| Skip Navigation Links | |
| Exit Print View | |
|
Connecting Systems Using Reactive Network Configuration in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Connecting Systems Using Reactive Network Configuration in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Reactive Network Configuration (Overview)
Highlights of Profile-Managed Network Configuration
What Is Reactive Network Configuration?
When to Use Reactive Network Configuration
Description of the Automatic and User-Defined NCPs
Description of a Location Profile
How Reactive Network Profiles Work
How Reactive Networking Works With Other Oracle Solaris Networking Technologies
Network Configuration Security and Authorizations
Authorizations and Profiles Related to Network Configuration
Authorizations Required to Use the User Interfaces
Where to Find Network Configuration Tasks
2. Creating and Configuring Reactive Network Profiles (Tasks)
3. Administering Your Reactive Network Configuration (Tasks)
4. Using the Network Administration Graphical User Interface
Reactive network configuration enables you to specify the NCP activation policy for reactive NCPs. This policy describes when NCUs are enabled. Each Location profile also contains properties that define the activation criteria.
NCUs, Location profiles, and ENMs have an activation-mode property. The allowable values for each profile type differ. In addition, how the activation-mode property is validated differs for each profile type, as do the conditions under which each profile is enabled.
Note - The activation-mode property for the NCU can be either set to manual or prioritized. The activation-mode property for the Location profile can be set to manual, conditional-any, conditional-all, or system.
The NCP activation policy is enforced through the use of properties and conditions that can be specified for each NCU. Examples of policy that you might specify include: “prefer wired connections over wireless connections” or “activate one interface at a time.” How and when NCPs are enabled is defined in the properties that are set for each NCU type.
Note - An interface NCU must always be associated with an underlying link NCU. Each interface NCU becomes active when its associated link NCU is enabled. You can override the default behavior of an NCU by using the netadm command. However, the dependency on the underlying link NCU can never be removed. For example, if you enable an interface NCU without enabling its associated link NCU, the interface do not actually come online until the underlying NCU for that interface is enabled.
How network connections are enabled is set in the link NCU properties. The following properties are used to define the NCP activation policy:
This property can be set to either manual or prioritized.
manual – The NCU activation is managed by the administrator. You can use the netadm command or the network administration GUI to enable or disable the NCU. If an NCU's activation-mode property is set to manual, values that are set for both the priority-group and priority-mode NCU properties are ignored.
prioritized – The NCU is enabled according to the values that are set in the priority-group and priority-mode properties for the specified NCU. The enabled property is always true for prioritized NCUs.
Prioritized activation enables groups of links to be enabled at the same time. This activation mode also enables one or more links to be preferred over other links. The priority-group property assigns a numeric priority level to a given link. All links at the same priority level are examined as a group. The priority-mode property defines how many of the group members might or must be available for the group to be enabled.
enabled property (activation-mode is set to manual)
The value of this property can be true or false. You cannot set the value of this property. Rather, the value reflects the current state of a manually enabled NCU, which can be changed by using the netadm command or by using the network administration GUI.
priority-group property (activation-mode is set to prioritized)
The value is numeric. Zero (0) indicates the highest priority. Negative values are invalid.
Among all of the available priority groups, only the NCUs in the highest available priority group are enabled. When more than one NCU with the same priority is available, activation behavior is defined by the priority-mode property. The priority number is not an absolute value. It can change, as the NCP repository is updated.
Note - The priority order is strictly enforced.
priority-mode property (activation-mode is set to prioritized)
The property is set when a value for the priority-group property has been specified.
The values for this property are as follows:
exclusive – Specifies that only one NCU in the priority group can be active at any given time. The first available NCU within the priority group is enabled, and the other NCUs in the group are ignored.
shared – Specifies that multiple NCUs in the priority group can be active at the same time. Any available NCUs in the priority group are enabled.
all – Specifies that all of the NCUs in the priority group must be made available for the priority group to be considered available and thus made active.
In the following example, NCU properties are set according to an NCP policy which specifies that multiple wired links are enabled at the same time.
For all physical links:
NCU type: link
NCU class: phys
activation-mode: prioritized
priority-group: 0 for wired
priority-mode: shared for wired
In the following example, NCU properties are set according to an NCP policy which specifies that there can be only one active link on the system at any given time.
For all physical links:
NCU type: link
NCU class: phys
activation-mode: prioritized
priority-group: 0 for wired
priority-mode: exclusive
The properties that define the activation criteria specify information about the conditions under which a Location profile is enabled. A Location profile can be manually enabled by using the netadm command or by using the network administration GUI. If you do not explicitly enable a location, the network management daemon, nwamd, checks the activation rules for all of the conditionally enabled and system-enabled Location profiles, and then chooses the location that best matches the current network environment.
The nwamd daemon uses an algorithm to continuously reevaluate the selection criteria for all the configured locations, each time determining which location has the criteria that is the best match for the current network environment. If there is no suitable match for a location, the Automatic location is then enabled.
Changes in the network environment cause the nwamd daemon to continually reassess the location selection to determine the best match for the new environment. However, if you explicitly enable a Location profile by using the netadm command (either a location that is manually enabled or a location that is conditionally enabled), that location remains active until you explicitly disable it or enable a different location. In this situation, changes in the network environment do not result in a change in Location profiles, regardless of whether there might be a better match available. The fact that you explicitly specified the current location makes it, in effect, the best possible match. For instructions about enabling and disabling profiles, see Enabling and Disabling Profiles.
The selection criteria for when and how a user-defined location is enabled are specified by the following properties:
activation-mode
conditions
The activation-mode property is set to one of the following possible values:
manual
conditional-any
conditional-all
system
Note - The system value of the activation-mode property can only be assigned to system-provided locations: the Automatic, NoNet, and DefaultFixed locations. The system value indicates that the system determines when to activate these locations.
If the activation-mode property is set to conditional-any or conditional-all, the conditions property contains a conditional expression or expressions that are user-defined. Each expression contains a condition that can be assigned a boolean value, for example, ncu ip:net0 is-not active. The condition in this example can be used for activating a location or an ENM. The condition is true when the IP NCU for net0 is not online. This expression determines when the location or ENM is enabled and if the condition is not met, the location or ENM is disabled.
If the activation-mode property is set to conditional-any, the condition is satisfied if any one of the conditions is true.
If the activation-mode property is set to conditional-all, the condition is satisfied only if all of the conditions are true.
Locations and ENMs can be activated based on a set of user-specified conditions. The conditions can be set for the object types which include profile types and profile properties. The criteria and operations that can be used to construct the condition strings are defined in the following table.
Table 1-1 Criteria and Operations for Constructing Condition Strings
|
Note - The essid property represents an Extended Server Set Identifier (ESSID), which is the network name of a wireless LAN (WLAN). The bssid property represents a Basic Service Set Identifier (BSSID), which is the MAC address of a specific wireless access point (WAP) or any access point (AP).
Note the distinction between the advertised-domain and the system-domain profile properties. The advertised domain is discovered through external communications, for example, the DNSdmain or NISdmain domain names, which are advertised by a DHCP server. This profile property is useful for the conditional activation of locations, for example, if the advertised domain is mycompany.com, then enable the work location. The system-domain profile property is the domain that is currently assigned to the system. It is the value that is returned by the domainname command. This profile property is useful for the conditional activation of ENMs, as it becomes true only after a location has been enabled, and the system has been configured for that particular domain. For more information, see the domainname(1M) man page.
For more information about location properties, see Description of a Location Profile.
|