--- dladm-old.txt Fri Jun 5 13:52:22 2009 +++ dladm-new.txt Tue Jun 9 10:11:22 2009 @@ -30,6 +30,19 @@ [aggr-link] + dladm create-bridge [-P protect] [-R root-dir] [-p priority] + [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol] + [-l link...] bridge-name + dladm modify-bridge [-P protect] [-R root-dir] [-p priority] + [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol] + bridge-name + dladm delete-bridge [-R root-dir] bridge-name + dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name + dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name + dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o ,...] + [bridge-name] + + dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link] dladm delete-vlan [-t] [-R root-dir] vlan-link dladm show-vlan [-P] [[-p] -o field[,...]] [vlan-link] @@ -173,6 +186,19 @@ cal hardware. + bridge + + A bridge instance, identified by an administratively-chosen + name. The name may use any alphanumeric characters (or the + underscore, _), but must start and end with an alphabetic + character. A bridge name can be at most 31 characters. The + name default is reserved, as are all names starting with + SUNW. + + Note that appending a zero (0) to a bridge name produces a + valid link name, used for observability. + + secobj A secure object, identified by an administratively- @@ -289,12 +315,19 @@ up, down, or unknown. + BRIDGE + + The name of the bridge to which this link is + assigned, if any. + + OVER The physical datalink(s) over which the datalink - is operating. This applies to aggr and vlan + is operating. This applies to aggr, bridge, and vlan classes of datalinks. A VLAN is created over a - single physical datalink, and an aggregation is + single physical datalink, a bridge has multiple + attached links, and an aggregation is comprised of one or more physical datalinks. When the -o option is used in conjunction with the @@ -1030,6 +1063,506 @@ + dladm create-bridge [-P protect] [-R root-dir] [-p priority] + [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol] + [-l link...] bridge-name + + Create an 802.1D bridge instance and optionally assign one or + more network links to the new bridge. By default, no bridge + instances are present on the system. + + In order to bridge between links, you must create at least + one bridge instance. Each bridge instance is separate, and + there is no forwarding connection between bridges. + + -P protect, --protect=protect + + Specifies a protection method. The defined protection + methods are stp for the Spanning Tree Protocol and trill + for TRILL, which is used on RBridges. The default value + is stp. + + -R root-dir, --root-dir=root-dir + + Specifies an alternate root directory. + + -p priority, --priority=priority + + Specifies the Bridge Priority. This sets the IEEE STP + priority value for determining the root bridge node in + the network. The default value is 32768. Valid values + are 0 (highest priority) to 61440 (lowest priority), in + increments of 4096. + + If a value not evenly divisible by 4096 is used, the + system silently rounds downward to the next lower value + that is divisible by 4096. + + -m max-age, --max-age=max-age + + Specifies the maximum age for configuration information + in seconds. This sets the STP Bridge Max Age parameter. + This value is used for all nodes in the network if this + node is the root bridge. Bridge link information older + than this time is discarded. It defaults to 20 seconds. + Valid values are from 6 to 40 seconds. See the -d + forward-delay parameter for additional constraints. + + -h hello-time, --hello-time=hello-time + + Specifies the STP Bridge Hello Time parameter. When this + node is the root node, it sends Configuration BPDUs at + this interval throughout the network. The default value + is 2 seconds. Valid values are from 1 to 10 seconds. + See the -d forward-delay parameter for additional + constraints. + + -d forward-delay, --forward-delay=forward-delay + + Specifies the STP Bridge Forward Delay parameter. When + this node is the root node, then all bridges in the + network use this timer to sequence the link states when a + port is enabled. The default value is 15 seconds. Valid + values are from 4 to 30 seconds. + + Bridges must obey the following two constraints: + + 2 * (forward-delay - 1.0) >= max-age + + max-age >= 2 * (hello-time + 1.0) + + Any parameter setting that would violate those + constraints is treated as an error and causes the command + to fail with a diagnostic message. The message provides + valid alternatives to the supplied values. + + -f force-protocol, --force-protocol=force-protocol + + Specifies the MSTP forced maximum supported protocol. + The default value is 3. Valid values are non-negative + integers. The current implementation does not support + RSTP or MSTP, so this currently has no effect. However, + to prevent MSTP from being used in the future, the + parameter may be set to 0 for STP only or 2 for STP and + RSTP. + + -l link, --link=link + + Specifies one or more links to add to the newly-created + bridge. This is similar to creating the bridge and then + adding one or more links, as with the add-bridge + subcommand. However, if any of the links cannot be + added, the entire command fails, and the new bridge + itself is not created. To add multiple links on the same + command line, repeat this option for each link. You are + permitted to create bridges without links. For more + information about link assignments, see the add-bridge + subcommand. + + Bridge creation and link assignment require the + PRIV_SYS_DL_CONFIG privilege. Bridge creation may fail if + the optional bridging feature is not installed on the system. + + + dladm modify-bridge [-P protect] [-R root-dir] [-p priority] + [-m max-age] [-h hello-time] [-d forward-delay] [-f force-protocol] + bridge-name + + Modify the operational parameters of an existing bridge. The + options are the same as for the create-bridge subcommand, + except that the -l option is not permitted. To add links to + an existing bridge, use the add-bridge subcommand. + + Bridge parameter modification requires the PRIV_SYS_DL_CONFIG + privilege. + + + + dladm delete-bridge [-R root-dir] bridge-name + + Delete a bridge instance. The bridge being deleted must not + have any attached links. Use the remove-bridge subcommand + to deactivate links before deleting a bridge. + + Bridge deletion requires the PRIV_SYS_DL_CONFIG privilege. + + The -R (--root-dir) option is the same as for the + create-bridge subcommand. + + + + dladm add-bridge [-R root-dir] -l link [-l link...] bridge-name + + Add one or more links to an existing bridge. If multiple + links are specified, and adding any one of them results in + an error, the command fails and no changes are made to the + system. + + Link addition to a bridge requires the PRIV_SYS_DL_CONFIG + privilege. + + A link may be a member of at most one bridge. An error + occurs when you attempt to add a link that already belongs + to another bridge. To move a link from one bridge instance + to another, remove it from the current bridge before adding + it to a new one. + + The links assigned to a bridge must not also be VLANs, + VNICs, or tunnels. Only physical Ethernet datalinks, + aggregation datalinks, wireless links, and Ethernet stubs + are permitted to be assigned to a bridge. + + Links assigned to a bridge must all have the same MTU. This + is checked when the link is assigned. The link is added to + the bridge in a deactivated form if it is not the first link + on the bridge and it has a differing MTU. + + Note that systems using bridging should not set the + eeprom(1M) local-mac-address? variable to false. + + The options are the same as for the create-bridge + subcommand. + + + + dladm remove-bridge [-R root-dir] -l link [-l link...] bridge-name + + Remove one or more links from a bridge instance. If + multiple links are specified, and removing any one of them + would result in an error, the command fails and none are + removed. + + Link removal from a bridge requires the PRIV_SYS_DL_CONFIG + privilege. + + The options are the same as for the create-bridge + subcommand. + + + + dladm show-bridge [-flt] [-s [-i interval]] [[-p] -o ,...] + [bridge-name] + + Show the running status and configuration of bridges, their + attached links, learned forwarding entries, and TRILL + nickname databases. When showing overall bridge status and + configuration, the bridge name can be omitted to show all + bridges. The other forms require a specified bridge. + + The show-bridge subcommand accepts the following options: + + -i interval, --interval=interval + + Used with the -s option to specify an interval, in + seconds, at which statistics should be displayed. If + this option is not specified, statistics will be + displayed only once. + + -s, --statistics + + Display statistics for the specified bridges or for a + given bridge's attached links. This option cannot be + used with the -f and -t options. + + -p, --parseable + + Display using a stable machine-parseable format. See + Parseable Output Format, below. + + -o field[,...], --output=field[,...] + + A case-insensitive, comma-separated list of output fields + to display. The field names are described below. The + special value all displays all fields. Each set of + fields has its own default set to display when -o is not + specified. + + By default, the show-bridge subcommand shows bridge + configuration. The following fields can be shown: + + BRIDGE + + The name of the bridge. + + ADDRESS + + The Bridge Unique Identifier value (MAC address). + + PRIORITY + + Configured priority value; set by -p with create-bridge + and modify-bridge. + + BMAXAGE + + Configured bridge maximum age; set by -m with + create-bridge and modify-bridge. + + BHELLOTIME + + Configured bridge hello time; set by -h with + create-bridge and modify-bridge. + + BFWDDELAY + + Configured forwarding delay; set by -d with + create-bridge and modify-bridge. + + FORCEPROTO + + Configured forced maximum protocol; set by -f with + create-bridge and modify-bridge. + + TCTIME + + Time, in seconds, since last topology change. + + TCCOUNT + + Count of the number of topology changes. + + TCHANGE + + This indicates that a topology change was detected. + + DESROOT + + Bridge Identifier of the root node. + + ROOTCOST + + Cost of the path to the root node. + + ROOTPORT + + Port number used to reach the root node. + + MAXAGE + + Maximum age value from the root node. + + HELLOTIME + + Hello time value from the root node. + + FWDDELAY + + Forward delay value from the root node. + + HOLDTIME + + Minimum BPDU interval. + + By default, when the -o option is not specified, only the + BRIDGE, ADDRESS, PRIORITY, and DESROOT fields are shown. + + When the -s option is specified, the show-bridge subcommand + shows bridge statistics. The following fields can be shown: + + BRIDGE + + Bridge name. + + DROPS + + Number of packets dropped due to resource problems. + + FORWARDS + + Number of packets forwarded from one link to another. + + MBCAST + + Number of multicast and broadcast packets handled by the + bridge. + + RECV + + Number of packets received on all attached links. + + SENT + + Number of packets sent on all attached links. + + UNKNOWN + + Number of packets handled that have an unknown + destination. Such packets are sent to all links. + + By default, when the -o option is not specified, only the + BRIDGE, DROPS, and FORWARDS fields are shown. + + The show-bridge subcommand also accepts the following + options: + + -l, --link + + Displays link-related status and statistics information + for all links attached to a single bridge instance. By + using this option and without the -s option, the + following fields can be displayed for each link: + + LINK + + The link name. + + INDEX + + Port (link) index number on the bridge. + + STATE + + State of the link. The state can be disabled, + discarding, learning, forwarding, non-stp, or + bad-mtu. + + UPTIME + + Number of seconds since the last reset or + initialization. + + OPERCOST + + Actual cost in use (1-65535). + + OPERP2P + + This indicates whether point-to-point (P2P) mode + been detected. + + OPEREDGE + + This indicates whether edge mode has been detected. + + DESROOT + + The Root Bridge Identifier that has been seen on + this port. + + DESCOST + + Path cost to the network root node through the + designated port. + + DESBRIDGE + + Bridge Identifier for this port. + + DESPORT + + The ID and priority of the port used to transmit + configuration messages for this port. + + TCACK + + This indicates whether Topology Change Acknowledge + has been seen. + + When the -l option is specified without the -o option, + only the LINK, STATE, UPTIME, and DESROOT fields are + shown. + + When the -l option is specified, the -s option can be + used to display the following fields for each link: + + LINK + + Link name. + + CFGBPDU + + Number of configuration BPDUs received. + + TCNBPDU + + Number of topology change BPDUs received. + + RSTPBPDU + + Number of Rapid Spanning Tree BPDUs received. + + TXBPDU + + Number of BPDUs transmitted. + + DROPS + + Number of packets dropped due to resource problems. + + RECV + + Number of packets received by the bridge. + + XMIT + + Number of packets sent by the bridge. + + When the -o option is not specified, only the LINK, + DROPS, RECV, and XMIT fields are shown. + + -f, --forwarding + + Displays forwarding entries for a single bridge + instance. With this option, the following fields can be + shown for each forwarding entry: + + DEST + + Destination MAC address. + + AGE + + Age of entry in seconds and milliseconds. Omitted + for local entries. + + FLAGS + + The L (local) flag is shown if the MAC address + belongs to an attached link or to a VNIC on one of + the attached links. + + OUTPUT + + For local entries, this is the name of the attached + link that has the MAC address. Otherwise, for + bridges that use Spanning Tree Protocol, this is the + output interface name. For RBridges, this is the + output TRILL nickname. + + When the -o option is not specified, the DEST, AGE, + FLAGS, and OUTPUT fields are shown. + + -t, --trill + + Displays TRILL nickname entries for a single bridge + instance. With this option, the following fields can be + shown for each TRILL nickname entry: + + NICK + + TRILL nickname for this RBridge, which is a number + from 1 to 65535. + + FLAGS + + The L flag is shown if the nickname identifies the + local system. + + LINK + + Link name for output when sending messages to this + RBridge. + + NEXTHOP + + MAC address of the next hop RBridge that is used to + reach the RBridge with this nickname. + + When the -o option is not specified, the NICK, FLAGS, + LINK and NEXTHOP fields are shown. + + + dladm create-vlan [-ft] [-R root-dir] -l ether-link -v vid [vlan-link] @@ -2416,6 +2949,28 @@ cessor or processor set. + learn_limit + + Limits the number of new or changed MAC sources to be learned + over a bridge link. When the number exceeds this value, + learning on that link is temporarily disabled. Only + non-VLAN, non-VNIC type links have this property. + + The default value is 1000. Valid values are greater or equal + to 0. + + + learn_decay + + Specifies the decay rate for source changes limited by + learn_limit. This number is subtracted from the counter for + a bridge link every 5 seconds. Only non-VLAN, non-VNIC type + links have this property. + + The default value is 200. Valid values are greater or equal + to 0. + + maxbw Sets the full duplex bandwidth for the link. The @@ -2432,10 +2987,86 @@ default is high. + stp + Enables or disables Spanning Tree Protocol on a bridge link. + Setting this value to 0 disables Spanning Tree, and puts the + link into forwarding mode with BPDU guarding enabled. This + mode is appropriate for point-to-point links connected only + to end nodes. Only non-VLAN, non-VNIC type links have this + property. The default value is 1, to enable STP. + forward + Enables or disables forwarding for a VLAN. Setting this + value to 0 disables bridge forwarding for a VLAN link. + Disabling bridge forwarding removes that VLAN from the + "allowed set" for the bridge. The default value is 1, to + enable bridge forwarding for configured VLANs. + + + default_tag + + Sets the default VLAN ID that is assumed for untagged packets + sent to and received from this link. Only non-VLAN, non-VNIC + type links have this property. Setting this value to 0 + disables the bridge forwarding of untagged packets to and + from the port. The default value is VLAN ID 1. Valid values + values are from 0 to 4094. + + + stp_priority + + Sets the STP and RSTP Port Priority value, which is used to + determine the preferred root port on a bridge. Lower + numerical values are higher priority. The default value is + 128. Valid values range from 0 to 255. + + + stp_cost + + Sets the STP and RSTP cost for using the link. The default + value is auto, which sets the cost based on link speed, using + 100 for 10Mbps, 19 for 100Mbps, 4 for 1Gbps, and 2 for + 10Gbps. Valid values range from 1 to 65535. + + + stp_edge + + Enables or disables bridge edge port detection. If set to 0 + (false), the system assumes that the port is connected to + other bridges even if no bridge PDUs of any type are seen. + The default value is 1, which detects edge ports + automatically. + + + stp_p2p + + Sets bridge point-to-point operation mode. Possible values + are true, false, and auto. When set to auto, point-to-point + connections are automatically discovered. When set to true, + the port mode is forced to use point-to-point. When set to + false, the port mode is forced to use normal multipoint mode. + The default value is auto. + + + stp_mcheck + + Triggers the system to run the RSTP "Force BPDU Migration + Check" procedure on this link. The procedure is triggered by + setting the property value to 1. The property is + automatically reset back to 0. This value cannot be set + unless the the following are true: + + - The link is bridged + - The bridge is protected by Spanning Tree + - The bridge force-protocol value is at least 2 (RSTP) + + The default value is 0. + + + SunOS 5.11 Last change: 16 Mar 2009 37 @@ -2989,6 +3620,36 @@ e1000g0 80 1031 546908 0 0 2.44 Kbps + + Example 18 Display Bridge Information + + # dladm show-bridge + BRIDGE PROTECT ADDRESS PRIORITY DESROOT + foo stp 32768/8:0:20:bf:f 32768 8192/0:d0:0:76:14:38 + bar stp 32768/8:0:20:e5:8 32768 8192/0:d0:0:76:14:38 + + # dladm show-bridge -l foo + LINK STATE UPTIME DESROOT + hme0 forwarding 117 8192/0:d0:0:76:14:38 + qfe1 forwarding 117 8192/0:d0:0:76:14:38 + + # dladm show-bridge -s foo + BRIDGE DROPS FORWARDS + foo 0 302 + + # dladm show-bridge -ls foo + LINK DROPS RECV XMIT + hme0 0 360832 31797 + qfe1 0 322311 356852 + + # dladm show-bridge -f foo + DEST AGE FLAGS OUTPUT + 8:0:20:bc:a7:dc 10.860 -- hme0 + 8:0:20:bf:f9:69 -- L hme0 + 8:0:20:c0:20:26 17.420 -- hme0 + 8:0:20:e5:86:11 -- L qfe1 + + ATTRIBUTES See attributes(5) for descriptions of the following attri-