ipadm

Solaris 11 introduces a new command for administering IP interfaces - ipadm. ipadm is an upgrade over the venerable ifconfig and unlike ifconfig, changes made with ipadm persist across reboots. There's no longer a need to fuddle with configuration files.

ifconfig hasn't gone away, but I've been trying to wean myself off of it in favor of the new ipadm command.

An initial look at the usage command for ipadm shows a much cleaner interface that introduces a subcommand:

bleonard@solaris:~$ ipadm
usage:  ipadm <subcommand> <args> ...
	create-if	[-t] <interface>
	disable-if	-t <interface>
	enable-if	-t <interface>
	delete-if	<interface>
	show-if		[[-p] -o <field>,...] [<interface>]

	set-ifprop	[-t] -p <prop>=<value[,...]> -m <protocol> <interface>
	reset-ifprop	[-t] -p <prop> -m <protocol> <interface>
	show-ifprop	[[-c] -o <field>,...] [-p <prop>,...]
			[-m <protocol>] [interface]

	create-addr	[-t] {-T static <static_args> | -T dhcp <dhcp_args> |
			-T addrconf <addrconf_args>} <addrobj>
			static_args = <[-d] -a {local|remote}=addr[/prefixlen]>
			dhcp_args = <[-w <seconds> | forever]>
			addrconf_args = <[-i interface-id]
					[-p {stateful|stateless}={yes|no}]>
	down-addr	[-t] <addrobj>
	up-addr		[-t] <addrobj>
	disable-addr	-t <addrobj>
	enable-addr	-t <addrobj>
	refresh-addr	[-i] <addrobj>
	delete-addr	[-r] <addrobj>
	show-addr	[[-p] -o <field>,...] [<addrobj>]

	set-addrprop	[-t] -p <prop>=<value[,...]> <addrobj>
	reset-addrprop	[-t] -p <prop> <addrobj>
	show-addrprop	[[-c] -o <field>,...] [-p <prop>,...] <addrobj>

	set-prop	[-t] -p <prop>[+|-]=<value[,...]> <protocol>
	reset-prop	[-t] -p <prop> <protocol>
	show-prop	[[-c] -o <field>,...] [-p <prop>,...] [protocol]

Compare this with the overly complex ifconfig command:

bleonard@solaris:~$ ifconfig
usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]
	[ <addr_family> ]
	[ <address>[/<prefix_length>] [ <dest_address> ] ]
	[ set [ <address>][/<prefix_length>] ] [ <address>/<prefix_length>] ]
	[ destination <dest_address> ]
	[ addif <address>[/<prefix_length>]  [ <dest_address> ] ]
	[ removeif <address>[/<prefix_length>] ]
	[ arp | -arp ]
	[ auto-revarp ]
	[ broadcast <broad_addr> ]
	[ index <if_index> ]
	[ metric <n> ] [ mtu <n> ]
	[ netmask <mask> ]
	[ plumb ] [ unplumb ]
	[ preferred | -preferred ]
	[ private | -private ]
	[ local | -local ]
	[ router | -router ]
	[ subnet <subnet_address>]
	[ trailers | -trailers ]
	[ token <address>/<prefix_length> ]
	[ tsrc <tunnel_src_address> ]
	[ tdst <tunnel_dest_address> ]
	[ auth_algs <tunnel_AH_authentication_algorithm> ]
	[ encr_algs <tunnel_ESP_encryption_algorithm> ]
	[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]
	[ up ] [ down ]
	[ xmit | -xmit ]
	[ modlist ]
	[ modinsert <module_name@position> ]
	[ modremove <module_name@position> ]
	[ ipmp ]
	[ group <groupname>] | [ group ""]
	[ deprecated | -deprecated ]
	[ standby | -standby ]
	[ failover | -failover ]
	[ zone <zonename> | -zone ]
	[ usesrc <interface> ]
	[ all-zones ]
or
	ifconfig <interface> |  -a[ 4 | 6 | D ] [ u | d ]
	auto-dhcp | dhcp
	[ wait <time> | forever ]
	[ primary ]
	start | drop | ping | release | status | inform

However, one thing that initially tripped me up in my usage of ipadm was the introduction of the addrobj.  An addrobj is just a user supplied name for an address configured on a network interface that can later be used to reference that address. It's comprised of 2 parts, the network interface on which the address is configured and a string of your liking, separated by a slash. Generally the string you select would describe the address (v4dhcp, v6static, etc.):

addrobj = <network interface>/<any string>

So, for example:

addrobj = e1000g0/v4static

This addrobj is then used to reference the address. The ipadm subcommands that work with an an addrobj all have "addr" in their name. Likewise, the ipadm subcommands that work with an interface all have "if" in their name.

Typically, the two most common things I do with ifconfig are to configure addresses on my interfaces and list those addresses. Here are the ifconfig commands I use and their ipadm equivalents.

Note, if you plan on using ipadm to configure your network interfaces, disable network/nwam and enable network/physical:default:

bleonard@solaris:~$ svcs nwam physical:default
STATE          STIME    FMRI
disabled       11:32:38 svc:/network/physical:nwam
online         11:32:55 svc:/network/physical:default

Configuring An Interface

Old School

Bringing up an interface using ifconfig is pretty straight-forward. The big drawback is that the interface configuration will not persist across a reboot:

bleonard@solaris:~$ sudo ifconfig e1000g0 plumb 10.0.2.15/24 up

New School

The new ipadm command is a little more esoteric, however, its settings do persist across a reboot:

bleonard@solaris:~$ sudo ipadm create-addr -T static -a 10.0.2.15/24 e1000g0/v4static

This is the command that has taken me the longest to get used to because there appears to be so much going on here. The ifconfig command doesn't have the option flags (-T and -a in my example) - which makes the usage cleaner. For example, ifconfig infers I want a static address because I've passed it an IP address. The ipadm command is also longer than ifconfig because we're now assigning our address a name (e1000g1/v4static).

List My Interfaces

Old School

To see what IP addresses I have configured on my network interfaces I traditionally used:

bleonard@solaris:~$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
	inet 127.0.0.1 netmask ff000000 
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
	inet 10.0.2.15 netmask ffffff00 broadcast 10.0.2.255
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
	inet6 ::1/128 
e1000g0: flags=20002000840<RUNNING,MULTICAST,IPv6> mtu 1500 index 4
	inet6 ::/0 

The output is a bit messy, but I'm very accustomed to it.

New School

With ipadm:

bleonard@solaris:~$ ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
e1000g0/v4static  static   ok           10.0.2.15/24
lo0/v6            static   ok           ::1/128

Note, if you see an addrobj that is listed as <interface>/?, that address was configured on the interface by an application that did not use libipadm APIs.

Here's a nice table comparing the ifconfig Command Options and ipadm Command Options.

Because I know you're curious, ipadm uses /etc/ipadm/ipadm.conf as its persistence store:

bleonard@solaris:~$ cat /etc/ipadm/ipadm.conf 
#
# CDDL License...
#
# DO NOT EDIT OR PARSE THIS FILE!
#
# Use the ipadm(1m) command to change the contents of this file.
_ifname=e1000g0;_family=2;
_ifname=e1000g0;_family=26;
_ifname=e1000g0;_aobjname=e1000g0/v4static;_ipv4addr=10.0.2.15,;up=yes;
_ifname=e1000g0;_aobjname=e1000g0/v4static;prefixlen=24;

So, that's my brief introduction to ipadm. Here are some other references that you may find useful:


Comments:

Is it possible to configure ipmp with ipadm?

Posted by Eli Kleinman on May 25, 2011 at 12:54 PM GMT #

You should add a note, that if one switches from nwam to network:physical, the ipfilter policy switches to none and thus will not pick up automatically /etc/ipf/ipf.conf as one normally would expect ...

Posted by jelmd on May 27, 2011 at 05:26 PM GMT #

The ifconfig command doesn't require 2 steps to plumb and configure an interface. Try "ifconfig bge2 plumb 192.168.99.99 up". I still prefer ifconfig for it's simplicity and succinctness, but ipadm does have much prettier output. It's a little like comparing vi and MS word.

Posted by guest on May 30, 2011 at 04:44 PM GMT #

guest, thanks for the tip on ifconfig. I've updated the entry.

Posted by W Brian Leonard on May 31, 2011 at 07:04 AM GMT #

What can I say, but this is another step backwards for managing systems automatically

Please imagine you have 5000 servers you need to manage configuration for. Comments like "DO NOT EDIT OR PARSE THIS FILE" in /etc/ipadm/ipadm.conf mean I have to run ipadm command on those hosts rather than editing text files.

Tools like puppet, chef or cfengine all me precise control over configuration files and ensure I have the configuration I define on my machines. I want/need to "fuddle" with configuration files

Now I will have to try and jump through the same hoops as with logadm. http://projects.puppetlabs.com/projects/1/wiki/Logadm_Patterns

Why can't you keep things simple?

Posted by John Warburton on June 28, 2011 at 06:31 PM GMT #

@John Warburton

I tend to agree. I would recommend not just puppet but mcollective on top. This will allow you to 'run' commands on many/all nodes based on their facts.

Posted by Nathan on December 27, 2011 at 04:51 PM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

The Observatory is a blog for users of Oracle Solaris. Tune in here for tips, tricks and more as we explore the Solaris operating system from Oracle.

Connect with Oracle Solaris:


Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today