Network Administration Command Changes

Language:

In Oracle Solaris 10 and previous releases, the ifconfig command is the customary tool that you use to configure network interfaces. However, the command does not implement persistent configuration. Over time, the ifconfig command has undergone enhancements to add further network administration capabilities. As a result, the command has become more complex and can sometimes be confusing to use.

Another issue with IP interface configuration and administration is the absence of simple tools to administer TCP/IP properties, also referred to as tunables. The ndd command has long been the prescribed customization tool for this purpose, but like the ifconfig command, the ndd command does not implement persistent configuration. Previously, persistent configuration could be simulated for a network scenario by editing the boot scripts. With the introduction of the service management facility (SMF), using these types of workarounds can be risky because of the complexities of managing the various SMF dependencies, particularly in light of upgrades to an Oracle Solaris installation.

Note the following key points about the network administration commands that you use in this release:

The ipadm and dladm commands replace the ifconfig command for configuring network interfaces (datalinks and IP interfaces and addresses). Although the ifconfig command is still functional, it primarily exists for backward compatibility. Also, the previous method of adding information to the /etc/hostname* files is not supported in Oracle Solaris 11.

You can perform most of the tasks that you previously performed with the ifconfig command by using either the dladm command (for datalink administration) or the ipadm command (for IP administration). Although many ifconfig command options have an ipadm equivalent, there is not an exact one-to-one mapping between the two commands. For comparable equivalents, see Comparing the ifconfig Command to the ipadm Command. See also the ifconfig(5) man page.
The ipadm and dladm commands also replace the ndd command as a tool for customizing network parameters (tunables). Although the ndd command is still functional in Oracle Solaris 11, the ipadm and dladm commands are preferred.
In Oracle Solaris 10, you configure drivers through driver-specific mechanisms, for example, the ndd command and the driver.conf file. However, in Oracle Solaris 11, you configure common driver features by setting dladm properties, as well as some driver-private features through driver-private properties.

Note - Some ndd options do not have equivalent dladm command options.

Comparing the `ifconfig` Command to the `ipadm` Command

Compared to the ifconfig command, the ipadm command provides the following advantages:

Parameter interactions with interfaces and addresses that are clearly represented.
Configuration commands that manage both the current system state, as well as keep a persistent record of that state synchronized for automatic use upon reboot.
A committed, parsable output format with many subcommands that exist for easy use by shell scripts.
User-defined IP address object names that provide a means for management scripts to easily reference individual addresses, including IP addresses that are defined through DHCP or IPv6 address autoconfiguration.

The following table compares selected ifconfig command options to the ipadm command equivalent. For an additional explanation of these changes, see the ifconfig(5) man page. For a comprehensive list of all of the available options, see ipadm(1M).

Table 8 ifconfig and ipadm Command Comparison

Task Description	`ifconfig` Command	`ipadm` Command
List all interfaces and their addresses.	`ifconfig` `–a`	`ipadm`
Create or delete an IP interface.	`plumb` `unplumb`	`ipadm create-ip` `ipadm delete-ip`
Create or delete a static IP address on an interface.	[`address`[/`prefix-length`] [`dest-address`]] [`addif` `address`[/`prefix-length`]] [`removeif` `address`[/`prefix-length`]][`netmask` `mask`][`destination` `dest-address`].	`ipadm create-addr` `–a` `address` `ipadm delete-addr`
Create or delete a DHCP address on an interface.	{`auto-dhcp`\|`dhcp`} [`wait` `seconds`] `start` \| `release`	`ipadm create-addr -T dhcp` [`–w` `seconds` ]. `ipadm delete-addr` `–r`
Extend a DHCP lease.	{`auto-dhcp` \| `dhcp`} `extend`	`ipadm refresh-addr`
Obtain configuration parameters from DHCP without obtaining a lease.	{`auto-dhcp` \| `dhcp`} `inform`	`ipadm refresh-addr –i`
Check if DHCP is in use on an interface.	{`auto-dhcp` \| `dhcp`} `ping`	`ipadm show-addr` `interface`
Display DHCP status.	{`auto-dhcp` \| `dhcp`} `status`	`netstat -D`
Create or delete an auto-configured IPv6 address on an existing interface	`inet6 plumb up` `unplumb`	`ipadm create-addr` `–T` `addrconf` `ipadm delete-addr`
View/set address properties.	[`deprecated` \| `–deprecated`] [`preferred` \| `–preferred`] [`private` \| `–private`] [`zone` `zonename` \| `–zones` \| `–all-zones`][`xmit` \| `–xmit`].	`ipadm show-addrprop` `ipadm set-addrprop`
Bring an address up.	`up`	`ipadm up-addr` Implicit in `create-addr` Required for explicit `down-addr`
Take an address down.	`down`	`ipadm down-addr`
View/set interface properties.	[`metric` `n`] [`mtu` `n`] [`nud` \| `–nud`] [`arp` \| `–arp`] [`usesrc` [`name` \| `none`] [`router` \| `router`].	`ipadm show-ifprop` `ipadm set-ifprop`
Create/delete an IPMP group.	`plumb ipmp group` [`name` \| `""`] `unplumb`	`ipadm create-ipmp` `ipadm delete-ipmp`
Add an interface to an IPMP group.	group [ `name` ]	`ipadm add-ipmp` `–i` `ifname`
Turn on/off standby flag.	`standby` \| `–standby`	`ipadm set-ifprop -p standby=on` `ipadm set-ifprop -p standby=off`
Configure an IP tunnel link.	[`tdsttunnel-dest-addr`] [`tsrc` `tunnel-srcs-addr`] [`encaplimit` `n`\| `–encaplimit`] [`thoplimitn`]	`dladm` *`-iptun` set of commands.
View/set the hardware address of a link.	[`ether` [`address` ]].	`dladm show-linkprop` `–p` `mac-address` `dladm set-linkprop` `–p` `mac-address=addr`
View/set modules to be autopushed on a link.	[`modlist`] [`modinsert` `mod_name@pos`] [`modremove` `mod_name@pos`].	`dladm show-linkprop` `–p` `autopush` `dladm set-linkprop` `–p` `autopush=modlist`
Set subnet, netmask, broadcast domain.	`subnet` `subnet-address`] [`broadcast` `broadcast-address`]	`ipadm set-addrprop` `–p` `prefixlen=len`
Set IPsec policy for a tunnel link.	[`auth_algs` `authentication-algorithm`] [`encr_algs` `encryption-algorithm`] [`encr_auth_algs` `encryption- authentication-algorithm`].	`ipsecconf` See `ipsecconf`(1M)
Miscellaneous networking commands that have no `ipadm` command equivalent.	`[auth_revarp`] [ `index` `if-index`] [ `token` `address`/`prefix-length`] DHCP 'drop' option E	Not applicable.

`ifconfig` Replacement Commands

In Oracle Solaris 11, there is no single command that replaces the information that is displayed in the output of the ifconfig –a command. However, in most cases, using the ipadm command without any options provides very similar information. See the ifconfig(5) man page for further explanation.

To determine which command to use as a replacement for the ifconfig command, refer to the following information:

Use the ipadm command without any options to display basic information about a system's interfaces:

# ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
lo0               loopback   ok           --         --
   lo0/v4         static     ok           --         127.0.0.1/8
   lo0/v6         static     ok           --         ::1/128
net0              ip         ok           --         --
   net0/v4        dhcp       ok           --         203.0.113.65/24
   net0/v6        addrconf   ok           --         fe80::214:4fff:fefb:bbf0/10

For MAC address information, use the dladm command with the following options:.
```
# dladm show-linkprop -p mac-address -o link,effective
```

Display detailed IP interface state or property information as follows:

# ipadm show-if -o ifname,class,state,current,over
# ipadm show-ifprop -o ifname,property,proto,current

Display detailed IP address state or property information as follows:

# ipadm show-addr -o addrobj,type,state,current,addr
# ipadm show-addrprop -o addrobj,property,current

Display IP tunnel configuration details as follows:
```
# dladm show-iptun
```

The following are situations in which you might still opt to use the ifconfig command:

To display the logical interface number for any given address or a link index number. The ipadm does not display this information and some applications still use these numbers.
As a diagnostic tool, the ifconfig command can provide additional information that you might not be able to obtain by using the dladm and ipadm commands.

The following two examples compare differences between the output of the ifconfig and the output of the ipadm command when used to obtain similar information about a system's datalink (net0).

# ifconfig net0
net0: flags=100001000942<BROADCAST,RUNNING,PROMISC,MULTICAST,IPv4,PHYSRUNNING> mtu 1500 index 4
        inet 0.0.0.0 netmask 0
        ether 0:d0:b7:b9:a5:8c
# ifconfig net0 inet6
net0: flags=120002000940<RUNNING,PROMISC,MULTICAST,IPv6,PHYSRUNNING> mtu 1500 index 4
        inet6 ::/10

# ipadm show-if -o ifname,class,state,current,over net0
IFNAME     CLASS    STATE    CURRENT       OVER
net0       ip       down     bm46--------  --
sekon# ipadm show-ifprop -o ifname,property,proto,current net0
IFNAME      PROPERTY        PROTO CURRENT
net0        arp             ipv4  on
net0        forwarding      ipv4  off
net0        metric          ipv4  0
net0        mtu             ipv4  1500
net0        exchange_routes ipv4  on
net0        usesrc          ipv4  none
net0        forwarding      ipv6  off
net0        metric          ipv6  0
net0        mtu             ipv6  1500
net0        nud             ipv6  on
net0        exchange_routes ipv6  on
net0        usesrc          ipv6  none
net0        group           ip    --
net0        standby         ip    off

Comparing the `ndd` Command to the `ipadm` Command

Compared to the ndd command, the ipadm command provides the following advantages:

Provides information about each TCP/IP property, such as a property's current and default value, as well as the range of possible values. Thus, debugging information is more easily obtained.
Follows a consistent command syntax and is therefore easier to use.
Persistent configuration of routing and transport layer tunables that is made possible by using an ipadm subcommand rather than the previously required uncommitted ndd commands that required the use of custom SMF scripts or /etc/rc*.d scripts.

The following table compares selected ndd command options to equivalent ipadm command options. See the ipadm(1M) man page for a more comprehensive list of command options.

Table 9 ndd Command Compared to the ipadm Command

ndd Command

ipadm Command

bash-3.2# ndd -get /dev/ip ?
ip_def_ttl         (read and write)
ip6_def_hops       (read and write)
ip_forward_directed_broadcasts
                   (read and write)
ip_forwarding      (read and write)
...
...

bash-3.2# ndd -get /dev/ip \
ip_def_ttl
100

bash-3.2# ndd -get /dev/ip \
ip6_def_hops
255

bash-3.2# ndd -get /dev/tcp ?
tcp_cwnd_max       (read and write)
tcp_strong_iss     (read and write)
tcp_time_wait_interval
                   (read and write)
tcp_tstamp_always  (read and write)
tcp_tstamp_if_wscale
                   (read and write)
...

bash-3.2# ndd -get /dev/tcp ecn
1

bash-3.2# ndd -get /dev/tcp sack
2

bash-3.2# ipadm show-prop ip
PROTO PROPERTY     PERM   CURRENT  PERSISTENT   DEFAULT   POSSIBLE
ipv4  forwarding   rw     off      --           off       on,off
ipv4  ttl          rw     255      --           255       1-255
ipv6  forwarding   rw     off      --           off       on,off
ipv6  hoplimit     rw     255      --           255       1-255
...

bash-3.2# ipadm show-prop -p ttl,hoplimit ip
PROTO PROPERTY   PERM   CURRENT   PERSISTENT   DEFAULT   POSSIBLE
ipv4  ttl        rw     255       --           255       1-255
ipv6  hoplimit   rw     255       --           255       1-255

bash-3.2# ipadm show-prop tcp
PROTO PROPERTY        PERM CURRENT PERSISTENT DEFAULT    POSSIBLE
tcp   ecn             rw   passive --         passive    never,passive,
                                                         active
tcp   extra_          rw   2049    2049,4045  2049,4045  1-65535
      priv_ports
tcp   largest_        rw   65535   --         65535      1024-65535
      anon_port
tcp   recv_           rw   128000  --         128000     2048-1073741824
      maxbuf
tcp   sack            rw   active  --         active     never,passive,
                                                         active
tcp   send_           rw   49152   --         49152      4096-1073741824
      maxbuf
tcp   smallest_       rw   32768   --         32768      1024-65535
      anon_port
tcp   smallest_       rw   1024    --         1024       1024-32768
      nonpriv_port
...

bash-3.2# ipadm show-prop -p ecn,sack tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT  POSSIBLE
tcp   ecn      rw   passive --         passive  never,passive,active
tcp   sack     rw   active  --         active   never,passive,active

Comparing the `ndd` Command and `driver.conf` Configuration to the `dladm` Command

In Oracle Solaris 10, you use the ndd command to customize network parameters (tunables) and some driver-specific properties. Although the ndd command is still functional in Oracle Solaris 11, the dladm command is the preferred command for managing these properties.

The driver.conf file is also used in Oracle Solaris 10 to configure some driver-specific properties. In Oracle Solaris 11, you can configure some common driver features by setting dladm properties, as well as certain driver-private features through driver-private properties.

The following three classes of tunables are configurable:

Common generic properties – The majority of these properties have a straightforward mapping to a dladm command equivalent.

While ndd command parameters are queried and set with the –get and –set subcommands, dladm properties are queried and set with the show-linkprop and set-linkprop subcommands. You can also reset dladm properties by using the reset-linkprop subcommand. The following examples illustrate some of the differences between these two commands.

In the following example, the ndd command is used with the –get subcommand to retrieve the link speed of the datalink net0:
```
# ndd -get /dev/net/net0 link_speed
```
The following example shows how you would use the dladm command to retrieve the information from the speed property:
```
# dladm show-linkprop -p speed net0
LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
net0     speed           r-   0            0            0         -- 
```
Another example is how the automatic negotiation of the link speed and duplex setting is enabled. In the following example, the ndd command is used to set the adv_autoneg_cap parameter:
```
# mdd -set /dev/net/net0 adv_autoneg_cap 1
```
Note that the ndd command does not configure settings that persist between reboots.

The following example shows how to enable the automatic negotiation of the link speed and duplex setting by using the dladm command to set the adv_autoneg_cap parameter:
```
# dladm set-linkprop -p adv_autoneg_cap=1
```
When you use the dladm command, the changes take place immediately and are persistent between system reboots.
Capability related tunables – Many of these properties have an equivalent dladm command option in Oracle Solaris 11. The list of properties is extensive. See the "Ethernet Link Properties" section of the dladm(1M) man page.

You can display these properties by using the dladm command without any options, or you can use the dladm show-ether command. If you do not specify any options with the dladm show-ether command, only the current Ethernet property values for the datalink are displayed. To obtain information beyond what is provided by default, use the –x option, as shown in the following example:
```
# dladm show-ether -x net1
LINK     PTYPE       STATE    AUTO  SPEED-DUPLEX             PAUSE
net1     current     up       yes   1G-f                     both
--       capable     --       yes   1G-fh,100M-fh,10M-fh     both
--       adv         --       yes   100M-fh,10M-fh           both
--       peeradv     --       yes   100M-f,10M-f             both
```
With the –x option, the command also displays the built-in capabilities of the specified link, as well as the capabilities that are currently advertised between the host and the link partner.
Driver-specific properties – In Oracle Solaris 11, how you configure properties that were previously stored in the driver.conf file depends on the specific driver. The main property that was previously configured in this file is the maximum transmission unit (MTU) property. You manage this property by using the dladm command. See Setting the MTU Property in Configuring and Managing Network Components in Oracle Solaris 11.3.

For more information about the various properties that you can customize by using the dladm command, see Obtaining Status Information for Datalink Properties in Configuring and Managing Network Components in Oracle Solaris 11.3.

For information about configuring other private driver properties, refer to the manufacturer's documentation for that driver.

Transitioning From Oracle® Solaris 10 to Oracle Solaris 11.3