i Can: TCP/IP

Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

TCP/IP

August 19, 2014

New IBM i 7.2 TCP/IP Configuration Information Commands

Two new commands have been provided in IBM i 7.2 to assist clients with handling TCP/IP configuration information.

The new Retrieve TCP/IP Information (RTVTCPINF) command will gather related TCP/IP configuration items (DB files, data areas, validation lists, environment variables, IFS files, etc.) for the systems TCP/IP processing as well as supported TCP/IP servers.

A full system backup of this information is still recommended by using the Save System (SAVSYS) command. The RTVTCPINF command will take a snapshot that ensures all related TCP/IP configuration items are saved together as a single “working set.” This helps to avoid problems where items that must be processed together as a single unit get out of sync, something that can easily happen when related items reside in multiple places on the system. The RTVTCPINF command is automatically run and saved into the QUSRSYS library before the QUSRSYS library is saved, similar to the Save System Information (SAVSYSINF) command.

The Update TCP/IP Information (UPDTCPINF) command is available to restore the selected type of TCP/IP configuration information. This can be used to recover from problems that are reported against some TCP/IP configuration item, or to quickly back out a TCP/IP configuration change to a last known working configuration. It can also be useful to transport a working TCP/IP configuration to another system.

For more details, read the article, “New TCP/IP Configuration Recovery Enhancements.”

Posted at 06:11 AM in IBM i 7.2, TCP/IP | Permalink | Comments (2)

December 19, 2012

TCP/IP Redundancy with Virtual Ethernet in IBM i

This week's blog was written by Colin DeVilbiss. Colin develops Communications and Virtual I/O support for IBM i in Rochester, MN. Thanks, Colin!

IBM i 7.1 Technology Refresh 3 added support for Ethernet Link Aggregation, as previously featured in the i Can blog "Ethernet Link Aggregation in IBM i" and the tip IBM i Aggregate Ethernet Lines on IBM developerWorks. An aggregate line description combines multiple physical Ethernet ports. The line description can then be used for TCP/IP configuration just like any other line description, but the incoming and outgoing traffic will be spread among the available ports. As a side benefit, the line description will remain active as long as any of the aggregated ports are available.

Link aggregation is a great redundancy solution for IBM i partitions that have multiple physical Ethernet ports available, all of which can be connected to a single Ethernet switch that has support for link aggregation. However, as some have commented on those articles, link aggregation does not work with virtual Ethernet ports that are connected to the internal Ethernet switch of the Power Hypervisor. This means that it is not useful to partitions that connect to the network via a Shared Ethernet Adapter (SEA) in a Virtual I/O Server (VIOS) partition or via an Ethernet layer-2 bridge provided by an IBM i partition (which was also added in Technology Refresh 3).

SEA Failover

One solution is to use a pair of VIOS partitions, each with an SEA bridged to the physical network, and to have the Shared Ethernet Adapters configured for failover, which provides redundancy without any additional configuration in the bridged partitions.

Virtual IP Addressing

Bridged IBM i partitions can get Ethernet redundancy from the existing Virtual IP Address (VIPA) support provided by IBM i. Specifically, I will describe solutions based on VIPA Proxy ARP.

Unlike other IP interfaces, a VIPA is not bound to a line description. Instead, the user chooses a list of existing IP interfaces that will serve as proxies to connect the VIPA to the network; these are called its preferred interfaces. They are kept in priority order, and the VIPA will be serviced by the first active interface in the list.

Physical Interface With Virtual Backup

Given this, we can build a setup that will default to using a physical Ethernet port but will use a virtual Ethernet port instead if the physical port becomes unavailable. For this example, we assume that the IP addresses below are all available and appropriate to the system's network, the physical Ethernet port is managed by line description PHYSETH, the virtual Ethernet port is managed by line description VIRTETH, and that VIRTETH is bridged to the physical network by a VIOS SEA or IBM i layer-2 bridging. We create an IP interface on each port, then create a VIPA, preferring the physical interface over the virtual Ethernet interface.

ADDTCPIFC INTNETADR('192.168.1.2') LIND(PHYSETH) SUBNETMASK('255.255.255.0')

ADDTCPIFC INTNETADR('192.168.1.3') LIND(VIRTETH) SUBNETMASK('255.255.255.0')

ADDTCPIFC INTNETADR('192.168.1.4') LIND(*VIRTUALIP) SUBNETMASK('255.255.255.255')

PREFIFC('192.168.1.2' '192.168.1.3')

Once all three interfaces are started, the VIPA should be accessible from the network via PHYSETH; if PHYSETH fails, then VIRTETH will take over.

When each partition has a physical interface available, this can be a great solution. Each partition has control over its own physical Ethernet resource, and a single bridging support partition can provide a backup for all of the other partitions simultaneously.

For direct use, this requires that the first line description in the preferred interface list will fail if it can't access the network (for example, if the cable is pulled or the Ethernet adapter or switch fails for some reason). This is true for IBM i physical Ethernet ports (and for aggregate line descriptions) but not true for bridged virtual Ethernet ports (which are not connected directly to the network). Thus, this solution requires changes if we want to support failover between two virtual Ethernet ports.

Virtual Interface With Virtual Backup

This can be done by writing a program that does some level of direct health check for each preferred interface and rearranges the preferred interfaces so that the first is always working. Attached below is an example CL script that monitors each preferred interface to see that it can ping a specific remote IP address, and changes the priority order if the first interface becomes unavailable while the second is available. Download 121912 monitor

Given this, we can fail over between two virtual Ethernet ports. This enables more complicated configurations that provide Ethernet redundancy for the clients without setting up any failover between bridging partitions.

For example, consider a system with several IBM i partitions, two of which have physical Ethernet resources. In each of those partitions, we configure a layer-2 bridge: the first bridge through one Power Hypervisor virtual LAN (VLAN), and the second through a different VLAN. Then, in each of the other IBM i partitions, we configure two virtual Ethernet interfaces and VIPA as above, with a virtual-to-virtual failover script. In half of those partitions, we choose the first bridge as primary; in the other half, we make the second bridge primary.

In this system, all of the physical Ethernet resources are being used, and the physical network is unaware of anything in the configuration. If one bridge stops working for any reason, the half of the partitions that were using it will start using the other bridge. This can provide acceptable service on systems with several IBM i partitions but not a lot of available physical Ethernet resources, at the cost of some additional configuration work.

In short, IBM i and Power Systems network and virtualization technologies give users the tools they need to meet their performance and redundancy targets. We are always looking for ways to improve our networking options as well.

Posted at 02:08 PM in Ethernet, IBM i, TCP/IP | Permalink | Comments (1) | TrackBack (0)

November 27, 2012

Starting TCP When the System is IPLed

Years ago, when TCP/IP was starting to become the networking standard of choice, it was not automatically when the system was started. You had to edit the system start-up program to automate starting TCP/IP and related interfaces and servers.

In the V5R1 release, the work management component provided the ability to automatically start TCP/IP when the system was started with the addition of the IP attribute “Start TCP”. The default is *YES, but you can change it to *NO to control the starting of TCP/IP yourself.

When the system automatically starts TCP/IP, it does so after the controlling subsystem has started; thus this support works for coming out of restricted state as it does for a partition IPL. When starting from an IPL or restricted state, work management also starts the QSYSWRK subsystem. QSYSWRK is required for TCP/IP functionality since many of the daemon jobs run in that subsystem; the start TCP/IP processing job (QSTRTCP) also runs in QSYSWRK.

When the STRTCP command is left as shipped by IBM, the start TCP processing will first start the defined IPv4 interfaces, the IPv6 interfaces, and the Point to Point (PPP) profiles. The STRTCP processing submits a job named QTCPSTSVRS which starts the application servers. This job is not synchronized with other STRTCP processing, so it can begin to start servers before the interfaces have all been started. TCP Server start-up processing should handle these dependencies and have retry logic if necessary. You configure TCP application servers to start with TCP/IP by specifying the “Start with TCP/IP is started” or the “Autostart” attribute. The blog I wrote earlier this year, Automatically Starting TCP Servers when TCP/IP is Started, discusses this in more detail.

Another important change occurred in the 6.1 release. Prior to 6.1, when TCP/IP was started, it would start the QTCPIP and QTCPMONITR jobs in the QSYSWRK subsystem and these jobs controlled TCP/IP. However, if these jobs were ended, then TCP/IP would also end. To improve the reliability and availability of TCP/IP, these jobs in QSYSWRK are no longer used and the QTCPCTL and QTCPWRK system jobs are used instead. The QTCPCTL job is responsible for managing requests that are sent to the QTCPWRK job. The QTCPWRK job manages the starting and ending of TCP/IP, and the starting and ending of interfaces and PPP profiles. The QTCPWRK job also acts as a message relay agent for TCP/IP related messages. This allows the TCP/IP protocol stack to remain active when in restricted state. Typically, the restricted state is for tape back-ups that use TCP/IP. Refer to the 6.1 Memo to Users for more information on the change to system jobs for TCP/IP processing.

I have heard about clients having issues reliably stating TCP/IP servers when starting TCP/IP at IPL or when starting from restricted state. This can be due to the dependencies between subsystems and the server jobs. Some server jobs run in subsystems other than QSYSWRK; some servers allow you to customize the subsystem in which they run. If the subsystems required by a TCP server are not started before the server jobs are started, problems can result. If you have problems with TCP/IP servers automatically starting after an IPL or coming out of restricted state, you can customize the system's start-up program (specified by the QSTRUPPGM system value) to control starting the subsystems and server jobs.

IBM has a support knowledge-base article titled “Starting TCP - Using the IPL Attributes Versus the System Startup Program”. If you call IBM Support with a problem related to the STRTCP processing at IPL, the IBM support representative may discuss the information documented in this article.

However, the STRTCP IPL attribute processing has improved over the years and using that IPL attribute is the recommended way to STRTCP. If you have specific errors when using the IPL attribute to start TCP/IP, IBM support will need to know the details (Is TCP not starting as a whole? Is a specific server not starting? etc.). It is possible that more complex environments may need to use a customized start-up program to get all the servers correctly started.

However, if you encounter server start-up problems, or if you can recreate problems that cause you to add DLYJOBs to your start-up program, you should open a PMR so the IBM development team can understand the issue and work on a resolution.

Finally, the IBM i Information Center has a section on TCP/IP Troubleshooting. Within that documentation there is a section on Timing Considerations that reviews the general considerations for setting up your own start-up program to start TCP/IP and TCP Servers.

Posted at 08:51 AM in IBM i, TCP/IP, Work Management | Permalink | Comments (0) | TrackBack (0)

June 27, 2012

Automatically Starting TCP Servers When TCP/IP Started

We all know and use TCP/IP servers. Many of these servers are set up to start when TCP/IP is started and all servers have the ability for this configuration value to be changed.

The “traditional” TCP/IP servers—those which had been part of the TC1 product for may releases—have an “attributes” command (e.g., Change Telnet Attributes (CHGTELNA), CHGFTPA, CHGSMTPA, etc.) as well as an option (20) under Configure TCP/IP (CFGTCP) to Configure TCP/IP applications. One of the parameters you can configure is “autostart servers,” which specifies whether the TCP/IP server should be automatically started when TCP/IP is started.

You will discover, however, that not all servers have this command interface; in fact, there are many TCP Servers that are not part of the TC1 product that do not have the “traditional” command interfaces.

For these TCP servers, how do you set up servers to automatically start? There may be various ways to do this, but the simple answer is that it's done via the graphical user interface—either System i Navigator or Systems Director Navigator.

The ability to control TCP Servers through the GUI is divided into two main categories—TCP/IP Servers and User Defined Servers. There are various ways to navigate to the servers. In my example, I used IBM Systems Director Navigator, selected the Network tasks, then took the Show all Network Tasks button, where I can find Servers with additional options available, as the following screen capture shows.

When you take the option to display TCP/IP Servers, you will see the complete list of TCP Servers, their status (started or stopped) and a basic description of the server.

The secret for setting the attribute for automatically starting the server jobs is under the properties option for the server. In my example, I've navigated to the User Defined Servers and am showing how to display the properties for the IBM SLP Server.

The properties provides a checkbox you can toggle on or off to specify whether that server is one that should be started when TCP/IP is started. Depending upon the server, there may be additional options that you can configure. The following screen capture is an example of the properties you have for the user-defined IBM SLP Server.

You can also view the TCP/IP servers that are configured to automatically start by navigating to Network, then Show all Network Tasks, select the menu for TCP/IP Configuration, and take TCP/IP Configuration Properties. Click on the Servers to Start tab, and you can see a list of the server autostart properties in one table, as the following screenshot shows:

In case you weren't aware of it, the Start TCP Server (STRTCPSVR) command has an option, *AUTOSTART, for the Server parameter. This option allows you to start all of the servers that have their “Start when TCP/IP is started” property or “autostart servers” attribute set on.

The Server Table in the Information Center documents all of the Server jobs, and the column Shipped default value for Autostart servers parameter documents the default value for whether a server is automatically started when TCP/IP is started.

Some time ago, I wrote about how you can Identify Your Server Jobs and mentioned in that article how you can create your own custom server, which are the User Defined Servers in the GUI.

Posted at 08:35 AM in TCP/IP | Permalink | Comments (2) | TrackBack (0)

August 30, 2011

SNA Applications on i

Last year, I wrote a blog about AnyNet support (actually, the lack of it) in the 7.1 release. If you carefully read the IBM planning statements, you will also find planning statements regarding SNA in general; way back in 2008, IBM published a planning statement on future SNA support. You can find it at the very end of the Future Software Planning statements. Even though these planning statements have been published, from time to time I still get questions about SNA support on i or hear rumors that SNA applications won't work at some point.

SNA (Systems Network Architecture) has been a part of the operating system since the S/38 days and continues to be there, although over time certain features and functions have gone away. In general, when you see functions that no longer work, it's due to external hardware dependencies that don't have replacements from IBM.

For “native” SNA support in OS/400, i5/OS and IBM i, low-level support of the SNA architecture was part of the I/O Processors (IOPs) that were attached to the system. In particular, the “DLC” (Data Link Control) layer of the SNA protocol was implemented in the IOPs. With the more recent hardware, IBM has moved away from supporting IOPs and is just using I/O Adapters (IOAs). With this change, the DLC layer of software that SNA was dependent upon was no longer available. Rather than re-implement the DLC layer in the operating system, IBM chose to use other technologies to support the SNA applications – AnyNet and then Enterprise Extenders; these allowed applications based upon the SNA protocol stack to run over TCP/IP networks.

Also in the past, there were many different flavors of link-level protocols – Token Ring, Ethernet, ISDN, ATM, Frame Relay. X.25, etc. Most of those protocols have also disappeared over the years and today, Ethernet is primarily what everyone uses to connect their systems to their networks.

It's safe to say that in the future SNA-based applications will continue to be supported. SNA-based applications include things like SNADs, Display Station Passthrough, DDM, ICF applications, etc.

IBM i documentation on SNA is all still available. In the Information Center, you'll find it under Networking->Network Communications. The documentation that was never incorporated into the Information Center is also still available and references to it can be found in the “Related Information” section.

Posted at 01:37 PM in i5/OS, IBM i, SNA, TCP/IP | Permalink | Comments (0) | TrackBack (0)

May 17, 2011

Using the ARPING Tool to Test Network Connectivity

As of IBM i 7.1 and via PTFs (SI31691 and its requisites) in IBM i 6.1, a tool called ARPING (Send ARP Request, SNDARPRQS) is now supported. Like its LINUX counterpart, this tool can be used to test connectivity to an IP address on a local TCP/IP network. The tool is similar to the PING (Verify TCP/IP Connection) tool, except that it uses the Address Resolution Protocol (ARP) rather than the Internet Control Message Protocol (ICMP). Unlike ICMP messages, ARP messages aren’t routable, so this command will only work for IP addresses in the local network.

The tool requires two parameters. The remote IP address to probe, and the local Ethernet line to use. At least one local TCP/IP interface must be active on the line used. If the remote IP address exists and responds to an ARP REQUEST message, the tool will produce output such as the following:

4 > ARPING INTNETADR('10.5.176.160') LIND(ETHLINE)
      Sending ARP request to 10.5.176.160 using line ETHLINE.
      Reply from [3C:DF:1E:8C:0C:00] took 2 ms.
      Reply from [3C:DF:1E:8C:0C:00] took 1 ms.
      Reply from [3C:DF:1E:8C:0C:00] took 1 ms.
      ARP request statistics: 3 of 3 successful (100 %).

A successful reply message will include the MAC address of the host that responded to the ARP message and the time in milliseconds that it took to receive the response. If there’s no connectivity to the IP address on the local network or the host is unable to respond, ARPING will produce output such as the following:

4 > ARPING INTNETADR('10.5.176.160') LIND(VETH0)
      Sending ARP request to 10.5.176.160 using line VETH0.
      No response from 10.5.176.160 within 1 seconds.
      No response from 10.5.176.160 within 1 seconds.
      No response from 10.5.176.160 within 1 seconds.
      ARP request statistics: 0 of 3 successful (0 %).

I'd like to thank Clair Wood who works on the IBM i Networking team for writing this week's blog.

Twitter: #ibmi @DawnMayiCan #COMMONUG, #ibmiuser

Posted at 08:00 AM in ARPING, IBM i, IBM i 6.1, IBM i 7.1, TCP/IP | Permalink | Comments (3) | TrackBack (0)

April 26, 2011

IPCONFIG – A Secret Tool for IP Configuration

Have you ever wanted to be able to restrict the ephemeral port ranges configured on IBM i, clear the local DNS cache, or view the entries stored in the local DNS cache?

IPCONFIG is a tool that allows you to view or modify IP configuration settings that aren’t accessible through standard TCP/IP menus. This may be the first time you’ve heard of IPCONFIG because the existing settings are a mix of features that should never be changed, but a toggle was added "just in case." Now we’ve added some actual useful and interesting features into the mix. These new features provide the capability to work with ephemeral port ranges as well as the local DNS cache.

Ephemeral Port Options
The default ephemeral port range on the IBM i is 5000 through 65535 for both TCP and UDP. This broad range may allow applications using ephemeral ports to bind to a port used by a server application causing the application to fail on startup because the server’s port is already in use. IPCONFIG’s new ephemeral port options provide a solution to this problem. The ephemeral port range for both TCP and UDP can now be uniquely configured.

These options set the lowest and highest valid ephemeral port to be used by TCP or UDP. The <ephemeralPort> value must be in the range of 5000 to 65535. The ephemeral port ranges can be modified at anytime; however, the newly configured values will not apply until after TCP has been restarted.

TCP Ephemeral Port Range Options
-tcp_ephemeral_low:<ephemeralPort>
-tcp_ephemeral_high:<ephemeralPort>
UDP Ephemeral Port Range Options
-udp_ephemeral_low:<ephemeralPort>
-udp_ephemeral_high:<ephemeralPort>

Displaying Ephemeral Port Ranges
-display

The -display option displays the current configuration values for all the IPCONFIG options. The TCP and UDP ephemeral port ranges can be viewed using this option. Shown in the green screen below, the configured (and active) TCP ephemeral port range is 20000 through 65535. The UDP ephemeral port range is configured to 25000 through 55000; however, this value will not apply until TCP/IP has been restarted. The active UDP ephemeral port range that applies until TCP/IP is restarted is 20000 through 65535.

DNS Cache Option
IPCONFIG provides a new DNS option with two sub options: display and reset. These functions allow you to work with the DNS cache.

Display
-dnsCache:display <-t, -d>

This sub option displays a list of the DNS cache entries. The optional parameters -t and -d offer further display choices. By default, the cache entries are output in a list format. Using the -t parameter, the cache entries can be printed in a table format that’s simple to search and use to compare particular cache entries. In addition to displaying the cache entries, the –d parameter will create an informational local sockets LIC log (major code 2C00; minor code 9900) containing the command output. The LIC log can be used with both list and table formats. A LIC log can be dumped to a spooled file for further analysis.
Each cache entry contains the query sent to the DNS server and the response received. The entry will also include the original time to live and the remaining time to live in the cache as indicated by the DNS server.

List format is shown below.

Table format is shown below.

Reset
-dnsCache:reset
The reset sub option will clear all of the entries stored in the DNS cache.

Using IPCONFIG
The following PTFs provide the support for these IPCONFIG enhancements:
7.1 – MF52889
6.1.1 – MF52891
6.1 – MF52869

You use the System Service Tools (STRSST) Display/Alter/Dump function to invoke the IPCONFIG Advanced Analysis feature. You must be authorized to use System Service Tools and you also must be authorized to use the Display/Alter/Dump service function.

To change the settings with the STRSST command, use the following steps:

1.    Open a character-based interface.
2.    On the command line, type STRSST.
3.    Type your service tools user name and password.
4.    Select option 1 (Start a service tool).
5.    Select option 4 (Display/Alter/Dump).
6.    Select option 1 (Display/Alter storage).
7.    Select option 2 (Licensed Internal Code (LIC) data).
8.    Select option 14 (Advanced Analysis).
9.    Select option 1 (IPCONFIG).

I'd like to thank Ashley Good, Lindsay Reiser, and Tim Mullenbach for writing this blog article. Ashley, Lindsay, and Tim all work on the TCP/IP Networking team in the IBM i development lab.

Posted at 08:46 AM in Database, IBM i, IPCONFIG, TCP/IP | Permalink | Comments (0) | TrackBack (0)

Connect With Us:

Links

Categories

Recent Comments

Recent Posts

Archives

October 2014