, the receive buffer size should be in the 2 MB range.

Caution - Increasing the TCP receive buffer size increases the memory footprint of many network applications.