IPv6 question

jpolachak · June 26, 2014, 11:56am

I am currently trying to setup static ipv6 address with a persistent default gateway. This is on a Solaris 10 non global zone running inside a Solaris 10 global zone. My production server I am comparing against is a Solaris 10 xen instance running on a Oracle Solaris xen instance.

I have got it working but not as intended. I am dont understand why when i plumb the interface and it comes online with the assigned ip that it also created another 2 interfaces igb1:2 and igb1:3. Why does this happen?

I thought that was the job of ndp to stop auto configuration. My /etc/inet/ndpd.conf file with 644 perms.

ifdefault StatelessAddrConf false
ifdefault StatefulAddrConf false

Here are the steps I have performed in the following order.

created ndpd.conf file with above configuration.
Enabled ndp "svcadm enable ndp"
vi /etc/hostname6.igb1 to include the below config
addif x:y:z:1001::41/64 up
ifconfig igb1 inet6 plumb
ifconfig igb1:1 inet6 plumb
ifconfig igb1:1 inet6 x:y:z:1001::40/64 up

below is my ifconfig output

 
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
 inet 127.0.0.1 netmask ff000000 
igb1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
 inet x.y.z.41 netmask ffffff00 broadcast x.y.z.255
 ether 0:21:28:75:dc:1 
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
 inet6 ::1/128 
igb1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
 inet6 fe80::221:28ff:fe75:dc01/10 
 ether 0:21:28:75:dc:1 
igb1:1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
 inet6 x:y:z:1001::41/64 
igb1:2: flags=20a0841<UP,RUNNING,MULTICAST,NOLOCAL,ADDRCONF,IPv6> mtu 1500 index 2
 inet6 subnet x:y:z:1001::/64 
igb1:3: flags=20a0841<UP,RUNNING,MULTICAST,NOLOCAL,ADDRCONF,IPv6> mtu 1500 index 2
 inet6 subnet x:y:z:1001::/64

We have this implemeneted on a production server. However, that server does not show they igb1:2 and igb1:3 interfaces. I can ping the gateway and the default route. I just dont think the :2, :3 interfaces should show up.

hicksd8 · June 26, 2014, 12:32pm

What Solaris version exactly?

(Network interfaces are handled very differently in Solaris 11 compared to Solaris 10).

jpolachak · June 26, 2014, 1:00pm

Solaris 10. Sorry.

hicksd8 · June 26, 2014, 1:52pm

Right, it's Solaris 10

I don't know how you've managed to get these interfaces configured (plumbed) but, hopefully, I'll write a few things that may help. This may help you investigate or provide additional info to us

THIS IS FOR SOLARIS 10 ONLY

A booting Solaris operating system tries to plumb interfaces if it find files

/etc/hostname.*

** post the output of

 
 ls -l /etc/hostname.*

**

hostname.* files contain just the hostname that the system should be seen as on that particular interface.

That host name is resolved to an ip address (usually by looking in /etc/hosts or /etc/inet/hosts for ipv6) and that ip address is used on that interface.

If you have extraneous plumbed interfaces try moving the hostname.* file(s) out of the way by renaming them (mv).

Being sysadmin professionals here never delete anything, just rename.

Reboot the system and see if it comes out with any complaints/errors.
If so, post them here.

Hope that helps.

jpolachak · June 26, 2014, 2:16pm

Maybe I am missing somethign. I have the file

/etc/hostname6.igb1

That contains

addif x:y:z:1001::41/64 up

When I restart the zone it comes up with igb1:1, igb1:2, and igb1:3. Everything works ok. But I dont think it should show the igb1:2 and igb1:3 interfaces.

So I have also tried to add the following to my /etc/hostname6.igb1 configuration.

x:y:z:1001::41
addif x:y:z:1001::41/64 up

This does now not give me two extra interfaces igb1:2 and igb1:3. However, now I cannot ping my default route. It appears I am missing the routes that get automatically populated via the first mechanism I spoke about.

My question is what am i missing to configure this to work without getting the additional interfaces? I dont see these extra interfaces in our production server. Below is the working netstat output from a working server with only one interface plumbed igb1:1.

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If   
--------------------------- --------------------------- ----- --- ------- ----- 
x:y:z:1004::/64             z:y:z:1004::9        U       1      41 xnf0:1 
fe80::/10                   fe80::216:3eff:fe45:c0c7    U       1       0 xnf0  
ff00::/8                    fe80::216:3eff:fe45:c0c7    U       1       0 xnf0  
default                     x:y:z:1004::14       UG      1    4587       
::1                         ::1                         UH      1       0 lo0

---------- Post updated at 02:16 PM ---------- Previous update was at 02:12 PM ----------

My /etc/inet/ndpd.conf configuration is:

cat /etc/inet/ndpd.conf
ifdefault StatelessAddrConf false
ifdefault StatefulAddrConf false

hicksd8 · June 26, 2014, 2:40pm

A booting Solaris 10 operating system will take it's default route for ipv6 operation from

/etc/defaultrouter6

This should contain just the ip address of the gateway to which all lan external requests should be sent (assuming there is only one route configured).

Take a look at that.

If the file doesn't exist you can create it with just the gateway ip address on the first line, left justified.

For example:

22.110.34.1

jpolachak · June 26, 2014, 2:57pm

I dont have a /etc/defaultroute6 file on my working production server. My test server I am trying to get this working on I added a persistent route via.

route -p add -inet6 default z:y:z:1001::15

hicksd8 · June 26, 2014, 3:05pm

How about:

/etc/defaultrouter6

as in "router" with 'r' at the end.

Even so, try creating it and see what happens.
Can always remove it if it doesn't work.

---------- Post updated at 08:05 PM ---------- Previous update was at 08:02 PM ----------

And when you say that you can't ping your router, how are you doing that?

By ip address or by name? If by name, that would need successful resolution. Does the name appear in /etc/inet/hosts?

jpolachak · June 27, 2014, 9:44am

I have added /etc/defaultrouter6 and it does not do anything to get rid of my additional igb:2, igb:3 interfaces. However, this does not break anything. I am able still able to ping myself and the gateway. I am pinging the addresses via IP address.

---------- Post updated at 09:44 AM ---------- Previous update was at 08:22 AM ----------

I just realized this might help provide some more information. I am tyring to get this to work on a non global zone running solaris 10. My production server that "works" that I have been comparing against is a xen instance of Solaris 10 virutal machine running on a Oracle Linux server. Maybe my issue is something related to global and non global zones. At this time I do not have the global zone configured with IPv6 at all. I am going to configure it and report back.

fpmurphy · June 27, 2014, 10:19am

Clarification - A /etc/hostname.<interface> file can contain an IP address instead of a hostname.

hicksd8 · June 28, 2014, 6:41am

I've re-read the thread from the beginning and I think we need to ensure that the concepts are understood here to ensure that we're not missing the point(s).

To save me explaining (yes, I'm lazy) I'll provide a link:

Configuring a virtual interface in Solaris

Please post back any progress or lack of progress.

jpolachak · July 2, 2014, 2:40pm

First an update. I have figured out that one of the additional interfaces was due to an additional subnet being configured on the cisco router. When that was removed I only got one additional virtual interface igb1:2 when I reconfigured the interface. However that shows up as NOLOCAL, and according to the ifconfig man page thats a on-link subnet.

What is that and what is it used for? I am assuming it is has something to do with the link local address but what and why? I dont see anywhere that states what the purpose of that NOLOCAL or on-link subnet serves. Below is my current ifconfig when restarting /network/physical.

ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000 
igb1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet x.y.10.41 netmask ffffff00 broadcast x.y.10.255
ether 0:21:28:c0:ad:2b 
igb1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
inet6 fe80::221:28ff:fec0:ad2b/10 
ether 0:21:28:c0:ad:2b 
igb1:1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
inet6 x:y:z:2302::41/64 
igb1:2: flags=20a0841<UP,RUNNING,MULTICAST,NOLOCAL,ADDRCONF,IPv6> mtu 1500 index 2
inet6 subnet x:y:z:2302::/64

My next discovery is that the servers are connected to different devices. The "working" production server is using a McAfee firewall as its default route and the "nonworking/extra interface" server is using a cisco router as its default route.

The cisco router is set to supress all autoconfiguration for ipv6 and I believe that my /etc/inet/ndpd.conf is setup correctly to stop ipv6 autoconfiguration. So with that being said why does the server act differently when connect to the McAfee firewall? I was told that nothing was done special on the firewall for a configuration.

jpolachak · July 8, 2014, 11:03am

It appears that in.ndpd by default creates an on-link prefix when it receives a Router Advertisement and it sees that StatelessAddrConf is set to false in ndpd.conf. The only way to prevent the on-link prefix from being created is to disable the network/ndp service.

So it is acting as intended.