Interfaces

Network Interfaces

A "local area network" or “LAN” is a network in which all computers are directly connected to each other through a central switching point. Discrete chunks of data called “packets” are sent from one computer to another on the LAN using an address called the MAC (Medium Access Control) or “Ethernet” address. An Ethernet address is contained in the firmware of a network interface, which may be built into a motherboard or may be part of a network interface card (NIC). Each network interface on a host is associated with a driver, which is a kernel module that communicates with a device, and each has a name of its own. All Solaris drivers/kernel modules are displayed with the command modinfo:

# modinfo

The name of the interface is a combination of the name of the driver of the interface and of the instance of the interface. The first instance of the eri interface present in many Sun computers is therefore eri0. If you add a quad-fast NIC to your computer, it will have four interfaces: qfe0 through qfe3. All configured interfaces are displayed by the ifconfig command:

# ifconfig -a

MAC address: The MAC address is composed of 6 octets (48 bits), written in hexadecimal and separated by colons, and is coded into the firmware of the PROM or the interface card's controller chip. The first 3 octets are called the CID (company ID), indicate the manufacturer, and are assigned by IEEE, while the last 3 (VID – vendor ID) are unique in that manufacturer's output. The whole MAC address is therefore unique in the world. Root can check the MAC address of an interface with ifconfig -a, and set it using ifconfig <interface> ether <MAC> where <interface> is the name of the interface (for example, qfe2) and <MAC> is the MAC address in decimal form. The banner command, issued at the PROM interface, also displays the MAC address.

The output of ifconfig –a or ifconfig <hostname> is:

Name of interface, such as hme0 or qfe3

flags = <value>, where “value” is a numerical equivalent to the flags listed after the value.

Flags. The following flags are usually set, including one of IPv4 and IPv6.

UP – interface is enabled, and can send and receive messages. If the interface is down, this flag is absent, but no "DOWN" flag is set!
NOTRAILERS – header information may not be placed at the end of the packet. This flag exists for backwards compatibility only, and is absent in the most recent releases of Solaris.
RUNNING – the kernel knows about the interface and its drivers are loaded into memory – it is “plumbed”.
MULTICAST – the interface is multicast enabled…it will filter multicast packets and accept only those to which the device has subscribed.
BROADCAST – the interface can send and receive broadcast packets.
IPv4 – system is running IPv4 (new in Solaris 8)
IPv6 – system is running IPv6 (new in Solaris 8)
LOOPBACK - the interface is a loopback. It consists of internal circuits that allow the system to check network configuration without going out onto the network.
VIRTUAL - the interface is not an actual, physical entity.

mtu <value> - the maximum transmission unit for this interface is as specified (usually

1500).

index <value> - the value given is the number assigned by the operating system to identify that interface. 1 is loopback, 2 is usually the primary interface (hme0 or qfe0…)

inet <IP address>

netmask <netmask in hexadecimal>

broadcast <broadcast address>

ether <ethernet address>

If you want to disable an Ethernet interface, you must mark it as “down” using the ifconfig command.

ifconfig <interface name> down

brings down the interface, while

ifconfig <interface name> up

returns it to service.

A network interface may be tested with the "ping" command. The ping command can be issued with the name or IP address of any system, and will tell you whether the interface associated with that IP address can be reached.

ping <hostname>

Don't assume that failure of "ping" means the other system is down. The problem may be on your network, or the network interface may have been disabled on the other system. Ping failure just means you probably cannot reach the other system, for whatever reason.

The snoop command is a very useful test of network activity. It reads packets coming over a network, and has a number of useful options. The snoop command captures packets and displays them to the console in readable form, if you can read really fast. It's generally more useful to snoop -o <filename>, send snoop outpuut to a file, and then read it at your leisure with snoop -i <filename> | more. Verbose output may also be useful: snoop -v gives you all the details of addressing and packet contents.

You can snoop in all kinds of ways. Snoop by itself picks up all traffic on the local area network. You can snoop traffic on the named host with snoop <hostname>, while snoop <host1> <host2> snoops only the traffic between the named hosts. Specifying hosts to snoop is often required for LANs connected by modern switches. If you get no snoop output, try specifying your host as host1 and another host as host2. It is possible to snoop only certain protocols: snoop telnet picks up just telnet traffic, while snoop dhcp picks up dhcp traffic. These filters are useful because snoop output can be overwhelming otherwise!

Hit control-C to exit snoop.

Files: Three files configure an interface for use on the network. The file /etc/hostname.<interface>, for example, /etc/hostname.eri0 contains the host name or IP address to be associated with each interface that should be configured at boot time. If you put a host name in /etc/hostname.<interface> you must also have a name resolution entry in the file /etc/inet/hosts for that hostname. This entry will be the IP address and the hostname for the interface. The file /etc/inet/hosts also contains (in order) any other IP addresses, hostnames, and nicknames for which you want to provide name resolution. These may be for interfaces on your host or on other hosts. The file /etc/inet/ipnodes is a relatively new name resolution file which will eventually replace /etc/inet/hosts when IPv6, the new internet addressing protocol, becomes standard. It is now set up by default for the primary interface on your system when the system is installed and its entries have precedence over those in /etc/inet/hosts. If you want to change the IP address of the primary interface on your system, you must change the entries in this file!

The system's name can be changed permanently in these files and the file /etc/nodename. The file /etc/nodename contains the “canonical hostname” of the system. This is the true name of the host itself, as opposed to the names associated with interface IP addresses. It can be changed temporarily by using uname -S <newname> or hostname <newname>, which changes the name in RAM only, and will not persist across a reboot. Any time you want an interface configured at boot, you must create a new /etc/hostname.<interface> file and, if necessary add an entry for that interface’s name and IP address to /etc/inet/hosts.

Network interface configuration: At boot time the script /lib/svc/method/net-physical is used to configure interfaces. It reads any /etc/hostname.<interface> files and /etc/inet/hosts. The file /etc/hostname.<interface> applies to that interface and contains the hostname, IP address, and other configuration information that can be passed to ifconfig. This script calls /sbin/ifconfig to configure interfaces with IP addresses and hostnames, and loads drivers (plumbs) for the interface. (This process is the equivalent of that performed by the start script /etc/rcS.d/S30network.sh in Solaris 9.) It performs the original plumbing of the interface which may then be re-plumbed later. Next the method /lib/svc/method/net-init runs. It configures IP routing and sets tunable parameters. In Solaris 9 the script /etc/init.d/inetinit sets these. The method /lib/svc/method/net-svc is the final method run. It resets anything that depends on the network-wide name resolution services NIS or NIS+. This method replaces /etc/init.d/inetinit used in releases of Solaris previous to Solaris 10.

Unconfiguring the system: System identification information can be changed using ifconfig, uname -S and by editing configuration files. The system can be unconfigured all at once with the command sys-unconfig. This command removes such identification as the time and date, the hostname, the IP addresses associated with any interfaces, the time zone and character set and the default system language. It also returns the system to the ok prompt. It does not affect file systems. When you boot the system, you will be prompted for all system information.

The command sys-unconfig should only be used on sandbox and laboratory systems. It is easy to change important system indentification without rebooting and reboots are generally not acceptable on production systems.

Acronyms:

MAC - Medium Access Control

CID – Company ID – the first 24 bits of the MAC address (also known as the OUI – Organizationally Unique Identifier).

MTU – Maximum Transmission Unit – the largest packet of data than can pass through an interface.

VID – Vendor ID – the last 24 bits of the MAC address which identify one interface uniquely.

Definitions:

frame- a packet sent out on the network from the preamble to the end of the CRC. A frame is the fundamental Ethernet packet.

packet – a generic term for a collection of bits sent out on a network.

Files:

files containing the hostname:

/etc/inet/hosts (maps IP addresses to hostnames)

/etc/nodename – contains the canonical hostname, used by some daemons, like sendmail. Also used by multicast and SNMP. If this file has the wrong name, boot will complain.

/etc/hostname.<interface> - contains the hostname by which the system is known to the network. Creating and populating this file with the hostname allows the interface to be configured at boot time.

/lib/svc/method/net-physical Start script that uses /sbin/inconfig to configure the Ethernet and loopback interfaces.

Commands:

ifconfig - configures internet ports and gets information on configuration.

-a show configuration for all interfaces.

<interface> - show configuration for only the interfaace listed.

<interface> ether <MAC address> - sets the MAC address.

uname -S <new name> - sets the hostname

hostname <new name> - sets the host name.

snoop - read packets off the network.

-v verbose – include information from headers and trailers

-V summary verbose – include summary header and trailer information.

-i <snoop file name created with snoop –o > - read snoop info from file.

You may also use the –v or –V options with this command.

-o <filename> - write snoop info to file. This file is binary and must be read with

snoop –i.

<filter> snoop only the type of packets given: where filter can be:

broadcast, arp, rarp, multicast, a hostname, an IP or MAC address, udp,

port <#>, and many others. Boolean expressions may be used in the filter:

for example: snoop host1 AND ether or snoop host not port 22 (this latter

captures all packets except ssh packets).

ping [-<options>] < hostname >- sends out a packet to a destination host to see if it is

responding, and replies to the originating host.

-v verbose ping – give detailed information on ping attempts and responses.

-s send out one ping per second.

Misc:

MTUs

16 Mbps token ring (IBM) 17914 bytes

4 Mbps token ring (IEEE) 4464

FDDI 4352

Ethernet 2 1500 (older versions were 1492, which you still sometimes see)

X.25 (internet) 576

Point to point 296

loopback 8232

CIDs for Sun: tadpole – 0a:0:20 E10k - 0:0:be most others - 8:0:20

Sunblade: 00:03:ba Sunfire 8:0:21