--- dladm.1m.orig 2009-07-09 12:00:20.418419400 -0400 +++ dladm.1m.new 2009-07-15 23:03:07.994898000 -0400 @@ -77,20 +77,28 @@ dladm delete-vnic [-t] [-R root-dir] vnic-link dladm show-vnic [-pP] [-s [-i interval]] [-o field[,...]] [-l link] [vnic-link] dladm create-etherstub [-t] [-R root-dir] etherstub dladm delete-etherstub [-t] [-R root-dir] etherstub dladm show-etherstub [etherstub] + dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst] + iptun-link + dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] + iptun-link + dladm delete-iptun [-t] [-R root-dir] iptun-link + dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link] + + dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e time] [link] DESCRIPTION The dladm command is used to administer data-links. A data- link is represented in the system as a STREAMS DLPI (v2) interface which can be plumbed under protocol stacks such as TCP/IP. Each data-link relies on either a single network device or an aggregation of devices to send packets to or @@ -148,20 +156,24 @@ wifi-link A WiFi datalink. vnic-link A virtual network interface. + iptun-link + + An IP tunnel link. + dev A network device, identified by concatenation of a driver name and an instance number. etherstub An Ethernet stub can be used instead of a physical NIC to create VNICs. VNICs created on an etherstub will @@ -2122,20 +2134,173 @@ Specifies an alternate root directory where dladm should apply persistent deletions. dladm show-etherstub [etherstub] Show all configured etherstubs by default, or the speci- fied etherstub if etherstub is specified. + dladm create-iptun [-t] [-R root-dir] -T type [-s tsrc] [-d tdst] + iptun-link + + Create an IP tunnel link named iptun-link. Such links can + additionally be protected with IPsec using ipsecconf(1M). + + An IP tunnel is conceptually comprised of two parts: a + virtual link between two or more IP nodes, and an IP + interface above this link which allows the system to transmit + and receive IP packets encapsulated by the underlying link. + This subcommand creates a virtual link. The ifconfig(1M) + command is used to configure IP interfaces above the link. + + -t, --temporary + Specifies that the IP tunnel link is temporary. + Temporary tunnels last until the next reboot. + + -R root-dir, --root-dir=root-dir + Specifies an alternate root directory where dladm + should apply persistent creation. + + -T type,--tunnel-type=type + Specifies the type of tunnel to be created. The type + must be one of the following: + + ipv4 + A point-to-point IP-over-IP tunnel between two IPv4 + nodes. This type of tunnel requires IPv4 source and + destination addresses to function. IPv4 and IPv6 + interfaces may be plumbed above such a tunnel to + create IPv4-over-IPv4 and IPv6-over-IPv4 tunneling + configurations. + + ipv6 + A point-to-point IP-over-IP tunnel between two IPv6 + nodes as defined in IETF RFC 2473. This type of + tunnel requires IPv6 source and destination addresses + to function. IPv4 and IPv6 interfaces may be plumbed + above such a tunnel to create IPv4-over-IPv6 and + IPv6-over-IPv6 tunneling configurations. + + 6to4 + A 6to4 point-to-multipoint tunnel as defined in IETF + RFC 3056. This type of tunnel requires an IPv4 + source address to function. An IPv6 interface is + plumbed on such a tunnel link to configure a 6to4 + router. + + -s tsrc, --tunnel-src=tsrc + + Literal IP address or hostname corresponding to the + tunnel source. If a hostname is specified, it will be + resolved to IP addresses, and one of those IP addresses + will be used as the tunnel source. Because IP tunnels + are created before naming services have been brought + online during the boot process, it's important that any + hostname used be included in /etc/hosts. + + -d tdst, --tunnel-dst=tdst + + Literal IP address or hostname corresponding to the + tunnel destination. + + + dladm modify-iptun [-t] [-R root-dir] [-s tsrc] [-d tdst] iptun-link + + Modify the parameters of the specified IP tunnel. + + -t, --temporary + + Specifies that the modification is temporary. Tem- + porary modifications last until the next reboot. + + -R root-dir, --root-dir=root-dir + Specifies an alternate root directory where dladm + should apply persistent modifications. + + -s tsrc, --tunnel-src=tsrc + Specifies a new tunnel source address. See create-iptun + for a description. + + -d tdst, --tunnel-dst=tdst + Specifies a new tunnel destination address. See + create-iptun for a description. + + + dladm delete-iptun [-t] [-R root-dir] iptun-link + + Delete the specified IP tunnel link. + + -t, --temporary + Specifies that the deletion is temporary. Temporary + deletions last until the next reboot. + + -R root-dir, --root-dir=root-dir + Specifies an alternate root directory where dladm + should apply persistent deletion. + + + dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link] + + Show IP tunnel link configuration for a single IP tunnel or + all IP tunnels. + + -P,--persistent + Display the persistent IP tunnel configuration. + + -p,--parseable + Display using a stable machine-parseable format. The + -o option is required with -p. See "Parseable Output + Format", below. + + -o field[,...] , --output=field[,...] + + A case-insensitive, comma-separated list of output + fields to display. The field name must be one of + the fields listed below, or the special value all to + display all fields. By default (without -o), show- + iptun displays all fields. + + LINK + The name of the IP tunnel link. + + TYPE + Type type of tunnel as specified by the -T option of + create-iptun. + + FLAGS + A set of flags associated with the IP tunnel link. + Possible flags are: + + s + The IP tunnel link is protected by IPsec policy. + To display the IPsec policy associated with the + tunnel link, type "ipsecconf -ln -i tunnel-link". + See ipsecconf(1M) for more details on how to + configure IPsec policy. + + i + The IP tunnel link was implicitly created with + ifconfig(1M), and will be automatically deleted + when it is no longer referenced (i.e., when the + last IP interface over the tunnel is unplumbed). + See ifconfig(1M) for details on implicit tunnel + creation. + + SOURCE + The tunnel source address. + + DESTINATION + The tunnel destination address. + + dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e time] [link] Show the historical network usage from a stored extended accounting file. Configuration and enabling of network accounting through acctadm(1M) is required. The default output will be the summary of network usage for the entire period of time in which extended accounting was enabled. @@ -2472,20 +2637,35 @@ vlanonly Insert a VLAN tag only when the outgoing packet belongs to a VLAN. If a tag is being inserted in this mode and the user has also requested a non-zero priority, the priority is honored and included in the VLAN tag. The default value is vlanonly. + IP Tunnel Link Properties + The following IP tunnel link properties are supported. + + hoplimit + Specifies the IPv4 TTL or IPv6 hop limit for the + encapsulating outer IP header of a tunnel link. This + property exists for all tunnel types. The default value is + 64. + + encaplimit + Specifies the IPv6 encapsulation limit for an IPv6 tunnel as + defined in RFC 2473. This value is the tunnel nesting limit + for a given tunneled packet. The default value is 4. A + value of 0 disables the encapsulation limit. + EXAMPLES Example 1 Configuring an Aggregation To configure a data-link over an aggregation of devices bge0 and bge1 with key 1, enter the following command: # dladm create-aggr -d bge0 -d bge1 1 @@ -2818,20 +2998,64 @@ The saved historical data can be retrieved in summary form using the show-usage subcommand: # dladm show-usage -f /var/log/net.log LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH e1000g0 80 1031 546908 0 0 2.44 Kbps + Example 18 Creating an IPv4 Tunnel + + A persistent IPv4 tunnel link named mytunnel0 between 66.1.2.3 + and 192.4.5.6 is created: + + # dladm create-iptun -T ipv4 -s 66.1.2.3 -d 192.4.5.6 mytunnel0 + # dladm show-iptun mytunnel0 + LINK TYPE FLAGS SOURCE DESTINATION + mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6 + + A point-to-point IP interface can then be created over this + tunnel link: + + # ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up + + As with any other IP interface, configuration persistence for + this IP interface is achieved by placing the desired ifconfig + commands (in this case "10.1.0.1 10.1.0.2") into + /etc/hostname.mytunnel0. + + + Example 19 Creating a 6to4 Tunnel + + A persistent 6to4 tunnel link is created. The IPv4 address of + the 6to4 router is 75.10.11.12. + + # dladm create-iptun -T 6to4 -s 75.10.11.12 sitetunnel0 + # dladm show-iptun sitetunnel0 + LINK TYPE FLAGS SOURCE DESTINATION + sitetunnel0 6to4 -- 75.10.11.12 -- + + An IPv6 interface is plumbed on this tunnel: + + # ifconfig sitetunnel0 inet6 plumb up + # ifconfig sitetunnel0 inet6 + sitetunnel0: flags=2200041 mtu 65515 index 3 + inet tunnel src 75.10.11.12 + tunnel hop limit 64 + inet6 2002:4b0a:b0c::1/16 + + Note that the system automatically configures the IPv6 address on + the 6to4 IP interface. See ifconfig(1M) for a description of how + IPv6 addresses are configured on 6to4 tunnel links. + ATTRIBUTES See attributes(5) for descriptions of the following attri- butes: SunOS 5.11 Last change: 13 May 2009 43 @@ -2858,21 +3082,21 @@ tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRI- BUTE TYPEATTRIBUTE VALUE _ AvailabilitySUNWcsr _ Interface StabilityCommitted SEE ALSO acctadm(1M), autopush(1M), ifconfig(1M), ndd(1M), psrset(1M), wpad(1M), zonecfg(1M), attributes(5), - ieee802.3(5), dlpi(7P) + ieee802.3(5), dlpi(7P), ipsecconf(1M) NOTES The preferred method of referring to an aggregation in the aggregation subcommands is by its link name. Referring to an aggregation by its integer key is supported for backward compatibility, but is not necessary. When creating an aggre- gation, if a key is specified instead of a link name, the aggregation's link name will be automatically generated by dladm as aggrkey.