I'm sponsoring this fast-track for Sowmini Varadhan, it times on on
04/19/2010.
ipadm(1m) tunables for setting End-System Model.
Requested release binding: Minor
Summary:
-------
This case proposes a solution for
6938553 Support user-friendly ipadm tunables for configuring
end-system model
by adding a new 'hostmodel' property to ipadm(1m).
Details:
--------
The fix for CR 4173841 ("Packet goes out with source IP address of
another interface") provides kernel support for the tunables that
control transmit/receive side behavior for IP packets as defined in
Section 3.3.4.5 of [RFC1122]. In addition to providing tunables for
supporting strong and weak end-system models, the tunables introduced
by CR 4173841 allow for a number of intermediate settings through six
separate permutations for source and destination multihoming tunables
in ndd.
These ndd tunables are low-level knobs that cover many more choices
than the anticipated common use-case, and while they allow for
possible feature additions in the future, the common use-cases should
be made accessible through Stable ipadm tunables.
This case proposes a new "hostmodel" property for the IP module that
can have 3 settings: strong, weak and src-priority. Some sample
incantations for setting the tunable are provided in the Examples
section.
The Stability of the 'hostmodel' property is "Committed".
The semantics for the value of the hostmodel property are
hostmodel semantics
-----------------------------------------------------------------------------
strong strong ES as defined in Section 3.3.4.2 of [RFC
1122]. In particular, this corresponds to the
setting of ip_strict_dst_multihoming = 1 through
ndd, with the additional requirement that packets
originated from the host will only be sent out on
interfaces where the IP source address of the
outgoing packet is an address configured on the
outgoing interface.
weak weak ES as defined in Section 3.3.4.2 of [RFC
1122]. In particular, this is equivalent to
setting ip_strict_dst_multihoming = 0 through ndd
on Solaris 10 and earlier releases.
src-priority Equivalent to the weak end-system model in
receive behavior, i.e., a packet will be accepted
on any interface, as long as the IP destination
of the packet is configured on one of the host's
interfaces. When transmitting a packet, if the
multiple routes for the IP destination in the
packet are available, the system will prefer
routes where the IP source address in the packet
is configured on the outgoing interface. If no
such route is available, the system will fall
back to selecting the "best" route as with the
weak ES case.
Examples
--------
On a machine with addresses
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
ce0/_a static ok 20.1.1.124/24
ce1/? dhcp ok 10.8.57.124/24
lo0/v6 static ok ::1/128
ce1/? static ok fe80::203:baff:fe75:79a7/10
ce1/? addrconf ok
2002:a08:39f0:1:203:baff:fe75:79a7/64
ce1/? dhcp ok 2001:db8:1:2::4585/128
# ipadm show-prop ip
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 forwarding rw off -- off on,off
ipv4 ttl rw 255 -- 255 1-255
ipv6 forwarding rw off -- off on,off
ipv6 hoplimit rw 255 -- 255 1-255
ipv6 hostmodel rw weak -- weak strong,
src-priority,
weak
ipv4 hostmodel rw weak -- weak strong,
src-priority,
weak
The current settings for hostmodel for IPv4 packets is (default
setting) 'weak'. In this mode, if the currently available IPv4
default routes are:
# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use
Interface
-------------------- -------------------- ----- ----- ----------
---------
:
default 20.1.1.1 UG 1 0
default 10.8.57.248 UG 2 8 ce1
:
A packet sent to an offlink destination could be sent to either
20.1.1.1 (through ce1) or to 10.8.57.248 (through ce0) in this
configuration.
e.g., the command
# traceroute -s 20.1.1.124 12.1.2.3
results in the packet trace:
# snoop -d ce1 -r
20.1.1.124 -> 12.1.2.3 UDP D=33437 S=35231 LEN=20
Similarly, a packet with IPv4 destination address 20.1.1.124 would be
accepted on either ce1 or ce0.
However, in the strong ES mode:
# ipadm set-prop -p hostmodel=strong ipv4
# ipadm show-prop -p hostmodel ipv4
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 hostmodel rw strong strong weak strong,
src-priority,
weak
an incoming packet with an IPv4 destination of 20.1.1.124 would only
be accepted if, and only if, it was received on ce1. Similarly, an
outgoing packet with IPv4 src 20.1.1.124 would only be sent out if a
route to the IPv4 destination existed on ce1. Thus, if the only routes
available were
# netstat -rnf inet
Routing Table: IPv4
Destination Gateway Flags Ref Use
Interface
-------------------- -------------------- ----- ----- ----------
---------
default 10.8.57.248 UG 1 2354 ce1
10.8.57.0 10.8.57.124 U 2 1946 ce1
20.1.1.0 20.1.1.124 U 2 0 ce0
127.0.0.1 127.0.0.1 UH 2 2996 lo0
the following would be observed:
# traceroute -s 20.1.1.124 12.1.2.3
traceroute to 12.1.2.3 (12.1.2.3) from 20.1.1.124, 30 hops max, 40
byte packets
1 traceroute: sendto: No route to host
traceroute: wrote 12.1.2.3 40 chars, ret=-1
The traceroute fails because the outgoing packet with IPv4 src
20.1.1.124 cannot find any route for 12.1.2.3 through ce1.
The src-priority hostmodel can be set by the command
# ipadm set-prop -p hostmodel=src-priority ipv4
# ipadm show-prop
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 forwarding rw off -- off on,off
ipv4 ttl rw 255 -- 255 1-255
ipv6 forwarding rw off -- off on,off
ipv6 hoplimit rw 255 -- 255 1-255
ipv6 hostmodel rw weak -- weak strong,
src-priority,
weak
ipv4 hostmodel rw src-priority src-priority weak strong,
src-priority,
weak
In this model, the command
# traceroute -s 20.1.1.124 12.1.2.3
will first attempt to find a route for 12.1.2.3 through ce0, and when
none is found, route selection will fall back to sending the packet
through ce1.
The default route through ce0 will be selected for packets having source
address 20.1.1.124.
The property value may be reset as follows.
# ipadm reset-prop -p hostmodel ipv4
# ipadm show-prop -p hostmodel ipv4
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 hostmodel rw weak -- weak strong,
src-priority,
weak
Proposed man page changes:
--------------------------
--- ipadm.1m.txt.orig Thu Apr 1 12:58:39 2010
+++ ipadm.1m.txt.new Fri Apr 9 17:27:47 2010
@@ -866,7 +866,9 @@
The current value of the property. If the value
is not
set, it is shown as --. If it is unknown, the
value is
- shown as ?.
+ shown as ?. If the current value of the property
is not
+ in the set of listed POSSIBLE values, the keyword
+ "custom" will be displayed.
PERSISTENT
@@ -880,8 +882,9 @@
POSSIBLE
- A comma-separated list of the values the
property can
- have. If the values span a numeric range, min - max
+ A comma-separated list of the values for the
property
+ setting to be used with the 'set-prop' sub-command.
+ If the values span a numeric range, min - max
might be shown as a shorthand. If the possible
values
are unknown, ? will be shown or if they are
unbounded, --
will be shown.
@@ -922,6 +925,22 @@
The following protocol properties are supported:
+ hostmodel(ipv4), hostmodel(ipv6)
+ Control send/receive behavior for IP packets on a multihomed
+ system. The value of 'hostmodel' may be set to
+ 'strong' or 'weak', corresponding to the equivalent end-system
+ model definitons of RFC 1122. In addtion, a third
+ value of 'src-priority' is also supported. In the 'src-priority'
+ hostmodel, a packet will be accepted on any interface, as
long as
+ the packet's destination IP address is configured and marked UP
+ on one of the host's interfaces. When transmitting a
+ packet, if the multiple routes for the IP destination in
+ the packet are available, the system will prefer routes
+ where the IP source address in the packet is configured on
+ the outgoing interface. If no such route is available, the
+ system will fall back to selecting the "best" route as
+ with the weak ES case.
+
ttl(ipv4), hoplimit(ipv6)
Specifies the value that will be set for ttl/hoplimit field
of IPv4
or IPv6 header. Can be used to prevent the system from reaching
@@ -1343,3 +1362,8 @@
S. Routhier, Ed., "Management Information Base for the Internet
Protocol (IP)", RFC 4293, April 2006
+
+ Braden, R., RFC 1122, Requirements for Internet Hosts - Com-
+ munication Layers, Information Sciences Institute, Univer-
+ sity of Southern California, October 1989.
+
References:
----------
[RFC1122] Braden, R., RFC 1122, Requirements for Internet Hosts -
Communication Layers, Information Sciences Institute,
University of Southern California, October 1989.
_______________________________________________
opensolaris-arc mailing list
[email protected]
