tcp/ip configuration on system i5 - · pdf filetcp/ip configuration on system i5 ... displays...

1

TCP/IP configuration on System i5

Michigan iSeries Tech Conf

Spring 2006

Larry Bolhuis [email protected] Solutions, Inc. 616.451.2500Grand Rapids, MI www.arbsol.com

TCP/IP configuration MITECH S06 2

Agenda

ConfigurationLine Descriptions (Yes we need them!)InterfacesRoutesDNS ResolutionIP attributesDHCP ServerDNS ServerSelect Other ServersMixed throughout: Configuring Redundant Interfaces!


IP Terms

HostANY device with an address

Server, Client, Printer, Router, Firewall, Toaster, etc.

NetworkA group of Hosts with the same network number

Typically are on the same physical networki.e. Ethernet, Token-ring, Dialup RAS Server, Cable modem, DSL


Internet Protocol Version 4 (IPV4) Address Format

IPV4 addresses are 32 bits long (4 bytes)Usual representation is dotted decimal.

i.e. 172.16.1.2Each octet ranges from 0 to 255 as it represents 8 binary bits (one byte)Total of just over 4 billion addresses, sounds like a lot, but….The Host and the Network address are combined in the IP address


Reserved/Special Purpose Host Addresses

No matter how large or small the network there are two host addresses you cannot assign.The Network is host address with all bits of 0

In the Class “C” network 192.168.1.x the host Network address is 192.168.1.0

The Broadcast address is host address with all bits of 1In the same network the Broadcast address is 192.168.1.255

This is why there are only 254 (256-2) address available in a Class “C” network.The smallest network (255.255.255.252 or CIDR /30) has two usable addresses plus the network and broadcast addresses.


iSeries Access forThe Web Home

Intended for use byend users not foradministration use.

Note the left sidemenu has nothingfor dealing withInterfaces, addressesroutes etc.

Needs no install on the client side.

Very powerful and iswhere iSeries Accessis heading.


Baseline

All screens and iSeries Navigator panels are i5/OS V5R3 *Except where noted as V5R4Managed Systems are i5/OS V5R3 *Except (see above!)First we will configure minimal IP via Green Screen followed by the same in iNav.Additional servers and options will be covered in iNav onlyRedundant and load balanced interfaces allow your system (and more importantly all those 5250 sessions!) to survive a LAN card, LAN Cable or Switch failure.Since we need a physical interface to connect with iNav or Telnet we will briefly look at a physical interface first


Redundant, Load Balanced “Highly Available” Network Connections

To achieve this goal, several things are needed.More than one Physical line (i.e. Ethernet), preferably on Separate IOPs and on separate Busses for best protectionMore than one cable connection, preferably to separate network switchesA separate IP address for each Physical line (in addition to a production IP address)

These addresses must all be in the same IP Subnet

Special routes that direct OS/400 to balance traffic on selectedInterfacesA virtual IP interface with the production IP addressOS/400 V5R2 or i5/OS V5R3 or newer

Pieces of this configurationwill be noted in this space!


You should have interfaces already and you should have more than oneto your local network. More on how and why that’s important later!

PhysicalLine

Key Pieces:-Resourcename-Line Speed-Duplex

I stronglyrecommendsetting bothline speedand duplexrather thanselecting*AUTO on both the iSeries AND Network switch.Fixed Speed and Duplex

Help prevent line drops


CFGTCP Menu – TCP/IP ConfigSome options

have

commands

behind them

Others are

available only

here

We will

concentrate

on Interfaces,

routes,

host table and

domain info.


Option 1 from CFGTCPmenu

Command:(option only)

Show all configured IPv4 addresses on the iSeriesF11 will show status (If TCP/IP is active)Add, Change, Remove, Start, Stop from hereAlso see NETSTAT *IFC for status and Start/Stop


Option 1 (ADD)from workwith TCP/IPinterfaces

Command:ADDTCPIFC

Internet Address assigned by your network administratorIt must be fixed. iSeries will not seek a DHCP addressLine name must existSubnet mask also comes from network admin




Displays all Static routes (i.e. Manually entered)Can add, change, remove routes from hereAlso see NETSTAT *RTE for learned and active routes


Option 1 (ADD) from work withTCP/IProutes

Command:ADDTCPRTE

Shown adding the default route, Special value *DFTROUTESpecial value for Subnet Mask of *NONENext hop address is usually a router and MUST be on thelocal network!



Command:CHGTCPDMN

Must enter the server’s Host and Domain NamesSearch Priority designates local host file or DNS queried firstDNS Server addresses should also be specifiedhostname.domain MUST resolve to an IP on this system!!


Option 12 from CFGTCPmenu(Page 2)

Command:CHGTCPDMN

Introduced in V5R2

Can now use ports other than the default of 53Optionally can use TCP protocol, server must support it!Servers can be rotated or default of top to bottomRetry count and intervals can also be adjusted




Maintenance of ‘Hosts’ file (QUSRSYS/QATOCHOST mbr HOSTS)Up to four names may be associated with each IP AddressNote that you can change names with option 2 but option7 allows you to change the IP address (‘Rename the IP’)


iSeries NavigatoriSeries navigator (iNav) has much greater flexibilityiNav can configure much more than the command lineSome servers and other stuff are configured via iNavonly

DNS, DHCP, PPP, IASPS, …

Some parameters are available in iNav only, examples:Proxy Arp on InterfacesInterface Affinity (*V5R4)Interface filters

Some statistics are available in iNav only, examples:Interface StatsGraphical line utilizationDNS Server stats, DHCP Lease information


iSeries Navigator is the preferred interface for managing iSeries TCP/IP and is the only way to accomplish many tasks.

In order to get this going you do need to have aline description active and configured with a TCP/IPaddress.

You can establish your initial IP address configuration on the green screen or with the Easy Setup tool included with iSeries Access

iSeries Navigator Entry point


Expand:Network,TCP/IP cfg,IPv4

Click on:Interfaces

Lists all IP Interfaces (Addresses) on the systemStatus and significant attributes.


Each interface gets an IP address anda subnet mask. Note that in iNav adescription can be added

This interface is a virtual IP interface

NOT associated with a specific hardware line description, However in V5R4 they can gain affinity for a specific line.

Virtual IP addresses havea 255.255.255.255 mask

To be visible to the outside the address must be in the address range of a physical interface

Proxy Arp must be enabled! (V5R2 option)This is the Virtual Interface used

for highly available connections

Usually 1492 for 100Mb,8991 for Gbe Lines


V5R4 Panel for a virtual IP interface.

Note the addition of the ALIAS name.

Also new in V5R4 is the ability to prefer a specific line (via it’s associated physical IP)

Useful for example if you have a 1Gb line and a 100Mb line and wish to prefer the Gb line.

Note that MTU must match smallest of available lines.This is the Virtual Interface used

for highly available connections



Click on:Routes

Add new from left panel

Modify from right

Lists all IP Routes on the system, manual and learnedStatus and significant attributes.


Types of Routes

Host Routes (Consulted First)Specify a route to a specific Host

Network Routes (Consulted Second)Specify a route to a network of HostsRoutes to the local network are added automatically or you may enter your own (example next)Many of these can be addedDuplicates ARE allowed

Default Route (Consulted Last)Specify routers to be used when no Host or Network routes match


Showler Route PropertiesA route to the local networkKeys are:- Destination Network (ours)- Subnet Mask- Next hop (interface on this sys)

May not change active route

[Advanced Tab]Bind to the Next hop address

aboveRoute precedence must NOT be 5

You must create one of these for each interface connected to a network. Route precedence must match for all of them. (*!)

Schowler routes are used to loadBalance network connections



Right Click on:TCP/IP

Config.

Stop Options

Utilities

Either STOP option is fatal to your iNav connection!!Utilities are run from the iSeries. Good for testing connectivity.


TCP/IP Configuration Properties[Host Domain Information Tab]

Update the Host name for this server

Update the domain name

Enter up to three DNS servers

Additional domain suffixes may also beadded here. They aresearched in order

Advanced allows you tomodify connectivity optionsused to communicate withthe DNS Servers


TCP/IP ConfigurationHost Table

Updates the Host namestable:QUSRSYS/QATOCHOSTmember HOSTS

Up to four names per IPmay be entered.

This panel is used for both add andEdit.


Additional configuration

At this point we have configured each item needed for basic communication

The rest of the configuration will be items only or at least more easily configured from iNav


TCP/IP Configuration Properties[Servers to Start Tab]

This is the only place you can see all the TCP/IP Servers and display or change whether they should start when TCP/IP Starts.

You can also set this attribute individually from CHGxxxxxAcommands or from the individual servers properties in iNav

Note that SNMP is missing here and in iNav in general. Hmmm…


IPv4 Properties[General Tab]

General properties for IPv4

Defaults normally apply here!

Network file cache is used with HTTP to support FRCA (Fast Response Cache accelerator) This can dramatically speed web serving in many instances.

V5R2 Enhancement


IPv4 Properties[Transports Tab]


Shows connections to and from this system*EXCELLENT* for troubleshooting!

Remote addressand port Local

addressand port


Click on:Connections

F11 to subset the list. Very powerful selection

ConnectionState and timeSince last traffic

TrafficStatisticsInbound and outbound


This is the list of TCP/IP Servers included in i5/OSAll of them can be maintained from here

Expand:Network,Servers

Click on:TCP/IP

Right click on any for menu.

Note upper right corner shows time since refresh


DHCP- Dynamic Host Configuration Protocol

Grew from RARP and then BOOTPAll of these run on the wire protocol (ethernet, token-ring, Wireless, etc)Host sends a broadcast packet requesting IP information (Address, Mask, Gateway..)DHCP Server(s) respond with an offerHost acknowledges the best offer

RARP – Reverse Address Resolution ProtocolBOOTP – Bootstrap Protocol


DHCP - Server

Server is configured with information for each subnet it serves

Server tracks available addresses and active leases

Lease times are set to expire often enough so that DHCP changes are effective but not so short as to increase network traffic


DHCP server10.201.4.10

DHCP server10.194.5.10

Router withBOOTP relay

DHCP FlowHosts submits a DHCP request IP address discover messageBOOTP Forwarding routers pass these requests alongMore than one server may respondHost selects one address and replies to the serverServer commits the address and responds


DHCP Server configurationDynamic Host Configuration Protocol

This server will hand out the required pieces of information a host needs to communicate on the network

IP AddressSubnet MaskDomain NameDefault GatewayDNS Servers

Additionally it is told who is allowed to get what addresses.Generally a range of addresses is used for dynamic configuration and the rest are held for static use (Servers, Routers etc)Lease time is assigned.

Low lease times means higher traffic and load as well as the possibility that leases may expire while the DHCP server is down.Long lease times mean low traffic and load but changes in the DHCP server take a long time to replicate to the hosts in the network.


DHCP Server Configuration

All subnets, are listed here

Right click Global and select Properties.

Shown is [Leases] tab.

This sets the default time the address lease is valid for.

When this time is 50% used up the client will start attempting to renew the lease.

This gives a cushion for renewal


DHCP Server Configuration[Dynamic DNS] tab.

Updates are sent to the DNS Server when the lease is granted.

May update Forward (A) records, Reverse (PTR) records, or both and the domain name.

[Options tab] There are 80 options!

At the global level normally only the Domain Name and Domain name servers are specified

Others are specified at the subnet level


DHCP Server ConfigurationSubnet properties [Address Pool] tab.

Defines the addresses available to be leased to clients.

Can be done by range (as shown) or can be a subnet of a larger network.(i.e. 172.16.1.0/24 of the 172.16.0.0/16 network)

Sets the subnet mask for the range

Also addresses can be excluded for those times you find something that you don’t want to change unexpectedly.


DHCP Server ConfigurationSubnet properties [Options] tab.

In this space the options for the subnet are defined.

Options entered here override options entered at the global level.

Usually a subnet mask and Router are defined here.

MANY options can be specified but this is a basic configuration!


DNS – Domain Name System

Do you really want to know the numbers of every server you need to access? (Hint: NO!)We need a way to determine the address of www.arbsol.com www.ibm.comwww.common.org etc. DNS Correlates numbers with namesBased on Berkley Internet Names Domain (BIND)Hierarchical name system world wide


DNS Content

DNS Servers contain:IP Address to host name mappingTime to Live for that mappingMail server names for your domainDelegations for sub domains

When the server doesn’t know it checks upstream serversWhen they don’t know they go to the root servers to find out who to ask.


DNS Server configurationDomain Name System

This server translates Fully Qualified Domain Names (FQDN) to IPaddresses.

i.e. www.arbsol.com is 209.176.197.100Mail servers are assigned via MX (mail exchanger) records

i.e. arbsol.com has smtp1w.arbsol.com and smtp1s.arbsol.com as MX entries. These are prioritized and they are used from the top.

Addresses have limited life spans in outside caches. This is assigned by the DNS server as well.

Long lifetimes means lower internet use as addresses live in cachesShort lifetimes increases traffic as addresses age out of caches sooner, however changes propagate more quickly

DNS servers can work together and update each other in Primary/Secondary relationships. Advanced course: DNS Servers can be updated by DHCP servers as addresses are leased. This is Dynamic DNS (DDNS)


DNS Server Configuration

Shown are the domains defined in DNS that are either defined here (Primary) or mirrored here (Secondary)

To view contents of a domain, click on it.

i5/OS includes BIND version 8 which requires PASEV4Rx included BIND version 4. Migration is supported.


DNS Server Configuration

Shown are the hosts listed in the frankenseries.comdomain.

Below are the SOA (Start Of Authority) and DNS records for the domain

Right click on the domain for menu.

Select Properties for options.

The ‘New’ option is used to add hosts to the list


DNS Server Zone properties SOA record

Each zone must have an email address assigned.

Also the timeouts are defined here, setting these wrong can be very bad.

DO NOT USE the values here as these are WAY LOW. (This server is used for testing stuff!)


‘Generic’ server configuration

All servers on iSeries have SOME properties even if it’s just ‘Start at IPL’MANY servers have extensive configuration. We can’t POSSIBLY even touch them here.Peruse them to see what options are available.We will look at just one for ideas and a sample:That the Database server. This guy supports ODBC/JDBC and is often an issue for iSeries shops.


iSeries Access Servers

These are also TCP/IP but are iSeries defined.

Each has properties like the TCP/IP servers

Right click for menu

We’ll look at properties next.


Database Server PropertiesMost important configuration option here is to box certain users into other subsystems, thus increasing or decreasing resources for those users.

Once you have defined at least one the system adds <public> as the default.

Watch the Alternate Action!!

You may route individual or a range of IPs and you may only do this by IP.

YOU must still create the required subsystem and populate pre-start and routing entries to support these users.(Hint: Clone QUSRWRK!)


Summary

i5/OS TCP/IP Support is full and rich.

All pieces are included in i5/OS $free

Understanding your configuration and the system’s capabilities will help assure that you get the most from your system

Larry Bolhuis [email protected]


SummaryCommunications between hosts requires the ability to distinguishone from another and the IP Address does that.Hosts are grouped by network, typically a geographic or physicalconnection (i.e. Ethernet)The subnet mask defines how many of the 32 bits constitute the network portion of the address, the rest are the host portionRoutes are used (Coming up next) to communicate outside the local networkAddresses must be unique for every hostAssigning them is best left to DHCPNames are used whenever possible to mask the numbersMistakes will haunt you! Do your best.

Larry Bolhuis [email protected]

tcp/ip configuration on system i5 - · pdf filetcp/ip configuration on system i5 ... displays...

Documents