NAME ipadm - configure Internet Protocol network interfaces and TCP/IP tunables SYNOPSIS ipadm create-if [-t] interface ipadm delete-if interface ipadm show-if [[-p] -o field[,...]] [interface] ipadm disable-if -t interface ipadm enable-if -t interface ipadm set-ifprop [-t] -m protocol -p prop= interface ipadm reset-ifprop [-t] -m protocol -p prop interface ipadm show-ifprop [[-c]-o field[,...]] [-p prop,...] [-m protocol] [interface] ipadm create-addr [-t] -T static [-d] -a {local|remote}=addr[/prefixlen],... addrobj ipadm create-addr [-t] -T dhcp [-w | forever ] addrobj ipadm create-addr [-t] -T addrconf [-i interface-id] [-p {stateful|stateless}={yes|no},..] addrobj ipadm delete-addr [-r] addrobj ipadm show-addr [[-p] -o field[,...]] [addrobj] ipadm up-addr [-t] addrobj ipadm down-addr [-t] addrobj ipadm refresh-addr [-i] addrobj ipadm disable-addr -t addrobj ipadm enable-addr -t addrobj ipadm set-addrprop [-t] -p prop= addrobj ipadm reset-addrprop [-t] -p prop= addrobj ipadm show-addrprop [[-c] -o field[,...]] [-p prop,...] [addrobj] ipadm set-prop [-t] -p prop= protocol ipadm reset-prop [-t] -p prop protocol ipadm show-prop [[-c] -o field[,...]] [-p prop[,...]] [protocol] DESCRIPTION The ipadm command provides a set of subcommands that can be used to manage interfaces(interface creation and deletion, modifying interface properties and displaying interface configuration), manage addresses( address creation and deletion, modifying address properties and displaying address configuration) and manage TCP/IP protocol properties (modifying and displaying them). Each ipadm subcommand operates on one of the following objects: addrobj An address configured on a network interface is identified by an addrobj. An addrobj consists of two parts. The first part is the name of the network interface on which the address is configured and the second part is a user-specified string that can use any of the alphanumeric characters and can be at-most 32 characters in length and must begin with an alphabet. The two parts of the addrobj are delimited by '/'. An address object always represents a unique set of address(es) in a system. interface Name of the underlying IP interface on which network address is configured. protocol Name of the TCP/IP Internet protocol family on which the property need to be configured. Following protocols are supported: ip, ipv4, ipv6, icmp, tcp, sctp and udp. SUBCOMMANDS The following subcommands are supported: ipadm create-if [-t] interface Create an IP interface that handles both IPv4 and IPv6 packets. The address of the IPv4 interface will be set to 0.0.0.0 and the address of the IPv6 interface will be set to ::. This subcommand, by default, persists the information so that on the next reboot this interface will be instantiated. An interface is enabled for IPv4 and IPv6, implicitly, when it is created. See disable-if/enable-if subcommands below, to enable/disable an interface. Note that 'lo0' is a special interface called loopback interface. It is a virtual IP interface and is not associated with any physical hardware. It is one of the first IP interface to be created on the system with IPv4 address of 127.0.0.1 and IPv6 address of ::/128. -t, --temporary Specifies that the operation is temporary and must not be persisted. The operation would affect only the active configuration. ipadm delete-if interface Deletes the interface from active configuration. All addresses configured on the interface will be torn down. Further all the persistent information related to the interface will be removed from the persistent data-store and hence this interface will not be instantiated on reboot. To disable an interface from active configuration alone, one need to use disable-if subcommand. ipadm show-if [[-p] -o field[,...]] [interface] Show network interface configuration information, either for all the network interfaces configured on the system, including the ones that are only in the persistent configuration, or for the specified network interface. -o field[,...], --output field[,...] A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value 'all' to display all fields. For each network interface, the following fields can be displayed: IFNAME The name of the IP interface STATE Indicates one of the following for the displayed interface ok - Indicates that the required resources for an interface are allocated. For some interfaces this also indicates that the link is up. offline - The interface is offline and thus cannot send or receive IP data traffic. See if_mpadm(1M). failed - Indicates that the datalink is down. If the interface is part of an IPMP group it could also mean that the interface has failed (i.e., IFF_FAILED is set). FAILED interfaces will not be used to send or receive IP data traffic. If this is set on a physical IP interface in an IPMP group, IP data traffic will continue to flow over other usable IP interfaces in the IPMP group. If this is set on an IPMP IP interface, the entire group has failed and no data traffic can be sent or received over any interfaces in that group. See in.mpathd(1M). down - Indicates that the interface is administratively down, preventing any IP packets from being sent or received through it. disabled - Indicates that the interface has been disabled from the active configuration using 'disable-if' subcommand. CURRENT For interface objects, in active configuration, it indicates any of the following flags. b interface supports broadcast m interface supports multicast p interface is a point-to-point link v interface is a virtual interface (for e.g., vni(7d), loopback), i.e. the physical interface has no underlying hardware. I IPMP meta interface s IPMP interface is marked standby administratively. See in.mpathd(1M). i IPMP interface is inactive. See in.mpathd(1M). V interface is a VRRP interface a VRRP interface is in accept mode (~IFF_NOACCEPT) 4 interface can handle IPv4 packets 6 interface can handle IPv6 packets Note: b and p are mutually exclusive. PERSISTENT Specifies the configuration that will be applied when the interface object is instantiated on reboot or re-enabled using 'enable-if' subcommand. It can be any or all of s, 4 & 6 (see above). -p, --parsable Display using a stable machine-parsable format. The -o option is required with this option. See "Parsable Output Format", below. ipadm disable-if -t interface Disables the given interface by removing it from the active configuration. All the addresses configured on the interface will be disabled. If the interface object was created persistently to begin with, then the persistent configuration is unchanged. To re-enable this interface, one should use enable-if. -t, --temporary Specifies that the disable is temporary and changes apply only to the active configuration. ipadm enable-if -t interface Enables the given interface by reading the configuration from the persistent store. All the persistent interface properties, if any, are applied and all the persistent addresses, if any, on the given interface will be enabled. -t, --temporary Specifies that the enable is temporary and changes apply only to the active configuration. ipadm set-ifprop [-t] -m protocol -p prop= interface Modifies an interface property to the value specified by the user. If the property takes multiple values then the values should be specified with comma as the delimiter. Only one property can be specified at a time. The properties supported on an interface and the property's possible values can be retrieved using show-ifprop subcommand. Only one property can be modified at a time. A persistent operation may not be performed on temporary object, i.e., if the interface is temporarily created, then one cannot apply the interface property persistently. -t, --temporary Specifies that the changes are temporary and changes apply only to the active configuration. -m protocol, --module protocol Identifies whether property should be applied for ipv4 or ipv6 packets. -p prop=, --prop prop= A property to set to the specified values. ipadm reset-ifprop [-t] -m protocol -p prop interface Resets a property of the specified interface to its default value. If -t is not used any persisted value of the property will be deleted. Only one property can be modified at a time. -t, --temporary Specifies that the resets are temporary and changes apply only to the active configuration. -m protocol, --module protocol Identifies whether property being reset affects either ip4 or ip6 packets. -p prop, --prop prop A property to be reset. ipadm show-ifprop [[-c] -o field[,...]] [-p prop,...] [-m protocol] [interface] Show the current and persistent values of one or more properties, either for all the created interfaces or for the specified interface. Several properties of interest can be retrieved at a time by providing comma separated property names to -p option. If the -p option is not specified, all available interface properties are displayed. -o field[,...], --output field[,...] A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value 'all' to display all fields. For each interface, the following fields can be displayed: IFNAME The name of the interface PROPERTY The name of the property PROTO The name of the protocol the property belongs to. The protocols currently supported are ipv4 or ipv6. PERM The read/write permissions of the property. The value shown will be r (read only), w (write only) or rw (read and write) CURRENT The current value of the property. For the disabled interfaces, since value is not set, it will be shown as --. PERSISTENT The persistent value of the property. Persistent values are the values that will be reapplied on reboot. DEFAULT The default value of the property. If the property has no default value, -- is shown. POSSIBLE A comma-separated list of the values the property can have. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown, ? will be shown or if they are unbounded, -- will be shown. -c, --parsable Display using a stable machine-parsable format. The -o option is required with this option. See "Parsable Output Format", below. -p prop,..., --prop=prop,... A comma-separated list of properties to show. See the sections on interface properties following subcommand descriptions. -m protocol, --module protocol Displays properties matching the given protocol. Valid values are ipv4 or ipv6. For the supported list of interface properties, see "Interface properties" below. ipadm create-addr [-t] -T static [-d] -a {local|remote}=addr[/prefixlen],... addrobj Creates a static IPv4 or IPv6 address on the interface specified in addrobj. If the interface on which the address is created is not plumbed, this subcommand will implicitly plumb the interface. The created static address will be identified by addrobj. By default, the configured address will be, marked "up", so that it can be used as a source/destination of outbound/inbound packets. All the address objects are enabled when they are created. See disable-addr/enable-addr subcommands to disable/enable an address objects. A persistent operation may not be performed on temporary object, i.e., if the interface is temporarily created, then one cannot create the address object persistently. -t, --temporary Specifies that the configured address is temporary and changes apply only to the active configuration. -d, --down Specifies that the configured address should be marked "down", that is, the address will not be used as a source/destination of IP packets. -a {local|remote}=addr[/prefixlen],... --address {local|remote}=addr[/prefixlen],... addr indicates literal IP address or hostname corresponding to the local or remote end-point (for point-to-point interfaces). If a hostname is specified it's numeric value is uniquely obtained using the entry in /etc/hosts. If no numeric IP address is defined in the file, then the numeric value is uniquely obtained using the resolver order specifed for hosts or ipnodes in nsswitch.conf. If there are multiple entries for a given hostname, an error will be generated. Because IP addresses are created before naming services have been brought online during the boot process, it is important that any hostname used be included in /etc/hosts. If the prefixlen is not explicitly specified in the command-line, the netmasks for the address is obtained by following the search in the order listed below. (i) using the order specified for 'netmasks' in nsswitch.conf(4) (ii) interpreting IPv4 address using Classful subnetting semantics defined in RFC 791, and interpreting IPv6 addresses using the definitions in RFC 4291. For point-to-point interfaces, along with the address of the local end-point the address of the remote end-point must be specified (e.g. -a local=,remote=). If prefixlen for the remote end-point is specified, an error will be returned. Note: If the interface requires only a local address, specify it directly with the -a option as follows: '-a [/prefixlen]'. The address will automatically be considered a local address. ipadm create-addr [-t] -T dhcp [-w | forever] addrobj Creates a DHCP-controlled IPv4 address on an interface specified in addrobj. The created IPv4 address will be identified by addrobj. All the address objects are enabled when they are created. See disable-addr/enable-addr subcommands to disable/enable an address objects. A persistent operation may not be performed on temporary object, i.e., if the interface is temporarily created, then one cannot create the address object persistently. -t, --temporary Specifies that the configured address is temporary and changes apply only to the active configuration. -w | forever, --wait | forever Specifies the amount of time, in seconds, to wait until the operation completes. If no wait interval is given, and the operation is one that cannot complete immediately, ipadm will, by default, wait 120 seconds for the requested operation to complete. Note that the default wait time is subject to change in future releases. The symbolic value forever may be used as well, with obvious meaning. ipadm create-addr [-t] -T addrconf [-i interface-id] [-p {stateful|stateless}={yes|no},..] addrobj Creates an auto-configured IPv6 addresses on an interface specified in addrobj. The created IPv6 addresses will be identified by addrobj. The system uses default Interface ID (for media-type Ethernet, Interface ID is the MAC address of the interface) to generate auto-configured addresses. This behavior can be overridden using -i option. By default, - IPv6 addresses will be auto-configured based on prefixes advertised by routers as described in RFC 4862 and - IPv6 addresses will be auto-configured using the IPv6 address offered by DHCPv6 server as described in RFC 3315 on the specified interface, (i.e., -p stateful=yes,stateless=yes is the default option) All the address objects are enabled when they are created. See disable-addr/enable-addr subcommands to disable/enable an address objects. A persistent operation may not be performed on temporary object, i.e., if the interface is temporarily created, then one cannot create the address object persistently. -t, --temporary Specifies that the configured address is temporary and changes apply only to the active configuration. -i interface-id, --interface-id Specifies the Interface ID to be used for generating auto-configured addresses. -p {stateful|stateless}={yes|no},.. --prop {stateful|stateless}={yes|no},.. Specifies if stateful or stateless or both methods of auto-configuration should be enabled or not. if -p stateful=no is specified, then stateful auto-configuration based on DHCPv6 specified IPv6 addresses will not be performed. if -p stateless=no is specified, then stateless auto-configuration based on the router advertised prefixes will not be performed. if -p stateful=no,stateless=no is specified, then both the methods of auto-configuration will not be performed. Following option, -p stateful=yes,stateless=yes, is used by default. ipadm delete-addr [-r] addrobj Deletes all the addresses identified by addrobj on the interface specified in the addrobj. It also removes these addresses from the persistent data-store and hence these addresses will not be instantiated on reboot. If the addrobj is a DHCP-controlled address then removes the address from the system without notifying the DHCP server, and records the current lease for later use. -r, --release If the addrobj is a DHCP-controlled address then specifies to relinquish the DHCP-controlled IP addresses on the interface by notifying the server and to discard the current lease. ipadm show-addr [[-p] -o field[,...]] [addrobj|interface/] Show address information, either for the given addrobj or all the address objects configured on the given interface, including the address objects that are only in the persistent configuration. -p, --parsable Display using a stable machine-parsable format. The -o option is required with this option. See "Parsable Output Format", below. -o field[,...], --output field[,...] A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value 'all' to display all fields. For each address object, the following fields can be displayed: ADDROBJ The name of the address object. TYPE Type of the address object and will be one of the following static, dhcp or addrconf. It corresponds to the type of the address object as specified by the -T option of create-addr. STATE State of the address object. This indicates one of the following values. disabled - Indicates that the address has been disabled from the active configuration using 'disable-addr' subcommand. duplicate - Indicates that the address is a duplicate. down - Indicates that the address is marked down. tentative - Indicates the Duplicate Address Detection is in progress. ok - Indicates that the address is up. inaccessible - Indicates that the address is not accessible because the interface on which this address is created has failed (IFF_RUNNING is cleared) CURRENT For address objects in active configuration, it indicates any of the following flags. This field is not shown by default and will be shown only when 'all' or 'current' is specified with -o. U (up) - Address is marked up for use as a source/destination of outbound/inbound packets. u (unnumbered) - Address matches the local address of some other link in the system p (private) - Address not advertised by the routing daemon t (temporary) - temporary IPv6 address as defined in RFC 3041 d (deprecated) - will not be used as source address for outbound packets unless either there are no other addresses available on the interface or the application has bound to this address explicitly. PERSISTENT Specifies the configuration that will be applied when the address object is instantiated on reboot or re-enabled using ipadm enable-addr subcommand. It can be any or all of U, p & d (see above). This field is not shown by default and will be shown only when 'all' or 'persistent' is specified with -o. ADDR Numeric IPv4 or IPv6 address. In the case of point-to- point interfaces, the addresses of both the endpoints, are printed (laddr-->raddr). Note: Some of the address objects, that were created outside ipadm(1M), for example, using ifconfig(1M), have names starting with '_' and they are generated by the library automatically and can be use for various address operations using ipadm(1M). ipadm down-addr [-t] addrobj The address identified by the address object is marked down, so that it cannot be used as a source/destination of outbound/inbound packets. This command has no effect if the addrobj was already marked down prior to the down-addr invocation. If the addrobj is of type "addrconf", the command errors out. -t, --temporary Specifies that the configured address is temporary and changes apply only to the active configuration. This option is mandatory if the address object type is "dhcp". ipadm up-addr [-t] addrobj The address identified by the address object is marked up, so that it can be used as a source/destination of outbound/inbound packets. This subcommand has no effect if the addrobj has been marked down by the system because it is a duplicate address, or if the address was marked up prior to the up-addr invocation. If the addrobj is of type "addrconf", the command errors out. -t, --temporary Specifies that the configured address is temporary and changes apply only to the active configuration. This option is mandatory if the address object type is "dhcp". ipadm refresh-addr [-i] addrobj If the addrobj is of the type "static" then DAD (Duplicate Address Detection) will be restarted (if necessary) on the address identified by the address object. If the addrobj is of the type "dhcp", then the lease duration obtained on the address will be extended by the DHCP client daemon. If the addrobj is of the type "addrconf" then the command errors out. -i, --inform Obtains network configuration parameters from DHCP, for that IP address without obtaining a lease on it. This is useful in situations where an IP address is obtained through mechanisms other than DHCP. ipadm disable-addr -t addrobj Disables the address by removing it from the active configuration. If the address object was created persistently to begin with, then the persistent configuration is unchanged. To re-enable this addrobj, one should use enable-addr. -t, --temporary Specifies that the disable is temporary and changes apply only to the active configuration. ipadm enable-addr -t addrobj Enables the given address object by reading the configuration from the persistent store. All the persistent address properties are applied to the address object. This subcommand requires that the interface on which the address object is being enabled be present. If the interface itself is missing in active configuration and is present in persistent store, i.e., if the interface is disabled then the user has to run ipadm enable-if first. -t, --temporary Specifies that the enable is temporary and changes apply only to the active configuration. ipadm set-addrprop [-t] -p prop= addrobj Sets the value of a property on the addrobj specified. If the addrobj maps to several addresses, then property changes applies to all the addresses referenced by the addrobj. Only one property can be specified at a time. The properties supported on the addrobj and the property's possible values can be retrieved using show-addrprop subcommand. If the addrobj is of type "addrconf", the command errors out. One cannot perform persistent operation on temporary object, that is, if the address is temporarily created, then one cannot apply the address property persistently. -t, --temporary Specifies that the changes are temporary and changes apply only to the active configuration. -p prop=, --prop prop= A property to set to the specified values. ipadm reset-addrprop [-t] -p prop addrobj Resets the given address property to it's default value. If -t is not used any persisted value of the property will be deleted. Only one property can be modified at a time. If the addrobj is of type "addrconf", the command errors out. -t, --temporary Specifies that the resets are temporary and changes apply only to the active configuration. -p prop, --prop prop A property to be reset. ipadm show-addrprop [[-c] -o field[,...]] [-p prop,...] [addrobj] Show the current and persistent values of one or more properties, either for all the configured address objects or for the specified address object. Several properties of interest can be retrieved at a time by providing comma separated property names to -p option. If the -p option is not specified, all available properties are displayed. If the addrobj is of type "addrconf", the command errors out. -o field[,...], --output field[,...] A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value 'all' to display all fields. For each address object, the following fields can be displayed: ADDROBJ The name of the address object. PROPERTY The name of the property PERM The read/write permissions of the property. The value shown will be r (read only), w (write only) or rw (read and write) CURRENT The current value of the property. For the disabled addresses, since value is not set, it will be shown as --. PERSISTENT The persistent value of the property. Persistent values are the values that will be reapplied on reboot. DEFAULT The default value of the property. If the property has no default value, -- is shown. POSSIBLE A comma-separated list of the values the property can have. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown, ? will be shown or if they are unbounded, -- will be shown. -c, --parsable Display using a stable machine-parsable format. The -o option is required with this option. See "Parsable Output Format", below. -p prop,..., --prop=prop,... A comma-separated list of properties to show. See the sections on address object properties following subcommand descriptions. ipadm set-prop [-t] -p prop[+|-]= protocol Modifies the value of the protocol property to the value specified. If the property takes multiple values then the values should be specified with comma as the delimiter. Only one property can be specified at a time. By default the value is persisted and will be reapplied on reboot. The properties supported on a protocol and the property's possible values can be retrieved using show-prop subcommand. Following protocols are supported: ip, ipv4, ipv6, icmp, tcp, udp and sctp. Note that for some properties, it may be possible to set the value of the property both globally, and on a per-interface basis. The per-interface value may be set using the set-ifprop subcommand. In such cases, if the administrator chooses to customize the per-interface value of the property to be distinct from the global value, the per-interface value overrides the global setting for that interface. -t, --temporary Specifies that the changes to properties are temporary and changes apply only to the active configuration. -p prop[+|-]=, --prop prop[+|-]= A property to set to the specified values. It also provides 'qualifiers' to perform add/delete 'aka' +/- in addition to assignment. + : adds the given value to the current list of value(s) - : removes the given value from the current list of value(s) = : makes a new assignment and removes all the current value(s). See EXAMPLES for more information on how to use the qualifiers. ipadm reset-prop [-t] -p prop protocol Resets a property of the specified protocol to the default value of the property. If -t is not used any persisted value of the property will be deleted. Only one property can be modified at a time. -t, --temporary Specifies that the resets are temporary and changes apply only to the active configuration. -p prop, --prop prop A property to be reset. ipadm show-prop [[-c] -o field[,...]] [-p prop[,...]] [protocol] Show the current and persistent values of one or more properties, either for all the supported protocol or for the specified protocol. Several properties of interest can be retrieved at a time by providing comma separated property names to -p option. If the -p option is not specified, all available properties are displayed. -o field[,...], --output field[,...] A case-insensitive, comma-separated list of output fields to display. The field name must be one of the fields listed below, or the special value 'all' to display all fields. For each protocol, the following fields can be displayed: PROTO The name of the protocol PROPERTY The name of the property. PERM The read/write permissions of the property. The value shown will be r (read only), w (write only) or rw (read and write) CURRENT The current value of the property. If the value is not set, it is shown as --. If it is unknown, the value is shown as ?. PERSISTENT The persistent value of the property. Persistent values are the values that will be reapplied on reboot. DEFAULT The default value of the property. If the property has no default value, -- is shown. POSSIBLE A comma-separated list of the values the property can have. If the values span a numeric range, min - max might be shown as a shorthand. If the possible values are unknown, ? will be shown or if they are unbounded, -- will be shown. -c, --parsable Display using a stable machine-parsable format. The -o option is required with this option. See "Parsable Output Format", below. -p prop,..., --prop=prop,... A comma-separated list of properties to show. See the sections on protocol properties following subcommand descriptions. For the supported list of properties for every protocol, see "Protocol Properties" below. Parsable Output Format Many ipadm subcommands have an option that displays output in a machine-parsable format. The output format is one or more lines of colon (:) delimited fields. The fields displayed are specific to the subcommand used and are listed under the entry for the -o option for a given subcommand. Output includes only those fields requested by means of the -o option, in the order requested. Note that "-o all", which displays all the fields for a given subcommand, cannot be used with parsable output option. When you request multiple fields, any literal colon characters are escaped by a backslash (\) before being output. Similarly, literal backslash characters will also be escaped (\\). This escape format is parsable by using shell read(1) functions with the environment variable IFS=: Note that escaping is not done when you request only a single field. Protocol Properties: The following protocol properties are supported: ttl(ipv4), hoplimit(ipv6) Specifies the value that will be set for ttl/hoplimit field of IPv4 or IPv6 header. Can be used to prevent the system from reaching other systems more than N hops away where N was the value specified. forwarding(ipv4), forwarding(ipv6) Enable/disable global IPv4 or IPv6 forwarding. All the configured interfaces will start/stop forwarding packets. Individual interfaces can override the global option using set-ifprop. recv_maxbuf(tcp, sctp, udp, icmp) send_maxbuf(tcp, sctp, udp, icmp) This property modifies the receive or send buffer sizes for the given protocol. sack(tcp) Selective acknowledgment (SACK) allows recipients to selectively acknowledge out-of-sequence data and is intended to increase performance for data transfers over lossy links. See RFC 2018 for information on the SACK. Possible values and meaning: never - will not accept SACK or send out SACK information passive - will accept SACK but not send out active - will both accept SACK and send out SACK information ecn (tcp) Explicit Congestion Control (See RFC 3168 for more information). Possible values are same as above; never, passive and active smallest_anon_port(tcp, sctp, udp) largest_anon_port(tcp, sctp, udp) These options define the upper and lower bounds on ephemeral ports. Ephemeral (means short-lived) ports are used when establishing outbound network connections. smallest_nonpriv_port(tcp, sctp, udp) This option define the start of non-privileged ports. The non-privileged port range normally starts at 1024. Any program that attempts to bind a non-privileged port does not have to run as root. extra_priv_ports(tcp, sctp, udp) This option define additional privileged ports outside of the 1-1023 range. Any program that attempts to bind the ports listed here must run as root. This prevents normal users from starting server processes on specific ports. These ports can be added/removed/assigned using the set-prop and the modifiers +/-/=. See EXAMPLES below on usage. Interface Properties: The following interface properties are supported: arp Enables/disables the use of the Address Resolution Protocol (ARP) on an interface. ARP is used in mapping between network level addresses and link level addresses (default). This is currently implemented for mapping between IPv4 addresses and MAC addresses. Possible values are on or off. Default is on. forwarding Enables/disables IP forwarding on an interface. When enabled, the IP packets can be forwarded to and from the interface. Possible values are on or off. Default is off. metric Set the routing metric of the interface to n; if no value is specified, the default is 0. The routing metric is used by the routing protocol. Higher metrics have the effect of making a route less favorable. Metrics are counted as addition hops to the destination network or host. mtu Set the maximum transmission unit of the interface to n. For many types of networks, the mtu has an upper limit, for example, 1500 for Ethernet. nud Enables/disables the neighbor unreachability detection mechanism on a point-to-point physical interface. Possible values are on or off. Default is on. usesrc Specifies a physical or virtual interface to be used for source address selection. If the keyword 'none' is used, then any previous selection is cleared. Default is 'none'. exchange_routes Enables/disables exchanging of routing information on this interface Possible values are on or off. Default is off. Address Properties: The following address properties are supported: Note that modifying address properties for 'addrconf' address objects is not yet supported. broadcast Meaningful only for address objects that represent IPv4 addresses. This is a read only property and the values specifies the address that will be used to represent broadcasts to the network. The value of this property changes whenever the prefixlen for the address is changed. deprecated Address should no longer used as a source address in new communications, but packets addressed to such an address are processed as expected. Possible values are on or off. Default is off. This property is not supported on an address object of type "dhcp". prefixlen Specifies the number of left-most contiguous bits of the address that comprise the IPv6 prefix or IPv4 netmask of the address. The remaining low-order bits define the host part of the address. When prefixlen is converted to a text representation of the address, the address contain 1's for the bit positions which are to be used for the network part, and 0's for the host part. The prefixlen must be specified as a single decimal number. This property is not supported on an address object of type "dhcp". private Specifies that the addresses should not be advertised by the in.routed routing daemon. Possible values are on or off. Default is off. transmit Enables packets to be transmitted using the addresses referenced by the address object. This is the default behavior when the address is up. Possible values are on or off. Default is on. zone Specifies the zone in which all the addresses referenced by the address object should be placed. The named zone must be active in the kernel in the ready or running state. The interface is unplumbed when the zone is halted or rebooted. The zone must be configured to be an shared-IP zone. zonecfg(1M) is used to assign network interface names to exclusive-IP zones. To modify the zone assignment such that it persists across reboots, please use zonecfg(1M). Possible values are list of all the zones configured on the system. Default is global. AUTHORIZATIONS and PRIVILEGES The following subcommands, create-if, delete-if, disable-if, enable-if, set-ifprop, reset-ifprop, create-addr, up-addr, down-addr, refresh-addr, disable-addr, enable-addr, set-addrprop, reset-addrprop, set-prop and reset-prop, need solaris.network.interface.config authorization and PRIV_SYS_IP_CONFIG privilege. In addition to above authorization and privilege, ipadm create-if subcommand needs PRIV_NET_RAWACCESS privilege. EXAMPLES Example 1. Creating IPv4 static addresses Create the address 10.2.3.4/24 on interface bge1 and mark the address 'up', for use. # ipadm create-addr -T static -a local=10.2.3.4/24 bge1/v4static1 Create the address 10.2.3.5/24 on interface bge1 but mark the address down until explicitly marked up. # ipadm create-addr -T static -d -a 10.2.3.5/24 bge1/v4static2 Note: since local was not used and there was only one addresses, 10.2.3.5/24 will be assumed to be local address. Mark the address object bge1/v4static2 up that was previously marked down. # ipadm up-addr bge1/v4static2 If the DUPLICATE flag was set on the address object, then refresh-addr will verify if the address is still a duplicate on the network. If not, the address will be marked up. # ipadm refresh-addr bge1/v4static2 List the addresses that were configured. This shows that the address bge1/v4static2 is not a duplicate. # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::/128 bge1/v4static1 static ok 10.2.3.4/24 bge1/v4static2 static ok 10.2.3.10/24 # ipadm show-addr -o all ADDROBJ TYPE STATE CURRENT PERSISTENT ADDR lo0/v4 static ok U---- --- 127.0.0.1/8 lo0/v6 static ok U---- --- ::/128 bge1/v4static1 static ok U---- U-- 10.2.3.4/24 bge1/v4static2 static ok U---- U-- 10.2.3.10/24 Example 2. Creating DHCPv4-controlled addresses Obtain a DHCPv4 address on interface bge1 # ipadm create-addr -T dhcp bge1/dhaddr # ipadm show-addr bge1/dhaddr ADDROBJ TYPE STATE ADDR bge1/dhaddr dhcp ok 10.8.48.173/25 Extend the lease duration for the DHCPv4 address object bge1/dhaddr # ipadm refresh-addr bge1/dhaddr Example 3. Creating IPv6 addresses Auto-Configure IPv6 addresses on bge1 using in.ndpd with default interface ID. A link-local address is configured first, followed by in.ndpd adding the stateless and stateful auto-configured addresses. # ipadm create-addr -T addrconf bge1/v6addr Create a IPv6 static address. To be able to configure an IPv6 address, which is not a link-local address, the interface should already have a link-local address configured on it. It was accomplished by the previous step with '-T addrconf'. # ipadm create-addr -T static -a local=2ff0::f3ad/64 bge1/v6static Change the prefix length of an IPv6 address # ipadm set-addrprop -p prefixlen=80 bge1/v6static All the auto-configured addresses and the updated prefix length can be viewed by listing the addresses. # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::/128 bge1/v6addr addrconf ok fe80::203:baff:fe94:2f01/10 bge1/v6addr addrconf ok 2002:a08:39f0:1:203:baff:fe94:2f00/64 bge1/v6addr addrconf ok 2001:db8:1:2::402f/128 bge1/v6static static ok 2ff0::f3ad/80 Example 4. Configuring an IPv4 tunnel Create the tunnel source address using ipadm. Then, create the tunnel link using dladm. Configure the IPv4 and IPv6 addresses on the tunnel IP interface. # ipadm create-addr -T static -a local=10.2.3.4/24 bge1/v4static # dladm create-iptun -T ipv4 -a local=10.2.3.4,remote=10.2.3.5 tun0 # ipadm create-addr -T static \ -a local=173.129.134.1,remote=173.129.134.2 tun0/v4tunaddr # ipadm create-addr -T static \ -a local=2ff1::3344,remote=2ff1::3345 tun0/v6tunaddr # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::/128 bge1/v4static static ok 10.2.3.4/24 tun0/v4tunaddr static ok 173.129.134.1-->173.129.134.2 tun0/v6tunaddr static ok 2ff1::3344-->2ff1::3345 Example 5. Viewing all the interfaces # ipadm show-if IFNAME STATE CURRENT PERSISTENT lo0 ok -m-v-----46 --- e1000g0 ok bm-------4- -46 e1000g1 disabled ----------- -46 ipmp0 failed bm--I----46 -46 tun0 disabled ----------- --6 vni0 disabled ---v-----46 -46 Example 6. Displaying all interface properties for a given interface # ipadm show-ifprop net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 arp ipv4 rw on -- on on,off net0 forwarding ipv4 rw off on off on,off net0 metric ipv4 rw 2 2 0 -- net0 mtu ipv4 rw 1500 -- 1500 68-1500 net0 exchange_routes ipv4 rw off -- off on,off net0 usesrc ipv4 rw none -- none -- net0 forwarding ipv6 rw off -- off on,off net0 metric ipv6 rw 2 2 0 -- net0 mtu ipv6 rw 1500 -- 1500 1280-1500 net0 nud ipv6 rw on -- on on,off net0 exchange_routes ipv6 rw off on off on,off net0 usesrc ipv6 rw none -- none -- Example 7. Configuring per-interface properties Set the ipv4 mtu of the interface net0 to 900. # ipadm set-ifprop -m ipv4 -p mtu=900 net0 The mtu of IPv4 packets will be changed to 900 # ipadm set-ifprop -m ipv6 -p mtu 1400 net0 # ipadm show-ifprop -p mtu net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 mtu ipv4 rw 900 900 1500 68-1500 net0 mtu ipv6 rw 1400 1400 1500 1280-1500 # ipadm show-ifprop -m ipv6 -p mtu net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 mtu ipv6 rw 1400 1400 1500 1280-1500 Example 8. Displaying all supported properties for a given protocol. List the supported properties on tcp. # ipadm show-prop tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp ecn rw active active passive never,passive, active tcp extra_priv_ports rw -- 1,65535 2049,4045 1-65535 tcp largest_anon_port rw 32768 32768 65535 1024-65535 tcp sack rw active -- active never,passive, active tcp recv_maxbuf rw 29567 -- 49152 2048-1073741824 tcp send_maxbuf rw 21354 -- 49152 4096-1073741824 tcp smallest_anon_port rw 32768 -- 32768 1024-65535 tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768 Example 9. Configuring global ipv4 forwarding and overriding that setting for interface net0 # ipadm set-prop -p forwarding=on ipv4 # ipadm set-ifprop -p forwarding=off -m ipv4 net0 # ipadm show-prop -p forwarding ipv4 PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE ipv4 forwarding rw on on off on,off # ipadm show-ifprop -p forwarding -m ipv4 net0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE net0 forwarding ipv4 rw off off off on,off Example 9: Using qualifiers +,- in ipadm set-prop Add 1047, 1048 and 1049 as extra privileged ports for tcp. # ipadm set-prop -p extra_priv_ports=1047 tcp # ipadm set-prop -p extra_priv_ports+=1048 tcp # ipadm set-prop -p extra_priv_ports+=1049 tcp # ipadm set-prop -p extra_priv_ports+=1050 tcp Delete 1048 as extra privileged port. # ipadm set-prop -p extra_priv_ports-=1048 Display all the extra privileged ports for tcp. # ipadm show-prop -p extra_priv_ports tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE ipv4 extra_priv_ports rw 1047,1049, 1047,1049, 2049,4045 1-65535 1050 1050 Example 10. Enabling/disabling interface/address objects. # ipadm create-addr -T static -a local=10.2.3.4/24 bge1/v4static # ipadm set-addrprop -p private=yes bge1/v4static # ipadm show-addr -o all bge1/v4static ADDROBJ TYPE STATE CURRENT PERSISTENT ADDR bge1/v4static static ok U-p-- Up- 10.2.3.4/24 Disable the address object bge1/v4static # ipadm disable-addr -t bge1/v4static # ipadm show-addr bge1/v4static ADDROBJ TYPE STATE ADDR bge1/v4static static disabled 10.2.3.4/24 Disable the interface object bge1 # ipadm disable-if -t bge1 # ipadm show-if bge1 IFNAME STATE CURRENT PERSISTENT bge1 disabled ----------- -46 Enable the interface object from the persistent configuration # ipadm enable-if -t bge1 # ipadm show-if bge1 IFNAME STATE CURRENT PERSISTENT bge1 ok bm-------46 -46 #ipadm show-addr -o all bge1/v4static ADDROBJ TYPE STATE CURRENT PERSISTENT ADDR bge1/v4static static ok U-p-- Up- 10.2.3.4/24 Note that when the interface object was enabled all the address objects configured on that interface will be enabled too. ATTRIBUTES See attributes(5) for descriptions of the following attributes: ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Interface Stability | Committed | |_____________________________|_____________________________| SEE ALSO ifconfig(1M), ndd(1M), dladm(1M), zonecfg(1M), attributes(5), nsswitch.conf(4), arp(1M), dhcp(5), vni(7D), in.ndpd (1M), if_mpadm(1M) and cfgadm(1M). Postel, J., RFC 791, Internet Protocol - DARPA Internet Program Protocol Specification, Information Sciences Institute, University of Southern California, September 1981. Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address AutoConfiguration", RFC 4862, September 2007. Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address AutoConfiguration in IPv6", RFC 4941, September 2007. S. Routhier, Ed., "Management Information Base for the Internet Protocol (IP)", RFC 4293, April 2006