Skip Navigation Links | |
Exit Print View | |
Connecting Systems Using Reactive Network Configuration in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Reactive Network Configuration (Overview)
Highlights of Profile-Managed Network Configuration
What Is Reactive Network Configuration?
When to Use Reactive Network Configuration
Location Activation Selection Criteria
How Reactive Network Profiles Work
How Reactive Networking Works With Other Oracle Solaris Networking Technologies
Network Configuration Security and Authorizations
Authorizations and Profiles Related to Network Configuration
Authorizations Required to Use the User Interfaces
Where to Find Network Configuration Tasks
2. Creating and Configuring Reactive Network Profiles (Tasks)
3. Administering Your Reactive Network Configuration (Tasks)
4. Using the Network Administration Graphical User Interface
The system manages network configuration by storing preferred property values in the form of profiles. These property values determine how a network is configured and when its components need to be configured depending on current network conditions. The reactive profiles implementation is a primary component of reactive network configuration. The two primary network profile types are the NCP and the Location profile. Exactly one NCP and one Location profile must be active on the system at all times.
The following are the profile types and configuration objects that comprise the system's network configuration:
Network configuration profiles (NCPs)
An NCP specifies the configuration of network links and interfaces. The system always defines an NCP called the Automatic NCP. This profile is the default reactive NCP. The Automatic NCP is created and maintained by the system and cannot be modified or removed. You can also create additional user-defined NCPs, as needed. For a complete description of the Automatic and user-defined NCPs, see Description of the Automatic and User-Defined NCPs. For a complete description of an NCP, see Description of an NCP.
Network configuration units (NCUs)
NCUs are the individual configuration objects that contain all of the properties that define an NCP. There are two types of NCUs: a link NCU and an interface NCU. Each NCU represents a physical link or an interface and contains properties that define the configuration for that link or interface. For a complete description of an NCU, see Description of an NCU.
The Location profile is one of the two primary profile types that make up the system's network configuration. The Location profile specifies the system-wide network configuration, for example, the naming services, the domain, the IP Filter configuration, and the IPsec configuration. There are both system-defined and user-defined locations. For a complete description of the Location profile, see Description of a Location Profile.
External network modifiers (ENMs)
ENMs are profiles that are used to manage applications that create their own network configuration, which is external to the configuration managed by the system, for example, a VPN application. The network management daemon, nwamd, enables or disables an ENM, depending on the conditions that are specified as a part of the ENM. For a complete description of an ENM, see Description of an ENM.
Known WLAN profiles store information about wireless networks that are known to your system. The system uses this information while configuring wireless links automatically to determine the order in which connections to available wireless networks are attempted and to find key information for protected wireless networks. For a complete description of known WLANs, see Description of a Known WLAN.
An NCP defines the network configuration of a system. The NCUs that make up an NCP specify how to configure the various network links and interfaces as well as the conditions under which that link or interface should be brought up. All NCPs have a management-type property that determines how the profiles are managed. The possible values for this property are fixed and reactive.
NCUs that define the reactive NCP include property values that describe the conditions under which each NCU should be enabled. The system's network uses the properties and conditions that are specified for each NCU to enforce the NCP activation policy. For information about the NCP activation policy, see Profile Activation Policy.
The system defines one reactive NCP: the Automatic NCP. You can also create additional user-defined reactive NCPs.
Fixed NCPs are also managed by the network management daemon. However, their configuration is always applied when the fixed NCP is enabled and is not altered by the system while the NCP remains active. There is only one fixed NCP on the system, the DefaultFixed NCP. For more information about the fixed NCP, see Connecting Systems Using Fixed Network Configuration in Oracle Solaris 11.1.
The Automatic NCP is a system-defined profile that is made up of one link NCU and one interface NCU for each physical link that is present on the system. For information about NCUs, see Description of an NCU. The content of the Automatic NCP changes if network devices are added or removed. However, the configuration preferences that are associated with the Automatic NCP cannot be edited.
The Automatic NCP utilizes dynamic host configuration protocol (DHCP) and address autoconfiguration to obtain IP addresses for the system. This profile also implements an NCU activation policy in this NCP that favors wired links over wireless links and that plumbs both IPv4 and IPv6 on each enabled link. If the specification of an alternate IP configuration policy or an alternate link selection policy is required, you can create additional user-defined NCPs on your system. The Automatic NCP changes dynamically when a new link is inserted or removed from the system. All NCUs that correspond to the inserted or removed link are also added or removed at the same time. The profile is updated automatically by the network management daemon.
User-defined NCPs are created and managed by the user. You must explicitly add and remove NCUs from the specified profile. You can create NCUs that do not correlate to any link that is currently present on the system. You can also remove NCUs that do not correlate to any link that is present on the system. In addition, you can determine the policy for the user-defined NCP. For example, you can allow multiple links and interfaces to be enabled on the system at a given time, as well as specify different dependency relationships between NCUs and static IP addresses.
For step-by-step instructions about creating a user-defined NCP and adding and removing NCUs to and from this NCP, see Creating an NCP.
NCUs are the individual configuration objects that make up an NCP. NCU represents a physical link or an interface on a system. The process of configuring a user-defined NCP includes creating NCUs that specify how each link and interface must be configured. For NCUs in a reactive NCP, the conditions under which each link or interface should be configured must also be specified.
There are two types of NCUs:
Link NCUs, for example, physical devices, are Layer 2 entities in the Open Systems Interconnection (OSI) model.
Interface NCUs, specifically, IP interfaces, are Layer 3 entities in the OSI model.
Link NCUs represent datalinks. There are several different classes of datalinks:
Physical links (Ethernet or WiFi)
Tunnels
Aggregations
Virtual local area networks (VLANs)
Virtual network interface cards (VNICs)
For more information about how to configure virtual NICs to create virtual networks, see Using Virtual Networks in Oracle Solaris 11.1.
A Location profile provides additional networking details after the basic IP connectivity has been established. Locations contain network configuration information that is comprised of a set of properties that relate to network configuration on a system-wide level.
A Location profile consists of certain network configuration information, for example, a naming service and firewall settings, that are applied together, when required. Also, because a location does not necessarily correspond to a physical location, you can set up several Location profiles to meet different networking needs. For example, one location can be used when you are connected to the company intranet. Another location can be used when you are connected to the public Internet by using a wireless access point that is located in your office.
Each Location profile contains properties that define the location activation selection criteria. For information about the location activation criteria, see Location Activation Selection Criteria.
By default, three Location profiles are predefined by the system:
The NoNet location has very specific activation conditions. This profile is applied to a system when no local interfaces have an assigned IP address. You can modify the NoNet location after it is enabled on your system for the first time. A read-only copy of the original NoNet location is stored on the system, in case you want to restore the default settings for this location.
The Automatic location is enabled if there are networks available, but no other Location profile supersedes it. You can modify the Automatic location after it has been enabled on your system for the first time. A read-only copy of the original Automatic location is stored on the system, in case you want to restore the default settings for this location.
Note - The Automatic location should not be confused with the Automatic NCP. The Automatic location is a Location profile type that defines system-wide network properties after the initial network configuration of a system takes place. The Automatic NCP specifies link and interface network configuration on a system.
The DefaultFixed location is enabled if the DefaultFixed NCP is active and at least one interface is configured with an IP address. The system updates the DefaultFixed location to reflect the changes made to relevant Service Management Facility (SMF) properties while the location is active. You must not modify the DefaultFixed location directly. For more information about fixed network configuration, see Connecting Systems Using Fixed Network Configuration in Oracle Solaris 11.1.
User-defined locations are profiles that you create with values that you specify for the system-wide network configuration. User-defined locations are identical to system-defined locations, except that a user-defined location is configured with values that you set, but system-defined locations have preset values.
For more information about creating user-defined locations, see Creating a Location Profile.
ENMs enable you to specify when applications or scripts, for example, a VPN application, should perform their own network configuration external to the configuration specified in the NCP and Location profiles. ENMs can also be defined as services or applications that directly modify your network configuration when they are enabled or disabled. You can specify the conditions under which an ENM should be enabled or disabled. You can also enable or disable an ENM manually. Unlike an NCP or a Location profile, where only one of each profile type can be active on the system at any given time, multiple ENMs can potentially be active on the system at the same time. The ENMs that are active on a system at any given time are not necessarily dependent on the NCP or Location profile that is also enabled on the system at the same time.
Although there are several external applications and services for which you can create an ENM, the obvious example is the VPN application. After you install and configure VPN on your system, you can create an ENM that automatically enables and disables the application under the conditions that you specify.
Note - Reactive network configuration cannot automatically detect external applications that are capable of directly modifying the network configuration on a system. To manage the activation or deactivation of a VPN application, or any external application or service, you must first install the application, then create an ENM for it by using either the command-line interface (CLI) or the network administration GUI.
Persistent information about any network configuration that is performed by an ENM is not stored or tracked by the system in exactly the same way as information about an NCP or a Location profile is stored. However, reactive network configuration is capable of noting an externally initiated network configuration. Based on any configuration changes that are made to the system by an ENM, reactive network configuration reevaluates which Location profile should be active, and subsequently enables that location. For example, switching to a location that is enabled conditionally when a certain IP address is in use. If the svc:/network/physical:default service is restarted at any time, the network configuration that is specified by the active NCP is reinstated. ENMs are restarted as well, possibly tearing down and re-creating the network configuration in the process.
For information about creating and modifying the properties of an ENM, see Creating an ENM Profile.
Known WLAN profiles store information about wireless networks, enabling NCPs to automatically configure wireless interfaces based on the configuration information of wireless networks that you connect to from your system.
Known WLAN profiles provide details about WLANs that might be connected to automatically. For example, each profile contains a priority value, which determines the order of preference for different wireless networks to be connected when two or more known networks are available. A profile with a lowest number as its priority value has the highest priority. When an NCP includes a wireless link to be enabled, the Known WLAN profile list is examined. If a wireless network that has a Known WLAN profile is available, the wireless link is automatically connected to that WLAN. If two or more known networks are available, the wireless network that has the highest priority (lowest number) is connected to the WLAN. The most recent wireless network that a wireless link is connected to (by explicit user action) is added to the top of the Known WLAN list, and that network becomes the new highest priority wireless network. This means that more recently connected WLANs are preferred over WLANs that you had connected to earlier. Known WLANs do not share the same priority at any point of time. If a new WLAN is added to the list with the same priority value as an existing WLAN, the existing entry is shifted to a lower priority value. Subsequently, the priority value of all other WLANs in the list is dynamically shifted to a lower priority value.
One or more key names can also be associated with a known WLAN. Key names enable you to create your own keys by using the dladm create-secobj command. You can then associate these keys with WLANs by adding the secure object names to the known WLAN keyname property. For more information, see the dladm(1M) man page. For more information about working with datalinks using the dladm command, see Chapter 3, Working With Datalinks, in Connecting Systems Using Fixed Network Configuration in Oracle Solaris 11.1.
For more information about using the command-line utilities to manage WLANs, see Performing a Wireless Scan and Connecting to Available Wireless Networks.