3 November 2010

Solaris 10 networking enhancements by release overview (updated)

Overview of most important changes for networking in solaris 10 releases.
3/5 (base)

  • specify source IP by (virtual) interface. Example:
    # ifconfig eri0 usesrc vni0
    The virtual IP vni interface is not associated with any physical hardware and is thus immune to hardware failures. If vni0 has address assigned to it, the system will prefer as the source address for any packets originated by local connections that are sent through eri0.
  • RIPv2, BGP, and OSPF through GNU Zebra (adapted for Solaris)
  • /usr/lib/mail -> /etc/mail/cf
  • routeadm command
  • rdisc wrapped into in.routed
  • use ifconfig to configure ipforwarding for individual interfaces
  • IP quality of service (IPQoS)
  • WAN boot installation
  • SSH 3.5p1 (adapted for Solaris)
  • Stream Control Transmission Protocol (SCTP)
1/6 (u1)

  • SMTP over TLS
  • source address filtering on multicast traffic
  • dladm command for data link (layer 2) configuration, link aggregation (ethernet trunk)
  • IGMPv3 and MLDv2 (IPv6) routing support
6/6 (u2)
  • IPFilter for IPv6
11/6 (u3)
  • Mandatory Access Control (from Trusted Solaris) for networking and other functions
  • Set secure by default network profile during installation
8/7 (u4)
  • SMF based routing services (svcadm in addition to routeadm)
  • merge /etc/inet/ipnodes (for IPv6) into /etc/inet/hosts
  • GNU Quagga routing suite replaces GNU Zebra
  • Key Management Framework for PKI
  • encryption kit included + MD4, MD5, SHA1, and SHA2
  • exclusive access to physical network interfaces by non-global zones
  • DHCPv6 client
  • IPFilter firewall enhancements
    • pfil driver/daemon removed (replaced by packet filter hooks)
    • IPv6 support
    • loopback interface support
5/9 (u7)
  • SHA2 512bit, Diffie-Hellman 4096 bit
10/9 (u8)
  • NTP 4.1.2
9/10 (u9)
  • The client queue runner is now a separate daemon (svc:/network/smtp:sendmail-client). It used to be part of sendmail  (svc:/network/smtp:sendmail).
  • The net_access privilege has been added to the basic privilege set. Denying this privilege, cuts network access.