tcp/ip configuration on system i5 - · pdf filetcp/ip configuration on system i5 ... displays...
TRANSCRIPT
1
TCP/IP configuration on System i5
Michigan iSeries Tech Conf
Spring 2006
Larry Bolhuis [email protected] Solutions, Inc. 616.451.2500Grand Rapids, MI www.arbsol.com
TCP/IP configuration MITECH S06 2
Agenda
ConfigurationLine Descriptions (Yes we need them!)InterfacesRoutesDNS ResolutionIP attributesDHCP ServerDNS ServerSelect Other ServersMixed throughout: Configuring Redundant Interfaces!
TCP/IP configuration MITECH S06 3
IP Terms
HostANY device with an address
Server, Client, Printer, Router, Firewall, Toaster, etc.
NetworkA group of Hosts with the same network number
Typically are on the same physical networki.e. Ethernet, Token-ring, Dialup RAS Server, Cable modem, DSL
TCP/IP configuration MITECH S06 4
Internet Protocol Version 4 (IPV4) Address Format
IPV4 addresses are 32 bits long (4 bytes)Usual representation is dotted decimal.
i.e. 172.16.1.2Each octet ranges from 0 to 255 as it represents 8 binary bits (one byte)Total of just over 4 billion addresses, sounds like a lot, but….The Host and the Network address are combined in the IP address
TCP/IP configuration MITECH S06 5
Reserved/Special Purpose Host Addresses
No matter how large or small the network there are two host addresses you cannot assign.The Network is host address with all bits of 0
In the Class “C” network 192.168.1.x the host Network address is 192.168.1.0
The Broadcast address is host address with all bits of 1In the same network the Broadcast address is 192.168.1.255
This is why there are only 254 (256-2) address available in a Class “C” network.The smallest network (255.255.255.252 or CIDR /30) has two usable addresses plus the network and broadcast addresses.
TCP/IP configuration MITECH S06 6
iSeries Access forThe Web Home
Intended for use byend users not foradministration use.
Note the left sidemenu has nothingfor dealing withInterfaces, addressesroutes etc.
Needs no install on the client side.
Very powerful and iswhere iSeries Accessis heading.
TCP/IP configuration MITECH S06 7
Baseline
All screens and iSeries Navigator panels are i5/OS V5R3 *Except where noted as V5R4Managed Systems are i5/OS V5R3 *Except (see above!)First we will configure minimal IP via Green Screen followed by the same in iNav.Additional servers and options will be covered in iNav onlyRedundant and load balanced interfaces allow your system (and more importantly all those 5250 sessions!) to survive a LAN card, LAN Cable or Switch failure.Since we need a physical interface to connect with iNav or Telnet we will briefly look at a physical interface first
TCP/IP configuration MITECH S06 8
Redundant, Load Balanced “Highly Available” Network Connections
To achieve this goal, several things are needed.More than one Physical line (i.e. Ethernet), preferably on Separate IOPs and on separate Busses for best protectionMore than one cable connection, preferably to separate network switchesA separate IP address for each Physical line (in addition to a production IP address)
These addresses must all be in the same IP Subnet
Special routes that direct OS/400 to balance traffic on selectedInterfacesA virtual IP interface with the production IP addressOS/400 V5R2 or i5/OS V5R3 or newer
Pieces of this configurationwill be noted in this space!
TCP/IP configuration MITECH S06 9
You should have interfaces already and you should have more than oneto your local network. More on how and why that’s important later!
PhysicalLine
Key Pieces:-Resourcename-Line Speed-Duplex
I stronglyrecommendsetting bothline speedand duplexrather thanselecting*AUTO on both the iSeries AND Network switch.Fixed Speed and Duplex
Help prevent line drops
TCP/IP configuration MITECH S06 10
CFGTCP Menu – TCP/IP ConfigSome options
have
commands
behind them
Others are
available only
here
We will
concentrate
on Interfaces,
routes,
host table and
domain info.
TCP/IP configuration MITECH S06 11
Option 1 from CFGTCPmenu
Command:(option only)
Show all configured IPv4 addresses on the iSeriesF11 will show status (If TCP/IP is active)Add, Change, Remove, Start, Stop from hereAlso see NETSTAT *IFC for status and Start/Stop
TCP/IP configuration MITECH S06 12
Option 1 (ADD)from workwith TCP/IPinterfaces
Command:ADDTCPIFC
Internet Address assigned by your network administratorIt must be fixed. iSeries will not seek a DHCP addressLine name must existSubnet mask also comes from network admin
TCP/IP configuration MITECH S06 13
Option 2 from CFGTCPmenu
Command:(option only)
Displays all Static routes (i.e. Manually entered)Can add, change, remove routes from hereAlso see NETSTAT *RTE for learned and active routes
TCP/IP configuration MITECH S06 14
Option 1 (ADD) from work withTCP/IProutes
Command:ADDTCPRTE
Shown adding the default route, Special value *DFTROUTESpecial value for Subnet Mask of *NONENext hop address is usually a router and MUST be on thelocal network!
TCP/IP configuration MITECH S06 15
Option 12 from CFGTCPmenu
Command:CHGTCPDMN
Must enter the server’s Host and Domain NamesSearch Priority designates local host file or DNS queried firstDNS Server addresses should also be specifiedhostname.domain MUST resolve to an IP on this system!!
TCP/IP configuration MITECH S06 16
Option 12 from CFGTCPmenu(Page 2)
Command:CHGTCPDMN
Introduced in V5R2
Can now use ports other than the default of 53Optionally can use TCP protocol, server must support it!Servers can be rotated or default of top to bottomRetry count and intervals can also be adjusted
TCP/IP configuration MITECH S06 17
Option 11 from CFGTCPmenu
Command:(option only)
Maintenance of ‘Hosts’ file (QUSRSYS/QATOCHOST mbr HOSTS)Up to four names may be associated with each IP AddressNote that you can change names with option 2 but option7 allows you to change the IP address (‘Rename the IP’)
TCP/IP configuration MITECH S06 18
iSeries NavigatoriSeries navigator (iNav) has much greater flexibilityiNav can configure much more than the command lineSome servers and other stuff are configured via iNavonly
DNS, DHCP, PPP, IASPS, …
Some parameters are available in iNav only, examples:Proxy Arp on InterfacesInterface Affinity (*V5R4)Interface filters
Some statistics are available in iNav only, examples:Interface StatsGraphical line utilizationDNS Server stats, DHCP Lease information
TCP/IP configuration MITECH S06 19
iSeries Navigator is the preferred interface for managing iSeries TCP/IP and is the only way to accomplish many tasks.
In order to get this going you do need to have aline description active and configured with a TCP/IPaddress.
You can establish your initial IP address configuration on the green screen or with the Easy Setup tool included with iSeries Access
iSeries Navigator Entry point
TCP/IP configuration MITECH S06 20
Expand:Network,TCP/IP cfg,IPv4
Click on:Interfaces
Lists all IP Interfaces (Addresses) on the systemStatus and significant attributes.
TCP/IP configuration MITECH S06 21
Each interface gets an IP address anda subnet mask. Note that in iNav adescription can be added
This interface is a virtual IP interface
NOT associated with a specific hardware line description, However in V5R4 they can gain affinity for a specific line.
Virtual IP addresses havea 255.255.255.255 mask
To be visible to the outside the address must be in the address range of a physical interface
Proxy Arp must be enabled! (V5R2 option)This is the Virtual Interface used
for highly available connections
Usually 1492 for 100Mb,8991 for Gbe Lines
TCP/IP configuration MITECH S06 22
V5R4 Panel for a virtual IP interface.
Note the addition of the ALIAS name.
Also new in V5R4 is the ability to prefer a specific line (via it’s associated physical IP)
Useful for example if you have a 1Gb line and a 100Mb line and wish to prefer the Gb line.
Note that MTU must match smallest of available lines.This is the Virtual Interface used
for highly available connections
TCP/IP configuration MITECH S06 23
Expand:Network,TCP/IP cfg,IPv4
Click on:Routes
Add new from left panel
Modify from right
Lists all IP Routes on the system, manual and learnedStatus and significant attributes.
TCP/IP configuration MITECH S06 24
Types of Routes
Host Routes (Consulted First)Specify a route to a specific Host
Network Routes (Consulted Second)Specify a route to a network of HostsRoutes to the local network are added automatically or you may enter your own (example next)Many of these can be addedDuplicates ARE allowed
Default Route (Consulted Last)Specify routers to be used when no Host or Network routes match
TCP/IP configuration MITECH S06 25
Showler Route PropertiesA route to the local networkKeys are:- Destination Network (ours)- Subnet Mask- Next hop (interface on this sys)
May not change active route
[Advanced Tab]Bind to the Next hop address
aboveRoute precedence must NOT be 5
You must create one of these for each interface connected to a network. Route precedence must match for all of them. (*!)
Schowler routes are used to loadBalance network connections
TCP/IP configuration MITECH S06 26
Expand:Network,TCP/IP cfg,IPv4
Right Click on:TCP/IP
Config.
Stop Options
Utilities
Either STOP option is fatal to your iNav connection!!Utilities are run from the iSeries. Good for testing connectivity.
TCP/IP configuration MITECH S06 27
TCP/IP Configuration Properties[Host Domain Information Tab]
Update the Host name for this server
Update the domain name
Enter up to three DNS servers
Additional domain suffixes may also beadded here. They aresearched in order
Advanced allows you tomodify connectivity optionsused to communicate withthe DNS Servers
TCP/IP configuration MITECH S06 28
TCP/IP ConfigurationHost Table
Updates the Host namestable:QUSRSYS/QATOCHOSTmember HOSTS
Up to four names per IPmay be entered.
This panel is used for both add andEdit.
TCP/IP configuration MITECH S06 29
Additional configuration
At this point we have configured each item needed for basic communication
The rest of the configuration will be items only or at least more easily configured from iNav
TCP/IP configuration MITECH S06 30
TCP/IP Configuration Properties[Servers to Start Tab]
This is the only place you can see all the TCP/IP Servers and display or change whether they should start when TCP/IP Starts.
You can also set this attribute individually from CHGxxxxxAcommands or from the individual servers properties in iNav
Note that SNMP is missing here and in iNav in general. Hmmm…
TCP/IP configuration MITECH S06 31
IPv4 Properties[General Tab]
General properties for IPv4
Defaults normally apply here!
Network file cache is used with HTTP to support FRCA (Fast Response Cache accelerator) This can dramatically speed web serving in many instances.
V5R2 Enhancement
TCP/IP configuration MITECH S06 32
IPv4 Properties[Transports Tab]
TCP/IP configuration MITECH S06 33
Shows connections to and from this system*EXCELLENT* for troubleshooting!
Remote addressand port Local
addressand port
Expand:Network,TCP/IP cfg,IPv4
Click on:Connections
F11 to subset the list. Very powerful selection
ConnectionState and timeSince last traffic
TrafficStatisticsInbound and outbound
TCP/IP configuration MITECH S06 34
This is the list of TCP/IP Servers included in i5/OSAll of them can be maintained from here
Expand:Network,Servers
Click on:TCP/IP
Right click on any for menu.
Note upper right corner shows time since refresh
TCP/IP configuration MITECH S06 35
DHCP- Dynamic Host Configuration Protocol
Grew from RARP and then BOOTPAll of these run on the wire protocol (ethernet, token-ring, Wireless, etc)Host sends a broadcast packet requesting IP information (Address, Mask, Gateway..)DHCP Server(s) respond with an offerHost acknowledges the best offer
RARP – Reverse Address Resolution ProtocolBOOTP – Bootstrap Protocol
TCP/IP configuration MITECH S06 36
DHCP - Server
Server is configured with information for each subnet it serves
Server tracks available addresses and active leases
Lease times are set to expire often enough so that DHCP changes are effective but not so short as to increase network traffic
TCP/IP configuration MITECH S06 37
DHCP server10.201.4.10
DHCP server10.194.5.10
Router withBOOTP relay
DHCP FlowHosts submits a DHCP request IP address discover messageBOOTP Forwarding routers pass these requests alongMore than one server may respondHost selects one address and replies to the serverServer commits the address and responds
TCP/IP configuration MITECH S06 38
DHCP Server configurationDynamic Host Configuration Protocol
This server will hand out the required pieces of information a host needs to communicate on the network
IP AddressSubnet MaskDomain NameDefault GatewayDNS Servers
Additionally it is told who is allowed to get what addresses.Generally a range of addresses is used for dynamic configuration and the rest are held for static use (Servers, Routers etc)Lease time is assigned.
Low lease times means higher traffic and load as well as the possibility that leases may expire while the DHCP server is down.Long lease times mean low traffic and load but changes in the DHCP server take a long time to replicate to the hosts in the network.
TCP/IP configuration MITECH S06 39
DHCP Server Configuration
All subnets, are listed here
Right click Global and select Properties.
Shown is [Leases] tab.
This sets the default time the address lease is valid for.
When this time is 50% used up the client will start attempting to renew the lease.
This gives a cushion for renewal
TCP/IP configuration MITECH S06 40
DHCP Server Configuration[Dynamic DNS] tab.
Updates are sent to the DNS Server when the lease is granted.
May update Forward (A) records, Reverse (PTR) records, or both and the domain name.
[Options tab] There are 80 options!
At the global level normally only the Domain Name and Domain name servers are specified
Others are specified at the subnet level
TCP/IP configuration MITECH S06 41
DHCP Server ConfigurationSubnet properties [Address Pool] tab.
Defines the addresses available to be leased to clients.
Can be done by range (as shown) or can be a subnet of a larger network.(i.e. 172.16.1.0/24 of the 172.16.0.0/16 network)
Sets the subnet mask for the range
Also addresses can be excluded for those times you find something that you don’t want to change unexpectedly.
TCP/IP configuration MITECH S06 42
DHCP Server ConfigurationSubnet properties [Options] tab.
In this space the options for the subnet are defined.
Options entered here override options entered at the global level.
Usually a subnet mask and Router are defined here.
MANY options can be specified but this is a basic configuration!
TCP/IP configuration MITECH S06 43
DNS – Domain Name System
Do you really want to know the numbers of every server you need to access? (Hint: NO!)We need a way to determine the address of www.arbsol.com www.ibm.comwww.common.org etc. DNS Correlates numbers with namesBased on Berkley Internet Names Domain (BIND)Hierarchical name system world wide
TCP/IP configuration MITECH S06 44
DNS Content
DNS Servers contain:IP Address to host name mappingTime to Live for that mappingMail server names for your domainDelegations for sub domains
When the server doesn’t know it checks upstream serversWhen they don’t know they go to the root servers to find out who to ask.
TCP/IP configuration MITECH S06 45
DNS Server configurationDomain Name System
This server translates Fully Qualified Domain Names (FQDN) to IPaddresses.
i.e. www.arbsol.com is 209.176.197.100Mail servers are assigned via MX (mail exchanger) records
i.e. arbsol.com has smtp1w.arbsol.com and smtp1s.arbsol.com as MX entries. These are prioritized and they are used from the top.
Addresses have limited life spans in outside caches. This is assigned by the DNS server as well.
Long lifetimes means lower internet use as addresses live in cachesShort lifetimes increases traffic as addresses age out of caches sooner, however changes propagate more quickly
DNS servers can work together and update each other in Primary/Secondary relationships. Advanced course: DNS Servers can be updated by DHCP servers as addresses are leased. This is Dynamic DNS (DDNS)
TCP/IP configuration MITECH S06 46
DNS Server Configuration
Shown are the domains defined in DNS that are either defined here (Primary) or mirrored here (Secondary)
To view contents of a domain, click on it.
i5/OS includes BIND version 8 which requires PASEV4Rx included BIND version 4. Migration is supported.
TCP/IP configuration MITECH S06 47
DNS Server Configuration
Shown are the hosts listed in the frankenseries.comdomain.
Below are the SOA (Start Of Authority) and DNS records for the domain
Right click on the domain for menu.
Select Properties for options.
The ‘New’ option is used to add hosts to the list
TCP/IP configuration MITECH S06 48
DNS Server Zone properties SOA record
Each zone must have an email address assigned.
Also the timeouts are defined here, setting these wrong can be very bad.
DO NOT USE the values here as these are WAY LOW. (This server is used for testing stuff!)
TCP/IP configuration MITECH S06 49
‘Generic’ server configuration
All servers on iSeries have SOME properties even if it’s just ‘Start at IPL’MANY servers have extensive configuration. We can’t POSSIBLY even touch them here.Peruse them to see what options are available.We will look at just one for ideas and a sample:That the Database server. This guy supports ODBC/JDBC and is often an issue for iSeries shops.
TCP/IP configuration MITECH S06 50
iSeries Access Servers
These are also TCP/IP but are iSeries defined.
Each has properties like the TCP/IP servers
Right click for menu
We’ll look at properties next.
TCP/IP configuration MITECH S06 51
Database Server PropertiesMost important configuration option here is to box certain users into other subsystems, thus increasing or decreasing resources for those users.
Once you have defined at least one the system adds <public> as the default.
Watch the Alternate Action!!
You may route individual or a range of IPs and you may only do this by IP.
YOU must still create the required subsystem and populate pre-start and routing entries to support these users.(Hint: Clone QUSRWRK!)
TCP/IP configuration MITECH S06 52
Summary
i5/OS TCP/IP Support is full and rich.
All pieces are included in i5/OS $free
Understanding your configuration and the system’s capabilities will help assure that you get the most from your system
Larry Bolhuis [email protected]
TCP/IP configuration MITECH S06 53
SummaryCommunications between hosts requires the ability to distinguishone from another and the IP Address does that.Hosts are grouped by network, typically a geographic or physicalconnection (i.e. Ethernet)The subnet mask defines how many of the 32 bits constitute the network portion of the address, the rest are the host portionRoutes are used (Coming up next) to communicate outside the local networkAddresses must be unique for every hostAssigning them is best left to DHCPNames are used whenever possible to mask the numbersMistakes will haunt you! Do your best.
Larry Bolhuis [email protected]