1ipaddrsel(1M) System Administration Commands ipaddrsel(1M)
2
6 ipaddrsel - configure IPv6 default address selection
7
9 /usr/sbin/ipaddrsel
10 /usr/sbin/ipaddrsel -f file
13 /usr/sbin/ipaddrsel -d
16
19 Use the ipaddrsel utility to configure the IPv6 default address selec‐
20 tion policy table. The policy table is a longest-matching-prefix lookup
21 table that is used for IPv6 source address selection and for destina‐
22 tion address ordering when resolving names to AF_INET6 addresses. For a
23 description of how the policy table is used for source address selec‐
24 tion, see inet6(7P). For a description of how the policy table is used
25 for destination address ordering, see getaddrinfo(3SOCKET).
26 The unmodified policy table is valid for all typical IPv6 deployments.
29 Modify the table only if a circumstance exists for which the default
30 behavior of the IPv6 source address selection or destination address
31 ordering mechanism is unsatisfactory. See the section for examples of
32 such circumstances. You should carefully consider your addressing
33 strategy before you change the table from the provided default.
34 When the ipaddrsel command is issued without any arguments, the address
37 selection policy currently in use is printed. The format of the output
38 is compatible with the format of the configuration file that the -f
39 option accepts.
40 Note -
42 If the usesrc subcommand to ifconfig(1M) is applied to a particular
44 physical interface, the selection policy specified by usesrc over‐
45 rides the source address selection policies specified by ipaddrsel.
46 This is true for packets that are locally generated and for applica‐
47 tions that do not choose a non-zero source address using
48 bind(3SOCKET).
49 The Configuration File
51 The configuration file that the -f option accepts can contain either
52 comment lines or policy entries. Comment lines have a '#' character as
53 the first non-blank character. and they are ignored by the ipaddrsel
54 utility. Policy entry lines have the following format:
55 prefix/prefix_length precedence label [# comment]
57 The prefix must be an IPv6 prefix in a format consistent with
61 inet(3SOCKET). The prefix_length is an integer ranging from 0 to 128.
62 The IPv6 source address selection and destination address ordering
63 algorithms determine the precedence or label of an address by doing a
64 longest-prefix-match lookup using the prefixes in this table, much like
65 next-hop determination for a destination is done by doing a longest-
66 prefix-match lookup using an IP routing table.
67 The precedence is a non-negative integer that represents how the desti‐
70 nation address ordering mechanism will sort addresses returned from
71 name lookups. In general, addresses with a higher precedence will be in
72 front of addresses with a lower precedence. Other factors, such as des‐
73 tinations with undesirable source addresses can, however, override
74 these precedence values.
75 The label is a string of at most fifteen characters, not including the
78 NULL terminator. The label allows particular source address prefixes to
79 be used with destination prefixes of the same label. Specifically, for
80 a particular destination address, the IPv6 source address selection
81 algorithm prefers source addresses whose label is equal that of the
82 destination.
83 The label may be followed by an optional comment.
86 The file must contain a default policy entry, which is an entry with
89 ::0/0 as its prefix and prefix_length. This is to ensure that all pos‐
90 sible addresses match a policy.
91
93 The ippadrsel utility supports the following options:
94 -f file Replace the address selection policy table with the policy
96 specified in the file.
97 -d Revert the kernel's address selection policy table back to
100 the default table. Invoking ipaddrsel in this way only
101 changes the currently running kernel's policy table, and
102 does not alter the configuration file /etc/inet/ipad‐
103 drsel.conf. To revert the configuration file back to its
104 default settings, use ipaddrsel -d, then dump the contents
105 of the table to the configuration file by redirecting the
106 output of ipaddrsel to /etc/inet/ipaddrsel.conf.
107 example# ipaddrsel -d
109 example# ipaddrsel > /etc/inet/ipaddrsel.conf
110
115 Example 1 The Default Policy in /etc/inet/ipaddrsel.conf
116 The following example is the default policy that is located in
119 /etc/inet/ipaddrsel.conf:
120 # Prefix Precedence Label
123 ::1/128 50 Loopback
124 ::/96 20 IPv4_Compatible
125 ::ffff:0.0.0.0/96 10 IPv4
126 2002::/16 30 6to4
127 ::/0 40 Default
128 Example 2 Assigning a Lower Precedence to Link-local and Site-local
132 Addresses
133 By default, the destination address ordering rules sort addresses of
136 smaller scope before those of larger scope. For example, if a name
137 resolves to a global and a site-local address, the site local address
138 would be ordered before the global address. An administrator can over‐
139 ride this ordering rule by assigning a lower precedence to addresses of
140 smaller scope, as the following table demonstrates.
141 # Prefix Precedence Label
144 ::1/128 50 Loopback
145 ::/0 40 Default
146 2002::/16 30 6to4
147 fec0::/10 27 Site-Local
148 fe80::/10 23 Link-Local
149 ::/96 20 IPv4_Compatible
150 ::ffff:0.0.0.0/96 10 IPv4
151 Example 3 Assigning Higher Precedence to IPv4 Destinations
155 By default, IPv6 addresses are ordered in front of IPv4 addresses in
158 name lookups. ::ffff:0.0.0.0/96 has the lowest precedence in the
159 default table. In the following example, IPv4 addresses are assigned
160 higher precedence and are ordered in front of IPv6 destinations:
161 # Prefix Precedence Label
164 ::1/128 50 Loopback
165 ::/0 40 Default
166 2002::/16 30 6to4
167 ::/96 20 IPv4_Compatible
168 ::ffff:0.0.0.0/96 60 IPv4
169 Example 4 Ensuring that a Particular Source Address is Used
173 This example ensures that a particular source address is used only when
176 communicating with destinations in a particular network.
177 The following policy table assigns a label of 5 to a particular source
181 address on the local system, 2001:1111:1111::1. The table assigns the
182 same label to a network, 2001:2222:2222::/48. The result of this policy
183 is that the 2001:1111:1111::1 source address will only be used when
184 communicating with destinations contained in the 2001:2222:2222::/48
185 network. For this example, this network is the ClientNet, which could
186 represent a particular client's network.
187 # Prefix Precedence Label
190 ::1/128 50 Loopback
191 2001:1111:1111::1/128 40 ClientNet
192 2001:2222:2222::/48 40 ClientNet
193 ::/0 40 Default
194 2002::/16 30 6to4
195 ::/96 20 IPv4_Compatible
196 ::ffff:0.0.0.0/96 10 IPv4
197 This example assumes that the local system has one physical interface,
202 and that all global prefixes are assigned to that physical interface.
203
206 ipaddrsel returns the following exit values:
207 0 ipaddrsel successfully completed.
209 >0 An error occurred. If a failure is encountered, the kernel's cur‐
212 rent policy table is unchanged.
213
216 /etc/inet/ipaddrsel.conf The file that contains the IPv6 default
217 address selection policy to be installed at
218 boot time. This file is loaded before any
219 Internet services are started.
220
223 See attributes(5) for descriptions of the following attributes:
224 ┌─────────────────────────────┬─────────────────────────────┐
229 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
230 ├─────────────────────────────┼─────────────────────────────┤
231 │Availability │SUNWcsu │
232 ├─────────────────────────────┼─────────────────────────────┤
233 │Interface Stability │Evolving │
234 └─────────────────────────────┴─────────────────────────────┘
235
237 nscd(1M), inet(3SOCKET), getaddrinfo(3SOCKET), ipaddrsel.conf(4),
238 attributes(5), inet6(7P)
239
241 The ipnodes cache kept by nscd(1M) contains addresses that are ordered
242 using the destination address ordering algorithm, which is one of the
243 reasons why ipaddrsel is called before nscd in the boot sequence. If
244 ipaddrsel is used to change the address selection policy after nscd has
245 started, you should invalidate the nscd ipnodes cache invalidated by
246 invoking the following command:
247 example# /usr/sbin/nscd -i ipnodes
249SunOS 5.11 6 Feb 2006 ipaddrsel(1M)