This section describes parameters pertaining to the IP protocol.
Defines the maximum number of logical IP interfaces associated with a real interface. Each logical interface in the Oracle Solaris kernel maps to a single IP address.
256
1 to 8,192
Yes
Do not change the value. If more logical interfaces are required, you might consider increasing the value. However, recognize that this change might have a negative impact on IP's performance.
Unstable
Controls whether IPv4 or IPv6 forwards packets with source IPv4 routing options or IPv6 routing headers.
Off
Off or On
Yes
Keep this parameter disabled to prevent denial of service attacks.
Unstable
Controls the rate of IP in generating ICMP error messages. IP generates only up to _icmp_err_burst IP error messages in any _icmp_err_interval.
The _icmp_err_interval parameter protects IP from denial of service attacks. Setting this parameter to 0 disables rate limiting. It does not disable the generation of error messages.
100 milliseconds for _icmp_err_interval
10 error messages for _icmp_err_burst
0 – 99,999 milliseconds for _icmp_err_interval
1 – 99,999 error messages for _icmp_err_burst
Yes
If you need a higher error message generation rate for diagnostic purposes.
Unstable
Enables or disables IPQoS processing in any of the following callout positions: forward outbound, forward inbound, local outbound, and local inbound. This parameter is a bitmask as follows:
|
A 1 in any of the position masks or disables IPQoS processing in that particular callout position. For example, a value of 0x01 disables IPQoS processing for all the local inbound packets.
The default value is 0, meaning that IPQoS processing is enabled in all the callout positions.
0 (0x00) to 15 (0x0F). A value of 15 indicates that IPQoS processing is disabled in all the callout positions.
Yes
If you want to enable or disable IPQoS processing in any of the callout positions.
Unstable
Controls whether IP responds to a broadcast ICMPv4 echo request or a multicast ICMPv4 or ICMPv6 echo request.
1 (enabled)
0 (disabled) or 1 (enabled)
Yes
If you do not want this behavior for security reasons, disable it.
Unstable
Sets the value of the hop limit in the IPv6 header for the outbound ICMPv6 error and reply packets. The hop limit defines the maximum number of routers a packet can pass through on the path to the destination. It is primarily used to clear messages from the network when a misconfiguration would otherwise case messages to endlessly loop through the same set of routers.
The hoplimit set on outbound ICMP requests and on UDP, TCP, and SCTP messages is not controlled by this property. It is instead controlled by the _ipv6_hoplimit property for each respective protocol.
255
1 to 255
Yes
Generally, you do not need to change this value.
Stable
Controls send and receive behavior for IPv4 or IPv6 packets on a multi-homed system.
weak
weak, strong, or src-priority
weak
Outgoing packets - The source address of the packet going out need not match the address configured on the outgoing interface.
Incoming packets - The destination address of the incoming packet need not match the address configured on the incoming interface.
strong
Outgoing packets - The source address of the packet going out must match the address configured on the outgoing interface.
Incoming packets - The destination address of the incoming packet must match the address configured on the incoming interface.
src-priority
Outgoing packets - If multiple routes for the IP destination in the packet are available, the system prefers routes where the IP source address in the packet is configured on the outgoing interface.
If no such route is available, the system falls back to selecting the best route, as with the weak ES case.
Incoming packets - The destination address of the incoming packet must be configured on any one of the host's interface.
Yes
If a system has interfaces that cross strict networking domains (for example, a firewall or a VPN node), set this parameter to strong.
Stable
Controls whether IPv4 or IPv6 sends out ICMPv4 or ICMPv6 redirect messages.
1 (enabled)
0 (disabled) or 1 (enabled)
Yes
If you do not want this behavior for security reasons, disable it.
Stable
Controls the time to live (TTL) value in the IPv4 header for the outbound IPv4 ICMP error and reply packets. The TTL defines the maximum number of routers a packet can pass through on the path to the destination. It is primarily used to clear messages from the network when a misconfiguration would otherwise cause messages to endlessly loop through the same set of routers.
The ttl set on outbound ICMP requests and on UDP, TCP, and SCTP messages is not controlled by this property. It is instead controlled by the _ipv4_ttl property for each respective protocol.
255
1 to 255
Yes
Generally, you do not need to change this value.
Stable
The following parameters can be configured to perform duplicate address detection (DAD) in the network.
Interval in which the system continues to broadcast announcements for a specific address using IPv4 ARP and IPv6 NDP, respectively, to detect duplicate addresses in the network after the initial duplicate address detection process completes successfully.
300,000 milliseconds
0-360,000
Yes
Never
Unstable
Time period within which unrequested address-defense ARP or NDP messages are generated on any one physical network interface. These parameters work together with _arp_defend_rate/_ndp_defend_rate.
These parameters does not apply to normal ARP or NDP resolution or to address defense due to detected conflicts. Rather, the parameters are implemented only on unbidden conflict detection traffic.
3,600 seconds
0-3,600
Yes
Never
Unstable
Number of unrequested address-defense ARP or NDP messages that can be generated in an hour period on any one physical network interface. The time period can be revised by configuring _arp_defend_period/_ndp_defend_period.
The _arp_defend_rate/_ndp_defend_rate work together with the _arp_defend_period/_ndp_defend_period to prevent a system with a large number of configured IP addresses from flooding the network with ARP traffic.
By default, the system will cotinuously broadcast an ARP announcement or NDP advertisement every five minutes for each address that already passed duplicate address detection. However, the total number of such ARP announcements or NDP advertisements from an interface is further limited to 100 messages per hour regardless of the number of configured addresses.
These parameters does not apply to normal ARP or NDP resolution nor to address defense due to detected conflicts. Rather, the parameters are implemented only on unbidden conflict detection traffic.
100 messages/hour
0-20,000
Yes
Never
Unstable
In a transmit-pause sequence, the number of probes that are transmitted to detect duplicate addresses before pausing. The length of time is defined in _arp_fastprobe_interval. The parameter is used for faster probing for duplicate addresses.
3 packets
0-20
Yes
Never
Unstable
Similar function to _arp_probe_interval, which is the time between the sending of a set number of probes to detect duplicate addresses. To accelerate the process in bringing up an IP interface, and if the underlying driver can properly report link up or link down events, the system uses this parameter as the interval between sending out probes. This parameter works together with _arp_fastprobe_count.
150 milliseconds
10-20,000
Yes
Never
Unstable
In a transmit-pause sequence, the number of probes that are transmitted to detect duplicate addresses before pausing. The length of the pause is determined by _arp_probe_interval. After the pause time expires, probing resumes.
3 packets
0-20
Yes
Never
Unstable
Time between the sending of a set number of probes to detect duplicate addresses. The number of probes that is sent after each interval is defined in _arp_probe_count.
1,500 milliseconds
10-20,000
Yes
Never
Unstable
Length of time a system defends its local address when it is detected to be in conflict with another system's IP address. The number of attempts to defend the address within this period is defined in _max_defend.
30 seconds
0-999,999
Yes
Never
Unstable
Time between the transmission of probes after the system marks a non-temporary address down because it conflicts with the same address in a remote system. The local system sends out probes periodically to test whether the conflict persists. If the probe receives no reply, the conflict is considered cleared and the address is marked up again.
300,000 milliseconds
0-360,000
Yes
Never
Unstable
The number of times an IP address is defended if the address conflicts with another system's IP address. Defense of the address occurs within the time specified in _defend_interval.
3 counts
0-1,000
Yes
Never
Unstable
Number of times a system defends a temporary local address or a DHCP controlled address when that address is in conflict with another system's IP address. When the value of _max_temp_defend is passed, the system gives up the address.
1 count
0-1,000
Yes
Never
Unstable
Number of unsolicited IPv4 ARP announcements or IPv6 NDP advertisements transmitted over an interface to update the address cache of network peers. The announcements are sent after a local IP address has been successfully brought up and are transmitted at intervals controlled by the arp_publish_interval/ndp_unsolicit_interval parameters.
3 packets
1-20
Yes
Never
Stable
Time between successive unsolicited IPv4 ARP announcements or IPv6 NDP advertisements that are sent after a local IP address is successfully brought up. The announcements are sent to update the address cache of network peers.
2,000 milliseconds
1,000-20,000
Yes
Never
Stable
Changing the following parameters is not recommended.
When IPv4 or IPv6 sends an ICMPv4 or ICMPv6 error message, it includes the IP header of the packet that caused the error message. This parameter controls how many extra bytes of the packet beyond the IPv4 or IPv6 header are included in the ICMPv4 or ICMPv6 error message.
64 for IPv4
1,280 for IPv6
8-65,536 for IPv4
8-1,280 for IPv6
Yes
Do not change the value. Including more information in an ICMP error message might help in diagnosing network problems. If this feature is needed, increase the value.
Unstable
Specifies the interval in milliseconds at which IP flushes the path maximum transfer unit (PMTU) discovery information, and tries to rediscover PMTU.
Refer to RFC 1191 on PMTU discovery.
1,200 milliseconds (20 minutes)
2-999,999,999
Yes
Do not change this value.
Unstable