Go to main content

Configuring and Managing Network Components in Oracle® Solaris 11.3

Exit Print View

Updated: December 2017

About Profile-Based Network Configuration

Oracle Solaris provides a predetermined set of system-defined profiles, as well as the capability for creating various types of user-defined reactive profiles with properties and activation conditions that you specify to meet your particular networking needs. User-defined profiles can be used to simplify the basic configuration of datalinks and IP addresses on your system, as well as define more complex system-wide network configuration, for example, naming services, IP Filter, and IP Security (IPsec) configurations.

    The following profile types are supported:

  • Network configuration profiles (NCPs) – An NCP is the principal profile type that is used to specify the configuration of network datalinks and IP interfaces. NCPs are configured with property values that specify how the network is configured when that particular NCP is activated on the system. NCPs can be reactive or fixed. You can have multiple reactive NCPs configured, but Oracle Solaris only supports one fixed NCP named DefaultFixed.

  • Network configuration units (NCUs) – The individual configuration information (properties) that defines an NCP are specified within NCUs. An NCU can represent a physical link or an interface and contains properties that specify the configuration for that link or interface.

  • Location profiles – A Location profile (also referred to as a Location) specifies system-wide network configuration, for example, naming services, domain, IP Filter configuration, and IPsec configuration.

  • External network modifiers (ENMs) – An ENM is a profile that manages applications that are responsible for creating network configuration that is external to the system's primary network configuration, for example, a VPN application.

  • Known WLANs – A Known WLAN is a profile that stores information about wireless networks that are discovered by your system.

Profile Type Descriptions

The following is a detailed description of each of profile types that are supported in the Oracle Solaris release.

Description of an NCP

An NCP defines system-specific network configuration, for example datalinks and IP interfaces and addresses. The various NCUs (network configuration units) that are part of each NCP specify how to configure the various network links and interfaces, for example, which interface or interfaces should be brought up, and under what conditions that interface should be brought up, as well as how the IP address for the interface is obtained.

The Automatic NCP represents all of the network links and interfaces that are currently in the system. The content of the Automatic NCP changes if network devices are added or removed. The Automatic NCP provides access to a profile that utilizes DHCP address autoconfiguration, which makes it possible to obtain IP addresses for the system. This NCP also implements a link selection policy that favors wired links over wireless links. If the specification of an alternate IP configuration policy or an alternate link selection policy is required, you would need to create another NCP on your system. You cannot delete the Automatic NCP. You can copy this NCP and make changes to the copy. See Example 23, Creating an NCP by Cloning the Automatic NCP.

Description of an NCU

NCUs contain the property values that define an NCP. NCUs represent the individual physical links and interfaces that are on a system. The process of configuring a user-defined NCP includes creating NCUs that specify how and under what conditions each link and interface should be configured.

    There are two types of NCUs:

  • Link NCUs – Represent physical devices (Layer 2 entities in the Open Systems Interconnection (OSI) model)

  • Interface NCUs – Represent IP interfaces (Layer 3 entities)

    Link NCUs represent the following datalink layer classes:

  • Aggregations

  • Bridges

  • Etherstubs

  • Ethernet over IB (EoIB),

  • Physical links (Ethernet or WiFi)

  • Tunnels

  • Virtual eXtensible local areal networks (VXLANs)

  • Virtual local area networks (VLANs)

  • Virtual network interface cards (VNICs)

    Interface NCUs represent the following IP layer classes:

  • IP interfaces

  • IPMP interfaces

  • Virtual network interfaces

For information about the properties that you can set for the various object types, see the netcfg(1M) man page.

Description of a Location Profile

A Location profile (also referred to simply as a Location) consists of network configuration information such as naming services and firewall settings that are applied together to specify system-wide network configuration when that Location is active. Because a Location does not necessarily correspond to a physical location, you can set up several Location profiles to meet different networking needs. For example, one Location can be used when you are connected to the company intranet. Another Location can be used when you are connected to the public Internet by using a wireless access point that is located in your office.

    By default, there are three Locations that are predefined by the system:

  • DefaultFixed

    The DefaultFixed Location is enabled whenever the DefaultFixed NCP is active. The DefaultFixed Location cannot be directly modified by the using the netcfg command. When this Location is enabled (as part of enabling the DefaultFixed NCP), the relevant Service Management Facility (SMF) properties are updated to reflect the settings of the Location. When the system is shut down or another Location is enabled, the relevant SMF properties for only those services that are enabled are saved as part of the DefaultFixed Location's configuration.

    Note -  If a service is not enabled, the customized properties are not saved. As a result, when you enable the Location again, the properties for the disabled services might not be the same as before.
  • Automatic

    The Automatic Location is activated if there are networks available but no other Location supersedes it. You can modify the Automatic Location by using the netcfg command.

    Note -  The Automatic Location should not be confused with the Automatic NCP. The Automatic Location defines system-wide network properties after the initial network configuration of a system takes place. The Automatic NCP specifies link and interface network configuration on a system.
  • NoNet

    The NoNet Location has very specific activation conditions. This Location is applied by the system to a stand-alone system when no local interfaces have an assigned IP address. You can modify the NoNet Location by using the netcfg command.

User-defined Locations are identical to system-defined Locations, with the exception that a user-defined Location is configured with custom values that you specify, while system-defined Locations have preset values.

Description of an ENM

ENMs enable you to specify when applications or scripts should perform network configuration that is external to the configuration that is specified in the NCP and Location profiles. ENMs can also be defined as services or applications that directly modify your network configuration when they are enabled or disabled. You can specify the conditions under which an ENM should be enabled or disabled. You can also enable or disable an ENM manually. Unlike an NCP or a Location profile, where only one of each profile type can be active on the system at any given time, multiple ENMs can potentially be active on the system at the same time. The ENMs that are active on a system at any given time are not necessarily dependent on the NCP or Location profile that is also enabled on the system at the same time.

Although there are several external applications and services for which you can create an ENM, the obvious example is the VPN application. After you install and configure VPN on your system, you can create an ENM that automatically activates and deactivates VPN under the conditions that you specified.

Note -  The reactive network configuration mode cannot automatically detect external applications that are capable of directly modifying the network configuration on a system. To manage the activation or deactivation of a VPN application, or any external application or service, you must first install the application, then create an ENM for it by using either the command-line interface (CLI) or the network administration GUI.

Persistent information about any network configuration that is performed by an ENM is not stored or tracked in exactly the same way that information about an NCP or a Location profile is stored. However, the system is capable of noting an externally initiated network configuration, and then based on any configuration changes that are made to the system by an ENM, reevaluating which Location should be active, and subsequently activating that Location. An example would be switching to a Location that is activated conditionally when a certain IP address is in use. If the svc:/network/physical:default service is restarted at any time, the network configuration that is specified by the active NCP is reinstated. ENMs are restarted as well, possibly tearing down and recreating network configuration in the process.

Description of a Known WLAN

Known WLANs are profiles that are used to manage wireless networks that are known to the system. A global list of these known wireless networks is then maintained by the system. This information is used to determine the order in which attempts to connect to available wireless networks are made. If a wireless network that exists in the Known WLAN list is available, the system automatically connects to that network. If two or more known wireless networks are available, the system attempts to connect to the wireless network with the highest priority (lowest number). Any new wireless network that you connect to is automatically added to the top of the Known WLAN list and becomes the current highest priority wireless network.

The default behavior is to prefer more recently connected WLANs over WLANs that you connected to previously. At no time can any Known WLAN share the same priority. If a new WLAN is added to the list with the same priority value as an existing WLAN, the existing entry is shifted to a lower priority value. Subsequently, the priority value of every other WLAN in the list is dynamically shifted to a lower priority value.

One key name can also be associated with a Known WLAN. A Key name enables you to create your own key by using the dladm create-secobj command. You can then associate this key with WLANs by adding the secure object names to the WLAN keyname property. For more information, see the dladm(1M) man page.

For more information managing WLANs from the command line, see Administering Known WLANs in Reactive Mode.

System-Defined and User-Defined Profiles

The Automatic NCP is a system-defined profile that is made up of one link NCU and one interface NCU for each physical link that is present in the system. The NCU activation policy in this NCP is to prefer connected, wired links over wireless links and to plumb both IPv4 and IPv6 on each enabled link. DHCP is used to obtain IPv4 addresses. Stateless Autoconf and DHCP are used to obtain IPv6 addresses. The Automatic NCP changes dynamically when new links are inserted or removed from the system. All NCUs that correspond to the inserted or removed link are also added or removed at the same time. The profile is updated automatically by the nwamd daemon.

    When active, the Automatic NCP implements the following basic policy:

  • Configure all available (connected) Ethernet interfaces by using DHCP.

  • If no Ethernet interfaces are connected, or if none can obtain an IP address, enable one wireless interface, automatically connecting to the best available WLAN from the Known WLAN list. See Description of a Known WLAN.

  • Until at least one IP4 address has been obtained, keep the NoNet Location active. See Description of a Location Profile. This Location provides a strict set of IP Filter rules that only pass data that is relevant to IP address acquisition (DHCP and IPv6 autoconf messages). All of the properties of the NoNet Location, with the exception of the activation conditions, can be modified.

  • When at least one IP address has been assigned to one of the system's interfaces, activate the Automatic Location. This Location has no IP Filter or IPsec rules. The Location applies the domain name system (DNS) configuration data that is obtained from the DHCP server. As with the NoNet Location, all of the properties of the Automatic Location, with the exception of its activation conditions, can be modified.

You can optionally configure user-defined NCPs. You must explicitly add and remove NCUs from the specified NCP. You can also create NCUs that do not correlate to any link that is currently present in the system. In addition, you can determine the policy for the user-defined NCP. For example, you can allow multiple links and interfaces to be enabled on the system at a given time, as well as specify different dependency relationships between NCUs and static IP addresses.