Académique Documents
Professionnel Documents
Culture Documents
cover
AIX 5L
TCP/IP I: Configuring
(Course Code AU07)
Instructor Guide
ERC 9.1
Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
AFS AIX AIX 5L
DFS HACMP MVS
pSeries RISC System/6000 RS/6000
SecureWay SP System/370
400
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft
Corporation in the United States, other countries, or both.
Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the
United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Other company, product and service names may be trademarks or service marks of others.
The information contained in this document has not been submitted to any formal IBM test and is distributed on an as is basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customers ability to evaluate and integrate them into the customers operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.
Copyright International Business Machines Corporation 1997, 2006. All rights reserved.
This document may not be reproduced in whole or in part without the prior written permission of IBM.
Note to U.S. Government Users Documentation related to restricted rights Use, duplication or disclosure is subject to restrictions
set forth in GSA ADP Schedule Contract with IBM Corp.
V3.1.0.1
Instructor Guide
TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
CacheFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-25
Virtual File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-27
NFS Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-29
portmap Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-31
mountd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-33
biod (Block I/O Daemon) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-35
nfsd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-37
How NFS Shared Files Are Protected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-39
UNIX Authorization - Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-41
UNIX Authentication - Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-44
ACL Support in NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-46
NFS File Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-48
NFS File Lock Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-50
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-55
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-57
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-59
Unit Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-61
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .X-1
TMK Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
AFS AIX AIX 5L
DFS HACMP MVS
pSeries RISC System/6000 RS/6000
SecureWay SP System/370
400
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft
Corporation in the United States, other countries, or both.
Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the
United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Other company, product and service names may be trademarks or service marks of others.
Course Description
AIX 5L TCP/IP I: Configuring
Duration: 5 days
Purpose
The purpose of this course is to teach TCP/IP network configuration
and administration including the skills necessary to begin
implementing and using Dynamic Host Configuration Protocol
(DHCP), Virtual Ethernet, Shared Ethernet Adapter, static and
dynamic routing, Domain Name System (DNS) and Network File
System (NFS) on AIX 5L.
Audience
Network Administrators or other personnel responsible for the
configuration, use, and support of TCP/IP and common network
services on AIX 5L.
Prerequisites
Students should have completed the following course:
AIX 5L System Administration I: Implementation (AU14/Q1314)
Or have the following basic AIX skills:
Have a working knowledge of the AIX environment and commands
Be able to work with SMIT in configuring your system
Be able to edit files with vi (visual editor)
Understand file systems, directories, files, and their security
Understand the concept of mounting file systems
Have a basic knowledge of general networking concepts
Objectives
After completing this course, you should be able to:
Discuss the basic concepts of TCP/IP protocols and addressing
Describe TCP/IP broadcasting and multicasting functions
Configure TCP/IP on AIX
Contents
TCP/IP protocols and addressing
TCP/IP broadcasting and multicasting
TCP/IP subnet masking
Configuring TCP/IP
Configuring Virtual Ethernet
Static and dynamic routing
Shared Ethernet Adapter
Configuring Virtual IP Address (VIPA), multipath routing, dead
gateway detection, and network options (no command)
Domain Name System (DNS) configuration
Dynamic Host Configuration Protocol (DHCP)
Introduction to troubleshooting network problems
NFS Concepts
Configure NFS
Course Agenda
Day 1
(00:30) Introduction
(03:00) Unit 1 TCP/IP Concepts
(00:45) Exercise 1 IP Addressing and Subnetting
(01:15) Unit 2 Hardware Management Console
(01:00) Exercise 2 HMC Configuration
Day 2
(01:05) Unit 3 Configuring TCP/IP
(00:40) Exercise 3 Configuring TCP/IP
(01:00) Unit 4 Configuring Virtual Ethernet
(01:00) Exercise 4 Configuring Virtual Ethernet
(01:00) Unit 5 Routing
(00:50) Exercise 5 Static Routing
Day 3
(01:00) Unit 6 Dynamic Routing
(00:20) Exercise 6 Dynamic Routing
(01:00) Unit 7 Shared Ethernet Adapter
(01:00) Exercise 7 Shared Ethernet Adapter
(00:30) Unit 8 Network Control
(01:00) Exercise 8 Configuring Network Options
Day 4
(02:30) Unit 9 DNS
(00:45) Exercise 9 DNS
(01:15) Unit 10 DHCP
(01:00) Exercise 10 DHCP
(01:00) Unit 11 Problem Determination
(00:30) Exercise 11 Problem Determination
Day 5
(01:00) Unit 12 NFS Concepts
(01:00) Unit 13 Configuring NFS
(01:00) Exercise 12 Configuring NFS
(00:40) Unit 14 Automounter and NFS
(00:40) Exercise 13 Automounter and NFS
Copyright IBM Corp. 1997, 2006 Course Presentation Material Overview xix
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Text highlighting
The following text highlighting conventions are used throughout this book:
Bold Identifies file names, file paths, directories, user names,
principals, menu paths and menu selections. Also identifies
graphical objects such as buttons, labels and icons that the
user selects.
Italics Identifies links to web sites, publication titles, is used where the
word or phrase is meant to stand out from the surrounding text,
and identifies parameters whose actual names or values are to
be supplied by the user.
Monospace Identifies attributes, variables, file listings, SMIT menus, code
examples and command output that you would see displayed
on a terminal, and messages from the system.
Monospace bold Identifies commands, subroutines, daemons, and text the user
would type.
References
Info Center AIX 5L Version 5.3 Commands Reference
Info Center AIX 5L Version 5.3 System Management Guide:
Communications and Networks
Unit Objectives
After completing this unit, the student should be able to:
Describe the layered TCP/IP model
List and describe the protocols included in the TCP/IP protocol
suite
Explain network addressing
Define key networking terms
Interpret an IP address given the address and its subnet mask
Explain the purpose of multicasting
Notes:
What Is TCP/IP?
Transmission Control Protocol/Internet Protocol
Protocol suite used on the Internet
Set of protocols (rules) which define how computers (hosts)
communicate on a network
Designed for heterogeneous systems
Supports different network types
Open standards
Notes:
Introduction
The acronym TCP/IP stands for Transmission Control Protocol/Internet Protocol. A
more accurate name for this set of protocols is the Internet Protocol Suite, which is
sometimes referred to simply as the IP Stack.
A set of protocols
TCP/IP is a set of protocols or rules that define various aspects of how two computers in
a network may communicate with each other. A protocol is a set of rules which describe
the mechanisms and data structures involved. Using these definitions, vendors can
write software to implement the protocols for particular systems.
Instructor Notes:
Purpose Provide a brief description of what the acronym TCP/IP stands for and what it
can do.
Details This visual is meant to be used as a starting place for our discussion of the
various protocols that make up the suite commonly called TCP/IP. Emphasize that TCP/IP
is a suite or group of protocols that are organized into layers. We discuss the various layers
and the more commonly used protocols in each layer as we proceed through this unit.
Transition Statement Now that we know what TCP/IP is, let's see how it came into
being.
Uempty
History
Notes:
Initial funding
TCP/IP is the result of work commissioned in 1968 by the US Department of Defense,
Advanced Research Projects Agency (DARPA). Many other research and vendor
organizations have contributed to the development of TCP/IP.
Role of ARPANET
Using leased lines, DARPA implemented a point-to-point network called ARPANET with
protocols which eventually evolved into TCP/IP. In 1980, ARPANET became the
backbone to the Internet which linked many US government, military, research,
educational, and commercial organizations. By 1983, all hosts in ARPANET, now called
the Internet, used TCP/IP protocols.
Widespread use
TCP/IP currently is widely used throughout the world.
RFC 791
Internet
Protocol
Notes:
Availability of RFCs
RFCs are available through the Internet from http://www.ietf.org.
Instructor Notes:
Purpose Show the process used to determine what changes are made to the TCP/IP
protocol suite.
Details Don't spend a lot of time discussing RFCs and the details of the process. Much
of the information provided here is to help answer questions students may have regarding
the RFC process.
Additional Information The following information is provided as an aid to instructors in
case students ask for more detailed information. It is not necessary to provide all this
information to students as it would be overkill for most at this point.
There are two independent classifications of protocols. The first is the maturity level or
state of standardization. State can be as follows:
Standard
Draft standard
Proposed standard
Experimental
Informational
Historic
The following is the requirement level or status of this protocol. Status can be as follows:
Required
Recommended
Elective
Limited use
Not Recommended
The status or requirement level is difficult to portray in a one-word label. The status labels
should be considered only as an indication, and a further description, or applicability
statement, should be consulted.
Transition Statement Now that you have a better understanding of how TCP/IP
developed, let's look closer at the environment in which it is used.
Uempty
Network Topologies
LAN Hub
tch
Swi
Hub
Switched
MAN Network
direct-connect d
lease/line tche
Swi work
Net
WAN
modem
microwave
satellite
Copyright IBM Corporation 2006
Notes:
Introduction
TCP/IP is supported on many different types of networks, from very low-speed serial
lines to cell-switched wide area networks, fast local area networks to very fast
multi-gigabit networks. Each vendor offers a variety of products to support a range of
network types.
An Internet
FDDI
router Gateway
X.25
Ethernet
Copyright IBM Corporation 2006
Notes:
What is an internet?
An internet is a term applied to a number of networks connected or internetworked
together. An internet can be a combination of similar networks or of heterogeneous
networks. In an internet, data can be transferred transparently from one host to another
without the sending host needing to know the route taken or the type or number of
connections involved.
A well-known public internet is the Internet, which consists of millions of systems and
users.
Instructor Notes:
Purpose Identify the terms used for elements in a network. This sets the foundation for
the terminology used all week.
Details
host Any computer attached to the network with a TCP/IP address. This
includes machines of any size or functionality such as mainframes,
servers, workstations, PCs, terminals, printers, and so forth. Each host is
given a unique name and address so that it can be identified in the
network.
gateway/router In the context of TCP/IP, these two are historically synonymous. This is a
host with interfaces to two or more networks. This can be either a
dedicated machine that simply provides the function of moving data from
one network to another, or it can be a machine that does other work as
well, such as running applications.
client/server Hosts can play different roles in a network. As a client, a host plays the
role of a requestor of services from an application that is running often
times on another host in the network. The server is the provider of the
services being requested by the client. The types of services often
needed and supplied by client and server hosts and applications include:
print services
file sharing
computer sharing
Generally, TCP/IP hosts can function as both clients and servers at the same time, either
providing the same types of services or different services.
When working in a network, it is important to be aware of the system on which you are
currently working. In order to distinguish hosts, the following terminology is used:
Local host - the machine on which the user is working
Foreign (or remote) host - any other host on the network
Discussion Items If a system is a router with connections to three networks which
network does it belong to? Answer: It belongs to all three.
Transition Statement Let's begin to take a closer look at how the TCP/IP protocol suite
is put together.
Uempty
TCP/IP Layering for AIX/UNIX
OSI 7 Layer Model TCP/IP Layer Model
Session
Transport TCP UDP
Transport
Notes:
Physical layer
The physical layer specifies electrical and mechanical characteristics of the hardware
used for communication.
Internet layer
The Internet layer provides the virtual network image of internet (that is, this layer
shields the higher layers from the typical network hardware architecture below it). The
Internet Protocol (IP) is the most important protocol here, or, to be exact, the Internet
Protocol is mandatory along with the Internet Control Message Protocol (ICMP). The
Internet layer does not provide reliability, flow control or error recovery, and also doesn't
assume reliability from the lower layers. It is a connectionless protocol.
Transport layer
The transport layer provides for the end-to-end delivery of data. As previously
mentioned, examples of protocols at this level are TCP (connection-oriented) and UDP
(connectionless).
Application layer
In this context, an application is a user process cooperating with another process on the
same or a different host. Examples are TELNET (protocol for remote terminal
connections), File Transfer Protocol (FTP) and Simple Mail Transfer Protocol (SMTP).
Glossary
Refer to the Glossary included in this document for a definition of terms used
throughout the course, including those referenced on this page.
Instructor Notes:
Purpose Briefly introduce the OSI 7 layer model and then concentrate on the TCP/IP
layered architecture. When describing the OSI model layers, make reference to a suitable
application like NFS which uses 7 layers. For example, Presentation = XDR, Session =
RPC.
Details Concept of protocol--Who does what and how you do it. Example of diplomatic
protocol. To open trade relations with a king, I do not run into his office and say, Let's do
business. My aide contacts his minister to set up a meeting. My aide opens the door; his
minister introduces us. We give greetings and acknowledgements. Now we begin to
exchange information. Networking protocol defines who does what networking services
when. How you do it is the syntax of the headers, size of packets, delay times, and so forth.
A protocol suite is a set of protocols that is designed to work together and satisfies the
requirements of a protocol model.
Powerful modularizing exists when you layer network services. This is defining who does
what. Refer to the drawing on the visual. You see designs like this in most all modern
networking protocols.
Physical layer: Sometimes you may come across only four layers in the TCP/IP model. If
this is the case, it is assumed the Network Interface layer and Physical layer have been
merged together.
Network Interface: Roughly equivalent to the device driver for the network hardware.
Responsible for detecting and possibly correcting errors that occur at the physical layer.
Internet Layer: Responsible for addressing routing and error handling within the network.
Transport Layer: Responsible for end-to-end delivery of data. Two modes of operation,
namely connection-oriented and connectionless communication.
Application Layer: User applications such as file transfer, electronic mail, network
management, and so forth.
The advantage of layering is that applications can run over different mediums without
rewriting. As new network technologies come out, porting is easier, simply add a device
driver. Also, as an application writer, you do not have to imbed networking protocols in a
program; you just have to identify the appropriate host to the protocol stack and hand it a
stream of data.
Discussion Items Do I want the application to be hard-coded for Token-Ring, Ethernet,
and so forth, or type of cabling? No--all this should be transparent to user and programmer.
Additional Information OSI Layers Information (If required!)
The Application Layer is the layer that most users of a computer are familiar with. The
Application Layer contains programs, compilers, and so forth. From a network point of
view, the user interfaces to network daemons and network utilities operate at this layer,
as well as super daemons.
Uempty The Presentation Layer performs character set conversion, byte swapping, and so
forth.
The Session Layer performs the initiation and termination of interaction between
clients and servers. Applications may or may not have knowledge of the connections
taking place at the Session Layer.
The Transport Layer provides the mechanism to transport messages from one
process and one host to another process on the same or another host.
The Network Layer delivers packets from one host to another, with the hosts
potentially being located on different networks. The Network Layer uses virtual network
addresses to specify source and destination hosts.
The Data Link Layer provides the delivery of frames from one host to another, with the
hosts being connected on the same network. It also maps virtual network addresses to
physical network addresses.
The Physical Layer provides the actual transmission of data from one host to another.
This layer is controlled by hardware and firmware.
Transition Statement Let's take a closer look at the different layers of the TCP/IP
protocol layers of the TCP/IP protocol suite beginning at the network interface layer.
Notes:
LAN interfaces
The Ethernet, IEEE 802.3, FDDI, and Token-Ring interfaces are for use with local area
networks.
SOCC
The serial optical channel converter (SOCC) is a high-speed serial channel converter
that is used for point-to-point links.
Uempty ATM
Asynchronous transfer mode (ATM) is used for high-speed full duplex communications
in a LAN, MAN, or WAN environment using existing wiring (FDDI, OC3 SONET, Fibre
Channel, T3).
Fibre Channel
Fibre Channel is a high-speed fibre optic-based communications protocol which is
mostly used for storage device access in Storage Area Network (SAN) environments.
Instructor Notes:
Purpose Introduce some of the network interfaces that are available with AIX.
Details You may want to mention that this visual hasnt been updated recently and might
not reflect some recent developments.
This is the first of several visuals that walk up the TCP/IP protocol suite. In a classroom
with two projectors leave the last page on the other projector while showing these. This
helps students place the component--keep the big picture.
TCP/IP can work over many different interfaces and adapter cards.
Discussion Items How many of you work with sites with Token-Ring? How many with
Ethernet? What other types of connections do you have?
Additional Information Current network adapter types and associated feature codes
include the following:
4962 - 10/100 Mbps Ethernet PCI II
5701 - 10/100/1000 Mbps Base-TX Ethernet PCI-X
2732 - HiPPI
1810 - GX Dual Port 4x IB HCA
5718 - 10Gbps Ethernet SR
5719 - 10Gbps Ethernet LR
The 10GBASE-SR media types are designed for use over short wavelength (850 nm)
multimode fiber (MMF). The design goal of these media types is from 2 meters to 300
meters of fiber distance, depending on the type and quality of the multimode fiber. Longer
distances are possible depending on the qualities of the fiber optic cable used. The
10GBASE-SR media type is designed for use over dark fiber, meaning a fiber optic cable
that is not in use and that is not connected to any other equipment.
The 10GBASE-LR media types are designed for use over long wavelength (1310 nm)
single-mode fiber (SMF). The design goal of these media types is from 2 meters to 10
kilometers (32,808 feet) of fiber distance, depending on cable type and quality (longer
distances are possible). The 10GBASE-LR media type is designed for use over dark fiber.
There are other 10G standards - such as 10GBASE-LW/SW (designed for connecting
SONET equipment) - for which IBM does not produce adapters for use with AIX.
Be aware of the difference between FIBER and FIBRE (medium and protocol).
ATM has become an important international standard for high-speed, cell-relay networking.
It is capable of carrying voice data and video over existing wiring. It is applicable to both
LAN and WAN networking and is standards based.
For information on high-speed networks, refer to High-Speed Networking Technology: An
Introductory Survey, GG24-3816-02 and for ATM support, refer to Internetworking over
Uempty ATM: An Introduction, SG24-4699-0. For more information regarding the SP Switch, refer
to Understanding and Using the SP Switch (SG24-5161-00).
Transition Statement Ethernet, Token-Ring and FDDI all have burned-in addresses on
the hardware adapter. Let's see how that address is structured.
02:60:8C:2E:9B:CA Hexadecimal
or
02608C2E9BCA Hexadecimal
Notes:
Introduction
Each network adapter has a unique 48-bit media access control (MAC) address.
Eight bits make up one byte or one octet, so a MAC address can also be thought of as
consisting of 6 bytes or 6 octets, as shown on the visual.
As the visual also shows, a MAC address can be represented using 12 hexadecimal
digits, since 1 hexadecimal digit can represent 4 bits.
Instructor Notes:
Purpose Describe the physical or hardware address.
Details Hardware address--48 bits or in hex.
The address is usually burned in. Each manufacturer has a unique value for the first 24
bits. Some cards can be overwritten.
This is used by administrators. For example, when using machines that boot from a server
to find its IP address, the hardware address has to be supplied in configuration files to the
server.
Locally administered addresses can be useful to indicate the physical position of
equipment. For example, the first byte can represent the country, the second the city, the
third the building, the fourth the floor, and the fifth the room.
Transition Statement Before discussing how the hardware address is used, we need to
move up one layer to the Internet layer and discuss the packet delivery protocol, IP.
Uempty
IP Protocol
Packet delivery protocol (datagram)
Best effort - no guarantees
IP addressing specifies the source and target hosts
Handles the routing of packets to other machines in the network or
other networks
Packet fragmentation and reassembly
Fragment size determined by MTU
Priority indication
Notes:
IP addresses
IP uses IP addresses to specify source and target hosts on the Internet. The IP address
is unique for every host.
IP routing
IP routing is an important function of the IP layer. The IP routing mechanism only
considers the IP network address part of destination IP addresses. Each host keeps an
IP routing table.
Indication of priority
Each IP packet can have a priority indication which identifies the type of service that is
needed: low latency, high bandwidth, low cost or maximum reliability. Unfortunately, this
priority mechanism is not often implemented: all packets are often using the same path
to a destination, regardless of their type of service, and are transmitted on a first-come
first-served basis.
Uempty
Internet Address
32-bit Address
64 32 16 8 4
128
2 1
Notes:
Introduction
The Internet Protocol V4 (IP V4) uses a 32-bit, two-part logical address field. As shown
on the visual, the 32 bits may be divided into four octets (bytes).
Internet Addressing
7 bits 24 bits
Class A 0 Net-ID HOST-ID
14 bits 16 bits
Class B 10 Net-ID HOST-ID
21 bits 8 bits
Class C 110 Net-ID HOST-ID
28 bits
Class D 1110 Multicast Address
27 bits
Class E 11110 Experimental and Research
Copyright IBM Corporation 2006
Notes:
Parts of an IP address
There are two logical addresses in each IP address:
- A network address, representing the physical network within the Internet. The
network address of the IP address is unique and is handled by an Internet registry.
- A local address or host address, specifying an individual host or gateway within that
network.
This idea can be represented as follows:
IP address = <network address><host address>
Instructor Notes:
Purpose Explain the different classes of IP addresses.
Details This visual is very similar to the next one, so keep discussion separate. IP has
different classes of networks for the different scenarios described.
The initial bit pattern shows whether it is a class A, B, C, or D address.
A Class A address consists of an 8-bit network address and a 24-bit host address. The first
bit in the network address is dedicated to indicating the network class leaving seven bits for
the actual network address. Since the highest number seven bits can represent in binary is
128, there are 128 possible Class A networks. IBM has the Class A network of 9. Since
there are so few Class A addresses to give out, the organization must be extremely large.
A Class B address consists of a 16-bit network address and a 16-bit host address. The first
two bits in the network address are dedicated to indicating the network class leaving 14 bits
for the actual network address.
A Class C address consists of a 24-bit network address and an 8-bit host address. The first
three bits in the network address are dedicated to indicating the network class leaving 21
bits for actual network addresses.
A Class D address is a multicast address which effectively is a broadcast to a fixed group
of machines than can be on different networks. There is no network or host portion. The
first 4 bits are 1, 1, 1, 0 and the remaining 28 bits identify the multicast group.
When deciding which network address class to use, you need to consider how many hosts
there will be on a network. If your organization is small and has less than 256 hosts on the
network, a Class C address is sufficient. If you are connecting to the Internet, an address
needs to be obtained from the appropriate Internet Address Registry. In the United States
this is the American Registry for Internet Numbers (ARIN). In most cases today, ARIN does
not assign IP addresses to end users. Instead, it allocates blocks of contiguous Class C
addresses to the larger Internet Service Providers. They then assign addresses from this
block to their customers and to smaller ISPs to whom they sell bandwidth. Typically, a
customer who later wishes to transfer to another ISP must return the IP numbers and
renumber with the new ISP.
Discussion Items Which class for which scenarios? Do you need to know initial bit
pattern? NO--but it has obvious effects on the IP address--refer to next page.
Additional Information In Class A addresses, the first bit (0) is also referred to as the
high order bit. In Class B, the highest order bits are set to the first two (1 and 0). In Class C,
the highest order bits are set to the first three (110).
There are actually five classes of IP addresses. The fifth class is Class E. The first five bits
of the 32 bit address are 11110. The remaining 27 bits are reserved for future use. This
class is seldom seen but is used for research and experimentation.
Transition Statement Let's see how many networks and hosts we can have within each
address class.
Uempty
Internet Address Class Ranges
Notes:
- Class D addresses are reserved for multicasting. (Multicasting is a limited area type
of broadcasting.) There is no network or host portion in a multicast address. It is an
integer number registered with the Internet Network Information Center (InterNIC)
that identifies a group of machines.
127.0.0.1 Loopback
Identify a
Network Address 0000000000000000 Network
Direct
Network Address 1111111111111111 Broadcast
Address
! What is the Difference?
Limited
11111111111111111111111111111111 Broadcast
Address
Notes:
Network addresses
An IP address with all host bits set to zero identifies a network. For example, 26.0.0.0
refers to network 26; 128.66.0.0 refers to network 128.66. Addresses in this form are
used in routing tables to refer to networks.
Instructor Notes:
Purpose Identify reserved IP addresses.
Details All 0 bits stand for this this network with host address portion = 0 used in
routing to designate the network portion of the address.
All 1 bits stand for all all networks or all hosts used to send broadcast messages to all
hosts on a network.
Additional Information Some routers (for example, Cisco) now use loopback
addresses other than 127.0.0.1.
Some old versions of BSD (BSD 4.2 and earlier) used a broadcast address where the host
bits were all set to zero. This would play havoc with routing which uses all zeros in the host
address to mean a network address. Most systems derived from BSD 4.2 or earlier have
been patched or upgraded to resolve this problem.
Transition Statement Let's see how these addresses get assigned.
Uempty
Address Assignment
Private networks
Choose any valid addresses/names (within reason)
Should use reserved private network addresses (RFC 1918)
10.0.0.0 / 172.16.0.0 - 172.31.0.0 / 192.168.0.0
The Internet
African Network Information Center (AfriNIC)
American Registry for Internet Numbers (ARIN)
Asia Pacific Network Information Centre (APNIC)
Latin American and Caribbean IP Address Regional Registry
(LACNIC)
Rseaux IP Europens (RIPE)
Copyright IBM Corporation 2006
Notes:
Current RIRs
There are currently five RIRs:
- African Network Information Center (AfriNIC), covering the continent of Africa
(www.afrinic.net)
- American Registry for Internet Numbers (ARIN), which we have already mentioned
- Asia Pacific Network Information Centre (APNIC), covering the Asia Pacific region
(http://www.apnic.net)
- Latin American and Caribbean IP Address Regional Registry (LACNIC), covering
the Latin American and Caribbean region (www.lacnic.net)
- Rseaux IP Europens (RIPE), covering Europe, the Middle East, and parts of Asia
(http://www.ripe.net)
Notes:
Physical address
Each adapter vendor has a separate range of addresses for its adapters. Each network
adapter manufactured by the vendor is assigned a unique identifier taken from this
range of addresses. This identifier (physical address) is stored in ROM on the adapter.
Logical address
The IP Protocol deals only with logical or Internet addresses. These addresses are
assigned by the system administrator of your LAN. Each network interface has its own
unique Internet address.
Instructor Notes:
Purpose Discuss how referencing a network device occurs at three levels.
Details Referencing a system occurs at three levels: people, software, hardware.
Software uses IP addresses.
Each IP address has to be translated into a hardware address at the network interface
level.
With multiple cards, each interface must have a unique IP address assigned to it and, if
using names, a unique name.
Transition Statement We have covered the basic facilities of the Internet Protocol.
Let's look at another protocol in the Internet layer - ARP.
Uempty
LANs and Address Resolution Protocol (ARP)
The ARP protocol is used to determine the MAC address of your
party
Broadcast destination IP address to anyone
Only the destination replies with its MAC address
ARP is invoked automatically by IP if the destination MAC address
is not known
Cached in the ARP table
View table with arp -a
2 1 2
"128.10.1.1 is 00608C2FB5A5" "Who is 128.10.1.1" "Not me!! Discard"
3 ARP Table:
sys1 128.10.1.1 00608C2FB5A5 Ethernet
Notes:
Introduction
The Address Resolution Protocol (ARP) is responsible for converting unique IP
addresses into unique physical machine addresses. ARP uses the broadcast facility of
networks to discover the hardware (physical) address.
other host on the same network which has an entry in its ARP cache for the old
hardware address, to update its table.
Reverse Address Resolution Protocol (RARP) - RARP provides a way for a machine
to find out its IP address if it only knows its hardware address. This is most often used by
diskless systems during boot up. The system broadcasts its hardware address to the
network, and a server set up on the network responds with the IP address of that
system. RARP is rarely used now because all the information it can provide is the IP
address. bootp is often used instead, and it is capable of passing additional information
such as:
- Host name
- Subnet mask
- Default gateway
- Nameserver
- Boot file
- Vendor specific information
Transition Statement Let's look at another protocol in the Internet Layer.
Uempty
ICMP Protocol
Used to communicate error and control messages for IP
Integral to IP operation, but functionally separate
ICMP messages are sent using IP datagrams
Reports errors on any IP datagram with the exception of IP
datagrams containing ICMP messages
Used by the ping command
Notes:
Integration of ICMP
ICMP uses IP as if it were a higher-level protocol; however, ICMP is an integral part of
IP and must be implemented by every IP module. ICMP is a standard protocol and is
required. Also, ICMP is embedded in the kernel, and no API is provided for this
protocol.
Notes:
Ports
Each process that wants to communicate with another process needs to identify itself in
some way. The logical construct used by TCP/IP to accomplish this task is called a port.
A port is a 16-bit number that uniquely identifies application processes (also called
network services). The source port number and the destination port number are
contained in the header of each TCP segment or UDP packet.
Port numbers are defined in the /etc/services file. Port numbers from 0-1023 are called
well-known published ports and are reserved for standard applications like telnet and
ftp.
When a datagram arrives at its destination based on the destination address, IP checks
the protocol. The data delivered to the transport protocol contains the destination port
number that tells the transport protocol to which application process the data needs to
go.
Uempty Sockets
A socket is a combination of IP address and port number and protocol family, which
uniquely identifies a single network process. A socket is also referred to as a
communication end point.
Connections
To distinguish between duplicate requests sent to the destination host, the source
socket information is included as part of the request. The combination of information of
both sockets makes the connection unique as shown below:
<protocol, source-address, local-port, destination address,
destination-port>
Request 1:
<tcp,128.66.12.2,3044,192.178.16.2,23>
Request 2:
<tcp,128.66.12.2,3050,192.178.16.2,23>
An association is the 5-tuple (five pieces of information transferred as shown above)
that completely specifies the two processes that comprise a connection.
A half-association specifies each half of a connection which includes the protocol,
source or destination address, and source or destination port.
Instructor Notes:
Purpose Define the principles of ports and sockets with the TCP/IP suite.
Details Introducing port and sockets does not fit in smoothly at this point, but they are
needed in describing UDP, TCP, and /etc/services, which follow. Before two programs can
communicate with each other, both must initialize communication end points. Connections
to a system are distinguished by a port number, which serves as a sort of mailbox number
for datagrams. Once a port has been assigned, any datagrams the application program
sends through the port will have the port number in the transport port field.
Additional Information Another analogy that may be used to explain ports and sockets
may be as follows:
SOCKET TELEPHONE
IP Address:
Network# Area Code
Host ID Phone#
Port# Extension
The socket interface is one of several application programming interfaces (APIs) to the
communication protocols. Designed to be a generic communication programming
interface, it was first introduced by the 4.2BSD UNIX system. Although it has not been
standardized, it has become a de facto industry standard.
We can differentiate three socket interface types, based on the service provided by each
type:
1. Stream socket interface
It defines a reliable connection-oriented service (over TCP for example). Data is sent
without errors or duplication and is received in the same order as it is sent. Flow control
is built in to avoid data overruns. No boundaries are imposed on the exchanged data,
which is considered to be a stream of bytes. An example of an application that uses
stream sockets is the File Transfer Program (FTP).
2. Datagram socket interface
It defines a connectionless service (over UDP for example). Datagrams are sent as
independent packets. The service provides no guarantees; data can be lost or
duplicated, and datagrams can arrive out of order. No disassembly and reassembly of
packets is performed. An example of an application that uses datagram sockets is the
Network File System (NFS).
3. Raw socket interface
It allows direct access to lower-layer protocols such as IP and ICMP. This interface is
often used for testing new protocol implementations. An example of an application that
uses raw sockets is the PING command.
Uempty The port numbers from 0 up to 1023 are called well known port numbers and are fixed by
the Internet Assigned Number Authority (IANA). The port numbers above 1023 are free.
However, if you intend to offer a certain service on the Internet, you can register with the
IANA and get a certain port number assigned to it. IANA maintains a document entitled
Port Numbers (last updated 12 January 2006 at the time these materials were written).
The port numbers listed are divided into three ranges: the Well Known Ports, the
Registered Ports, and the Dynamic and/or Private Ports. As previously mentioned, the Well
Known Ports are those from 0 through 1023. The Registered Ports are those from 1024
through 49151. The Dynamic and/or Private Ports are those from 49152 through 65535.
Port Numbers is currently available at http://www.iana.org/assignments/port-numbers.
From November 1977 through October 1994, IANA periodically published tables of the
Internet protocol parameter assignments in RFCs entitled, Assigned Numbers. The most
current of these Assigned Numbers RFCs had Standard status and carried the designation:
STD 2. Since 1994, this sequence of RFCs has been replaced by an online
database/document accessible through a web page (currently, www.iana.org). RFC 3232
noted this fact and officially obsoleted RFC 1700 (the last of the sequence of Assigned
Numbers RFCs), whose status changed to Historic. RFC 1700 is obsolete, and its values
are incomplete and in some cases may be wrong.
Confusion that could be caused by two different applications trying to use the same port
numbers on one host, is avoided by designing applications in such a way that they must
request an available port from a list of unused and not assigned port numbers. Due to this
dynamic port assignment for ports above 1023, the number may change when an internal
process is invoked several times. TCP and UDP both use the same port principle.
Transition Statement Let's take a look at an example of the /etc/services file, which
lists port numbers and their corresponding services.
/etc/services
# Network services, Internet style
#
tcpmux 1/tcp # TCP Port Service Multiplexer
tcpmux 1/udp # TCP Port Service Multiplexer
compressnet 2/tcp # Management Utility
compressnet 2/udp # Management Utility
compressnet 3/tcp # Compression Process
compressnet 3/udp # Compression Process
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
msp 18/tcp # Message Send Protocol
msp 18/udp # Message Send Protocol
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
telnet 23/tcp
smtp 25/tcp mail
Copyright IBM Corporation 2006
Notes:
Introduction
The purpose of the /etc/services file is to define the port portion of the socket and
protocols used for Internet services. The fields are: official Internet service name,
socket port number used for the service, transport protocol used for the service, and
aliases, if desired. The file can be edited as necessary.
Note that this visual does not show a complete listing of the file.
TCP
Connection Oriented
n ection
Con
W E
Connectionless UDP
Notes:
Connectionless networks
Another important principle in networking is the presence or absence of a connection.
You may think, But of course there is a connection. True, however, the network may
not be aware of it. For a so-called connectionless network (protocol), the network does
not keep track of the state of the successive packets of information between two
communication partners. The network treats each packet, called a datagram, as an
individual unit without making any assumptions about the relationship of that packet to
other packets in the network. The connection between the individual pieces of
information is made at a higher level; this may be the transport level or the application
itself.
This means, for example, that, a client employing a connectionless network must send
a datagram containing a request to a server, which the server receives without prior
notice. The server must construct one or more datagrams containing the response, and
send those to the requester. All those datagrams, as far as the network is concerned,
Uempty are unrelated to each other. The relationship between the datagrams is based only on
agreements between users of the network.
Connection-oriented networks
A connection-oriented network, on the other hand, actively participates in the
establishment of a connection between the two remote partners. The network can
distinguish packets that flow between two communicating entities from all other packets
in the network. The packets that belong to a connection are numbered and sequenced,
making detection of missing packets and other errors easy. Having participated in the
connection setup also means that the network has knowledge of all connections, and
can therefore manage its resources on a connection basis.
Instructor Notes:
Purpose Describe the difference between connectionless and connection-oriented
sessions.
Details
Connection Oriented Communication
Three phases: Setup, Data Transfer, Takedown
Analogous to the phone system
Characteristics:
- Guaranteed delivery via acknowledgements
- Flow control via windowing
Determine route during Setup phase
Connection-oriented protocols mirror the telephone system. (The visual is meant to
suggest this comparison.) There are three phases in telephone communication:
1. Setup Phase --> dialing, saying hello and getting the right party on the line
2. Data Transfer Phase --> Talking
3. Take-Down --> saying good-bye and hanging up.
As part of the setup phase, connection-oriented protocols typically offer guaranteed
delivery of data, using acknowledgements to assure data is transmitted correctly. When
one end of a connection sends data to the other end, it holds onto a copy of the data until it
receives an acknowledgement that the data was received properly. If it does not receive an
acknowledgement within a certain window (or before a timer pops), it retransmits the data.
After five or six retransmissions without success, the sending station takes down the
connection, sequence numbers are used to correlate acknowledgements, and windowing
techniques (one can send a window worth of data and must then wait for an
acknowledgement) are used for flow control. In addition, data routes are typically
determined as part of the connection process. The same route is used for the duration of
the connection. Since routes are determined at connection setup time, data packets do not
need to contain a long address to route it; a connection identifier is enough.
Connectionless Networks
Connectionless networks more closely resemble the mail system. (The visual is meant to
suggest this comparison.) The mailing system requires that each and every letter, postcard,
or packet has the full address of the receiver. The postal service delivers mail without prior
notice to the receiver. The receiver reads it and may decide to answer (a return address
must be included then). There is no setup of a connection, no fixed paths for delivery and
each piece of mail is routed independently of the others.
In connectionless networks, each data packet must contain all the information required to
get it to its destination. Each packet can be routed without regard to which path the
Uempty previous packet took or which path the next packet takes. If a link goes down, there is no
connection to take down; subsequent packets are simply routed over alternate paths.
Most connectionless protocols do not acknowledge receipt of data or have any mechanism
for flow control (they offer best effort delivery). However, using a connectionless network
does not preclude a higher level protocol implementing an acknowledgment scheme and
flow control.
An example from daily life may serve to illustrate the functioning of connectionless
transport.
A person from Scandinavia moves for a longer period of time to the United States of
America, with the intention of returning to his/her country. To keep up with the day-to-day
happenings in the homeland, the decision was made to order Dagens Nyheter (the local
newspaper) to be sent to the United States for the period of one year. Since the news
doesn't have to be the latest news, surface transportation was ordered.
Note: A generic term can be used here, Class of Service. For example, airmail could have
been selected instead of surface mail.
After moving to the United States of America, it takes at least one month before the first
Dagens Nyheter arrives. Also, the delay between two deliveries varies and more important,
there is no guarantee whatsoever that all newspapers arrive in the same order as they
have been sent. It is up to the user to sort them in the correct sequence for reading. Should
a newspaper fail to arrive, it is up to the reader to detect the missing newspaper and to ask
specifically for a substitute.
To summarize the basic properties of a connectionless network:
Single phase data transfer (no setup or take-down)
Analogous to the mail system
Characteristics
- Best effort delivery without acknowledgement
- Typically no flow control mechanism
- Each data frame contains all routing information
Transition Statement Let's now take a look at the UDP protocol in the transport layer.
UDP is an example of a connectionless protocol.
UDP Protocol
A connectionless application interface to IP
No reliability, error recovery or flow control
Provides a multiplexer/demultiplexer function for sending/receiving
IP datagrams
Uses ports
Does not assure datagram delivery or duplication protection
Notes:
Overview of UDP
UDP is a simple, connectionless transport protocol. It is basically an application
interface to IP. It adds no reliability, flow control or error recovery to IP. It simply serves
as a multiplexer/demultiplexer for sending or receiving IP datagrams, using ports to
direct the datagrams.
UDP allows the sender to specify a source and a destination source port number which
could be a well-known port. A checksum is computed to ensure the reliability of the
addresses. These two features ensure the sending and receiving applications have the
correct delivery of a message. No other reliability is added to the UDP protocol.
UDP and IP do not provide any reliability, so it is up to the application program to
provide for flow control and error recovery.
Instructor Notes:
Purpose Explain the UDP protocol.
Details Explain that there are two types of services to support the user application--TCP
and UDP. Both are used to take a stream of data from the program and break it into
packets.
UDP provides a connectionless service. This means it takes the message and sends it to
the destination without waiting for an acknowledgement. As a result, it is usually quick.
An analogy useful in discussing UDP is mailing a letter. Do you know whether the
addressee receives it? Do you know when it is received? If you send more than one letter,
do you know whether the letters arrive in order? No, but all those considerations require
overhead.
Sometimes UDP is called unreliable because it does not provide those services. Actually,
the implementation is such that the network is reliable, so that loss is rare. If delivery is
critical, then the necessary steps to ensure reliability are built into the application.
Transition Statement TCP is the other commonly used transport protocol. It is a
connection-oriented protocol. Let's see how it differs from UDP.
Uempty
TCP Protocol
Connection-orientated application interface to IP
Provides reliability and error recovery
Each byte transmitted requires an acknowledgment
Retransmission of missing packets
Flow control
Receiver indicates to the sender the number of bytes it can
receive without buffer overflow
Full duplex
Notes:
Introduction
The Transmission Control Protocol (TCP) is a connection-oriented, end-to-end, reliable
protocol providing logical connections between pairs of processes. Within TCP, a
connection is uniquely defined by a pair of sockets.
Characteristics of TCP
TCP can be characterized by the following facilities:
Stream data transfer: TCP transfers a contiguous stream of bytes through the
network. The application does not have to bother with chopping the data into basic
blocks or datagrams.
Reliability: TCP assigns a sequence number to each byte transmitted and expects a
positive acknowledgement from the receiving TCP. If the acknowledgement is not
received within a time-out interval, the data is retransmitted.
Flow control: The receiving TCP indicates to the sender the number of bytes it can
receive beyond the last received segment without causing overrun and overflow in
its internal buffers.
Multiplexing: TCP allows many processes within a single host to use TCP
communications facilities simultaneously. This is achieved through the use of ports.
Logical connections: TCP initializes and maintains certain status information for
each data stream. The combination of this status, including sockets, sequence
numbers, and window sizes, is called a logical connection.
Full duplex: TCP provides for concurrent data streams in both directions.
Multiplexing
Is achieved through the use of ports, just as with UDP.
Logical Connections
The reliability and flow control mechanism described above requires that TCP
initialize and maintain certain status information for each data stream. The
combination of this status information, including sockets, sequence numbers and
window-sizes, is called a logical connection (or virtual circuit). Each connection is
uniquely identified by the pair of sockets used by the sending and receiving
processes.
Full Duplex
TCP provides for concurrent data streams in both directions.
Transition Statement Let's take a look at the flow control, called windowing, used by
TCP in more detail.
Uempty
The TCP Window Principle
Segment size = 4096 (4 KB)
Window size = 32768 (32 KB)
initial window
S S S S S S S S W W W W W W W W ...
Send 32 KB of data, window closed
window slides
A S S S S S S S M W W W W W W W ...
Received ACK of 4 KB of data, window open
A S S S S S S S S W W W W W W W ...
Next 4 KB data sent, window closed
A sent / ACKed S sent / not ACKed M may be sent immediately W waiting to be sent
Notes:
Common Principles
Notes:
Instructor Notes:
Purpose Identify some of the most common applications in the TCP/IP suite. We are
now at the top layer of the architecture.
Details Explain the acronyms so students will understand when you refer to them. There
are many other applications that use TCP/IP. Some others can be seen by looking at the
/etc/services file where applications, the protocol they use, and the port numbers they use
are listed. Remember, these applications are the ones that have registered with the IANA.
Others may have ports assigned dynamically at startup when they register with the
portmap daemon. We discuss the portmap daemon when we get to NFS.
Transition Statement Let's put this all together and see how application data flows
through the protocol layers.
Uempty
UDP Data Flow
APPLICATION
DATA DATA
User
Kernel
Transport Layer UDP DATA
Datagram
FRAGMENT 1 FRAGMENT 2
Internet Layer IP UDP DA IP TA Datagram
MTU
(IP Fragmentation)
Network
LINK IP UDP DA CHKSUM Frame
Interface
Layer
Notes:
IP layer activity
Since UDP does not control the amount of data to be sent in each datagram or UDP
message, and it is only limited by the amount of memory assigned to the specific
socket, the IP layer must assure that the amount of data passed to the lower layers can
be handled by them. This is not global, but it is based on the destination address of the
outgoing message, which defines the adapter to be used to send the packet.
If the total amount of data to be sent through a specific adapter, including protocol
headers, is larger than the amount of data that the adapter can handle at once (MTU),
the IP layer fragments (the process is called IP fragmentation) the data to comply with
the MTU. Each fragment includes an IP header with a sequence number that is used by
the destination system to reassemble the packet. If the destination address is not local,
the packet is not reassembled until arrival at its final destination, which means that each
fragment could be even more fragmented if MTUs are smaller in other intermediate
networks.
DATA DATA
User
Kernel
Transport Layer TCP DA TCP TA Segment
MSS
Network
LINK IP TCP DA CHKSUM Frame
Interface
Layer
Notes:
IP layer processing
IP adds its header information of IP destination and source address to the TCP
segments and passes the IP packet to the network interface.
Instructor Notes:
Purpose Explain TCP data flow.
Details A TCP/IP network can transfer any unstructured stream of data. In order to
transport this data across a network, it is split into multiple pieces by the transport layer
(TCP or UDP). These are reassembled by the transport layer at the destination so that the
application receives the data in the same form as it was sent.
TCP will add header information for TCP on the destination system. This identifies the
destination program and includes checksums to ensure data integrity and sequence
numbers so that packets are repackaged in the correct order.
An IP datagram is the basic unit of information passed across the network. It contains the
source and destination address along with the data from the transport layer. Internet
protocol is responsible for routing this datagram to its destination.
The network interface layer then packages the data for transmission across the physical
media. The transmitted package is called a frame. The size and format of a frame varies
between different types of networks.
A datagram can be larger than the maximum frame size for a particular type of network.
These datagrams are fragmented by the network interface into multiple frames. Each frame
is sent (with appropriate checksums and sequence numbers), and the receiving network
interface reassembles these before passing the datagram to the IP layer on the destination
host.
Transition Statement Now that we have an idea of the layers, let's see how these are
used to connect networks together.
Uempty
Network Connections
Ethernet
Token Bridge Hub
Ring
(IP)
Repeater
Gateway
Token
Ring X.25
(SNA)
router
Gateway
Notes:
Physical network
On a physical network, all hosts are linked by the same media, such as a single
Ethernet or token ring.
Logical network
A logical network consists of one or more physical networks connected by repeaters or
bridges. All hosts in a logical network share the same IP network address.
With a bridge or repeater, the network is considered by TCP/IP to be one network
because all data is passed between networks at a level lower than the network layer.
This means only one IP network address is required to address all hosts on the
interconnected physical networks.
Inter-network (internet)
An inter-network or internet contains multiple logical networks connected by routers or
TCP/IP gateways. All data is passed at the network layer so each component network
must be given a separate IP network address. It is IP that is providing the router
functionality based upon those IP network addresses.
The linking of logical networks that use different protocols is done through a gateway
which may even perform a protocol conversion. This is a relatively new use of the term
gateway in TCP/IP discussions and can often be confusing if taken out of context.
Many composite bridge or router devices exist which can be used to link different types of
networks and pass data between them.
This chart is a good place to introduce the fact that a router or host with multiple interfaces
must have a different IP address for each interface.
Note: In TCP/IP, the term gateway is often used to refer to an IP router. To know which way
the term gateway is being used, check the context in which it is being used.
Additional Information A network in general terms can be seen as a collection of
network nodes or switches through which a packet or datagram must travel to reach a
predetermined exit point from the network. Selecting a path through a number of those
switches that guarantees the service requirements of the user is typically a task associated
with routing and routers. The observant reader may notice that this definition is also true for
bridges in a local area network. It is therefore useful to make a distinction between a bridge
and a router.
A bridge makes two physical networks appear like one single logical network.
A router makes two physical networks appear like two logical networks.
Transition Statement Now, let's look at a newer technology that is very similar to
bridging.
Uempty
LAN Switching
Single logical Switches can provide:
IP network Full duplex transmission
VLAN support
Virtual Etherchannel
LAN Segment Layer 3 routing
VLAN LAN Segment
Ethernet
Switch
Notes:
VLAN support
Use of VLANs allows the administrator to arbitrarily group systems from the physical
networks into virtual networks. This allows related systems to reside in the same logical
IP networks, improving performance and ease of use. A switch that you have
implemented VLANs on now has multiple broadcast domains, similar to those delimited
by routers. But you still need a router to route from one VLAN to another; the switch
can't do this by itself, unless it is Layer 3 capable. (Refer to the paragraph below entitled
Routing for more details.)
Routing
Certain advanced switches support Layer 3 routing. A Layer 3 switch is extremely
similar to a router. When a router receives a packet, it looks at the Layer 3 (the network
layer) source and destination addresses to determine the path the packet should take.
A standard switch relies on the MAC addresses to determine the source and destination
of a packet, which is Layer 2 (data) networking. The fundamental difference between a
router and a Layer 3 switch is that Layer 3 switches have optimized hardware to pass
data as fast as Layer 2 switches, yet they make decisions on how to transmit traffic at
Layer 3, just like a router would. Within the LAN environment, a Layer 3 switch is
usually faster than a router because it is built on switching hardware. For example,
many of Cisco's Layer 3 switches are actually routers that operate faster because they
are built on switching hardware with customized chips inside the box.
Uempty Etherchannel
Etherchannel is a technology of logically grouping together interfaces on a multi-homed
host. This logically grouped series of interfaces appears as a single interface but in fact
shares multiple communication pipes. Both host and switch must support Etherchannel
for this to work.
Instructor Notes:
Purpose Provide an overview of LAN switching and how it relates to IP.
Details LAN switches are the follow-on technology to bridging. In principle, the two are
quite similar, since they both operate at layer two in the OSI model and are largely
transparent to layer three protocols such as IP. However, switches are much higher
performance devices and also support advanced features such as VLANs.
One technology used in some switches to boost performance is cut-through switching.
Here, the leading edge of the frame is transmitted on the outgoing interface before the
complete frame has been received into the switch. This is in contrast to the store and
forward technique used in bridges and most routers.
Switches are very popular today and it is quite common to find an entire building or even
campus that uses switches to create a single logical IP network.
Transition Statement When we discussed addressing earlier, it was mentioned that the
network address is assigned to you. What if you really need to have several physical
networks but have only one network address? Use subnetting.
Uempty
Subnetting
Allows an autonomous system made up of multiple physical
networks to share the same Internet network address
Outside
Notes:
Setting up subnetting
Implementation of subnetting involves the following steps:
- The network administrator decides how many subnetworks and hosts are necessary
- Network administrator selects how many and which bits of the host address portion
of the IP address are subnetted to be used as part of the network address portion
- The subnet mask is configured on the router and all machines on the subnets
With subnetting, one address may be known to the Internet, while internally the packets
are distributed to the correct network.
Subnetted Address
Address without subnetting:
Network Host
ID ID
With subnetting:
Subnetwork ID Address
Host
Network Subnet ID
Portion Portion
111 ... ... ... ... 111 000 ... 000 Mask
Notes:
Introduction
With subnetting, the structure of the IP address is changed to allow several
subnetworks to be addressed within a single network. To do this, some of the bits
originally used for the host ID are taken for use as the subnetwork ID.
Uempty the subnetwork ID, which has the same purpose in the subnetted case that the network
ID does in the non-subnetted case. The host ID (the bits left after the subnetwork ID)
uniquely identifies hosts within subnetworks.
Special cases
Note that as with network and host IDs, the subnetwork portion is not allowed to consist
of all zeroes or all ones. Thus, while a one octet subnet portion provides 256
combinations of zeroes and ones, the values 00000000 and 11111111 are reserved and
therefore the octet provides addressing for only 254 subnetworks.
Instructor Notes:
Purpose Explain the structure of subnetted addresses.
Transition Statement Let's consider an example.
Uempty
Subnetting Example
Class B address without subnetting:
Network ID Host ID
10000001 01110000 00000011 00000111
129 112 3 7
With subnetting:
Subnetwork ID Host ID
10000001 01110000 00000011 00000111 Address
129 112 3 7
Notes:
outside treat the network as a single class B network. As long as there is only one way
to enter and exit the network, this fiction is harmless, and in fact makes routing and
administration simpler outside the class B network. If there are multiple ways to
enter/exit the network, then at least some of the systems outside would also have to
understand the subnetworking structure.
CLASS A
{ 11111111 00000000 00000000 00000000 Binary
{
11111111 11111111 00000000 00000000 Binary
CLASS B
255.255.0.0 Dotted Decimal
Dotted Decimal
Notes:
Concept of masking
Subnet masks define the network address portion of the IP address.
A subnet mask is 32 bits. A bit value of 1 in the subnet mask indicates that bit position is
part of the network address portion of the IP address.
Default masks
There are default subnet masks set with each class of address. Using an address mask
that is the default for an address class indicates that subnets are not in use for the
network.
Notes:
Introduction
The subnet portion of the IP address does not have to be adjacent to the network
portion. In fact, the subnet portion can be any bits from the host ID portion. The netmask
determines which bits from the host ID portion constitute the subnet bits.
Subnet requirements
Note the following requirements for subnets:
- Network address is constant for all subnets
- Hosts on a subnet usually share the same physical cable
- Subnet address is usually constant throughout the physical network
- At least one bit must be used for the host ID
- Subnetmask is netmask for IP class plus 0 or more bits
Uempty - If used, subnetting must be used throughout a network associated with a given net
ID.
Discussion of example
The number of available networks in this example is 14 (24 -2).
The number of host addresses available per subnet are 4094 (212 -2). Valid subnet
network addresses are 16, 32, 48, 64... 224.
The following table lists the valid subnet values for subnet mask of 255.255.240.0.
0001 16
0010 32
0011 48
0100 64
0101 80
0110 96
0111 112
1000 128
1001 144
1010 160
1011 176
1100 192
1101 208
1110 224
For each of these subnets, 4094 addresses are available for hosts because the
right-most 12 bits are the host portion (giving 2 to the 12th power = 4096 possibilities)
and two of those possibilities (all zeros and all ones) are reserved.
The subnet 129.112.16.0 contains hosts whose IP addresses range from 129.112.16.1
to 129.112.31.254. Subnet 129.112.32.0 will have addresses ranging from 129.112.32.1
to 129.112.47.254.
Special cases
As in the IP addressing restrictions, all zeros and all ones cannot be used for subnet
ids. All zeros means this subnet and all ones means all subnets.
Subnetting Scenario
129.112.64.3 Subnet
Subnet 129.112.128.0
129.112.64.0 129.112.128.3
129.112.64.2 129.112.128.2
Notes:
Broadcast address
The broadcast address for a subnetwork is the address to which a packet would be sent
so that all systems in that subnetwork receive a copy. The broadcast address is formed
by taking the subnetwork's full address and setting all the host bits to one. This is
illustrated at the bottom of the visual.
Notes:
Additional Information
Transition Statement Now, lets consider supernetting.
Supernetting (CIDR)
192.17.129.10 192.17.130.10
192.17.128.12
192.17.128.10
192.17.129.11
192.17.130.11
Router Router
192.17.128.11
192.17.129.12 192.17.130.12
192 17 130 0
Notes:
Overview of supernetting
Whereas subnetting takes part of the host portion of the IP address and adds it to the
network portion, supernetting works the opposite way. It effectively reduces the number
of bits used for the network portion. This technique allows a number of Class C
addresses to be aggregated into a single address for routing purposes.
Routing tables had become swollen with numerous Class C addresses by the early
1990s, leading to fears that some routes would be omitted, making those networks
unreachable. In response, a system called Classless Interdomain Routing (CIDR) was
developed. With CIDR, the Internet Registries allocate blocks of Class C addresses to
Internet Service Providers, who assign them to customers.
Instructor Notes:
Purpose Provide an overview of how supernetting works.
Details CIDR is documented by RFCs 1517 through 1520. The RFCs refer to the
network address and mask as a prefix. The following is a table of the most commonly used
CIDR prefixes. For example, a prefix with a 24-bit mask allows 254 unique network
addresses the same as a Class C address. A prefix with a 15-bit mask allows 131,070
hosts the same as 128 Class B addresses. The 127 addresses consecutively numbered
after the prefix address will all be treated by routers as being part of that prefix.
CIDR prefix Number of host Equivalent
addresses Class Cs
/27 30 1/8
/26 62 1/4
/25 126 1/2
/24 254 1 (like a Class C)
/23 510 2
/22 1,022 4
/21 2,046 8
/20 4,094 16
/19 8,190 32
/18 16,382 64
/17 32,766 128
/16 65,534 256 (like a Class B)
/15 131,070 512
/14 262,142 1,024
/13 524,286 2,048
Uempty
IP Multicasting
Allows a group of nodes in a network to receive the same message
Each node maintains a list of multicast addresses to which it
responds
Useful in:
Multimedia Applications, that is, video streaming
Dynamic routing updates
Minimizes the network load
Notes:
Overview of multicasting
The problem with broadcasting is the processing load it places on hosts that aren't
interested in the broadcast. The intent of multicasting is to reduce the load on hosts not
interested in receiving the message. IP multicasting allows a group of nodes to receive
the same message. Each member of the group simply joins the same group to receive
the message. Contrary to broadcast messages where all nodes receive the message,
only the nodes interested in getting the message join the multicast group so that other
nodes on the network are not affected by the transmission of multicast packets on their
networks. Thus, this fits nicely for network conferencing applications.
Host groups
The set of hosts listening to a particular IP multicast address is called a host group.
Instructor Notes:
Purpose Briefly describe what multicasting is and the role it plays in the network.
Details IP multicasting is supported on Ethernet, token ring and FDDI adapters. IP
multicasting is used by many applications and other protocols, like Open Shortest Path
First (OSPF). We discuss OSPF later when we talk about routing.
With multicasting, a host specifically joins one or more multicast groups. If possible, the
interface card is told to which multicast groups the host belongs and only those multicast
frames are received.
The set of hosts listening to a particular multicast address is a host group. A host group can
span multiple networks. Membership in a host group is dynamic, that is, hosts may join and
leave groups at will. There is no restriction on the number of hosts in a group, nor does a
host have to belong to a group to send messages to that group.
IP Multicasting is used with Internet Chat, Internet Talk Radio, and Internet Phone.
Additional Information Some multicast groups are assigned well-known addresses.
These are called permanent host groups. (The idea here is similar to the well-known port
concept.)
Transition Statement Let's take a little closer look at how multicast addressing and
connections are handled.
Uempty
IP Multicast Addressing
A logical address filter mechanism in the adapter is used to
determine whether or not to accept an incoming packet with a
multicast destination address
Standard socket interface used to create multicast connections
Multicast addresses are Class D addresses
28 bits
1110 Multicast address
224.0.0.0 to 239.255.255.255
Notes:
Implementation of multicasting
Multicasting is implemented through socket-based APIs in application programs.
Checkpoint (1 of 4)
1. (True or False) IP addresses must be unique for each interface
on the network.
2. (True or False) Protocols define rules for orderly
communications.
3. A socket consists of:
a. A machine address and port number
b. An IP address, port number, and protocol family
c. A machine address and IP address
d. A host name and port number
4. A gateway in TCP/IP terminology is synonymous with:
a. Bridge
b. Repeater
c. Router
d. Logical link device
Notes:
Checkpoint Solutions (1 of 4)
1. (True or False) IP addresses must be unique for each interface
on the network.
2. (True or False) Protocols define rules for orderly
communications.
3. A socket consists of:
a. A machine address and port number
b. An IP address, port number, and protocol family
c. A machine address and IP address
d. A host name and port number
4. A gateway in TCP/IP terminology is synonymous with:
a. Bridge
b. Repeater
c. Router
d. Logical link device
Additional Information This is the first of four groups of checkpoint questions for this
unit.
Transition Statement Lets move on to the next group of questions.
Checkpoint (2 of 4)
5. How many bits make up the unique physical address of a network
adapter?
a. 16
b. 32
c. 48
d. 64
6. How many bits make up a Internet Protocol V4 address?
a. 16
b. 32
c. 48
d. 64
7. What are the two pieces of an Internet address?
_________________________________________
8. (True or False) When you accept the defaults, the portions of the
Internet address used for the network address and the local host
address are determined by the address class (A, B, or C).
Copyright IBM Corporation 2006
Notes:
Checkpoint Solutions (2 of 4)
5. How many bits make up the unique physical address of a network
adapter?
a. 16
b. 32
c. 48
d. 64
6. How many bits make up a Internet Protocol V4 address?
a. 16
b. 32
c. 48
d. 64
7. What are the two pieces of an Internet address?
Network address and local host address
8. (True or False) When you accept the defaults, the portions of the
Internet address used for the network address and the local host
address are determined by the address class (A, B, or C).
Copyright IBM Corporation 2006
Additional Information This is the second of four groups of checkpoint questions for
this unit.
Transition Statement Lets move on to our third group of questions.
Checkpoint (3 of 4)
9. (True or False) An Internet address is usually written in a form
known as dotted decimal notation, where the value of each byte
of the address is written in decimal and the bytes are separated
by periods.
10. What is the special address 127.0.0.1?
__________________________________________________
__________________________________________________
11. What decimal value is used in the host address octets for
sending broadcast messages?
__________________________________________________
12. (True or False) ARP is designed for networks with broadcast
ability only.
13. Why is the client side port included in UDP and TCP headers?
__________________________________________________
__________________________________________________
__________________________________________________
Notes:
Checkpoint Solutions (3 of 4)
9. (True or False) An Internet address is usually written in a form
known as dotted decimal notation, where the value of each byte
of the address is written in decimal and the bytes are separated
by periods.
10. What is the special address 127.0.0.1?
This is the loopback address used by a system to send
messages to itself.
11. What decimal value is used in the host address octets for
sending broadcast messages?
255 (all bits on)
12. (True or False) ARP is designed for networks with broadcast
ability only.
13. Why are port numbers included in UDP and TCP headers?
Port numbers distinguish between multiple processes
running on the same host. Server side ports (and the
transport layer protocol in use) also identify the network
service associated with the connection.
Copyright IBM Corporation 2006
Additional Information This is the third of four groups of checkpoint questions for this
unit.
Transition Statement Lets move on to the final checkpoint questions for this unit.
Checkpoint (4 of 4)
14. If UDP discards a datagram, is there an ICMP message
generated? If not, why not?
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
15. (True or False) IP guarantees delivery of datagrams in the same
sequence as they are sent.
Notes:
Checkpoint Solutions (4 of 4)
14. If UDP discards a datagram, is there an ICMP message
generated? If not, why not?
An ICMP message is not generated because the datagram
was delivered by IP to UDP. Once it reaches its destination,
IP has no knowledge of what is done with the datagram.
15. (True or False) IP guarantees delivery of datagrams in the same
sequence as they are sent.
The statement is false. IP is a connectionless protocol.
Additional Information This is the last of four groups of checkpoint questions for this
unit.
Transition Statement Lets move on to the exercise for this unit.
Exercise 1
Notes:
Unit Summary
TCP/IP is a layered architecture consisting of physical, network,
Internet, transport, and application layers
The main protocols used in the TCP/IP protocol suite are IP,
ICMP, ARP and UDP, along with many network interfaces and
application protocols
The Internet Protocol has a 32-bit, two-part logical address which
represents a network and a host address
Important network-related terms discussed in this unit include
socket, gateway, router, and switch
When an IP address and a mask are provided, the network and
host addresses can be determined
IP multicasting allows efficient communications to multiple
receivers
Notes:
References
http://publib.boulder.ibm.com/infocenter/eserver/
v1r2s/en_US/index.htm
Sserver Information Center
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Objectives
After completing this unit, you should be able to:
Describe basic HMC functions
Configure an HMC
Configure the HMC network parameters
Configure remote access options
Enable/disable remote virtual console support
Notes:
Introduction
By the end of this unit, you should be able to describe the HMCs functions and features
and be able to configure associated network parameters.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
HMC Introduction
PC-based system required for the configuration and management of
partitions
Main HMC applications are:
Server and Partition
Licensed Internal Code Maintenance
HMC Management
Service Applications
Information Center and Setup
System Manager Security
Notes:
Introduction
The Hardware Management Console (HMC) is a dedicated system that provides a
graphical and command-line user interface for the configuration and management of
logical partitions on LPAR-capable Sserver POWER5-based servers. The HMC is
required for many functions, including virtual Ethernet connections.
All releases of the HMC Version 4.x machine code manage an Sserver i5 server, but a
p5 server requires HMC Version 4.2 (or greater) software.
The HMC supports up to 32 managed systems and 160 partitions as of Version 4
Release 2.1 of the HMC software. The HMC 4.2.1 package is referenced by APAR
MB00654.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Desktop Rack-mount
7315-C03 7310-CR2
Copyright IBM Corporation 2006
Notes:
Uempty available. However, performing configuration changes to the partitions requires the
HMC.
HMC software
New HMCs are shipped with preloaded HMC software. You should also receive a
recovery CD-ROM from which to reload the HMC software if necessary.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the HMC.
Details Describe the two hardware options for the HMC.
Define the term managed system on this page.
Although the HMC code is based on Linux, you cant just use any Intel PC because the
version of Linux only includes a specific set of device drivers.
Additional Information Try to keep the discussion away from the fact that customers
do not have full access to Linux on the HMC. Should a student comment on this, discuss
the stability of Linux on the HMC, and that to assure this stability IBM decided to make it a
secured system.
Transition Statement Lets look at how the HMC connects to its managed system(s).
Uempty
Configuring a New HMC
Checklist to set up a new HMC
Connect network cables to HMC and FSP
Power on HMC
Login locally as hscroot
Check HMC software version
Use Guided Setup Wizard to configure HMC
Date/time, hscroot and root passwords, add users, configure
networking, configure service provider, connection monitoring
Reboot HMC
Upgrade HMC software if necessary
Apply power to managed systems
Set access passwords
Apply any activation codes
Notes:
Hardware connections
Connect the HMC to the network and power it on. If you plan to use the HMCs modem
to dial up IBM service to transmit service errors, then connect a phone line to the
modem.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
This application is an easy way to configure your HMC for the first time. All of the
options available in the wizard can be accessed separately in the HMC applications.
There are more configuration options available which do not appear in the Guided
Setup Wizard.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Logout and
Shutdown
Options
Navigation
pane
Content pane
Notes:
Introduction
The visual above shows the HMC GUI interface with all of the applications visible.
Menu bar
The menu at the top of the window lists options such as Console, Host, Selected, View,
Window, and Help, as shown in the visual. These menu options change based on the
application that is activated. The Selected menu appears in all applications and lists
tasks available for whichever object is selected. For example, if you selected a partition,
you would see options on the Selected menu that can be performed on partitions. Using
the Selected menu is the same as using the right mouse button to bring up a pop up
menu.
Menu icons
Some functions are replicated as icons just under the menu bar. You can hide or reveal
these icons from the Window menu item.
Status bar
There is a status bar with five segments across the bottom of the HMC interface. The
first segment contains an open or closed lock which indicates whether the systems
management security has been configured on the HMC. The second segment contains
the state of the HMC, the third and fourth segments contains information on what is
being viewed, and the last segment shows which account you used to login to the HMC.
This status bar does not appear in the visual above.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the major parts of the HMC interface.
Details Describe the following:
- Segmented window panes
- Menu options change depending on which application is activated
Right mouse button is same as Selected menu option
Show where to logout or reboot console
- Menu icons
- Expanding/contracting application listings
Describe the purpose of the Console -> Add menu option that is mentioned in the student
notes. This is how to add access to another HMC from an HMC and is not how to add a
managed system. After you add the second HMC to the first HMC, you simply click the
HMC, log in, and then have access to all the second HMCs applications. We cover this
again in a few pages.
This unit does not address the Licensed Internal Code nor the Service Applications areas
in detail. Describe them briefly here.
Additional Information
Transition Statement The first application we look at is the Information Center and
Setup Wizard. To get there just click this item in the navigation pane. The next page shows
what appears in the content pane.
Uempty
Information Center and Setup Wizard
Notes:
Introduction
When you click the Information Center and Setup Wizard application, this is what
appears in the content pane on the HMC. There are two tasks available.
Information Center
You can access the Sserver Information Center through the HMC interface by clicking
the first task. This provides closed access to the Web-based Information Center. Closed
access means you are not free to surf the Web other than within the Information Center
pages. Later, when it is necessary to update the HMC software, the Information Center
is updated as well.
The Information Center is integrated into the HMC help screens, available from the IBM
Web site, and also shipped on CDs for installation on PCs or AIX systems.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe HMC functions.
Details Describe the two tasks available on this screen. The students get a chance to try
these in the hands-on exercise.
Additional Information
Transition Statement Lets look at server management.
Uempty
HMC Server Management
10.19.99.109
Managed Systems
SYS99
Notes:
Introduction
From the Server Management application, you can create, maintain, and manage
partitions. The Server Management application is available under the Server and
Partition application.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Once another HMC is added, simply click its name and log in to access all of its
applications.
State column
There is a state column for many of the objects shown. In the visual above, the
managed systems are No Connection and Operating and the partitions are either Not
Available, Running, or Not Activated. These states and their meanings will be
covered later.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
HMC Configuration
Notes:
Uempty choose languages such as English, German, Spanish, French, Hungarian, Japanese,
Italian, or Russian.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce the HMC Maintenance applications group.
Details Introduce each of the options listed in this application. The student guide briefly
describes some of the options. We cover some of the others later.
Additional Information The screen shot on this visual was too large to fit on the page.
Nothing important has been left out of the screenshots except the OK and Cancel buttons
at the bottom.
Transition Statement Next, we see some of these applications in more detail; starting
with the Customize Network Settings option.
Uempty
HMC Network Configuration
Notes:
Introduction
In the next section of this unit, you see several screens where you must supply
information about your HMC and its network. This visual lists the options that you must
decide to enable or not, and the information that you need to enter. Plan ahead and
document all of this information before you attempt to configure the HMC. You need
some knowledge of basic TCP/IP configuration information or help in this area.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe information needed before attempting to configure the HMCs
network settings.
Details Define an open network and a private network. Explain you can have the FSP
connected to the open network and not have a private network.
The next set of visuals show the screenshots where you enter in the network information
that is listed on this visual.
The basic network configuration can be set in the Guided Setup Wizard, so many of the
screens shown in the following visuals are similar to those used in the wizard. The
difference is that there are more options to configure when you go through the HMC
Configuration application.
Additional Information
Transition Statement Next, we see the first screen that pops up when you choose
Customize Network Settings from the HMC Configuration application.
Uempty
Network Settings - Identification
Notes:
Introduction
This visual shows the first screen you see after choosing Customize Network Settings
from the HMC Configuration application. Notice there are four tabs along the top.
Changing the network options in these screens requires a restart of the HMC for the
changed values to be used.
Identification tab
The console name is the HMCs hostname. Enter the HMCs hostname.
The domain name is the Domain Naming System (DNS) domain name in use for this
HMC. It may be something like companyname.com or engineering.acme.com.
Console description is a text area where you can put a description that uniquely
describes this HMC. Some HMCs are described by the managed systems they manage
or by their location.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the first network configuration screen.
Details Describe each input box and mention that you click the tabs at the top to change
to those screens. Click OK when youre done.
On this screen, enter the HMCs hostname and network domain name which will be used
by other hosts on the network to access this HMC.
Additional Information
Transition Statement Next is the LAN Adapters tab.
Uempty
Network Settings LAN Adapters
Notes:
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe how to configure a network interface.
Details This visual shows how to choose which interface to configure.
Additional Information
Transition Statement The next page shows the Details screen.
Uempty
Network Settings LAN Adapter Details
Notes:
Introduction
The visual above appears after you choose an interface and click the Details button as
shown on the previous visual.
LAN Information
The first option allows you to choose a private or an open network for the HMC.
A private network means that the HMC connects to the managed systems over a
separate network which is not shared by other network traffic. The term open refers to
any general network that contains elements other than HMCs and service processors,
and that is not isolated for only HMC network traffic to its managed system.
It is recommended that you implement service network communications through a
private network, because of the additional security and ease of setup that it provides.
However, in some environments, this is not feasible because of physical wiring, floor
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Media Speed
The default of automatic detection for the Ethernet adapter media speed is
recommended for the initial setup. However, in some situations, you may want to
reduce the speed of the adapter to decrease the amount of processing power it uses for
large amounts of data, if, for instance, an Ethernet hub or switch is used and needs a
lower media speed.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the LAN adapter configuration settings.
Details Describe the difference between an open network and a private network.
Emphasize that the private network is only for HMC to FSP communications. The HMC still
needs to connect to a public network so that it can communicate with the daemons running
in the partitions for DLPAR operations and the service tools communications.
Describe when to setup the HMC as a DHCP server versus a client.
Describe how to use static addresses rather than setting up as a DHCP client. The
example on the visual shows a static address assigned. Be sure the students understand
the difference between setting up the HMC as a DHCP client and a DHCP server. The
example shows that the HMC is being configured as a DHCP server but that it itself is not a
DHCP client because it is being assigned the static address of 10.0.0.1.
Additional Information
Transition Statement Another option to set up for the LAN adapter is whether you want
to open the firewall for remote access. This is covered next.
Uempty
Network Settings LAN Firewall
Notes:
Firewall configuration
In an open network, there is usually a firewall that controls outside access to your
company network. The HMC also has a firewall on each of its Ethernet adapters. If you
want to control the HMC remotely or give remote access to others when that HMC is on
a private network, modify the firewall settings of the Ethernet adapter on the HMC that
is connected to your open network.
To allow access, first select the IP addresses you want to allow through your firewall.
You can allow any IP address using a particular application, or specific IP addresses,
through the firewall.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
b. Click Allow Incoming. The name of the application appears in the bottom box to
signify that it has been configured.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Network routes
You may have a complex network structure where additional network routes may need
to be configured. There are a few reasons you may need to configure routes and these
reasons are not unique to an LPAR environment. An HMC needs to be able to reach its
partitions and those partitions may be on a remote network. A default gateway may be
all that you need to configure as the default gateway might be able to route all IP
packets to the correct network. Or, you might know of a more direct route to get to
partitions than the default gateway. You can add this route on this tab. Another reason is
that you may not have a complex network at all and are not using dynamic routing, in
which case, a few static routes may be all that you need.
Adding a route
To add a route, click the New button in the middle of the screen. The pop-up window
that appears is shown in the visual. Enter the destination network address, the gateway
Uempty network address, the subnet mask in use, and choose which adapter to use. Click Ok to
enter the route.
Enable routed
You may wish to run the dynamic routed daemon. This daemon communicates with
other routed daemons to learn new, closer routes to remote networks.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe how to configure routing on the HMC.
Details Describe when to create routes and how to create them.
That is the end of the network configuration section. The HMC should be restarted and
then the administrator should use the ping command (HMC command line or from a
remote system) and the Test Network Connectivity HMC task to test the network
configuration.
For the last few screens, the configuration data that must be entered is standard for TCP/IP
networks. The person installing an HMC should ensure that the TCP/IP configuration
information entered fits into the overall network environment of the organization.
Additional Information
Transition Statement Thats it for the HMCs network configuration. Now that the HMC
is on the network, you need to connect it to its managed systems.
Uempty
Connecting HMC to Managed System
Connect Ethernet cable
between HMC and FSP
Connect Ethernet cable from LAN to Partitions
HMC to open network
After configuring HMC, apply
power to managed system
Network
HMC finds it
Or, use Add Managed
System
Private
HMC Network
Notes:
Introduction
Now that youve powered on your new HMC and configured the basic network options,
lets see how to get the HMC communicating with the managed system. Both the HMC
and the managed system must be connected to the same network. The visual above
shows the HMC and the FSP connected to a private network.
In the visual, FSP refers to the Flexible Service Processor on the Sserver managed
system.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
two vertically stacked Ethernet ports. This direct connection can be a straight or
cross-over Ethernet cable.
IP Addresses
If the HMC is running DHCP, the IP address of the HMC is 192.168.0.1 and the first
FSP is 192.168.255.254.
If the FSP powers on and cannot find a DHCP server, it uses 192.168.2.147 for its first
Ethernet port and 192.168.3.147 for the second Ethernet port by default. You may
configure the FSP to use any IP address by using the ASMI application.
If you have multiple HMCs on the same network, only the first should be configured as a
DHCP server and the IP addresses shown above are for the first HMC and FSP.
Uempty The service processor issues the SSL certificate, and this SSL connection is
established when the managed Server is added to the HMC. When you connect the
HMC to the managed system and apply power, and the state of the managed system is
Pending Authorization, click the managed system name and you are prompted to set
up the three passwords. Be sure to document these in a safe place.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe how to add a managed system to the HMC.
Details Describe a simple private network setup, where the HMC and managed system
are both on the same subnet.
Describe how the HMC automatically discovers the FSP, and the DHCP server on the HMC
assigns it an IP address. The state of the managed system is at first No Connection, then
changes to Pending Authorization. If it stays on No Connection and never changes to
Pending Authorization, then there is a problem. Try the Add Managed System option.
Once the state is Pending Authorization, left-click the managed system name and you are
prompted to enter three passwords to set up the SSL connection between the HMC and
the managed system: HMC Access, and the admin and general accounts for accessing
ASMI.
The next visual shows the menu option to begin the process of adding the managed
system manually to the HMCs Server Management application.
Additional Information
Transition Statement Now, lets see how to add the managed system in the HMC
interface.
Uempty
HMC and Managed System LAN Topology
LAN to Partitions
Additional
LANs
Network
Ethernet
Service
Internal PCI Network
modem
IBM Private
HMC Network
LAN to service
processors
Copyright IBM Corporation 2006
Notes:
Introduction
The visual above illustrates the big picture of how the HMC is connected to not only the
managed systems, but also to other networks.
The visual shows multiple HMCs connected to their managed systems over individual
private networks. These HMCs also connect to public networks to provide
communications to the partitions and to other workstations that you might use to access
the HMC remotely.
Also depicted is a modem connected to the HMC which will dial up IBM service when
particular types of errors are detected.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Network
2
2 Windows,
Linux, or AIX
client via
WebSM 1 Alternate
1 HMC
Notes:
Introduction
There are three options for accessing HMC functions remotely.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the HMC remote access options.
Details Describe each of the three options for accessing an HMC remotely.
The network cloud in the middle of the visual is an oversimplification of whatever the
network configuration might be.
Additional Information
Transition Statement The next page describes how to enable remote SSH and remote
partition virtual console access.
Uempty
Enable or Disable Remote Options
SSH to the HMC to perform management tasks remotely
HMC Management --> HMC Configuration -> Enable or Disable
Remote Command Execution
Notes:
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe how to enable or disable SSH access to the HMC and the ability to
bring up virtual console windows remotely.
Details The visual shows how to enable the SSH remote command function of the HMC
and enable remote virtual terminals. By default, both of these are disabled.
Remind the students that they need to open the HMC firewall ports for SSH and WebSM if
they want to use those utilities.
Additional Information
Transition Statement Thats how you enable SSH access for command line access to
the HMC. The next visual shows how to load the WebSM client if you wish to use the
graphical interface from a remote workstation.
Uempty
Load WebSM Client
Notes:
Introduction
To use the HMC graphical interface remotely, you must load the WebSM client on the
remote Windows, Linux, or AIX workstation. This gives you access to most of the
functions on the actual HMC. One application you cannot access remotely is System
Manager Security.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Java Web Start: When you install Java Web Start, it checks for updates for the WebSM
remote client whenever it is invoked and download updates automatically. If you choose
to use Java Web Start, it must be installed on the remote client system before installing
the WebSM Remote Client.
For example, if you choose the Java Web Start option from the HMCs
remote_client.html page, a new page appears. Choose Linux or Windows as your
operating system. This is the operating system running on your client system. You need
to download an executable file. Run this file. Then return to the browser window and
click the Remote Client link to install the WebSM remote client. Again, you need to
download an executable file and run it.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Type HMCs
name and press
Enter
Wait for
handshake
process to finish
Log in
Notes:
WebSM windows
When you start WebSM on a Microsoft Windows system, two windows open. One
window displays commands that are being executed in the background. Do not close
this window. You do not need to view any information in this window unless you are
troubleshooting an error. Simply minimize the window and forget it is there.
The second window that opens is the login screen shown in the visual above. Enter the
HMCs hostname or IP address and press Enter. Wait for a few moments for the
Uempty handshaking communication to finish. If the HMC is found, you may log in. If WebSM
cannot find the HMC, you receive an error message.
Once you successfully log in, the HMC interface appears.
Exiting WebSM
To exit the WebSM window, click the X in the upper right corner of the HMC interface
window or use the Console -> Exit menu option.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the process of bringing up WebSM and logging in.
Details Describe both the process of logging in from the physical HMC and from
WebSM. Once WebSM comes up, it looks like the window on the physical HMC.
Mention that there is a second window that appears when you run WebSM on Microsoft
Windows systems. It is a control window for WebSM and can be ignored. Dont close it; it
will close when you close the WebSM window. The proper way to close the WebSM
window is to click the X in the upper right corner or use Console -> Exit on the menu bar.
Additional Information
Transition Statement Next, we see how to execute HMC command-line commands
remotely.
Uempty
Using HMC Commands Remotely
Install SSH if necessary on client
Two ways to run commands using SSH
Single HMC command (you will be prompted for password)
$ ssh -l hscroot hmchost hmccommand
Log in to the HMC and execute commands
$ ssh -l hscroot hmchost
hscroot@hmchost's password:
Last login:Tue Jun 3 14:48:37 2005 from
lpar16.ibm.com
$ chsysstate r sys m msname o off
Notes:
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe how to use SSH.
Details The students use the HMC commands extensively in the exercise for this unit
and in future exercises.
This visual shows how to login using SSH from a Linux or an AIX 5L shell. On a Microsoft
Windows computer, it is likely that there is an application, such as PuTTY, which allows
SSH access.
Additional Information
Transition Statement Lets look at some HMC command examples.
Uempty
HMC Commands
HMC provides restricted shell
echo $PATH shows available directories
Example operations which are not allowed
cd, pipe, redirection, su
Commands have --help option and man pages
Example commands:
Show processor usage by partition
$ lshwres -m msname -r proc --level lpar \
F lpar_name,run_procs --header
LPAR1,0
LPAR2,1
LPAR3,0
Notes:
HMC commands
Once youve logged in you can execute the echo $PATH command to see which
directories are available to you in the HMCs restricted shell. You can only run the
commands in these directories and the shell commands are restricted as well.
List each of the directories listed in the echo $PATH output to see a listing of the
commands that are available. For usage information, run the commands with the
--help option or access the man pages. For example, man hmcshutdown displays the
manual page for that command. Often the man page shows more information than the
--help information.
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce HMC commands.
Details HMC commands are mentioned as appropriate throughout this course. This
page illustrates how commands are executed.
Mention that if you leave the -r off of the hmcshutdown command that is shown on the
visual, the HMC shuts down without rebooting. Ask the students: What would happen if you
did this command remotely without the -r option? Answer: The HMC shuts down, and
because you are remote, you are not able to boot it again. Someone local to the HMC has
to boot it.
Additional Information
Transition Statement Now, lets do some checkpoint questions.
Uempty
Checkpoint
1. When might an HMC need to be configured as a DHCP server?
_________________________________________
2. How is the HMC connected to its managed system?
_________________________________________
3. In what ways can the HMC functions be accessed remotely?
_________________________________________
4. Besides the firewall options, what are the two remote access
options that can be enabled or disabled on the HMC?
_________________________________________
5. (True or False) The HMC can be used as a fully functional Linux
system.
Notes:
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the checkpoint questions for this unit.
Details A Checkpoint Solution is given below:
Checkpoint Solutions
1. When might an HMC need to be configured as a DHCP server?
This is appropriate when the HMC is on a private network
and there is no other DHCP server.
2. How is the HMC connected to its managed system?
The connection uses Ethernet.
3. In what ways can the HMC functions be accessed remotely?
SSH, WebSM client, from another HMC
4. Besides the firewall options, what are the two remote access
options that can be enabled or disabled on the HMC?
Remote virtual console, SSH access
5. (True or False) The HMC can be used as a fully functional Linux
system.
Additional Information
Transition Statement Its time for an exercise.
Uempty
Exercise: HMC Configuration
Exercise 2
Notes:
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Transition to the exercise for this unit.
Details
Additional Information
Transition Statement Lets review some of the key points from this unit.
Uempty
Unit Summary
The Hardware Management Console (HMC) is a key network
component in an IBM System p5 environment.
The Guided Setup Wizard application provides an easy way to
complete initial configuration of the HMC.
A number of screens are used for configuration of HMC network
parameters.
HMC functions can be accessed remotely from another HMC, from
a WebSM client, or from an SSH connection.
You can enable or disable remote command execution using SSH
and/or remote virtual console support. By default, both are
disabled.
Notes:
Copyright IBM Corp. 1997, 2006 Unit 2. Hardware Management Console 2-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Review some of the key points from this unit.
Details
Additional Information
Transition Statement Lets move on to the next unit.
Unit Objectives
After completing this unit, students should be able to:
Configure TCP/IP
Test and review TCP/IP configuration with selected AIX and TCP/IP
commands
Start and stop TCP/IP services
Notes:
Notes:
In AIX the TCP/IP network utilities are broken up into their component parts (such as NFS,
NIS) and further divided into client and server pieces. This was done to provide only the
code needed to perform specific functions. If a system is never a server, then the server
code is simply taking up valuable disk space that could be used for data or applications. To
install the appropriate filesets use SMIT:
# smit
Software Installation and Maintenance
Install and Update Software
Install
Input device / directory for software
SOFTWARE to install
Notes:
To do this:
- Use SMIT fast path smit tcpip
(ODM database is used)
or
Configuring Adapters
Most adapters are automatically detected and defined during
system startup.
Use the SMIT Devices menu, Communications submenu for:
Ethernet Adapter
TokenRing Adapter
Fibre Channel
FDDI Adapter
ATM Adapter
Etherchannel (IEEE 802.3 ad Link Aggregation)
VLAN
Notes:
Install the adapters and cabling for your network. Adapter cards in a pSeries are
automatically detected and configured during system startup, so normally you would only
need to change adapter characteristics if the defaults are not appropriate. Use the SMIT
fast path smit commodev menus (or the chdev command) if you need to change the
default attributes.
Network Interfaces
Each network adapter has an associated network interface
Notes:
When each adapter or port is added, a logical device is created in the ODM such as:
Ethernet adapters are ent0, ent1 and so forth
Token-Ring adapters are tok0, tok1, and so forth
A corresponding network interface in the kernel allows TCP/IP to use an adapter. For
auto-detectable adapters, such as Token-Ring and Ethernet, the network interface is
created at the same time as the adapter device. For manually added devices, the network
interface must be manually created.
The loopback is a special interface which is defined so that a host can send messages to
itself for diagnostic purposes. Data sent to this interface never appears on a network, it is
just sent back up through the software layers.
Network interfaces are represented by logical devices. They are given the interface device
names shown in the chart.
Uempty TCP/IP support in AIX is provided by a kernel extension called inet0. A kernel extension is
a separate entity from the kernel but runs in the kernel address space. inet0 provides the
IP,TCP,UDP functions.
Configuration information for inet0 is stored in the ODM. The standard device management
commands (chdev, and so forth) can be used to set the attributes of inet0, and this can
also be done through the SMIT TCP/IP menus.
Instructor Notes:
Purpose Provide information on the supported network interfaces under AIX.
Details Most of the information needed for this visual is in the student notes.
Additional Information
Transition Statement You may have noticed that the Ethernet network interface comes
in two flavors. Ethernet Version 2 and IEEE 802.3. Let's see where the difference lies
between these two.
Uempty
Ethernet Network Interface
Standard Ethernet Version 2 (en0)
DA SA TYPE DATA
SA=Source Address
DA=Destination Address
TYPE=TCP/IP, DECnet, XNS
DA SA LENGTH DATA
Notes:
The Ethernet adapters on the RISC System/6000 can be configured to support either
Ethernet Version 2 or IEEE802.3 network interface driver software. The difference between
the two lies in the header information.
The Ethernet V2 type field defines the higher-layer protocol that is used within the data
field. It is a two-byte field that is administered by Xerox. Type examples might be 0800 hex
for the IP of TCP/IP, 0600 hex for XNS, and 6003 hex for DECnet.
The IEEE 802.3 length field is the length of the data field that follows. With IEEE 802.3, the
designation of the higher-level protocol is done by the 802.2 Logical Link Control.
Because of this difference either a network is configured as IEEE 802.3 or Ethernet Version
2. A workstation configured as Ethernet Version 2 cannot communicate with one configured
as IEEE 802.3 and vice versa.
Instructor Notes:
Purpose Identify the difference between Ethernet Version 2 and IEEE 802.3.
Details When configuring an Ethernet adapter for AIX, you have to choose between
Version 2 and 802.3. Which do you choose? Choose the one appropriate for your
installation.
The only difference between Ethernet Version 2 and IEEE 802.3 is in the data packet. The
Ethernet Version 2 packet contains a two-byte field for the type of protocol (as stated in the
student notes). The IEEE 802.3 uses the two-byte field for the length of the data packet.
This difference is enough so the two protocols don't understand each other's data. Both
Ethernet Version 2 and IEEE 802.3 frames can coexist on the same physical media but
require different device drivers. Data sent across an IEEE 802.3 interface cannot be read
by an Ethernet Version 2 interface and vice versa.
Discussion Items Does anybody have 802.3 (not Version 2) in their installation?
Why?
Additional Information It is possible to support both IEEE 802.3 and standard Ethernet
on the same physical adapter using two separate IP addresses.
Transition Statement How do the network interfaces get configured?
Uempty
Defining and Configuring Network Interfaces
pSeries
ODM
inet0 e
inet0 n
0
AIX
Notes:
Some interfaces are defined automatically during system configuration.
When you run the SMIT Minimum Configuration and Startup dialog you are asked to
select a defined interface. When you run the dialog, that interface is brought up.
Use the SMIT Network Interfaces menu to define new interfaces or change the
characteristics of existing interfaces.
The mkdev/chdev commands can be used to update the information in the ODM that
describes network interfaces. Changes made take effect immediately and are permanent.
The ifconfig command can be used to configure an interface. We cover this in more detail
further on.
Instructor Notes:
Purpose Show students what can be used to configure network interfaces.
Details In the following two visuals we will be showing students two of the ways of
customizing an interface listed here - through SMIT Minimum Configuration And Startup
and through the use of the ifconfig command.
Additional Information Use the visual to contrast the differences between the methods
of configuring TCP/IP on whether you are using the ODM.
Discussion Item You may want to discuss the possible problems with ODM when using
two methods at one time. (This issue should be reinforced at some time to avoid major
problems later.)
Transition Statement Let's take a look at the SMIT method first.
Uempty
Minimum Configuration and Startup
# smit mktcpip
[Entry Fields]
* HOSTNAME [ ]
* Internet ADDRESS (dotted decimal) [ ]
Network MASK (dotted decimal) [ ]
* Network INTERFACE en0
NAMESERVER [ ]
Internet ADDRESS (dotted decimal) [ ]
DOMAIN Name [ ]
Default Gateway Address [ ]
(dotted decimal or symbolic name)
cost [ ]
Do Active Dead Gateway Detection [ ]
Your CABLE Type N/A +
START no +
Notes:
Configuring TCP/IP on a system with one network adapter is as easy as filling out this
SMIT menu. The steps on the following pages show the manual steps of TCP/IP
configuration. Keep in mind that SMIT is doing all these steps for you behind the scenes.
If your system has more than one network adapter card, the TCP/IP Further
Configuration SMIT menu would be used to configure those cards.
The minimum information that is required to start TCP/IP is the hostname, one interface
and the Internet address. If subnetting is used then the subnet mask should be specified.
Instructor Notes:
Purpose Show how simple TCP/IP configuration is when using SMIT.
Details Explain that configuring TCP/IP on the RISC System/6000 is as easy as filling
out this menu. Further explain that we will go through the command line method of
configuration so the students understand exactly what SMIT is doing for them behind the
scenes. If they are going to install TCP/IP in an open environment, the steps as listed in the
lecture can apply to most other systems that do not have a systems management interface
tool.
Later in the lecture and in the routing lecture, it is mentioned that some systems will have
more than one network adapter connecting the system to more than one network. This is
done in the case of routers. The Minimum Configuration menu can be used for the first
adapter card configured, but the Further Configuration menu would be used to configure
all other adapter cards in the system. There is not a view of the Further Configuration
menu. They have a chance to see it during lab.
You may want to come back to this foil after covering ifconfig, hostname, and /etc/hosts
to show all that this menu does to configure TCP/IP. Keep this page handy.
Additional Information Further configuration should be used for anything else other
than a basic configuration to get the system functional on the network. The logic goes as
follows: 1) Everything that Minimum Configuration does can be done by Further
Configuration. You are not required to use the minimum configuration screen at all. It
does, though, provide a handy shortcut for getting the system up on the network quickly; 2)
Further Configuration must be used to configure additional adapters. Only one adapter
should be configured using minimum configuration.
Note: When using minimum configuration screen, the /etc/hosts file is updated. If used
again, could cause problems with name resolution!
Default AIX-style configuration uses the data in the ODM database and uses the file
/etc/rc.net to define, load, and configure a corresponding interface.
For those who are familiar with other UNIXes, BSD-style configuration uses the traditional
ifconfig command and the file /etc/rc.bsdnet to configure the corresponding interface.
To change from AIX to BSD style, use smit setbootup_option.
By selecting BSD, the system updates the ODM database, /etc/objrepos/Config_Rules,
to have the cfgmgr execute /etc/rc.bsdnet at startup instead of /etc/rc.net.
Transition Statement Let's take a look at the command that can be used for configuring
an interface or check or change configuration once an interface is configured.
Uempty
Further Configuration
# smit chinet
[Entry Fields]
Notes:
The Further configuration SMIT menu allows configuration of more than one network
adapter.
Interface Specific Network Options include:
rfc1323 - enable large packets for high performance
tcp_mssdeflt - maximum segment size
tcp_nodelay - pacing message flow
tcp_recvspace - socket buffer size for receiving data
tcp_sendspace - socket buffer size for sending data
Instructor Notes:
Purpose Explain the further configuration of network adapters.
Details These options are set using the ISNO field under the no (network options)
command.
Additional Information
rfc1323 - Enables TCP enhancements as specified by RFC 1323, TCP Extensions for High
Performance. rfc1323 is a connect type tunable. Setting it overrides the system-wide
rfc1323 set by the no command.
tcp_mssdflt - The default maximum segment size used in communicating with remote
networks. tcp_mssdflt is a connect type tunable. Setting it overrides the system-wide
tcp_mssdflt set by the no command. Use this option only if path MTU discovery is not
enabled or path MTU discovery fails to discover a path MTU. You can specify a value from
0 to (PMTU -52) or 64K-1. The default value is 512.
tcp_nodelay - If tcp_nodelay is enabled (set to 1) and the send buffer size is less than or
equal to the maximum segment size (ATM and SP switches can have 645 MTUs), the
applications, data will be sent immediately and the application must wait for an ACK before
sending another packet (this prevents TCP streaming and could reduce throughput). To
remove this option from the interface and delete it from the ODM, type NULL in this field.
tcp_recvspace - The system default socket buffer size for receiving data. This affects the
window size used by TCP. tcp_recvspace is a connect type tunable. Setting it overrides the
system-wide tcp_recvspace set by the no command. Setting the socket buffer size to 16KB
(16,384) improves performance over standard Ethernet and Token-Ring networks. The
default is a value of 4096. A value of 16,384 is set automatically by the rc.net file or the
rc.bsdnet file (if Berkeley-style configuration is issued). Lower bandwidth networks, such as
Serial Line Internet Protocol (SLIP), or higher bandwidth networks, such as Serial Optical
Link, should have different optimum buffer sizes. The optimum buffer size is the product of
the media bandwidth and the average round-trip time of a packet. You must specify a
socket buffer size less than or equal to the setting of the sb_max attribute.
tcp_sendspace - The system default socket buffer size for sending data. This affects the
window size used by TCP. tcp_sendspace is a connect type tunable. Setting it overrides
the system-wide tcp_sendspace set by the no command. Setting the socket buffer size to
16KB (16,384) improves performance over standard Ethernet and Token-Ring networks.
The default is a value of 4096. A value of 16,384 is set automatically by the rc.net file or the
rc.bsdnet file (if Berkeley-style configuration is issued). Lower bandwidth networks, such as
Serial Line Internet (SLIP), or higher bandwidth networks, such as Serial Optical Link,
should have different optimum buffer sizes. The optimum buffer size is the product of the
medial bandwidth and the average round-trip time of a packet:
optimum_window=bandwidth * average_round_trip_time. You must specify a socket
buffer size less than or equal to the setting of the sb_max attribute.
Transition Statement Now, lets look at the ifconfig command.
Uempty
ifconfig Command
A B C D E
A: interface => en, et, tr, xs, sl, lo, op, ca
B: address family => inet, xns
C: address => Ip address for adapter or hostname
D: parameter + value metric number mtu value
network mask
E: parameters
alias delete debug
-allcast down up
arp hwloop
-arp -hwloop
Copyright IBM Corporation 2006
Notes:
The ifconfig command configures or displays network interface parameters for a network
using TCP/IP.
If a machine has more than one adapter card that is used for TCP/IP, like the router, then
the ifconfig command needs to be executed for each adapter.
The 0x in the netmask indicates a hex value.
Xerox Network Systems, xns, is a transport protocol that was developed by Xerox.
To display, simply enter ifconfig<interface>. While any user can query the status of a
network interface using ifconfig, only a user who has root authority can modify the
configuration of the interface.
The D parameters require a value. The E parameters do not.
Instructor Notes:
Purpose Explain the ifconfig command.
Details The ifconfig command is the TCP/IP standard way of configuring and
displaying information of network adapter cards for LANs.
Explain the ifconfig command parameters shown in the example. For the other parameter
values under D, explain a couple of the more frequently used ones like delete, detach,
down and up. Caution students about playing with the mtu parameter. The ifconfig
command in the following format DOES NOT display the mtu value, it sets it to 0.
ifconfig tr0 mtu
Following are some of the parameter values and their use:
alias Establishes an additional network address for the interface. When
changing network numbers, this is useful for accepting packets
addressed to the old interface.
allcast Sets the Token-Ring interface to broadcast to all rings on the
network.
-allcast Confines the Token-Ring interface to broadcast only to the local ring.
arp Enables the ifconfig command to use the Address Resolution
Protocol in mapping between network-level addresses and link-level
addresses. This flag is in effect by default.
-arp Disables the use of the Address Resolution Protocol.
debug Enables driver-dependent debug code.
-debug Disables driver-dependent debug code.
delete Removes the specified network address. This is used when an alias
is incorrectly specified or when it is no longer needed.
detach Removes an interface from the network interface list. If the last
interface is detached, the network interface driver code is unloaded.
down Marks an interface as inactive (down), which keeps the system from
trying to transmit messages through that interface. If possible, the
ifconfig command also resets the interface to disable reception of
messages. Routes that use the interface, however, are not
automatically disabled.
hwloop Enables hardware loopback. The hardware loopback specifies that
locally addressed packets handled by an interface should be sent
out using the associated adapter.
-hwloop Disables hardware loopback. The hardware loopback specifies that
locally addressed packets handled by an interface should be sent
out using the associated adaptor.
Uempty metric Number Sets the routing metric of the interface to the value specified by the
Number variable. The default is 0 (zero). The routing metric is used
by the routing protocol (the routed daemon). Higher metrics have
the effect of making a route less favorable. Metrics are counted as
addition hops to the destination network or host.
mtu Value Sets the maximum IP packet size for this system. The Value
variable can be any number from 60 through 65535, depending on
the network interface.
netmask Mask Specifies how much of the address to reserve for subdividing
networks into subnetworks. This parameter can be used only with an
address family of inet.
The Mask variable includes both the network part of the local
address and the subnet part, which is taken from the host field of the
address. The mask can be specified as a single hexadecimal
number beginning with 0x, in standard Internet dotted decimal
notation, or beginning with a name or alias that is listed in the
/etc/networks file.
up Marks an interface as active (up). This parameter is used
automatically when setting the first address for an interface. It can
also be used to enable an interface after an ifconfig down
command.
Additional Information The ifconfig command is very useful in seeing the values and
status of an interface. For example:
en1:
flags=e080863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GR
OUPRT,64BIT>
inet 10.1.1.3 netmask 0xffffff00 broadcast 10.1.1.255
Flags from ifconfig output:
ALLCAST The token ring interface broadcasts to all rings on the network.
BROADCAST The adapter supports broadcast messages.
MULTICAST The adapter supports multicast messages.
DEBUG Adapter-dependent debug is enabled.
SIMPLEX The adapter will not receive its own broadcast.
HWLOOP The adaptor supports hardware loopback (IP normally does the
loopback)
NOARP The interface does not do ARP translation.
NOECHO The adapter associated with the interface does not do local echo.
NOTRAILERS The interface does not append trailers to frames
Uempty
Host Name
Used by some applications to identify or authenticate your system
Hostname set when TCP/IP is configured using SMIT by running
the hostname command
Notes:
The hostname is used by applications to find out the name of your system for
authentication purposes and to obtain your Internet address.
The hostname can be displayed using the command: hostname
The hostname is stored in the inet0 kernel extension. To change this permanently use
SMIT or: chdev -l inet0 -a hostname=hostname.
Instructor Notes:
Purpose Explain the hostname and hostid commands and why they are used.
Details Only users with root authority can set the host name. Students often get this
confused with the symbolic name assigned to each network interface. There can only be
one hostname, but because there can be several network interfaces on a system, there
can be several symbolic names (often referred to as host name - thus the confusion.) By
convention, the first network interface configured is considered the primary network
interface and is given the same symbolic name as the hostname. Try to get students to see
this distinction.
Additional Information: The usr/sbin/hostid command displays the identifier (either a
unique hostname or a numeric argument) of the current host as a hexadecimal number.
This numeric value is expected to be unique across all hosts and is commonly set to the
address of the host specified by the InternetAddress or HostName parameter.
Transition Statement The next step is to assign symbolic names to all the other hosts
and network interfaces to which you wish to communicate. That is done with the /etc/hosts
file.
Uempty
/etc/hosts
# The format of the file is:
# Internet Address Hostname # Comments
# Items are separated by any number of blanks and tabs.
# A '#' indicates the beginning of a comment; characters up to the
# end of the line are interpreted by routines which search
# this file. Blank lines are allowed.
Notes:
Host names (symbolic network interface names) and their IP addresses are associated
with each other by entries in the /etc/hosts file.
Entries should be included in /etc/hosts for (1) loopback, (2) the local machine, and (3) any
other hosts known to the system. Typically, /etc/hosts is kept consistent among all
machines.
Aliases can be created in this file by entering them after the host name. Each alias is
separated by a space. Aliases cannot exceed 255 characters and each entry must be
contained on one line.
When you add the local machine via Minimum Configuration and Startup, the system
automatically updates /etc/hosts with the local machine entry. To add the other hosts:
# smit mkhostent
*INTERNET ADDRESS (dotted decimal) [ ]
*HOST NAME [ ]
ALIAS(ES) (if any - separated by blank space) [ ]
COMMENT (if any - for the host entry) [ ]
This method of name resolution is called flat name resolution. Networks that use
/etc/hosts for doing name resolution are called flat networks.
Starting Daemons
The /etc/rc.tcpip file run at system startup can start the following
TCP/IP daemons:
Notes:
/etc/rc.tcpip assumes interfaces are brought up by /etc/rc.net. This shell script starts the
TCP/IP daemons.
All these daemons can be started or stopped using the subsystem commands of the
system resource controller. They are stopsrc, startsrc or refresh.
System Resource Controller (SRC) is a tool designed to aid a system administrator in
controlling daemons. It allows you to start, stop, trace, list, and refresh daemons. It also
gives you the ability to group them.
SMIT provides a way to start up some of the daemons listed above through the fastpath
smit otherserv. Select the daemons you want to start. When you select a daemon, SMIT
gives you the choice to start the daemon now, at next system restart, or both. When you
select at next system restart or both, the system uncomments the appropriate line in
/etc/rc.tcpip.
/etc/inetd.conf
## Internet server configuration database
##
ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd
telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd
shell stream tcp6 nowait root /usr/sbin/rshd rshd
kshell stream tcp nowait root /usr/sbin/kvshd rshd
login stream tcp6 nowait root /usr/sbin/rlogind rlogind
klogin stream tcp nowait root /usr/krlogind rlogind
exec stream tcp6 nowait root /usr/sbin/rexecd rexecd
#comsat dgram udp wait root /usr/sbin/comsat comsat
#uucp stream tcp nowait root /usr/sbin/uucpd uucpd
#bootps dgram udp wait root /usr/sbin/bootpd bootpd /etc/bootptab
##
## Finger, systat and netstat give out user information which may be
## valuable to potential "system crackers." Many sites choose to disable
## some or all of these services to improve security.
##
#finger stream tcp nowait nobody /usr/sbin/fingerd fingerd
#systat stream tcp nowait nobody /usr/bin/ps ps -ef
#netstat stream tcp nowait nobody /usr/bin/netstat netstat -f inet
##tftp dgram udp6 wait nobody /usr/sbin/tftpd tftpd -n
#talk dgram udp wait root /usr/sbin/talkd talkd
ntalk dgram udp wait root /usr/sbin/talkd talkd
Notes:
This is not a listing of the complete file.
The inetd daemon is started at boot time from /etc/rc.tcpip. When it is started, inetd reads
its configuration from the /etc/inetd.conf file. This file contains the names of the services
that inetd listens for requests and starts as needed to handle these requests.
Socket Type: stream is for TCP and dgram is for UDP.
Wait/Nowait: wait is for dgram and nowait is for stream. It determines whether the inetd
daemon waits for a datagram server to release the socket before continuing to listen at the
socket.
User: specifies the user name that the inetd daemon should use to start the server.
sysC sysB
ftp--------->inetd
|
<-----ftpd
sysC dynamically assigns a port (for example port 2499) for the source port on sysC to
connect to and sends a request to connect to port 21 on sysB. inetd starts another ftpd
process on sysB and the source port (2499) destination port (21) pair uniquely identifies the
network connection.
Transition Statement Now that we have TCP/IP completely configured, let's see what
happens the next time the system is booted.
Uempty
TCP/IP Startup Flow
system ODM
/etc/objrepos/Config_Rules
powered .
on .
.
/etc/rc.net selected
. daemons started
cfgmgr .
. syslogd
lpd
routed or gated
/etc/inittab sendmail
run-time . portmap
Init . inetd
. .
rctcpip:/etc/rc.tcpip .
.
. .
system .
ready or
login
Copyright IBM Corporation 2006
Notes:
When the system starts up, it reads out of the ODM whether to use rc.net (AIX default
network configuration file) to initialize the network interfaces and set up routing.
An entry in the /etc/inittab file is made at installation time to execute the /etc/rc.tcpip shell
script at system startup. The various uncommented daemons are started. The system is
now ready to accept communication requests from various applications.
Instructor Notes:
Purpose Describe the facilities involved in initializing TCP/IP on system startup.
Details When the system starts up, it reads out of the ODM whether to use rc.net or
rc.bsdnet to initialize the interfaces and route table.
Next, init reads inittab and executes rc.tcpip which starts the necessary daemons
involved.
Additional Information /etc/rc.bsdnet is used to manually set up the TCP/IP facilities
as is done with BSD UNIX and other UNIX operating systems.
Transition Statement How do we know our configuration was done right? By testing it!
Uempty
Verifying Network Interfaces
Example: # netstat -i
Example: # ifconfig -a
en0: flags=e080863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
inet 10.180.108.84 netmask 0xfffffc00 broadcast 10.180.111.255
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
Notes:
The netstat command is used to display active sockets for each protocol, routing table
information, or contents of a network data structure.
The -i option shows the state of configured interfaces. This display format provides a table
of cumulative statistics for: errors, collisions, and packets transferred. It provides the
interface name, number, and address as well as the maximum transmission units (MTUs).
The address field of the first entry for each interface provides the hardware address of the
adapter.
In contrast to netstat -i, ifconfig -a displays interface attributes (for example, Up or Down),
the network mask in Hex and the broadcast address for the network
Instructor Notes:
Purpose Introduce the student to netstat -i and how it shows interface traffic and
configuration information.
Details netstat -i lists interfaces and traffic on those interfaces
The entry for the actual interface is important. The Ierrors (input errors) and the Oerrors
(output errors) are important. If either is high (over 100), it could mean a saturated network
or a bad cable between the adapter and the network. We see this again in more detail in
the troubleshooting section.
The address ::1 is the IPv6 loopback address. The link# entries indicate the interfaces'
numbers and give their MAC addresses.
Additional Information The collisions column is not used in AIX and thus in
meaningless. Refer to previous information for ifconfig.
Transition Statement netstat/ifconfig provide information about the interface. The
ping command is used to test if communications between systems are working.
Uempty
Verifying Network Connectivity
Purpose: Indicates if a remote host can be reached
Notes:
The ping command sends an ICMP ECHO_REQUEST to obtain an ICMP
ECHO_RESPONSE from a host or router. If the host is operational and on the network, it
responds to the echo.
The default is to continuously send echo requests until an interrupt is received with <ctrl-c>,
but there is an option (-c) to specify the number of packets sent. The ping command sends
one datagram per second and prints one line of output for every response received. It
calculates round trip times and packet loss statistics, and displays a brief summary upon
completion.
Because of the load continuous echo requests can place on the system, repeated requests
should be used primarily for problem isolation.
The ping command is useful for:
Determining status of networks and hosts
Tracking and isolating hardware and software problems
Testing, measuring, and managing networks
Instructor Notes:
Purpose Explain how the ping command helps test and debug networks.
Details ping - protocol internet groper
How it works: sends packet and is echoed back
Successful return means successful configuration of both systems.
Can be used with host names as well.
It is a very simple command but provides very valuable insight into the network and is
useful for beginning problem determination.
We spend more time on ping and some of its options in the troubleshooting topic later in
the week.
Additional Information The TTL is different for other operating systems. All UNIX
systems use a TTL of 255, but operating systems like VM or DOS may use a different
value.
Transition Statement The next thing you might want to do is test name resolution to be
sure it is working properly. The host command can be used to do this.
Uempty
Verifying Name Resolution
Purpose: Resolves a host name into an Internet
address or vice versa
or
# host 10.19.98.3
host sys3 is 10.19.98.3
Notes:
The host command returns a host name and IP address.
The host command searches through the /etc/hosts file and finds the first match of the
parameter specified with the command. If any aliases are associated with the parameter,
they too will be displayed.
When using the host command to verify name and address resolution, be sure that host
<system name> and host <ip address> return consistent information.
Instructor Notes:
Purpose Explain the use of the host command.
Details Tests the name resolution method of the system by searching the /etc/hosts
file. Good way to check name resolution and reverse name resolution.
Additional Information DNS is covered later in the week. Try to defer questions on
nameservers for later. Realize the nslookup command can do name resolution, but only
use DNS. This could cause problems when using nslookup for researching names/IP
addresses on a flat network.
Transition Statement One other item you may wish to check on is address resolution.
The arp command can be used to do this.
Uempty
Verifying Address Resolution
Purpose: Display and modify address resolution
Example: # arp -a
Notes:
Dynamic entries are added during the course of normal IP traffic on a physical network.
Infrequently used mappings added in this fashion have a short lifetime in the ARP table.
After 20 minutes (by default) without reference to the entry, it is then purged from the table.
Entries that are never answered are purged from the table after three minutes.
Permanent entries are loaded into the ARP table once at boot time and are useful if a host
must communicate with a node that cannot respond to an ARP request during some part of
its startup procedure (for example, diskless).
Instructor Notes:
Purpose Discuss the output of the arp command.
Details The arp table shows the names, IP addresses, and physical addresses of
systems that have been recently contacted. This is the internet-to-adapter address
translation table used by the Address Resolution Protocol (ARP).
-a displays all the current ARP entries.
-d deletes any entry. You must have root authority to execute arp. It may be necessary to
delete entries. For example, when a system's Ethernet card is changed because it went
bad, the ARP table's physical address no longer agrees. If it hasn't been 20 minutes since
trying to access the system it may not have been purged for you.
-n suppresses name resolution in the arp cache.
For entries like Xstation and diskless, a permanent entry is listed because these systems
can't respond to an ARP request at certain times during system startup.
The default time-out for an entry in the arp cache can be changed using the no command.
Additional Information Gratuitous ARP provides the following two features:
If the hardware address for an IP Address changes, all other hosts on the cable that has
an ARP entry with the old hardware address update their entry with the new hardware
address
When assigning an IP Address to an interface, it is possible to detect if another host is
already configured with the same IP Address
Transition Statement Now you have the system communicating, let's see what
services we are offering to the world.
Uempty
Verifying Open Ports
Purpose: Display Open TCP/IP Application Ports
Notes: The last thing you might want to verify is what services you are offering to the
outside world. Remember: Every server service you are running requires a specific,
well-known port.
The netstat -a -f inet command lists all open UDP and TCP ports, both the server ports
(which are in the LISTEN state), and any client connections to or from any port (which are
in the ESTABLISHED state).
The above example shows a subset of open TCP ports.
Instructor Notes:
Purpose Cover the netstat -a -f inet command.
Details
Additional Information Explain that listing open ports is important as they are often
used as a point of attack from hackers.
Transition Statement That's it. Let's do the checkpoint questions.
Uempty
Checkpoint
1. What is a good first command to use to test if two hosts are
talking to each other on a network?
2. What command can you use to test for proper name resolution,
both name to address and address to name?
3. What command displays what is in your arp cache?
4. What command shows the network status including input and
output packets transmitted on a network interface?
5. What files need to be set up correctly in order for any user to have
access to telnet services?
Notes:
Instructor Notes:
Purpose Present the checkpoint questions.
Details
Checkpoint Solutions
1. What is a good first command to use to test if two hosts are talking
to each other on a network? ping
2. What command can you use to test for proper name resolution,
both name to address and address to name? host
3. What command displays what is in your arp cache? arp -a
4. What command shows the network status including input and
output packets transmitted on a network interface? netstat -i
5. What files need to be set up correctly in order for any user to have
access to telnet services? /etc/services,/etc/inetd.conf and
/etc/rc.tcpip
Additional Information
Transition Statement Lets move onto the exercise.
Uempty
Exercise:
Exercise 3
Notes:
Instructor Notes:
Purpose Transition to the exercise for this unit.
Details
Additional Information
Transition Statement Lets review some of the key points we covered in this unit.
Uempty
Unit Summary
Only one SMIT screen is required to configure TCP/IP - Minimum
Configuration and Startup
Several files are used by TCP/IP - /etc/rc.net, /etc/rc.tcpip,
/etc/services, /etc/inetd.conf, /etc/hosts
ifconfig, hostname, ping, netstat, arp, and host are commands
used in configuring or testing TCP/IP
TCP/IP services can be controlled using the System Resource
Manager commands
Notes:
Instructor Notes:
Purpose Review some of the key points covered in this unit.
Details
Additional Information
Transition Statement Thats the end of this unit.
References
IBM Training course:
AU73 Logical Partitioning (LPAR) on POWER5 pSeries
Systems
http://www-03.ibm.com/servers/aix/whitepapers/aix_vn.pdf
Virtual Networking on AIX 5L (whitepaper)
http://www.redbooks.ibm.com/
Advanced POWER Virtualization on
IBM Eserver p5 Servers:
Introduction and Basic Configuration
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
http://www.redbooks.ibm.com/
Advanced POWER Virtualization on
IBM Eserver p5 Servers:
Architecture and Performance Considerations
Uempty
Unit Objectives
After completing this unit, you should be able to:
Discuss IEEE 802.1Q (VLAN) concepts and terminology
Discuss AIX 5L support for VLAN
Describe basic virtual I/O features available on POWER5-based
servers
Describe the functions of the virtual hypervisor Ethernet switch
Configure and use a virtual Ethernet adapter
Notes:
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Students are introduced to the protocols involved in implementing virtual
Ethernet, or VLAN, and how to configure VLAN connections between partitions on the
same managed system.
Details We start with an introduction to IEEE 802.1Q, which could be using a physical
switch or the hypervisor switch. Then we discuss AIX support for 802.1Q. Next, we
introduce virtual I/O. Once weve laid that ground work, we then discuss virtual Ethernet
and explain how 802.1Q is used with virtual Ethernet.
Additional Information
Transition Statement Well start with a general discussion of IEEE 802.1Q.
Uempty
IEEE 802.1Q VLAN (1 of 2)
VLAN is a method to logically segment a physical network
Layer 2 connectivity restricted to members of the same VLAN
ent1
ent1 ent2
ent0 ent0
ent0 ent0
Trunk
S1 S2
PVID 1
Tagged Untagged VID 20 Untagged Tagged
PVID 1 PVID 10 PVID 20 PVID 1
VID 10, 20 VID 20
Notes:
Introduction
Virtual Local Area Network (VLAN) is described by the IEEE 802.1Q standard. VLAN is
a method to logically segment a physical network such that layer 2 connectivity is
restricted to members that belong to the same VLAN. This separation is achieved by
tagging Ethernet packets with their VLAN membership information and then restricting
delivery to members of that VLAN.
In the visual shown above, Ethernet Switches S1 and S2 share VLAN 20 through
tagged trunk ports. Hosts H1, H2 share network VLAN 10. Hosts H1, H3 and H4 share
network VLAN 20.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce IEEE 802.1Q virtual LAN.
Details The virtual Ethernet on POWER5 systems is based on an implementation of
IEEE 802.1Q VLAN. We introduce it here as a background technology before explaining
how virtual Ethernet is implemented on the IBM system p5 systems.
Define what it means to be VLAN aware.
The example in the visual shows that H1 has two VLAN ports labeled ent1 and ent2 and
they use the physical device ent0. On H4, ent1 is a VLAN device using the physical device
ent0.
Explain the difference between a VID and a PVID. The PVID is the default VID used for
untagged packets.
Explain that hosts on a particular VLAN recognize the packets for that VLAN.
The switches in this example must be VLAN aware.
Additional Information
Transition Statement Lets examine the terminology used when describing VLAN
configurations.
Uempty
IEEE 802.1Q VLAN (2 of 2)
Method:
Outgoing packets:
VLAN aware host: Packets are tagged with VID by host
VLAN unaware host: Packets are tagged with the PVID by the switch
Incoming packets:
Switch strips the PVID from packets before sending to the host
adapter (VLAN unaware host is protected from tagged packets - which
it won't understand)
If VIDs are associated with the switch port, they remain in the packet
when sent to the host (VLAN aware host will handle these)
Recommendation:
Single network per adapter use untagged port and PVID
Multiple networks per adapter use VID
AIX support:
AIX supports both VLAN aware and unaware adapters
Normal Ethernet adapters are VLAN unaware.
VLAN logical device - which is VLAN aware.
The VLAN device is a logical device that sits on top of a base adapter.
Copyright IBM Corporation 2006
Notes:
Terminology
Ports on a switch are configured as being members of the VLAN designated by the VID
for that port. The default VID for a port is referred to as the Port VID (PVID).
Method
The VID can be added to an Ethernet packet either by a VLAN aware host or by the
switch in the case of VLAN unaware hosts. Therefore, ports on an Ethernet switch have
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
to be configured with information indicating whether the host connected is VLAN aware
or unaware.
For VLAN unaware hosts, a port is set up as untagged and the switch will tag all
packets entering through that port with the Port VLAN ID (PVID). It also untags all
packets exiting that port before delivery to the VLAN unaware host. A port used to
connect VLAN unaware hosts is called an untagged port, and it can only be a member
of a single VLAN identified by its PVID.
Hosts that are VLAN aware can insert and remove their own tags and can be members
of more than one VLAN. These hosts are typically attached to ports that do not remove
the tags before delivering the packets to the host, but inserts the PVID tag when an
untagged packet enters the port. A port only allows packets that are untagged or tagged
with the tag of one of the VLANs the port belongs to.
These VLAN rules are in addition to the regular MAC address based forwarding rules
followed by a switch. Therefore, a packet with a broadcast or multicast destination MAC
also gets delivered to member ports that belong to the VLAN that is identified by the
tags in the packet. This mechanism ensures the logical separation of physical network
based on membership in a VLAN.
Recommendation
In general, configuration is simpler when ports are untagged and only the PVID is
configured because the attached hosts do not have to be VLAN aware and they do not
require any VLAN configuration.
However, this scenario has the limitation that a host can access only a single network
using a single adapter. Additional VIDs can be used when multiple networks are being
accessed through a single Ethernet adapter.
There are several reasons you might want to access multiple networks through one
adapter:
- Physical limitation on the number of adapters or switch ports
- You might want different types of traffic to use different Quality of Server (QoS)
rules. You can use VLANs to separate the different types of traffic and then define
QoS rules for each network.
AIX support
AIX supports both VLAN aware and VLAN unaware adapters.
- VLAN unaware
Normal Ethernet adapters are VLAN unaware.
- VLAN aware
AIX provides VAN support by implementing VLAN logical devices. You can configure
multiple VLAN devices on a single system. Each VLAN device constitutes an
Uempty additional Ethernet adapter instance and is associated with a base Ethernet adapter.
Each VLAN device is assigned a VLAN ID and can be configured with an IP
address. An example is shown on the next page.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe how packets are tagged when on a VLAN.
Details Untagged packets use the PVID. A VLAN aware host uses its assigned VLAN.
Additional Information
Transition Statement Lets look at a simple VLAN scenario to illustrate these concepts.
Uempty
Simple VLAN Scenario
en1
10.4.10.100
VLAN 10
Copyright IBM Corporation 2006
Notes:
Example
In the example shown in the visual above, there are two VLANs in use. HOST1, HOST2
and HOST3 are connected together on VLAN 1.
VLAN 1
HOST2 and HOST3 access VLAN 1 using Ethernet adapters (ent0) that are VAN
unaware. The switch ports are configured with a PVID of 1, and no additional VLAN IDs.
HOST1 accesses VLAN 1 with a Ethernet adapter (ent0) that is also VLAN unaware
and is connected to a port with a PVID of 1. The interface en0 is configured on this
device. Packets sent out on the interface en0 will be tagged with VLAN ID 1.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
VLAN 10
HOST1 and HOST3 are also connected to VLAN 10. HOST3 accesses this VLAN using
an Ethernet adapter (ent1) that is VLAN unaware and is connected to a switch port
configured with a PVID of 10, and no additional VLAN IDs. HOST3 has configured the
interface en1 for this device.
HOST1 accesses VLAN 10 using a VLAN device (ent1) that is associated with the
Ethernet adapter ent0. The switch port connected to Ethernet adapter ent0 is
configured with a PVID of 1, but is also configured with a VLAN ID of 10. The VLAN
device ent1 is configured with a VLAN Tag ID of 10. The interface en1 is configured on
the VLAN device. This allows HOST1 to access VLAN 10.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Add A VLAN
[Entry Fields]
VLAN Base Adapter ent0
* VLAN Tag ID [] #
Notes:
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
VLAN device
The VLAN device appears as an Ethernet device (ent2 in the visual above), with an
associated pair of interfaces (en2 and et2 in the visual above). The interfaces can be
configured just like the ones on a regular physical Ethernet adapter.
Note that the VLAN device is associated with a base device (ent0 in this example).
All packets leaving the machine on the configured interface are tagged with the VLAN
ID.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
Virtual I/O is the term used to describe the ability to share physical I/O resources
between partitions. The physical resources being shared are adapter cards located in
PCI-X slots of the managed system.
Terminology
Virtual I/O has its own set of terminology to describe the major components.
Virtual networking
This unit discusses creating and using virtual Ethernet adapters. Shared Ethernet
adapters are discussed in a later unit.
Virtual SCSI is not discussed in this class.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
Why would we want to virtualize I/O? The requirement is being driven primarily by
partitioning capabilities. The POWER5 systems are capable of being configured with
many more partitions than the previous POWER4 systems. The POWER5 architecture
supports up to 254 partitions. With large numbers of processors being supported, and
each processor capable of supporting up to ten Micro-Partitions, a system can soon run
out of available adapter slots.
Each partition that is created has a minimum requirement of two adapter slots. One slot
is required for use to connect to a boot device of some form (typically either SCSI or
Fibre Channel disk drives), and a second slot is required for an Ethernet adapter for
network access. A network adapter may or may not be required for users to access the
partition, however it is required for the HMC to communicate with the partition for
DLPAR and serviceable event functions.
Uempty With this minimum two-adapter requirement, the number of slots on a machine would
be a limiting factor in the number of partitions that could be run concurrently, unless the
I/O subsystem could be virtualized to some degree.
Limitation example
As an example, the p5-570 system supports up to 16 POWER5 processors. If
configured with the Advanced POWER Virtualization feature, this system is capable of
running up to 160 partitions concurrently. However, the machine supports a maximum
of 160 PCI-X adapter slots, so with a two slots per partition minimum, the maximum
number of partitions that could be created without the use of virtual I/O would be 80.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Explain the drivers for virtualizing the I/O capabilities.
Details Current systems support up to 160 Micro-Partitions running concurrently. Future
systems support up to the 254 partition limit.
Additional Information
Transition Statement What are some of the benefits of virtual I/O?
Uempty
Benefits of Virtualized I/O
Partitions can be created without requiring additional physical I/O
resources
Economical I/O model
Efficient utilization of resources through sharing
Facilitates server consolidation
Allows client attachment to previously unsupported storage
solutions
Notes:
Introduction
The main benefits of virtualized I/O are:
- Partitions can be created without requiring additional physical I/O resources. The
new partitions can be configured to use virtualized I/O resources, which allows them
to be configured in a timely manner, since no physical reconfiguration of the system
(that is, moving adapter cards and cables) is required.
- Virtualized I/O allows an economical I/O model, since it allows multiple partitions to
share common resources. For example, multiple partitions can share a single
physical adapter. Without virtualized I/O, each partition would require its own
adapter, even if the full capacity of the adapter was not being utilized.
- The use of virtualized I/O facilitates server consolidation. It permits multiple client
partitions to reside on a single machine, and make efficient use of shared resources.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
- The use of virtualized I/O may permit partitions to use (through a virtualized I/O
interface) a type of physical device that is not supported for native connection to the
partition. For example, a client partition would be able to make use of a virtual SCSI
disk that was being provided by the Virtual I/O Server partition, even if the physical
device attached to the server partition is not supported by the operating system
running in the client partition.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
Virtual Ethernet enables inter-partition communication without the need for physical
network adapters assigned to each partition. This technology enables IP-based
communication between logical partitions on the same system using a VLAN capable
software switch (POWER Hypervisor) in POWER5 systems. Due to the number of
partitions possible on many systems being greater than the number of I/O slots, virtual
Ethernet is a convenient and cost saving option to enable partitions within a single system
to communicate with one another through a virtual Ethernet LAN.
The virtual Ethernet interfaces may be configured with both IPv4 and IPv6 protocols.
Uempty physical Ethernet adapter which connects to a physical Ethernet network. To use virtual
Ethernet to connect to a physical Ethernet adapter which connects to a physical Ethernet
network, you must configure a shared Ethernet adapter. This will be discussed in a later
unit.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe virtual Ethernet in an LPAR environment.
Details Describe the basics of virtual Ethernet. Remind the students that there is no
extra software to install to make this work and you do not need a Virtual I/O Server.
Additional Information
Transition Statement Lets look at a conceptual diagram.
Uempty
Virtual Ethernet
Allows partitions to communicate without using a physical Ethernet
adapter
4 2 6 6 CPUs
CPUs CPUs CPUs
I/O Server
Partition
Linux AIX5.3 AIX5.3
AIX 5.3
AIX 5.3
AIX 5.3
Linux
Linux
Virtual I/O paths
POWER Hypervisor
I/O I/O I/O I/O
Storage Network Storage Network Storage Network Storage Network
Notes:
Introduction
Virtual Ethernet technology is supported on AIX 5L V5.3 on POWER5 hardware. This
technology enables IP-based communication between logical partitions on the same
system using a VLAN capable software switch in POWER5 systems.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce virtual Ethernet on POWER5 systems.
Details The visual shows the VLAN connections between partitions within a single
managed system. The POWER Hypervisor is the switch for these VLANs. The visual
shows a simplified picture with one to one connections. In reality, VLANs can have many
hosts and each partition can belong to many VLANs.
Also note that LPARs can use both physical and Virtual adapters.
Additional Information
Transition Statement Lets look at some of the underlying technologies that are used to
implement virtual Ethernet.
Uempty
p5 Hypervisor Ethernet Switch
Software Ethernet switch implementation
Consistent with IEEE 802.1Q
Up to 4094 networks (VLAN IDs)
PVID tag for untagged packets
Copies packets between partitions
Included with all IBM System p5 systems
Does not require Advanced POWER Virtualization feature
Notes:
Introduction
POWER5 hardware supports inter-LPAR communication using virtual networking. The
POWER Hypervisor on POWER5 systems supports virtual Ethernet adapters that are
connected to an IEEE 802.1Q (VLAN) style virtual Ethernet switch. Using this switch
function, partitions can communicate with each other by using virtual Ethernet adapters
and assigning VIDs (VLAN ID) that enable them to share a common logical network.
The switch supports up to 4094 VLAN IDs.
The virtual Ethernet adapters are created and the VID assignments are performed
using the Hardware Management Console (HMC). The system allows virtual Ethernet
adapters to be configured with a PVID, that will be used to tag untagged packets.
The POWER Hypervisor transmits packets by copying the packet directly from the
memory of the sender partition to the receive buffers of the receiver partition without
any intermediate buffering of the packet.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
VLAN 300
POWER Hypervisor (switch)
Notes:
Introduction
A partition needs to use virtual Ethernet adapters to communicate with the Hypervisor
Ethernet switch. The virtual Ethernet adapters are created and the VID assignments are
performed using the Hardware Management Console (HMC). The system allows virtual
Ethernet adapters to be configured with a PVID, that will be used to tag untagged
packets.
By default, a partition may have up to 10 virtual adapter slots. Two of these slots are
used by default for virtual serial adapters, which are used to implement the virtual
console facility. The number of virtual adapters in a partition may be increased as
needed up to 256.
VLAN Access
Besides a PVID, the number of additional VID values that can be assigned per virtual
Ethernet adapter is 20 which implies that each virtual Ethernet adapter can be used to
access 21 networks.
Packet Delivery
The packets are transmitted by copying them directly from the memory of the sending
partition to the receive buffers of the receiving partition without any intermediate
buffering of the packet.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce the concept of virtual Ethernet adapters.
Details You must create a virtual Ethernet adapter for each VLAN used by a partition.
Each virtual adapter that you create can connect to up to 20 VLANs. The next visual shows
how to create a virtual Ethernet adapter.
Additional Information
Transition Statement So, how do we create a virtual Ethernet adapter?
Uempty
Creating a Virtual Ethernet Adapter (1 of 4)
Notes:
Introduction
virtual Ethernet adapters are created by using the HMC. The Virtual I/O tab of the
partition profile dialog box is used to create virtual adapters of differing types. By
default, a partition may have up to 10 virtual adapters. This number can be changed to
any value from 2 to 65536, but it requires the partition to be reactivated before the new
value is used.
The higher the maximum number is, the more memory the managed system reserves
to manage the virtual adapters, so specify only the number of virtual adapters you are
likely to use.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Properties from the pop-up menu. This starts the Profile Properties dialog. Select the
Virtual I/O tab to create a virtual Ethernet adapter. Once the tab is visible, select the
Ethernet radio-button on the Create Adapters panel, and then click the (Create...)
button.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Adapter properties
The adapter is created in the lowest numbered available virtual slot. The number can be
changed if desired, within the limits of the maximum number available for the partition.
You should enter the Port Virtual LAN ID that is used for this adapter. This is the ID of
the virtual LAN that you want the adapter to connect to. By default, each adapter can
connect to a single VLAN.
Once you have entered the PVID value, click the OK button to add the adapter.
The IEEE 802.1Q setting allows the adapter to be configured to access multiple VLANs.
The Trunk adapter setting should not be used for virtual Ethernet adapters in client
partitions. This setting is only for use by special virtual Ethernet adapters owned by the
Virtual I/O server partition.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
Once the adapter has been created, it shows up in the Virtual I/O panel of the partition
profile. The adapter information shows the virtual slot the adapter is in, the type of the
adapter, and whether it is required or not. If the Required setting is checked, the virtual
adapter cannot be removed from the partition using a DLPAR remove operation. By
default, newly created adapters are not marked as Required.
Click the OK button once you have added the desired virtual adapters.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
+------------------------------------------------------------------------+
| Available Network Interfaces |
| |
| Move cursor to desired item and press Enter. |
| |
| en0 03-08 Standard Ethernet Network Interface |
| en1 Standard Ethernet Network Interface |
| et0 03-08 IEEE 802.3 Ethernet Network Interface |
| et1 IEEE 802.3 Ethernet Network Interface |
| |
| Esc+1=Help Esc+2=Refresh Esc+3=Cancel |
| Esc+8=Image Esc+0=Exit Enter=Do |
| /=Find n=Find Next |
+------------------------------------------------------------------------+
Copyright IBM Corporation 2006
Notes:
Introduction
Once the virtual Ethernet adapter has been added, you should activate the partition
using the newly modified profile. The virtual Ethernet adapter is listed as an available
boot device if you enter the SMS menus.
AIX detects the presence of the newly added virtual Ethernet adapters, and adds
appropriate ODM device entries, for example ent1 as shown in the visual above. Since
the newly added device is an Ethernet adapter, the configure method for the adapter
also defines associated network interfaces, for example, en1 and et1 as shown in the
visual above.
Note that the virtual adapter instance and associated interfaces do not have AIX
location codes, since they are virtual devices.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Uempty to the VLAN. The VLAN device is configured with the VLAN ID (tag) that is added to all
packets that are sent on the interface configured on the VLAN device (enN or etN).
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe limit on the number of virtual Ethernet adapters in a single partition.
Also introduce the concept of a VLAN device, which is used to access a VLAN which used
multiple VLAN IDs.
Details This visual lists more information about VLAN devices.
The use of virtual Ethernet adapters may affect system performance since it is a little more
CPU-intensive than using physical adapter cards. Physical adapter cards off load some of
the CPU work.
The speed of the virtual Ethernet communications varies from 1 Gbps to 3 Gbps depending
on the maximum transmission unit (MTU) size. The largest MTU size will result in the
fastest speed.
Additional Information
Transition Statement Lets look at how we configure a virtual Ethernet adapter to
access multiple VLANs.
Uempty
Multiple VLANs on a Virtual Ethernet Adapter
1. Add VLAN information to virtual Ethernet adapter in HMC profile
2. Add VLAN adapters in AIX using virtual adapter as the base adapter
smitty addvlan
Copyright IBM Corporation 2006
Notes:
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Add VLAN devices in AIX using the virtual adapter as the base adapter
Once we have configured the virtual adapter for multiple VLANs, we then need to add
and configure one or more VLAN devices in AIX. See Adding VLAN Access (1 of 2) on
page 14 for details.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
en1
10.4.10.100
VLAN 10
Copyright IBM Corporation 2006
Notes:
Example
This example is basically the same as Simple VLAN Scenario on page 11. Except
here we are using virtual adapters and the hypervisor switch, instead of physical
adapters and a physical switch.
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
1. T/F: To use Virtual Ethernet, you must order the Advanced
POWER Hypervisor feature.
2. T/F: AIX 5L 5.2 can be configured with Virtual Ethernet.
3. T/F: Virtual Ethernet supports both IPv4 and IPv6 environments.
4. T/F: When listing devices with lsdev it is easy to see which are
physical Ethernet devices, which are virtual and which are VLAN
devices.
5. The PVID for a virtual Ethernet adapter is configured in the
_____________.
6. To use multiple VIDs with a virtual Ethernet adapter, the VIDs must
be defined in the _____________________ and in the
_________ in AIX.
7. Associate the term with its definition:
__ IEEE 802.1Q A. Identifies a virtual LAN
__ VID B. Virtual LAN standard
__ PVID C. Default VID associated with a switch port
Notes:
Checkpoint Solutions
1. T/F: To use Virtual Ethernet, you must order the Advanced
POWER Hypervisor feature. False.
2. T/F: AIX 5L 5.2 can be configured with Virtual Ethernet. False.
3. T/F: Virtual Ethernet supports both IPv4 and IPv6 environments.
True.
4. T/F: When listing devices with lsdev it is easy to see which are
physical Ethernet devices, which are virtual and which are VLAN
devices. True.
5. The PVID for a virtual Ethernet adapter is configured in the
HMC partition profile.
6. To use multiple VIDs with a virtual Ethernet adapter, the VIDs must
be defined in the HMC partition profile and in the
VLAN adapter in AIX.
7. Associate the term with its definition:
_B_ IEEE 802.1Q A. Identifies a virtual LAN
_A_ VID B. Virtual LAN standard
_C_ PVID C. Default VID associated with a switch port
Additional Information
Transition Statement
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise:
Configuring
Virtual
Ethernet
Notes:
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Summary
IEEE 802.1Q (VLAN) provides for network traffic isolation at layer two within an
Ethernet switch
Additional VLAN ID (VID) field added to Ethernet packets identifies the VLAN
Port VID (PVID) is default VID for a switch port
Untagged packets from host are tagged with this VID
Tagged packets to a VLAN unaware host have the PVID tag stripped
Additional VIDs can be assigned to a switch port (for VLAN aware hosts)
AIX 5L supports 801.1Q (VLAN) through the creation of VLAN adapters:
VLAN adapter is associated with a base adapter
Base adapter can be a physical or a virtual Ethernet adapter
One VLAN ID per VLAN adapter; multiple VIDs can be supported by using
multiple VLAN adapters
The hypervisor in POWER5-based systems implements a virtual Ethernet switch
and supports virtual Ethernet adapters for communications between LPARs
The hypervisor switch copies packets directly from sending LPAR memory to
receiving LPAR memory, which provides for very fast transfers
Virtual Ethernet adapters are created in the partition profile in the HMC
Once reactivated, AIX 5L V5.3 detects these virtual adapters
Network interfaces are configured on virtual Ethernet adapters, just like a
physical adapter
The hypervisor switch supports 802.1Q
A PVID must be assigned when the virtual Ethernet adapter is created in the HMC
Additional VIDs can be associated with the virtual Ethernet adapter
Copyright IBM Corporation 2006
Notes:
Copyright IBM Corp. 1997, 2006 Unit 4. Configuring Virtual Ethernet 4-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
References
http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp :
AIX 5L Version 5.3 System Management Guide:
Communications and Networks
http://www.redbooks.ibm.com/ :
AIX 5L Differences Guide
Version 5.3 Edition
Unit Objectives
After completing this unit, students should be able to:
Notes:
Routing
Host A Host B
Network P Network Q
Notes:
A route defines a path for sending packets through the Internet to an address on another
network. A route does not define the complete path, only the path from a host to a gateway
(router) that can then forward packets on to either the destination or to another gateway.
The term routing refers to the process of choosing a path over which to send packets, and
router refers to any computer making such a choice.
Routing is performed by the IP layer. IP routers are used to connect different networks. No
daemons are necessary to make routing occur on a host.
Message distance is usually expressed in the number of gateway hops or hop count (called
the metric).
The distance a message travels from originating host to destination host depends upon the
number of gateway hops it must make.
A host is zero hops from a network on which it is attached. It is one hop from a network that
can be reached by going through only one gateway.
Host C
if Routing if
Network P Network Q
x Table y
Notes:
Routers connect two or more networks and provide routing functions. The term gateway in
this context is used interchangeably with router.
Some routers route at the network interface level or the physical level.
Gateways route at the network level. Gateways receive IP datagrams from other gateways
for delivery to hosts on the local network and route IP datagrams from one network to
another. Gateways periodically verify their network connections through interface status
messages.
Gateways route packets according to the destination network. The destination network
then takes care of sending the packet to the destination host.
Routing Implementation
10.19.99.17
subnet mask sys1
sys17
255.255.255.0 10.19.98.1
subnet mask
10.19.99.20 10.19.99.11 sys5
sys11 255.255.255.0
Internet sys20
sys11e 10.19.98.5
sys20e
152.64.10.1 10.19.98.11
sys13 sys10
10.19.99.13 10.19.98.10
Notes:
A route does not define the complete path. It defines only the path segment from one host
to a gateway that can forward packets to a destination, or from one gateway to another.
Routes are defined in the kernel routing table. Each routing table entry has two
components; destination address (where you want to end up) and gateway address (where
the packet gets sent on its way to its final destination).
TCP/IP searches the route table for a best fit match in the following order:
A host route defines a route to a specific host through a gateway. The routing IP
algorithm still sees a host address as a network; it is simply a perfect match.
A network route defines a route to any of the hosts on a specific network through a
gateway.
A default route defines a gateway to use when a host or network route to a destination
is not otherwise defined.
Hosts should not forward IP datagrams unless specifically configured as a router. Most
BSD-derived implementations (AIX) include a kernel variable called ipforwarding, which
Uempty is used to control this behavior. The no command is used to view or change the value of
ipforwarding.
no -o ipforwarding
ipforwarding=0 (do not forward)
ipforwarding=1 (do forward)
To change it: no -o ipforwarding=value ,
where value is 0 or 1.
Instructor Notes:
Purpose Explain host, network, and default routes and demonstrate how a router works
using the networks in the foil.
Details Using the drawing, explain each type of route table entry. The route table
resides on sys17.
In evaluating the route table, priority is host entries, network entries, and then finally default
entry.
The first one is a host route. This means I can only talk to this particular host on the
specified network. Typically, host routes are not used. In this case, it is defining the IP
address for Host G.
The second entry is a network route. It is a direct route because sys17 is physically
connected to that network.
The third example is a default route. If it's not for my network, pass it to the router. Maybe
the router knows how to pass it on to get it to the final destination.
There can be multiple entries. The router takes the first match.
Additional Information If there is no default route and no match exists for a destination,
an error is returned to the application. This message is Cannot reach destination network.
Transition Statement We've only seen the destination or the where to go part of a
route. There needs to be information on how to get there, like a roadmap.
Discussion Items
How many networks are there? 3
Which hosts are routers? sys11, sys20
When are the direct route entries put in the routing table?
At configuration of the network adapter.
What host is the indirect route pointing to? sys11
What is the difference between the indirect route and the default route? If destination is
not one of the three networks listed, pass it on to sys20 and hope it can pass it on using
information stored in its routing table.
Transition Statement Since routing is done on every system in a network, let's see
what IP goes through to decide where to send a message.
Uempty
IP Routing Algorithm
Consults
routing table
Y
Is it for me? Keep it Local Host
N
N
Do I have a Y Send to
Remote Host
specific
route?
router
N
No route
to host
Copyright IBM Corporation 2005
Notes:
Both hosts and gateways participate in IP routing. When an application program on a host
attempts to communicate with another host, one or more IP datagrams are generated. The
host must decide to which IP address the datagrams should go. This address may be to a
host on the same network or to another network.
Three types of routing table entries can be seen. They are:
Direct This occurs when both the source and destination hosts are on the same
physical network. The packets can be sent directly from the source to the destination.
Indirect This occurs when the source and destination hosts are on different physical
networks. The only way to reach the host is through one or more IP gateways. The
address of the first of these gateways (the first hop) is the only information needed by
the source host.
Default This is to be used if the destination IP network address is not found in the
direct or indirect entries.
The IP routing mechanism only considers the IP network address part of the destination
address.
Instructor Notes:
Purpose Show students how IP routes.
Details Every system has to process outgoing IP datagrams through the IP routing
algorithm. This algorithm decides:
On which physical adapter the datagram is sent.
Whether the destination host is on the local network or not. If it is, it is sent to the
physical address of the destination host. If it isn't, the datagram is sent to the physical
address of the gateway.
The base algorithm is needed on all IP hosts and is sufficient to handle the base gateway
function. Incoming datagrams are also checked to see if the local host is the IP destination
host.
Because both hosts and gateways route datagrams, both have routing tables. Whenever a
host or gateway needs to transmit a datagram, it consults the routing table to decide where
to send the datagram.
The routing table always points to gateways that can be reached across a single physical
network. Thus, all gateways listed in a host's or gateway's routing table must lie on a
network to which it is directly connected.
Routing within the same network is called direct routing.
Routing that requires the services of a gateway to transfer datagrams from one network to
another is called indirect routing.
Routing in which the destination IP network is not specifically found is called the default
route. It is the route an IP datagram goes if its destination network is not listed in the routing
table.
Explain the routing algorithm by discussing each decision box. These steps are followed by
every router with each address comparing it to the entries in the route table.
Discussion Items
How many parts make up an IP address?
Two - host and network
During routing, are both parts analyzed?
No - just the network part
Transition Statement To see what routers are in the kernel's routing table, use the
netstat -rn command.
Uempty
Viewing the Routing Table: netstat -rn
Output:
# netstat -rn
Routing tables
Destination Gateway Flags Refs Use If PMTU Exp Groups
Notes:
The routing table displayed indicates the available routes and their statuses. This example
is for sys1 (10.19.98.1). sys11 (10.19.98.11) is the router that is used for the default route.
The routing table format indicates:
- Destination
Address of destination (host or network). If the destination is a network, the subnet
mask is indicated by /XX, where XX is the number of bits in the network portion of
the address.
- Gateway
Address of the next hop gateway.
- Flags
U=up
H=route is to a host
G=route is to a gateway
(See the man page for complete list of flags.)
- Refs
The current number of active users for the route.
- Use
A count of the number of packets sent using that route
- If
The network interface used for the route.
- PMTU
Gives the Path Maximum Transmission Unit for the route. Prior to AIX 5L V5.3,
PMTU values are kept in the routing table. Starting in AIX 5L V5.3, PMTU values are
kept in a separate PMTU table and are not displayed with netstat -r.
- Exp
Displays the time (in minutes) remaining before the route expires (for cloned routes
and ICMP redirect routes).
- groups
Provides a list of group IDs associated with that route.
Protocol Family 2 is IPv4; Family 24 is IPv6. The IPv6 entry shown is the IPv6 loopback
address.
The -r flag shows routing statistics.
The -n flag displays the network address as an IP address. When this flag is not used, the
addresses are displayed symbolically (example sys1).
Establishing Routes
Explicit
or
Dynam
t Static ic
Implici
Routing Table
Hosts
Networks
Default
Notes:
Implicit routes
The implicit method is performed when you configure an interface.
Explicit routes
Explicit routes are added by the network administrator.
Instructor Notes:
Purpose Outline how route entries are created.
Details An implicit entry is added for each interface that is configured in the system.
These are added automatically when you do TCP/IP configuration.
Explicit routes are added for remote hosts and networks. We show how to add them using
static routes shortly.
ICMP sends re-direct messages to alter routing information in the routing table. ICMP
redirects are covered shortly.
Additional Information PMTU is active by default. RFC 1191 provides the mechanism
to discover the PTMU. Several parameters under the no command are:
udp_pmtu_discover (turns on pmtu discover for UDP)
tcp_pmtu_discover (turns on pmtu discover for UDP)
route_expire (Specifies whether unused routes created by cloning, or created and
modified by redirects expire. There is no cloning in AIX 5L V53.)
pmtu_default_age (Specifies the default amount of time (in minutes) before the path
MTU value for UDP paths is checked for a lower value.)
pmtu_expire (Specifies the default amount of time (in minutes) before which the
unused path MTU entries are deleted.)
pmtu_rediscover_interval (Specifies the default amount of time (in minutes) before
the path MTU value for UDP and TCP paths are checked for a higher value.)
Uempty
Static Routing
Manually updated
Practical in small, stable networks
route command
Configured through SMIT
No daemons are involved
Notes:
With static routing, the routing table is maintained manually with the route command or
through SMIT.
Instructor Notes:
Purpose Describe the characteristics of static routing.
Details Static routing is a good method to use to show how routing works. Since it is
only practical in small, stable networks, few people use only static routing. In the next
visual, we take students through the steps of configuring static routes.
You can enter routing table entries from the command line. Keep in mind that they are only
in memory. At reboot, the route table entries are not available. This is a good method to use
to test routes.
The route command can be used either from the command line or via SMIT. Setting up
routing using SMIT stores the routing table information in the ODM. At system restart, the
routing tables are built using the ODM information.
There are no daemons to start or stop for static routing. The routing algorithm is built into
the IP layer of the protocol stack.
Transition Statement To get a better understanding of how routing works, let's look at
how to configure static routing using SMIT.
Uempty
Configuring Routing through SMIT
# smitty mkroute
[Entry Fields]
Destination TYPE net +
*DESTINATION Address [10.19.99.0]
(dotted decimal or symbolic name)
*Default GATEWAY Address [10.19.98.3]
(dotted decimal or symbolic name)
Cost [0]
Network MASK (hexadecimal or dotted decimal) [255.255.255.0] #
Network Interface []
Enable Active Dead Gateway Detection? no +
Is this a Local (Interface) Route? no +
Policy (for Multipath Routing Only) Default (Global) +
Weight (for Weighted Multipath Routing Policy) [1] #
Apply change to DATABASE only no +
Notes:
SMIT path
The following is the full path to get to this screen:
# smitty
Communications Applications and Services
TCP/IP
Further Configuration
Static Routes
Add Static Route
Fields
The fields in the Add Static Route panel are:
- destination TYPE
specifies whether this destination is a network or a host.
- DESTINATION address
specifies the IP address of the destination host or network. Can be specified as
either a dotted decimal number or symbolic name.
- Default GATEWAY address
specifies the IP address of the gateway. Can be specified as either a dotted decimal
number or symbolic name.
- COST
used to set priority of routes going to same destination. We will discuss this further
when we discuss multi-path routing in the Network Control unit.
- Network MASK
If subnet masking is being used, specifies the correct subnet mask.
- Network Interface
specifies which interface that the route should go through. Needed if you have
multiple interfaces connected to the same subnet.
- Enable Active Dead Gateway Detection?
We will discuss this further when we discuss multi-path routing in the Network
Control unit.
- Is this a Local (Interface) Route?
Normally, interface or implicit routes are created when you configure the interface.
This field allows you to do this manually.
- Policy (for Multipath Routing Only)
We will discuss this further when we discuss multi-path routing in the Network
Control unit.
- Weight (for Weighted Multipath Routing Policy)
We will discuss this further when we discuss multi-path routing in the Network
Control unit.
- Apply change to DATABASE only
specifies if both kernel and ODM should be changed:
no changes both the ODM and the kernel routing table in memory.
yes changes the ODM only.
route Command
# route command family flag dest netmask gateway
command
add
flush (or -f)
delete
change
monitor
family (optional)
-inet
-xns
flag (optional)
-net
-host
destination
symbolic name or numeric address
netmask (optional)
network mask
gateway
symbolic name or numeric address
Copyright IBM Corporation 2005
Notes:
The route command allows you to make manual entries into the network routing tables.
These entries are good only until the next system reboot.
-inet is the default family. -xns stands for Xerox Network System.
The route command distinguishes between routes to hosts and routes to networks by
interpreting the network address of the destination address. The optional keywords -net
and -host force the destination to be interpreted as a network or host respectively.
The route command does not update ODM. Thus, if you want entries to be permanent,
use SMIT. If you don't want to use SMIT, you can add route statements to the /etc/rc.net
file, but SMIT is the recommended method.
Select to list, add, remove, or flush. When you add or remove a route, you are required to
enter a destination address and gateway address. SMIT updates the ODM database.
4. # route -f
Notes:
1. This example establishes a host route for the destination host 10.19.98.1.
2. This example establishes a default route. The value 0 for the destination parameter
means that any packets sent to destinations not previously defined and not on a directly
connected network go through the default gateway. The value 0 really stands for the
dotted decimal value 0.0.0.0, which means any network or host.
3. This example adds a network route to the routing table with subnetmask
255.255.252.0.
4. This example clear the routing table of all routes except those created implicitly. The
term often used is flush the routing table. Also, route flush does the same thing.
5. This example deletes only the default route that was set in Step 2.
6. This example establishes a default route. Notice that you can use the word default just
like 0. Also, you can use a symbolic name instead of an IP address, as long as that
symbolic name can be resolved from /etc/hosts. What gets stored in the kernel's
routing table is the IP address.
All the above examples assume a subnet mask of 255.255.255.0 was applied.
Routing Example
135.9.19.5
sys1 sys8
sys5
5.10.10.1 201.64.23.8
Notes:
What needs to be done in order for all machines in the above diagram to communicate with
each other?
Uempty
ICMP Redirects
sys5
1. IP
datagram
destination
sys8
3. ICMP redirect
4. future IP datagrams
2. IP
sys4 datagram sys6
sys4e sys6e
sys8
Copyright IBM Corporation 2005
Notes:
When there is a better choice of a router for sending messages through than the one the IP
datagram was originally sent to, an ICMP redirect error message is generated, which
updates the sending host's routing tables. The process goes like this:
1. An IP datagram is sent from sys5 with a destination of sys8. sys5's routing table shows
sys4 as the router.
2. sys4 checks its routing table and sees there is a closer router to sys8's network. It
sends on the IP datagram to sys8.
3. Then sys4 sends an ICMP redirect message to sys5, which updates its routing table.
4. Future IP datagrams destined for sys8 goes to the new router.
The options ipsendredirects and ipignoreredirects network options are used to
control how AIX handles ICMP redirects. These options can be set with the no command.
Instructor Notes:
Purpose Describe how a routing table may be updated automatically without any of the
dynamic daemons running.
Details ICMP sends redirect messages when a better route to a host is noted.
ICMP redirects are only generated by routers and are intended only for use by hosts.
The network options that control ICMP redirects are:
ipsendredirects - a value of 1 causes AIX to send them; a value of 0 suppresses them.
ipignoreredirects - a value of 1 causes AIX to ignore and not process them; a value of 0
allows AIX to receive redirects and update its routing tables accordingly.
Additional Information The router performs the following checks to see if there is a
need for a redirect:
The other router to which the redirect references must be on the same physical
network.
The route it uses must not have been created or modified by a redirect.
The route it uses must not be the default route.
The kernel must be configured to send redirects. This can be checked with the no
command. Look for ipsendredirects set to true.
Before the host updates its routing table, it checks the following:
The new route must be on a directly connected network.
The redirect must have come from the router currently configured for that destination.
The route being modified is an indirect route.
Routers should send only host redirects, not network ones because subnetting makes it
difficult to specify when a network redirect can be used, and some hosts are configured to
accept all redirects as host redirects in case the router sends the wrong type.
Transition Statement There are two simple commands that can be used to report the
route a datagram takes to its destination. They are ping -R and traceroute. Let's look at
ping -R first.
Uempty
ping -R
Shows end-to-end connectivity
Shows outbound connections
Example:
# ping -R -c 3 labster
PING labster.beaverton.ibm.com: (9.47.87.20): 56 data bytes
64 bytes from 9.47.87.20: icmp_seq=0 ttl=254 time=1 ms
RR: bvr-fb-11-fe0-3.beaverton.ibm.com (9.47.87.1)
labster.beaverton.ibm.com (9.47.87.20)
bvr-fb-11-fe0-4.beaverton.ibm.com (9.47.88.1)
laurel171.beaverton.ibm.com (9.47.88.171)
64 bytes from 9.47.87.20: icmp_seq=1 ttl=254 time=1 ms (same route)
64 bytes from 9.47.87.20: icmp_seq=2 ttl=254 time=1 ms (same route)
Notes:
The -R option on the ping command includes a RECORD_ROUTE option in the ICMP
ECHO_REQUEST packet. Thus, it displays the route buffer on the returned packets.
Instructor Notes:
Purpose Show how ping -R works.
Details Refer to the visual of the complex routing example to go over the output. Show
students how in routes specified in the ping -R output the outbound connections of the
gateway both going to the destination and returning are shown. Point out that the route a
packet takes could change, in which case a new route listing would be shown.
Additional Information The IP header is only large enough to handle nine routes. Also,
hosts or gateways may ignore this option.
Transition Statement ping -R shows you the full round trip route of a datagram;
however, it only works if the route is complete in both directions. traceroute can be used
to find the break in connectivity. Let's look further at traceroute.
Uempty
traceroute
Example:
# traceroute sys10
Notes:
traceroute works by sending UDP packets toward an unused UDP port along the path to
a destination. Note that it introduces additional load into the network, and therefore should
be used sparingly.
Instructor Notes:
Purpose Show how traceroute works.
Details The traceroute command works by sending regular IP packets toward the
destination, progressively increasing the ttl field. When the first packet is sent, it has a ttl of
1. The first gateway on the path will receive it and decrease the ttl to 0. It then discards the
packet and sends back a ttl expired ICMP message. The source address of this message
identifies the gateway. The next message is sent with a ttl of 2. The first gateway passes it
on after decrementing the ttl, and the next gateway, after decrementing the ttl, sends an
ICMP error message back that identifies the second gateway, and so on. Three probes are
sent each time. This continues until the final destination is reached or the point where
connectivity is broken is identified.
Additional Information The three times displayed for each entry are the round-trip
times for the probe packets. If no response is received for a probe, then its time is shown
as "*".
Transition Statement Before the exercise, let's do a few checkpoint questions.
Uempty
Checkpoint
1. There are three types of routing table entries: direct, indirect, and
default. Which type occurs when the source and destination hosts
are on different physical networks and the destination is
specifically designated?
a. direct
b. indirect
c. default
2. When a network interface is configured, a route is created in the
route table. What is the term associated with the creation of this
route?
a. dynamic
b. implicit
c. static (or explicit)
3. T/F: The route -f (or route flush) command deletes ALL routes.
Notes:
Instructor Notes:
Purpose Review.
Details
Checkpoint Solutions
1. There are three types of routing table entries: direct, indirect, and
default. Which type occurs when the source and destination hosts
are on different physical networks and the destination is
specifically designated?
a. direct
b. indirect
c. default
2. When a network interface is configured, a route is created in the
route table. What is the term associated with the creation of this
route?
a. dynamic
b. implicit
c. static (or explicit)
3. T/F: The route -f (or route flush) command deletes ALL routes.
False. It flushes all routes except ones created implicitly.
Additional Information
Transition Statement Exercise.
Uempty
Exercise:
Static
Routing
Notes:
Instructor Notes:
Purpose Introduce exercise.
Details
Additional Information
Transition Statement Lets summarize this unit.
Uempty
Unit Summary
Routing is performed by the IP layer of TCP/IP. The IP routing
algorithm analyzes direct, indirect, and default routes
Routing tables are built from implicit, explicit/static or dynamic
entries
IP searches the route table by host routes, network routes, and
finally default routes
Static routes are created manually
Notes:
Instructor Notes:
Purpose Summary.
Details
Additional Information
Transition Statement End of this unit.
Unit Objectives
After completing this unit, students should be able to:
Describe the concept of dynamic routing
Define an autonomous system
Discuss the routing protocols for interior and exterior gateways
Configure the routed and gated daemons
Notes:
Dynamic Routing
Gateway Gateway
Notes:
Routing daemons can operate in either the passive or active mode depending upon the
options used when starting the daemons or within the configuration file.
In active mode, the routing daemon both broadcasts routing information about its local
network to routers and hosts as well as receives routing information from hosts and routers.
In passive mode the routing daemon simply receives routing information from hosts and
gateways and updates its own routing table. They do not pass on their own routing
information.
There are two daemons used in dynamic routing, the routed and gated daemons. The
gated daemon is by far the more complex as it supports several routing protocols
simultaneously, the Routing Information Protocol (RIP), Exterior Gateway Protocol (EGP),
Border Gateway Protocol (BGP), the Local-Network protocol (HELLO), and Open Shortest
Path First (OSPF).
The routed daemon only supports RIP and only version 1 of the protocol. The gated
daemon supports RIP versions 1 and 2.
Uempty The terms interior and exterior gateways relate to whether the gateways are a part of an
autonomous system or between autonomous systems.
Instructor Notes:
Purpose Provide an overview of what dynamic routing is.
Details Unlike static routing, which needs no daemons to function, dynamic routing uses
daemons. They are the routed and gated daemons. Only one or the other should be
started on a system, not both. If both are started you get unpredictable results. The routed
daemon supports only RIP. The gated daemon supports several protocols simultaneously.
(Refer to student notes for a list of them).
The daemons can be configured in either active or passive mode. Normally, gateways are
configured in active mode so they can send their network information to other gateways as
well as receive it. Hosts are generally configured in passive mode to only receive
information needed to update their routing tables. This helps reduce network traffic.
Additional Information Although it is not mentioned in the chart gated also supports
the obsolete Exterior Gateway Protocol (EGP) and also supports the rarely used HELLO
protocol.
In this unit we discuss how to use the routed and gated daemons for RIP. We also briefly
discuss OSPF, but do not cover BGP, EGP, or HELLO.
Transition Statement Let's take a closer look at what an autonomous system is so we
can gain a better understanding of the difference between interior and exterior gateways.
Uempty
Autonomous Systems
Local
Net 2 Autonomous
System
Interior Exterior
Gateway Gateway
Local
Exterior
Net 1 Gateway Autonomous
System
Interior
Gateway
Exterior
Gateway
Local
Net 3
Autonomous
System
Notes:
An autonomous system is a group of networks and gateways for which one administrative
authority has responsibility. An example of an autonomous system would be the group of
networks and gateways administered by IBM or MIT.
Gateways are interior neighbors if they reside on the same autonomous system and
exterior neighbors if they reside on different autonomous systems.
Interior gateways communicate with each other using the RIP, HELLO, or OSPF protocol.
Exterior gateways use the BGP protocol.
Each exterior gateway does not communicate with every other exterior gateway. Instead,
the exterior gateway acquires a set of neighbors with which it communicates. The
neighboring gateways have other exterior gateway neighbors. Thus, the exterior gateways'
routing tables are updated and routing information shared among the exterior gateways.
The routing information is sent in a pair of network ID and distance information, the metric,
which reflects the cost of reaching the specified network. Each gateway broadcasts the
networks it can reach and the cost associated with reaching them. This applies to both
interior as well as exterior gateways.
host1 host2
RIP RIP
passive passive
to other gateways
Copyright IBM Corporation 2006
Notes:
RIP is a very simple protocol of the distance vector family which uses a shortest path
algorithm to determine the best route to a destination. This distance is measured in a
metric called hops which is usually the number of gateways through which a packet must
travel before it reaches its destination network.
The routing daemon dynamically builds the routing table based on information received
from updates provided by the RIP protocol.
Participating hosts and gateways run in either active or passive mode. Active gateways
advertise and update their routes. Passive gateways listen and update their routes but do
not send out updates. Usually, gateways run RIP in active mode and hosts in passive
mode.
Distance vector protocols calculate the lowest-cost path based solely on the distance from
one location to another. Things like line speed or line reliability are not considered at all.
Thus, a slow-speed link, such as a 9600 baud serial line, that goes through fewer gateways
than a T1 connection will be used. Since all routes considered to be higher-cost routes are
Uempty deleted, as long as the slower link is still closer to its destination than the high-speed link,
the high-speed link never shows up in the routing table for use by IP.
The most commonly used distance vector protocol is RIP and it is limited to 15 hops or
gateways. If a route to a destination needs more than 15 gateways to get there, it is
considered to be an infinite distance away and is shown to be unreachable.
Instructor Notes:
Purpose Provide a high-level description of the Routing Information Protocol.
Details When routed is started, it issues a request for routing updates and listens for
responses to its request. When a system configured to supply RIP information hears the
request, it sends a packet with information from its routing table. This packet includes the
destination address (networks or hosts) from the routing table and the metric associated
with each (measured in hops). In addition to issuing updates in response to requests,
packets are sent periodically to keep routing information current, usually every 30 seconds.
When a RIP update is received, routed takes the information and updates the routing
table. If the destination in the update does not exist in the local table, a new entry is added.
If the update relates to an existing entry, the new route is added only if it has a lower cost.
RIP specifies that once a gateway learns a route, it must keep that route until it learns of a
better one, one with a lower cost. The cost is calculated by adding the cost of reaching the
gateway that sent the update (usually 1) to the metric provided in the RIP update. If this
value is less than what is currently there, the new route will be added and the old
discarded.
RIP also deletes routes from the table. This can happen if the cost of a route to a
destination exceeds 15; 15 is the total number of hops RIP travels, also referred to as
infinity. Routes are also deleted if a gateway doesn't send updates for a specified period of
time, usually 180 seconds.
Additional Information Distance vector protocols are easy to implement. However,
when routes change rapidly, for example a new connection appears or an old one fails, the
computation may not stabilize because information is passed slowly from one gateway to
another. Until stabilization, known as convergence, occurs, some gateways may have
incorrect routing information. Also, the algorithm doesn't take into account the speed, type,
or reliability of a link and thus could end up setting up routes through slower-speed links if
its hop count is less than that of higher-speed links.
There are two routing tables when dynamic routing is active. There is a kernel routing table
and a daemon routing table. Routing decisions are made based on the information in the
kernel routing table. The daemon routing table is used to collect routes from the other
routing daemons running in the network. Using the information in the daemon routing table
and comparing it to that which is in the kernel routing table, the daemon makes its
decisions as to which is the least costly route and, if necessary, updates the kernel routing
table. The kernel routing table is seen with the netstat -R. command. The routed routing
table can be viewed with the lssrc -l -s routed command and the gated routing table can
be viewed by doing a kill -2 <pid of gated> which dumps its data to
/var/tmp/gated_dump.
RIP is a UDP-based protocol. Each host that uses RIP has a routing process that sends
and receives datagrams on UDP port number 520. Possible problems with RIP include
routing loops, long time to convergence, and bouncing.
Transition Statement Let's look at how RIP updates work.
Uempty
How RIP Updates Work
H1 R1 R2 H2
net1 net2 net3
Convergence !!
Copyright IBM Corporation 2006
Notes:
The above diagram shows three networks with two routers between them and hosts on
each of the end networks. Before RIP is activated each host / router implicitly knows about
each network they are part of. When RIP first gets turned on in this scenario, the first
network each host receives routing information on is Net2, the one that is one hop away
form them. As RIP continues to broadcast its neighbor's routing information in the next
steps, H1 finds out about Net3 and H2 finds out about Net1. At this point all routing tables
have been updated so all networks are reachable. Thus, the network is now stable or has
come to convergence. The process of sending out routing information and updating routing
tables to come into a stable environment is called coming to convergence. Until this
happens, some hosts may not be able to reach some networks.
Instructor Notes:
Purpose Provide a simple description of how RIP updates occur.
Details Go through the two steps outlined with your students. Obviously, this can get
much more complex with more networks and networks with more than one path to them.
Transition Statement Now that we've seen the basic mechanisms of RIP, let's look at
some of the more important details.
Uempty
RIP Features
Metric is only hop count
Maximum hop count 15 hops
Suitable for small/medium internetworks
Routers broadcast updates on UDP
Send message on startup to solicit routing tables
Advertise tables every 30 seconds
Send triggered updates for topology changes
Notes:
In RIP, the distance metric is normally the number of hops to the destination network.
However, you can also set the distance across some networks to more than one, as a way
of indicating they are less preferable. In any case, the maximum distance to any destination
is 15, since 16 is used as the value for infinity (that is, unreachable).
RIP routers send updates to each other using UDP, sending and receiving updates on port
520. When a router joins the network, it broadcasts a message requesting that all
neighbors send their routing tables. Thereafter, the router advertises its tables to all
neighbors once every 30 seconds. Also, when an update is received indicating a change to
network topology, a router sends it immediately (after a small random delay) in order to
ensure the news is propagated quickly.
Because of the hop count limitation, inflexible metrics and frequent updates, RIP is suitable
only for small or medium internet works.
Instructor Notes:
Purpose Explain some of the more important features of RIP.
Details Systems (routers and hosts) carry out the RIP protocol as follows:
Each system determines the networks to which it is directly connected. In UNIX
systems, this is based on the interfaces configured with the ifconfig command. This set
of directly connected networks forms the initial set of destinations that the system will
advertise via RIP.
Additional destinations may also be defined by the system administrator. For example,
there may be some destinations (external to the internetwork in which RIP is being run)
that are reachable via static routes. Or the system may be the default gateway for the
internetwork. These additional destinations can be included in RIP advertisements. In
AIX, for example, routed reads these additional destinations from the file
/etc/gateways.
When the system starts, it sends a RIP request message to port 520 on the broadcast
address for each network to which it is directly connected. (On point-to-point links, the
request is simply sent to the system on the other side of the link.) The system uses the
information received in response to update its routing tables.
The system them gratuitously broadcasts its routing tables every 30 seconds to all
systems on directly connected networks. It also receives updates from those systems,
which it uses to update its routing tables.
RIP systems also send triggered updates when they learn that a route has changed. To
avoid flooding the internetwork with simultaneous updates, systems wait for a period of
time before sending them. In particular, they wait a random amount of time, between 1
and 15 seconds. If other changes occur in the meantime, they are all included in the
same update. Additional changes cause a further waiting period before sending the
update, a random amount of time between 1 and 5 seconds. Also, triggered updates
may be suppressed if a regular update would be sent before the waiting period has
expired.
Additional Information Refer to RFC 1058 RIP (Historic).
Transition Statement In many networks there are multiple links, each with different
speed connections to them. Let's see what RIP does by default when it runs into different
speed links.
Uempty
How RIP Handles Multiple
Paths to the Same Network
56 KB
A B
96
00 56 KB
T1 bp
s
C D
T1
A - D through C - 2 hops
A - D through B - 2 hops
A - D direct - 1 hop
Copyright IBM Corporation 2005
Figure 6-7. How RIP Handles Multiple Paths to the Same Network AU079.1
Notes:
Even though both A-D through C and A-D through B would provide better performance,
because RIP calculates shortest path strictly on the basis of hop count, it would choose the
9600 bps line that is only 1 hop.
Instructor Notes:
Purpose Show students how RIP decides the shortest path to a destination.
Details This foil shows one of the drawbacks of RIP especially as implemented with the
routed daemon. By default, it chooses as the shortest path the one that is the fewest hops
away. With the gated daemon, a preference value can be set in the gated.conf file that
helps reduce the problems with this strictly distance philosophy.
Transition Statement We've seen some of the limitations of RIP. Now let's look at RIP
version 2, which enhances the protocol.
Uempty
Configuring the routed Daemon
Identify known networks in the /etc/networks file (optional)
Identify any known gateways not directly connected to your
network in the /etc/gateways file (optional)
Uncomment the line in the /etc/rc.tcpip file that starts the
routed daemon adding any of the following options as
needed:
-s for active (gateway)
-q for passive (host)
-t for turning on tracing
-d for turning on debugging
-g for gateway
Run the script
-OR-
startsrc -s routed
Copyright IBM Corporation 2006
Notes:
In AIX the routed daemon is usually started under the control of the SRC. There is a line in
the /etc/rc.tcpip file that starts routed using the SRC if SRC is running. Thus, the routed
daemon can also be started at the command line using the following syntax:
startsrc -s routed -a -s (starts it in active mode)
startsrc -s routed -a -q (starts it in passive mode)
You can also use SMIT to start it but you are not able to provide any options.
Configuring the /etc/networks and /etc/gateways files are optional. The /etc/networks file
is used to identify known networks in the Internet to help in getting known routes
established more quickly. Its format is:
Name Network Number Aliases
The /etc/gateways file is used to set up routes to known gateways that are not directly
connected to your network and is also used to help get the routing table updated more
quickly. Its format is:
<destination> <name1> gateway <name2> metric <value> <type>
Where:
destination - keyword net or host
name1 - destination symbolic name or IP address
name2 - gateway symbolic name or IP address
value - hop count
type - active or passive
To specify a route to a host through a gateway host:
host sys2 gateway sys1 metric 1 passive
RIP Version 2
Authentication - password sent in RIP messages
Route Tag - indicate internal versus external routes
Subnet Mask - provide subnet mask for destinations
Next Hop - allows advertisement of route via another router
Multicasting - multicast address (224.0.0.9) for RIP
Supported only by gated
Notes:
RFC 2453 describes RIP Version 2.
The new features of RIP V2 are:
Authentication - Allows a router to require a password or other authentication before
accepting updates from another router.
Route Tag - Allows router to add a tag value to advertised routes, indicating for example
that particular routes are external.
Subnet Mask - Allows RIP to work in variably subnetted environments.
Next Hop - Makes RIP more flexible when used in environment with multiple routing
protocols (for example OSPF and RIP).
Multicasting - Allows routers to multicast updates, which is more efficient than
broadcasting.
Uempty
/etc/gated.conf
Eight Statement Classes
1. Directive
2. Trace
3. Options
4. Interface
5. Definition
6. Protocol
7. Route
8. Control
Classes 1 and 2 can appear in any order in the configuration file
The rest must appear in the above order
Notes:
This file is read by the gated daemon at initialization time. All the classes are optional. By
default, if gated is started without specifying any information in the file, the RIP protocol will
be turned on in broadcast mode (active). For configuring OSPF, at a minimum, information
in the protocol class must be provided.
These classes provide the following types of configuration information to gated:
directives These statements are acted upon immediately by the parser.
They are used to specify included files and the direction in
which they reside. Unlike other statements which terminate with
a semicolon, directive statements terminate with a new line
character.
trace Statements that control tracing options.
options Allows specification of some global options
interface Specify interface options.
definition Definition Statements
autonomous system
<autonomous system>; Sets the autonomous system. This option is required if
BGP and EGP are in use.
routerid
(host>; Sets the router identification for use by the BGP and
OSPF protocols. The default is the address of the first
interfaced encountered by gated.
Martians {
<martian list> }; Defines a list of martians addresses about which all
routing information is ignored.
protocol Enable or disable protocols and set protocol options.
route Define static routes.
control Define routes that are imported from routing peers and others
that are exported to these peers.
Statements within a class may be listed in any order.
gdc Command
Purpose
Syntax
Notes:
The gdc command provides a user-oriented interface for the operation of the gated routing
daemon. It provides support for:
Starting and stopping the daemon
The delivery of signals to manipulate the daemon when it is operating
The maintenance and syntax checking of configuration files
For the production and removal of state dumps and core dumps
The gdc command can reliably determine gateds running state and produces a reliable
exit status when errors occur, making it advantageous for use in shell scripts which
manipulate tagged. Commands executed using gdc and, optionally, error messages
produced by the execution of those commands, are logged via the same syslogd facility
which gated itself uses, providing and audit trail of operations performed on the daemon.
The following subcommands provide support for starting and stopping gated, and for
determining its running state:
Uempty running - Determine if gated is currently running. This is done by checking to see if gated
has a lock on the file containing its pid, if the pid in the file is sensible and if there is a
running process with that pid. Exits with zero status if gated is running, non-zero otherwise.
start - Start gated. The command returns an error if gated is already running. Otherwise it
executes the gated binary and waits for up to the delay interval (10 seconds by default, as
set with the -t option otherwise) until the newly started process obtains a lock on the pid file.
A non-zero exit status is returned if an error is detected while executing the binary, or if a
lock is not obtained on the pid file within the specified wait time.
stop - Stop gated, gracefully if possible, ungracefully if not. The command returns an error
(with non-zero exit status) if gated is not currently running. Otherwise it sends a terminate
signal to gated and waits for up to the delay interval (10 seconds by default, as specified
with the -t option otherwise) for the process to exit. Should gated fail to exit within the delay
interval it is then signaled again with a second terminate signal. Should gated fail to exit by
the end of the second delay interval, it is signalled for a third time with a kill signal. This
should force immediate termination unless something is very broken. The command
terminates with zero exit status when it detects that gated has terminated, non-zero
otherwise.
restart - If gated is running it is terminated via the same procedure as is used for the stop
command above. When the previous gated terminates, or if it was not running prior to
command execution, a new gated process is executed using the procedures described for
the start command above. A non-zero exit status is returned if any step in this procedure
appears to have failed.
Instructor Notes:
Purpose Introduce the gdc command used for operation of the gated routing daemon.
Details The gdc command provides reliable information about the running state of the
gated.
Flags
-n Runs without changing the kernel forwarding table. This is useful for testing, and when
operating as a route server that does no forwarding.
-q Runs quietly. With this flag informational messages which are normally printed to the
standard output are suppressed and error messages are logged with syslogd instead of
being printed to the standard error output. This is convenient when running gdc from a shell
script.
-t seconds Specifies the time in seconds that gdc waits for gated to complete certain
operations, in particular at termination and startup. By default this value is set to 10
seconds.
-c coresize Sets the maximum size of a core dump a gated started with gdc produces. This
is useful on systems where the default maximum core dump size is too small for gated to
produce a full core dump on errors.
-f filesize Sets the maximum file size a gated started with gdc will produce. Useful on
systems where the default maximum file dump size is too small for gated to produce a full
state dump when requested.
-m datasize Sets the maximum size of the data segment of gated started with gdc. Useful
on systems where the default data segment size is too smell for gated to run.
-s stacksize Sets the maximum size of stack of a gated started with gdc. Useful on
systems where the default maximum stack size is too small for gated to run.
Subcommands
The following subcommands cause signals to be delivered to gated for various purposes:
COREDUMP Sends an abort signal to gated, causing it to terminate with a core dump.
dump Signals gated to dump its current state into the file /var/tmp/gated_dump.
interface Signals gated to recheck the interface configuration. gated normally does this
periodically in any event, but the facility can be used to force the daemon to check interface
status immediately when changes are know to have occurred.
KILL Causes gated to terminate ungracefully.
reconfig Signals gated to reread its configuration file, reconfiguring its current state as
appropriate.
term Signals gated to terminate after shutting down all operating routing protocols
gracefully. Executing this command a second time causes gated to terminate even if some
protocols have not yet fully shut down.
Uempty toggletrace Causes tracing to be suspended, and if gated is currently trading to a file,
closes the trace file. If gated tracing is currently suspended, this subcommand causes the
trace file to be reopened and tracing initiated. This is useful for moving trace files.
Additional Information The following subcommands perform operations related to
configuration files:
checkconf Check /etc/gated.conf for syntax errors. This is usefully done after changes to
the configuration file but before sending a reconfig signal to the currently running gated, to
ensure that there are no errors in the configuration which would cause the running gated to
terminate on reconfiguration. When this command is used, gdc issues an informational
message indicating whether there were parse errors or not, and if so saves the error output
in a file for inspection.
checknew Like checkconf except that the new configuration file,
/etc/gated.conf+, is checked instead.
newconf Move the /etc/gated.conf+ file into place as /etc/gated.conf, retaining the older
versions of the file as described above. gdc will decline to do anything when given this
command if the new configuration file doesn't exist or otherwise looks suspect.
backout Rotate the configuration files in the newer direction, in effect moving the old
configuration file to /etc/gated.conf. The command declines to perform the operation if
/etc/gated.conf- doesn't exist or is zero length, or if the operation would delete an existing,
non-zero length /etc/gated.conf+ file.
BACKOUT Perform a backout operation even if /etc/gated.conf+ exists and is of non-zero
length.
modeconf Set all configuration files to mode 664, owner root, group system.
createconf If /etc/gated.conf+ does not exist, create a zero length file with the file mode set
to 664, owner root, group system.
The following subcommands allow the removal of files created by the execution of some of
the commands above:
rmcore Removes any existing gated core dump file.
rmdump Removes any existing gated state dump file.
rmparse Removes the parse error file generated when a checkconf or checknew
command is executed and syntax errors are encountered in the configuration file being
checked.
Transition Statement Let's now see whats set up of RIP might look like in the
gated.conf file.
traceoptions all ;
tracefile "/var/tmp/rip.quiet.trace" replace size 50k files 4 ;
rip yes {
nobroadcast ;
};
# options nosend ;
rip yes {
broadcast ;
interface en3 noripout
trustedgateways 10.19.99.3 ;
};
Notes:
Although configuring the routed is much simpler than configuring the gated daemon, there
are some good reasons to use gated rather than routed. They are:
gated supports multiple routing protocols and in today's environment most networks are
using more than one routing protocol.
gated supports RIP2 protocol whereas routed only supports RIP1. The RIP2 protocol
can handle variable subnets, RIP1 does not.
The first example above configures gated to run RIP in quiet mode. It only listens to
packets no matter how many interfaces are configured. If it was required, RIP running in
quiet mode can be used to UNICAST RIP information to particular hosts / gateways on the
network by supplying the sourcegateways option, as shown below:
Instructor Notes:
Purpose Provide a sample of setting up RIP in both quiet and active mode using the
/etc/gated.conf file.
Details When using the /etc/gated.conf file if you do not specify the rip clause, the
default is for rip to be on. The protocol statement has the following options:
rip yes | no | off [ }
broadcast ;
nobroadcast ;
preference <preference> ;
defaultmetric <metric> ;
interface <interface_list> [noripin] [noripout]
[metricin <metric>] [metricout <metric>]
[version 1] | [version 2 [multicast | broadcast]] ;
trustedgateways <gateway_list> ;
sourcegateways <gateway_list> ;
traceoptions <traceoptions> ;
} ] ;
The broadcast option indicates this system is a supplier (active). The nobroadcast option
indicates it is running in quiet (passive) mode. The nocheckzero option specifies RIP
should not ensure that reserved fields in the RIP packets are zero.
If the version is specified as 1 or defaults to 1, RIP version 2 packets are never sent except
in response to a version 2 POLL packet.
Preference controls the choice of routes learned via this protocol.
The defaultmetric value defaults to the highest valid metric of 16 which signifies infinity
(lack of reachability).
The trustedgateways clause supplies a list of gateways providing valid routing information.
Routing packets from other gateways are ignored.
The default metricout is zero and the default metricin is the kernel interface metric plus 1
(the default RIP hop count).
Traceoptions can be set up outside of the protocol statement in the trace statements
section of the /etc/gated.conf file, as shown in the example, or within the protocol
statement itself.
Transition Statement With the tremendous expansion in networks, RIP's capabilities
have been stretched to its limit. Another protocol has been developed, OSPF. Let's take a
brief look at it.
Uempty
Open Shortest Path First (OSPF)
Interior gateway protocol
Link state routing protocol
RT05
RT08
Notes:
Link state protocols are based on a distributed map concept. All nodes have a copy of the
network map. The map is actually represented by a database and updates are flooded to
the network nodes. The map updates must be secured.
In a link state protocol each router is responsible for determining the identity of its
neighbors. The router must construct a so-called link state package (LSP) which lists its
neighbors and the cost of the link to each. A link state packet is transmitted to all other
routers which then store the most recent LSP received from each router. Given this
information, it is possible to construct a link state packet database from which routes
through the network can be calculated. A link state packet database is what the above
graphic represents. The solid line arrow shows the shortest path from router 01 (RT01) to
RT12, RT13, and RT14 that it calculated on the basis of the information provided to it from
the other routers.
Autonomous systems using OSPF as their routing protocol consist of, at a minimum, a
backbone of neighboring OSPF gateways. In particularly large networks it may include one
or more areas in addition to the backbone.
Instructor Notes:
Purpose Introduce OSPF and link state protocol basic concepts.
Details OSPF is a link state protocol developed by the IETF for use in the Internet and is
the recommended protocol as a replacement for RIP.
An in-depth discussion of link state protocols in general and OSPF in particular is beyond
the scope of this class. OSPF is a fairly complex protocol and to understand it thoroughly
would take several days. However, students need to know of its existence and the basic
differences between it and the commonly-used RIP protocol. In this visual we provide a
high-level definition of what a link state protocol is and in the next its advantages over the
more traditional distance vector protocols such as RIP. The visual provides a graphical
representation of a path map stored on router01 (RT01). The solid line shows the shortest
path that is calculated to routes 12, 13 and 14 based on criteria provided during the router's
configuration and the information provided by the other routers.
Basically, a link state protocol is designed to use a database that completely maps the
routes within an autonomous system including the routes to exterior gateways for
communications outside of the autonomous system. Gateways send updates regularly to
neighboring gateways which compare the new map to the old, recalculating link costs and
updating their routing database. If a link has a lower cost than another to the same
destination, it becomes the preferred route but the information regarding the higher-cost
route does not get deleted. If two routes have the same cost then both routes are used to
share the workload across the links.
Broadcast, non-broadcast, and point-to-point networking technologies are supported. Also,
different metrics are supported and are converted to a common preference value. This
preference value can be specified by the network administrator so that a site can place a
greater or lesser importance on things like distance, throughput, or line reliability.
Additional Information To handle map update security, OSPF includes protections
against the problems of:
Failures in the synchronization process
Stale records kept in the database
Memory errors
Intentional corruption
It provides its protection against these through the implementation of:
Hop-by-hop acknowledgements during flooding
Database description packets transmitted using secure mechanisms
A timer so that records are removed from the database if a refresh packet doesn't arrive
in the expected timeframe
All records are protected by checksum procedures
Messages can be authenticated by the use of passwords
Transition Statement To handle extremely large networks OSPF uses a concept of a
backbone with multiple areas attached. Let's look at this a little bit closer.
Uempty
OSPF Areas
A1 B1 C1
R1A R3AB R5CB R7C
B
A2 B2
a B6 C2
Area A Area C
c
k
R2A R4AB R6CB R8C
A3 b C3
o
B3 B5
n
e B4
R9B R10B
R11B
RIP v2
Network
Notes:
This network contains three areas: A, backbone (area 0), and C.
Routers R1A, R2A from area A, R7C, R8C from area C and R9B, R10B from area
backbone are known as Intra-Area Routers. Intra-Area routers maintain a topology
database for their local area.
Routers R3AB, R4AB from area A and R5CB, R6CB from Area C are known as Area
Border Routers (ABR). These ABR routers summarize the information from the other areas
in order to limit the size of the link state database and the number of advertisements.
R11B from area backbone is an Autonomous System Border Router (ASBR) and is located
at the periphery of the OSPF internetwork. It functions as a gateway exchanging routing
information with other routing environments, in the example shown a RIP v2 network.
These routes become OSPF external routes. The ASBR advertises these external routes
by flooding them throughout the entire OSPF network.
Instructor Notes:
Purpose Show how a backbone and areas are set up in OSPF.
Details The size of the database, the duration of route computation, and volume of
messages increase substantially when the size of the network increases. In order to handle
very large networks, OSPF uses the concept of areas into which the network is divided with
the upper part called the backbone.
In order to pull the whole network together, some routers belong to several areas, typically
one lower-level area, and to the backbone area. These routers are called area-border
routers. One must exist in each area to connect the area to the backbone. They maintain a
link state database for each area to which they belong.
The area routers summarize the information. Thus, in our example, the database of area A
will contain:
The link state records corresponding to links A1, A2, and A3 sent by R1A, R2A, R3AB,
and R4AB
Summary records provided by R3AB and R4AB for the networks and subnets that are a
part of the backbone and Area C
Records sent by R9B and R10B and relayed by R3AB and R4AB.
Transition Statement Let's now see what a setup of OSPF might look like in the
gated.conf.file.
Uempty
Configuring OSPF Using the gated Daemon
interfaces {
options scaninterval 60 ;
interface all passive ;
}
martians {
128.12.0.0
};
rip no;
ospf yes {
area 1.0.0.0 {
authtype none ;
networks {
10.19.98.0 mask 255.255.255.0 ;
10.19.99.0 mask 255.255.255.0 ;
};
};
backbone {
authtype simple ;
interface all {
authkey "password" ;
};
networks {
10.25.100.0 mask 255.255.0.0
};
};
};
Notes:
The configuration specified by this file is as follows:
The interface statement specifies that all interfaces on this system are passive. Without
this option, grated assumes that an interface is down if no routing information has been
received recently.
- scaninterval 60 specifies how often the gated scans the interface list for changes in
seconds.
The martian statement defines a list of addresses to which all routing information will be
ignored,
The rip no statement disables RIP
The ospf yes enables OSPF and the gives several configuration options.
- Area option sets the area number for this system
- Authtype none specifies no authentication should be used for exchanging
information between OSPF routers
- Authtype simple specifies simple password authentication. The password is
specified in the authkey statement.
- Networks option specifies the networks that are part of the area
Instructor Notes:
Purpose Explain statements in the gated configuration file.
Details Refer to RFC 2328 for details of OSPF Version 2.
Additional Information
Transition Statement Now, let's take a look at a few checkpoint questions.
Uempty
Checkpoint (1 of 2)
1. T/F: The gated and routed daemons can be run at the same time.
2. The routed daemon supports the following protocols. (Choose all
that apply.)
a. OSPF
b. HELLO
c. RIP
d. EGP
3. The gated daemon supports the following routing protocols.
(Choose all that apply.)
a. BGP
b. RIP
c. OSPF
d. IP
4. T/F: Distance vector protocols measure cost via a metric called
hops.
5. T/F: OSPF is a distance vector protocol.
Copyright IBM Corporation 2006
Notes:
Instructor Notes:
Purpose
Details
Checkpoint Solutions (1 of 2)
1. T/F: The gated and routed daemons can be run at the same time.
False. Unpredictable results occur if they are running on the same system at the
same time.
2. The routed daemon supports the following protocols. (Choose all
that apply.)
a. OSPF
b. HELLO
c. RIP - routed only supports RIP
d. EGP
3. The gated daemon supports the following routing protocols.
(Choose all that apply.)
a. BGP
b. RIP
c. OSPF
d. IP
4. T/F: Distance vector protocols measure cost via a metric called
hops. True.
5. T/F: OSPF is a distance vector protocol. False. OSPF is a link state
protocol.
Additional Information
Transition Statement
Uempty
Checkpoint (2 of 2)
6. The following characteristics describe a link state protocol. (Select
all that apply.)
a. Uses only a hop metric to determine cost
b. Maintains a database map of all links in the network
c. Provides for authorization of routers and update packets
7. T/F: The /etc/gated.conf file contains statements classes that are
read by the gated daemon on start-up.
8. What routing protocol does the gated daemon use by default?
(Select all that apply.)
a. RIP
b. RIP-2
c. OSPF
d. BGP
Notes:
Instructor Notes:
Purpose
Details
Checkpoint Solutions (2 of 2)
6. The following characteristics describe a link state protocol. (Select
all that apply.)
a. Uses only a hop metric to determine cost
b. Maintains a database map of all links in the network
c. Provides for authorization of routers and update packets
7. T/F: The /etc/gated.conf file contains statements classes that are
read by the gated daemon on start-up. True.
8. What routing protocol does the gated daemon use by default?
(Select all that apply.)
a. RIP - RIP in broadcast mode/active/.
b. RIP-2
c. OSPF
d. BGP
Additional Information
Transition Statement
Uempty
Exercise:
Notes:
Instructor Notes:
Purpose
Details
Additional Information
Transition Statement
Uempty
Unit Summary
In active mode a host can send and receive routing information. In
passive mode it only receives it.
An autonomous system is a group of networks under one
administrative authority.
Interior gateways are routers within an autonomous system.
Exterior gateways are routers that connect autonomous systems
together.
RIP and OSPF are used on interior gateways and BPG on exterior
ones.
Notes:
Instructor Notes:
Purpose
Details
Transition Statement
References
IBM Training course:
AU73 Logical Partitioning (LPAR) on POWER5 pSeries
Systems
http://www-03.ibm.com/servers/aix/whitepapers/aix_vn.pdf
Virtual Networking on AIX 5L (whitepaper)
http://www.redbooks.ibm.com/
Advanced POWER Virtualization on
IBM Eserver p5 Servers:
Introduction and Basic Configuration
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
http://www.redbooks.ibm.com/
Advanced POWER Virtualization on
IBM Eserver p5 Servers:
Architecture and Performance Considerations
http://publib.boulder.ibm.com/infocenter/eserver/v1r3s/index.jsp
-> Printable PDFs
-> Using the Virtual I/O Server
System p5 and i5, eServer p5 and i5 and OpenPower
Using the Virtual I/O Server
System p5, eServer p5 and i5 and OpenPower
Virtual I/O Server Commands Reference
Uempty
Unit Objectives
After completing this unit, you should be able to:
Describe functions of the Virtual I/O Server
Configure Virtual I/O Server
Describe shared Ethernet adapter service
Configure shared Ethernet adapter
Describe Etherchannel support
Notes:
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the objectives for the unit.
Details
Additional Information
Transition Statement In this unit, we will be discussing the shared Ethernet adapter
functionality that is available with the IBM System p5 family of servers. In order to use
shared Ethernet adapter, you must configure the Virtual I/O Server, so well start our
discussion with an overview of the Virtual I/O Server.
Uempty
Virtual I/O Server Overview
Special partition that hosts virtual SCSI disk and shared Ethernet
adapter resources
Allows resources to be used by client partitions
4 2 6
6 CPUs
Virtual I/O CPUs CPUs CPUs
Server
Partition
Linux AIX5.3 AIX5.3
AIX 5.3
AIX 5.3
AIX 5.3
Linux
Linux
Virtual Ethernet
Disks Sharing
Hardware
Management
Console
(HMC)
Notes:
Introduction
The Virtual I/O Server provides virtual storage and shared Ethernet capability to client
logical partitions on the system. It allows physical adapters on the Virtual I/O Server to
be shared by one or more client partitions. Virtual I/O Server partitions are not intended
to run applications or for general user logins. The Virtual I/O Server is installed in its
own partition.
Using the Virtual I/O Server facilitates the following functions:
- Sharing of physical resources between partitions on the system
- Creation of partitions without requiring additional physical I/O resources
- Creation of more partitions than I/O slots or physical devices with the ability for
partitions to have dedicated I/O, virtual I/O, or both
- Maximization of physical resource utilization on the system
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
The Virtual I/O Server supports client partitions running the following operating
systems:
- AIX 5L V5.3
- SUSE LINUX Enterprise Server 9 for POWER
- Red Hat Enterprise Linux AS for POWER Version 3
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Details
The Virtual I/O Server is a component of the Advanced POWER Virtualization
chargeable feature. The product is supplied on CD-ROM media when the feature is
configured as part of machine order or upgrade.
Currently the Virtual I/O Server is implemented as a customized AIX partition, however
the interface to the system is abstracted using a secure shell-based Command Line
Interface (CLI).
The CD-ROM media contains a customized AIX mksysb image. Once installed on disk,
the image only boots in a special type of partition that provides the special Virtual I/O
Server environment.
The partition that is used for the Virtual I/O Server must be configured to contain
physical adapter slots, since the partition is used to host these resources and make
Uempty them available for use by client partitions. The partition may be configured to use
dedicated processors, or processing capacity from the shared processor pool.
The Virtual I/O Server partition may be installed by activating the partition and booting
directly from the CD-ROM device. The partition may also be installed from the HMC.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Cover some of the details of the Virtual I/O Server.
Details The VIO Server software comes with the IBM System p5 if the Advanced
POWER Virtualization feature is ordered with the system or if this feature comes standard
with the system. You must load the software in a partition and configure the devices.
Additional Information
Transition Statement Lets look at creating a partition for the Virtual I/O Server.
Uempty
Configuring the Virtual I/O Server (1 of 2)
Perform initial login using special userid padmin
You are prompted to change password
Need to accept license for Virtual I/O Server product:
license accept
Use mktcpip command to configure networking (if not configured
during installation from HMC)
mktcpip hostname hostname inetaddr IPaddress \
-interface interface [ start ] [ netmask nmask ] \
[ -cabletype ctype ] [ -gateway gway ] \
[ -nsrvaddr NameServerAddr [ -nsrvdomain Domain ] ]
Notes:
Introduction
Since the CLI is used to configure the Virtual I/O Server, the root user login is not used.
Instead, you should log in to the partition using the userid padmin. This is the login for
the Prime Administrator of the Virtual I/O Server partition.
The first time the padmin user logs in, you are prompted to change the password. Once
you have entered a new password, you will be logged in using the secure Korn shell.
The first task you should perform is to accept the license terms for the Virtual I/O Server
product. This is performed with the following command:
license -accept
If you do not accept the license terms, the remainder of the CLI will not function. If the
partition was installed from the HMC, then the network interface may still be configured
(depending on the options you selected when running the installios command).
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
If the network interface is not configured (for example, you installed the partition directly
from CD), then the next configuration task is to set the partition hostname and IP
address. This is performed using the mktcpip command as follows:
mktcpip hostname hostname inetaddr IPaddress -interface interface \
[ start ] [ netmask nmask ] [ -cabletype ctype ] [ -gateway gway ] \
[ -nsrvaddr NameServerAddr [ -nsrvdomain Domain ] ]
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Overview
Shared Ethernet adapter (SEA) technology (part of the optional Virtual I/O server
feature on POWER5 hardware) enables the logical partitions to communicate with other
systems outside the hardware unit without assigning physical Ethernet slots to the
logical partitions.
When there are not enough physical slots to allocate a physical network adapter to
each partition, network access using virtual Ethernet and shared Ethernet adapters in a
Virtual I/O server is preferable to IP forwarding as it does not complicate the IP network
topology.
A shared Ethernet adapter is a bridge between a physical Ethernet adapter or
aggregation of physical adapters and one or more virtual Ethernet adapters on the
Virtual I/O server. A SEA enables partitions on the virtual Ethernet to share access to
the physical Ethernet and communicate with standalone server and partitions on other
systems. The Shared Ethernet provides this access by connecting the internal
Uempty Hypervisor VLANs with the VLANs on the external switches. This enables partitions on
POWER5 systems to share the IP subnet with stand alone systems and other
POWER5 partitions to allow for a more flexible network.
Link aggregation (also known as EtherChannel) is a network port aggregation
technology that allow several Ethernet adapters to be aggregated together to form a
single pseudo Ethernet device.
Bridge
As the Shared Ethernet processes packets at layer 2, the original MAC address and
VLAN tags of the packet are visible to other systems on the physical network.
MTU issues
The virtual Ethernet adapters can transmit packets with a size up to 65408 bytes.
Therefore, the maximum MTU for the corresponding interface can be up to 65394
(65390 with VLAN tagging). Since the shared Ethernet adapter can only forward
packets of a size up to the MTU of the physical Ethernet adapters, a lower MTU or
PMTU discovery should be used when the network is being extended using the Shared
Ethernet.
Most packets including broadcast (for example, ARP) or multicast (for example,
Network Discovery Packet (NDP)) packets that pass through the Shared Ethernet setup
are not modified. These packets retain their original MAC header and VLAN tag
information. When the MTU of the physical and virtual side do not match this can result
in the Shared Ethernet receiving packets that cannot be forwarded because of MTU
limitations. This situation is handled by processing the packets at the IP layer by either
doing IP fragmentation or reflecting ICMP errors (packet too big) to the source based on
the IP flags in the packet. In the case of IPv6, the packets ICMP errors are sent back to
the source as IPv6 allows fragmentation only at the source host. These ICMP errors
help the source host discover the PMTU and therefore handle future packets
appropriately.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce the shared Ethernet adapter device.
Details Now that the VIO Server software is installed and configured, we will configure a
shared Ethernet adapter (SEA). This visual describes the SEA device features.
Additional Information
Transition Statement Lets look at an example that illustrates the function of the shared
Ethernet adapter.
Uempty
Shared Ethernet Adapter Example
Shared Ethernet is used to extend VLAN 100 and 200 using the
physical Ethernet in the VIO server
Standalone servers
LPAR 1, 2, 3
VIO Server
Shared
Ethernet
Notes:
Details
Shared Ethernet technology is used to extend VLAN 100 and 200 using the physical
Ethernet resources in the Virtual I/O server. The configuration could consist of one or
two physical Ethernet adapters in the Virtual I/O Server partition.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Graphically illustrate the purpose of a shared Ethernet adapter.
Details This visual shows an example VIO Server partition with a physical Ethernet
adapter that connects to the network outside of the managed system. It is connected to
VLAN 100 and 200.
Additional Information
Transition Statement Lets look at how we configure a virtual Ethernet adapter for use
by the Virtual I/O Server to connect the interpartition network to the outside physical
network.
Uempty
Adding External Access
Virtual Ethernet adapter to be used in a shared Ethernet adapter
must have Access external network attribute set
This attribute was called Trunk adapter prior to VIOS version 1.2
Causes virtual Ethernet to accept/deliver external packets
Access external network setting only for VIOS adapters
Only one Access external network adapter per VLAN
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Show how to configure the trunk adapter setting of a virtual Ethernet adapter.
Details This visual shows how to configure the virtual Ethernet adapter on the VIO
Server when it is used as a SEA. You must check the Access external network option.
Each VLAN can only have one designated trunk adapter. When you add additional VLANs
for this trunk adapter, this must be the only trunk adapter for all of those VLANs.
Additional Information
Transition Statement Lets look at how we then create the shared Ethernet adapter
itself.
Uempty
Shared Ethernet Adapter Bridge (1 of 3)
ent2 (SEA)
PVID=100
Notes:
Details
Shared Ethernet adapters (SEAs) are configured in the Virtual I/O server partition.
Setup of a SEA requires one or more physical Ethernet adapters assigned to the Virtual
I/O Server partition and one or more virtual Ethernet adapters with the Access external
network property defined using the HMC.
The physical side of the SEA is either a single Ethernet adapter or a link aggregation of
physical adapters. The link aggregation can also have an additional Ethernet adapter as
a backup in case of failures on the network.
Example
The visual above shows a simple shared Ethernet adapter scenario. The shared
Ethernet adapter ent2 uses physical adapter ent0 and virtual adapter ent1. The
physical adapter ent0 is connected to a physical Ethernet switch which does not have
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
to be VLAN capable because only PVID is being used in this setup. If the switch is
VLAN capable then the port that the physical adapter ent0 connects to should be set up
as an untagged port with PVID 100. The virtual adapter is created with PVID 100 and
the trunk adapter attribute using the HMC. The following Virtual I/O server command
will configure the Shared Ethernet and will effectively connect the LPARs using VLAN
100 to the physical network:
mkvdev sea ent0 vadapter ent1 default ent1 defaultid 100
Configuration limits
A single SEA setup can have up to 16 virtual Ethernet trunk adapters, and each virtual
Ethernet trunk adapter can support up to 20 VLAN networks. Therefore, it is possible for
a single physical Ethernet to be shared between 320 internal VLAN. The number of
shared Ethernet adapters that can be set up in a Virtual I/O server partition is limited
only by the resource availability as there are no configuration limits.
The physical and virtual adapters that are part of a shared Ethernet adapter
configuration are for exclusive use of the SEA and therefore can not be configured with
IP addresses. The SEA itself can be configured with an IP address to provide network
connectivity to the Virtual I/O server. The configuration of an IP address for the SEA is
optional as it is not required for the device to perform the bridge function at layer 2.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
ent3 (SEA)
PVID=2
Device listing:
$ lsdev virtual
name status description
ent1 Available Virtual I/O Ethernet Adapter (l-lan)
ent2 Available Virtual I/O Ethernet Adapter (l-lan)
ent3 Available Shared Ethernet Adapter
Notes:
Uempty server command configures the Shared Ethernet and effectively connects the partitions
on VLAN 2, 200 and 300 to the physical network:
mkvdev sea ent0 vadapter ent1 ent2 default ent1 defaultid 2
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Show an example that uses multiple VLANs.
Details This example shows the same mkvdev command we saw in the last visual,
except this time we show the syntax when associating two virtual LANs to one SEA. This
creates the ent3 virtual adapter.
Additional Information
Transition Statement Lets look at using a link aggregate device with the shared
Ethernet adapter.
Uempty
Shared Ethernet Adapter Bridge (3 of 3)
Switch with
ent0
support for ent3 ent2 (virtual)
link ent1 PVID=1
(aggregate)
aggregation
(physical)
ent4 (SEA)
PVID=1
Notes:
Link aggregation
A link aggregate pseudo Ethernet device can be used when configuring a shared
Ethernet adapter.
Link aggregation (also known as EtherChannel) is a network port aggregation
technology that allows several Ethernet adapters to be aggregated together to form a
single pseudo Ethernet device. For example, ent0 and ent1 can be aggregated to form
ent3; interface en3 would then be configured with an IP address. The system considers
these aggregated adapters as one adapter. Therefore, IP is configured over them as
over any Ethernet adapter. In addition, all adapters in the link aggregation are given the
same hardware (MAC) address, so they are treated by remote systems as if they were
one adapter. The main benefit of link aggregation is that they have the network
bandwidth of all of their adapters in a single network presence. If an adapter fails, the
packets are automatically sent on the next available adapter without disruption to
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
existing user connections. The adapter is automatically returned to service on the link
aggregation when it recovers.
Example
The visual above shows an example of using a link aggregate device in a shared
Ethernet configuration. The link aggregate device ent3 is created by combining ent0
and ent1 as follows:
mkvdev lnagg ent0,ent1
The ent3 device is then used when creating the shared Ethernet adapter:
mkvdev sea ent3 vadapter ent2 default ent2 defaultid 1
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Link aggregation
Etherchannel is a trunking technology that allows grouping several Ethernet links and is
capable of load balancing traffic across those links. Traffic is distributed across the
links, providing higher performance and redundant parallel paths. When a link fails,
traffic is redirected to the remaining links within the channel without user intervention
and with minimal packet loss.
EtherChannel was invented in the early 1990s and bought by CISCO in 1994. Other
Popular trunking technologies exist: Adaptec's Duralink trunking and Nortel MultiLink
Trunking (MLT).
IEEE 802.3ad (Also known as Trunking or Link Aggregation) was finalized in 2000.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Link aggregation
AIX implements Cisco-style Etherchannel and IEEE 802.3ad. You can include up to
eight Ethernet ports in the aggregation.
The terms Fast Etherchannel and Gigabit Etherchannel (or GigaChannel) distinguish
the Etherchannels running at 100 Mbps and 1000 Mbps (one gigabit) port speeds,
respectively.
The ports dedicated to the Etherchannel and are generally expected to be configured
identically. (The same speed, duplex mode and, for Gigabit Ethernet, the same TCP/IP
MTU size.)
Note: Mixing adapters of different speeds in the same aggregation, even if one of them
is operating as the backup adapter, is not supported.
Load balancing
Load Balancing behavior is controlled by two SMIT selectable load balancing methods
for outgoing traffic.
- Round robin
In this mode the EtherChannel will rotate through the adapters, giving each adapter
one packet before repeating. The packets may be sent out in a slightly different
order than they were given to the EtherChannel, but it will make the best use of its
bandwidth. Round robin mode cannot be used with IEEE 802.3ad.
- Standard
In this mode the EtherChannel uses an algorithm to choose which adapter it will
send the packets out on. This mode will guarantee packets are sent out over the
EtherChannel in the order they were received, but it may not make full use of the
bandwidth.
You can configure the algorithm to select the outgoing adapter based on four
choices:
IP address (default)
(Uses the last byte of the IP address, or MAC address for non-IP packets.)
Source port of TCP/UDP packets (src_port)
(Uses the IP address for non-TCP/UDP packets.)
Destination port of TCP packets (dst_port)
(Uses the IP address for non-TCP/UDP packets.)
Both source and destination ports (src_dst_port)
(Uses the IP address for non-TCP/UDP packets.)
See the EtherChannel and IEEE 802.3ad Link Aggregation topic in the System
Management Guide: Communications and Networks manual for details about
selecting a distribution mode.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Failover
If a single adapter in a link aggregation device fails, the aggregation will continue to use
the remaining adapters.
To protect against failure of the switch that the aggregation device is connected to, it is
possible to configure a backup adapter. There are two ways to do this, which we will
discuss in a few pages.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce AIX 5L V5.2 EtherChannel Backup.
Details The process is as follows:
If all but one of the primary adapters fail, then no action is taken as the primary objective
is to keep the EtherChannel open.
If all primary adapters fail, the backup adapter is checked to see if it is functioning. If the
backup adapter is down, the primary adapters stay as the active channel. This is
because it is more likely that one of the EtherChannel adapters comes back up before
the single backup adapter.
If the backup adapter is up and all the primary adapters fail, then failover starts. All the
adapters in the EtherChannel are disabled, and take on the MAC and IP address of the
backup adapter. The backup adapter takes on the MAC and IP of the EtherChannel. All
adapters are then re-enabled.
Gratuitous ARPs are sent to ensure that the MAC associated with the EtherChannel
port is now mapped to the backup adapter port.
When at least one of the adapters in the EtherChannel becomes available, the MAC
and IP are swapped back to the EtherChannel following the same process as before.
Additional Information Prior to AIX 5L V5.2, there was another mode of operation
called netif_backup. The functionality of the backup adapter is used to emulate what used
to be network interface backup mode.
The netif_backup mode enabled the following:
Ability to connect every adapter to a different switch so that each can access all the
machines in the same network.
Failure could be detected by either noticing that the link status of an adapter is down or
optionally pinging a remote machine.
In 5.2, the backup adapter function is used to emulate the netif_backup mode and retains
the ping feature of the network interface backup mode.
Transition Statement Prior to AIX 5L V5.2, link aggregation was different.
Uempty
Etherchannel Prior to AIX 5L V5.2
Must manually enable link Server
polling on the adapters before
Virtual Device Driver
creating the Etherchannel ent3
Automatic in AIX 5L V5.2 with
5200-03 and later A active backup
ent1 ent2
netif_backup mode
Single active adapter, single
backup adapter
Only available in AIX V4.3 Switch1 B Switch2
and AIX 5L V5.1
Failures at point A are
detected via link status Router
check 10.9.1.1
Failures at point B are
detected via a ping test to
10.9.1.1
Client
Notes:
Link polling
Enable Link Polling on Ethernet Adapter prior to configuring the link aggregation device.
This step is needed to allow polling of adapters to detect changes to the link status and
inform the link aggregation device.
Note: This step is not needed:
- In AIX 5L V5.2 with 5200-03 and later; the link poller will be started automatically
- For Gigabit Ethernet Adapters
netif_backup mode
In the netif_backup mode, the aggregation only activates one adapter at a time. The
intention is the adapters are plugged into different Ethernet switches, each of which is
capable of getting at any other machine on the subnet/network. When a problem is
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
detected, either with the direct connection, or through the inability to ping a machine,
they deactivate the current adapter and activate a backup adapter.
The advantages over EtherChannel would be to handle switch and downstream failure.
By plugging into two different switches, the failure of one doesn't prevent the
connection. And, using the ping test to check downstream allows a failure past the
switch to be detected.
The disadvantage of using Network Interface Backup compared to EtherChannel is you
do not gain any improved bandwidth by aggregating the two physical adapters. Only
one of the adapters in the grouping can be used at a time, so the others sit idle unless a
failure occurs.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Introduction
Use SMIT or the mkdev command to add an EtherChannel.
Options
The options to configure a link aggregation device are:
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
- Number of Retries -
The number of lost ping packets before the EtherChannel switches adapters. This is
only valid when the channel has a backup adapter and the Internet Address to Ping
field contains a non-zero address. The range of valid values is 2 to 100 retries. The
default value is 3. Information in this field is optional.
- Retry Timeout -
Controls how often the EtherChannel sends out a ping packet to poll the current
adapter for link status. This is only valid when the EtherChannel has a backup
adapter defined and the Internet Address to Ping field contains a non-zero address.
Specify the time-out value in seconds. The range of valid values is 1 to 100
seconds. The default value is 1 second. Information in this field is optional.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
The Virtual I/O Server is a special partition that hosts
___________________ and ___________________ resources.
Shared Ethernet adapters (SEAs) bridge
___________________ to ___________________.
T/F: The virtual adapter associated with a shared Ethernet adapter
connected to the external network must have trunk adapter
checked.
T/F: More than one VLAN can be bridged to the external network
using one SEA.
How many virtual Ethernet adapters marked as trunk adapters per
VLAN can you have?
T/F: The virtual I/O server connection to the external LAN can be an
aggregate of adapters.
Notes:
Checkpoint Solutions
The Virtual I/O Server is a special partition that hosts
virtual SCSI disk and shared Ethernet adapter resources.
Shared Ethernet adapters (SEAs) bridge
external networks to internal VLANs.
T/F: The virtual adapter associated with a shared Ethernet adapter
connected to the external network must have trunk adapter
checked. True.
T/F: More than one VLAN can be bridged to the external network
using one SEA. True.
How many virtual Ethernet adapters marked as trunk adapters per
VLAN can you have? One.
T/F: The virtual I/O server connection to the external LAN can be an
aggregate of adapters. True.
Additional Information
Transition Statement Lets do an exercise.
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise:
Shared
Ethernet
Adapter
Notes:
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Summary
The Virtual I/O Server is a dedicated partition that allows LPARs to
share I/O adapters
The shared Ethernet adapter bridges the external network to the
internal VLANs
Physical adapter (connection to external network)
One or more virtual adapters (connection to internal VLAN(s))
Shared Ethernet adapter (the bridge)
AIX and the VIOS support aggregation of Ethernet adapters
Etherchannel
802.3ad
Notes:
Copyright IBM Corp. 1997, 2006 Unit 7. Shared Ethernet Adapter 7-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
References
http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp
System Management Guide:
Communications and Networks
Unit Objectives
After completing this unit, you should be able to:
Discuss Virtual IP Addressing
Describe Multipath Routing
Describe Path MTU Discovery
Explain Dead Gateway Detection
Configure Network Options
Notes:
1. Outgoing packets are routed via 3. Replies will be directed to the VIPA address
member interfaces (en0 & en1) based 4. Clients and any routers must be configured with
on the destination and the routing table routes to the VIPA address
in the server gated (using OSPF) will advertise the VIPA
2. Source address will be set to the VIPA interface to neighboring routers and will update
address (vi0: 10.10.10.2) routers if an interface fails
Or you can configure routers manually and use
Dead Gateway Detection
Application availability issue
If one physical interface or network path fails, traffic is routed to the
other physical interface
VIPA interface can be brought up or down without affecting
physical interfaces
bos.net.tcp.client fileset
Copyright IBM Corporation 2006
Notes:
AIX offers Virtual IP Addresses to overcome application availability problems. When a
network becomes inaccessible or the network interface fails, a different network interface
can be used by modifying the routing table. If the rerouting occurs fast enough, then the
TCP/IP sessions are not lost.
Virtual IP addresses can be configured with:
mkdev
smitty mkinetvi
The VIPA concept is similar to IP aliases except that the addresses are not associated with
a hardware interface. VIPA offers several advantages that IP aliases does not:
VIPA offers a virtual device that can be brought up and down independently without
affecting the physical interfaces
VIPA addresses can be changed while aliases can only be added or delete
Uempty
Create Virtual IP Address
# smit mkinetvi
[Entry Fields]
* INTERNET ADDRESS (dotted decimal) [10.10.10.2]
Network MASK (hexadecimal or dotted decimal) [255.255.255.0]
* Network Interface [vi0]
* ACTIVATE the Interface after Creating it? yes +
Network Interface(s) using this VIPA [en0,en1]
Notes:
Using SMIT
The Internet address of the network interface must be in dotted decimal form.
The network mask includes both the network part of the logical address and the subnet
part that is taken from the host field of the address.
Using mkdev
The mkdev command may be used to define the interface as follows
# mkdev -c if -s VI -t vi -s netaddr=1.1.1.1 \
-a netmask=255.255.255.0 -s vi0 -a state=up \
-a interface_names=en0,en1
Using ifconfig
Two new options vipa_iflist and -vipa_iflist have been added to the ifconfig
command (in AIX 5L V5.2).
Note: Remember that ifconfig only changes the current interface device in memory. If
you want to make the change permanent (update the ODM), you must use SMIT or
mkdev.
The ifconfig command can be invoked in one of the following ways using these
options:
- To configure a list of interfaces to use a particular VIPA:
# ifconfig vi0 1.1.1.1 vipa_iflist en0,en1
- To remove a list of interfaces that are configured to use VIPA:
# ifconfig vi0 1.1.1.1 -vipa_iflist en0,en1
Running the ifconfig vi0 command produces the following status:
# ifconfig vi0
vi0: flags=84000041<UP,RUNNING,64BIT>
inet 1.1.1.1 netmask 0xffffff00
iflist : en0 en1
Multipath Routing
Gateway
tr0
Host tr1 Destination
en0 Host
Gateway
Notes:
Multipath routing
Multipath routing feature allows administrators to create multiple routes to the same
destination. The benefits of this feature are:
- Load balancing between two or more gateways
- Load balancing between two or more interfaces on the same network
- Alternate routes provide protection against an interface or router failure
Traffic distribution
When there are multiple routes to the same destination, AIX will choose a route based
on three user configurable attributes: cost, mpr_policy and weight. This allows the
administrator to control how the routes are used based on various factors, including:
cost, weight, utilization, IP address of destination, and random. Well start by looking at
the cost attribute.
Cost Attribute
cost=0 Gateway
tr0
Host Destination
en0 cost=0 Host
Gateway
Notes:
The user-configurable cost of a route is specified as a positive integer value for the variable
associated with the hopcount parameter. The integer can be any number between 0 and
the maximum possible value of MAX_RT_COST, which is defined in the
/usr/include/net/route.h header file to be INT.MAX (2147483647).
The hopcount parameter in the past reflected the number of gateways in the route. Now,
however, the hopcount parameter refers historically to the number of gateways in the
route. However, the number an administrator can assign is not related to the actual
presence or absence of any real gateways in the network. The user-configurable cost
attributes sole purpose is to establish a metric, which is used to create a priority hierarchy
among entries in the routing table.
Use the netstat command with -C flag set to show routing table, including the
user-configurable and current cost of each route.
# netstat -C
Routing tables
Destination Gateway Flags Refs Use If Cost Config_Cost
Notes:
The netstat -C command shows the routing tables, including the user-configured and
current costs of each route. The user-configured cost is set using the -hopcount flag to the
route command. The current cost may be different from the user-configured cost if dead
gateway detection has changed the cost of the route.
Primary Route
tr0 cost=0
Host Gateway
pp0
Secondary Route
cost=25
Notes:
Current Cost
# netstat -C
Routing tables
Destination Gateway Flags Refs Use If Cost Config_Cost
Notes:
The netstat -C command shows the routing table that includes current costs (Cost) and
user-defined cost (Config_Cost) of individual routes. When using Dead Gateway
Detection, these two costs may b e different.
Figure 8-9. Multipath Routing Policy (AIX 5L V5.2 and Later) AU079.1
Notes:
Routing policy
The mpr_policy specifies the global routing policy used in conjunction with multipath
routing. The following routing policies are available:
1) Weighted Round Robin is based on user configured weights. If weights are
equal, this policy will be normal round robin (alternating between each of the
Uempty routes). If weights are unequal, routes with higher weights will be used more
often.
2) Random selection is used.
3) Weighted Random chooses a route based on user-configured weights and a
randomization routine.
4) Lowest utilization determines route based on number of active connections.
5) Hash-based algorithm based on destination IP address.
Instructor Notes:
Purpose Introduce multipath routing policy, available in AIX 5L V5.2 and later.
Details There are six new items on the smit mkroute under policy options.
Additional Information
Transition Statement Next lets look at Path MTU Discovery. What is a path MTU?
Uempty
What is Path MTU?
The Maximum Transmission Unit (MTU) is the largest size packet
that can be transmitted on a particular network
Different networks may have different MTU values
Path MTU is the smallest MTU of any network path between two
hosts
If a packet must be routed through a network with a smaller MTU
than its originating network, then it must be fragmented
Fragmenting packets at the router is inefficient
Packet fragmentation is unnecessary if packets are sent with a size
no larger than the Path MTU
The goal of Path MTU Discovery is to prevent IP packet
fragmentation at the router
Notes:
Path MTU
For remote destinations, AIX supports a path MTU discovery algorithm as described in
RFC 1911. If a PMTU value exists for a route, the IP protocol will fragment the packet to
fit within the PMTU value before sending it. It is much more efficient to fragment the
packet at the sender than to have packets be fragmented by routers along the path to
the destination.
Instructor Notes:
Purpose Introduce path MTU.
Details
Additional Information
Transition Statement Path MTU Discovery can be enabled or disabled.
Uempty
Enabling/Disabling Path MTU Discovery
There are five network options that control Path MTU Discovery
no -o udp_pmtu_discover=1
Enables Path MTU Discovery for enabled UDP applications
no -o tcp_pmtu_discover=1
Enables Path MTU Discovery for all TCP applications
no -o pmtu_default_age=10
Interval in minutes when Path MTU reductions are discovered
no -o pmtu_rediscover_interval=30
Interval in minutes when Path MTU increases are discovered.
no -o route_expire=1
Interval in minutes when unused cloned routes are deleted
(only applies to AIX 5L V5.2 and earlier)
Notes:
Instructor Notes:
Purpose Discuss how to configure Path MTU Discovery.
Details
Additional Information
Transition Statement Prior to AIX 5L V5.3, Path MTU Discovery had an impact on
multipath routing. Lets take a look.
Uempty
Path MTU Discovery and Multipath Routing
AIX 5L V5.2 and earlier
With PMTU Discovery, the PMTU for each destination is stored in the routing table
A cloned host route is created to store the discovered PMTU
Cloned routes expire, if unused for route_expire minutes
Routing will always prefer the more specific cloned route over the network route
If you have multiple routes, the first route used is cloned and the second route will never be used
Turn off PMTU discovery if using multipath routing
# netstat -rn
Routing tables
Destination Gateway Flags Refs Use If PMTU Exp Groups
Route tree for Protocol Family 2 (Internet):
default 9.3.149.161 UGc 0 0 tr0 - -
9.3.149.33 9.3.149.161 UGHW 1 151 tr0 1492 - -
9.53.150.8 9.3.149.161 UGHW 2 685 tr0 1492 - -
Notes:
1 Status checked
(Gateway down)
Gateway
Host
Backup
2 Switch to backup
Gateway
Notes:
The Dead Gateway Detection (DGD) feature implements the ability for hosts to detect a
dysfunctional gateway, and reroute network traffic to a backup gateway. DGD, along with
multipath routing, allows for multiple routes to the same destination, which can be used for
load-balancing and failures.
The DGD implementation addresses two distinct sets of customer requirements:
Requirement for minimal impact on network and system environment
Requirement for maximum availability of network services and connections
Passive DGD and Active DGD address two distinct sets of requirements. The passive DGD
addresses the need for minimal overhead while the active DGD ensures maximum
availability while imposing some additional workload on network segments and connected
systems. Passive DGD is enabled or disabled system-wide. It is disabled by default. Active
DGD is an attribute for a particular route and is enabled on a route by route basis.
Passive DGD
1 TCP and ARP to
check status
Gateway
tr0
(Gateway down)
en0
Backup
2 Network traffic Gateway
sent to backup
Notes:
Passive DGD takes action to use a backup route if a dysfunctional gateway has been
detected. Passive DGD depends on protocols that provide information about the state of
the relevant gateway. TCP and ARP provide the necessary feedback about the state of a
gateway.
If consecutive dgd_packets_lost TCP packets are lost, the ARP entry for the gateway in
use is deleted and the TCP connection tries the next-best route.
The next time the route is tried, an ARP request will be required. If a gateway does not
respond to the APR request, passive DGD raises the cost of all routes associated with this
gateway. If there is another route to the destination with a lower cost, it will be used. If this
is the only route to the destination, by definition it has the lowest cost and the route will still
be tried.
Active DGD
1 Ping for status
Gateway
tr0
Host
pp0
Backup
2 Network traffic Gateway
sent to backup
Notes:
Passive DGD has low overhead and is recommended for use on any network that has
redundant routes. However, passive DGD is done on a best effort basis only. AIX offers a
second DGD mechanism called Active DGD. This option pings gateways periodically, and if
a gateway is found to be down, the routing table is changed to use alternate routes to
bypass the dysfunctional gateway.
The network option dgd_ping_time allows the administrator to configure the time interval
between the periodic ICMP message in seconds. dgd_packets_lost specifies how many
ping packets must be lost before DGD will raise the cost.
Active DGD is enabled on a per route basis using the -active_dgd flag to the route
command.
Active DGD detection is off by default. It is recommended to be used only on machines that
provide critical services and have high-availability requirements.
Since active DGD imposes some extra network traffic, network sizing and performance
issues have to receive careful consideration.
Notes:
Active dead gateway detection operates on a per route basis. Use the netstat command
to display status: the A flag indicates that active DGD is enabled for that particular route.
Notes:
Network tunables
The no command is used to configure a wide range of network tuning parameters.
These are often referred to as tunables.
The options to the no command allow you to set or display either the current value or
the reboot value for network tunables.
The -L flag is very useful; it shows the current and reboot values, as well as the
minimum and maximum and so forth.
Instructor Notes:
Purpose Provide an overview of the no command.
Details
Additional Information
Transition Statement AIX provides an number of features to manage your tunables.
Uempty
Managing Tunables
AIX 5L V5.2 and later supports a common syntax for tuning
commands
no (network tuning)
vmo (memory tuning)
schedo (CPU tuning)
ioo (I/O tuning)
nfso (NFS tuning)
/etc/tunables contains two stanza files and a log file
nextboot
lastboot
lastboot.log
File control commands for tunables
tuncheck
tunrestore
tunsave
tundefault
Copyright IBM Corporation 2006
Notes:
/etc/tunables
This directory three files that are used with the tunable commands:
- /etc/tunables/nextboot
When you change a tunable value for the next boot, an entry is made in this file. At
boot time, tunrestore -R is run from /etc/inittab. All tunables that are not already
set to the value defined in the nextboot file are modified. Tunables not listed in the
nextboot file are forced to their default value. All actions, warnings and errors are
logged into /etc/tunables/lastboot.log.
- /etc/tunables/lastboot
This file contains a record of the tunables that were set during the last boot. It lists all
the tunables with numerical values. The values representing default values are
marked with the comment DEFAULT VALUE.
- /etc/tunables/lastboot.log
This file contains a record of all actions taken by tunrestore -R at boot time.
Quality of Service
Ne
ork
tw
or
tw
Bandwidth
k
Ne
Regulate traffic
Manage bandwidth
Policy based
Specify policy priority
Notes:
Quality of Service provides a method for regulating network traffic flows. The demand for
QOS arises from applications such as digital media or real-time applications and the need
to manage bandwidth resources for arbitrary administratively defined traffic classes.
Policy-based networking allows for a policy condition (character of a packet) to be met and
a corresponding action performed on that packet. A policy condition is defined by five
characteristics of a packet which include source IP address, source port number,
destination IP address, destination port, and protocol type (tcp or udp). A policy action
includes:
Token bucket parameters defining in-profile traffic
TOS byte value for in-profile traffic
From an administrators point of view, a policy is essentially configuration parameters to
regulate certain types of traffic flow.
IPv6 Support
QoS for AIX 5.2 only supports IPv4. IPv6 is not supported.
Uempty
Checkpoint
1. T/F: No configuration of the clients or routers is needed to use a
VIPA in the server.
2. T/F: Multipath routing allows administrators to no longer have to
have a different destination, netmask, or group ID on a route
definition.
3. T/F: PMTU Discovery is used to determine the largest packet that
can be sent over a particular network.
4. T/F: You need to enable PMTU to take full advantage of multipath
routing feature.
5. T/F: Dead Gateway Detection, along with multipath routing allows
for multiple routes to the same destination which can be used for
load-balancing and failover.
Notes:
Instructor Notes:
Purpose Review.
Details
Checkpoint Solutions
1. T/F: No configuration of the clients or routers is needed to use a
VIPA in the server. False. Clients need return routes to the
VIPA address. If there are intervening routers, they will need
routes as well.
2. T/F: Multipath routing allows administrators to no longer have to
have a different destination, netmask, or group ID on a route
definition. True.
3. T/F: PMTU Discovery is used to determine the largest packet that
can be sent over a particular network. True.
4. T/F: You need to enable PMTU to take full advantage of multipath
routing feature. False. In AIX 5L V 5.2 and earlier, you need to
disable PMTU discovery to stop the cloning of routes.
In AIX 5L V5.3, PMTU discovery has no effect on multipath
routing.
5. T/F: Dead Gateway Detection, along with multipath routing allows
for multiple routes to the same destination which can be used for
load-balancing and failover. True.
Copyright IBM Corporation 2006
Additional Information
Transition Statement Exercise is next.
Uempty
Exercise:
Configuring
Network
Options
Notes:
Instructor Notes:
Purpose Introduce the exercise.
Details
Additional Information
Transition Statement Finally, lets summarize what we discussed in this unit.
Uempty
Unit Summary
Virtual IP provides connection protection
Multipath routing allows more than one route to same destination
Load balancing
Availability
PMTU Discovery prevents fragmentation at the routers
Dead Gateway Detection will detect router failure and raise the cost
of any route that is down
Passive Dead Gateway Detection for minimal overhead
Active Dead Gate Detection for maximum availability
Quality of Service to regulate traffic
Notes:
Instructor Notes:
Purpose Summarize.
Details
Additional Information
Transition Statement Thats all for this unit.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Objectives
After completing this unit, students should be able to:
Describe domain name concepts and terminology
List the types of name servers
Configure a name server and a client
Identify files used with DNS
Start the BIND daemon
Use commands to query domain name servers
Notes:
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Name Resolution
Name
Internet Resolution
Hostname
Address
Notes:
Systems use different methods for mapping host names to IP addresses. The method
depends upon the environment in which a system is going to participate.
Flat Network
- This method provides name resolution through the file /etc/hosts and works well in
small stable environments
NIS Server (Network Information System)
- This method provides a centralized server for administration of configuration and
other files within a LAN environment.
LDAP Server (Lightweight Directory Access Protocol)
- IBM secure way directory is an LDAP directory that provides client access to an
LDAP server.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
To accommodate a large, expanding set of names in a network, it became necessary to
decentralize naming. This is what occurred as the internet grew.
The purpose of the Domain Name System is to create a system that allows lookups in a
tree-like database. These lookups are mostly (but not only) finding an IP address that
belongs to a node (a hostname) in the Domain Name System. A hostname in this respect is
always a Fully Qualified Domain Name (FQDN).
The DNS system knows a hierarchical structure:
The root node is the dot domain. This dot is the origin of all domains. It is comparable
with the root of a UNIX filesystem.
Below the root node you find a number of Top Level Domains (TLDs). These can further
be distinguished in Generic Top Level Domains (gTLD), such as com, org and net, and
Country Code Top Level Domains (ccTLDs), such as nl (for the Netherlands), au (for
Australia) and uk (for the United Kingdom).
Uempty Below a Top Level Domain an organization can apply for a subdomain. The application
criteria and procedure for this varies from TLD to TLD. When an application has been
granted, then that organization becomes the owner of a domain, and can use it to store
information about its own hosts and (possibly) other subdomains.
Furthermore, the DNS system is decentralized. This means that there is no central
database which holds all the information, but organizations all keep their own databases on
their own servers. Through special so-called glue records, these databases all point to
each other, making global lookups possible.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce the DNS system.
Details
Additional Information The structure of the root domain, the gTLDs and ccTLDs is
managed by the IANA (http://www.iana.org). Management of the gTLDs is delegated by the
IANA to the internic (http://www.internic.net), and management of every ccTLD is
delegated by the IANA to a registrar for that country. The complete list of ccTLDs and the
registrars for each can be found at http://www.iana.org/cctld/cctld-whois.htm.
It is very illustrative to show the students these pages, test for the existence of various
domains, and look up the WHOIS information for some domains.
Transition Statement Let's look at an example.
Uempty
Internet Domain Name Structure
The root domain
gTLDs
com org net nl au uk ccTLDs
sf dc ny
Zone of
Authority
ny.ibm.com
sys1
The FQDN of this node is
domain
sys1.ny.ibm.com.
Notes:
The visual shows an example of a possible DNS structure. The root domain is on top, with
the gTLDs and the ccTLDs right below it. There is one subdomain, ibm.com, which in itself
has another subdomain, ny.ibm.com. Furthermore, three hosts are shown, sf.ibm.com,
dc.ibm.com and sys1.ny.ibm.com.
A domain is a group of systems under the same administrative control. In the Domain
Name System, DNS, this is called a Zone of Authority. In reality, a Zone of Authority
specifies authoritative control of zone files for that domain.
Note that when we are talking about Fully Qualified Domain Names, the final dot should be
included. So the FQDN of sys1 is sys1.ny.ibm.com. and not sys1.ny.ibm.com.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the DNS hierarchy.
Details
Additional Information
Transition Statement This hierarchy can be considered the key to our database. Now
let's look at the data itself.
Uempty
Resource Records
Data (for instance, an IP address) is associated with a host using
Resource Records
The RR identifies the sort of data that is stored
Common RRs for hosts:
A (Address): The IP address of a host
PTR (Pointer): The hostname of a host
CNAME (Canonical Name): An alias name for a host
HINFO (Host Info): Information about a host
Common RRs for domains:
NS (Name Server): The nameserver of the domain
MX (Mail Exchanger): The mail server of the domain
SOA (Start of Authority): Information regarding the authoritative
name server
Notes:
The hierarchical structure as shown in the previous visual can be thought of as the key to
the database. With an FQDN we can find the record for a specific host. The next thing we
need to retrieve is the data that is stored about this host. This is done through a series of
resource records.
Each resource record stores something about each host or domain. What is stored,
depends on the resource record type. There are several resource records possible. Some
are typically only used for a host, and others are typically only used for a domain. But there
is no general rule in this respect. In fact, the DNS system doesn't even know the difference
between a host or a domain.
Common RRs for a host include:
A (Address) This RR gives the IP address of a host.
PTR (Pointer) This gives the FQDN of a host.
CNAME (Common Name)This is used to define aliases. The CNAME is stored with the
alias and lists the official name of a node.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
HINFO (Host Information)This gives information about the host itself, such as hardware,
operating system, administrative contact and so on.1
Common RRs for a domain include:
NS (Name Server) This identifies a name server for this node.
MX (Mail Exchanger) This identifies the mail server for this node.
SOA (Start of Authority) This indicates that a node and all nodes below it are managed by
an authoritative name server. It identifies the organizations gives some timing parameters
for the domain. These parameters have to do with how long entries may be cached and
how often slave name servers ndc.eed to check for updates, for instance.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
DNS Lookups
sys1 # host www.bbc.co.uk
co
ibm
bbc
sf dc ny www
Ans is 150.10.10.10
A 150.10.10.10
sys1
Notes:
The visual shows the result of the command host www.bbc.co.uk, executed on host sys1.
In the example, ten DNS queries and responses are performed:
1. The first query is a so-called recursive query from sys1 for the IP address of
www.bbc.co.uk to the DNS server of the ny.ibm.com domain. The IP address of this
name server is known to sys1 (it is configured in its /etc/resolv.conf file).
A recursive query in this respect means I want the answer to this question. This
means that the answer that sys1 expects is the IP address of www.bbc.co.uk
2. The second query is a so-called iterative query from the name server of ny to one of the
root nameservers. Again, the query is for the IP address www.bbc.co.uk.
An iterative query, in contrast to a recursive query, means I want your help in
answering this question. This means that the ny nameserver is happy with any help
that the other party can give.
The third packet is a reply from the root nameserver, and identifies the nameserver of the
uk domain.
Uempty 3. The fourth packet is again an iterative query from the ny name server to the uk
nameserver.
4. The fifth packet is a reply from the uk nameserver, and identifies the nameserver of the
co.uk domain.
5. The sixth packet is again an interactive query from the ny name server to the co.uk
nameserver.
6. The seventh packet is a reply from the co.uk nameserver, and identifies the nameserver
of the bbc.co.uk domain.
7. The eighth packet is again an interactive query from the ny name server to the
bbc.co.uk nameserver.
8. The bbc.co.uk nameservers are authoritative for the bbc.co.uk domain. This means that
they have the database which describes all nodes in the bbc.co.uk domain, including
the www.bbc.co.uk node. So the answer that these nameservers can reply (in packet
number seven) is the IP address for the www.bbc.co.uk host.
9. The ny nameserver now knows the IP address of the www.bbc.co.uk host, and returns
this to sys1 (in the tenth packet).
Apart from the procedure to look up a hostname, this also illustrates the benefit of having a
combination of iterative and recursive queries:
Having a combination of clients doing recursive queries and name servers doing iterative
queries turns out to be the most efficient scheme.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the DNS lookup procedure
Details If students have problems understanding the concepts of iterative and recursive
queries, that's OK. That knowledge is not needed in the rest of the unit.
Additional Information
Transition Statement We've seen that we can search the database for a hostname,
and then retrieve the IP address that belongs to this hostname. But we can do the same
thing the other way around as well. But obviously it is impossible to search every
nameserver on the planet to see who accidentally has a certain IP address. So they
created a handy trick for that.
Uempty
DNS Reverse Lookups
sys1 # host 150.10.10.10
co in-addr
ibm
10
bbc
10
sf dc ny www
A 150.10.10.10 10
sys1 150
PTR www.bbc.co.uk.
Notes:
IP address to Hostname lookups would, if nothing else was arranged, require you to go to
every DNS server on the Internet, and see if the IP address was somehow in its tables.
Obviously this is completely impossible. Yet we can do reverse DNS lookups. This is done
by using an ingenious trick, which involves a special in-addr.arpa domain. The visual
illustrates how this works.
Suppose someone wants to do a reverse DNS lookup for the IP address 150.10.10.10. The
first step then is to convert this IP address to its corresponding DNS name, which is
10.10.10.150.in-addr.arpa. This may look strange at first, but remember that IP addresses
become more specific when going from left to right, and that hostnames become more
specific when reading from right to left. To fit IP address in a hostname-based scheme, we
have to reverse the order.
Just as before, the name servers are then queried for this node. Only this time it's not the A
record (IP address) we're looking for, but the PTR (FQDN) record.
In all but a few cases, the organization that manages the name-to-IP domain also manages
the IP-to-name domain.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Note: It is extremely important that reverse DNS lookups are configured correctly. Almost
all services on the Internet can (and about half of the services actually will) perform a
reverse DNS lookup to retrieve the hostname of a client. This hostname is then used for
authorization and logging. If the reverse DNS lookup fails, chances are that the client is
simply not allowed to use the service, or only after a long time-out.
The host/nslookup and dig commands allow you to check whether regular and reverse
DNS lookups match.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
A master nameserver is a nameserver which is authoritative for a domain or multiple
domains (most likely the domain itself and the associated reverse DNS domains). This is
the server where the administrator makes changes to the DNS tables. The master
nameserver can serve requests from clients and other name servers, both recursive and
iterative. When it needs to perform a lookup for another domain and it receives answers, it
caches these answers for later reference.
A slave nameserver is also authoritative for a domain, but retrieves this data in a so-called
zone transfer from a master nameserver.2 It also can serve requests from clients and other
nameservers, and can cache data from other domains.
A caching-only nameserver does not have its own data and is not authoritative for a
domain. It just performs iterative queries for clients. All results obtained are cached
however, making it a useful thing to have in a small network which does not warrant its own
slave nameserver, but is connected to the outside world through a slow link.
2 In more complex environments, slave nameservers can also retrieve the data from other secondaries.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Root
Authoritative
Server
FIREWALL
Client Answer!
DNS Server
Forwarder
Notes:
Forwarder name servers handle off-site DNS queries for other servers in a network. When
a local server is directed to use a forwarder, it begins by looking in its own data base files
and its own cache for the information, and if it can't answer the query, hands off to the
forwarder with a recursive query. The local server is given a list of one or more forwarders,
to be queried in a defined order.
When a forwarder is queried, it goes outside the network, querying the root and other
authoritative servers as usual. If an answer is obtained, it is returned to the local server. If
none of the forwarders return an answer, the local server proceeds to contact the
authoritative servers itself.
In firewalled networks, forwarder name servers are often used. Local servers (inside the
firewall) are usually prevented from contacting outside servers and cannot perform iterative
queries to the root and other authoritative servers. Instead, a name server is run on the
firewall, having full access to the Internet. Local servers then forward their queries to the
server on the firewall.
Uempty Alternatively, the forwarder may run outside the firewall, and internal servers are permitted
to contact it (but no other external servers). In still another variant, the forwarder may be
inside the firewall, and have the distinction of being the only internal name server that is
allowed external contact.
Another situation where forwarders are useful is in private networks where most of the
systems use unregistered IP addresses. In this case, a registered address is obtained for
the forwarder server, allowing it to communicate with the Internet. Other name servers use
unregistered addresses, and perform all queries to the Internet via the forwarder.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Explain how forwarder name servers work and describe there role.
Details The way the local server knows which forwarders to query, and in which order, is
by consulting the forwarders directive in the named.boot or named.conf file.
It is also possible to configure applications to contact forwarder servers directly, eliminating
the role of the local server. However, in some cases, a forwarder is necessary or at least
desirable. For example, access from clients to the forwarder may be restricted. Or, the
forwarder may be at another location (one that has Internet access) and response time is
improved by having a local, caching name server.
To make a server a slave, place the directive options forward-only in its boot file. (Note that
in earlier versions of BIND, the directive slave had the same effect, but is now deprecated.)
Slave servers would be used especially when Internet access is impossible, since this
eliminates long hangs while the local servers attempt to contact the root servers.
Transition Statement Lets determine how we belong to a flat or domain name
environment.
Uempty
Domain or Flat Network?
No /etc/ Yes
resolv.conf
exist?
FLAT DOMAIN
NETWORK NETWORK
Notes:
TCP/IP offers name resolution methods for two network types:
Flat network
Domain network
The existence of /etc/resolv.conf determines how a system resolves hostnames and IP
addresses within a domain or flat network.
If /etc/resolv.conf exists, then use resolver algorithm.
If /etc/resolv.conf does not exist, then use /etc/hosts file.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the role of /etc/resolv.conf.
Details If /etc/resolv/conf exists, then the system uses name resolution hierarchy for
resolving. If /etc/resolv.conf does not exist, then the system will use the /etc/hosts file for
resolving. Also, note that syntax is unforgiving.
Additional Information Five main directives for usage in the resolv.conf file:
domain
search
nameserver
sortlist
options
Transition Statement Let's take a look at the default order assigned to resolving
names.
Uempty
Name Resolution
Default
DNS, NIS which is authoritative, local
Overriding the Default name resolution
Option 1
Create /etc/netsvc.conf
Options include bind, ldap, nis, local
Example host=bind,local,nis
Option 2
Set NSORDER environment variable
NSORDER=nis=auth,bind,local
Notes:
Default Name resolution specifies:
If DNS is running then check DNS servers for answer as specified in /etc/resolv.conf file
If DNS is not running or does not return the answer then check to see if NIS is running.
NIS is deemed authoritative. If NIS is running and does not return the answer then
name resolution fails. If NIS is not running then finally the local /etc/host file is checked.
The default Name resolution can be overwritten in two ways:
Create /etc/netsvc.conf. To specify host ordering within this file, use the host attribute
followed by the name of the resource to use. The resources listed depends on what
name resolution processes are running on the network.
Create an environment variable NSORDER. NSORDER overrides any name resolution
specified in /etc/netsvc.conf file.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Compare default name resolution hierarchy when all name resolution methods
are available.
Details When a process receives a symbolic host name and needs to resolve it into an
address, it calls a resolver routine. Resolver routines attempt to resolve names using the
default order BIND/DNS, NIS, /etc/hosts.
Cover the student notes for flow through the hierarchy.
The point to stress is if NIS is running, /etc/hosts NEVER accessed. NIS name resolution
is considered authoritative over the /etc/hosts file.
Transition Statement Now lets see how we can configure a DNS domain.
Uempty
Planning a Domain Network
Determine systems in domain
Determine domain name
Choose primary name server
Choose secondary name servers
Remaining systems are clients
Notes:
Determine which hosts need to communicate with each other
Register domain name with InterNIC
Centrally located nameserver in each network or subnet
Backup server ability
Resolvers
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the planning process for DNS.
Details There are at least five steps that need to be planned before DNS configuration
begins.
1. Determine the hosts that are in a domain (logically not physically or geographically).
Determine this by which hosts need to communicate with each other.
2. Choose a domain name that is unique to the Internet, and decide where you fit within
the domain hierarchy. Even if you are not connecting to the Internet today, it is advised
that you register with the InterNIC to avoid having to reconfigure your system in the
future.
3. A good rule of thumb for selecting a name server:
- Have a name server for each network or subnet. This removes the router as a single
point of failure.
- A file server is a good choice, especially if serving diskless hosts.
- Select large, fast, time-sharing systems that are properly situated on the network
(not located behind a slow serial connection).
4. Select at least two secondary servers to also remove the name server as a single point
of failure.
5. All remaining systems selected from Step 1 are DNS clients (resolvers).
Additional Information It is also suggested that syslogd is started so errors can be
logged in syslog.conf.
Transition Statement Let's briefly cover DNS offerings in AIX then deal with a scenario
that will be used throughout the rest of this unit.
Uempty
BIND Version Support in AIX
BIND 8
Uses Control file /etc/named.conf
Actual version is 8.1.2
Default
BIND 9 latest version
Also uses Control file /etc/named.conf
Actual version is 9.2.0
Notes:
Each version of BIND has its own configuration requirements and they are different. The
version of BIND you choose also affects which mode of security you can use. For more
information, refer to Communication and Networks section of the System Management
guide.
The following are a summary of new functions provided with BIND 8:
Secure dynamic DNS updates
BIND 8 offers the secured RFC 2136 update protocol. The secure update protocol is
implemented by IP-based Access Control lists.
Notify
Implements the RFC 1996 Notify process. This is a method by which the primary DNS
server can indicate to its secondary name servers that zone data has been updated.
This decreases the time periods in which a secondary DNS server has data out of sync.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Uempty RNDC access and creating and rndc.conf file which can be generated automatically by
using the rndc-confgen utility.
CHECKCONF and CHECKZONE
Are recommended tools but not yet supported at the time of writing. Used to check for
syntax errors in configuration and zone files. Can be downloaded from
http://www.isc.org.
IP version 6
BIND 9 fully supports all currently defined forms of IP version 6 named to address and
address to name lookups.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe DNS offerings in AIX
Details Point out that BIND 8 is default DNS version on AIX.
Transition Statement Now lets go through a DNS example scenario.
Uempty
Scenario - Domain Name Structure
(root)
com
ibm
sys99.ibm.com
dc
sys1 - Primary
Name Server
10.19.98.1 sys6 - Secondary
sys4 Name Server
10.19.98.2 10.19.98.3 10.19.98.4 10.19.99.6
sys2 sys3 10.19.99.4
sys4e 10.19.99.5
sys5
Copyright IBM Corporation 2006
Notes:
Domain characteristics:
One domain dc.ibm.com
Two physical networks 10.19.98 and 10.19.99
One primary name server 10.19.98.1
One secondary name server 10.19.99.6
Primary and secondary name servers configured with a cache file pointing to the name
server sys99.ibm.com on the higher-level domain ibm.com on network 10.19.93.
Note that the DNS standards require at least two name servers for every zone. In this
scenario, we have left out the backup for sys99.ibm.com for simplicity.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce the scenario that is used during this unit.
Details It is assumed that we have registered with the appropriate authorities for our
domain and network address. Our subdomain is dc, and it fits structurally under the ibm.
subdomain and the com top-level domain. All hosts are in the dc.ibm.com domain and are
named sys1 through sys6.
Notice there are two physical networks, and all the hosts on both networks are included
under the zone of authority for the primary and secondary name servers. sys1 is the
primary name server, and sys6 is the secondary name server. sys6 has been selected
because it is a separate network removing the router as a single point of failure for
resolving names.
There is NO caching-only name server in this scenario, but both the primary and secondary
name servers are configured with a cache file that points to the name server in the
ibm.com domain, sys99.ibm.com, should they not be able to answer a query from a
client. This means that if sys99 can resolve the query, the primary and/or the secondary
caches the resolution, thus allowing it to answer any further queries for the same host from
its cache.
Transition Statement Let's start the configuration process of the primary name server.
Uempty
Setting Up the Primary Name Server
Create named control file
Create name zone file
Create IP zone files
Create local IP zone file
Create cache file
Create /etc/resolv.conf
Start named daemon
Notes:
All zone files are created using a Standard Resource Record format. These standards are
explained as we look at each file.
The named daemon must be started after all the files are created.
Named8 (version 8 of BIND) is started by default and uses the /etc/named.conf control file
to configure the domain.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce the steps for setting up the primary name server.
Details Use this list to guide the students through all the details of the upcoming pages.
Each file listed here is covered in detail on the following pages. Briefly, we cover the overall
purpose of each.
1. The named control file is the pointer file to the DNS database.
2, 3, 4. The name zone file, IP zone file, and local IP zone file are the actual files that
contain the database information.
5. The cache file contains a list of name servers which are queried to obtain name
resolution information outside the domain.
6. The /etc/resolv.conf file identifies this host as the primary name server and directs it to
use its own database information.
7. named is the daemon process that makes it all work. It listens for requests, responds to
those requests, and maintains the name server database
Transition Statement Let's start with Step 1, creating the named control file for BIND 4
Uempty
/etc/named.conf
# cat /etc/named.conf
options { directory "/etc"; };
zone "dc.ibm.com" {
type master; file "named.dc";
};
zone "98.19.10.in-addr.arpa" {
type master; file "named.revip98";
};
zone "99.19.10.in-addr.arpa" {
type master; file "named.revip99";
};
zone "0.0.127.in-addr.arpa" {
type master; file "named.local";
};
zone "." {
type hint; file "named.ca";
};
Notes:
The /etc/named.conf file is read by the named daemon when it starts. It specifies the
location of all data which the daemon uses to create the initial name server database.
The directory entry tells the named daemon that all file names listed in this file are stored
in the /etc directory.
The primary entry indicates the domain for which this local named daemon is the primary
name server, and the file from which to get the data describing the domain.
The domain name for the reverse mapping must always end with in-addr.arpa. The octets
of the IP addresses must be reversed when forming a domain name, because IP
addresses have the most significant octets first, while domain names have the least
significant octets first. There should be a file for each physical network.
The . (period) in the domain field of the cache record means any domain not explicitly
listed elsewhere. A cache file allows a host in the default domain to communicate with
hosts outside the domain.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Explain the use and contents of the named.conf file on the primary name
server.
Details The named.conf control file is read by the named daemon when it starts. It
specifies the location of the database files. The name, named.conf, is used by convention
on most platforms.
Additional Information The loopback address simplified network applications by
allowing the local host to be addressed in the same manner as a remote host. The
loopback address simplifies software by allowing common code to be used for
communicating with local or remote processes. It also reduces network traffic, because the
local host address is associated with a loopback device that loops data back to the host
before it is written out to a network. Because every system uses the loopback to send
datagrams to itself, this entry is in every host's routing table.
The presence of the cache file says name resolution can be done somewhere else and the
response sent back to this name server. This primary name server then caches the
response in memory, allowing it to reuse the answer should an identical request be made
by a client again.
Newer BIND enhancement no longer require the domain statement in the named.conf as
domain comes from hostname or out of /etc/resolv.conf file.
Discussion Items There are no requirements to store files in the /etc directory. A better
choice could be a separate directory/subdirectory or even a separate file system with a
different volume group.
Transition Statement Now that the named.conf file is built, let's look at some helpful
scripts to assist in building the information for the zone file.
Uempty
Scripts to Build Zone Files
IBM provides awk scripts
/usr/samples/tcpip/hosts.awk
/usr/samples/tcpip/addrs.awk
Run on /etc/hosts file
Produce name and IP zone files
Use to create initial zone files
Notes:
IBM provides awk scripts that read the system's /etc/hosts file and generate the
appropriate zone file.
These awk scripts are not meant to provide a perfect zone file for your situation. It provides
a beginning. Once the file is created, additional records or changes can be made by the
editor of your choice.
Execute the commands as follows:
# cd /usr/samples/tcpip
# ./hosts.awk /etc/hosts > /etc/named.dc
# ./addrs.awk /etc/hosts > /etc/named.revip98
# ./addrs.awk /etc/hosts > /etc/named.revip99
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the purpose and advantage of using awk scripts to create the
database information.
Details The zone files that need to be built are named.dc, named.revip98, and
named.revip99. They must be built using Standard Resource Record format. Once you
see the format, you are thankful that IBM supplies awk scrips to do this for you.
The awk scripts read the /etc/hosts file to build the files. The hosts.awk script will build the
name-to-IP database for the named.dc file. The addrs.awk script builds the reverse IP
files, named.revip98 and named.revip99.
Additional Information If DNS is being set up in a heterogeneous environment, the
zone files are usually created on a RISC System/6000 using these scripts, then transferred
to the appropriate platform for use.
Transition Statement Let's look at an example zone file.
Uempty
Name Zone File
# pg /etc/named.dc
Notes:
The name field varies depending on the type. It can specify a domain, a zone of authority,
the name of a host, the alias of a host, and so forth. It must begin in column 1. If this field is
left blank, the name defaults to the value of the previous resource record.
The TTL field is Time to Live. This is specified in seconds. A value of 9999999 means no
time-out. If not specified, it defaults to the SOA record's minimum entry.
The class field is the address class of the record. There are two valid entries: IN for
Internet and ANY for all other address classes.
The type field is the type of resource record. Some valid types are: SOA - Start of
Authority, NS - Name Server, A - Address, HINFO - Host Information, CNAME - Canonical,
and MX - Mail Exchanger.
The rdata field contains specifics for the particular record type.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Special Characters:
; indicates a comment.
. if used in the name field, a freestanding dot indicates current domain.
@ if used in the name field, a freestanding at sign indicates current origin.
() parentheses are used to continue data across more than one line.
SOA (Start of Authority) Record:
Name of host where data files reside, and the e-mail address of the user responsible for
keeping the data file current.
Serial - version number of this data file. This number should be incremented each time
there is change to the data. The secondary checks this value to see if it needs to download
information again. The serial number can be given as a normal integer or it can include a
dot as shown in the chart. In that case, the number to the left of the dot is multiplied by
10,000 and added to the number to the right.
Refresh - time interval that secondary checks for data change. 3600 seconds is one hour.
Retry - time interval secondary waits after failure to reach primary for a refresh. 300
seconds is five minutes.
Expire - upper time limit used by secondary to flush data after continued failure to contact
the primary. 3600000 seconds is approximately 42 days.
Minimum - is the minimum time to live used as the default. This overrides individual entries
if those entries are lower.
The hosts.awk script does not build a perfect zone file. This file was edited to add the full
domain name of the primary server in the SOA record. Also, the name, sys1, had to be
added in the rdata field for the NS type entry.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Expires is used by the secondary when it fails to contact (or retry) the primary name server.
In this case 3,600,000 seconds is 42 days. This means that if the secondary cannot contact
the primary after this time, it stops giving out data. The data is assumed to be so old that it
is no longer accurate.
Minimum is the time to live which is 86,400 seconds or one day. This is the default ttl
should one not be defined in the ttl field.
The SOA is ended with the close parenthesis.
Let's take a look at the other entries in the type field along with the rdata field.
NS specifies that this entry is for the name server and the rdata specifies the name of the
name server.
The A denotes an address record. These records convert host names to IP addresses.
sys1, under the name field, is the name of the host whose address is in the rdata field.
Look down to the entry for localhost. The type field is CNAME. localhost is considered an
alias name found in the /etc/hosts file. CNAME stands for canonical name. CNAME
provides the alternate host name that may be used by a user or an application.
Point out the two lines that must be edited after running the hosts.awk script. It is covered
in the student notes. Explain that other vendor platforms don't supply scripts making this
file tedious to set up.
Additional Information The maximum length of the number in the ttl field is 8 positions.
There can only be one SOA in the file.
The serial number can be incremented as a whole number or a decimal.
If your name server is BIND 4.9.4 or newer, you have to pay extra attention to how your
hosts are named. Starting with 4.9.4, BIND checks hostnames in conformance for RFC952.
If a host doesn't conform, BIND considers the zone to have a syntax error. Also, note that
underscore characters are not allowed in host names.
Transition Statement Let's now look at a zone file created by the addrs.awk script
used for reverse name resolution.
Uempty
IP Zone File
# pg /etc/named.revip98
Notes:
Names in DNS are set up in a hierarchy. To resolve an address, the system traces the
hierarchy, contacting a server for each subdomain in the name. Since this structure is
based on name, there is no easy way to translate a host address back into its host name.
The in-addr.arpa record domain was created to allow reverse translation. This domain
uses the address of a host to point to the name and data for that host.
The four octets of a host number are reversed to make the transversal left to right, similar
to the domain name.
Valid resource record types are: SOA - Start of Authority, NS - Name Server, and PTR -
domain name pointer.
There should be one reverse hosts data file per network.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Note: Since some systems are on network 9.19.98 and others on 9.19.99, this file will have
to be created twice, once for each network. Since both files are built from the /etc/hosts
file, which contains entries for both networks, each file has to be edited to delete hosts on
the other network and to delete the network octets from the IP address in column one,
leaving just the host octet.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# pg /etc/named.local
@ IN NS sys1.dc.ibm.com.
1 IN PTR localhost.
Notes:
The local IP zone file contains the local loopback address for the network 127.0.0.1.
Valid resource record types are: SOA - Start of Authority, NS - Name Server, and PTR -
domain name pointer.
The SOA record is not required in the local IP zone file. It is required in the name zone file
and IP zone file. The presence of the @ sign indicates the current domain.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Cache File
# pg /etc/named.ca
. 99999999 IN NS sys99.ibm.com.
sys99.ibm.com. 99999999 IN A 10.19.93.99
- OR -
. 99999999 IN NS a.root-servers.net.
a.root-servers.net. 99999999 IN A 198.41.0.4
. 99999999 IN NS b.root-servers.net.
b.root-servers.net. 99999999 IN A 128.9.0.107
. 99999999 IN NS c.root-servers.net.
c.root-servers.net. 99999999 IN A 192.33.4.12
; and so forth
Notes:
The cache file has exactly the same layout as the files we've discussed before. It basically
describes the characteristics of the root (dot) domain.
The only difference is that we are not authoritative for this domain, so we cannot specify a
SOA record. And we do not know (or at least, we're not supposed to know) any IP
addresses in this domain. The only thing we are supposed to know is the name and, more
importantly, the IP address of the nameservers which serve this domain. So these are the
only entries listed in this file.
Now, there are two possibilities here:
The first possibility is that you are a nameserver on an intranet, with no direct outside
connection. In this case, you list an upstream DNS server as the name server for the
root domain. Which one is really not important, as long as they are able to resolve your
queries.
Uempty The second possibility is that you are a nameserver on the Internet. In this case, you
should list the root nameservers of the Internet themselves. This list can be obtained on
the Web and added to your files. In addition to this, BIND automatically contacts one of
these nameservers when BIND is started, and retrieves the current list of all root
nameserver. It then uses this information instead.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the content and syntax of the cache file.
Details Refer the students to the named.conf file. The last statement is a cache
statement which points to the cache file. The cache file points to a higher-level domain
server that could be used to find an answer to a query that cannot be resolved in the
primary name server database. Create this file using an editor. The same five fields exist.
There is no reason to have an SOA record. The dot in the first field says use the default
domain. Next, the higher-level name server is listed, sys99.ibm.com. Think of our hierarchy
(dc.ibm.com). If a name cannot be resolved locally, contact the higher-level domain name
server, sys99.ibm.com. The second line is an address record that resolves the host name
to an IP address. Notice the existence of the dots which represents that this is a fully
qualified domain name.
sys99.ibm.com is a name server. If it has the answer to the query, the answer will be
passed back to the primary name server, sys1.dc.ibm.com. sys1.dc.ibm.com will cache
this answer. If the same query is made again, sys1 will have the answer in its cache and
will not have to query the higher-level authority, sys99.ibm.com. All name servers cache
for efficiency. This does not make it a caching-only name server.
Transition Statement There are no more zone files to build, but there are a few
remaining steps.
Uempty
Final Primary Name Server Setup Steps
Change the host name to the fully qualified domain name
# smit hostname
Create /etc/resolv.conf
# vi /etc/rc.tcpip
Uncomment line to start named
# startsrc -s named
Notes:
There are many services or applications that determine your domain name by checking
your system's host name. Use SMIT to change the host name so it gets set upon reboot.
/etc/resolv.conf must exist to tell the system it is operating in a domain environment. For
our example, the following works:
nameserver 0.0.0.0
domain dc.ibm.com
nameserver 10.19.99.6
The /etc/rc.tcpip file must be updated so that named will be started at system reboot. The
SRC is then used to start the named daemon. Both these steps can be accomplished
using smit.
# smit stnamed
Select the BOTH option from the Start Using the named subsystem menu.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the final steps in configuring the primary name server after the
database has been created.
Details These steps remain in the primary name server configuration. An example for
our scenario is given in the student notes. It is also possible to have an empty
/etc/resolv.conf on a name server, but the preferred method is to have a nameserver
directive indicating the loopback address and a domain directive indicating the domain the
name server belongs to. Note that if an empty /etc/resolv.conf is to be used, it must be
zero length, that is, created with a command such as > /etc/resolv.conf.
Next, be sure the named daemon is uncommented in the /etc/rc.tcpip file. This ensures at
the next system restart, named gets started automatically. Start named using SRC or
SMIT. If you use SMIT, SMIT uncomments the entry in /etc/rc.tcpip automatically.
Additional Information
It is important to set the system's hostname (without trailing dot) when using sendmail.
Failure to do so will cause sendmail to reject messages for the local host.
Transition Statement Note: This is a good time to break and allow everyone to perform
the first section of the exercise Setting Up the Primary Name Server. This allows all the
DNS information just presented to sink in before continuing on with configuration of the
secondary name server and the clients. If you choose to do this, introduce the exercise,
assign the designated primary name server and the designated secondary name server.
The team that volunteers as the secondary name server must observe and assist another
team. They get their chance to perform their configuration during the second section of this
exercise.
Let's take a look at creating the secondary.
Uempty
Setting Up the Secondary Name Server
Create named control file
Create local IP zone file
Create cache file
Create /etc/resolv.conf
Start named daemon
Notes:
The named daemon must be started after all the files are created.
The /etc/resolv.conf file should be similar to that on a primary name server. Here, an
appropriate /etc/resolv.conf would be:
nameserver 0.0.0.0
domain dc.ibm.com
nameserver 10.19.98.1
You can use multiple nameserver directives to direct name resolution process to check
another name server if the local DNS is down.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Identify the five steps in creating a secondary name server.
Details The difference between the primary name server and the secondary name
server is where they get their information. The primary reads its own files; the secondary
downloads information from the primary via a zone transfer.
The advantage of the secondary name server is no maintenance of files. All the
maintenance is done on the primary name server (which will be covered later).
The disadvantage of the secondary is it does not resync the information instantly when the
serial number is changed in the SOA on the primary name server.
The named control file, local IP zone file, and cache file must be created on the secondary.
They are not part of the zone transfer. The secondary must have an /etc/resolv.conf file
and the named daemon started.
Additional Information A secondary name server starts a child process to perform a
zone transfer, allowing it to keep answering queries while zone data is being transferred
from the primary name server.
The secondary name server is not limited to loading the information from a primary name
server. It can get its information from another secondary.
Transition Statement Let's start by looking at the contents of the named.conf file for
the secondary name server.
Uempty
Secondary named Control File
# pg /etc/named.conf
# cat /etc/named.conf
options { directory "/etc";};
zone "dc.ibm.com"{
type slave; file "named.dc"; masters {10.19.98.4;};
};
zone "98.19.10.in-addr.arpa"{
type slave; file "named.revip98"; masters {10.19.98.4;};
};
zone "99.19.10.in-addr.arpa" {
type master; file "named.local";
};
zone "." {
type hint; file "named.ca";
};
Notes:
The secondary entry indicates the domain for which this local named daemon is the
secondary name server. It retrieves the domain information from the IP address specified
and stores the information it receives in the file specified. This file is the backup file for the
primary name server.
Whenever a new copy of the domain information is received from one of the primary
servers, the named daemon updates the backup file for that primary server.
When the named daemon is first started, the secondary downloads information from the
primary. The secondary queries the primary name server at regular intervals based on the
SOA record's refresh parameter.
The IP address of the primary name server must be indicated before the file name so the
secondary name server knows which system is the primary name server. The backup files
are optional. By default, the database information is downloaded from the primary name
server to the memory of the secondary name server. Should the secondary have to reboot,
it uses the backup files if they exist, rather than requesting another download from the
primary causing unnecessary network traffic.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Explain named.boot on the secondary name server.
Details The name of the file, /etc/named.conf, and the directory and domain entries are
identical with those on the primary name server.
Secondary line entries are used (not primary line entries) as this is the secondary name
server. The first secondary line entry reference dc.ibm.com as its domain. Before the file
name, in this statement, add the IP address of the primary name server. In our example, it
was 10.19.98.1. This statement tells the name server that it is secondary for the zone
dc.ibm.com, and that it should check the version of this zone on the name server
10.19.98.1. The secondary name server keeps a backup copy of this data, if a backup file
name is included with this entry. This backup file is not required, but if there is one, the
secondary reads it upon restart rather than cause a network load by transferring the rdata
from the primary. It later checks with the primary name server to see if it has a more recent
copy. It also makes the secondary more robust. If the primary is down, when the secondary
starts up, it can load the data from its own backup files. It allows the secondary to still
function as a server for the domain.
Enter a secondary line entry for each of the in-addr.arpa domains, again including the IP
address of the primary name server.
The cache entry is the same as the one we discussed in the primary configuration.
Additional Information You can have up to 10 IP addresses in the third field, name
server IP address. The secondary tries each IP address until it makes a hit. If the IP
address is that of a secondary name server, it can get its information from another
secondary rather than a primary.
Transition Statement Since a copy of the database from the primary is downloaded to
the secondary, there is no reason to run the awk scripts, as no zone files have to be
created. However, the local file for loopback must be created.
Uempty
Local IP Zone File
# pg /etc/named.local
Notes:
Notice this looks the same as what was entered on the primary name server with the
exception of indicating itself in the SOA and NS records. The SOA is optional.
The file's content, structure, and purpose are the same as on the primary name server.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Explain the purpose and contents of the secondary name server's local IP
zone file.
Details This file serves the same purpose and has the same syntax as the local IP zone
file for the primary name server with one exception. The NS record points to itself as the
name server, rather than pointing to the primary name server. It is used to locally resolve its
own loopback address.
Transition Statement As a reminder, let's look at the contents of the cache file, which
must also be created in the secondary name server.
Uempty
Cache File
# pg /etc/named.ca
. 99999999 IN NS sys99.ibm.com.
sys99.ibm.com. 99999999 IN A 10.19.93.99
- OR -
. 99999999 IN NS a.root-servers.net.
a.root-servers.net. 99999999 IN A 198.41.0.4
. 99999999 IN NS b.root-servers.net.
b.root-servers.net. 99999999 IN A 128.9.0.107
. 99999999 IN NS c.root-servers.net.
c.root-servers.net. 99999999 IN A 192.33.4.12
; and so forth
Notes:
This file is exactly the same as the /etc/named.ca file created on the primary name server.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the purpose and syntax of the cache file on the secondary name
server.
Details Once again, this file is just like the named.ca file configured on the primary
name server. If you refer back to the secondary's named.boot file, the cache statement
points to this file, which points to a higher-level authority name server should the query to
the secondary not be resolved. It can be the same as indicated in this example, or it could
point to a different name server in a higher-level domain.
Transition Statement Let's look at the final steps of configuring a secondary name
server.
Uempty
Final Secondary Name Server Setup Steps
Change the host name to the fully qualified domain name
# smit hostname
Create /etc/resolv.conf
# vi /etc/rc.tcpip
Uncomment line to start named
# startsrc -s named
The name and reverse lookup zone files are downloaded from the
Primary Server
Notes:
The final steps are the same as well, with one minor difference: the order of the DNS
servers in the /etc/resolv.conf file.
The DNS servers in the /etc/resolv.conf file are checked in the order as they appear in this
file, so it is a good idea to list the nearest name server (the local one) first.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the final steps for configuring the secondary name server.
Details The secondary needs an /etc/resolv.conf file and the named daemon started.
They are the same steps as the primary name server.
Transition Statement Let's further discuss caching-only name server
Uempty
Caching-Only Name Server
Do not have their own data
Only caching
Useful if you need more DNS servers but want to avoid the
overhead of downloading zone data to secondary servers.
# pg /etc/named.conf
directory /etc
zone "." {
type hint; file "named.ca";
};
Notes:
A caching-only nameserver does not have its own data, it only performs caching. This is
really useful if you need more DNS servers in your zone, for instance because you have a
large number of clients on a lot of networks with a slow connection to the backbone. You
could configure slave nameservers on each of those networks, but this requires you to do
regular zone transfers over those slow lines. A better approach might be to configure
caching-only nameservers on each network. This has the benefit of caching, but not the
disadvantage of the zone transfers.
Since a caching-only nameserver has no data of its own, the only two files required are the
file describing the local IP zone and the cache file.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Explain the purpose of caching-only name n servers and how to configure
them.
Details Caching only name servers are not authoritative for any domains (except for
0.0.127.in-addr.arpa). The name does not imply that the primary and secondary name
servers do not cache, they do. This means that the only function this server performs is
looking up data and caching them. A caching-only server's real value comes after it builds
up its cache, by saving overhead of zone transfers.
Transition Statement Now let's look at setting up the client.
Uempty
Setting Up the Client
Change the host name to the fully qualified domain name
Create /etc/resolv.conf
domain dc.ibm.com
nameserver 10.19.98.1
nameserver 10.19.99.6
Notes:
On the client, the /etc/resolv.conf contains the default domain name for the system and
the name servers it uses for name resolution
The domain name is the domain in which this host resides.
The client can list anywhere from one to a maximum of three name servers in this file.
Once an active name server is found, the search through this list stops.
Although this is not addressed in this lecture, the /etc/hosts file on the clients should
contain at least an entry for themselves. The ifconfig command fails only if the localhost
name and IP address do not appear in /etc/hosts. It is a good idea to leave at least those
two entries in the /etc/hosts file on the client. By the time the startup sequence reaches the
route command, the network interface is up, and the host uses the name server to map to
IP address. Since a host has no default route until route is executed, the only name server
it can reach is local on the network. Better to hard code the IP address of the default route
into the startup file. This ensures that your host's networking starts correctly.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the configuration of a DNS client.
Details It is very simple to configure a DNS client. Simply create the /etc/resolv.conf
file. The client's file must point to the name servers (you can list up to three) and domain to
use for name resolution.
As a rule of thumb, you should configure DNS clients to use the closest name server
available. Closest is the one on the local network or subnet. At a minimum, there must be a
domain statement which identifies the default domain for the client. Next you must have at
least one name server entry which points to the IP address of a name server for the
domain.
In this example, two name servers are listed: the primary and the secondary. If the primary
name server, sys1, is down, the secondary doesn't have a way to know that sys1 is down.
The client has to do this checking. If the primary cannot be reached, the client goes to the
secondary name server. Up to three name servers can be listed. The list is searched
sequentially. Once a name server responds, the search stops, even if the query could not
be resolved.
Additional Information The name server must be listed using the IP address. A host
name does not work.
Domain directives overrides the host name. Since the resolver doesn't report errors, you
have to be sure the syntax is correct. Domain starts in column one, followed by white
space, then default domain name (no trailing dot). No trailing spaces are allowed after the
domain name. It causes your default domain to be set to a name plus spaces.
A third way to set the domain name is with the LOCALDOMAIN environment variable. You
can set it on a per user basis. If you have a huge system with people form all over the world
logged in, each user may do some of their work in a different company subdomain. Set the
variable in the profile file.
If there is only one name server configured, the resolver queries that name server with a
time-out of 5 seconds. The time-out is the length of time the resolver will wait for a
response from the name server before sending another query. If resolver encounters an
error that indicates the name server is down, unreachable, or times out, it doubles the
time-out and query the name server again. The errors that could cause that are:
Receipt of an ICMP port unreachable message which means no name server is
listening on the port
Receipt of ICMP host unreachable or network unreachable, which means that queries
cannot be sent to the destination IP.
If resolvers receive an error each time it sends a query, for a total of four errors, it falls back
to using its /etc/hosts table. These are errors not time-outs. It could take up to 75 seconds.
If it gets a time-out on a query, the resolver returns an answer and doesn't fall back to
/etc/hosts.
Uempty With more than one name server configured, it is different. The resolver starts by querying
the first name server in the list with a time-out of 5 seconds, just like a single name server
scenario. If the resolver times out or receives an error, it falls back to the next name server
using the same time-out. If it queries all the name servers, it updates the time-out and
cycles through again.
An alternative to the domain directive is the search directive. This allows explicit
specification of the list of domains to append during lookups.
Transition Statement Now, lets see how we can convert to BIND9.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Conversion to BIND 9
BIND 9 is a complete new rewrite
Stop named daemon
Relink named and nsupdate
cd /usr/sbin
ln -fs /usr/sbin/named9 /usr/sbin/named
ln -fs /usr/sbin/nsupdate9 /usr/sbin/nsupdate
Changes maybe required to /etc/named.conf
Not all BIND 8 keywords are supported
Dynamic update security has changed
Notes:
BIND 8 although offering more functionality and increased security than its BIND 4
counterpart, is still essentially developed using the same code base. BIND 9 is a complete
new rewrite.
Depending on how exactly the BIND 8 server was configured changes may be required
after an update to BIND 9 as some features have been included and removed.
Note: In the previous foil, BIND 8 /etc/named.conf. The example shown would require no
change under BIND 9.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
named can be stopped and started using SRC or SMIT.
An important function of named is it reads the database files and puts a copy in memory for
use. Should you have to add, delete, or revise an entry in the database, you must invoke
named to reread the database and refresh what is in memory. This is done using the
refresh -s named command.
Remember, once the database files have been created on the primary name server using
the awk scripts, the awk scripts are not used again. Revisions are made directly to the
database files. Also remember to change the serial number so the named daemon on the
secondary knows when to do a zone transfer.
named is also used to dump a copy of what is in memory to a file. This file can then be
used to ensure that the zone files are correct. You must know the PID of named. Use it with
the kill -2 command to dump a copy to the default file /var/tmp/named_dump.db.
kill -2 sends a SIGINT signal to named, causing named to take a snapshot of what is in
memory and dump to the default file.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
To take a snapshot of the name server's active database which is in memory, use
kill -2 <pid_named>. This dump is located in the file /var/tmp/named_dump.db.
$ORIGIN is the originating domain zone file.
The above example is a partial listing of the contents of the file.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
To remove a host, update the above files by deleting the host instead of adding the host.
Remember to refresh named.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
nslookup
Queries domain name servers
Responds similarly to the host command
Two modes:
Interactive
Noninteractive
Troubleshooting tool
Notes:
nslookup only talks to one name server at a time.
nslookup only uses DNS. It does not use NIS or /etc/hosts.
The nslookup command can be used to troubleshoot name server problems.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Noninteractive Queries
$ nslookup sys3
Server: sys1.dc.ibm.com
Address: 10.19.98.1
Name: sys3.dc.ibm.com
Address: 10.19.98.3
Notes:
If you only want to look up one piece of data, use the noninteractive form of nslookup. It
returns the name server that was queried followed by the domain name and IP address of
the host you are querying.
The option -querytype=ANY returns all Start of Authority (SOA) information available for
your domain.
If you execute nslookup from the name server, the server address is displayed as 0.0.0.0,
meaning this host.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Interactive Queries
$ nslookup
Default Server: sys1.dc.ibm.com
Address: 10.19.98.1
> sys3
Server: sys1.dc.ibm.com
Address: 10.19.98.1
Name: sys3.dc.ibm.com
Address: 10.19.98.3
> ls dc.ibm.com >> filea
[ sys1.dc.ibm.com ]
Received 11 records
> ls -t any dc.ibm.com
[ sys1.dc.ibm.com ]
dc.ibm.com SOA sys1.dc.ibm.com root.sys1.dc.ibm.com. (10001
3600 300 3600000 86400)
dc.ibm.com. NS sys1.dc.ibm.com
sys1 A 10.19.98.1
sys2 A 10.19.98.2
.
.
>exit
Notes:
An interactive session allows you to repeatedly query information without leaving the
nslookup program. The > is the interactive input symbol to continue.
ls lists the information available for the domain specified, optionally creating or appending
the output to the file specified (example, filea as shown above).
ls -t any is similar to the noninteractive -querytype=ANY option.
exit terminates the nslookup program.
nslookup has many options. Refer to the system documentation for further details.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-85
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
set changes the information that affects the lookup.
By turning on debug, you are asking the nslookup program to show you the queries it
sends out and the responses it receives.
The text between the dashed lines is the query and response packets.
There are two levels of debug:
1. debug, which displays only the queries received
2. d2, which displays the queries sent out and the queries received
Turn debug off with the nod2 or the nodebug options. If you use nod2, the queries are still
in debug mode. Use nodebug to turn debug mode completely off.
Uempty If you use nslookup regularly and use the same set of options most of the time, the
.nslookuprc file can be used to set your nslookup options. When nslookup starts, it looks,
by default, for this file in your home directory. The nslookup run command can contain any
valid set command, one per line. This file is useful if you want to change the nslookup
time-out or set your search lists to something other than your host's default search list.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-87
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss debugging with nslookup.
Details
Transition Statement nslookup - time is up. Lets see its replacement with BIND 9 - dig.
Uempty
dig Queries
Domain Information Groper
BIND 9 Replacement for nslookup. DIG is non-interactive.
;; QUESTION SECTION:
;dc.ibm.com. IN NS
;; ANSWER SECTION:
dc.ibm.com. 86400 IN NS sys1.dc.ibm.com.
dc.ibm.com. 86400 IN NS sys6.dc.ibm.com.
;; ADDITIONAL SECTION:
sys1.dc.ibm.com. 86400 IN A 10.19.98.1
sys6.dc.ibm.com. 86400 IN A 10.19.99.6
Notes:
Dig, short for Domain Information Groper is a flexible tool for interrogating DNS name
servers. It performs DNS lookups and displays the answers that are returned from the
name server(s) that were queried.
A typical invocation of dig looks like:
dig @server name type
where:
server is the name or IP address of the name server to query. If no
server argument is given, dig consults /etc/resolv.conf and
queries the name servers listed there.
name is the name of the resource record to be looked up. If no name
is given, then dig will try a lookup of . (dot).
type indicates what type of query is required -- ANY, A, MX, SOA
and so forth. If no type argument is supplied, dig performs a
lookup for an A record.
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-89
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss dig.
Details
Additional Information
Transition Statement Lets do the checkpoint questions and start the lab.
Uempty
Checkpoint (1 of 3)
1. The TTL of the Standard Resource Records for the name server
zone files is specified in:
a. Minutes
b. Hours
c. Days
d. Seconds
Notes:
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-91
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Present the first of three groups of checkpoint questions.
Details
Checkpoint Solutions (1 of 3)
1. The TTL of the Standard Resource Records for the name server
zone files is specified in:
a. Minutes
b. Hours
c. Days
d. Seconds
Additional Information
Transition Statement Lets look at the next group of checkpoint questions.
Uempty
Checkpoint (2 of 3)
4. T/F: The named daemon must be running on every machine
participating in the domain environment.
5. When the system administrator wants to see the active name
server database, a file must be created which contains a dump of
the active database. This is done with the command kill -2
<pid_named>. The result of that dump file is located in:
a. /etc/tmp/named_dump.db
b. /var/tmp/named_dump.db
c. /tmp/named_dump.db
d. /var/lpp/tmp/named_dump.db
6. T/F: The zone files contain information regarding the nameserver's
zone of authority for both host to IP address name resolution and
IP address to host name resolution.
Notes:
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-93
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Present the second of three groups of checkpoint questions.
Details
Checkpoint Solutions (2 of 3)
4. T/F: The named daemon must be running on every machine
participating in the domain environment. False. named only runs
on the name servers.
5. When the system administrator wants to see the active name
server database, a file must be created which contains a dump of
the active database. This is done with the command kill -2
<pid_named>. The result of that dump file is located in:
a. /etc/tmp/named_dump.db
b. /var/tmp/named_dump.db
c. /tmp/named_dump.db
d. /var/lpp/tmp/named_dump.db
6. T/F: The zone files contain information regarding the nameserver's
zone of authority for both host to IP address name resolution and
IP address to host name resolution. True.
Additional Information
Transition Statement Lets look at the last group of checkpoint questions.
Uempty
Checkpoint (3 of 3)
7. Match the following:
a. cache ____ Zone file defines the host to IP address name resolution.
b. name ____ Zone file defines the IP address to host name resolution.
c. local IP ____ Zone file defines the local IP address resolution.
d. IP ____ File defines where to send requests for resolution of names not
contained in nameserver database.
8. What is the name of the file that tells the system whether to run in
a flat network or a domain network?
9. T/F: On the client, the /etc/resolv.conf contains the default domain
name for the system and the name servers it uses for the name
resolution.
10. T/F: The named can be started automatically with a command
line entry in the inetd.conf file.
Notes:
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-95
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Present the third of three groups of checkpoint questions.
Details
Checkpoint Solutions (3 of 3)
7. Match the following:
a. cache ____ Zone file defines the host to IP address name resolution.
b. name ____ Zone file defines the IP address to host name resolution.
c. local IP ____ Zone file defines the local IP address resolution.
d. IP ____ File defines where to send requests for resolution of names not
contained in nameserver database.
Answers: b, d, c, a.
8. What is the name of the file that tells the system whether to run in
a flat network or a domain network? /etc/resolv.conf
9. T/F: On the client, the /etc/resolv.conf contains the default domain
name for the system and the name servers it uses for the name
resolution. True.
10. T/F: The named can be started automatically with a command
line entry in the inetd.conf file. False.
Additional Information
Transition Statement Lets move on to the exercise.
Uempty
Exercise:
Exercise 9
Notes:
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-97
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Transition to the exercise for this unit.
Details
Additional Information
Transition Statement Lets review some of the key points covered in this unit.
Uempty
Unit Summary
The name server provides a distributed database that other systems
query to perform name resolution
The named daemon runs on the name servers
/etc/resolv.conf defines domain and name servers on clients
nslookup / dig queries name servers for information
Notes:
Copyright IBM Corp. 1997, 2006 Unit 9. Domain Name System 9-99
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Review some of the key points covered in this unit.
Details
Additional Information
Transition Statement Thats the end of this unit.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Objectives
After completing this unit, students should be able to:
Discuss the DHCP functions and features
Configure DHCP network
Explain Dynamic DHCP / DNS updates
Notes:
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Host Configuration
Static
smit mktcpip - configuration stored on disk
Requires one address for every machine
Typically used for servers
Dynamic
IP configuration assigned by server
Requires one IP address for every active machine
Does not require any local configuration
Typically used for clients
Notes:
Every host in an IP network needs to be configured with several parameters, including the
IP address, the subnetmask, the default router, the IP addresses of DNS servers, and so
forth. There are basically two ways of supplying these parameters to the host.
When a site uses static configuration, all parameters are configured on the local system
and stored on some sort of local medium. In most cases this is the local hard disk.
With static configuration, every host on a network needs its own IP address, even when the
system is off, or not connected to the network at all. Think for instance about the situation
where your company has a thousand mobile workers, each with its own laptop, who can
hook up to any network in any of your ten buildings throughout the country. Since you never
know when someone is logged in where, you need to reserve 10.000 IP addresses, one
thousand for each network, even if a network has only ten connections available. This is a
tremendous waste of IP addresses, not considering the user who will need to do some
local configuration every time he connects to another network.
When a site uses dynamic addressing, no configuration is stored locally. Instead, when the
system boots up, it requests the local configuration from a server. And when the system
Uempty shuts down, it also notifies the server that the configuration is no longer needed and can be
reused. This limits the number of IP addresses that need to be reserved, since only the
systems that are actually in use on a network need an IP address for this network. And it
saves the user from doing a lot of local configuration.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss static and dynamic host configuration.
Details
Additional Information
Transition Statement Let's look at the protocols that are used for dynamic
configuration.
Uempty
Dynamic Host Configuration
BOOTP Protocol
IP address statically linked to MAC address
May also provide information such as subnet mask, boot file,
name server, and so forth
Uses UDP - routable
DHCP Protocol
Downwards compatible with BOOTP
IP address dynamically assigned from pool
Many IP options available (address, subnet mask, DNS, routers,
...)
Adds the following features
Dynamic IP address allocation
Host-specific configuration parameters
DHCP server stored key-value entry or client
Notes:
Bootp protocol has the following characteristics. DHCP supports the following types of IP
address allocation.
Dynamic allocation - host is assigned an address for a fixed time lease or until the host
relinquishes it.
Automatic allocation - host is assigned a permanent IP address.
Manual allocation - host is assigned an address by the network administrator.
The configuration parameter options allow DHCP servers to provide persistent storage of
network parameters for network clients. The server stores key-value entry for each client.
This key is a unique identifier of the client.
It is an application level protocol, which runs on top of UDP. This makes it easier to write
server and client applications and ensures that the packets are routable. You therefore
do not have to configure a bootp server on each and every network.
It uses a very flexible packet format which allows you to configure the client with a
variety of IP configuration items, and also has a large number of vendor extensions
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
defined, which allows vendors of certain hardware to configure that hardware with
special configuration options.
Bootp does not allow the inclusion of a lease time, so reusing IP addresses is not possible.
The most recent protocol to be used is the Dynamic Host Configuration Protocol
(DHCP). It is downwards compatible with Bootp, so Bootp clients can boot off a DHCP
server and vice versa. But it extends Bootp to include a lease time, which ensures that
after a certain amount of time the IP address is free to be assigned to another system.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
BOOTP
1 Broadcast 2 Forward
bootrequest bootrequest
LAN LAN
4 Forward 3 bootreply
Diskless system bootreply
BOOTP BOOTP
relay server
Runs on UDP
Server provides client IP address, boot name file
May also provide vendor-specific information such as subnet mask,
name servers
Supports cross-gateway booting with relay agents
Notes:
The BOOTstrap Protocol (BOOTP), defined in RFC 951, is an IP/UDP bootstrap protocol
which allows a client to obtain its own IP address, the name of a boot file and
vendor-specific information from a BOOTP server. This information is manually
pre-configured by the administrator in the server database.
BOOTP transmits the configuration information via UDP (User Datagram Protocol)
datagrams encapsulated in IP datagrams. This allows the client to contact a server across
a gateway, on another network. The BOOTP server listens on the well-known port 67 for
BOOTREQUESTS and responds with BOOTREPLIES sent to port 68 on the client.
BOOTP solves the problem of how to use IP before the diskless system knows its own IP
address or the address of the server by having the client broadcast its request on the local
network. The server may reply to the client by broadcasting or by unicasting. In the case of
unicasting, the server must prime its own ARP cache since the client is not able to respond
to an ARP query until it has its IP address.
BOOTP request and replies contain a vendor-specific area. As well as allowing hardware
vendors to transmit machine-specific information, this area can be used by the server to
Uempty provide the client with its subnet mask, hostname, domain name, default IP routers, name
servers and other information.
Some physical networks cannot provide a BOOTP server. For instance, in a network
comprised completely of diskless hosts and routers, none may be able to run a BOOTP
server. On some networks it is possible but not desirable to run such a server. For instance,
a network administrator may wish to avoid maintaining a server on each of many small
networks. In this situation a centralized BOOTP server is preferable. Finally, a network
which has its own BOOTP server may still need a backup server on another network to
ensure reliability.
All these situations can be managed using BOOTPs cross-gateway booting function. To
implement this optional feature of BOOTP, a router or host is configured with a list of
networks or servers to which it will forward BOOTP requests. Such a router is then known
as a BOOTP relay agent.
The relay agent listens on well-known port 67 (just like a BOOTP server), and when it picks
up a BOOTREQUEST, it fills in the gateway IP address field with its own IP address,
increments the hopcount field, and forwards the request. Normally, it forwards the request
directly to a particular BOOTP server. It is also possible that it forwards it to another relay or
even that it rebroadcasts the request.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Relay
Client Agent Server
Begins
initialization
BOOTREQUEST;
broadcast on Forwards request to
255.255.255.255 BOOTP server
BOOTREQUEST;
determines
configuration
BOOTREPLY
Broadcast/unicast
BOOTREPLY to
client
BOOTREPLY
Initialization
complete
Additional Information
Transition Statement Thats all for bootp; now lets take a look at Leasing an IP
Address.
Uempty
Leasing an IP Address
In DHCP negotiation, the client agrees on a lease time with the
server
Before the lease time is over, the client has to:
Abandon the lease
Renew the lease
All lease times are expressed as offset from now in seconds
Prevents against problems when clocks are out of sync
Notes:
When the client boots up, it starts a brief negotiation with the server. As part of this
negotiation, a lease time is agreed. This is the period of time in which the client may use
the IP address and other configuration items that were assigned.
Before the agreed lease time is over, the client needs to do one of two things:
It may abandon the lease, essentially telling the server that it no longer needs the IP
address, and that the server can reuse it immediately.
It may renew the lease. This requires a new, even shorter negotiation phase with the
server to extend the lease time. In all but a few cases, the server will renew a lease
without a problem.
In all DHCP packets, the lease time and related timings are always expressed in seconds,
as an offset from the current time. This prevents against problems when clocks on different
systems are not synchronized. It is, however, a good idea to synchronize the clocks.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss lease times.
Details The lease time is specified in the /etc/dhcpcd.chf file.1
Additional Information
Transition Statement Let's see how a client obtains a lease.
1
ISPs who offer cable modem or ADSL service sometimes force clients to abandon the lease and acquire a new lease for another IP
address. This prevents people from having a permanent, static IP addresses and thus from building servers
Uempty
DHCP Client-Server Interactions
DHCP Server
Notes:
The visual shows the exchange of packets that enable a client to obtain a lease on an IP
address.
1. The client broadcasts a DHCPDISCOVER message on its local subnet. This message
is received by all DHCP servers and DHCP relays on the network.
A DHCP relay relays the message as a unicast message to one or more DHCP servers.
DHCP relay code is typically included in a routers, saving you from having to put a
DHCP server or other special system on each network.
2. All servers check their local configuration to see if they have any IP addresses for that
network that may be used by this client. Each server that wants to offer a lease does
this by sending a DHCPOFFER containing the IP address, other configuration
parameters and the maximum lease time for this IP address.
3. The client receives all offers and selects one (typically, but not necessarily, the one with
the longest maximum lease time), and sends a DHCPREQUEST to that server to
confirm the lease.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
4. The server receives the DHCPREQUEST, stores the client's configuration details and
sends a DHCPACK message to the client.
Servers don't commit the IP address for the client until they receive the DHCPREQUEST
packet. It may therefore happen that a server sends multiple DHCPOFFERs to multiple
clients with the same IP address. The first client that actually claims the IP address (with a
DHCPREQUEST) is confirmed with the DHCPACK, and other clients are reneged with a
DHCPNACK message. The client may therefore only use an IP address after it has
received the DHCPACK
The following steps are not shown in the figure but are part of the DHCP client initialization
process.
1. If the client is satisfied with the parameters, it proceeds to the next stage of initialization.
If not, it may send a DHCPDECLINE and begin the process again.
2. If the client wants to renew its lease prior to expiration, it must contact the server with a
DHCPREQUEST at a preset time the default is halfway through the lease period.
3. If the server responds with a DHCPACK renewing the lease, the client can continue
operation. If the server fails to respond, the client broadcasts the request, hoping to
contact the server if it has been moved to a different subnet. If this strategy fails, the
client must start the initialization process again from the beginning.
If the client wants to relinquish its lease for a graceful shutdown, it may optionally send the
server a DHCPRELEASE message.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Uempty
DHCP Renewal
TI (0.5* Client Server
duration of Renewing State
lease)
DHCPREQUEST [commits
(unicast) configuration]
DHCPACK or
[ignores
request]
T2
(0.875* [Rebinding State]
duration of [commits
lease) DHCPREQUEST
configuration]
(broadcast)
or
Lease [ignores
[Init State]
Expires request]
DHCPDISCOVER
Graceful shutdown
Discards lease
DHCPRELEASE
Notes:
This diagram illustrates the renewal of a lease.
1. After half the lease period (usually called T1) the client contacts the server with a
unicast DHCPREQUEST, requesting a renewal of the lease. If the server is still
available and willing, it sends a DHCPACK back to the client, confirming the renewal of
the lease. The timers will now be reset and the lease period countdown starts again.
2. If the server does not react to the unicast DHCPREQUEST, the client waits until T2,
which is about 0.875th of the lease period. It then does a broadcast DHCPREQUEST.
This broadcast still contains the ID of the DHCP server, but this broadcast might be
picked up by a DHCP relay agent, so that it reaches the server even if the server has
been placed on another subnet.
If the client still has no confirmation from the server by the time the lease expires, it starts a
DHCPDISCOVER sequence again to get another IP address from another server. Plus,
since the lease has expired, it sends a DHCPRELEASE to the previous server. But this
DHCPRELEASE probably gets lost since the server has not been responding anyway.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Show the students the renewal procedure.
Additional Information
1. The client must contact the server prior to lease expiration if it wishes to renew its
address lease. The protocol specifies two significant time periods for lease renewal, T1,
for which the default is halfway through the lease period, and T2, for which the default is
0.875 times the lease period. Implementations can define these timings differently.
At T1 a client that wishes to renew its lease unicasts a DHCPREQUEST to the server
which issued its lease. If the server responds with a DHCPACK renewing the lease, the
client is rebound and continues operations.
2. If the server fails to respond before T2, the client send another DHCPREQUEST
message, but this time to the broadcast address. This enables the server to process its
existing leases if it has been moved to another network. Again, if an ACK message is
received, the client is rebound and continues operations.
3. If the client fails to get a response from a server before the lease expiry, the client must
enter initialization state and start the process from the beginning with a
DHCPDISCOVER, as described in the previous chart.
4. If the client wishes to relinquish its address for a graceful shutdown, it may send a
DHCPRELEASE message. This is an optional part of the protocol. If the server receives
no message from the client before lease expiration, it assumes the client no longer
needs the address and may then reassign it.
Transition Statement Now that we've looked at the DHCP protocol exchange, let's see
the types of information we can provide to the clients.
Uempty
Selected DHCP Options
Subnet mask (1)
Time offset (2)
Router (3)
Time server (4)
Domain name server (6)
LPR server (9)
Hostname (12)
Domain name (15)
IP forwarding enable/disable (19)
Interface MTU (26)
Static routes (33)
Notes:
This chart lists some of the more interesting options defined in RFC 1533, 2132 that a
DHCP server can send to a client. The last option, static routes, allows the server to
provide a list of static routes that the client installs into its IP forwarding table. For a
complete listing of available options within AIX, refer to /etc/options.file.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose To give the students an understanding of the kinds of information a DHCP
server can provide to a client.
Details Discuss the DHCP options available. The visual shows a partial listing. Cover
domain name server, domain name, hostname, and default router definitions as these will
be used for the implementation example.
Additional Information For a more complete list of the DHCP options, see
/etc/options.file.
Transition Statement Now that we've covered the DHCP protocol, let's look at an
example.
Uempty
DHCP AIX Implementation Example
DHCP
Clients Router
10.1.1.1
10.1.1.0
10.1.2.0 10.1.2.1
10.1.2.2 10.1.1.2
10.1.3.1
AIX
10.1.3.0 AIX Router DHCP
Server
Notes:
Now let's look at Example Company's network, where the administrator plans to implement
DHCP on AIX systems. This network is made up of three LANs connected by two routers,
one of which is an AIX system. Each LAN has a number of AIX hosts. Example Company's
network administrator wants the hosts on each LAN to be configured with IP address,
subnet mask, default router, the address of a name server, and the domain name for the
network.
The administrator has decided to run a DHCP server on LAN 10.1.1.0 and use a BOOTP
relay to forward requests from clients on the other two LANs. A BOOTP relay agent placed
on the AIX system routing between LANs 10.1.2.0 and 10.1.3.0 pick up packets originating
in those networks and forward them to the server located on LAN 10.1.1.0.
The administrator has decided to choose DHCP's automatic allocation facility, as opposed
to manual or dynamic allocation. He has enough IP addresses to go around, and hosts will
not be entering and leaving the network frequently, so there is no need for dynamic
allocation and short lease times. None of the clients in this network are well-known hosts
(such as print servers), so the administrator doesn't need to reserve specific addresses for
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
any of them. Therefore, it doesn't matter what IP address they have, and neither manual
allocation nor host specification is necessary.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The administrator has decided to run a DHCP server on LAN 10.1.1.0 and use a BOOTP
relay to forward requests from clients on the other two LANs. A BOOTP relay agent placed
on the AIX system routing between LANs 10.1.2.0 and 10.1.3.0 will pick up packets
originating in those networks and forward them to the server located on LAN 10.1.1.0.
We will look at each of these steps
The AIX DHCP configuration file defines configuration information for the DHCP server
program, dhcpsd. The configuration file used for the Example Company network is shown
above and in the next chart. DHCP on AIX also supports a dhcpsconf command which
brings up an X-windows graphical user interface, which allows the network administrator to
read, save, and modify files, and also allows him to start, stop and retrieve statistics from a
running server.
Once the configuration file is in place, the server daemon is started by the following
command: startsrc -s dhcpsd. The -f flag on dhcpsd specifies the configuration file to be
used; default is the /etc/dhcpsd.cnf file.
Uempty The server maintains a database of which addresses it has distributed to which hosts;
these are kept in the files /etc/dhcps.ar and /etc/dhcps.cr.
The DHCP server daemon uses the same port that is used by the BOOTP server daemon,
so both cannot be run simultaneously.
The effect of the configuration file is:
Addresses are assigned to clients with the very long lease period of one year. The
server checks leases every day. In our example network, we have plenty of addresses
so we're not worried about their reuse.
All clients are given 10.1.1.3 as their name server, and example-company.com as
their domain name.
All clients are given 255.255.255.0 as their subnet mask.
All clients in subnet 10.1.1.0 are given an address in the range 10.1.1.10 to 10.1.1.254.
(We're reserving the lowest addresses in the subnet for permanent addresses not to be
administered by DHCP.)
All clients in subnet 10.1.2.0 are given an address in the range 10.1.2.10 to 10.1.2.254.
All clients in subnet 10.1.3.0 are given an address in the range 10.1.3.10 to 10.1.3.254.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Identify dhcp options with /etc/dhcpsd.cnf file.
Details This file contains directives. Cover each directive within the configuration file.
Point out the importance of log files when having problems.
Additional Information
Configuration File Entries:
Many configuration file elements such as network or class can use one or more of the
DHCP options defined in RFC 1534. However, global options affecting the entire file can
also be specified. Non-global options must always be contained within a pair of curly
braces following a network subnet, class or client statement.
numLogFiles, logFileSize, logFileName, logItem: These four statements define the
number, maximum size, name and options for log files. Log file options include SYSERR
(system error); OBJERR (object error, between objects in the daemon); EVENT (event
occurred in the process); TRACE (code flow for debugging).
leaseTimeDefault: Specifies the default lease duration for leases issued by this server.
The amount of time is specified as a decimal number, with units ranging from years to
seconds. Default duration is one hour. Takes effect in the absence of more specific
information defined in the network, subnet, class or client fields.
leaseExpireInterval: Specifies the time interval at which the lease expiration condition is
examined; default is one minute.
Transition Statement /etc/dhcpsd.cnf continues.
Uempty
/etc/dhcpsd.cnf
network 10.0.0.0 24
{
option 1 255.255.255.0 # Subnet mask
option 6 10.1.1.3 # Name server
option 15 example-company.com. # Domain
subnet 10.1.1.0 10.1.1.10-10.1.1.254
{
option 3 10.1.1.1 # Default router
}
subnet 10.1.2.0 10.1.2.10-10.1.2.254
{
option 3 10.1.2.1 # Default router
}
subnet 10.1.3.0 10.1.3.10-10.1.3.254
{
option 3 10.1.3.1 # Default router
}
}
Notes:
This chart continues the discussion of AIX DHCP configuration files begun in the preceding
chart.
network: Specifies the dotted decimal notation address for a network administered by this
server. Optionally, the address can be followed by the subnet mask, or a range of
addresses administered by this server. Options particular to the network can also be
specified within curly braces following the network statement. (Note that the subnet mask
may either be specified in the traditional notation, for example, 255.255.255.0, or as the
number of bits in the mask, for example, 24. The latter method is used in the example.)
subnet: Specifies a subnet administered by this server, optionally followed by a range of
addresses in this subnet which are to be administered. As with the network statement,
options for the subnet may be specified within curly braces following the subnet statement.
class: Specifies the ASCII string name of a class. A class can be used to designate
particular types of systems, for example a print server or a Windows client. When the
DHCP client sends requests to the server, it may include its class name in order to cause
the server to provide particular types of options. The class may be further defined by a
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
range of addresses that are given to clients which request the class. Options particular to
the class can also be specified following the statement in curly braces.
client: Specifies elements particular to a client. Elements which can be defined include id
type (one of the RFC 1340 hardware types, or 0 for a string); id value (hardware address
for the RFC 1340 hardware ID types or a character string for id type 0); and address.
Options particular to this client can also be specified, as with network, subnet and class. If
manual allocation is used for a client, a specific address is entered for the client in this field.
In our example, our administrator does not provide specific client address information, so
the server allocates an address from its pool of available addresses.
The client statement can be used to configure BOOTP clients, by including three
BOOTP-specific options: code sa (server address for BOOTP client); code bf (bootfile for
the BOOTP client; and code hd (home directory containing clients bootfile). In addition, an
infinite lease time must be specified (with option 51 set to 0xffffffff).
supportBOOTP: Specifies whether server should support BOOTP clients.
supportunlistedClients: Specifies whether the server should support requests from
clients which are not configured with their own individual client statements. Absence of this
statement defaults to support of unlisted clients.
updateDNS: String-defining command to use to update the DNS PTR IP address to
name-mapping for IP addresses assigned by this server.
removeDNS: String-defining command to use to remove the DNS PTR IP address to
name-mapping for IP addresses assigned by this server. Called when DHCP release is
received.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
numLogFiles 4
logFileSize 100
logFileName /usr/tmp/dhcpcd.log
logItem SYSERR
interface en0
Notes:
The dhcpcd configuration file contains entries for logging information, requested options,
interfaces to configure, and other options as described in notes within the file. The
configuration file used by clients in Example Company's network is shown above.
The dhcpcd daemon is normally started by the /etc/rc.tcpip file that runs at boot time; this
is commented out by default. There are SMIT options to enable the DHCP client.
The client can be started by the following command: startsrc -s dhcpcd. This command
takes three possible flags. The -f flag specifies the configuration file to be used; default is
/etc/dhcpcd.ini. The -t flag specifies the number of seconds the daemon waits before
placing itself in the background, allowing a machine to continue booting if a DHCP server
cannot be found. The -i flag tells the daemon to run in Inform mode, allowing a client to
retrieve configuration information from a server without getting an address.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
numLogFiles 6
logFileSize 100
logFileName /usr/tmp/dhcpserver.log
logItem SYSERR
server 10.1.1.2
Notes:
The dhcprd configuration file contains logging and server address entries for the relay
agent daemon. The dhcprd configuration file used for Example Company's BOOTP relay
agent is shown above.
The relay daemon can be started by the command: startsrc -s dhcprd.
Configuration File Entries:
numLogFiles, logFileSize, logFileName, and logItem: these four statements define
number, maximum size, name and options for log files.
server: specifies the IP address of a server to which the relay agent should forward
BOOTP or DHCP datagrams. Multiple servers may be specified; all receive each
datagram.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Networking and the explosive growth of the internet has led to IP address assignment to
become much more dynamic. Most client hosts get their addresses and network specific
information via DHCP. In order for a client to communicate with a server via telnet the client
host initiating the connection must be able to resolve the servers name into an IP address.
If both hosts use DNS for name resolution and the server was given an IP address via
DHCP the telnet operation would not be possible. The solution is to introduce DDNS as
introduced in RFC 2136.
In the DDNS process the DHCP server owns the IP address which it allocates to the DHCP
client and therefore is responsible for updating the DNS PTR reverse zone record.
Typically in most situations, the DHCP client owns its hostname and is responsible for
updating the DNS A zone record. However, the DHCP server or client can also update
BOTH A and PTR records. This is known as DDNS proxy behavior.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
nsupdate8 implements RFC 2136 dynamic update mechanism. RFC 2136 updates are
controlled by access control lists.
nsupdate9 implements TSIG and DNSSEC SIG updates which are only applicable with
BIND 9 on AIX.
Uempty TSIG uses shared key encryption for server to server communication. This includes
zone transfer, notify, recursive queries and dynamic update.
DNSSEC SIG uses public / private key cryptography as specified in RFC 2535 to
authenticate messages. SIG records allow administrators to sign their zone data,
thereby stating that it is authentic.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce nsupdate as the DDNS mechanism.
Details Briefly describe the nsupdate offerings in AIX for DDNS update
Additional Information Delving into the specific update mechanisms and security
implications is far beyond the realm of this course.
Transition Statement Lets have a look at an example.
Uempty
DDNS Example
# head /etc/named.conf
options {
directory "/etc";
notify yes; // Inform Slave servers upon zone changes
allow_transfer { // only allow zone transfer to slave server 10.19.99.6
10.19.99.6;
};
};
acl can_query { 10.19.98/24; }; // allow only 10.19.98/24 network to nslookup
acl can_update { 10.19.98.0/24; 10.19.99.0/24; }; // allow the dhcp server and clients to update us
zone "dc.ibm.com" {
type master;
file "named.dc.ibm.com";
allow-update { can_update; };
allow-query { can_query; };
};
# tail /etc/dhcpsd.cnf
updateDNS "/usr/sbin/dhcpaction8 '%s' '%s' '%s' '%s' PTR NONIM >>/tmp/updns.out 2>&1 "
removeDNS "/usr/sbin/dhcpremove8 '%s' PTR NONIM >>/tmp/rmdns.out 2>&1 "
# tail /etc/dhcpcd.ini
interface en0
{
option 12 "sys50"
}
updateDNS "/usr/sbin/dhcpaction8 '%s' '%s' '%s' '%s' A NONIM >> /tmp/updns.out 2>&1 "
Notes:
The above example shows a snapshot of a DNS server, DHCP server and DHCP client
configuration files which has been modified to implement DDNS using update mechanism
RFC 2136 with BIND 8.
DNS Server Control file /etc/named.conf
The global option statement specifies:
notify yes statement. This indicates that the secondary slave DNS servers are
automatically notified of any DNS zone changes immediately.
allow_transfer statement specifies that zone transfers are only allowed with machine
10.19.99.6.
Two Access Control Lists are defined:
can_query: defines a list of hosts (All hosts on 10.19.98.0/24 Network) which can query
the DNS server.
can_update: defines a hosts (All hosts on 10.19.98.0/24 and 10.19.99.0/24 Networks)
which can update the name zone for domain dc.ibm.com
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The nsupdate utility is not called directly but via wrapper scripts as shown in the previous
example. The wrapper scripts must supply four attributes (%s) to the nsupdate executable:
The first %s specifies the hostname
The second %s specifies the domain name
The third %s specifies the IP address
The forth %s specifies the lease time
The two remaining parameters indicate the policy record to update (A / PTR / BOTH /
NONE) and whether NIM should be updated.
Details on NIM and DHCP interaction can be found in the AIX TCP/IP communication
guide.
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
1. T/F: In AIX, all Hosts should get their IP address via DHCP.
2. A ____________ forwards DHCP/BOOTP packets to another
network.
3. DHCP supports persistent storage of network parameters for
clients. This information is sent to the client in the
______________________ field of the DHCP packet.
4. T/F: A DHCP server can only allocate dynamic addresses to a
client.
5. Put the following DHCP messages in the correct order:
a. DHCPACK
b. DHCPREQUEST
c. DHCPRELEASE
d. DHCPDISCOVER
e. DHCPOFFER
Notes:
Checkpoint Solutions
1. T/F: In AIX, all Hosts should get their IP address via DHCP. False.
2. A ____________ forwards DHCP/BOOTP packets to another
network. DHCP/BOOTP relay agent
3. DHCP supports persistent storage of network parameters for
clients. This information is sent to the client in the
______________________ field of the DHCP packet. options.
4. T/F: A DHCP server can only allocate dynamic addresses to a
client. False.
5. Put the following DHCP messages in the correct order:
a. DHCPACK
b. DHCPREQUEST
c. DHCPRELEASE
d. DHCPDISCOVER
e. DHCPOFFER
Answer: d, e, b, a, c
Additional Information
Transition Statement
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise:
Notes:
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Summary
DHCP protocol
Designed for dynamic environment, based on and compatible with
BOOTP
Adds dynamic address allocation, host-specific configuration
parameters
AIX DHCP daemons are dhcpsd, dhcpcd and dhcprd
Dynamic DNS is the process of updating DNS zone records without
the need for manual intervention. This is particularly useful in a
DHCP environment
Notes:
Copyright IBM Corp. 1997, 2006 Unit 10. Dynamic Host Configuration Protocol 10-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Objectives
After completing this unit, students should be able to:
Notes:
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Debugging Networks
Work from a picture
Use a methodology
What are your assumptions?
Notes:
Diagram the network topology so you can clearly identify the components involved. Collect
such information as IP addresses and network masks.
Be methodical in solving the problem. Work through the protocols from bottom to top,
hardware to networking, to application. Identify what works and what specifically will not.
Many times the problem can be identified when you examine your assumptions. What has
changed? What used to work or works now? What values are tables really set to?
Eliminate variables one by one.
Try to answer some basic questions to help identify the scope and nature of the problems.
These questions include:
Is it just this machine?
Is it intermittent or continuous?
Is it just this subnet or several subnets connected to a router?
Is it all services or just one service, for example NFS?
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss general strategies at debugging networks.
Details This page can actually be the point of discussion for many minutes. It is a
collection of hints and common sense advice--some learned the hard way.
Spend some time discussing the value of using a picture in debugging a network. Using a
picture allows you to identify the topology involved. In addition, it helps to correctly identify
the components involved-- both hardware, software, IP address, and so forth. Finally,
working with a picture can help eliminate confusion between the end-user/problem
reporter, and the net-administrator/problem solver. Any stories can be helpful--like the
bridge testers that were putting an experimental bridge on two Ethernet segments.
Unfortunately they had some confusion on the segments and connected both interfaces to
the same segment. Better example--not realizing bridges and routers are in the topology
between client and server.
It is important to be methodical in debugging a problem. The reason is to be efficient. Most
of us want to wing it and just quickly solve it. Example: guessing a number between 1 and
1000. Sporadic guessing can take forever.
Possible methodologies:
a) What is the most embarrassing/obvious cause of error? Machine off, cable
disconnected, bad cable, connector. Something just changed. PC just added and there
are now broadcast storms.
b) What can you check and correct the easiest or quickest? ping can tell you quickly
if you have basic connectivity to the box.
c) Climb protocol stack from the bottom when debugging. Can I do Xwindow, if my
cable is broken? My NFS mounts always fail as long as my routing table is in error.
Assumptions: Where do you assume most network problems occur? Hardware failure,
software bugs, configuration. My experience is that most problems are not software
bugs but configuration errors. Your assumptions point you to where you put your
attention, and if the problem is not discovered quickly, where you may want to look next
at your assumptions.
You deal with two basic problems--set up or maintenance.
With maintenance you are trying to find out what has changed. Example: End-user
report, Nothing has changed, but now it does not work. But we assume a deterministic
system --Given A,B,C, then D will always occur. On networks, tracking change is
difficult because sometimes you do not control all the pieces or even track all the pieces
at the same time. We have seen in the exercises that one of the biggest challenges is
keeping in sync with other systems.
The key is to use common sense coupled with a methodical approach to isolating the
problem.
Uempty Discussion Items How helpful were the drawings of the exercise topology in doing the
labs this week?
If I can reach all of the systems on my network but not on another, where might the problem
lie? Check the routing tables.
What if all the systems on an Ethernet segment suddenly stop being able to communicate?
Check the cabling.
What should I look for if I can telnet to a system using the IP address but not the host
name? Check name resolution (either /etc/hosts, NIS, DNS, or LDAP).
Transition Statement A very helpful methodology already mentioned is to use the
TCP/IP layers, and starting at the bottom, work your way up until the problem has been
isolated. Let's quickly review how the data flows.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Send Receive
Notes:
The standard debugging approach is to start at the lowest layer, the one everything else
depends on, and work your way up testing and checking as you go. ping is a good
command to begin the test of connectivity.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
UNIX
AIX
TCP/IP
Specific
lscfg, lsdev,
Document
lsattr
System
snap
lsattr ifconfig
Document
lsdev no
Network
snap
ping, ifconfig
iptrace arp
Problem
errpt netstat
Determination
pmtu traceroute
no
Tuning chdev
ifconfig
Notes:
The above table shows the various commands we cover in this unit. Some are available
only on AIX systems, others are available across UNIX systems running TCP/IP.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# lscfg -l ent0 -v
DEVICE LOCATION DESCRIPTION
ent0 P1/E1 IBM 10/100 Mbps Ethernet PCI Adapter
Notes:
lscfg without any parameters lists the name, location, and brief description of each device
that your system knows about.
lscfg -v -l ent0 displays vital product data for a particular device.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# lsdev -C -c adapter
ent0 Available 10-60 IBM 10/100 Mbps Ethernet PCI2 Adapter
ent1 Available 10-90 10/100 Mbps Ethernet PCI Adapter II
ent2 Available IP-08 IBM 10/100/1000 Base-T Ethernet PCI Adapter
fda0 Available 01-P1 Standard I/O Diskette Adapter
ppa0 Available 01-R1 CHRP IEEE 1284 (ECP) Parallel Port Adapter
sa0 Available 01-S1 Standard I/O Serial Port
sa1 Available 01-S2 Standard I/O Serial Port
scsi0 Available 10-80 Wide/Fast-20 SCSI I/O Controller
Notes:
These two displays simply show how you can use the Isdev command to list out the
interfaces and adapters configured on your system. Our interest in these displays is with
the network interfaces and adapters.
The -C flag lists information about a device that is in the Customized Devices Object Class.
The default information that is displayed is name, status, location, and description. The
Isdev command used with the -P option shows devices that can be configured.
The -c <class> flag specifies a device class name. This flag can be used to restrict output
to devices in a specified class, such as adapter, disk, printer, and so forth.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The Isattr command displays information about the attributes of a given device or kind of
device, as well as some of the possible values for a device on the system.
This example shows how the Isattr command can be used for checking on the LAN
adapters. The -E flag is used to display effective values (valid only for customized devices
specified with the -l flag). The -l <name> specifies the device logical name in the
Customized Device Object Class whose attribute names or attribute values are to be
displayed.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# ifconfig pp0
pp0: flags=e080031<UP, POINTTOPOINT, NOTRAILERS,
RUNNING, GROUPRT,64BIT>
inet 192.168.1.1 --> 192.168.1.2 netmask 0xfffff00
# ifconfig lo0
lo0: flags=e08084b<UP, BROADCAST, LOOPBACK, RUNNING,
SIMPLEX, MULTICAST, GROUPRT, 64BIT>
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
inet6 :: I/O
tcp_sendspace 131072 tcp_rcvspace 131072 rfc1323
Copyright IBM Corporation 2006
Notes:
The ifconfig command configures or displays network interface parameters for a network
that uses TCP/IP.
UP and RUNNING is good. Running means that the kernel resources and buffers have
been assigned. An adapter can be UP but not RUNNING.
Check that the netmask is set correctly and is consistent with all hosts on the network. The
0x on netmask indicates the values that follow are in hex.
MULTICAST shows that this interface is able to participate in a multicast session.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
snap Command
Gathers system configuration information
Compresses information into pax file
Requires root authority to use
# snap -c -i -n -t -o /dev/rmt0
Will capture :
Device VDP information
All NFS information
All TCP/IP information
Notes:
The snap command gathers system configuration information and compresses the
information into a pax file. The file can then be downloaded to disk or tape, or transmitted to
a remote system.
Use the snap -o /dev/rfd0 command to copy the compressed image to diskette. Use the
snap -o /dev/rmt0 command to copy the image to tape.
Approximately 8 MB of temporary disk space is required to collect all system information,
including contents of the error log. If you do not gather all system information with the snap
-a command, less disk space may be required (depending on the options selected).
The snap command checks for available space in the /tmp/ibmsupt directory, the default
directory for snap command output. You can write the output to another directory by using
the -d flag. If there is not enough space to hold the snap command output, you must
expand the file system.
Each execution of the snap command appends information to previously created files. Use
the -r flag to remove previously gathered and saved information.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The no command sets or displays current network options in the kernel depending on the
option used. When making changes, this command only operates on the current running
system and must be run again after each startup or after the network has been configured.
To make changes permanent, they must be included in the /etc/rc.net file.
Warning: Be careful when you use this command. The no command performs no range
checking; therefore, it accepts all values for the variables. If used incorrectly, the no
command can cause your system to become inoperable.
The -a option prints a list of all configurable options and their current values. The -o option
followed by option=New Value changes the value of the specified option.
no -d option sets the option variable back to its default state.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The ping command sends one datagram per second and prints one line of output for every
response received. It calculates round trip times and packet loss statistics, and displays a
brief summary upon completion.
Because of the load continuous echo requests can place on the system, repeated requests
should be used primarily for problem isolation.
The gap between packet 2 and packet 4 is exceptionally long. This can be caused by a bad
or improper termination on an Ethernet network. On token-ring this would indicate that not
all devices are set to the same token-ring speed.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Identify the different information the ping command can give you as to what is
occurring on the LAN.
Details One of the difficulties of network debugging is not being able to see what is
occurring on the wire/network. ping gives a surprising amount of information. Review how
it is simply forming a packet every second that is passed to the target and echoed back.
Issuing the ping command verifies that the bottom half of the protocol stack is correctly
configured for both machines, and that the network is intact in between. This is commonly
used to start debugging.
Each packet is sequenced. The output can show the reliability of the network--are packets
being lost? Once the command is ended, it shows the number of packets lost. Lost packets
can be bad cabling.
Become familiar with what is a normal response time, when pinging other devices, so that
you can determine abnormal conditions.
The statistics on minimum, average, and maximum response time are significant. Ideal is
to have little spread between minimum and maximum times. In addition, the average is
best when close to the minimum.
Additional Information Error messages returned from ping can also be a valuable
source of information when first beginning to isolate a problem. For example the message:
ping: host name xxx not found
could indicate a potential problem with name resolution.
The message
ping: sendto: A route to the remote host is not available
indicates the routing table doesn't know where to send the packet in order to reach its
destination. Use netstat -r to check the routing table.
The message
ping: sendto: A message for a socket data transfer is too long
could indicate a problem with the mtu size. Use netstat -i to check the interface statistics.
Even when the response you get is no message such as
ping sandbox1 (9.19.110.1)&colon 56 data bytes
this still can be helpful. What this tells you is that name resolution is working, the system
found a route on which to send the packet, however the packet is either hung up on an
intermediate router or the destination machine is not responding properly (turned off,
doesn't have a route back, and so forth). The problem most likely does not exist on the
sending machine but on the receiving machine or somewhere in-between.
Uempty Transition Statement If network performance within a particular LAN segment is slow
then it may be useful to send down a number of datagrams down the wire to a particular
host and receive back performance statistics. Spray can be used to do this.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Spray sends a specified number of packets to a host and reports performance statistics.
The spray command uses the Remote Procedure Call (RPC) protocol to send a one-way
stream of packets to the host you specify. As RPC is at a higher level then ICMP it provides
a more accurate picture of overhead than using ping. This command reports how many
packets were received and at what transfer rate. The Host parameter can be either a name
or an Internet address. The host only responds if the sprayd daemon is running.
A normal TCP/IP host should be able to handle spray with a delay of 1 ms without dropping
any packets. If the host does drop packets then the receive queue on the adapter could be
too small, the host is too slow or too loaded or there are problems on networks/gateways in
between systems.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss spray command.
Details
Additional Information The data in the packet is encoded using eXternal Data
Representation (XDR). Since XDR deals only with 32-bit quantities, the spray command
rounds smaller values up to the nearest possible value.
Transition Statement Lets see how we check for potential problems with address
resolution.
When experiencing connectivity problems, it is a good idea to check for potential problems
with address resolution. The arp command is used for this.
Uempty
Check Address Resolution
# arp -a
? (10.19.98.1) at (incomplete)
Notes:
Dynamic entries are added on the fly during the course of normal IP traffic on a physical
network. Infrequently used mappings added in this fashion have a short lifetime in the ARP
table. After 20 minutes without reference to the entry, it is then purged from the table. The
default value of 20 minutes can be changed by using the no command.
Published entries in the ARP table are entries that turn that host into an ARP server.
Normally, a host replies only to requests for its own IP address, but if it has published
entries, then it replies for multiple IP addresses for which it has a published entry.
The incomplete entry indicates a host did not respond to an ARP request. Incomplete
entries are deleted after three minutes.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the use of the arp -a command.
Details arp -a shows the systems on the LAN that have been recently contacted.
Incomplete entries show hosts that did not respond to the arp request.
Hosts publishing the entry answer for another host. This is used for a system that cannot
respond to arp or is isolated from broadcast packets by a piece of network partitioning
hardware that filters out broadcasts. For an entry to be marked published it has to be added
via either the arp -s or arp -f commands. arp -s creates an arp entry from parameters
provided on the command line. The format is:
arp -s Type HostName AdapterAddress [Route] [temp] [pub]
Where Type specifies the type of hardware address, that is, ether for Ethernet, 802.3 for
802.3, fddi for Fiber Distributed Data Interface, and 802.5 for token-ring; HostName
specifies the remote host; AdapterAddress specifies the hardware address; Route
specifies the token-ring or FDDI route as defined in the header; temp indicates it is a
temporary entry; and pub specifies it is to be a published entry.
Discussion Items For a network with lots of non-AIX devices, sometimes it is intriguing
to do a ping net_id (9.19.98.0) to see who responds. Then dump the arp cache. Another
situation that can be interesting to diagnose is where multiple machines are configured with
the same IP address. Gratuitous ARP support provides a logging of misconfiguration
messages in the system log. The ifconfig command does not fail when duplicate addresses
are in use in the network, both system administrators can identify the problem by looking at
the error log and finding an entry of AIXIF_ARP_DUP_ADDR.
Additional Information Some entries may show a ? for the host name. The IP and
hardware addresses were received, but the system cannot do reverse name resolution on
it; for example, IP address to name translation.
Transition Statement A common source of problems encountered in the network deals
with name resolution. Let's start by looking at DNS since that is the required method for
name resolution in the Internet.
Uempty
Isolating Name Resolution Problems with DNS
Should No Yes
/etc/resolv.conf Does it? Remove it
exist?
Yes No
No
Does it? Create it
Yes
Yes
Is named No
running? Start it
Is entry valid?
Yes
No
Check database
Update entries
The first step is to check for the existence of the /etc/resolv.conf file. A quick way to do
this is with the ls -l /etc/resolv.conf command. If this system was not meant to be a part of
a DNS environment, this file should be removed if it exists. If it exists and it shouldn't, all
network services are impacted waiting on DNS to time out before a name gets resolved by
some other method, either NIS or /etc/hosts.
If this file should exist but it does not, create it. The file should only be empty if this system
is a name server. If it is not, the file should contain the IP addresses of nearby name
servers.
If the system is supposed to be a name server, the named daemon should be running. Use
lssrc -s named to see if it is running and startsrc -s named to start it if it is not running.
If name resolution is still not working, check the setup of the /etc/named.boot file and look
at the active database by issuing the command kill -2 <PID of named>. A useful command
for isolating and debugging DNS name resolution problems is nslookup.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Review potential problems when using DNS as a name server.
Details Name resolution problems can masquerade as many other problems due to the
messages and symptoms shown. For example, in remote printing you may get a message
of permission denied when a client system tries to establish connections to the server. The
authentication file lists a host name, however, what gets passed to the server over the
network is the IP address which then has to be resolved to a host name and then a match
sought in the authentication file. If the match is not exact, you get the permission denied
message. Also, slow response on a telnet or ftp session may simply be a DNS lookup
timing out due to an improperly configured /etc/resolv.conf file.
Additional Information Other useful techniques include:
Using the -d option of named to increase the information written to the syslog.
Issuing the kill -2 to named to cause it to dump its virtual memory zone information.
Using nslookup to query name servers.
Transition Statement A very useful tool in doing problem determination is the netstat
command. Let's take a look at a few of the uses of netstat. Starting with:
Memory
Transport Layer
IP Layer
Network Interface Layer
Uempty
Display Network Memory Usage
# netstat -m
27 mbufs in use:
16 mbuf cluster pages in use
70 Kbytes allocated to mbufs
0 requests for mbufs denied
0 calls to protocol drain routines
0 sockets not created because sockthread was
reached
Notes:
The kernel allocates memory from the network memory buffer pool, commonly called the
mbuf pool, to be used as buffers by the networking subsystem. The size of the mbuf is a
tunable parameter and is changed using thewall option of the no command.
Note: By default, the top portion of this display is not shown. To display, you have to enable
the extended statistics option under the no command: no -o extendednetstats=1.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose To show where to look for memory problems with the netstat -m command.
Details The output on this visual is by no means complete. It only shows the first part of
the output which holds the information regarding memory denied. This is the most critical
piece of information. The rest of the output lists kernel malloc statistics which has less
information for students at this stage of the game.
Additional Information The kernel maintains usage statistics for the buffers allocated
from the network memory buffer pool. The information contains details of the number of
buffers of each size, and for each size, information on the number of buffers in use and the
number of failed requests. In addition to maintaining information indexed by buffer size, the
kernel also maintains information indexed by the purpose the buffer is being used for.
The extendednetstats network variable, which is altered using no command, determines
whether the by-type statistical information should be collected by the kernel (default=0 is
off).
Transition Statement Lets see how we can use netstat to display UDP transport layer
statistics
Uempty
Display Transport UDP Statistics
netstat -p udp
udp:
5142064 datagrams received
0 incomplete headers
0 bad data length fields
0 bad checksums
10 dropped due to no socket
593 broadcast/multicast datagrams dropped due to no socket
0 socket buffer overflows
5141461 delivered
4111970 datagrams output
Notes:
The value for packets dropped due to no socket indicates that a node sent data to a socket
on the receiving node that was never opened. Or, this value could indicate that another
node sent a packet but the process was killed, which also closes the socket. If this value is
high, investigate the way the application is handling sockets.
The value for socket buffer overflows could indicate that the udp receive socket buffer is not
large enough for all the traffic using the buffer.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the UDP statistics provided by the netstat -p udp command.
Details
Additional Information The line socket buffer overflows used to be labeled dropped
due to full socket buffers
Transition Statement Now that weve examined UDP transport statistics, lets move on
to examining the TCP transport.
Uempty
Display Transport TCP Statistics
netstat -p tcp
tcp:
38417 packets sent
21769 data packets (986484 bytes) 0 discarded for bad header offset fields
0 data packets (0 bytes) retransmitted 0 connection request
9223 ack-only packets (900 delayed) 3533 connection requests
0 URG only packets 350 connection accepts
0 window probe packets 3876 connections established (including accepts)
150 window update packets 4720 connections closed (including 3 drops)
7275 control packets 7 embryonic connections dropped
34594 packets received 27099 segments updated rtt (of 27110 attempts)
23612 acks (for 990606 bytes) 0 resends due to path MTU discovery
3017 duplicate acks 0 path MTU discovery terminations due to
0 acks for unsent data 16 retransmit timeout
19406 packets (1988808 bytes) received in-sequence 16 retransmit timeout
578 completely duplicate packets (568 bytes) 0 connections dropped by rexmit timeout
0 packets with some dup. data (0 bytes duped) 0 persist timeouts
2520 out-of-order packets (0 bytes) 568 keepalive timeouts
53 packets (0 bytes) of data after window 568 keepalive probes sent
0 window probes 0 connections dropped by keepalive
Notes:
For the TCP statistics, compare the number of packets sent to the number of data packets
retransmitted. If the number of packets retransmitted is over 10-15% of the total packets
sent, TCP is timing out indicating that network traffic may be too high for
acknowledgements (ACKs) to return before a time-out. A bottleneck on the receiving node
or general network problems can also cause TCP retransmissions. TCP retransmissions
increase network traffic, further adding to any network performance problems.
Also, compare the number of packets received with the number of completely duplicate
packets. If TCP on a sending node times out before an ACK is received from the receiving
node, it retransmits the packet. Duplicate packets occur when the receiving node
eventually receives all the retransmitted packets. If the number of duplicate packets
exceeds 10-15%, the problem may again be too much network traffic or a bottleneck at the
receiving node. Duplicate packets increase network traffic.
The value for retransmit time-outs occurs when TCP sends a packet but does not receive
an ACK in time. It then resends the packet again. This value is incremented for any
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Routing tables
Destination Gateway Flags Refs Use if PMTU Exp Groups
Notes:
The netstat -r command displays the kernel routing table. It shows the destination, either
network or host, the gateway used in forwarding packets, and the status of the route as
indicated by the Flags column. Flags are:
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Review the output of the netstat -rn command.
Details The netstat -r command shows the routes listed in the kernel routing table. With
the addition of the -n option, the routes are shown by the IP address. If the -n option is not
used, the IP address is resolved to a host name, if possible. If there is a problem with name
resolution the output could look right but in reality the wrong IP address is being
referenced. Thus, it is usually a good idea to include the -n option when using this
command in troubleshooting problems.
The Refs column shows the current number of active uses for the route.
Connection-oriented protocols hold onto a single route for the duration of the connection
whereas connectionless protocols obtain a route each time they send something, even to
the same destination. Thus, depending on the type of network activity on a system, this
number could fluctuate or stay relatively constant.
Additional Information The netstat -c shows the routing table including the
user-configured and current costs of each route. The netstat -rs shows routing statistics.
Transition Statement The routing table shows the PMTU which is not supported in AIX
5.3. Lets take a look at the pmtu command.
Uempty
Display pmtu Table
pmtu command
# pmtu display
syntax
Notes:
The PMTU command is available to display and delete path MTU discovery related
information. The command can be used to display the Path MTU table. By default IPU4
entries are displayed.
A pmtu entry gets added into the PMTU table when a route add occurs with an MTU value.
A network option, pmtu.expire, is provided to expire unused pmtu entries. The default
value of pmtu.expire is 10 minutes.
The reference count signifies the number of current TCP and UDP applications using this
pmtu entries.
The redisc_t entry signifies the amount of time that is elapsed since the last PMTU
discovery attempt. The PMTU is rediscovered after every pmtu_rediscover_interval
minutes. The default value is 30 minutes.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduces the pmtu command.
Details The pmtu command displays and deletes Path MTU discovery information.
Additional Information This command enables a root user to delete a pmtu entry with
the pmtu delete command. The delete can be based on destination, gateway, or both.
Transition Statement Next, lets look at another option using the netstat command to
display the network interface information.
Uempty
Display Network Interface Information
# netstat -in
Notes:
The interface display format provides a table of cumulative statistics for input and output
errors and collisions as well as total packets transferred. It also shows the interface name
(if name resolution is being used) and address along with the network address and
hardware address of the related adapter. Another important value listed on this report is the
maximum transmission unit (mtu) for the interface. This is the largest size packet this
interface will handle.
Note: The collision count for Ethernet is not supported under AIX.
If the Oerrs column is greater than 1% of Opkts, the send queue size for that interface may
need to be increased. If Ierrs is greater than 1% of Ipkts, then memory may be a problem.
The transmit queue size can be changed via SMIT or the chdev command. The MTU size
can be changed by the ifconfig or chdev commands or through SMIT.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the use of netstat -i.
Details Input errors (lerrs) can be caused by:
malformed packets (damaged by electrical problems)
bad checksums (may indicate a host has a network interface problem and is sending
corrupted packets, or cable is damaged)
insufficient buffer space in device driver.
Output errors (Oerrs) can be caused by:
a fault in the local host connection to the network
prolonged collisions
These errors should be investigated.
When operating through a bridge, the default value of 1500 for Ethernet mtu should be
changed to 1492. The maximum mtu size for 4 mbps token-ring is 4096, for 16 mbps it is
17,792, and for Ethernet it is 1500 bytes.
To change the transmit queue through SMIT you need to change the communication
device (adapter) itself. The fastpath is SMIT chgtok.
The chdev command syntax is:
chdev -l <adpter_name> -a xmt_que_size = <new value>
Additional Information Many of the netstat commands we cover have counters that
are cumulative. There is an option that resets these counters for better analysis. That
option is the -Z option, with:
-Zc Clearing the network buffer cache statistics
-Zi Clearing the interface statistics
-Zm Clearing memory statistics
-Zs To clear protocol statistics. To clear statistics for a specific
protocol, use -p <protocol>. For example, to clear TCP
statistics, enter netstat -Zs -p tcp.
Another useful option to netstat is -a which produces a list of active connections and open
ports.
Transition Statement netstat can be used to monitor activity over time on a specific
interface.
Uempty
Monitor State of an Interface
# netstat -I tr1 2
Notes:
The netstat -I <network interface> <interval> displays the state of the configured
interface as it is being monitored for traffic across that interface. The interval variable
displays how frequently to display the information. It shows both input and output traffic
along with errors and collisions.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose To show how to use netstat to monitor network traffic on an interface.
Details The output information is similar to that provided by netstat -i however netstat
-I shows a summary of statistics for all interfaces on a system, whereas netstat -I shows
the activity as it is occurring on a specific interface.
Transition Statement netstat can also be used to show device driver statistics.
Uempty
Display Device Driver Statistics
# netstat -v
Notes:
The output from netstat -v shows the statistics about each device driver being used.
The important information that can be obtained from this command is if there is any value in
the S/W Transmit Queue Overflow which would indicate a need for a larger transmit queue
size. To increase the transmit queue use SMIT on the chdev command. Before making the
change be sure to bring down the interface. This can be done with the ifconfig <interface>
down command. Once the change has been made, bring it back up.
The output shown above is only a portion of the output generated with this command.
To change the transmit queue size, use:
SMIT
>Devices
>Communications
>Adapter
>Change/Show Characteristics
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Show the use of netstat to see device driver statistics.
Details The device driver has buffers built into it to handle bursts of network traffic.
These buffers are used to queue up transmit and receive requests on the network waiting
for handling by IP (on the receive side) and the device (on the transmit side). If you have
more traffic than the buffers can handle, packets will get dropped. The size of the transmit
queue is configurable. If the Max Packets on S/W Transmit Queue gets close to the
configured size, you may need to increase the number of queues.
Values in the Transmit Errors and Receive Errors fields could indicate a hardware problem.
Looking further at the General Statistics (not shown on the visual) can give some indication
if the problem is hardware related on this machine or on the network (Line Errors).
Additional Information It is also possible to get the same information with the entstat,
tokstat, fddistat and atmstat commands.
Transition Statement Lets see netstat -D which shows the packet count through the
communication subsystem.
Uempty
Display Dropped Packets
# netstat -D
Source lpkts Opkts ldrops Odrops
ent_dev0 0 0 0 0
tok_dev0 36356 252 0 0
ent_dd0 0 0 0 0
tok_dd0 36356 252 0 0
Notes:
The -D option of netstat displays the number of packets received (Ipkts), transmitted
(Opkts) and dropped (Idrops, Odrops) in the communications subsystem.
The important information seen here are the dropped packets particularly with the device
drivers (dd). If packets are being dropped at the device driver you may want to increase the
queue size on the device driver.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Show important information from the netstat -D command.
Details The output from netstat -D includes more than what is shown. The important
area of discussion is dropped packets on the device driver. Other information included in
the output of this command relates to transmitted, received, and dropped packets for the
daemons, protocols, network interface and NFS. Whenever a value does not apply an N/A
is listed in the output.
Transition Statement If you are still unable to isolate the problem using the previously
covered commands, a trace of network activity may be needed. The iptrace daemon can
be used to do this.
Uempty
Trace Packets with the iptrace Daemon
Records Internet packets received from configured interfaces
Can be started as a command or under control of SRC
Can be stopped either with the kill or stopsrc command
Binary output sent to logfile specified at startup
ipreport command used to format the trace file for viewing
Notes:
The iptrace daemon records Internet packets received from configured interfaces. The
options provide a filter so the daemon only traces those packets meeting the filtering
criteria.
Packets are traced only between the local host on which the iptrace daemon is invoked
and the remote hosts unless promiscuous mode is specified.
Output is logged to the file named with the command. The ipreport command is then used
to format the file for review.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss the use of iptrace to trace network traffic.
Details Sometimes the only way to determine what is happening on a network is to run
a trace. In addition, this is a valuable way to view how protocols work together.
The trace captures a lot of information as trace captures traffic coming in and going out a
particular port. It does not capture all traffic on the network unless promiscuous mode is
specified.
The trace logs the collected information into the file specified when starting the trace. This
file grows rapidly. Because of this, you want to specify as many parameters as possible to
prevent the capture of unwanted information.
Additional Information Packet Capture library provides a high-level user interface to
the BPF (Berkeley Packet Filter) packet capture facility. The AIX Packet Capture Library is
implemented as part of the libcap library, version 0.4 from LBNL (Lawrence Berkeley
National Laboratory). The Packet Capture Library user-level subroutines interface with the
existing BPF Kernel extensions to all users access for reading unprocessed network traffic.
By using the 24 subroutines of this library, user can write their own network monitoring
tools.
Transition Statement iptrace has a variety of parameters that can be used to filter out
unwanted information in order to focus on a specific activity. Let's see what some of these
are.
Uempty
iptrace Examples
# iptrace -b -d sys4 -s sys3 /tmp/telnet.trace
# startsrc -s iptrace -a "-i en0 /home/team01/iptrace.log"
# iptrace -e /tmp/iptrace.log
Notes:
The trace facility can be started by either executing iptrace as a command or by starting
the daemon using startsrc -s iptrace. In order to stop iptrace, if it was started as a
command then use the kill command. If it was started as a daemon use stopsrc -s
iptrace.
The first example starts iptrace as a command and says to trace all activity destined to
interface sys4 from interface sys3 in both directions and put the output in
/tmp/telnet.trace. The second example says to trace all activity on the en0 interface
placing the output in /home/team01/iptrace.log.
The third example starts iptrace in promiscuous mode. This allows the iptrace daemon to
record all packets on the attached network. The -d option records packets headed for the
destination host; -s records packets coming from the source network interface; and the -b
indicates to record traffic in both directions, coming and going.
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Packet Number 25
TOK: ====( 66 bytes transmitted on interface tr1 )==== 12:59:09.031174400
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 10:00:5a:a8:3a:1f, dst = 10:00:5a:c9:38:3d]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP: < SRC = 10.19.109.4 >
IP: < DST = 10.19.111.2 >
IP: ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=15770, ip_off=0
IP: ip_ttl=60, ip_sum=5306, ip_p = 6 (TCP)
TCP: <source port=1064, destination port=23(telnet) >
TCP: th_seq=987b2601, th_ack=0
TCP: th_off=6, flags<SYN>
TCP: th_win=16384, th_sum=a746, th_urp=0
TCP: 00000000 020405ac l. . . .
Copyright IBM Corporation 2006
Notes:
Stop the trace using the system resource controller if startsrc was used or use the kill
command if trace was started by command line.
ipreport generates a trace report from a specified trace file originally created by the
iptrace daemon into human-readable form. The iptrace daemon must be stopped before
the ipreport command can be executed.
There are several options that can be used with ipreport. The more commonly used are:
-n Show the packet number at the top of the packet output.
-s Show the protocol to which the information relates at the beginning of each line
of output
-e Generate the report in EBCDIC format. (The default is ASCII.)
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
135.9.19.5
sys1 sys8
sys5
5.10.10.1 201.64.23.8
Notes:
Let's assume that sys5 can telnet to sys8 on network 201.64.23 but not to sys10.
The ping test of the host name sys10 came back with the following message:
ping: host name sys10 NOT FOUND
The ping test of the IP address for sys10, 201.64.23.10 resulted in:
PING 201.64.23.10 (201.64.23.10): 56 data bytes
The result of the netstat -rn command on sys5 showed the following:
Route Tree for Protocol Family 2:
default 135.9.19.4 UG 2 3450 tr0
201.64.23 135.9.19.6 UG 2 2794 tr0
135.9 135.9.19.5 U 2 2759 tr0
Uempty The result of the netstat -rn command on sys10 showed the following:
Route Tree for Protocol Family 2:
135.9.19.4 201.64.23.6 UGH 0 0 tr0
201.64.23 201.64.23.10 U 0 0 tr0
/etc/resolv.conf does not exist on either system. However, a review of the /etc/hosts file
on sys5 shows no entry for sys10. A review of the /etc/hosts file on sys10 shows an entry
for sys5.
Given the above information, where do you think the problems lie?
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose To provide a simple problem scenario so students can see how some of the
commands can be used to isolate a problem.
Details The visual shows three networks with two routers. The problem and the results
of several commands are outlined in the student notes. Step through the output of these
commands with the students soliciting their comments along the way as to what they think
the problem is. In reality, there are two problems. One is the fact that sys10 is not in the
/etc/hosts file on sys5. The other is the way routing is set up on sys10. Ask students what
was it that really got in the way of completing a telnet session. Was it the routing or name
resolution? It really is the routing.
Transition Statement Let's review some items with the checkpoint questions.
Uempty
Checkpoint (1 of 2)
1. Name the two commands that can be used on AIX to display the
characteristics of a network interface.
2. Which command below lists configuration information for a
Token-Ring network adapter on the RS/6000 including the vital
product data?
a. lsdev -C -c tok0
b. lscfg
c. lscfg -v -l tok0
d. lsattr -E -l tok0
3. Which two commands below are the most commonly used and most
useful commands for doing problem determination on a network?
a. arp and host
b. ping and nfsstat
c. ping and netstat
d. spray and no
Notes:
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Checkpoint Solutions (1 of 2)
1. Name the two commands that can be used on AIX to display the
characteristics of a network interface. lsattr, ifconfig
2. Which command below lists configuration information for a
Token-Ring network adapter on the RS/6000 including the vital
product data?
a. lsdev -C -c tok0
b. lscfg
c. lscfg -v -l tok0
d. lsattr -E -l tok0
3. Which two commands below are the most commonly used and
most useful commands for doing problem determination on a
network?
a. arp and host
b. ping and nfsstat
c. ping and netstat
d. spray and no
Additional Information
Transition Statement
Uempty
Checkpoint (2 of 2)
4. If you want to monitor network traffic across an interface, what
command would you use?
a. netstat -s
b. netstat -i
c. netstat -l
d. netstat -m
Notes:
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Checkpoint Solutions (2 of 2)
4. If you want to monitor network traffic across an interface, what
command would you use?
a. netstat -s
b. netstat -i
c. netstat -l
d. netstat -m
Additional Information
Transition Statement
Uempty
Exercise:
Notes:
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Additional Information
Transition Statement
Uempty
Unit Summary
When debugging a network it is always a good idea to work from a
picture of the network.
A good methodology to use for problem determination is to work
with the layering model of TCP/IP from the bottom up.
Commands that can be used to document the system and network
include lsdev, lscfg, lsattr, ifconfig, ping -R, no, snap.
Commands that are useful to diagnose TCP/IP problems are: ping,
netstat, iptrace.
Notes:
Copyright IBM Corp. 1997, 2006 Unit 11. Problem Determination 11-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Transition Statement
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Objectives
After completing this unit, students should be able to:
Define NFS terminology and concepts
Describe the principles of mounting file systems
Identify the NFS daemons and their roles
Describe NFS authentication
Notes:
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
sys1 sys2
sys3
Data
Notes:
On a TCP/IP network, data can be shared as follows:
Log in remotely with rlogin, telnet and rsh
Transfer files with ftp and rcp
Remote execution with rexec and rsh
Concern in sharing sys3's data with others on the network:
Wasted disk space from transferring copies of files
Keeping all copies of transferred files current
Unnecessary network traffic from transferring large files
Maintaining security on multiple physical copies of files
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Network File System (NFS) is a facility for sharing files in a heterogeneous environment of
machines, operating systems, and networks.
NFS is supported over TCP/IP on Local Area Networks. Although NFS functions over any
TCP/IP network, it requires the speed of local area networks to perform file sharing with
acceptable performance.
Sharing is accomplished by building a view of a remote file system, then reading or writing
across the network to the files. Only one copy of a file exists on the NFS network, thus
maximizing file storage availability.
The NFS function is built into the kernel of the operating system so it is transparent to
applications and users.
NFS provides a Client/Server relationship where the server stores files and provides
administration services and the client requests these services.
AIX supports NFS Version 4 as well as NFS Version 2 and 3 protocols.
Uempty One or more systems can be configured to provide a range of server functions for a range
of client systems. A system can play both the client and server role with other systems,
providing some services and requesting others.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Define Network File System (NFS).
Details NFS is a distributed file system that allows users to access files and directories
located on remote systems, and treats those files and directories as if they were local. It is
shipped as part of the bos.net package.
NFS was developed by Sun Micro Systems in 1984, and has become the de facto
standard. It has become so popular not only for its efficiency in file sharing but also
because it runs on over 100 different hardware platforms.
AIX NFS also provides enhanced server support for PC-NFS. This is provided by a
daemon called pcnfsd which allows for authentication and print spooling in addition to the
standard NFS function of remote file access.
Additional Information There are two other distributed file systems that were
developed after NFS. They are the Andrew File System (AFS) and the Distributed File
System (DFS). With the spread of the use of NFS it was recognized that there were
problems with large scale management and security. AFS was developed to help address
some of those problems. It implements client side caching, volume management and
Kerberos for authentication of access. It is not, however, a general operating environment
that helps a customer manage a set of applications, systems, and data. DFS in conjunction
with the Distributed Computing Environment (DCE) was developed to address the general
environment of distributed computing. DFS is an extension of AFS that uses the unified
services provided by DCE.
Open Network Computing (ONC +) technology licensed from SunSoft is included under
AIX to meet customer requirements. Included functional components are:
NFS Version 3
NIS+
CacheFS
TIRPC
AutoFS
NFS Version 3 was introduced in AIX 4.2.1, Cache FS was introduced in AIX 4.3.0, Auto
FS was included in AIX 4.3.1, and NIS+ was introduced in AIX 4.3.3.
Cache FS is a local disk cache mechanism for NFS clients. It provides the ability for a NFS
client to cache file system data on its local disk, thereby avoiding network and NFS server
activities. CacheFS increases the clients per server ratio, improving performance for clients
particularly on slow links.
Auto FS provides automatic mounting of NFS file systems. This subject will be discussed
later in this course.
Transition Statement Lets take closer look at NFS V4.
Uempty
NFS Version 4
Described in RFC 3530
General security services supported
ACL support
Only TCP supported
Notes:
NFS Version 4 is supported on AIX as described in RFL 3530. The following features are
included:
Security - NFS V4 can be configured with RPCSEC_GSS to provide stronger security
for the protocol. RPCSEC_GSS is based on the functionality of GSS-API. This allows
for support of multiple security mechanisms without the requirement of adding new RPC
authentication flavors.
ACL Support - NFS V4 defines an ACL model, data types, and provides RPC
operations for passing Access Control List (ACL) specifications between the server and
client. The NFS V2 and NFS V3 are not changed to support any new ACL functionality.
The RPC operations for file locking has been moved into the main NFS protocol. The
Network Lock Manager (NLM) and status monitor in NFS version 2 and 3 are required
to run version 4. However, the rpc.statd and rpc.lockd are required to support NFC V2
and V3 for file locking.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe new features in NFS v4.
Details Refer to RFC 3530.
Additional Information
Transition Statement Now, lets position functions with the OSI model.
Uempty
NFS Networking Protocols
Application NFS
Presentation XDR
Session RPC Library
Transport TCP or UDP
Network IP
Data Link Ethernet, Token Ring
Physical Ethernet, Token Ring
Notes:
NFS is implemented using RPC and XDR. They provide a level of abstraction between the
application code (for example, NFS protocol) and the underlying network (TCP/IP). By
using RPC and XDR, NFS has been easier to implement on UNIX, non-UNIX operating
systems, and OEM-vendor machines.
RPC and XDR provide an Application Programming Interface (API) to TCP/IP making it
easier to write TCP/IP applications. Their rough position in the OSI reference model is
illustrated above.
eXternal Data Representation (XDR)
Describes protocols in a machine in a system independent way
Provides a data representation standard
Provides data description language
Provides a C language package
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
are connection-oriented whereby the client establishes a connection to a server and data is
then exchanged in the form of a well-ordered byte stream. There is no need for RPC or
XDR services since the data is byte-oriented and the service defines its own protocols for
handling the data stream. The telnet service has its own protocol for querying the server
about an end of line, terminal type, and so forth. RPC servers are not required to be
connectionless. They can be run over TCP. This is used whenever a large amount of data
needs to be transferred.
RPCs don't use inetd. RPC servers are started at system startup time. There is one server
process for the RPC service and it executes remote requests from all clients one at a time.
There may be many clients of the RPC service, but their requests intermingle in the RPC
server queue and are processed in the order in which they are received. When an RPC call
is made, the client may specify a time-out period in which this call must be completed. If the
server is overloaded or has crashed, or if the request is lost on its way to the server, the
remote call may not be executed before the time-out period expires. This action varies by
application. Some resend RPC calls while others may wait for another server.
Transition Statement RPCs can use either UDP or TCP as the transport protocol. NFS
mostly uses UDP because of its stateless nature. Let's see why this is important.
Uempty
Stateless
The NFS protocol is stateless:
Notes:
NFS uses a stateless protocol. Each remote procedure call contains all of the information
necessary to complete the call and the server does not keep track of any past requests.
Clients must maintain all of this information. They are not notified if the server is down. This
avoids complex crash recovery. A packet is just sent again until the packet gets through.
The connection between client and server is now stateful in NFS V4 while previous
versions of NFS are stateless.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss why UDP was chosen as the transport protocol.
Details The NFS protocol was designed to be stateless to make NFS crash recovery
simple. Statelessness in this context means that the server need not maintain protocol
state information about clients to function correctly. The server does not keep any
information about client requests after they have been performed. Each single transaction
is complete and self-contained or atomic. The parameters to each procedure call contain
all of the information necessary to complete the call.
For example, the server does not maintain any data for a write request by a client. When
the write operation is complete, the data is transmitted from the server to the client. The
server does not need to keep any information about the write requests. This operation is
stateless because the client provides all the information necessary to the server to
complete the write operation.
The stateless protocol is important because crash recovery is implicitly defined within it.
Neither the client nor the server performs any NFS-related crash recovery procedures.
Only when a file operation is attempted does the client realize that the server is
unavailable. At this point the client can decide to retry (the default) or return an error to the
application. When the client retries, the application just waits until the server is available
again. The client doesn't know the difference between a slow server and a server that has
recovered from a crash. If the client crashes, the server has no knowledge of redundant
client requests; so there is no recovery on the server, and the client just starts sending
requests when it recovers from the crash.
The stateless implementation has disadvantages because the server cannot detect if more
than one client is accessing the same data at the same time. This could possibly lead to
data corruption. Most applications (especially databases) require file locking to be available
to protect against this possible corruption.
The Network Lock Manager extension to NFS provides a more stateful environment where
the server and client are in constant communication. The server knows what files the client
has locked. If the server goes down the client can restore those locks.
Transition Statement Let's look at how NFS works.
Uempty
Exporting Server File Systems
NFS SERVER
sys3
exporting
/home/files
Notes:
NFS servers export file systems or directories to NFS clients. Thus, the server can control
which areas of its disks are accessible to clients.
Exporting a directory makes the directory available for use by other NFS client hosts on the
network.
Access to exported directories can be restricted to specific clients. (This is discussed in
detail in the next unit).
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Define the term export/exporting.
Details To be a server and to make certain resources like file systems and directories
available to the other systems on the network, the NFS server must export what it is
making available. In this example /home/files is being made available. When a directory
on a server is to be made available to remote systems, it must be listed in a file called
/etc/exports. In this file, the server can identify which remote clients will have access to the
directory. Restrictions can also be placed on the level of access remote users have, such
as read/write or read only. This is discussed in greater detail in the next unit.
Transition Statement When a client needs to access a remote directory it needs to
mount it just like it would a local file system. Let's briefly review the concept of mounting.
Uempty
Local Mounting
hd4
/ (root)
home sbin lib lpp usr bin dev tftpboot var mnt etc tmp
$ mount
Notes:
Mount points are locations within a directory tree through which a host accesses mounted
file systems, thus creating the file tree.
Any directory can serve as a mount point.
The mounted column shows what was mounted and the mounted over column shows what
local path is used to access the mount.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Review the concepts of mounting local file systems.
Details When you mount a file system from a local disk onto a mount point, you mount
the entire file system starting at its root. For example, with two file systems, root and usr,
you mount the /usr file system on the /usr directory of the root file system, and you access
it starting from root /usr through the /usr directory. This file system is really one logical but
five physical file systems all connected via directory mount points.
For local mounts the mount table shows the file tree hierarchy as it is connected via mount
point directories.
Transition Statement Standard AIX allows you to mount and unmount only local file
systems. With NFS you can mount remote file systems in the same way.
Uempty
Remote Mounting
NFS
Client
/home
/mntpt
sys1
file1 file2
/home
NFS /files
sys3 Exported
Server file1 file2
Notes:
The client can use the mount command with NFS to build a view of a remote file system
located on a server. The mount request is always issued from the client.
The server's exported directory /home/files is being mounted on the client's local mount
point directory /home/mntpt.
If there are directories below the exported directory, they automatically get exported as
well.
However, the export is not valid across file system boundaries - that is, any file systems
below an exported directory are not themselves exported.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the concept of remote mounting.
Details Clients access files on a server by mounting the server's exported files,
directories, or file systems. NFS clients mount directories from NFS servers as if they were
local file systems. Issuing the mount command from the NFS client logically binds the client
to the server. Here the mount command mounts the NFS server's exported /home/files
directory to the NFS client's local mount point directory /home/mntpt. The syntax of the
mount command includes the server node name, a colon and the desired directory. We
cover this in more detail during implementation.
When a client mounts a server directory, it does NOT make a copy of the directory; rather,
the mounting process uses a series of RPCs to enable the client to access directories on a
server's disk.
The kernel builds a mount table which lists all mounted file systems and remote directories.
Every time a file is accessed in the system, the kernel refers to this table to find out where
the data resides and what mechanism to use to access it. This is all transparent to
application programs.
Transition Statement Let's see how the output of the mount command looks after
mounting a remote directory.
Uempty
mount Table
# mount
Notes:
The host name in the node column is the name of the server.
mounted is the server's exported directory where the data physically resides.
mounted over is the client's local mount point to which the server's exported directory gets
mounted to allow users to access the remote data.
vfs states that the virtual file system type for the remote mount is nfs rather than jfs.
date is the date mounted.
options are the attributes with which the file system was mounted.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Review the mount table with local and remote mounts.
Details Take a look at the mount table. Assuming the mount was successful, we will see
the node column filled in with the NFS server's name. The mounted directory is the server's
exported directory /home/files, which was mounted over the client's local mount point
/home/mntpt. The VFS is NFS, date is the date and time it was mounted, and any options
associated with the mount are listed. Do not cover any options during the lecture. They are
covered in another unit.
Additional Information If the version of the NFS protocol being used is 3 (rather than
2), then the mount command output shows 'nfs3' instead of simply 'nfs'.
Transition Statement Another feature available to enhance performance with NFS is
the CacheFS on the client.
Uempty
CacheFS
Server
Back
File
System
Network
Client
Cached
File
System
Notes:
CacheFS is a local disk cache mechanism for NFS clients. It provides the ability for an NFS
client to cache file system data on its local disk, thereby avoiding use of the network and
NFS server when the data is accessed and is not in physical memory.
CacheFS provides the ability to cache one file system on another.
CacheFS is contained in the bos.net.cachefs fileset, which is not automatically installed
when installing AIX.
CacheFS allows 64-bit operations with files larger than 2 GB.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the purpose and function of CacheFS. This optional function within
NFS client provides increased performance.
Details After creating a CacheFS file system on a client system, the system
administrator specifies which file systems are to be mounted in the cache. When a user on
that client attempts to access files that are part of the back file system, those files are
placed in the cache. Note that the cache does not get filled until a user requests access to
a file or files. Therefore, the initial request to access a file is at normal NFS speeds, but
subsequent accesses to the same file are at local JFS file system speeds.
Additional Information It is important to remember that CacheFS is intended to be
used as a mechanism for reducing network and server workload. Because the remote file
system data is held locally on the client and consistency is only checked at intervals, it
means that the data on the server could change, and the client would be unaware of this for
a period of time. You should, therefore, only use it for read-only or read mostly, file systems
where files systems content does not change rapidly.
Transition Statement Let's take a closer look at what is meant by virtual file system
(VFS) and why this is important.
Uempty
Virtual File Systems
vnode/vfs vnode/vfs
Notes:
AIX uses a structure called a virtual file system (VFS) to define a hardware-independent
mechanism for addressing different types of file systems. This is done inside the kernel so
that applications using the open, close, and so forth, system calls to access files do not
need to be modified.
This VFS structure provides a set of well-known operations that interact with underlying file
systems and objects. These operations define a consistent interface to multiple file
systems, remote or local. This consistent interface allows the user to view the directory tree
as a single entity. It also allows the logical file system code in the kernel to operate without
regard to the type of file system being accessed.
The NFS Server performance is enhanced with the implementation of a vnode cache in the
JFS component of the kernel. The cache enables the NFS Server code to translate a NFS
file handle to a local vnode structure more efficiently.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe what the VFS is and what its function is.
Details When a mount is performed (local or remote) a virtual file system structure is
created in kernel memory. When a file is opened, a virtual inode (vnode) structure is
created for that file. A vnode is a file address that contains the inode address that contains
the inode number (local or remote) and a pointer to the structure for the mounted virtual
system in which it resides.
When a process opens a file, the kernel looks in the mount table to determine which file
system the file resides upon and its type. Then the appropriate kernel routines for that
particular virtual file system type run to process the request and generate the vnode
structure for that file.
For a local request the virtual file system is a disk file system and the disk device driver
reads or writes data.
For a remote file system the virtual file system is NFS and a RPC request sent to the
server.
AIX supports four virtual file system types:
jfs (Journaled File System in a Logical Volume)-local
cdrfs (CD-ROM File System)-local
nfs (Network File System)-remote
dfs (DCE Distributed File System)-remote
Additional Information With NFS accesses, the file accessed must be a local file on
the server. The NFS server routines cannot make available to clients, files that the server
has remotely mounted.
Transition Statement Let's now take a look at the daemons and their roles in the
process of accessing remote file systems.
Uempty
NFS Daemons
Client
Activity Client Server
mount RPC call portmap
rpc.mountd
Notes:
Configuring NFS on clients and servers involves starting daemons that handle the NFS
RPC protocol.
NFS client daemons consist of biod, rpc.statd, and rpc.lockd.
NFS server daemons consist of rpc.mountd, nfsd, rpc.statd, and rpc.lockd.
When an RPC server program initializes, it registers its services with the portmap daemon.
In NFS Version 4, the statd and lockd are replaced in main code of the protocol.
The nfsrgyd daemon provides a name translation services for NFS servers and clients. The
nfsrgyd daemon should be up and running for servers and client using NFS V4 or
RPCSEC-GSS. ggssd daemon, provided under General Security Services allows NFS V4
to use various security method such as kerberos 5.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Introduce the NFS client and server daemons.
Details Use this visual simply as a quick overview of the daemons and their role as
either a client or server daemon. Each daemon is covered in more detail on succeeding
visuals. Each NFS client and NFS server starts their appropriate set of NFS daemons. NFS
daemons handle the NFS RPC protocol.
NFS client daemons are biod, rpc.statd, and rpc.lockd. NFS server daemons are
rpc.mountd, nfsd, rpc.statd, and rpc.lockd. Additionally, all systems start the TCP/IP
daemon portmap.
Transition Statement The first daemon we need to consider in detail is the portmap
daemon because it maintains a listing of the other daemons and how to communicate with
them.
Uempty
portmap Daemon
Client Server
Notes:
portmap is a network service that provides clients with a standard way of looking up a port
number associated with a specific program.
When services on a server come up, they register with the portmap daemon as an
available service. portmap then maintains a table of program-to-port pairs. It includes a
program number, version number, protocol to be used, port number and service name.
When the client tries to make a request of the server, it first contacts the portmap daemon
to see where the server resides. The portmap daemon listens on a well-known port so the
client can easily contact it. The portmap daemon responds to the client with the port of the
service that the client is requesting. The client, upon receipt of the port number, is able to
make all its future requests directly to the application.
It is started in /etc/rc.tcpip before inetd and the RPC servers. Thus, when the RPC
servers start they can register with portmap.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the purpose and function of the portmap daemon.
Details Instead of using preassigned ports and the inetd daemon, NFS programs or
RPC services are given program numbers. The file /etc/rpc contains a list of RPC services
and their program numbers. RPC services must still use UDP port numbers, so the
mapping of RPC program numbers to port numbers is handled by the portmap daemon.
When an NFS server is started, the portmap daemon is started from /etc/rc.tcpip. All RPC
programs register with the portmap and be assigned a dynamic port number. An NFS
client contacts the portmap daemon on the server to determine the port number used by
that RPC service. Once the client gets the port number, all subsequent calls by the client
are directed to that port. The port number is cached in memory on the client.
Additional Information The portmap listens on the well-known port of 111. RPC
services cannot afford the overhead of using inetd. The standard inetd services (telnet,
ftp, and so forth) are meant to be used for long periods of connection. RPCs are short in
duration by nature. To find out what RPC services are registered with portmap use the
rpcinfo -p command.
Transition Statement The first request a client would make to portmap would be for
the mountd daemon so it could mount an NFS file system. Let's see how this process
works.
Uempty
mountd
Client
Server
mount request portmap (port 111)
1 call to portmap
returns mountd port # 2
rpc.mountd
3 mount request 4
kernel /etc/xtab
Notes:
mountd is a server daemon and an RPC that answers a client's request to mount a
server's exported file system or directory. The mountd daemon finds out which file system
is available by reading the /etc/xtab file.
The mount process takes place as shown in the diagram:
1. Client mount makes call to server's portmap daemon to find the port number assigned
to the rpc.mountd daemon.
2. portmap passes the port number to the client.
3. Client mount then contacts the server rpc.mountd daemon directly and passes the
name of the desired directory.
4. The server rpc.mountd checks /etc/xtab (built by exportfs -a a command which reads
/etc/exports) to verify availability and permissions on the requested directory.
5. If all is verified, the server rpc.mountd gets a file handle (pointer to file system
directory) for the exported directory and passes it back to the client's kernel.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the purpose and function of the mountd daemon.
Details The mountd daemon is a server-only daemon that answers a client request to
mount a server's exported file system or directory. The mountd daemon reads the
/etc/xtab file to ensure that this client has mount permission, and that the directory is
exported. As shown here, the client issues the mount request and makes a call to the
portmap daemon to find the port that rpc.mountd is waiting on. The portmap returns the
port number. The mount request is now sent to the mountd daemon which reads the
/etc/xtab file, and if the system has permission and the directory is exported, passes a file
handle to the client. The file handle is a point to the actual rpc.mountd directory on the
server.
Transition Statement Once the file system is mounted, the client is ready to make
read/write requests. The daemon that aids in this activity is biod.
Uempty
biod (Block I/O Daemon)
biod
read-ahead write-behind
cache
Notes:
The biod daemon improves NFS performance by filling or emptying the buffer cache on
behalf of the NFS client. The daemon provides read-ahead and write-behind function,
bringing data over in chunks (NFS V2 - 8k max, 32k default on NFS V3).
The biod function is performed by kernel threads. These threads are created and destroyed
dynamically. The maximum number of biod threads can be controlled by:
#mount -o biods=n
where n is the number of threads specified. The default is four biod threads per mount
point.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the purpose and function of the biod daemons.
Details biod stands for block input output daemon. biods improve NFS performance by
filling and emptying the buffer cache on behalf of the NFS clients. When a process reads
from an NFS mounted file, it performs the RPC read itself. To prefetch data for the buffer
cache, the kernel has the biod daemon send more RPC read requests to the server, as if
the reading process had requested this data. When a client writes to the file, the data is put
in a buffer cache. After a complete buffer is filled, the operating system writes out the data
in cache (usually 8 Kb). The size of this buffer is configurable at mount time.
Additional Information On the client, any read or write request on a single file system
may, by default, consume up to six biod daemons doing read-ahead (four threads in AIX
NFS Version 3) or write-behind. On clients with multiple file systems mounted over NFS
and multiple users or multiple processes accessing the file systems, it is clear that having
more that six biod daemons may significantly improve performance. Current
implementations allow multiple daemons specified per mount point rather than per client,
giving a fines granularity in being able to control the client-driven load that can be
generated against a particular server. The question that is always asked it How many
daemons should I run? Unfortunately, there is no common agreed or formula for this.
Many references will warn against running too many daemons since having them all
undergo a context switch in order to check the socket to see if there is any work consuming
a lot of CPU. In AIX, this does not matter since SIX NFS employs a wake-up one
mechanism rather than waking up all daemons on a socket.
Current release has defaults of four kbiod threads per mount point for NFS version 3 and
six threads per version 2 mount. The threads are dynamically created and destroyed
according to demands generated against the mount point by the client.
Server daemons are likewise implemented as threads that are created and destroyed
dynamically according to the maximum number that is configured on the server and client
demand for service. The maximum number of threads can be specified either on the
command line at nfsd start time or via the nfso command take place immediately with no
other action required. Since the server only uses as many threads as it can keep busy, you
might increase the thread maximum if a server is primarily doing NFS work.
Transition Statement When a biod daemon on the client makes a read/write request to
a server, a daemon on the server side has to be available to handle that request. That
daemon is nfsd. Let's see how nfsd handles client requests.
Uempty
nfsd
Client Server
nfsd
nfsd
file request
nfsd
nfsd
nfsd
nfsd
1
nfsd Threads
2
kernel nfsd
kernel
Copyright IBM Corporation 2006
Notes:
nfsd is a server daemon that handles client requests for file system operations.
Each nfsd handles one request at a time. When an nfsd is done passing a request to the
kernel, it is free to accept another. This way a server is always able to accept a new nfs
request as long as there is at least one nfsd running.
Threads are dynamically created and are limited by the number specified in the startup file
/etc/rc.nfs or nfso settings.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the purpose and function of the nfsd daemons.
Details Once the directory is mounted, when a client kernel does a file operation, it
sends the NFS RPC information to the NFS server where it is read by one of the nfsd
daemons to process the file request. The nfsd knows how a directory is exported from the
information sent to the server's kernel by the exportfs command. (This command is
covered in the next unit.) These nfsd daemons allow the client to access the directory
according to the permissions.
Additional Information The ps -eaf command can be useful in showing the utilization
of nfsd/biod during a measured period of time.
Transition Statement Let's now take a look at how NFS handles file and directory
authentication when clients make file access requests of servers.
Uempty
How NFS Shared Files Are Protected
Mount read-only
UNIX Authorization
Access Control Lists (ACL)
Secure RPC
Lock Manager
RPCSEC - GSS
Notes:
When the file system is mounted, it could be mounted as a read-only file system. Thus,
even if files have write permission enabled, the access is restricted to simply read only.
ACLs are used to augment the standard AIX permissions.
Secure RPC encrypts the UID and GID (not the data) to stop user impersonation.
Network Lock Manager provides advisory file or record locking via the system calls fcntl()
or lockf().
RPCSEC-GSS option is available to support NFS Version 4 and NFS Version 3. Although
NFS V4 can be configured without RPCSEC-GSS, it is highly recommended.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Discuss shared file protection
Details With the use of shared file systems and directories across a network comes the
question of security. There are many ways to protect a server's exported file systems and
directories. On the visual we have listed six of them.
Transition Statement Let's take a closer look at how standard UNIX authentication
works with files mounted as read/write.
Uempty
UNIX Authorization - User
CLIENT
/home
/etc/passwd /mntpt
team01 208, 1...
sys1 team02 209, 1...
team03 210, 2...
file1 file2
RPC request
UID GID
vi /home/mntpt/file1
ls -l /home/files
rwxrw---208, 1 file1
rwxrw---208, 1 file2
sys3 /etc/passwd
team04 208, 1...
SERVER
Copyright IBM Corporation 2006
Notes:
Servers and clients exchange the UID and GID of the users trying to access remote files.
Conflicts can arise if the /etc/passwd files are not the same on the servers and the clients.
In the above example, sys1 had mounted /home/files from sys3 and mounted it over
sys1s local mount point directory /home/mntpt.
Example 1 - team01 would like to vi file1. In the RPC request the UID is 208 and GID is
1. team01 has the permissions of rwx (the owner) for file1 on sys3. If team01 does an
ls -l on file1, team01 shows as the owner. If team04 does an
ls -l on file1, team04 is shown as the owner.
Example 2 - team02 would like to vi file1. In the RPC request the UID is 209 and GID is
1. team02 has the permission of rw (the group) for file1 on sys3.
Example 3 - team03 would like to vi file1. In the RPC request the UID is 210 and GID is
2. team03 has no permissions for file1 on sys3.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
In an NFS network, all users should have a unique UID to avoid gaining access to files they
should not have access to. As in team01 and team04's case, sharing the same UID
unknowingly can cause confusion to owners if they are not aware of each other or the NFS
mount. If they have to be concerned with these things then NFS is no longer transparent.
NIS, which we cover shortly, is often used to overcome this problem.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
/home
/etc/passwd /mntpt
root:!:0:0
sys1
file1 file2
RPC request
UID GID
vi /home/mntpt/file1
ls -l /home/files
rwxrw---208, 1 file1
rwxrw---208, 1 file2
sys3 /etc/passwd
nobody:!:-2:-2::/home/nobody:/usr/bin/ksh
SERVER
Copyright IBM Corporation 2006
Notes:
The root user ID maps onto the /etc/passwd entry of nobody for NFS remote mounts.
This is done to protect the server from security issues that might be breached by the user
with root authority on a client.
Example 1 - root would like to vi file1.
In root's RPC request the UID of 0 but gets mapped to 4294867294 (-2) at the server.
root has no permission for file1 on sys3.
The user nobody owns no files or directories and therefore always has permissions
equivalent to the others category of users.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
The ACL support for AIX NFS clients and servers is implemented as a separate RPC which
defines the get and put procedures for ACLs.
The nfsd daemon handles ACL procedure requests. The client uses the extended RPC
program to obtain the ACL information.
The ACL support is built as a separate function which makes no changes to the NFS
protocol specification.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
NFS network locking supports System V record and file locking.
Advisory locking is supported. There is no support for enforced locking.
By record locking, it is meant that an application can be written to lock a type range of a file
rather than the entire file. A lock over the entire extent of the file is a file lock; whereas, a
lock over an arbitrary byte range is called a record lock.
System V locking operations are separated from the NFS protocol and handled by an RPC
lock daemon and a status monitor daemon that creates and verifies information on the
state of the lock.
Always start the rpc.statd before the rpc.lockd when starting and stopping through SRC.
If you do not anticipate using locking, both daemons can be commented out by adding a #
sign in front of each line entry for each daemon in the /etc/rc.nfs file. This prevents them
from automatically starting each time the system is rebooted.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Application Lock
requests
8 /responses
NETWORK
Lock 5 RPC 3
request Lock Lock
1 Manager lockd lockd Manager
2
Lock
Remote operations
files 4
6 6
7
Status
messages
Kernel Kernel
Notes:
1. Application does fcntl() lock request.
2. Client kernel sends lock RPC request to its lockd.
3. Lock requests for an NFS mounted file is forwarded by the client lockd to the server
lockd.
4. Server lockd makes a call to the kernel to see if the lock can be granted or denied.
5. Server lockd returns a reply to the client lockd.
6. If the lock is granted, the server lockd asks the status monitor statd to begin monitoring
the client. The client lockd in turn asks its status monitor statd to start monitoring the
server. The file locking daemons and the status daemons keep two directories with lock
reminders in them. Those directories are /etc/sm and /etc/sm.bak.
7. Client lockd returns lock RPC reply to kernel.
8. Kernel returns from fctnl() call.
The rpc.lockd and rpc.statd daemons are network-service daemons, which means they
run at the user level. However, both daemons are essential to the kernel's ability to provide
fundamental network services, and are therefore run on all network machines that use
NFS.
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Application Lock
requests
8 /responses
NETWORK
Lock 5 RPC 3
request Lock Lock
1 Manager lockd lockd Manager
2
Lock
Remote operations
files 4
6 6
7
Status
messages
Kernel Kernel
1. rpc.statd reads the host name entries from the /etc/sm.bak file (list of all hosts that it
was monitoring) which was copied from /etc/sm on system reboot.
2. rpc.statd notifies all of the listed systems (including the local rpc.lockd)
Note: When the rpc.lockd starts on the server it is in a grace period which allows
clients to reclaim their locks which by default, is 45 seconds.
3. rpc.statd on the client notifies the rpc.lockd on the client of the server's failure and
recovery.
4. rpc.lockd on the client sends a reclaim lock request to obtain the lock it previously
held for the application
5. rpc.lockd on the server calls to the kernel to obtain the lock request.
6. rpc.lockd on the server responds to the client's rpc.lockd with the success of the
reclaim lock request
When the lock daemon is started the grace period and retransmission time-out variables
can be set to something other than the default. To change the grace period:
/usr/etc/rpc.lockd -g <seconds>
Uempty To change the interval between retransmitting lock requests to the remote server from the
default of 15 seconds:
/usr/etc/rpc.lockd -t <seconds>
If a client goes down, the server will be notified, however its lock manager will wait until
contact is resumed before taking action. During this time messages will be sent to the
console indicating client failure. The message is:
rpc.statd cannot talk to statd at client xyz
When the client returns and it is clear that it has been rebooted rather than a temporary
loss of a network connection, the server releases any locks held for that client since any
applications that were running need to restart from scratch and reissue lock requests. If the
client is down for awhile, then you need to manually intervene to clean things up by issuing
the following commands:
# stopsrc -s statd
# cd /etc/sm.bak
# ls
# rm <client name>
# startsrc -s statd
rpc.statd 2 rpc.statd 1
Application
/etc/sm.bak
3 2
Kernel
5
6
rpc.lockd rpc.lockd
lock request
4
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
1. rpc.statd reads the host name entries from the /etc/sm file (list of all hosts that it was
monitoring
2. rpc.statd contacts rpc.statd on servers to notify of the clients failure and it also
contacts the local rpc.lockd to notify of the rpc.statd's failure
3. rpc.statd on the server contacts the local rpc.lockd and notifies it of the client's failure
4. rpc.lockd on the server calls into the kernel and releases all locks that the failed client
held
Transition Statement Let's do a bit of a review by going through some checkpoint
questions.
Uempty
Checkpoint (1 of 2)
1. T/F: A host can be an NFS server and NFS Client simultaneously.
2. T/F: An NFS mount request is always issued by the NFS client.
3. What server daemon handles client requests for file system
operations?
4. What daemon runs on the client which provides block input/output
operations in order to perform read-ahead, write-behind requests?
Notes:
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Checkpoint Solutions (1 of 2)
1. T/F: A host can be an NFS server and NFS Client simultaneously.
True.
2. T/F: An NFS mount request is always issued by the NFS client.
True.
3. What server daemon handles client requests for file system
operations? nfsd.
4. What daemon runs on the client which provides block input/output
operations in order to perform read-ahead, write-behind requests?
biod.
Additional Information
Transition Statement
Uempty
Checkpoint (2 of 2)
5. What daemons are started on both the client and server systems
used to handle file and record locking?
6. What command is used to see which file systems are currently
mounted?
7. What daemon provides a lookup function on port numbers
associated with a specific program that a user needs to access?
8. T/F: The cacheFS is implemented on the NFS server.
Notes:
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Checkpoint Solutions (2 of 2)
5. What daemons are started on both the client and server systems
used to handle file and record locking? statd and lockd.
6. What command is used to see which file systems are currently
mounted? mount.
7. What daemon provides a lookup function on port numbers
associated with a specific program that a user needs to access?
portmap.
8. T/F: The cacheFS is implemented on the NFS server. False.
Additional Information
Transition Statement
Uempty
Exercise:
Notes:
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Additional Information
Transition Statement
Uempty
Unit Summary
NFS clients access network remote files by remotely mounting an
NFS server's exported file systems, directories, or files
The NFS server daemons are portmap, mountd, nfsd, statd, and
lockd
The NFS client daemons are portmap, biod, statd, and lockd
The cacheFS allows caching of files or file systems on a client
NFS authentication includes support for read-only file systems,
Standard UNIX Authorization, AIX Access Control Lists, Secure
RPC, and file and record locking on application request
Notes:
Copyright IBM Corp. 1997, 2006 Unit 12. NFS Concepts 12-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Transition Statement
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Objectives
After completing this unit, students should be able to:
Notes:
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Planning the NFS servers and clients should be done as a paper-planning strategy before
actual configuration is started.
When setting up the network you should consider:
Available disk space - You may have a large server with a large amount of disk space
free or lots of small systems with a little free space each.
Desired availability of data - The clients are dependent on the servers for their files so
the servers should be available as much as possible.
Security - If somebody breaks into the server, all of the clients are affected. Also,
remember the UID and GID for each NFS user on each system should be the same.
Complexity of administration - If every machine is a server and a client it will be very
complex to administer the machines
Network load and performance - Don't put a gateway between a server and its clients
Whether the systems are powerful enough to be both servers and clients.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Implementation Methods
NFS can be implemented using any of the following:
SMIT configuration
Command line
Flat file configuration
Combination of SMIT and flat file configuration
Only root can configure NFS
Notes:
SMIT is the recommended way to configure NFS. It is important to know what SMIT is
doing for you; therefore, the NFS lectures are presented using the flat file configuration.
The SMIT method is listed in the notes.
NFS does not rely on ODM; therefore, the configuration process is up to the system
administrator.
If SMIT is selected as the method of choice, the menus and dialogs that pertain to NFS can
be reached through the Communications Applications and Services selection in the
main menu of SMIT.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Make sure that the portmap daemon is running. The portmap daemon is started in the
same place as TCP/IP daemons, the /etc/rc.tcpip file. The portmap entry appears before
the inetd daemon in this file and must be started before the inetd daemon in order to
function properly. It also must be started before any NFS daemons because the NFS RPC
services of NFS all register with the portmap when they are started.
A server can export either directories, file systems, or files. The network administrator has
to identify each structure to be exported to the server.
The NFS server daemon is nfsd. The administrator configures multiple daemons according
to the expected peak load. There is not a one to one relationship between nfsds and
exported directories or file systems.
NFS can be started under SMIT or from the command line. If NFS is started through SMIT
or through the use of the mknfs command, the portmap daemon is started and all the
other necessary daemons to support either the client or server side of NFS. What
determines whether server or client daemons are started is the existence of the file that
lists the exported directories, /etc/exports.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
[Entry Fields]
* Pathname of directory to export [] /
Anonymous UID [-2]
Public filesystem? no +
* Export directory now, system restart or both both +
Pathname of alternate Exports file []
Allow access by NFS versions [] +
External name of directory (NFS V4 Access Only) [ ]
* Security method [sys, krb5p, krb5;, krb5, > +
* Mode to export directory read-write +
Hostname list. If exported read-mostly []
Host + netgroups allowed client access []
Host allowed root access []
Security method
[MORE . . . 19]
Notes:
The full path in SMIT to get to this screen is:
# smit
Communications, Applications and Services
NFS
Network File System (NFS)
Add a Directory to Exports List
This screen allows the following information to be provided:
Full pathname of exported directory
Whether the file system is read/write, read only or read mostly
A list of hosts that is allowed access to the exported directory
What roots access from the client is
If the directory was exported read-mostly, what clients are allowed read/write access
Whether secure NFS should be used
Whether the directory should be exported now, at system restart, or at both times
Whether an alternate exports file (other than /etc/exports) is used
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# cat /etc/exports
/usr/games
/usr/man -ro
/home/files -access=sys1,anon=-1
/budgets -root=sys2:sys3,access=sys2:sys3:sys4,
rw=sys2:sys3
Notes:
/etc/exports file lists all directories that a server makes available to its clients. Only
exported directories, file systems, or files can be mounted by clients. /etc/rc.nfs, upon
restart, checks for the existence of this file. If the file exists then this system is deemed a
server and the appropriate server daemons are started.
A server can only export its own file systems and directories.
The following are some examples:
/usr/games - Any client on the network can mount this directory.
/usr/man - All clients have read-only access to this directory.
/home/files - Only sys1 has access permission to this directory. anon=-1 disables root
from having access even as the user nobody.
/budgets - The root user IDs on sys2 and sys3 have access as root to this directory.
Access permissions are granted to sys2, sys3, and sys4 with only sys2 and sys3
having read-write access and leaving sys4 with read-only.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
exportfs Command
/etc/rc.nfs
/etc/exports
1 read
#... /home/files
#...
exportfs -a
2 reply
3 create
/etc/xtab
# exportfs
/home/files
Copyright IBM Corporation 2006
Notes:
Control of how a server exports its directories can be done at system restart or as needed
with the exportfs command and its options.
exportfs -a command exports all items listed in the /etc/exports file and automatically
copies the entries to the /etc/xtab file. /etc/xtab file entries are used by the system and
always reflect what is currently exported. This leaves the /etc/exports file available for
updating at any time. exportfs with no options shows you what is currently in /etc/xtab
NOT /etc/exports. root can execute exportfs from the command line using any of the
following options to change what is exported from /etc/xtab:
-a rereads the /etc/exports file and copies all entries to /etc/xtab
-v prints the name of each directory as it is exported or unexported
-u unexports the directories you specify
-i exports directories from the command line that are not found in the
/etc/exports file or ignore the options in the /etc/exports/file
-o specifies optional characteristics for the directory being exported
Note: When SMIT is used to create the /etc/exports file, this command is executed
automatically.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
/etc/rc.nfs
# pg /etc/rc.nfs
dspmsg cmdnfs.cat -s 8 1 "starting nfs services:\n"
if [ -x /usr/sbin/biod ]; then
start biod /usr/sbin/biod 8
fi
#
# If nfs daemon is executable and /etc/exports, become nfs server.
#
if [ -x /usr/sbin/nfsd -a -f /etc/exports ]; then
> /etc/xtab
/usr/sbin/exportfs -a
start nfsd /usr/sbin/nfsd 8
start rpc.mountd /usr/sbin/rpc.mountd
fi
#
# start up status monitor and locking daemon if present
#
if [ -x /usr/sbin/rpc.statd ]; then
start rpc.statd /usr/sbin/rpc.statd
fi
if [ -x /usr/sbin/rpc.lockd ]; then
start rpc.lockd /usr/sbin/rpc.lockd
fi
Copyright IBM Corporation 2006
Notes:
NFS daemons are executed from the /etc/rc.nfs file. (This is not a complete listing of the
file.)
SMIT method to start the daemons (which updates the file):
# smit
Communications Applications and Services
NFS
Network File System (NFS)
Configure NFS on This System
Start NFS (Fastpath: #smit mknfs)
/usr/sbin/biod is automatically uncommented when starting NFS through SMIT; therefore,
NFS servers automatically are configured as NFS clients. If this server NEVER becomes
an NFS client, you may comment out the line associated with the biods so the daemons are
not started.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Explain the startup flow of NFS from the /etc/rc.nfs file.
Details This is a sample of the NFS code as it is found in the /etc/rc.nfs startup script.
Let's take a look at how the code is executed. First the system starts the biod daemons. By
default the system assumes that this system is also an NFS client as well as a server. If you
know that this is a dedicated server, you may want to comment out these three lines. Next,
it is determined if this system is going to be the NFS server. It looks to see if the nsfd
daemons are executable, then it checks to see if the /etc/exports file exists. Since our
/etc/exports file does exist, it zeroes out the /etc/xtab file, run the exportfs -a command
which copies the contents of /etc/exports into /etc/xtab. It then starts the nfsd daemons
and the mountd daemon along with the locking daemons, statd and lockd.
Additional Information Although the number of nfsd and biod daemons is specified in
rc.nfs, this is overridden by parameters stored in the ODM. When the number of daemons
is changed using SMIT or with the chnfs command, the number is stored in the ODM using
the chssys command. When the daemons are started, they are passed the number from
the ODM as an argument specifying how many copies should run. See the chnfs script
and the documentation for the chssys command for more details.
Transition Statement The final step is to include the startup of NFS in the system
startup process so the server is available any time the system reboots.
Uempty
/etc/inittab
# mkitab "rcnfs:2:wait:/etc/rc.nfs > /dev/console 2>&1"
init:2:initdefault:
brc::sysinit:/sbin/rc.boot 3 >/dev/console 2>&1 # Phase 3 of system boot
powerfail::powerfail:/etc/rc.powerfail 2>&1 | alog tboot > /dev/console # Power
rc:2:wait:/etc/rc 2>&1 | alog tboot > /dev/console # MultiUser checks
fbcheck:2:wait:/usr/sbin/fbcheck 2>&1 | alog tboot > /dev/console # run /etc/fi
srcmstr:2:respawn:/usr/sbin/srcmstr # System Resource Controller
rctcpip:2:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start TCP/IP daemons
rcnfs:2:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS Daemons
rchttpd:2:wait:/etc/rc.httpd > /dev/console 2>&1 # Start HTTP daemon
cron:2:respawn:/usr/sbin/cron
piobe:2:wait:/usr/lib/lpd/pio/etc/pioinit >/dev/null 2>&1 # pb cleanup
cons:0123456789:respawn:/usr/sbin/getty /dev/console
qdaemon:2:wait:/usr/bin/startsrc sqdaemon
writesrv:2:wait:/usr/bin/startsrc swritesrv
uprintfd:2:respawn:/usr/sbin/uprintfd
logsymp:2:once:/usr/lib/ras/logsymptom # for system dumps
diagd:2:once:/usr/lpp/diagnostics/bin/diagd >/dev/console 2>&1
Notes:
This step is done for you if you start NFS via SMIT selecting the start at next system reboot
at both options as follows:
# smit
Communications Applications and Services
NFS
Network File System (NFS)
Configure NFS on This System
Start NFS (Fastpath: #smit mknfs)
Use the mkitab command to enter the line into the /etc/inittab file. This command places
the rcnfs entry at the end of the file. The -: Identifier flag can be used to insert the new
record within the initialization table. Make sure the rcnfs entry is placed after the rctcpip
entry. Use the chitab command to change a record in the /etc/inittab.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Identify the nfs entry in /etc/inttab.
Details When configuring NFS via SMIT, the NFS line entry is added automatically if you
request to start at next system reboot or both so NFS is started at each system restart. It
is not necessary to reboot the system to execute this command as you can execute the
/etc/rc.nfs file directly.
The mkitab command adds a record to the /etc/inittab file. The /etc/inittab file supplies
information for the init command to dispatch general processes. It is advisable not to
directly edit the /etc/inittab file but use SMIT or the mkitab command instead because it is
sensitive to stray characters or blank lines and it is critical for the proper reboot of the
system.
Transition Statement Let's look at the flow of activities that occur when a system is
rebooted.
Uempty
Activating an NFS Server
ODM
System
/etc/objrepos/Config_Rules
Powered
on Config_Rules
.
.
.
/etc/rc.net
.
.
.
cfgmgr portmap
inetd
/etc/inittab
.
.
.
run-time rctcpip:/etc/rc.tcpip
init rcnfs:/etc/rc.nfs /etc/rc.nfs
.
.
.
Notes:
The cfgmgr calls /etc/rc.net during the second phase of configuration during a system
restart. Next /etc/inittab kicks off /etc/rc.tcpip followed by /etc/rc.nfs. From this point on,
/etc/rc.nfs executes all the appropriate daemons for the server.
By default, the two locking daemons, locked and statd, are started along with the biod and
nfsd. Also, the mountd is started to handle requests and the exportfs command is run
creating the /etc/xtab file.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Show the startup of an NFS server.
Details This is a diagram of a system restart.
By default, eight biods will be started before the /etc/exports file is checked. If you
absolutely do not want this server to be a client, the lines supporting the biods in the file
/etc/rc.nfs should be commented out. This may cause problems. If in the future you want
this server to be a client, you must remember to uncomment these lines to get the biods
started on every system restart. Also the locking daemons, statd and lockd, are started.
Transition Statement That's all there is to configuring an NFS server. Let's now turn
our attention to configuring an NFS client.
Uempty
Client Configuration Steps
The tasks that must be performed to configure each system
designated as an NFS client are:
Use the mkdir command to establish the local mount points
Start the NFS client daemons
Mount the desired directories
Notes:
The above steps are discussed in detail on the following pages.
The prerequisite conditions are the same for an NFS client as they are for an NFS server.
They are:
Install and configure TCP/IP
Install NFS
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Identify the steps in configuring an NFS client.
Details There are three steps to configure an NFS client. You must use mkdir to
establish the empty mount point directories, start the client daemons, and issue the mount
command to invoke an NFS mount.
Transition Statement Let's look at the first step, create the local mount points.
Uempty
Create Local Mount Points
Create the local mount points for the NFS file systems:
mkdir dirname
For example:
# mkdir /home/mntpt
Notes:
For NFS to complete a mount successfully, a directory that acts as the mount point for an
NFS mount must be present. This directory should be empty. It acts as the placeholder for
the NFS mount that is to occur.
The local mount point can be created like any other directory using the mkdir command.
There are no special attributes needed for this directory.
If the directory mount point is not empty and an NFS mount takes place using this mount
point, its local files and subdirectories are hidden until the NFS mount is ended.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Review the concept of a mount point.
Details NFS provides the ability to access directories and files that reside on a remote
system through the NFS mount process. (The location within a directory tree through which
a client accesses remote directories are called mount points.) Mount points are empty
directories that can be created using the mkdir command. If the mount point directories are
not empty and an NFS mount takes place, all files located in that mount point will be hidden
and will not be accessible until the NFS mount is ended. They are sometimes referred to as
stubs or stub point directories.
Transition Statement The next step is to start the necessary client daemons.
Uempty
Start NFS Client Daemons
# smit mknfs
Start NFS
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* START NFS now, on system restart or both
Notes:
The client daemons can either be started through SMIT as shown above or by
uncommenting the appropriate lines in the /etc/rc.tcpip and /etc/rc.nfs files and then
running the scripts as described earlier for starting server daemons. The daemons that
need to be started are:
portmap biod rpc.statd rpc.lockd
biod
rpc.statd
rpc.lockd
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Show the procedure that can be used to start the client daemons.
Details The procedure choices are the same for both the client and server. SMIT, the
high-level commands, or manually editing and running the scripts can be used with equal
effectiveness.
Transition Statement The next step is to mount the exported directory. There are
several ways to do this. The first way we discuss is manually.
Uempty
Manual Remote Mount
# mount sys3:/home/files /home/mntpt
sys1 sys3
/ /
home home
mntpt files
file 1
file 2
Notes:
Manual mounts (explicit) require, as a minimum, the server's host name, absolute path
name of the remote directory and the path name of the local directory mount point. Only
root or a member of the system group can issue the mount command for mounting a file
system.
Client configuration with the above example:
Daemons required to be active - biod
Default remote file system - NFS (as listed in the /etc/vfs file)
Local mount point established with mkdir - /home/mntpt
Client issues the manual mount command - # mount sys3:/home/files /home/mntpt
If nfs is not designated as the default remote file system in the /etc/vfs file then the
mount command from the command line would use the -v nfs option as follows:
# mount -v nfs sys3:/home/files /home/mntpt
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
It is recommended, and required if you are using locking, to have the portmap daemon
active on the client to handle requests from any NFS networking command issued from
another host.
Server configuration
- Proper directories and/or file systems exported in /etc/exports - /home/files
- Daemons required to be active - portmap, inetd, nfsd, rpc.mountd.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Server Client
Back Cached
File File
System System
Notes:
To ensure that the cached directories are kept up to date, cacheFS periodically checks the
consistency of files stored in the cache. To check consistency, cacheFS compares the
current modification time to the previous modification. If the modification times are different,
all data and attributes for the directory or file are purged from the cache, and new data and
attributes are retrieved from the back file system.
When a user requests an operation on a directory or file, cacheFS checks if it is time to
verify consistency. If so, cacheFS obtains the modification time from the back file system
and performs the comparison.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
cfsadmin Command
# cfsadmin -c -o <parameters><cache-directory>
Notes:
The cfsadmin command provides the ability to:
Create and delete cached file systems
List cache contents and statistics
Change cacheFS response parameters
The following cfsadmin options are available:
-c Creates a cache under directory specified by cache-directory. The directory
must not exist prior to cache creation.
-d Removes file systems specified by cached and releases its resources or
removes all file systems if all is specified.
-l List file systems stored in the specified cache with their statistics.
-s Requests a consistency check on the specified file system, or all file
systems, if all is specified.
Uempty -u Updates resource parameters of the specified cache directory. Note that
parameter values can only be increased; decreasing requires cache
removal and recreation.
-o cacheFS resource parameters.
The resource parameters are:
maxblocks=n Maximum amount of storage. Default=90%.
minblocks=n Minimum amount of storage. Default=0%.
threshblocks=n Percentage of total blocks. Default=85%.
maxfiles=n Maximum number of files allowed. Default=90%.
minfiles=n Minimum number of files allowed. Default=0%.
threadfiles=n Percentage of total inode. default=85%
maxfilesize=n Largest file size (megabytes). Default=3.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the usage of the cfsadmin command. The execution of this
command is needed to invoke the mount command for mounting of NFS file.
Details When creating cache using the cfsadmin command, you can specify resource
parameters to override the defaults as described in the student notes. The cache directory
is the name of the directory where the cache should be created. Although the cache is
referred to as a cache file system, it is not a file system in the true sense. It is a cache
directory that resides on a normal JFS. For this reason, if you are creating a large cache file
system, it is advisable to create a dedicated JFS to be used for this purpose. This is
because the cache file system is created with parameters that indicate the percentage of
underlying file system it is allowed to use.
Additional Information The fsck_cachefs command checks the integrity of cached file
systems. By default, it corrects any cacheFS problems it finds. Unlike the standard fsck
command there is no restrictive mode.
Transition Statement You may wonder when a manual mount should be used since
only root or a member of the system group are permitted to use the command.
Uempty
Why Do Manual Mounts?
For occasional or unplanned mounts
For security or tight control of NFS file systems
For system administration purposes
If server is not available at system startup, mounts can be done
manually when the server becomes available
Notes:
Manual mounts are explicit mounts and are invoked using the mount command from the
command line.
Using the mount command explicitly requires that the user provide all the information on
the command line to mount the file system. You must be root or a member of the system
group to perform a manual mount.
The syntax of the manual mount command is:
# mount server_name:/exported_directory /local_mount_point
# mount sys3:/home/files /home/mntpt
Manual mounts should not be used when remote file systems are needed by client systems
for their normal operations.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the characteristics of a manual mount.
Details The mount and umount commands explicitly mount and unmount a file system
or directory. The mount command is useful for directories that are accessed for only a
short amount of time. It requires the server to be available, and the server must be
exporting the stated directory. File systems accessed through mount commands stay
mounted until a system reboot, unless you unmount them with the umount command. If
the system is restarted, the mount will no longer be in effect unless a predefined mount was
defined in the /etc/filesystems file.
Transition Statement Another way clients can mount NFS file systems is with
predefined mounts. Let's see what these are.
Uempty
Predefined Mounts
Predefined NFS mounts are:
Mounts that are usually required for proper operation of a client
Automatic at system startup
Defined in /etc/filesystems
Multiple mounts can be invoked simultaneously
Notes:
Predefined mounts are referred to as implicit mounts. They are probably the most common
way to perform NFS mounts.
It is possible to invoke a predefined mount from the command line rather than invoke it
through /etc/rc.nfs. Use the mount command and the local_mount_point name. The mount
command uses the local_mount_point to locate the corresponding stanza in the
/etc/filesystems file. This stanza is then used to supply the needed information to
complete the mount.
Predefined mounts are achieved by adding the appropriate entry to the /etc/filesystems
file and are invoked at a system restart.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the characteristics of a predefined mount.
Details Predefined mounts are useful for creating a long-lived NFS environment of
remote mounts. Predefined NFS mounts refer to the remote directories that are mounted
upon system restart. Predefined mounts can also be invoked via the command line as
mentioned in your student notes.
Transition Statement Let's see how to create a predefined mount using SMIT.
Uempty
Creating Predefined Mounts
# smit mknfsmnt
Notes:
The full SMIT path to get to the above screen is:
# smit
Communications, Applications and Services
NFS
Network File System (NFS)
Add a File System for Mounting
This SMIT path can be use for creating an NFS file system for both an entry in the
/etc/filesystems file or simply for a one-time mount. Thus, it can be used in place of the
mount command previously shown when the field for mount is specified as now.
When this field is specified to add the entry to the /etc/filesystems file, that file gets
updated with the information provided in this screen.
Note: This visual does not show the entire screen.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Show the SMIT screen that creates a predefined file system.
Details As indicated in the notes, this screen can be used to set up a manual mount or a
predefined mount simply by the way the question: MOUNT now, add entry to
/etc/filesystems or both? is answered.
Transition Statement Since the use of SMIT adds entries to the /etc/filesystems file,
let's take a look at how this file is set up.
Uempty
The /etc/filesystems File
# cat /etc/filesystems
/home/fred/jobs:
dev = "/u/judy/jobs"
mount = true
vfs = nfs
nodename = sys2
option = soft, bg
/home/mntpt:
dev = "/home/files"
mount = false
vfs = nfs
nodename = sys3
option = bg, hard, intr
account = false
Copyright IBM Corporation 2006
Notes:
Using the SMIT method described previously, you have the choice of having the file system
mounted immediately, at system restart, or both. Adding an entry to /etc/filesystems
manually means that you must either invoke the predefined mount from the command line
or do a system restart. To remove an entry, use an editor or SMIT.
The attributes required are:
dev = specifies the path name of the remote file system being mounted
vfs = specifies that the virtual file system being mounted is an NFS file system
nodename = specifies the host system on which the remote file system resides
mount = choices are true, false, automatic. If you use true, be sure mount options are
for a background mount, otherwise the client may hang on system restart if the server is
down.
options = optional attributes you can assign to the mount. These will be defined on the
next page.
account = used by the dodisk command to determine the file systems to be processed
by the accounting system. The value is true or false.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the use of /etc/filesystems and /etc/rc.nfs files with predefined
mounts.
Details To have mounting take place automatically at system startup, use the
/etc/filesystems file to describe each NFS local mount point you have created and where
the server data is coming from. Information included in a remote mount file system stanza
is the same information required for a manual mount. The name of the stanza in this
example is /home/mntpt, which is the name of the client local mount point. It must end with
a colon or this entire stanza is not read upon system startup. The attributes must be
indented and there must be spaces around the = signs. The dev attribute is used to
describe the full path name of the exported file system or directory on the server that needs
to be mounted to the client's local mount point. Nodename is the host name of the remote
server. VFS specifies that this stanza is an NFS remote mount rather than a local mount.
By default, when the /etc/filesystems file is created, the mount = false attribute is used.
This means that the NFS remote mount must be invoked from another startup file like
/etc/rc.nfs. You can change this value to true, however either way it is done to avoid a
potential hang if a client is restarted when a server is down, the background mount option
needs to be set.
Additional Information Another way to set up a predefined mount is to specify the file
system in the /etc/filesystems file and set the mount= attribute to false. Then, add a mount
statement for the nfs file system at the end of the /etc/rc.nfs script. If you do this make sure
the bg option (background mount) is set up or a hang could occur as well.
There is an undocumented attribute with the /etc/filesystems file that can be used with
NFS file systems. It is the free attribute that takes a value of rue or false. If set to true
commands that provide file system information, such as the df command, do not hang if an
NFS file system operation is put into the background due to problems encountered with
contacting the server.
Transition Statement The /etc/filesystem file provides for many mount options to be
specified. Let's look at what some of them are.
Uempty
Options Attributes
ro Mounts read-only
Notes:
bg, fg - Specifies whether the mount should be attempted in the background or the
foreground if the first mount attempt fails.
hard, soft - Determines whether the client continues indefinitely (hard) or time out (soft)
if the server is not reachable.
intr - Allows a mount defined as hard to be interrupted by using any of the keyboard
interrupt keys. This is very nice to have available if the server or the network is down
and you restart a client.
retrans, timeo - retrans specifies the number of times to repeat an RPC request before
returning a time-out error on a soft mount. The timeo parameter varies the RPC
time-out period and is given in tenths of a second.
retry - Determines the number of soft mount attempts before timing out.
ver - Selects the version of the NFS protocol to use. The default is the highest level (2
or 3) available on both client and server.
proto - Selects the transport protocol to use, UDP or TCP. The default is TCP.
biods - Controls the number of threads per mount point. The default is four Kbio (biod)
threads per mount point.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose List the most frequently used options for mounting a remote file system or
directory.
Details This is a limited list of some of the more popular options that can be defined with
a predefined NFS mount. See the Commands Reference Manual for a complete list of the
options and how they are used.
When a client cannot mount a server during the allotted RPC execution time, it tries the
RPC operation up to the count specified by the retry option. If bg option was used, mount
starts another process that continues mount retries in the background. This frees up the
system to allow the mount command to attempt the next mount operation or have other
commands run. If bg is not specified, mount blocks or waits for the remote file server to
recover or until the mount retry count has been reached. Use of bg mounts allows your
network to recover more gracefully from widespread problems such as power failures.
Hard/soft determines how a client behaves when the server is overloaded and can't
respond, or when it is not reachable. By default, file systems mounted hard means that an
RPC call that times out is retried indefinitely until a response is received from a server.
A hard mount side affect is the mount waits or hangs until the RPC call can complete.
Using intr and hard allows users to interrupt system calls that are waiting on a crashed
server.
Soft mounts with repeated RPC call failures eventually cause the NFS operation to fail as
well. Soft shouldn't be used on a file system that is write intensive. NFS only guarantees
consistency of data after a server crash if the NFS file system was hard mounted. System
calls referring to soft-mounted file systems look like failing disks and return errors.
Sometimes the error is just ignored.
A file system or directory can be mounted read-only or read-write. A good example of
read-only might be the man pages or a bulletin board.
The timeo option deals with how long a client waits for a response from a server before
timing out and retransmitting the request. The retrans option specifies how many times the
client will retransmit after a time-out before returning an error on a soft-mounted filesystem.
If it is a hard-mounted file system it will retry indefinitely.
The proto option allows the transport protocol for NFS to be selected in AIX 4.2.1 and later.
By default, TCP will be used if the server supports it.
Additional Information When two servers are clients of each other, the bg option must
be used in at least one of the server's /etc/filesystems file. When both servers boot at the
same time (due to power failure as an example) one usually tries to mount the other's file
systems before they have been exported and before NFS has been started. If both servers
are fg only, there is a deadlock as they wait for each other. When both servers finally
complete booting, the bg mount completes successfully. If some events cause client and
server to reboot at the same time and the client can't complete the mount before the retry
count is exhausted, the client won't mount even when the server comes back up. Many
Uempty have to manually remount. Once the retry limit has been reached, the not responding
message appears.
Transition Statement Let's see how the type = attribute works on a predefined mount.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Predefined Mounts
Invoked From Command Line
/etc/filesystems
/home/mntpt:
# mount /home/mntpt dev = "/home/files"
nodename = sys3
vfs = nfs
# mount -t budget mount = false
/report:
dev = "/home/finance"
nodename = sys2
vfs = nfs
type = budget
mount = false
/status:
dev = "/home/monthly"
nodename = sys4
vfs = nfs
type = budget
mount = false
Notes:
The type attributes used in /etc/filesystems gives you an option of performing multiple
mounts that are defined under a command type. The command mount -t budget could
also be added to the /etc/rc.nfs file so these mounts occur at system startup.
The mount all command can be used from the command line but it only reads and mounts
stanzas marked mount = true from /etc/filesystems.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
ODM
System
/etc/objrepos/Config_Rules
Powered
on Config_Rules
.
.
.
/etc/rc.net
.
.
.
cfgmgr portmap
inetd
/etc/inittab
.
.
.
run-time rctcpip:/etc/rc.tcpip
init rcnfs:/etc/rc.nfs /etc/rc.nfs
.
.
.
Notes:
When the system executes /etc/inittab, /etc/rc.nfs is called which starts the NFS client
daemon biod.
Note that portmap and inetd should also be active on an NFS client in order to have the
NFS client participate in requests from general NFS networking commands.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
All NFS daemons have been placed under the control of SRC. They can be managed from
the command line to temporarily stop, start, or simply list the daemons using the
commands stopsrc, startsrc, Issrc, and their appropriate flags. Examples might include:
# stopsrc -s mountd stops just the rpc.mountd
# startsrc -s mountd starts the rpc.mountd
# stopsrc -g nfs will stop all the nfs daemons listed under the group name of nfs This
will stop NFS by bringing down all its daemons.
# Issrc -g nfs will list all the active and inactive daemons from the nfs group
Refer to the Commands Reference Guide for other flags that can be used with these
commands.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
NFS can be started and stopped using SMIT as follows:
# smit
Communications Applications and Services
NFS
Network File System (NFS)
Configure NFS on This System
Start NFS (Fastpath: # smit chnfs)
Stop NFS (Fastpath: # smit chnfs)
rmnfs changes the current configuration of the system so that the /etc/rc.nfs file is not
executed on system restart. By removing the entry in the /etc/inittab file, rmnfs also
stops all NFS and NIS daemons and the portmap daemon. Be cautious in the use of
this command. Two additional options can be used:
- -I does not stop any currently running system daemons, but removes the entry from
the /etc/inittab file that starts the NFS daemons on system restart.
Uempty - -N immediately stops the NFS daemons, but it does NOT remove the entry from the
/etc/inittab file, thus allowing NFS to restart upon a system restart.
mknfs command configures the system to run the NFS daemons and adds an entry to
the inittab file so that the /etc/rc.nfs file is executed on system restart.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Define the ways to stop, start and change NFS daemons using high-level
commands.
Details Stopping NFS using rmnfs from the command line or using SMIT, as shown,
changes the current configuration of the system so that the /etc/rc.nfs file is not executed
on system restart. In addition, you can direct the command to stop the daemons that are
currently running.
Starting NFS using mknfs configures the system to run the NFS daemons. This command
adds an entry to the /etc/inittab file so that the /etc/rc.nfs file is executed on system
restart. It also starts the portmap daemon if it isn't already running.
The number of nfsd daemons and/or biod daemons can be altered using the chnfs
command with the -n and -b options respectively. The chnfs command does this by
changing the objects in the SRC database. There are different options that can be used so
that changes take place at different times. No options indicate it takes place immediately.
(-B is the default, which temporarily stops the daemons, modifies SRC to reflect the new
number, and restarts the daemons.)
Additional Information The -I option used with chnfs restarts the number of daemons
specified at next system restart.
The -N option used with chnfs temporarily stops the daemons and restarts the number of
daemons indicated.
Transition Statement Sometimes a file system that is currently mounted needs to be
unmounted. There are several ways to do this.
Uempty
Unmounting Remote Mounts
# umount allr
# umount /home/mntpt
# umount -n sys3
# umount -t budget
# smit umount
Notes:
Only root or a member of the system group can unmount a file system.
umount allr unmounts all remotely mounted file systems by checking what is mounted
as nfs in the vfs= attribute in the /etc/filesystems file.
umount /u/mntpt unmounts the specified local mount point.
umount -n sys3 unmounts all remote mounts made from the /etc/filesystems file with
nodename = sys3.
umount -t budget unmounts all stanzas in /etc/filesystems that contain the
type=budget attribute.
smit umount takes you to a menu that will allow you to specify the mount to be
unmounted by allr, name or node or by a group to be unmounted as specified with the
type attribute.
You cannot use the umount command with a device that is in use. A device is in use if
any file is open or if a user's current directory is on that device. You get the message A
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
device is already mounted or cannot be unmounted. Use the fuser command to find
the process using the device.
Note: umount or unmount can be used interchangeably even on the SMIT fastpath.
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Checkpoint
1. What software must be installed and running on an NFS client or
server before beginning NFS configuration?
2. What other software needs to be installed?
3. What file needs to be created on an NFS server that lists the files,
directories, or file systems that are available for mounting from
clients?
4. Once the above-referenced file is created, what command must be
executed so the kernel can use this information?
5. What two daemons listed in /etc/rc.tcpip need to be up and running
for NFS to work properly?
6. What file contains the startup script for NFS?
7. In order for NFS to get started automatically after a reboot, what
file needs to be edited to add a reference to the /etc/rc.nfs file?
Notes:
Checkpoint Solutions
1. What software must be installed and running on an NFS client or
server before beginning NFS configuration? TCP/IP.
2. What other software needs to be installed? NFS.
3. What file needs to be created on an NFS server that lists the files,
directories, or file systems that are available for mounting from
clients? /etc/exports.
4. Once the above-referenced file is created, what command must be
executed so the kernel can use this information? exportfs -a.
5. What two daemons listed in /etc/rc.tcpip need to be up and running
for NFS to work properly? portmap and inetd.
6. What file contains the startup script for NFS? /etc/rc.nfs.
7. In order for NFS to get started automatically after a reboot, what
file needs to be edited to add a reference to the /etc/rc.nfs file?
/etc/inittab.
Additional Information
Transition Statement
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Exercise:
Notes:
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Summary
The TCP/IP portmap daemon must be active before NFS is started
NFS can be configured using SMIT, editing files, or a combination of
both methods
The NFS server file /etc/exports makes file systems or directories
available to NFS clients
NFS client mount point directories must exist before a remote mount
can be executed
NFS can be stopped and started using the rmnfs and mknfs
commands
Notes:
Copyright IBM Corp. 1997, 2006 Unit 13. Configuring NFS 13-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit Objectives
After completing this unit, students should be able to:
Notes:
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Automounter Overview
Used for automatic and transparent mounting and unmounting of
NFS File systems
Based on AutoFS facility
Uses automounter map files to find the mount directories and mount
arguments
Map can be text files or NIS maps
automount command
automountd daemon
Client-side server
Notes:
The autofs monitors specified directory mount points and when a file I/O operation is
requested to that mount point, requests automountd to mount directory within autofs.
Automount command is used to propagate the automatic mount information to the autofs
kernel extension and start automountd daemon. After a period of inactivity, five minutes by
default, the autofs attempt to unmount any mounted directories under its control.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Automounter Benefits
Reduces system administration of /etc/filesystems file particularly if
NIS maps are used
No premounting of directories not currently needed thus reducing
possibility of client hang due to down server
Distributes client workload for NFS read-only file systems
Provides method for single-system image for clients
Notes:
Using the automounter, you neither have to keep the /etc/filesystems file up to date with
NFS stanzas nor do you have to keep file systems mounted that are not being used.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
RELATIVE PATH
# cat /etc/auto.indirect
inventory sys3:/books
subscription sys4:/magazine
review sys9:/article
Notes:
The automounter Indirect local map will contain: 1) name of the client subdirectory mount
point, 2) server name, 3) full path name of the server's exported directory, and 4) optional
mount options.
The directories inventory, subscription and review do not have to exist on the client.
The name /etc/auto.indirect is arbitrary. Any name can be used but it must be created and
stored in the /etc directory. For simple system administration, use the word auto followed
by a name that describes the contents of the map. Grouping automounter maps by a
naming convention makes it easier to keep updated. automount local maps cannot be
created using SMIT.
Indirect map files are used for mounting NFS exported directories to local mount points
which cannot already exit. In this example the local mounts points are created within
/publishing directory. /publishing cannot already be an existing mount point.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
ABSOLUTE PATH
# cat /etc/auto.direct
Notes:
Direct maps are useful for directories that are under higher-level directories, such as /usr,
that cannot be used as an automounter indirect mount point. For example, building an
indirect map for /usr/man that uses /usr as a mount point would cover up files in /usr/bin.
mount-point is full absolute name of a directory.
map-name is the map autofs uses to find directions to locations, or mount information.
mount-options is optional, comma separated list of options that apply to the mounting of
the entries specified in map-name unless the entries in map-name list other entries.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
# cat /etc/auto_master
Notes:
Prior to AIX 5L release the automount command could mount indirect and direct maps
independently, for example: automount -m /publishing /etc/auto.direct.
However, AIX 5L requires all map files to be referenced from within file /etc/auto_master.
This filename is not optional.
The syntax for the master map file is local directory mount point, followed by the map name
and any optional mount options. /- for direct maps is a way of saying no mount point is
needed to be reference as it is implicitly stated from within the direct map file itself.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
automount Command
Creates the mount point
Example: # mkdir /publishing
Execute automount command
Loads autofs kernel extension
Read the master map
Passes information from master map to autofs
Starts automountd if not started already
Terminates
Syntax /usr/sbin/automount -v -t -i
AutoFS maintains internal table
Notes:
The automount command is used as an administration tool for autofs.
-v Displays on standard output status
-i Interval - specifies an interval, in seconds, that autofs directory lives
-t Duration, specifies a duration, in seconds, that an autofs unmount thread
sleeps before it starts to work again.
SMIT method:
# smit
Communications Applications and Services
NFS
Network File System (NFS)
Configure NFS
Start automount (Fastpath: # smit mkautomnt)
Only root can issue the automount command. Unlike the mount command, automount
cannot be invoked by a user in the system group.
/publishing is the client local parent directory to the actual mount point of the subdirectory
listed in the map.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Automounter Started
# automount -v
automount /publishing mounted
# mount
Notes:
Nothing is mounted at this point. The autofs daemon has been started and is waiting for a
user to reference the mount point the daemon is listening for which is /publishing. Once
accessed, autofs will have automountd handle the initial mount request.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
auto.pub
heidi
inventory moby
hamlet
Copyright IBM Corporation 2006
Notes:
When a user references /publishing/inventory that user should have automatic access to
all files from the sys3 /books exported directory.
The automatic mount happens when the user changes directory to /publishing/inventory,
at which time the kernel notifies the automountd daemon that the remote file system is
required. Access to a file within /publishing/inventory would have the same effect.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Notes:
Looking at the mount table, we see that the original /publishing parent mount point entry
exists and now an entry for the server directory /books exists as well.
The node column shows the server name of sys3. The mounted over column shows that
the remote directory has been mounted over the local mount point, /publishing/inventory.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
NFS Commands
Command Description Daemon
showmount Displays what clients have rpc.mountd
mounted
rpcinfo Displays what portmap has listed portmap
on Remote command execution rexd
rup Displays host uptime information rstatd
rusers Shows remote users rusersd
rwall Sends message to network users rwalld
spray Sends a stream of packets sprayd
nfsstat Displays status of NFS and RPC calls
nfs4cl NFS V4 statistics and properties properties
Notes:
The above daemons, with the exception of rpc.mountd and portmap are found in the
/etc/inetd.conf file and need to be uncommented and registered with the portmap
daemon. This should be done on both the NFS clients and servers. If you use SMIT to start
NFS, this step is done automatically for you.
showmount displays a list of all clients that have mounted remote file systems.
rpcinfo queries portmap daemon for information on services registered with portmap.
on executes commands on remote hosts.
rup shows the status of remote hosts on the local network.
rusers reports a list of users logged in to the remote machine.
rwall sends messages to all users on the network.
spray sends a specified number of packets to a host.
nfsstat displays statistical information about NFS and RPC calls
nfs4cl displays or modifies current NFS V4 statistics and properties.
Further information on these commands can be found in the Commands Reference
manuals.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
nfsstat command
nfsstat can give you an insight into performance problems. It is limited, however, because
server statistics are collected for all clients, and client statistics are collected for all servers.
It does not separate the distribution of called from each client or server.
# nfsstat -s
Server rpc:
Server nfs:
calls badcalls
7 0
nfsstat -s identifies a variety of important statistics for the server. The first line shows a
compilation of total RPC calls. From the total number of RPC calls, the badcalls report the
number of calls rejected. Calls are rejected because of authentication failures and if root
operations are attempted on the server by an unauthorized client. If bad calls are greater
than 0 the server is rejecting RPC requests. By default, eight nfsd daemons are started on
a server. Whenever the nfsd daemon is scheduled to run but doesn't find a packet on the
NFS server queue, the nullrecv field gets incremented by one. The server may be running
an excessive number of nfsd daemons.
badlen refers to an empty or truncated RPC packet. The packet could have been damaged
by a network problem.
xdrcall refers to an XDR header that may have been damaged. This is rare, but can happen
more often if the network is a WAN rather than a LAN.
The NFS statistics show the number of NFS calls made to the server. Each of the call types
(null, getattr, setattr, and so forth) relate to an NFS RPC service procedure. As an example,
the null procedure is used in every RPC program ensuring that the network is operational.
It acts similar to ping. rpcinfo calls the null procedure to check the reachability of the RPC
server programs. It also is used with the automount retry activities. If the automounter is
retrying mounts too frequently this value may be high and you may wish to lengthen the
time-out on automount.
NFS clients cache file attributes such as modification time and owner to avoid repeated
calls to the NFS server for this information. Once the getattr call has been completed, the
information is cached for repeated use. Repeated attribute changes by writes are easily
taken care of by the client. The attributes get written back to the server using the setattr
Uempty call. Attribute changes are written out when the cache's lifetime expires. Attribute changes
are written out at the end of the maximum period to avoid having the client and server
views of the files vary too greatly. Attribute caching can be disabled using the noac option
with the mount command. When many clients have attribute caching disabled, the server's
getattr increases significantly.
The lookup statistic displays the percentage of lookups that failed. Lookups are also
affected by a directory attribute cache time-out. If there are multiple clients creating and
using the same server directory, you want them all to see the most current listing of the files
in that directory when they execute ls. For example, if clientA creates fileA, and clientB
does an ls file*, clientB may get back an error No such file or directory. In this case, the
shell (because of the *) tries to read the directory entries to perform the file name matching
before it passes it to ls. Since the directory entries are cached on clientA, in this example, it
is possible that clientB does not see the newly created file until clientA's directory cache is
flushed. A high lookup percentage would indicate that if the directory cache were reduced,
more lookups by all clients may be more successful on the first attempt. Use the actime
option with the mount command to change the directory cache time-out.
# nfsstat -c
Client rpc :
calls badcalls retrans badxid timeout
3392 0 4 0 4
Client nfs:
calls badcalls nclget nclsleep
3355 0 3355 0
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
To understand badxid, you have to know something about NFS requests. An XID is
assigned to each NFS request. That same XID is assigned if the request has to be
retransmitted. An NFS client may have multiple NFS requests out to several servers. When
a response is received from a server, the client matches the XID in the response to the
RPC call request. It could happen that the client retransmitted just when the slow server
responded; thus, the retransmission crossed the response. Therefore, when the response
to the second request is sent back to the client, there is no XID to match. The badxid count
is incremented, badxid indicates if a server is receiving some transmitted requests, but is
so slow in replying that no match is found for the XID that was originally assigned to the
request.
Looking at the NFS statistics, calls and bad calls indicate the number of calls and rejected
calls made to the servers.
The nclget and nclsleep attributes deal with file handles. When an NFS client sends a
mount request, the mountd on the server determines if that client has permissions to the
exported directory. If so, mountd sends the client's kernel a file handle. The file handle
becomes a pointer for the kernel to maintain the server connection information. Once the
mount takes place, the client performs read/write operations. The biod sends the file
handle to the server where the file is read by an nfsd daemon. NFS servers and clients
identify files through a variable-length file handle. When clients look up files by pathname
(one component at a time) they are given a file handle for the directory containing the file
and for the file itself. A file handle is transparent to the client, but the server must be able to
translate the file handle to a file. The nclget indicates how many times the client had to
request a new client handle for an NFS call. nclsleep indicates the number of times an NFS
call was blocked because no client handle was available. nclsleep should be zero as client
handles should be allocated on demand. Client handles can be increased in the param.c
file.
Transition Statement Many of these daemons are under control of inetd. Let's take a
look at how they are configured in the /etc/inetd.conf file.
Uempty
/etc/inetd.conf
# vi /etc/inetd.conf
Notes:
SMIT Method:
# smit
Communications Applications and Services
NFS
Network File System (NFS)
Configure NFS on This System
Start NFS (Fastpath: &numsign smit mknfs)
Uncomment the above NFS daemons. Those daemons answer requests for their
respective NFS commands. This should be done on both the clients and the servers so
everyone can participate in issuing and responding to the commands.
If this step is done AFTER NFS has already been started, you must be sure to register
these daemons with the portmap daemon. Do the following to have the inetd daemon
reread its /etc/inetd.conf file and register the programs with portmap.
# refresh -s inetd
This step is done for you if you start NFS via SMIT.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Explain the role the /etc/inetd.conf. file plays with NFS.
Details There are six NFS daemons located in /etc/inetd.conf. They get registered by
inetd with the portmap daemon at system startup. The others that get registered are found
in the /etc/rc.nfs script file. /etc/inetd.conf lists the service name, socket type, protocol to
use, program number, and other information.
Transition Statement It is very helpful to know what file systems are been exported by
a server or what clients have mounted to exported file systems. The showmount
command can provide that information.
Uempty
What a Server Is Exporting
# showmount -e sys4
# showmount -a sys4
sys3:/home/records
sys7:/budgets
Notes:
The showmount command provides information about a server's mount information or
what a server has exported.
The -e option lists what is currently exported by a specific server.
The -a option lists the client name and directory path name that has been remotely
mounted.
Because showmount talks to the rpc.mountd daemon, it is possible to view lists on
network servers. The rpc.mountd daemon stores this information in the /etc/rmtab file.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the use of the showmount command.
Details The showmount command communicates with the rpc.mountd daemon on the
local or a remote server. When rpc.mountd accepts a mount request from a client, it
places the directory name and client hostname in /etc/rmtab. Entries in /etc/rmtab remain
until the client unmounts the remote mount.
The -e option interrogates the contents of the /etc/xtab file on the target base.
The -a option displays a list of all remote directories mounted by a host.
Discussion Items How do I know what files have been exported? A mistake is to look in
the /etc/exports file. Using the exportfs command on a server will display the contents of
the /etc/xtab file. Simply displaying the contents of /etc/exports file may not be an
accurate view of what is currently exported. exportfs is for local use. The showmount
command is used to view what a remote or local server currently has exported.
Transition Statement How can you tell if a particular version of a server has registered
with portmap? The rpcinfo command can provide that information.
Uempty
rpcinfo
rpcinfo -p sys4
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 604 mountd
rpcinfo -u sys4 nfs 2
program 100003 version 2 ready and waiting
rpcinfo -b autofs 1
10.19.98.4 sys4
10.19.98.5 sys5
Notes:
rpcinfo queries the remote portmap daemon.
rpcinfo can be used to detect and debug failures such as:
Dead or hung servers caused by improper configuration or a failed daemon
Bogus or renegade RPC servers
Broadcast-related problems
If the portmap daemon on the remote host has failed, this command times out.
The -u option makes a call to the specific program and version number on a specific host
using UDP and reports whether the program is ready and waiting for requests.
The -b option makes an RPC broadcast of the specified program and version number and
reports all hosts that respond.
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose Describe the purpose and function of rpcinfo.
Details The rpcinfo command makes an RPC call to an RPC server and reports the
status of the RPC service (example, ready and waiting, available, and so forth.)
rpcinfo can provide considerable help in the diagnosis of RPC problems by displaying
what services are registered with a host and are ready and waiting to be used. It can be
used as a test of connectivity verifying that the remote system is capable of accepting and
replying to an RPC request.
The -p option queries the portmap daemon on the specified host for all registered RPC
services. The output displays the program and version number, the protocols supported,
the IP port used by the RPC server, and the name of the RPC service. If the portmap
daemon on the remote system is not reachable for whatever reason, rpcinfo times out and
reports the error. This is a good first step in diagnosing the problem.
The -u option used along with a specified hostname, RPC program and version number,
gives the status of the RPC service. This may be used if the NFS client is trying to mount a
file system or directory from an NFS server. The mount is successful, but any attempt to
use the remote file hangs. The -u tells rpcinfo to use the UDP protocol. A -t option
specifies the TCP protocol to be used.
The -b option does an RPC broadcast of the specified program and version using the UDP
protocol, and reports all hosts that respond. This shows all systems on the local network
that are running a certain version of the specific RPC service.
Transition Statement Before we summarize, let's look at some checkpoint exercises.
Uempty
Checkpoint
1. T/F: The automounter local map contains three pieces of
information:
a. Name of the client subdirectory mount point
b. Server name
c. Path name of the server's exported directory
2. T/F: The command you can use to get NFS statistics is netstat.
3. T/F: AutoFS is a server-side service that allows for automatic and
transparent mounting and unmounting of NFS file systems.
4. T/F: The rup command requires rexd daemon to be running.
Notes:
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Checkpoint Solutions
1. T/F: The automounter local map contains three pieces of
information:
a. Name of the client subdirectory mount point
b. Server name
c. Path name of the server's exported directory
True.
2. T/F: The command you can use to get NFS statistics is netstat.
False. The command is nfsstat.
3. T/F: AutoFS is a server-side service that allows for automatic and
transparent mounting and unmounting of NFS file systems. False.
4. T/F: The rup command requires rexd daemon to be running. False.
The rstatd needs to be running.
Additional Information
Transition Statement
Uempty
Exercise:
Notes:
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Additional Information
Transition Statement
Uempty
Unit Summary
Automatic mounting of file systems is performed using automount
command, AutoFS facility, and automountd
Automount map files are used to locate mapping for directories
The master map associates a directory with a map file
NFS has many subserver commands
Notes:
Copyright IBM Corp. 1997, 2006 Unit 14. Automounter and NFS Commands 14-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Instructor Notes:
Purpose
Details
Transition Statement
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 1 (1 of 4)
Checkpoint Solutions (1 of 4)
1. (True or False) IP addresses must be unique for each interface
on the network.
2. (True or False) Protocols define rules for orderly
communications.
3. A socket consists of:
a. A machine address and port number
b. An IP address, port number, and protocol family
c. A machine address and IP address
d. A host name and port number
4. A gateway in TCP/IP terminology is synonymous with:
a. Bridge
b. Repeater
c. Router
d. Logical link device
Uempty Unit 1 (2 of 4)
Checkpoint Solutions (2 of 4)
5. How many bits make up the unique physical address of a network
adapter?
a. 16
b. 32
c. 48
d. 64
6. How many bits make up a Internet Protocol V4 address?
a. 16
b. 32
c. 48
d. 64
7. What are the two pieces of an Internet address?
Network address and local host address
8. (True or False) When you accept the defaults, the portions of the
Internet address used for the network address and the local host
address are determined by the address class (A, B, or C).
Copyright IBM Corporation 2006
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 1 (3 of 4)
Checkpoint Solutions (3 of 4)
9. (True or False) An Internet address is usually written in a form
known as dotted decimal notation, where the value of each byte
of the address is written in decimal and the bytes are separated
by periods.
10. What is the special address 127.0.0.1?
This is the loopback address used by a system to send
messages to itself.
11. What decimal value is used in the host address octets for
sending broadcast messages?
255 (all bits on)
12. (True or False) ARP is designed for networks with broadcast
ability only.
13. Why are port numbers included in UDP and TCP headers?
Port numbers distinguish between multiple processes
running on the same host. Server side ports (and the
transport layer protocol in use) also identify the network
service associated with the connection.
Copyright IBM Corporation 2006
Uempty Unit 1 (4 of 4)
Checkpoint Solutions (4 of 4)
14. If UDP discards a datagram, is there an ICMP message
generated? If not, why not?
An ICMP message is not generated because the datagram
was delivered by IP to UDP. Once it reaches its destination,
IP has no knowledge of what is done with the datagram.
15. (True or False) IP guarantees delivery of datagrams in the same
sequence as they are sent.
The statement is false. IP is a connectionless protocol.
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 2
Checkpoint Solutions
1. When might an HMC need to be configured as a DHCP server?
This is appropriate when the HMC is on a private network
and there is no other DHCP server.
2. How is the HMC connected to its managed system?
The connection uses Ethernet.
3. In what ways can the HMC functions be accessed remotely?
SSH, WebSM client, from another HMC
4. Besides the firewall options, what are the two remote access
options that can be enabled or disabled on the HMC?
Remote virtual console, SSH access
5. (True or False) The HMC can be used as a fully functional Linux
system.
Uempty Unit 3
Checkpoint Solutions
1. What is a good first command to use to test if two hosts are talking
to each other on a network? ping
2. What command can you use to test for proper name resolution,
both name to address and address to name? host
3. What command displays what is in your arp cache? arp -a
4. What command shows the network status including input and
output packets transmitted on a network interface? netstat -i
5. What files need to be set up correctly in order for any user to have
access to telnet services? /etc/services,/etc/inetd.conf and
/etc/rc.tcpip
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 4
Checkpoint Solutions
1. T/F: To use Virtual Ethernet, you must order the Advanced
POWER Hypervisor feature. False.
2. T/F: AIX 5L 5.2 can be configured with Virtual Ethernet. False.
3. T/F: Virtual Ethernet supports both IPv4 and IPv6 environments.
True.
4. T/F: When listing devices with lsdev it is easy to see which are
physical Ethernet devices, which are virtual and which are VLAN
devices. True.
5. The PVID for a virtual Ethernet adapter is configured in the
HMC partition profile.
6. To use multiple VIDs with a virtual Ethernet adapter, the VIDs must
be defined in the HMC partition profile and in the
VLAN adapter in AIX.
7. Associate the term with its definition:
_B_ IEEE 802.1Q A. Identifies a virtual LAN
_A_ VID B. Virtual LAN standard
_C_ PVID C. Default VID associated with a switch port
Uempty Unit 5
Checkpoint Solutions
1. There are three types of routing table entries: direct, indirect, and
default. Which type occurs when the source and destination hosts
are on different physical networks and the destination is
specifically designated?
a. direct
b. indirect
c. default
2. When a network interface is configured, a route is created in the
route table. What is the term associated with the creation of this
route?
a. dynamic
b. implicit
c. static (or explicit)
3. T/F: The route -f (or route flush) command deletes ALL routes.
False. It flushes all routes except ones created implicitly.
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 6 (1 of 2)
Checkpoint Solutions (1 of 2)
1. T/F: The gated and routed daemons can be run at the same time.
False. Unpredictable results occur if they are running on the same system at the
same time.
2. The routed daemon supports the following protocols. (Choose all
that apply.)
a. OSPF
b. HELLO
c. RIP - routed only supports RIP
d. EGP
3. The gated daemon supports the following routing protocols.
(Choose all that apply.)
a. BGP
b. RIP
c. OSPF
d. IP
4. T/F: Distance vector protocols measure cost via a metric called
hops. True.
5. T/F: OSPF is a distance vector protocol. False. OSPF is a link state
protocol.
Uempty Unit 6 (2 of 2)
Checkpoint Solutions (2 of 2)
6. The following characteristics describe a link state protocol. (Select
all that apply.)
a. Uses only a hop metric to determine cost
b. Maintains a database map of all links in the network
c. Provides for authorization of routers and update packets
7. T/F: The /etc/gated.conf file contains statements classes that are
read by the gated daemon on start-up. True.
8. What routing protocol does the gated daemon use by default?
(Select all that apply.)
a. RIP - RIP in broadcast mode/active/.
b. RIP-2
c. OSPF
d. BGP
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 7
Checkpoint Solutions
The Virtual I/O Server is a special partition that hosts
virtual SCSI disk and shared Ethernet adapter resources.
Shared Ethernet adapters (SEAs) bridge
external networks to internal VLANs.
T/F: The virtual adapter associated with a shared Ethernet adapter
connected to the external network must have trunk adapter
checked. True.
T/F: More than one VLAN can be bridged to the external network
using one SEA. True.
How many virtual Ethernet adapters marked as trunk adapters per
VLAN can you have? One.
T/F: The virtual I/O server connection to the external LAN can be an
aggregate of adapters. True.
Uempty Unit 8
Checkpoint Solutions
1. T/F: No configuration of the clients or routers is needed to use a
VIPA in the server. False. Clients need return routes to the
VIPA address. If there are intervening routers, they will need
routes as well.
2. T/F: Multipath routing allows administrators to no longer have to
have a different destination, netmask, or group ID on a route
definition. True.
3. T/F: PMTU Discovery is used to determine the largest packet that
can be sent over a particular network. True.
4. T/F: You need to enable PMTU to take full advantage of multipath
routing feature. False. In AIX 5L V 5.2 and earlier, you need to
disable PMTU discovery to stop the cloning of routes.
In AIX 5L V5.3, PMTU discovery has no effect on multipath
routing.
5. T/F: Dead Gateway Detection, along with multipath routing allows
for multiple routes to the same destination which can be used for
load-balancing and failover. True.
Copyright IBM Corporation 2006
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 9 (1 of 3)
Checkpoint Solutions (1 of 3)
1. The TTL of the Standard Resource Records for the name server
zone files is specified in:
a. Minutes
b. Hours
c. Days
d. Seconds
Uempty Unit 9 (2 of 3)
Checkpoint Solutions (2 of 3)
4. T/F: The named daemon must be running on every machine
participating in the domain environment. False. named only runs
on the name servers.
5. When the system administrator wants to see the active name
server database, a file must be created which contains a dump of
the active database. This is done with the command kill -2
<pid_named>. The result of that dump file is located in:
a. /etc/tmp/named_dump.db
b. /var/tmp/named_dump.db
c. /tmp/named_dump.db
d. /var/lpp/tmp/named_dump.db
6. T/F: The zone files contain information regarding the nameserver's
zone of authority for both host to IP address name resolution and
IP address to host name resolution. True.
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 9 (3 of 3)
Checkpoint Solutions (3 of 3)
7. Match the following:
a. cache ____ Zone file defines the host to IP address name resolution.
b. name ____ Zone file defines the IP address to host name resolution.
c. local IP ____ Zone file defines the local IP address resolution.
d. IP ____ File defines where to send requests for resolution of names not
contained in nameserver database.
Answers: b, d, c, a.
8. What is the name of the file that tells the system whether to run in
a flat network or a domain network? /etc/resolv.conf
9. T/F: On the client, the /etc/resolv.conf contains the default domain
name for the system and the name servers it uses for the name
resolution. True.
10. T/F: The named can be started automatically with a command
line entry in the inetd.conf file. False.
Uempty Unit 10
Checkpoint Solutions
1. T/F: In AIX, all Hosts should get their IP address via DHCP. False.
2. A ____________ forwards DHCP/BOOTP packets to another
network. DHCP/BOOTP relay agent
3. DHCP supports persistent storage of network parameters for
clients. This information is sent to the client in the
______________________ field of the DHCP packet. options.
4. T/F: A DHCP server can only allocate dynamic addresses to a
client. False.
5. Put the following DHCP messages in the correct order:
a. DHCPACK
b. DHCPREQUEST
c. DHCPRELEASE
d. DHCPDISCOVER
e. DHCPOFFER
Answer: d, e, b, a, c
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 11 (1 of 2)
Checkpoint Solutions (1 of 2)
1. Name the two commands that can be used on AIX to display the
characteristics of a network interface. lsattr, ifconfig
2. Which command below lists configuration information for a
Token-Ring network adapter on the RS/6000 including the vital
product data?
a. lsdev -C -c tok0
b. lscfg
c. lscfg -v -l tok0
d. lsattr -E -l tok0
3. Which two commands below are the most commonly used and
most useful commands for doing problem determination on a
network?
a. arp and host
b. ping and nfsstat
c. ping and netstat
d. spray and no
Uempty Unit 11 (2 of 2)
Checkpoint Solutions (2 of 2)
4. If you want to monitor network traffic across an interface, what
command would you use?
a. netstat -s
b. netstat -i
c. netstat -l
d. netstat -m
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 12 (1 of 2)
Checkpoint Solutions (1 of 2)
1. T/F: A host can be an NFS server and NFS Client simultaneously.
True.
2. T/F: An NFS mount request is always issued by the NFS client.
True.
3. What server daemon handles client requests for file system
operations? nfsd.
4. What daemon runs on the client which provides block input/output
operations in order to perform read-ahead, write-behind requests?
biod.
Uempty Unit 12 (2 of 2)
Checkpoint Solutions (2 of 2)
5. What daemons are started on both the client and server systems
used to handle file and record locking? statd and lockd.
6. What command is used to see which file systems are currently
mounted? mount.
7. What daemon provides a lookup function on port numbers
associated with a specific program that a user needs to access?
portmap.
8. T/F: The cacheFS is implemented on the NFS server. False.
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Unit 13
Checkpoint Solutions
1. What software must be installed and running on an NFS client or
server before beginning NFS configuration? TCP/IP.
2. What other software needs to be installed? NFS.
3. What file needs to be created on an NFS server that lists the files,
directories, or file systems that are available for mounting from
clients? /etc/exports.
4. Once the above-referenced file is created, what command must be
executed so the kernel can use this information? exportfs -a.
5. What two daemons listed in /etc/rc.tcpip need to be up and running
for NFS to work properly? portmap and inetd.
6. What file contains the startup script for NFS? /etc/rc.nfs.
7. In order for NFS to get started automatically after a reboot, what
file needs to be edited to add a reference to the /etc/rc.nfs file?
/etc/inittab.
Uempty Unit 14
Checkpoint Solutions
1. T/F: The automounter local map contains three pieces of
information:
a. Name of the client subdirectory mount point
b. Server name
c. Path name of the server's exported directory
True.
2. T/F: The command you can use to get NFS statistics is netstat.
False. The command is nfsstat.
3. T/F: AutoFS is a server-side service that allows for automatic and
transparent mounting and unmounting of NFS file systems. False.
4. T/F: The rup command requires rexd daemon to be running. False.
The rstatd needs to be running.
Copyright IBM Corp. 1997, 2006 Appendix A. Checkpoint and Activity Solutions A-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Directories
mkdir make directory
cd change directory. Default is $HOME directory.
rmdir remove a directory (beware of files starting with .)
rm remove file; -r option removes directory & all files &
subdirectories recursively.
pwd print working directory
ls list files
-a (all)
-l (long)
-d (directory information)
-r (reverse alphabetic)
-t (time changed)
-C (multi column format)
-R (recursively)
-F (places / after each directory name & * after each exec file)
Files - Basic
cat list files contents (concatenate).
Can open a new file with redirection, for example, cat > newfile.
Use <Ctrl>d to end input.
chmod change permission mode for files or directories.
chmod =+- files or directories
(r,w,x = permissions and u, g, o, a = who)
can use + or - to grant or revoke specific permissions.
can also use numerics, 4 = read, 2 = write, 1 = execute.
Editors
ed line editor
vi screen editor
INed LPP editor
emacs screen editor +
Uempty Metacharacters
* any number of characters (0 or more)
? any single character
[abc] [ [ any character from the list
[a-c] [ ] match any character from the list range
! not any of the following characters (for example, leftbox !abc
right box)
; command terminator used to string commands on a single line
& command preceding & to be run in background mode
# comment character
\ removes special meaning (no interpretation) of the following
character
removes special meaning (no interpretation) of character in
quotes
" interprets only $, backquote, and \ characters between the
quotes.
` used to set variable to results of a command for example,
now=`date` sets the value of now to current results of the date
command.
$ preceding variable name indicates the value of the variable.
Variables
= set a variable (for example, d=day sets the value of d to
day). Can also set the variable to the results of a command by
the ` character for example, now=`date` sets the value of now to
the current result of the date command.
HOME home directory
cpio copies to and from an I/O device. Destroys all data previously
on tape or diskette. For input, must be able to place files in the
same relative (or absolute) path name as when copied out (can
determine path names with -it option). For input, if file exists,
compares last modification date and keeps most recent (can
override with -u option).
-o (output) -i (input),
-t (table of contents) -v (verbose),
-d (create needed directory for relative path names)
-u (unconditional to override last modification date)
for example, cpio -o > /dev/fd0
file1
file2
<Ctrl-d>
or cpio -iv file1 < /dev/fd0
tapechk performs simple consistency checking for streaming tape drives
tcopy copies information from one tape device to another
tctl sends commands to a streaming tape device
tar alternative utility to backup and restore files
pax alternative utility to cpio and tar commands
Transmitting
mail send and receive mail. With userid sends mail to userid.
Without userid, displays your mail. When processing your mail,
at the ? prompt for each mail item, you can:
d - delete s - append
. q - quit enter - skip
m - forward
mailx upgrade of mail
uucp copy file to other UNIX systems (UNIX to UNIX copy)
uuto/uupick send and retrieve files to public directoryon)
uux execute on remote system (UNIX to UNIX execute)
System Administration
df display filesystem usage
installp install program
Uempty kill (pid) kill batch process with id or (pid) (find using ps);
kill -9 (PID) will absolutely kill process
mount associate logical volume to a directory;
for example, mount device directory
ps -ef shows process status (ps -ef)
umount disassociate filesystem from directory
smit system management interface tool
Miscellaneous
banner displays banner
date displays current date and time
newgrp change active groups
nice assigns lower priority to following command
(for example, nice ps -f)
passwd modifies current password
sleep n sleep for n seconds
stty show and or set terminal settings
touch create a zero length files
xinit initiate X-Windows
wall sends message to all logged#in users.
who list users currently logged in (who am i identifies this user)
man,info displays manual pages
System Files
/etc/group list of groups
/etc/motd message of the day, displayed at login.
/etc/passwd list of users and signon information. Password shown as !. Can
prevent password checking by editing to remove !.
/etc/profile system wide user profile executed at login. Can override
variables by resetting in the user's .profile file.
/etc/security directory not accessible to normal users
/etc/security/environ user environment settings
/etc/security/group group attributes
Variables
var=string set variable to equal string. (NO SPACES).
Spaces must be enclosed by double quotes.
Special characters in string must be enclosed by single quotes
to prevent substitution.
Piping (|), redirection (<, >, >>), and & symbols are not
interpreted.
$var gives value of var in a compound
echo displays value of var, for example, echo $var
HOME = home directory of user
MAIL = mail file mane
PS1 = primary prompt characters, usually $ or #
PS2 = secondary prompt characters, usually >
PATH = search path
TERM = terminal type being used
export exports variables to the environment
env displays environment variables settings
${var:-string} gives value of var in a command. If var is null, uses 'string'
instead.
$1 $2 $3... positional parameters for variable passed into the shell script
$* used for all arguments passed into shell script
$# number of arguments passed into shell script
$0 name of shell script
$$ process id (pid)
$? last return code from a command
Uempty Commands
# comment designator
&& logical-and. Run command following && only if command
preceding && succeeds (return code = 0).
|| logical-or. Run command following || only if command
preceding || fails (return code < > 0).
exit n used to pass return code nl from shell script. Passed as
variable $? to parent shell
expr arithmetic expressions
Syntax: expr expression1 operator expression2
operators: + - \* (multiply) / (divide) % (remainder)
for loop for n (or: for variable in $*); for example,:
do
command
done
if-then-else if test expression
then command
elif test expression
then command
else
then command
fi
read read from standard input
shift shifts arguments 1-9 one position to the left and decrements
number of arguments
test used for conditional test, has two formats.
if test expression (for example, if test $# -eq 2)
if expression
(for example, if $# -eq 2 ") (spaces req'd)
integer operators:
-eq (=) -lt (<) -le (=<)
-ne (<>) -gt (>) -ge (=>)
string operators:
= != (not eq.) -z (zero length)
file status (for example, -opt file1)
-f (ordinary file)
-r (readable by this process)
-w (writable by this process)
-x (executable by this process)
-s (non#zero length)
Miscellaneous
sh execute shell script in the sh shell
-x (execute step by step - used for debugging shell scripts)
vi Editor
Entering vi
vi file edits the file named file
vi file file2 edit files consecutively (via :n)
.exrc file that contains the vi profile
wm=nn sets wrap margin to nn
Can enter a file other than at first line by adding + (last line), +n
(line n), or +/pattern (first occurrence of pattern).
vi -r lists saved files
vi -r file recover file named file from crash
:n next file in stack
:set all show all options
:set nu display line numbers (off when set nonu)
.:set list display control characters in file
:set wm=n set wrap margin to n
:set showmode sets display of INPUT when in input mode
Uempty :r file2 read file2 contents into buffer following current cursor
:r! com read results of shell command com following current cursor
:! exit shell command (filter through command)
:wq or ZZ write and quit edit session
Units of Measure
h, l character left, character right
k or <Ctrl>p move cursor to character above cursor
j or <Ctrl>n move cursor to character below cursor
w, b word right, word left
^, $ beginning, end of current line
<CR> or + beginning of next line
- beginning of previous line
G last line of buffer
Cursor Movements
Can precede cursor movement commands (including cursor arrow) with number of times to
repeat, for example, 9--> moves right 9 characters.
0 move to first character in line
$ move to last character in line
^ move to first nonblank character in line
fx move right to character x
Fx move left to character x
tx move right to character preceding character x
Tx move left to character preceding character x
; find next occurrence of x in same direction
, find next occurrence of x in opposite direction
w tab word (nw = n tab word) (punctuation is a word)
W tab word (nw = n tab word) (ignore punctuation)
b backtab word (punctuation is a word)
B backtab word (ignore punctuation)
e tab to ending char. of next word (punctuation is a word)
Adding Text
a add text after the cursor (end with <esc>)
A add text at end of current line (end with <esc>)
i add text before the cursor (end with <esc>)
I add text before first nonblank char in current line
o add line following current line
O add line before current line
<esc> return to command mode
Replacing Text
ra replace current character with a
R replace all characters overtyped until <esc> is entered
s delete current character and append test until <esc>.
s/s1/s2 replace s1 with s2 (in the same line only)
S delete all characters in the line and append text
cc replace all characters in the line (same as S)
ncx delete n text objects of type x; w, b = words,) = sentences, } =
paragraphs, $ = end-of-line,^ = beginning of line) and enter
append mode
C replace all characters from cursor to end-of-line.
Moving Text
p paste last text deleted after cursor (xp transposes two
characters)
P paste last text deleted before cursor
Miscellaneous
. repeat last command
J join current line w/next line
TCP/IP Commands
arp Display or change the Address Resolution Protocol tables
ate Invoke AIX Asynchronous Terminal Emulator
cu Invoke call UNIX terminal emulator
f Display user information (same as finger)
finger Display user information
ftp Use the FTP protocol to transfer a file
gettable Get NIC format host tables from a host
host Display internet address or hostname of a specified host
hostent Manipulate host entries
hostid Set or display the internet of a host
hostname Show and set the hostname
htable Convert NIC format hosts tables to /etc/hosts, /etc/networks,
and /etc/gateways
ifconfig Configure network interface
ipreport Generate a packet trace report
mkhosts Generate hosts table
mktcpip Configure and start initial TCP/IP configuration
named-xfer Used by named when acting as secondary name server to
obtain database
netstat Show network statistics
no Configure TCP/IP kernel network options
ping Send an ICMP packet to determine if a host is reachable
rcp Remote copy command
Copyright IBM Corp. 1997, 2006 Appendix D. TCP/IP and NFS/NIS Commands and Files D-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
TCP/IP Daemons
fingerd Provides remote user information
ftpd Provides server function for File Transfer Protocol (FTP)
gated Dynamic routing for RIP, EGP, HELLO, BGP and SNMP
protocols
inetd Provides internet service management
iptrace Trace internet packets
lpd Provides remote print service
Uempty named Provides server function for the Domain Name protocol
pppattachd Implements PPP protocol - one daemon per connection runs on
each AIX system
pppcontrold Manages PPP subsystem
rexecd Provides server function for the rexec command
rlogind Provides server function for the rlogin command
routed Dynamic routing for RIP protocol
rshd Provides server function for the rwho and ruptime commands
rwhod Provides server function for the rwho and ruptime commands
snmpd Simple Network Management Protocol Agent
syslogd Reads and logs system messages
talkd Provides server function for the talk command
telnetd Provides server function for the TELNET protocol
tftpd Provides server function for Trivial File Transfer Protocol
(TFTP)
timed Provides the time server function
TCP/IP Files
Note: All files are in the /etc directory unless otherwise noted
addrs.awk Shell script to convert /etc/hosts to domain data (in
/usr/samples/tcpip)
anon.ftp Shell script to set up anonymous ftp (in /usr/samples/tcpip)
ate.def Profile for ATE terminal emulator
chap-secrets (in /etc/ppp) Contains secrets (passwords) for use by PPP's
CHAP authentication
ftpusers List of users not authorized for use by remote ftp clients
gated.conf Configuration file for gated
gateways Configuration file for routed
hosts Mapping of IP addresses to host names
hosts.awk Shell script to convert /etc/hosts to domain data (in
/usr/samples/tcpip)
hosts.equiv List of hosts authorized for Berkeley remote operations
hosts.lpd List of hosts authorized for remote printing
Copyright IBM Corp. 1997, 2006 Appendix D. TCP/IP and NFS/NIS Commands and Files D-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
NFS/NIS Commands
domainname Display or set the NIS domain name
exportfs Export or unexport directories for NFS
makedbm Make an NIS map
mkalias Convert NIS mail.aliases map to mail.byaddr map
mknfs Configures NFS
Uempty mrgpwd Merges the /etc/passwd and /etc/security/passwd files for NIS
nfso Configures NFS kernel network options
nfsstat Displays NFS status information
on Executes commands on a remote machine
rmnfs Deconfigures and stops NFS
rpcgen Generate C code to implement RPC protocol
rpcinfo Reports the status of RPC servers
rup Reports status of remote hosts
rusers Reports users logged on to remote machines
rwall Sends messages to all users on a network
showmount Shows clients that have NFS filesystems mounted
spray Sends packets to a host to test network bandwidth and server
capability
ypcat Displays an NIS map
ypinit Sets up NIS maps on an NIS server
ypmatch Displays the value of a key within a map
yppasswd Changes the NIS password
yppoll Displays the NIS map order number (version stamp)
yppush Pushes maps to NIS slave servers
ypset Directs a client to a specific server
ypwhich Identifies the master server for maps
ypxfr Transfers a map from the NIS master server to a slave server
NFS/NIS Daemons
automount Automatically mounts NFS filesystems
biod NFS client block I/O daemon
nfsd NFS server request handler
portmap Maps RPC program numbers to port numbers
rpc.lockd Processes file locking requests via RPC
rpc.mountd Processes remote mount requests via RPC
rpc.pcnfsd Provides support for PC-NFS clients
rpc.rexd Handles requests for remote execution of command via RPC
Copyright IBM Corp. 1997, 2006 Appendix D. TCP/IP and NFS/NIS Commands and Files D-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
NFS/NIS Files
Note: All files are in the /etc directory unless otherwise noted.
exportfs Lists directories that can be exported to NFS clients
Makefile Makefile for NIS maps (in /etc/yp)
netgroup Lists groups of users on the network
nfs.clean Shell script that brings down NFS daemons
rc.nfs Shell script to start NFS and NIS daemons
rpc Contains database information for RPC programs
updaters Makefile for updating NIS maps (in /var/yp)
xtab Lists directories that are currently exported to NFS clients
ypxfr_1perday Sample script for running ypxfr on slave server through cron
once a day (in /usr/etc/yp)
ypxfr_1perhour Sample script for running ypxfr on slaver server through cron
once an hour (in /usr/etc/yp)
ypxfr_2perday Sample script for running ypxfr on slave server through cron
twice a day (in /usr/etc/yp)
Purpose
Manages network tuning parameters.
Syntax
no [ -p | -r ] { -o Tunable[=NewValue] }
no [ -p | -r ] {-d Tunable }
no [ -p | -r ] { -D }
no [ -p | -r ] -a
no -?
no -h [ Tunable ]
no -L [ Tunable ]
no -x [ Tunable ]
Note:
Multiple flags -o, -d, -x, and -L are allowed.
Description
Use the no command to configure network tuning parameters. The no command sets or
displays current or next boot values for network tuning parameters. This command can
also make permanent changes or defer changes until the next reboot. Whether the
command sets or displays a parameter is determined by the accompanying flag. The -o
flag performs both actions. It can either display the value of a parameter or set a new value
for a parameter. When the no command is used to modify a network option it logs a
message to the syslog using the LOG_KERN facility. For a more information on how the
network parameters interact with each other, refer to the AIX 5L Version 5.2 System
Management Guide: Communications and Networks.
Attention: Be careful when you use this command. If used incorrectly, the no command
can cause your system to become inoperable.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Flags
-L [Tuna- Lists the characteristics of one or all Tunables, one per line, using
ble] the following format:
NAME CUR DEF BOOT MIN MAX UNIT TYPE
DEPENDENCIES
--------------------------------------------------------------------------------
General Network Parameters
--------------------------------------------------------------------------------
sockthresh 85 85 85 0 100 %_of_thewall D
--------------------------------------------------------------------------------
fasttimo 200 200 200 50 200 millisecond D
--------------------------------------------------------------------------------
inet_stack_size 16 16 16 1 kbyte R
--------------------------------------------------------------------------------
...
where:
CUR = current value
DEF = default value
BOOT = reboot value
MIN = minimal value
MAX = maximum value
UNIT = tunable unit of measure
TYPE = parameter type: D (for Dynamic), S (for Static), R for Reboot),
B (for Bosboot), M (for Mount), I (for Incremental) and C (for Connect)
DEPENDENCIES = list of dependent tunable parameters, one per line
-x [Tun- Lists characteristics of one or all tunables, one per line, using the
able] following (spreadsheet) format:
tunable,current,default,reboot,min,max,unit,type,{dtunable }
where:
current = current value
default = default value
reboot = reboot value
min = minimal value
max = maximum value
unit = tunable unit of measure
type = parameter type: D (for Dynamic), S (for Static), R (for
Reboot), B (for Bosboot),
M (for Mount), I (for Incremental) and C (for Connect)
dtunable = space separated list of dependent tunable parameters
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
Any change (with -o, -d, or -D) to a parameter of type Mount results in a message
displaying to warn the user that the change is only effective for future mountings.
Any change (with -o, -d or -D flags) to a parameter of type Connect results in inetd being
restarted, and a message displaying to warn the user that the change is only effective for
future socket connections.
Any attempt to change (with -o, -d, or -D) a parameter of type Bosboot or Reboot without -r,
results in an error message.
Any attempt to change (with -o, -d, or -D but without -r) the current value of a parameter of
type Incremental with a new value smaller than the current value, results in an error
message.
Mount If changes to the parameter are only effective for future file
systems or directory mounts
Incre-
If the parameter can only be incremented, except at boot time
mental
Connect If changes to the parameter are only effective for future socket
connections
For parameters of type Bosboot, whenever a change is performed, the tuning commands
automatically prompt the user to ask if they want to execute the bosboot command. For
parameters of type Connect, the tuning commands automatically restart the inetd daemon.
Note that the current set of parameters managed by the no command only includes
Reboot, Static, Dynamic, Incremental, and Connect types.
Compatibility Mode
When running in pre 5.2 compatibility mode (controlled by the pre520tune attribute of
sys0, refer to Tuning Enhancements for AIX 5.2 in the AIX 5L Version 5.2 Performance
Management Guide), reboot values for parameters, except those of type Bosboot, are not
really meaningful because in this mode they are not applied at boot time.
In pre 5.2 compatibility mode, setting reboot values to tuning parameters continues to be
AP achieved by imbedding calls to tuning commands in scripts called during the boot
sequence. Parameters of type Reboot can therefore be set without the -r flag, so that
existing scripts continue to work.
This mode is automatically turned ON when a machine is MIGRATED to AIX 5L Version
5.2. For complete installations, it is turned OFF and the reboot values for parameters are
set by applying the content of the /etc/tunables/nextboot file during the reboot sequence.
Only in that mode are the -r and -p flags fully functional. Refer to Kernel Tuning in the AIX
5L Version 5.2 Performance Tools Guide and Reference for details.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
arpqsize Purpose:
Specifies the maximum number of packets
to queue while waiting for ARP responses.
Values:
Default: 12
Range: 1 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
This parameter is supported by Ethernet,
802.3, Token-Ring and FDDI interfaces.
The arpqsize value is increased to a mini-
mum value of 12 when path MTU discov-
ery is enabled. The value does not
automatically decrease if path MTU dis-
covery is subsequently disabled. This
parameter applies to AIX 4.1.5, AIX 4.2.1
and later
Refer To:
Managing Tunable SP Parameters
arpt_killc Purpose:
Specifies the time in minutes before a
Complete ARP entry is deleted.
Values:
Default: 20
Range: 0 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
To reduce ARP activity in a stable net-
work, you can increase arpt_killc.
Refer To:
SP System-Specific Tuning Recommen-
dations
AP
arptab_bsiz Purpose:
Specifies Address Resolution Protocol
(ARP) table bucket size.
Values:
Default: 7
Range: 1 to MAXSHORT
Type: Reboot
Diagnosis:
netstat -p arp shows the number of ARP
packets sent and the number of ARP
entries purged from the ARP table. If large
number of entries are being purged, the
ARP table size should be increased. Use
arp -a to show the ARP table hashing dis-
tribution.
Tuning
N/A
Refer To:
SP System-Specific Tuning Recommen-
dations
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
arptab_nb Purpose:
Specifies the number of ARP table buck-
ets.
Values:
Default: 73
Range: 1 to MAXSHORT
Type: Reboot
Diagnosis:
netstat -p arp shows the number of ARP
packets sent and the number of ARP
entries purged from the ARP table. If large
number of entries are being purged, the
ARP table size should be increased. Use
arp -a to show the ARP table hashing dis-
tribution.
Tuning
Increase this value for systems that have
a large number of clients or servers. The
default provides for 73 x 7 = 511 ARP
entries, but assumes an even hash distri-
bution.
Refer To:
SP System-Specific Tuning Recommen-
dations
bcastping Purpose:
Allows response to ICMP echo packets to
the broadcast address.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
clean_partial_conns Purpose:
Specifies whether SYN (synchronizes the
sequence number) attacks are being
avoided.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
This option should be turned on for serv-
ers that need to protect against network
attacks. If on, randomly removes partial
connections to make room for new
non-attack connections.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
delayack Purpose:
Delays acknowledgements (ACK) for cer-
tain TCP packets and attempts to piggy-
back them with the next packet sent
instead.
Values:
Default: 0
Range: 0 to 3
Type: Dynamic
Diagnosis:
N/A
Tuning
This action is only performed for connec-
tions whose destination port is specified in
the list of the delayackports parameter.
This can be used to increase performance
when communicating with an HTTP server
by reducing the total number of packets
sent. The parameter can have one of four
values:
0 No delays; normal operation
1 Delay the ACK for the server's SYN (Synchro-
nizes the sequence numbers)
2 Delay the ACK for the server's FIN (Sender
has reached the end of its byte stream)
3 Delay both the ACKs for the SYN and FIN.
AP
delayackports Purpose:
Specifies the list of destination ports for
which the operation defined by the delay-
ack port option is performed.
Values:
Default: {}
Range: List of port numbers (maximum 10)
Type: Dynamic
Diagnosis:
N/A
Tuning
The parameter takes a list of up to ten
ports, separated by commas and enclosed
in curly braces. For example:
no -o delayackports={80,30080}
dgd_packets_lost Purpose:
Specifies how many consecutive packets
must be lost before Dead Gateway Detec-
tion decides that a gateway is down.
Values:
Default: 3
Range: 1 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
dgd_ping_time Purpose:
Specifies how many seconds should pass
between pings of a gateway by Active
Dead Gateway Detection.
Values:
Default: 5
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
dgd_retry_time Purpose:
Specifies how many minutes a route's cost
should remain raised when it has been
raised by Passive Dead Gateway Detec-
tion. After this many minutes pass, the
route's cost is restored to its user-config-
ured value.
Values:
Default: 5
Range: 1 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
directed_broadcast Purpose:
Specifies whether to allow a directed
broadcast to a gateway.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
The value of 1 allows packets to be
directed to a gateway to be broadcast on a
network on the other side of the gateway.
extendednetstats Purpose:
Enables more extensive statistics for net-
work memory services.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Reboot
Diagnosis:
N/A
Tuning
The default for this parameter is 0, for off,
because these extra statistics cause a
reduction in system performance on SMP
systems.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
fasttimo Purpose:
Allows you to set the millisecond delay for
the TCP fast time-out timer. This time-out
controls how often the system scans the
TCP control blocks to send delayed
acknowledgments.
Values:
Default: 200
Range: 50 to 200 milliseconds
Type: Dynamic
Diagnosis:
N/A
Tuning
Reducing this timer value may improve
performance with some non-IBM systems.
However, this may also result in slightly
increased system utilization.
icmp6_errmsg_rate Purpose:
Specifies the upper limit for the number of
ICMP v6 error messages that can be sent
per second. This prevents excessive
bandwidth being used by ICMP v6 error
messages.
Values:
Default: 10 msg/sec
Range: 1 to 255
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
icmpaddressmask Purpose:
Specifies whether the system responds to
an ICMP address mask request.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
If the default value 0 is set, the network
silently ignores any ICMP address mask
request that it receives.
ie5_old_multicast_mapping Purpose:
Specifies IP multicasts on Token-Ring
should be mapped to the broadcast
address rather than a functional address
when value 1 is used.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
ifsize Purpose:
Specifies the maximum number of net-
work interface structures per interface of a
single type (for example, Ethernet).
Values:
Default: 256
Range: 8 to 1024
Type: Reboot
Diagnosis:
N/A
Tuning
The ifsize needs to be large on machines
that support hotplug adapters and on
DLPAR configurations because adapters
can be added on the fly and the static
interface tables must be large enough to
accept the worst case number of adapters
that may be added for this system or parti-
tion.
Refer To:
Managing Tunable SP Parameters
AP
inet_stack_size Purpose:
Specifies size of inet interrupt stack table
in kilobytes.
Values:
Default: 16
Range: 1 to MAXSHORT
Type: Reboot
Diagnosis:
N/A
Tuning
This is needed if you were running with
unoptimized debug kernel or the netinet
kernel extension. This is different from the
pin more stack code (which is not config-
urable) because this is on interrupt. This
parameter only needs to be changed if
there is a system panic due to interrupt
stack overflow.
ipforwarding Purpose:
Specifies whether the kernel should for-
ward packets.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
Set this parameter to 1, if the system is
acting as an IP router.
Refer To:
traceroute command
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
ipfragttl Purpose:
Specifies the time to live for IP fragments
in half-seconds.
Values:
Default: 60
Range: 60 to 255
Type: Dynamic
Diagnosis:
Fragments dropped after time-out (netstat
-p ip).
Tuning
If value of IP: fragments dropped after
time-out is nonzero, increasing ipfragttl
may reduce retransmissions.
Refer To:
IP Layer
ipignoreredirects Purpose:
Specifies whether to process redirects that
are received.
Values:
Default: 0 (does redirects)
Range: 0 or 1 (1 ignores redirects)
Type: Dynamic
Diagnosis:
N/A
Tuning
This option only applies to AIX 4.2.1 or
later.
AP
ipqmaxlen Purpose:
Specifies the number of received packets
that can be queued on the IP protocol
input queue.
Values:
Default: 100
Range: 100 to MAXINT
Type: Reboot
Diagnosis:
Examine ipintrq overflows (netstat -s) or
use crash to access IP input queue over-
flow counter.
Tuning
Increase size if system is using a lot of
loopback sessions. Most operating system
network drives call IP directly and do not
use the IP queue. On these devices
increasing ipqmaxlen has no effect.
Refer To:
IP Layer and IP Protocol Performance
Tuning Recommendations
ipsendredirects Purpose:
Specifies whether the kernel should send
redirect signals.
Values:
Default: 1 (send redirects)
Range: 0 (do not send redirects) or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
This is a configuration decision with per-
formance consequences.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
ipsrcrouteforward Purpose:
Specifies whether the system forwards
source-routed packets.
Values:
Default: 1 (on)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
The default value of 1 allows the forward-
ing of source-routed packets. A value of 0
causes all source-routed packets that are
not at their destinations to be discarded.
This parameter only applies to AIX 4.2.1
or later.
ipsrcrouterecv Purpose:
Specifies whether the system accepts
source-routed packets.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
The default value of 0 causes all
source-routed packets destined for this
system to be discarded. A value of 1
allows source-routed packets to be
received. This parameter only applies to
AIX 4.2.1 or later.
AP
ipsrcroutesend Purpose:
Specifies whether applications can send
source-routed packets.
Values:
Default: 1 (on)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
The default value of 1 allows
source-routed packets to be sent. A value
of 0 causes setsockopt() to return an error
if an application attempts to set the source
routing option, and removes any source
routing options from outgoing packets.
This parameter only applies to AIX 4.2.1
or later.
ip6_defttl Purpose:
Specifies the default hop count that is
used for Internet Protocol Version 6 (IPv6)
packets if no other hop count is specified.
Values:
Default: 64
Range: 1 to 255
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
ip6_prune Purpose:
Specifies how often to check the IPv6
routing table for expired routes in seconds.
Values:
Default: 1
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
ip6forwarding Purpose:
Specifies whether the kernel should for-
ward IPv6 packets.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
The default value of 0 prevents forwarding
of IPv6 packets when they are not for the
local systems. A value of 1 enables for-
warding.
AP
ip6srcrouteforward Purpose:
Specifies whether the system forwards
source-routed IPv6 packets.
Values:
Default: 1 (on)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
The default value of 1 allows the forward-
ing of source-routed packets. A value of 0
causes all source-routed packets that are
not at their destinations to be discarded.
llsleep_timeout Purpose:
Specifies time-out value in seconds for link
local time-outs (used when
multi_homed=1)
Values:
Default: 3
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
main_if6 Purpose:
Specifies the interface to use for link local
addresses. This is only used by
autoconf6 to set up initial routes.
Values:
Default: 0
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
main_site6 Purpose:
Specifies the interface to use for site local
address routing. This is only used if
multi_homed is set to 3
Values:
Default: 0
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
maxnip6q Purpose:
Specifies the maximum number of IPv6
packet-reassembly queues.
Values:
Default: 20
Range: 1 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
maxttl Purpose:
Specifies the time to live for Routing Infor-
mation Protocol (RIP) packets in seconds.
Values:
Default: 255
Range: 1 to 255
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
multi_homed Purpose:
Specifies the level of multihomed IPv6
host support.
Values:
Default: 1
Range: 0 to 3
Type: Dynamic
Diagnosis:
N/A
Tuning
This is only performed for connections
whose destination port is specified in the
list of the delayackports parameter. This
can be used to increase performance
when communicating with an HTTP
server. The parameter can have one of
four values:
0 - Indicates the original functionality in AIX 4.3.
1 - Indicates that link local addresses are
resolved by querying each interface for the
link local address.
2 - Indicates that link local addresses are only
examined for the interface defined by
main_if6.
3 - Indicates that link local addresses are only
examined for the interface defined by
main_if6, and site local addresses are only
routed for the main_site6 interface.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
nbc_limit Purpose:
Specifies the total maximum amount of
memory that can be used for the Network
Buffer Cache (NBC) in Kbytes.
Values:
Default: derived from thewall
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
When the cache grows to this limit, the
least-used caches are flushed out of
cache to make room for the new ones.
This parameter only applies to AIX 4.3.2
or later. NBC is only used by the
send_file() API and some Web servers
that use the get engine in the kernel.
nbc_max_cache Purpose:
Specifies the maximum size of the cache
object allowed in the Network Buffer
Cache (NBC) in bytes.
Values:
Default: 131072 (128K) if nbc_limit is not zero,
otherwise 0
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
Data object bigger than this size is not be
put in the NBC. This parameter only
applies to AIX 4.3.2 or later. NBC is only
used by the send_file() API and some
Web servers that use the get engine in the
kernel.
AP
nbc_min_cache Purpose:
Specifies the minimum size of the cache
object allowed in the Network Buffer
Cache (NBC) in bytes.
Values:
Default: 1 byte if nbc_limit is not zero, other-
wise 0
Range: 1 to 131072 (128K)
Type: Dynamic
Diagnosis:
N/A
Tuning
Data object smaller than this size is not be
put in the NBC. This parameter only
applies to Version 4.3.2 or later. NBC is
only used by the send_file() API and
some Web servers that use the get engine
in the kernel
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
nbc_ofile_hashsz Purpose:
Specifies the size of the hash table (num-
ber of slots) used for hashing cache
objects in the Network Buffer Cache. This
hash table size applies to only opened file
entries, that is, entries that cache files
from the filesystem. Since this attribute
resizes the hash table size and affects the
hashing of all existing entries, it can only
be modified when the Network Buffer
Cache is empty. If the Network Buffer
Cache is not empty, this option will return
an error.
Values:
Default: 12841
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning:
Hash table sizes are generally chosen to
be prime as this results in a more even
distribution of hash table entries.
AP
nbc_pseg Purpose:
(AIX 4.3.3 and later) Specifies the maximum number of private
segments that can be created for the Net-
work Buffer Cache (NBC).
Values:
Default: 0
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
When this option is set to a nonzero value,
data objects with size between the size
specified in nbc_max_cache and the seg-
ment size (256 MB) are cached in a pri-
vate segment. Data objects bigger than
the segment size are not cached at all.
When this many private segments exist in
NBC, cache data in private segments may
be flushed for new cache data so the num-
ber of private segments does not exceed
the limit. When this option is set to 0, all
cache in private segments are flushed.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
nbc_pseg_limit Purpose:
(AIX 4.3.3 and later) Specifies the maximum total cached data
size (KB) allowed in private segments in
the Network Buffer Cache (NBC).
Values:
Default: 131072
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
Because data cached in private segments
will be pinned by the Network Buffer
Cache, this option provides a control on
the amount of pinned memory used for
Network Buffer Cache in addition to the
network buffers in global segments. When
this limit is met, cache data in private seg-
ments may be flushed for new cache data
so the total pinned memory size does not
exceed the limit. When this option is set to
0, all cache in private segments are
flushed.
ndpqsize Purpose:
Specifies the number of packets to hold
waiting on completion of a Neighbor Dis-
covery Protocol (NDP) entry (used by
MTU Path Discovery).
Values:
Default: 50
Range: 1 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
ndpt_down Purpose:
Specifies the time, in half-seconds, to hold
down a Neighbor Discovery Protocol
(NDP) entry. This network option is obso-
lete in AIX 5.2 and later versions.
Values:
Default: 3 (1.5 seconds)
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
ndpt_keep Purpose:
Specifies the time, in half seconds, to
keep a Neighbor Discovery Protocol
(NDP) entry.
Values:
Default: 120 (60 seconds)
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
ndp_mmaxtries Purpose:
Specifies the maximum number of Multi-
cast NDP packets to send.
Values:
Default: 3
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
ndpt_probe Purpose:
Specifies the time, in half-seconds, to
delay before sending the first Neighbor
Discovery Protocol (NDP) probe.
Values:
Default: 5 (2.5 seconds)
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
ndpt_reachable Purpose:
Specifies the time, in half-seconds, to test
if a Neighbor Discovery Protocol (NDP)
entry is still valid.
Values:
Default: 30 (15 seconds)
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
ndpt_retrans Purpose:
Specifies the time, in half-seconds, to wait
before retransmitting a Neighbor Discov-
ery Protocol (NDP) request.
Values:
Default: 1 (half a second)
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
ndpt_umaxtries Purpose:
Specifies the maximum number of Unicast
NDP packets to send.
Values:
Default: 3
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
net_malloc_police Purpose:
Specifies the size of the net_malloc and
net_free trace buffers.
Values:
Default: 0
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
If the value of this variable is non-zero, all
net_malloc and net_free buffers will be
traced in a kernel buffer and by system
trace hook HKWD_NET_MALLOC. Addi-
tional error-checking will also be enabled.
This includes checks for freeing a free
buffer, alignment, and buffer overwrite.
Enable this parameter only when investi-
gating some network problem, because
performance is affected negatively when
turned on. The default value is zero (polic-
ing off). Values of net_malloc_police
larger than 1024 allocate that many items
in the kernel buffer for tracing.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
nonlocsrcroute Purpose:
Tells the Internet Protocol that strictly
source-routed packets may be addressed
to hosts outside the local network.
Values:
Default: 0
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
A default value of 0 disallows addressing
to outside hosts. The value of 1 allows
packets to be addressed to outside hosts.
Loosely source-routed packets are not
affected by this parameter. This is a con-
figuration decision with minimal perfor-
mance consequences.
passive_dgd Purpose:
Specifies whether Passive Dead Gateway
Detection is enabled. A value of 0 turns it
off, and a value of 1 enables it for all gate-
ways in use.
Values:
Default: 0
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
pmtu_default_age Purpose:
Specifies the default amount of time (in
minutes) before the path MTU value for
UDP paths is checked for a lower value.
Values:
Default: 10
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
A value of zero allows no aging. The
default value is 10 minutes. The
pmtu_default_age value can be overrid-
den by UDP applications. This parameter
only applies to AIX 4.2.1 or later.
pmtu_rediscover_interval Purpose:
Specifies the default amount of time (in
minutes) before the path MTU value for
UDP and TCP paths are checked for a
higher value.
Values:
Default: 30
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
A value of 0 allows no path MTU rediscov-
ery. The default value is 30 minutes. This
parameter only applies to AIX 4.2.1 or
later.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
rfc1122addrchk Purpose:
Performs address validation as specified
by RFC1122 (Requirements for Internet
Hosts-Communication Layers).
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
The default value of 0 does not perform
address validation. A value of 1 performs
address validation.
AP
rfc1323 Purpose:
Enables window scaling and timestamps
as specified by RFC 1323 (TCP Exten-
sions for High Performance). Window
scaling allows the TCP window sizes
(tcp_recvspace and tcp_sendspace) to
be larger than 64 KB (65536) and is typi-
cally used for large MTU networks.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Connect
Diagnosis:
N/A
Tuning
The default value of 0 disables the RFC
enhancements on a systemwide scale. A
value of 1 specifies that all TCP connec-
tions attempt to negotiate the RFC
enhancements. The SOCKETS applica-
tion can override the default behavior on
individual TCP connections, using the set-
sockopt subroutine. Make changes
before attempting to set tcp_sendspace
and tcp_recvspace to more than 64 KB.
Refer to:
TCP Socket Buffer Tuning
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
rfc2414 Purpose:
Enables the increasing of TCP's initial win-
dow as described in RFC 2414. When it is
on, the initial window depends on the set-
ting of the tunable tcp_init_window.
Values:
Default: 0 (off)
Range: 0 or 1 (on)
Type: Connect
Diagnosis:
N/A
Tuning
N/A
route_expire Purpose:
Specifies whether unused routes created
by cloning, or created and modified by
redirects expire.
Values:
Default: 1 (on)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
A value of 1 allows route expiration, which
is the default. Negative values are not
allowed for this option.
Refer to:
Tuning TCP Maximum Segment Size
AP
routerevalidate Purpose:
Specifies that each connection's cached
route should be revalidated each time a
new route is added to the routing table.
This ensures that applications that keep
the same connection open for long periods
of time (for example, NFS) use the correct
route after routing-table changes occur.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
If there is communication loss between
HACMP nodes or between NFS client and
server, routes may have been changed
but the values in the cache are being
used.
Tuning
The default value of 0 does not revalidate
the cached routes. Turning on this option
may cause some performance degrada-
tion. Value should be set to 1 for HACMP.
rto_high Purpose:
Specifies the TCP Retransmit time-out
high value used in calculating factors and
the maximum retransmittals allowable
used in TCP data segment retransmittals.
Values:
Default: 64
Range: 2 to MAXINT
Type: Reboot
Diagnosis:
N/A
Tuning
The rto_high parameter is the high factor.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
rto_length Purpose:
Specifies the TCP Retransmit time-out
length value used in calculating factors
and the maximum retransmittals allowable
used in TCP data segment retransmittals.
Values:
Default: 13
Range: 1 to 64
Type: Reboot
Diagnosis:
N/A
Tuning
The rto_length parameter is the total
number of time segments.
rto_limit Purpose:
Specifies the TCP Retransmit time-out
limit value used in calculating factors and
the maximum retransmittals allowable
used in TCP data segment retransmittals.
Values:
Default: 7
Range: 1 to 64
Type: Reboot
Diagnosis:
N/A
Tuning
The rto_limit parameter is the number of
time segments from rto_low to rto_high.
AP
rto_low Purpose:
Specifies the TCP Retransmit time-out low
value used in calculating factors and the
maximum retransmittals allowable used in
TCP data segment retransmittals.
Values:
Default: 1
Range: 1 to 63
Type: Reboot
Diagnosis:
N/A
Tuning
The rto_low parameter is the low factor.
sack Purpose:
(AIX 4.3.3 and later) Specifies if Selective Acknowledgment is
on.
Values:
Default: 0 (off)
Range: 0 or 1
Type: Connect
Diagnosis:
N/A
Tuning
Normal TCP has to retransmit all packets
after a dropped packet. With large window
sizes, this can result in lost performance if
many packets are dropped. Selective Ack
enables code to selectively retransmit the
lost packets. If there are a lot of retrans-
mits of fragments and the receive buffer
sizes are large, then it might be beneficial
to turn this parameter on. This is a TCP
negotiated option, so it must be supported
on both endpoints before it is used.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
sb_max Purpose:
Specifies the maximum buffer size allowed
for a TCP and UDP socket. Limits set-
sockopt, udp_sendspace,
udp_recvspace, tcp_sendspace, and
tcp_recvspace.
Values:
Default: 1048576 bytes
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
Increase size, preferably to multiple of
4096. Should be approximately two to four
times the largest socket buffer limit.
Refer to:
TCP Socket Buffer Tuning and Tuning
Other Layers to Improve NFS Perfor-
mance
send_file_duration Purpose:
Specifies the cache validation duration for
all the file objects that the send_file sys-
tem call accessed in the Network Buffer
Cache (in seconds).
Values:
Default: 300 (5 minutes)
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
A value of 0 means that the cache is vali-
dated for every access. This parameter
only applies to AIX 4.3.2 or later.
AP
site6_index Purpose:
Specifies the maximum interface number
for site local routing.
Values:
Default: 0
Range: 0 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
sockthresh Purpose:
Specifies the maximum amount of network
memory that can be allocated for sockets.
Used to prevent new sockets or TCP con-
nections from exhausting all MBUF mem-
ory and reserve the remaining memory for
the existing sockets or TCP connections.
Values:
Default: 85 percent
Range: 0 to 100
Type: Dynamic
Diagnosis:
N/A
Tuning
When the total amount of memory allo-
cated by the net_malloc subroutine
reaches this threshold, the socket and
socketpair system calls fail with an error
of ENOBUFS. Incoming connection
requests are silently discarded. Existing
sockets can continue to use additional
memory. The sockthresh parameter repre-
sents a percentage of the thewall parame-
ter, with possible values of 1 to 100 and a
default of 85.
Refer to:
Socket Layer
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
sodebug Purpose:
Specifies whether the newly created sock-
ets have SO_DEBUG flag on.
Values:
Default: 0 (no)
Range: 0 or 1 (yes)
Type: Connect
Diagnosis:
N/A
Tuning
N/A
somaxconn Purpose:
Specifies the maximum listen backlog.
Values:
Default: 1024 connections
Range: 0 to MAXSHORT
Type: Connect
Diagnosis:
N/A
Tuning
Increase this parameter on busy Web
servers to handle peak connection rates.
AP
subnetsarelocal Purpose:
Specifies whether all subnets that match
the subnet mask are to be considered
local for purposes of establishing, for
example, the TCP maximum segment
size.
Values:
Default: 1 (yes)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
This parameter is used by the
in_localaddress subroutine. The default
value of 1 specifies that addresses that
match the local network mask are local. If
the value is 0, only addresses matching
the local subnetwork are local. This is a
configuration decision with performance
consequences. If the subnets do not all
have the same MTU, fragmentation at
bridges may degrade performance. If the
subnets do have the same MTU, and sub-
netsarelocal is 0, TCP sessions may use
an unnecessarily small MSS.
Refer to:
Tuning TCP Maximum Segment Size
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
tcp_bad_port_limit Purpose:
Specifies the number of TCP packets to a
port with no socket that can be received in
a 500 millisecond period before TCP stops
sending resets in response to such pack-
ets. When it is set as its default value 0,
resets will always be sent when TCP
packets are received for a bad port num-
ber.
Values:
Default: 0
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
tcp_ecn Purpose:
Enables TCP level support for Explicit
Congestion Notification as described in
RFC 2481. Default is off (0). Turning it on
(1) makes all connections negotiate ECN
capability with the peer. For this feature to
work you need support from the peer TCP
and also IP level ECN support from the
routers in the path.
Values:
Default: 0 (off)
Range: 0 or 1 (on)
Type: Connect
Diagnosis:
N/A
Tuning
N/A
AP
tcp_ephemeral_high Purpose:
Specifies the largest port number to allo-
cate for TCP ephemeral ports.
Values:
Default: 65535
Range: 32769 to 65535
Type: Dynamic
Diagnosis:
N/A
Tuning
The number of ephemeral sockets is
determined by tcp_ephemeral_high
minus tcp_ephemeral_low. For maximum
number of ephemeral sockets, set
tcp_ephemeral_high to 65535 and
tcp_ephemeral_low to 1024.
Refer to:
Socket Layer
tcp_ephemeral_low Purpose:
Specifies the smallest port number to allo-
cate for TCP ephemeral ports.
Values:
Default: 32768
Range: 1024 to 65534
Type: Dynamic
Diagnosis:
N/A
Tuning
The number of ephemeral sockets is
determined by tcp_ephemeral_high
minus tcp_ephemeral_low. For maxi-
mum number of ephemeral sockets, set
tcp_ephemeral_high to 65535 and
tcp_ephemeral_low to 1024.
Refer to:
Socket Layer
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
tcp_finwait2 Purpose:
Specifies the length of time to wait in the
FIN_WAIT2 state before closing the con-
nection, measured in half seconds.
Values:
Default: 1200 half-seconds
(600 seconds or 10 minutes)
Range: 0 to USHORTMAX
Type: Dynamic
Diagnosis:
N/A
Tuning:
N/A
tcp_init_window Purpose:
This value is used only when rfc2414 is
turned on (ignored otherwise). If rfc2414 is
on and this value is zero, then the initial
window computation is done according to
rfc2414. If this value is non-zero, the ini-
tial(congestion) window is initialized a
number of maximum sized segments
equal to tcp_init_window.
Values:
Default: 0
Range: 0 to MAXSHORT
Type: Connect
Diagnosis:
N/A
Tuning
N/A
AP
tcp_inpcb_hashtab_siz Purpose:
Specifies the size of the inpcb hash table
for TCP connections. This table holds the
inpcbs required for connection manage-
ment and is implemented as a table of
hash chains. A large table means that the
linked hash chains are small and lower the
traversal time on average, but the memory
footprint is larger.
Values:
Default: 24999
Range:1 to 999999
Type: Reboot
Diagnosis:
N/A
Tuning:
This option impacts performance and
should be used with extreme caution.
Please consult a performance analyst in
case the value needs to be changed. The
execution environment could have an
influence on the value. It is strongly
encouraged to maintain the sys-
tem-defined defaults, because they tend
to execute optimally in most environ-
ments.
tcp_keepcnt Purpose:
Represents the number of keepalive
probes that could be sent before terminat-
ing the connection.
Values:
Default: 8
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
tcp_keepidle Purpose:
Specifies the length of time to keep an idle
TCP connection active, measured in
half-seconds.
Values:
Default: 14400 (2 hours)
Range: 1 to MAXINT
Type: Connect
Diagnosis:
N/A
Tuning
This is a configuration decision with mini-
mal performance consequences. No
change is recommended.
tcp_keepinit Purpose:
Sets the initial time-out value for a TCP
connection in half-seconds.
Values:
Default: 150 (75 seconds)
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
tcp_keepintvl Purpose:
Specifies the interval, measured in
half-seconds, between packets sent to
validate the TCP connection.
Values:
Default: 150 (75 seconds)
Range: 1 to MAXSHORT
Type: Connect
Diagnosis:
N/A
Tuning
This is a configuration decision with mini-
mal performance consequences. No
change is recommended. If the interval
were shortened significantly, processing
and bandwidth costs might become signifi-
cant.
tcp_limited_transmit Purpose:
Enables the feature that enhances TCP's
loss recovery as described in the RFC
3042.
Values:
Default: 1 (on)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
tcp_maxburst Purpose:
Specifies the number of back-to-back
packets that TCP can send before pausing
to allow those packets to be forwarded to
their destination. This can be useful if rout-
ers are unable to handle large bursts of
TCP packets and are dropping some of
them. A value of 0 means no limitation for
back-to-back packets before pausing.
Values:
Default: 0
Range: 0 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
tcp_mssdflt Purpose:
Default maximum segment size used in
communicating with remote networks.
Values:
Default: 512 bytes
Range: 1 to 1448
Type: Connect
Diagnosis:
N/A
Tuning
For AIX 4.2.1 or later, tcp_mssdflt is only
used if path MTU discovery is not enabled
or path MTU discovery fails to discover a
path MTU. Limiting data to (MTU - 52)
bytes ensures that, where possible, only
full packets are sent.
Refer to:
Tuning TCP Maximum Segment Size
AP
tcp_nagle_limit Purpose:
This is the Nagle Algorithm threshold in
bytes which can be used to disable Nagle.
Values:
Default: 65535 - maximum size of IP packet
Range: 0 to 65535
Type: Dynamic
Diagnosis:
N/A
Tuning
The default (65535 - the maximum size of
IP packet) is Nagle turned on. To disable
Nagle, set this value to 0 or 1. TCP dis-
ables Nagle for data segments larger than
or equal to this threshold value.
tcp_ndebug Purpose:
Specifies the number of tcp_debug struc-
tures.
Values:
Default: 100
Range: 0 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
tcp_newreno Purpose:
Enables the modification to TCP's Fast
Recovery algorithm as described in RFC
2582. This fixes the limitation of TCP's
Fast Retransmit algorithm to recover fast
from dropped packets when multiple pack-
ets in a window are dropped. sack also
achieves the same thing but sack needs
support from both ends of the TCP con-
nection; the NewReno modification is only
on the sender side.
Values:
Default: 1 (on)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
tcp_nodelayack Purpose:
Turning this parameter on causes TCP to
send immediate acknowledgement (Ack)
packets to the sender. When
tcp_nodelayack is off, TCP delays send-
ing Ack packets by up to 200ms. This
allows the Ack to be piggy-backed onto a
response and minimizes system over-
head.
Values:
Default: 0(off)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
This option can be used to overcome bugs
in other implementations of the TCP nagle
algorithm. Setting this option to 1 causes
slightly more system overhead, but can
result in much higher performance for net-
work transfers if the sender is waiting on
the receiver's acknowledgement.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
tcp_pmtu_discover Purpose:
Enables or disables path MTU discovery
for TCP applications.
Values:
Default: 1 (0 before AIX 4.3.3)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
A value of 0 disables path MTU discovery
for TCP applications, while a value of 1
enables it. This parameter only applies to
AIX 4.2.1 or later.
Refer to:
Tuning TCP Maximum Segment Size
AP
tcp_recvspace Purpose:
Specifies the system default socket buffer
size for receiving data. This affects the
window size used by TCP.
Values:
Default: 16384 bytes
Range: 4096 to 1048576
Type: Connect
Diagnosis:
N/A
Tuning
Setting the socket buffer size to 16 KB
(16,384) improves performance over stan-
dard Ethernet and Token-Ring networks.
Lower bandwidth networks, such as Serial
Line Internet Protocol (SLIP), or higher
bandwidth networks, such as Serial Opti-
cal Link, should have different optimum
buffer sizes. The optimum buffer size is
the product of the media bandwidth and
the average round-trip time of a packet.
For high speed networks, like gigabit
Ethernet or ATM 622, a value of 65536
should be used for the minimum size for
best performance.
The tcp_recvspace parameter must
specify a socket buffer size less than or
equal to the setting of the sb_max param-
eter. The ISNO options for each interface
also override this global setting. For val-
ues larger than 65536, you must enable
rfc1323 (rfc1323=1) to enable TCP win-
dow scaling.
Refer to:
TCP Socket Buffer Tuning
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
tcp_sendspace Purpose:
Specifies the system default socket buffer
size for sending data.
Values:
Default: 16384 bytes
Range: 4096 to 1048576
Type: Connect
Diagnosis:
N/A
Tuning
This affects the window size used by TCP.
Setting the socket buffer size to 16 KB
(16,384) improves performance over stan-
dard Ethernet and Token-Ring networks.
Lower bandwidth networks, such as Serial
Line Internet Protocol (SLIP), or higher
bandwidth networks, such as Serial Opti-
cal Link, should have different optimum
buffer sizes. The optimum buffer size is
the product of the media bandwidth and
the average round-trip time of a packet:
optimum_window=bandwidth *
average_round_trip_time
AP
tcp_timewait Purpose:
The tcp_timewait option is used to config-
ure how long connections are kept in the
timewait state in 15-second intervals.
Values:
Default: 1
Range: 1 to 5
Type: Dynamic
Diagnosis:
N/A
Tuning
Increasing this value degrades perfor-
mance of Web servers or applications that
open and close a lot of TCP connections.
tcp_ttl Purpose:
Specifies the time to live for TCP packets.
Values:
Default: 60 ticks (100 ticks per minute)
Range: 1 to 255
Type: Connect
Diagnosis:
netstat -s
Tuning
If the system is experiencing TCP
time-outs, increasing tcp_ttl may reduce
retransmissions.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
thewall Purpose:
Specifies the maximum amount of mem-
ory, in kilobytes, that is allocated to the
memory pool.
Values:
Default: AIX 5.1 and later:
1/2 of RAM or 64 GB (whichever is
smaller) for 64-bit kernel
1/2 of RAM or 1 GB (whichever is
smaller) for 32-bit kernel
Range: N/A
Type: Static
Diagnosis:
N/A
Tuning
Not settable from AIX 5.1 and later.
Refer to:
Tuning mbuf Pool Performance
udp_bad_port_limit Purpose:
Specifies the number of UDP packets to a
port with no socket that can be received in
a 500 millisecond period before UDP
stops sending ICMP errors in response to
such packets. If set to 0, ICMP errors will
always be sent when UDP packets are
received for a bad port number. If greater
than 0, it specifies the number of packets
to be received before UDP stops sending
ICMP errors.
Values:
Default: 0
Range: 0 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
AP
udp_ephemeral_high Purpose:
Specifies the largest port number to allo-
cate for UDP ephemeral ports.
Values:
Default: 65535
Range: 32769 to 65535
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Refer to:
Socket Layer
udp_ephemeral_low Purpose:
Specifies the smallest port number to allo-
cate for UDP ephemeral ports.
Values:
Default: 32768
Range: 1 to 65534
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Refer to:
Socket Layer
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
udp_inpcb_hashtab_siz Purpose:
Specifies the size of the inpcb hash table
for UDP connections. This table holds the
inpcbs required for connection manage-
ment and is implemented as a table of
hash chains. A large table means that the
linked hash chains are small and lower the
traversal time on average, but the memory
footprint is larger.
Values:
Default: 24999
Range: 1 to 83000
Type: Reboot
Diagnosis:
N/A
Tuning:
This option impacts performance and
should be used with extreme caution.
Please consult a performance analyst in
case the value needs to be changed. The
execution environment could have an
influence on the value. It is strongly
encouraged to maintain the sys-
tem-defined defaults because they tend to
execute optimally in most environments.
AP
udp_pmtu_discover Purpose:
Enables or disables path MTU discovery
for UDP applications.
Values:
Default: 1 (0 before AIX 4.3.3)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
UDP applications must be specifically writ-
ten to use path MTU discovery. A value of
0 disables the feature, while a value of 1
enables it. The default value is 0. This
parameter only applies to AIX 4.2.1 or
later.
udp_recvspace Purpose:
Specifies the system default socket-buffer
size for receiving UDP data.
Values:
Default: 42080 bytes
Range: 4096 to 1048576
Type: Connect
Diagnosis:
Nonzero n in netstat -s report of udp: n
socket buffer overflows
Tuning
The udp_recvspace parameter must
specify a socket buffer size less than or
equal to the setting of the sb_max param-
eter. Increase size, preferably to multiple
of 4096.
Refer to:
UDP Socket Buffer Tuning
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
udp_sendspace Purpose:
Specifies the system default socket-buffer
size for sending UDP data.
Values:
Default: 9216 bytes
Range: 4096 to 1048576
Type: Connect
Diagnosis:
N/A
Tuning
The udp_sendspace parameter must
specify a socket buffer size less than or
equal to the setting of the sb_max param-
eter. Increase size, preferably to multiple
of 4096.
Refer to:
UDP Socket Buffer Tuning
udp_ttl Purpose:
Specifies the time to live for UDP packets.
Values:
Default: 30 second
Range: 1 to 255
Type: Connect
Diagnosis:
N/A
Tuning
N/A
udpcksum Purpose:
Allows UDP checksum to be turned on/off.
Values:
Default: 1
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
A value of 0 turns it off; while a value of 1
turns it on.
AP
use_isno Purpose:
(AIX 4.3.3 and later) Allows per interface tuning options.
Values:
Default: 1 (on)
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
A value of 1 means it is on, 0 is off. If the
TCP tunable parameters per interface
(tunable through SMIT or the chdev com-
mand) have been set, they override the
TCP global values if use_isno is set to 1.
Application can still override all of these
with the setsockopt subroutine.
Refer to:
Interface-Specific Network Options (ISNO)
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
lowthresh Purpose:
Specifies the maximum number of bytes that can be allo-
cated using the allocb call for the BPRI_LO priority.
Values:
Default: 90 (percent of thewall)
Range: 0 to 100
Type: Dynamic
Diagnosis:
N/A
Tuning
When the total amount of memory allocated by the
net_malloc call reaches this threshold, then the allocb
request for the BPRI_LO priority returns 0. The
lowthresh parameter represents a percentage of the
thewall parameter, and you can set its value from 0 to
100.
medthresh Purpose:
Specifies the maximum number of bytes that can be allo-
cated using the allocb() call for the BPRI_MED priority.
Values:
Default: 95 (percent of thewall)
Range: 0 to 100
Type: Dynamic
Diagnosis:
N/A
Tuning
When the total amount of memory allocated by the
net_malloc call reaches this threshold, then the allocb
request for the BPRI_MED priority returns 0. The
medthresh parameter represents a percentage of the
thewall parameter, and you can set its value from 0 to
100.
AP
nstrpush Purpose:
Specifies the maximum number (should be at least 8) of
modules that you can push onto a single stream.
Values:
Default: 8
Range: 8 to MAXSHORT
Type: Reboot
Diagnosis:
N/A
Tuning
N/A
psebufcalls Purpose:
Specifies the maximum number of bufcalls to allocate by
streams.
Values:
Default: 20
Range: 20 to MAXINT
Type: Incremental
Diagnosis:
N/A
Tuning
The stream subsystem allocates certain number of bufcall
structures at initialization. When the allocb call fails, the
user can register their requests for the bufcall call. You
cannot lower this value until the system reboots, at which
time it returns to its default value.
psecache Purpose:
Controls the number of stream buffers.
Values:
Default: 1
Range: 0 or 1
Type: Dynamic
Diagnosis:
N/A
Tuning
N/A
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
pseintrstack Purpose:
Specifies the maximum size of the interrupt stack allowed
by streams while running in the offlevel.
Values:
Default: 0x3000 (decimal 12288)
Range: 12288 to MAXINT
Type: Reboot
Diagnosis:
N/A
Tuning
When a process running other than INTBASE level enters
into a stream, it occasionally encounters a stack overflow
problem because the interrupt stack size is too small. Set-
ting this parameter correctly reduces the chances of stack
overflow problems.
psetimers Purpose:
Specifies the maximum number of timers to allocate by
streams.
Values:
Default: 20
Range: 20 to MAXINT
Type: Incremental
Diagnosis:
N/A
Tuning
The stream subsystem allocates a certain number of
timer structures at initialization, so that the streams driver
or module can register their time-out calls. You cannot
lower this value until the system reboots, at which time it
returns to its default value.
AP
strctlsz Purpose:
Specifies the maximum number of bytes of information
that a single system call can pass to a stream to place
into the control part of a message (in an M_PROTO or
M_PCPROTO block).
Values:
Default: 1024
Range: 1 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
A putmsg call with a control part exceeding this size will
fail with ERANGE.
strmsgsz Purpose:
Specifies the maximum number of bytes of information
that a single system call can pass to a stream to place
into the data part of a message (in M_DATA blocks).
Values:
Default: 0
Range: 1 to MAXSHORT
Type: Dynamic
Diagnosis:
N/A
Tuning
Any write call exceeding this size is broken into multiple
messages. A putmsg call with a data part exceeding this
size will fail with ERANGE.
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
strthresh Purpose:
Specifies the maximum number of bytes that streams are
normally allowed to allocate, expressed as a percentage
of thewall.
Values:
Default: 85% of thewall
Range: 0 to 100
Type: Dynamic
Diagnosis:
N/A
Tuning
When the threshold is exceeded, it does not allow users
without the appropriate privilege to open streams, push
modules, or write to streams devices, and returns
ENOSR. The threshold applies only to output side and
does not affect data coming into the system (for example,
the console continues to work correctly). A value of zero
means that there is no threshold. The strthresh parame-
ter represents a percentage of the thewall parameter,
and you can set its value from 0 to 100. The thewall
parameter indicates the maximum number of bytes that
can be allocated by streams and sockets using the
net_malloc call.
Refer to:
Tuning Network Memory
AP
strturncnt Purpose:
Specifies the maximum number of requests handled by
the current running thread for Module- or Elsewhere-level
streams synchronization.
Values:
Default: 15
Range: 1 to MAXINT
Type: Dynamic
Diagnosis:
N/A
Tuning
With Module-level synchronization, only one thread can
run in the module at any time, and all other threads which
try to acquire the same module enqueue their requests
and exit. After the current running thread completes its
work, it dequeues all the previously enqueued requests
one by one and invokes them. If there is a large number
of requests enqueued in the list, then the current running
thread has to serve everyone and will always be busy
serving others and starves itself. To avoid this situation
the current running thread serves only the strturncnt num-
ber of threads, following that, a separate kernel thread
wakes up and invokes all the pending requests.
Examples
1. To display the maximum size of the mbuf pool, type:
no -o thewall
2. To reset the time to live for UDP packets its default size, type:
no -d udp_ttl
6. To list the current and reboot value, range, unit, type and dependencies of all tun-
ables parameters managed by the no command, type:
no -L
Copyright IBM Corp. 1997, 2006 Appendix E. Summary of the no Command E-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Instructor Guide
9. To list the reboot values for all Network tuning parameters, type:
no -r -a
10. To list (spreadsheet format) the current and reboot value, range, unit, type and
dependencies of all tunables parameters managed by the no command, type:
no -x
Related Information
The ifconfig command, the inetd command, the vmo command, the ioo command, the
schedo command, the tunsave command, the tunchange command, the tunrestore
command, the tuncheck command, the tundefault command.
The setsockopt subroutine.
Network Overview for System Management in AIX 5L Version 5.2 System Management
Guide: Communications and Networks.
TCP/IP Addressing, TCP/IP Protocols, and TCP/IP Routing, Internet Protocol (IP),
Transmission Control Protocol (TCP), Internet Application-Level Protocols, and User
Datagram Protocol (UDP) in AIX 5L Version 5.2 System Management Guide:
Communications and Networks.
Monitoring and Tuning Communications I/O Use in AIX 5L Version 5.2 Performance
Management Guide.
Path MTU Discovery in AIX 5L Version 5.2 System Management Guide: Communications
and Networks.
Kernel Tuning in AIX 5L Version 5.2 Performance Tools Guide and Reference.
Tuning Enhancements for AIX 5.2 in the AIX 5L Version 5.2 Performance Management
Guide.
Glossary
A B
Acknowledgement A response sent by a receiver Baseband Characteristic of any network technology
to indicate successful reception of information. like Ethernet that uses a single carrier frequency
Acknowledgements may be implemented at any and requires all stations attached to the network to
level including the physical level (using voltage on participate in every transmission. See broadband.
one or more wires to coordinate transfer), at the link Baud Literally, the number of times per second the
level (to indicate successful transmission across a signal can change on a transmission line.
single hardware link), or at higher levels (for Commonly, the transmission line uses only two
example, to allow an application program at the final signal states (for example, two voltages), making the
destination to respond to an application program at baud rate equal to the number of bits per second
the source). that can be transferred. The underlying transmission
Address Mask A bit mask used to select bits from technique may use some of the bandwidth, so it may
an Internet address for subnet addressing. The not be the case that users experience data transfers
mask is 32 bits long and selects the network portion at the line's specified bit rate. For example, because
of the Internet address and one or more bits of the asynchronous lines require 10 bit-times to send an
local portion. 8-bit character, a 9600 bps asynchronous
Address Resolution Conversion of an Internet transmission line can only send 960 characters per
address into a corresponding physical address. second.
Depending on the underlying network, resolution BBN (Bolt, Beranek, and Newman, Incorporated)
may require broadcasting on a local network. See The Cambridge, MA company responsible for
ARP. development, operation, and monitoring of the
ANSI (American National Standards Institute) A ARPANET and, later, Internet core gateway system.
group that defines U.S. standards for the information CSNET Coordination and Information Center (CIC),
processing industry. ANSI participates in defining and NSFnet Network Service Center (NNSC). BBN
network protocol standards. works on DARPA research contracts and has
contributed much to the Internet.
Archie A server that builds an index of file and
directory names that are located on public Best-effort Delivery Characteristic of network
anonymous FTP servers on the Internet. technologies that do not provide reliability at link
levels. Best-effort delivery systems work well with
ARP (Address Resolution Protocol) The Internet the Internet because the Internet protocols assume
protocol used to dynamically bind a high level that the underlying network provides unreliable
Internet Address to a low level physical hardware connectionless delivery. The combination of Internet
address. ARP is only across a single physical protocols IP and UDP provides best-effort delivery
network and is limited to networks that support service to application programs.
hardware broadcast.
Big endian A format for storage or transmission of
ARPA (Advanced Projects Research Agency) binary data in which the most-significant byte (bit)
Former name of DARPA, the government agency comes first. The TCP/IP standard network byte
that funded the ARPANET and, later, the DARPA order is big endian. Also see little endian.
Internet. The group within ARPA with responsibility
for the ARPANET was IPTO (Information Processing BISYNC (Binary SYNchronous Communication)
Techniques Office), later ISTO (Information Systems An early, low level protocol developed by IBM and
Technology Office). Located at 1400 Wilson Blvd, used to transmit data across a synchronous
Arlington, VA. communication link. Unlike most modern link level
protocols, BISYNC is byte-oriented, meaning that it
ARPANET A pioneering long haul network funded uses special characters to mark the beginning and
by ARPA (later DARPA) and built by BBN. It served end of frames. BISYNC is often called BSC,
from 1969 through 1990 as the basis for early especially in commercial products.
networking research as well as a central backbone
during development of the Internet. The ARPANET BITNET (Because It's Time NETwork) A low-cost,
consisted of individual packet switch nodes low-speed network started at City University of New
interconnected by leased lines. Also see PSN, York, that eventually connected to over 200
Internet. universities before it was merged with CSNET to
produce CREN. BITNET attached to EARN in
Authority Zone A part of the domain name Europe. The technology consists of (mostly IBM)
hierarchy for which a single name server is the mainframe computers interconnected by 9600 bps
authority. leased lines. The fundamental paradigm is remote
Autonomous System Internet terminology for a job entry: one machine sends a set of card images
collection of gateways (routers), that fall under one which the receiver treats as a remote job to be
administrative entity and cooperate using a common executed. When the job runs, it produces a new set
Interior Gateway Protocol (IGP). of card images and sends them on to the next site,
where they are treated as a remote job. BITNET
provides services like electronic mail by building a of the packet by recomputing the checksum and
remote job that invokes the mailer router program. comparing to the value sent. Many Internet protocols
At each node, the mailer examines the message, use a 16-bit checksum computed with one's
chooses a route, and encapsulates the message in complement arithmetic with all integer fields in the
a new job that it sends over the chosen route. packet stored in network byte order.
bps (bits per second) A measure of the rate of data Client-server The model of interaction in a
transmission. distributed system in which a program at one site
Bridge A computer that connects two or more sends a request to a program at another site and
networks and forwards packets among them. awaits a response. The requesting program is called
Usually, bridges operate at the physical network a client; the program satisfying the request is called
level. For example, an Ethernet bridge connects two the server. It is usually easier to build client software
physical Ethernet cables and forwards from one than server software.
cable to the other exactly those packets that are not CMOT (CMip/cmis Over Tcp) The use of ISO
local. Bridges differ from repeaters because bridges CMIP/CMIS network management protocols to
store and forward complete packets while repeaters manage gateways in a TCP/IP internet. CMOT is a
forward electrical signals. They differ from IP co-recommended standard with SNMP. Also see
gateways or IP routers because they use physical MIB and SNMP.
addresses instead of IP addresses. Connection The path between two protocol
Broadband Characteristic of any network modules that provides reliable stream delivery
technology that multiplexes multiple, independent service. In a TCP/IP Internet, a connection extends
network carriers onto a single cable (usually using from a TCP module on one machine to a TCP
frequency division multiplexing). For example, a module on the other.
single 100 mbps broadband cable can be divided Connectionless Service Characteristic of the
into ten 1 0 mbps carriers, with each treated as an packet delivery service offered by most hardware
independent Ethernet. The advantage of broadband and by the Internet Protocol (IP). The
is less cable; the disadvantage is higher cost for connectionless service treats each packet or
equipment at connections. See baseband. An datagram as a separate entity that contains the
analog signalling technique used in IEEE Token Bus source and destination address. Usually,
LANs. Analog techniques allow a single medium to connectionless services can drop packets or deliver
be used for several information signals at once just them out of sequence.
as, for example, in cable TV systems.
Core Gateway One of a set of gateways operated
Broadcast A packet delivery system that delivers a by the Internet Network Operations Center (INOC)
copy of a given packet to all hosts that attach to it is at BBN. Gateways in the core system exchange
said to broadcast the packet. Broadcast may be routing updates periodically to ensure that their
implemented with hardware (for example, as in routing tables remain consistent. The core forms a
Ethernet) or with software (for example, as in central part of Internet routing in that all groups must
Cypress). advertise paths to their networks to core gateways
BSC (Binary Synchronous Communication) See using the Exterior Gateway Protocol.
BISYNC. Bus A linear topology for a local area CREN (Consortium for Research and Education
network wiring scheme. Network) The name of the organization that
resulted when BITNET and CSNET merged.
C CSMA (Carrier Sense Multiple Access) A
characteristic of network hardware that operates by
CITT (Consultative Committee on International allowing multiple stations to contend for access to a
Telephony and Telegraphy) An international transmission medium by listening to see if it is idle.
organization that sets standards for interconnection
of telephone equipment. It defined the standards for CSMA/CD (Carrier Sense Multiple Access with
X.25 network protocols (Note: in Europe, PTTs offer Collision Detection) A characteristic of network
both voice telephone services and X.25 network hardware that uses CSMA access combined with a
services). mechanism that allows the hardware to detect when
two stations simultaneously attempt transmission.
Channel A path for electrical transmission. Ethernet is an example of a well-known network
Baseband systems provide a single channel on a based on CSMA/CD technology. The technique
physical medium. Broadband systems provide used by Ethernet stations to control access to their
multiple channels (by use of frequency division) on a shared communication channel. They listen before
physical medium. transmitting (and refrain from using the channel if it's
Checksum A small, integer value computed from a already in use), and listen during transmission (to
sequence of octets by treating them as integers and determine whether their own signal is being
computing the sum. A checksum is used to detect corrupted by somebody else's). If such a collision is
errors that result when the sequence of octets is detected, the station will stop its transmission and
transmitted from one machine to another. Typically, attempt it again sometime later.
protocol software computes a checksum and CSNET (Computer Science NETwork) A network
appends it to a packet when transmitting. Upon that offered mail delivery service using dialup
reception, the protocol software verifies the contents telephone, as well as Internet connectivity using
X25NET and Cypress. CSNET offered other addresses. DNS also supports separate mappings
services like a registry of members and an Internet between mail destinations and IP addresses.
domain name server for member institutions that Domain In the Internet, a part of the DNS naming
could not run their own. Initially funded by the hierarchy. Syntactically, a domain name consists of
National Science Foundation, CSNET became a sequence of names (labels) separated by periods
self-sufficient before it merged with BITNET to form (dots).
CREN. Dotted Decimal Notation The syntactic
representation for a 32-bit integer that consists of
four 8-bit numbers written in base 10 with periods
D (dots) separating them. Many Internet application
DARPA (Defense Advanced Projects Research programs accept dotted decimal notation in place of
Agency) Formerly called ARPA. The government destination machine names.
agency that funded research and experimentation DTE (Data Terminal Equipment) Term X.25
with the ARPANET and, later, the DARPA Internet. protocol standards apply to computers and/or
The group within DARPA responsible for the terminals to distinguish them from the packet
ARPANET is ISTO (Information Systems switching network to which they connect. Also see
Techniques Office), formerly IPTO (Information DCE.
Processing Techniques Office). Located at 1400
Wilson Blvd, Arlington, VA. Datagram See IP
datagram. E
DCA (Defense Communication Agency) The EARN (European Academic Research Network)
government agency responsible for installation of A network using BITNET technology to connect
Defense Data Network (for example, ARPANET and universities and research labs in Europe. EARN
MILNET) lines and PSNs. DCA writes contracts for interconnects with BITNET in the U.S. and allows
operation of the DDN and pays for network services. electronic mail transfer as well as remote job entry.
DCE (Data Communications Equipment) Term EGP (Exterior Gateway Protocol) The protocol
X.25 protocol standards apply to switching used by a gateway in one autonomous system to
equipment that forms a packet switched network to advertise the Internet addresses of networks in that
distinguish it from the computers or terminals that autonomous system to a gateway in another
connect to the network. Also see DTE. autonomous system. Every autonomous system
DDCMP (Digital Data Communication Message must use EGP to advertise network reachability to
Protocol) The link-level protocol Digital Equipment the core gateway system.
Corporation uses in their network products. DDCMP EIA (Electronics Industry Association) A
operates over serial lines, delimits frames by a standards organization for the electronics industry.
special character, and includes checksums at the Known for RS232C and RS422 standards that
link level. It is relevant to the Internet because the specify the electrical characteristics of
original NSFNET used DDCMP over its backbone interconnections between terminals and computers
lines. or between two computers.
DDN (Defense Data Network) Used loosely to refer Email A convenient, fast, and inexpensive method
to the MILNET, ARPANET, and the TCP/IP protocols of sending and receiving messages across a
they use. More literally, it is the MILNET and network to any Internet user.
associated parts of the connected Internet that
connect military installations. Encapsulation The technique used by layered
protocols in which a lower-level protocol accepts a
Demultiplex To separate from a common input into message from a higher-level protocol and places it
several outputs. Demultiplexing occurs at many in the data portion of the low-level frame.
levels. Hardware demultiplexes signals from a Encapsulation often means that packets traveling
transmission line based on time or carrier frequency across a physical network have a sequence of
to allow multiple, simultaneous transmissions across headers in which the first header comes from the
a single physical cable. Internet protocol software physical network frame, the next from the Internet
demultiplexes incoming datagrams, sending each to Protocol, the next from the transport protocol, and
the appropriate high-level protocol module or so on.
application program.
Epoch Date A point in history chosen as the date
Directed broadcast address An IP address that from which time is measured. The Internet uses
specifies all hosts on a specific network. A single January 1, 1900, Universal Time (formerly called
copy of a directed broadcast is routed to the Greenwich Mean Time) as its epoch date.
specified network where it is broadcast to all Throughout the Internet, when programs exchange
machines on that network. date or time of day they express time as the number
DNS (Domain Naming System) The online of seconds past the epoch date.
distributed database system used to map Ethernet A popular local area network technology
human-readable machine names into IP addresses. invented at the Xerox Corporation Palo Alto
DNS servers throughout the connected Internet Research Center. An Ethernet itself is a passive
implement a hierarchical namespace that allows coaxial cable; the interconnections contain all active
sites freedom in assigning machine names and components. Ethernet is a best-effort delivery
system that uses CSMA/CD technology. Xerox refer to the objects that physical networks transmit,
Corporation, Digital Equipment Corporation, and even if the network does not use traditional framing.
Intel Corporation developed and published the (X.25 networks use the term to specifically refer to
standard for 10 Mbps Ethernet. Originally, the the format of data transferred between a host and a
coaxial cable specified for Ethernet was a 1/2 inch packet switch.)
diameter heavily shielded cable. However, many FTP (File Transfer Protocol) The Internet
office environments now use a lighter coaxial cable standard, high level protocol for transferring files
sometimes called thinnet or cheapernet. It is also from one machine to another. Usually implemented
possible to run Ethernet over shielded twisted pair as application level programs, FTP uses the
cable. A baseband, CSMA/CD local area network TELNET and TCP protocols. The server side
which allows up to 1,024 stations to send frames to requires a client to supply a login identifier and
one another with digital signalling rates of 10 million password before it will honor requests.
bits per second.
Fuzzball Term applied to both a piece of gateway
software and the Digital Equipment Corporation
F LSI-11 computer on which it runs. NSFnet uses
fuzzballs as packet switches on its backbone
FDDI (Fiber Distribution Data Interface) An network.
emerging standard for a network technology based
on fiber optics that has been established by the FYI (For Your Information) A subset of the RFCs
American National Standards Institute (ANSI). FDDI that are not technical standards or descriptions of
specifies a 100 mbps data rate using 1300 protocols. FYIs convey general information about
nanometer light wavelength and limits networks to topics related to TCP/IP or the connected Internet.
approximately 200 km in length, with repeaters
every 2 km or less. The access control mechanism
uses token-ring technology. G
File Server A process running on a computer that gated (GATEway Daemon) A program that runs
provides access to files on that computer to under 4.3 BSD UNIX on a gateway to allow the
programs running on remote machines. The term is gateway to collect information from within one
often loosely applied to computers that run file autonomous system using RIP, HELLO, or other
server programs. interior gateway protocols, and to advertise routes to
another autonomous system using the exterior
finger A command that shows user information on gateway protocol, EGP.
either a local system or other systems within a
network. Gateway A special purpose, dedicated computer
that attaches to two or more networks and routes
Flat Namespace Characteristic of any naming in packets from one to the other. In particular, an IP
which object names are selected from a single set of gateway routes IP datagrams among the networks
strings (for example, street names in a typical city). to which it connects. Gateways route packets to
Flat naming contrasts with hierarchical naming in other gateways until they can be delivered to the
which names are divided into subsections that final destination directly across one physical
correspond to the hierarchy of authority that network. The term is loosely applied to any machine
administers them (for example, telephone numbers that transfers information from one network to
that are divided into area code, exchange, and another, as in mail gateway. Although the original
subscriber). literature used the term gateway, vendors often
Flow Control Control of the rate at which hosts or called them IP routers.
gateways inject packets into a network or internet, A device, or pair of devices, which interconnect two
usually to avoid congestion. Flow control or more networks or subnetworks enabling the
mechanisms can be implemented at various levels. passage of data from one (sub)network to another.
Simplistic schemes like ICMP source quench simply A gateway contains an IP module, a routing protocol
ask the sender to cease transmission until module and (for each connected subnetwork) a
congestion ends. More complex schemes vary the Subnetwork Protocol module (SNP). The routing
transmission rate continuously. protocol is used to coordinate with other gateways.
Fragment One of the pieces that results when an GGP (Gateway to Gateway Protocol) The protocol
Internet gateway divides an IP datagram into smaller core gateways use to exchange routing information,
pieces for transmission across a network that cannot GGP implements a distributed shortest path routing
handle the original datagram size. Fragments use computation. Under normal circumstances, all GGP
the same format as datagrams; fields in the IP participants will reach a steady state in which the
header declare whether a datagram is a fragment, routing information at all gateways agrees. GGP is
and if so, the offset of the fragment in the original now obsolete.
datagram. IP software at the receiving end must
reassemble fragments into complete datagrams. Gopher An Internet navigation tool that allows you
to search the Internet by selecting resources from a
Frame Literally, a packet as it is transmitted across menu on a public Gopher server.
a serial line. The term derives from character
oriented protocols that added special start-of-frame
and end-of-frame characters when transmitting
packets. We use the term throughout this book to
2. Data Link Layer the level at which Level 3 A reference to transport level
communication derived from the ISO 7-layer
information is moved reliably across the reference model. For TCP/IP internets, level 3 refers
physical link. to IP and the IP datagram format. Thus, a level 3
address is an IP address.
3. Network Layer the level at which Little Endian A format for storage or transmission of
connections between systems are binary data in which the least significant byte (bit)
comes first. See big endian.
established, maintained and terminated;
concerned with switching and routing
information.
M
Mail Bridge Used loosely to refer to any mail
4. Transport Layer the level at which gateway. Technically, a mail bridge screens mail
passing between two networks to ensure that it
end-to-end data integrity and quality of meets administrative constraints. In particular, mail
service are ensured. bridges between the ARPANET and MILNET do not
permit arbitrary mail flow.
5. Session Layer the level which Mail Exploder Part of an electronic mail system that
accepts a piece of mail and a list of addresses as
standardizes the tasks of setting up a input and sends a copy of the message to each
session and terminating it; coordinates address on the list. Most electronic mail systems
incorporate a mail exploder to allow users to define
interaction between end-application mailing lists locally.
processes. Mail Gateway A machine that connects to two or
more electronic mail systems (especially dissimilar
6. Presentation Layer the level at which mail systems on two different networks) and
the character set and data code are transfers mail messages among them. Mail
gateways usually capture an entire mail message,
specified as well as the way data is reformat it according to the rules of the destination
displayed on a screen or printer. mail system, and then forward the message. See
mail bridge.
7. Application Layer concerned with the MAN (Metropolitan Area Network) Any of several
new physical network technologies that operate at
higher level functions which provide high speeds (usually hundreds of megabits per
support to the application of system second) over distances sufficient for a metropolitan
area. See LAN and WAN.
activities.
mbps (Millions of Bits Per Second) A measure of
the rate of data transmission.
K MIB (Management Information Base) The set of
variables (database) that a gateway running CMOT
kbps (Kilo Bits Per Second) A measure of the rate or SNMP maintains. Managers can fetch or store
of data transmission. Also see mbps and baud. into these variables. MIB-II refers to an extended
management database that contains variables not
shared by both CMOT and SNMP. See also CMOT
L and SNMP.
LAN (Local Area Network) Any physical network MILNET (MILitary NETwork) Originally part of the
technology that operates at high speed (usually tens ARPANET, MILNET was partitioned in 1984 to make
of megabits per second through several gigabits per it possible for military installations to have reliable
second) over short distances (up to a few thousand network service while the ARPANET continued to be
meters). Examples include Ethernet and proNET-10. used for research. MILNET uses exactly the same
See MAN and WAN. A network connecting various hardware and protocol technology as ARPANET.
electronic devices in a localized geographical area Under normal circumstances, MILNET is part of the
such as a single office building or a campus. connected Internet.
Level 2 A reference to link level communication (for MTU (Maximum Transfer Unit) The largest amount
example, frame formats) or link level connections of data that can be transferred across a given
derived from the ISO 7-layer reference model. For physical network. For local area networks like the
long haul networks, level 2 refers to the Ethernet, the MTU is determined by the network
communication between a host computer and a standard. For long haul networks that use serial
network packet switch (for example, HDLC/LAPB). lines to interconnect packet switches, the MTU is
For local area networks, level 2 refers to physical determined by software.
frame format and addressing. Thus, a level 2
address is a physical frame address (for example, Multi-homed Host An Internet host with
an Ethernet address). connections to two or more physical networks.
Multi-homed hosts can function as gateways if their connected Internet. NSF has also funded individual
routing tables are assigned correct values for routes. researchers working in the network area as well as
Multicast A technique that allows copies of a single large projects spanning multiple institutions like
packet to be passed to a selected subset of all CSNET. NSFNET (National Science Foundation
possible destinations. Some hardware (for example, NETwork) Loosely used to describe collectively the
Ethernet) supports multicast by allowing a network cross country backbone, mid-level networks, and
interface to belong to one or more multicast groups. supercomputer consortia networks that have all
Broadcast is a special form of multicast in which the been started with NSF seed funds. In a narrow
subset of machines to receive a copy of a packet sense, NSFNET refers only to the backbone
consists of the entire set. IP supports an internet network.
multicast facility.
O
N OSF (Open Software Foundation) A consortium of
Name Resolution The process of mapping a name hardware manufacturers who attempt to set
into a corresponding address. The domain name common standards for open systems, including
system provides a mechanism for naming operating systems and networks. Emerging OSF
computers in which programs use remote name standards include the OSF/1 operating system,
servers to resolve machine names into IP addresses Distributed Computing Environment (DCE) and
for those machines. Distributed Management Environment (DME).
NetBIOS (Network Basic Input Output System) OSI (Open Systems Interconnect) A reference to
NetBIOS is the standard interface to networks on protocols, specifically ISO standards, for the
IBM PC and compatible personal computers. In a interconnection of cooperative computer systems.
TCP/IP internet, NetBIOS refers to a set of OSPF Open Shortest Path First. It is an interior
guidelines that describes how to map NetBIOS gateway protocol based on a link state protocol
operations into equivalent TCP/IP operations. For model and is currently a Proposed Standard for
example, one of the NetBIOS naming operations Internet routing in autonomous systems.
maps into domain name system interactions.
Network Byte Order The TCP/IP standard for
transmission of integers that specifies most P
significant byte appears first (big endian). Sending
machines are required to translate from the local Packet The unit of data sent across a packet
switching network. The term is used loosely. While
integer representation to network byte order, and
receiving machines are required to translate from some TCP/IP literature uses it to refer specifically to
network byte order to the local machine data sent across a physical network, other literature
views an entire Internet as a packet switching
representation.
network and describes IP datagrams as packets.
NFS (Network File System) A protocol developed
PAD (Packet Assembler Disassembler) A term
by SUN Microsystems that uses IP to allow a set of
cooperating computers to access each other's file used with X.25 networks that refers to a terminal
systems as if they were local. The key advantage of multiplexer device that forms a connection between
terminals and hosts across an X.25 network. A PAD
NFS over conventional file transfer protocols is that
NFS hides the differences between local and remote accepts characters from a conventional terminal and
files by placing them in the same name space. NFS sends them across an X.25 network; it accepts
packets from an X.25 network, extracts characters,
was designed for UNIX systems, but has been
implemented for many systems including personal and displays them on a terminal.
computers like the IBM PC and Apple MacIntosh. ping (Packet InterNet Groper) The name of a
NIS A distributed database system which allows the program used in the Internet to test reachability of
sharing of system information. Examples of system destinations by sending them an ICMP echo request
and waiting for a reply. The term has survived the
information that can be shared include the
/etc/passwd, /etc/group, /etc/hosts files. original program and is now used like a verb as in,
please ping host A to see if it is alive.
NOC (Network Operations Center) The
organization at BBN that monitors and controls Port See protocol port.
several networks that form part of the Internet, Protocol A formal description of message formats
including the ARPANET, MILNET, and at least one and the rules two or more machines must follow to
X.25 based network. exchange those messages. Protocols can describe
low level details of machine to machine interfaces
NREN (National Education and Research
Network) The planned successor to the connected (for example, the order in which the bits from a byte
Internet that provides high-speed access to scientific are set across a wire), or high-level exchanges
between application programs (for example, the way
and educational institutions.
in which two programs transfer a file across an
NSF (National Science Foundation) A government internet). Most protocols include both intuitive
agency that has funded the development of a cross descriptions of the expected interactions as well as
country backbone network as well as regional more formal specifications using finite state machine
networks designed to connect scientists to the models.
Protocol Port The abstraction that transport because many machines on the Internet support
protocols use to distinguish among multiple timesharing instead of batch job processing.
destinations within a given host computer. TCP/IP rlogin (Remote LOGIN) The service offered by
protocols identify ports using small positive integers. Berkeley 4.3 BSD UNIX systems that allows users
Usually, the operating system allows an application of one machine to connect to other UNIX systems
program to specify which port it wants to use. Some across an internet and interact as if their terminals
ports are reserved for standard services (for connected to the machines directly. Although rlogin
example, electronic mail). offers essentially the same service as TELNET, it is
PSN (Packet Switch Node) The name of an superior because the software passes information
ARPANET packet switch; PSNs were formerly called about the user's environment (for example, terminal
IMPs. PSNs were implemented with BBN C30 or type) to the remote machine.
BBN C300 mini-computers and execute packet Route In general, a route is the path that network
switch software under control of the Network traffic takes from its source to its destination. In a
Operation Center at BBN. Each PSN connected to TCP/IP internet, each IP datagram is routed
at least two other PSNs as well as from 1 to 16 host separately; the route a datagram follows may
computers. include many gateways and many physical
networks.
R routed (Route Daemon) A program that runs under
4.3BSD UNIX to propagate routes among machines
RARP (Reverse Address Resolution Protocol) on a local area network. It uses the RIP protocol.
The Internet protocol a diskless machine uses a Pronounced "route-d."
startup to find its Internet address. The machine
broadcasts a request that contains its physical Router Generically, any machine responsible for
hardware address and a server responds by making decisions about which of several paths
sending the machine its Internet address. RARP network traffic follows. At the lowest level, a physical
takes its name and the message format from network bridge is a router because it chooses
another Internet address resolution protocol, ARP. whether to pass packets from one physical wire to
another. Within a long-haul network, each individual
rcp Part of the Berkeley set of network commands. packet switch is a router because it chooses routes
Transfers files between a local and a remote host or for individual packets. In a TCP/IP internet, each IP
between two remote hosts. gateway is a router because it uses IP destination
Regional Net The original term applied to NSFNET addresses to choose routes.
mid-level networks. RS232 A standard by EIA that specifies the
Repeater A hardware device that copies electrical electrical characteristics of slow speed
signals from one Ethernet to another. Typically, sites interconnections between terminal and computers or
that have repeaters use them to connect a physical between two computers. The specification limits
Ethernet cable on each floor of a building to a speeds to 20 Kbps and distance to 500 feet, but
backbone cable. The chief disadvantage of a many manufacturers support speeds of 38.4 Kbps
repeater compared to a bridge is that it transfers and/or longer distances. Although the standard
electrical noise as well as packets. At most, two commonly used is RS232C, most people refer to it
repeaters can appear between any two machines as RS232.
connected to an Ethernet. rsh Part of the Berkeley set of network commands.
rexec Part of the Arpanet set of network commands. It executes the specified command at the remote
It executes commands one at a time on a remote host or logs into the remote host.
host.
RFC (Request For Comments) The name of a
series of notes that contain surveys, measurements, S
ideas, techniques, and observations, as well as SDLC (Synchronous Data Link Control) A
proposed and accepted TCP/IP protocols standards. predecessor of HDLC defined by IBM Corporation
RFCs are edited but not refereed. They are and used in their SNA network products.
available on-line from the Network Information Segment The unit of transfer sent from TCP on one
Centre. machine to TCP on another. Each segment contains
RIP (Routing Information Protocol) The protocol part of a stream of bytes being sent between the
used by Berkeley 4.3 BSD UNIX systems to machines as well as additional fields that identify the
exchange routing information among a (small) set of current position in the stream and contain a
computers. Usually, the participating machines all checksum to ensure validity of received data.
attach to a single local area network. Implemented Sliding Window Characteristic of those protocols
by the UNIX program routed, RIP derives from an that, when sending a stream of bytes, allow the
earlier protocol of the same name developed at sender to transmit up to n packets before an
Xerox. acknowledgement arrives. After the sender receives
RJE (Remote Job Entry) The service offered by an acknowledgement for the first outstanding
many networks that allows one to submit a (batch) packet, it slides the packet window along the stream
job from a remote site. Although the Internet has a and sends another. Values for n are usually on the
protocol for RJE service, it is not very popular order of 10.
SLIP Serial Line Interface Protocol is an inexpensive (shut down) one direction of flow across a TCP
TCP/IP point-to-point connection with each connection, leaving a one-way (simplex) connection.
connection considered a unique network. The entire protocol suite is often referred to as
SLIPLOGIN An inexpensive TCP/IP password TCP/IP because TCP and IP are the two most
protect point-to-point serial connection that is fundamental protocols.
activated upon a call-in or dial-in process. TELNET The TCP/IP standard protocol for remote
SMTP (Simple Mail Transfer Protocol) The terminal connection service. TELNET allows a user
TCP/IP standard protocol for transferring electronic at one site to interact with a remote timesharing
mail messages from one machine to another. SMTP system at another site as if the user's terminal
specifies how two mail systems interact and the connected directly to the remote machine. That is,
format of control messages they exchange to the user invokes a TELNET application program that
transfer mail. connects to a remote machine, prompts for a login id
and password, and then passes keystrokes from the
SNA (System Network Architecture) The name user's terminal to the remote machine and displays
applied to an architecture and a class of network output from the remote machine on the user's
products offered by IBM Corporation. SNA does not terminal.
interoperate with TCP/IP.
TFTP (Trivial File Transfer Protocol) The TCP/IP
SNMP (Simple Network Management Protocol) A standard protocol for file transfer with minimal
standard protocol used to monitor IP gateways and capability and minimal overhead. TFTP depends
the networks to which they attach. SNMP defines a only on the unreliable, connectionless datagram
set of variables that the gateway must keep and delivery service (UDP), so it can be used on
specifies that all operations on the gateway are a machines like diskless workstations that keep such
side effect of fetching or storing to the data software in ROM and use it to bootstrap themselves.
variables. Also see CMOT and MIB.
Token Bus A type of network technology in which
Socket The abstraction provided by Berkeley 4.3 permission to transmit is specifically passed from
BSD UNIX that allows a process to access the one station to another as a means for governing
Internet. A process opens a socket, specifies the shared access to the channel.
service desired (for example, reliable stream
delivery), binds the socket to a specific destination, Token Ring When used in the generic sense, a type
and then sends or receives data. of network technology that controls media access by
passing a distinguished packet, called a token, from
Source Route A route that is determined by the machine to machine. A computer can only transmit a
source. TCP/IP implements source routing by using packet when holding the token. When used in a
an option field in an IP datagram. The source fills in specific sense, it refers to the token ring network
a sequence of machines that the datagram must hardware produced by IBM.
visit along its trip to the destination. Each gateway
along the path honors source routing by following Topology A description of how stations on a
the list of machines to visit instead of following the network connect to a cable. Examples of specific
usual route to the destination. topologies include: Bus, Ring, Star and Tree. Two
kinds of topology include:
Subnet Address An extension of the IP addressing
scheme that allows a site to use a single IP network 1. Physical topology The configuration
address for multiple physical networks. Outside of of network nodes and links. Description
the site using subnet addressing, routing continues
as usual by dividing the destination address into a of the physical geometric arrangement
network portion and local portion. Gateways and of the links and nodes that make up a
hosts inside a site using subnet addressing interpret
the local portion of the address by dividing it into a network, as determined by their physical
physical network portion and host portion. connections.
protocols place the header at the end of the packet, Well-known Port Any of a set of protocol port
so the operating system can arrange to have the numbers preassigned for specific uses by transport
network hardware deposit incoming datagrams with level protocols (that is, TCP and UDP). Servers
the data area starting on a page boundary. The follow the well-known port assignments so clients
technique saves on the overhead of copying can locate them. Examples of well-known port
datagrams once they arrive. numbers include ports assigned to echo servers,
Transceiver A device that connects a host interface time servers, remote login (TELNET) servers, and
to local area network (for example, Ethernet). file transfer (FTP) servers.
Ethernet transceivers contain analog electronics that World Wide Web (WWW) An Internet navigation
apply signals to t he cable and sense collisions. tool that allows a user to browse a world-wide set of
TTL (Time To Live) A technique used in best-effort services and documents using hypertext. It is based
delivery systems to avoid endlessly looping packets. on hypertext documents whose structure links
For example, each IP datagram is assigned an pages of hypertext to other documents on other
integer time to live when it is created. IP gateways sites. The Web consists of the masses of linked
decrement the time to live field when they process a servers all over the world.
datagram and discard the datagram if the time to live
counter reaches zero.
X
X.25 The CCITT standard protocol for transport level
U network service. Originally designed to connect
UDP (User Datagram Protocol) The Internet terminals to computers, X.25 provides a reliable,
standard protocol that allows an application program stream transmission service that can support remote
on one machine to send a datagram to an login. The X25NET service offered by CSNET
application program on another machine. UDP uses demonstrates that it is possible to run TCP/IP
the Internet Protocol to deliver datagrams. protocols, IP in particular, over an X.25 network.
Conceptually, the important difference between UDP X.25 is most popular in Europe.
and IP is that UDP messages include a protocol port X25NET (X.25 NETwork) A service offered by
number, allowing the sender to distinguish among CSNET that passed IP traffic between a subscriber
multiple destinations (application programs) on the site and the Internet using X.25.
remote machine. In practice, UDP also includes a X.400 The CCITT protocol for electronic mail that is
checksum over the data being sent. expected to become widely accepted. The current
Universal Time The international standard time version is X.400(88) because it was defined in 1988.
reference that was formerly called Greenwich Mean Work is underway to make TCP/IP mail systems
Time. It is also called Coordinated Universal Time. interoperate with X.400.
UUCP (UNIX-to-UNIX Copy Program) An XDR (eXternal Data Representation) The standard
application program developed in the mid 1970s for for a machine independent data structure
version 7 UNIX that allows one UNIX timesharing representation developed by SUN Microsystems. To
system to copy files to or from another UNIX use XDR, a sender translates from the local
timesharing system over a single (usually dialup) machine representation to the standard external
link. Because UUCP is the basis for electronic mail representation and a receiver translates from the
transfer in UNIX, the term is often used loosely to external representation to the local machine
refer to UNIX mail transfer. representation.
XNS (Xerox Network Standard) The term used
collectively to refer to the suite of Internet protocols
V developed by researchers at Xerox Corporation.
Veronica A server that builds a database of Gopher Although similar in spirit to the TCP/IP protocols,
menus from all the Gopher servers referred to as XNS uses different packet formats and terminology.
Gopherspace. Xstation A high-function LAN-attached terminal
Virtual Circuit A network service enabling two end whose function is limited to the functions of an X
points to communicate as though via a physical Window server.
circuit; a logical transmission path. X-Window System A software system developed at
MIT for presenting and managing output on
bit-mapped displays. Each window consists of a
W rectangular region of the display that contains
WAIS Wide Area Information Servers know about textual or graphical output. X allows application
hundreds of databases that contain information of programs on a variety of computers to display output
general topics. in separate windows on a single display. X uses a
program called a window manager to allow the user
WAN (Wide Area Network) Any physical network to create, move, overlap, and destroy windows.
technology that spans large geographical distances.
Also called long-haul networks, WANs usually
operate at slower speeds and have significantly
higher delays than networks that operate over
shorter distances. See LAN and MAN.
Z
Zone of Authority Term used in the domain name
system to refer to the group of names for which a
given name server is an authority. Each zone must
be supplied by two name servers that have no
common point of failure.
backpg
Back page