1. No category

(CIP) Configuration and Management Manual

HP NonStop Cluster I/O Protocols (CIP)
Configuration and Management Manual
HP Part Number: 541613-024
Published: March 2014
Edition: J06.05 and subsequent J-series RVUs; H06.16 and subsequent H-series RVUs
© Copyright 2008, 2009, 2010, 2011, 2012, 2013, and 2014 Hewlett-Packard Development Company, L.P.
Legal Notice
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor’s standard commercial license.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
Export of the information contained in this publication may require authorization from the U.S. Department of Commerce.
Microsoft, Windows, and Windows NT are U.S. registered trademarks of Microsoft Corporation.
Intel, Pentium, and Celeron are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Java is a U.S. trademark of Oracle and/or its affiliates.
Motif, OSF/1, UNIX, X/Open, and the "X" device are registered trademarks, and IT DialTone and The Open Group are trademarks of The Open
Group in the U.S. and other countries.
Open Software Foundation, OSF, the OSF logo, OSF/1, OSF/Motif, and Motif are trademarks of the Open Software Foundation, Inc. OSF MAKES
NO WARRANTY OF ANY KIND WITH REGARD TO THE OSF MATERIAL PROVIDED HEREIN, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. OSF shall not be liable for errors contained herein or for
incidental consequential damages in connection with the furnishing, performance, or use of this material.
© 1990, 1991, 1992, 1993 Open Software Foundation, Inc. The OSF documentation and the OSF software to which it relates are derived in part
from materials supplied by the following:© 1987, 1988, 1989 Carnegie-Mellon University. © 1989, 1990, 1991 Digital Equipment Corporation.
© 1985, 1988, 1989, 1990 Encore Computer Corporation. © 1988 Free Software Foundation, Inc. © 1987, 1988, 1989, 1990, 1991
Hewlett-Packard Company. © 1985, 1987, 1988, 1989, 1990, 1991, 1992 International Business Machines Corporation. © 1988, 1989
Massachusetts Institute of Technology. © 1988, 1989, 1990 Mentat Inc. © 1988 Microsoft Corporation. © 1987, 1988, 1989, 1990, 1991,
1992 SecureWare, Inc. © 1990, 1991 Siemens Nixdorf Informationssysteme AG. © 1986, 1989, 1996, 1997 Sun Microsystems, Inc. © 1989,
1990, 1991 Transarc Corporation.OSF software and documentation are based in part on the Fourth Berkeley Software Distribution under license
from The Regents of the University of California. OSF acknowledges the following individuals and institutions for their role in its development: Kenneth
C.R.C. Arnold, Gregory S. Couch, Conrad C. Huang, Ed James, Symmetric Computer Systems, Robert Elz. © 1980, 1981, 1982, 1983, 1985,
1986, 1987, 1988, 1989 Regents of the University of California.
Contents
About This Document...................................................................................13
Supported Release Version Updates (RVUs)................................................................................13
Intended Audience..................................................................................................................13
New and Changed Information................................................................................................13
New and Changed Information in the 541613-024 Edition.......................................................13
New and Changed information in the 541613-023 Edition.......................................................13
New and Changed Information in the 541613-022 Edition.......................................................14
New and Changed Information in Previous Editions................................................................15
Notation Conventions..............................................................................................................22
General Syntax Notation....................................................................................................22
Notation for Messages.......................................................................................................23
Related Information.................................................................................................................25
Related Documents.............................................................................................................25
Linux Man Page Documentation and Help.............................................................................25
Glossary...........................................................................................................................25
Publishing History...................................................................................................................25
HP Encourages Your Comments................................................................................................26
1 Overview................................................................................................27
Internet Protocol Version 6 (IPv6) Compliance.............................................................................27
CIP Hardware Overview..........................................................................................................27
CIP NonStop Host System Software Overview............................................................................28
NonStop Host System Management.....................................................................................28
CIP CLIM Software Overview...................................................................................................29
CLIM Management............................................................................................................29
Persistence........................................................................................................................31
The CIP Subsystem for Internet Protocols (IP CIP)..........................................................................31
IP Protocols.......................................................................................................................32
Telco Protocols...................................................................................................................32
Multiple CLIMs per Provider................................................................................................32
Multiple Providers per CLIM................................................................................................33
Using Multiple Providers.....................................................................................................34
Using Multiple SWAN Paths in a Single Provider...................................................................34
Using Multiple Listeners with Round Robin Sockets..................................................................34
Routing in the CIP Subsystem...............................................................................................34
Failover in the CIP Subsystem...............................................................................................36
Internet Protocol Security (IPSec)...........................................................................................48
Name Resolution...............................................................................................................50
SNMP Support..................................................................................................................51
IP CLIM............................................................................................................................51
CIP iptables/ip6tables Support (climiptables)........................................................................55
IB CLIM............................................................................................................................56
The CIP Subsystem for Storage I/O (Storage CIP) and the Storage Subsystem.................................57
Storage CLIM....................................................................................................................58
Subsystem ID and Product Numbers..........................................................................................59
Capacity and Resource Use.....................................................................................................60
Restrictions........................................................................................................................60
2 Quick Start..............................................................................................62
Default Processes and Naming Conventions...............................................................................62
Change the CLIM Passwords....................................................................................................64
Configure and Start CIP...........................................................................................................65
Contents
3
Configure the Eth1 Through Eth5 Interfaces (Does Not Apply to Storage CIP)..................................65
Configure CLIM-To-CLIM Failover (Applies to IP CIP Only, Not Storage CIP)....................................66
Check Network Applications (Does Not Apply to Storage CIP).....................................................68
3 CIP Configuration and Management...........................................................69
Using Linux Commands and Custom CIP Commands...................................................................69
Entering CIP Commands..........................................................................................................71
Errors...............................................................................................................................72
Configuring CIP......................................................................................................................72
On the NonStop Host System..............................................................................................72
On the CLIM.....................................................................................................................81
Policy Based Routing...............................................................................................................81
Troubleshooting Routing......................................................................................................85
Displaying the CIP Configuration..............................................................................................86
On the NonStop Host System..............................................................................................86
On the CLIM.....................................................................................................................86
Displaying Man Pages for CIP Commands.................................................................................93
Monitoring CIP.......................................................................................................................94
On the NonStop Host System..............................................................................................94
On the CLIM.....................................................................................................................94
Configuring Bonded Interface Failover (IP CIP)............................................................................94
Configuring CLIM-to-CLIM Failover (IP CIP).................................................................................95
Replicating the Configurations from One CLIM to Another CLIM....................................................99
Using the CLIMCMD /IN/ run-option...................................................................................99
Starting and Restarting CIP....................................................................................................100
Starting CIP on the NonStop Host System............................................................................100
Starting CIP on the CLIM...................................................................................................101
Starting the IP Applications (IP CIP Only).............................................................................101
Restarting CIP on the NonStop Host System.........................................................................102
Restarting CIP on the CLIM................................................................................................102
Controlling Interface States (IP CIP).........................................................................................102
Activating an Interface......................................................................................................102
Deactivating an Interface..................................................................................................103
Configuring IPSec (IP CIP)......................................................................................................104
Installing X.509 Certificates...............................................................................................104
Setting Up Links to the Certificate Revocation List (CRL) and to the Certificate Authority (CA).......105
Configuring Pre-Shared Keys.............................................................................................105
Configuring Security Policies..............................................................................................105
Configuring Security Associations.......................................................................................106
Configuring Remote Information.........................................................................................106
Controlling the Virtual Private Network (VPN)......................................................................107
Using IPSec.....................................................................................................................107
Configuring Transport of Authentication Events from CLIM..........................................................108
Checking the Status of the Collector $ZCLA ........................................................................108
Starting the Collector........................................................................................................108
Adding the Collector........................................................................................................108
Viewing the Events in the Collector $ZCLA..........................................................................108
Retrieving the Events from the $ZCLA by an Application........................................................109
Deleting the Collector.......................................................................................................109
Configuring CIP iptables/ip6tables (IP CIP)..............................................................................109
Configuring climiptables...................................................................................................109
Configuring iptables/ip6tables..........................................................................................110
Examples........................................................................................................................110
Configuring Stream Control Transmission Protocol (SCTP) (IP and Telco CIP).................................112
Round-Robin Filtering.............................................................................................................112
4
Contents
Logging Messages................................................................................................................113
Configuring IPv6 (IP CIP).......................................................................................................113
Running Applications in Multiple Environments (IP CIP)..............................................................113
Managing the Configuration Preservation................................................................................113
Managing the Configuration Database on the NonStop Host System......................................114
Managing Persistence on the NonStop Host System..............................................................114
Managing the CLIM Configuration Preservation...................................................................114
Planning for Coexistence With Conventional TCP/IP (IP CIP Only)...............................................116
Stopping CIP........................................................................................................................116
Preparing to Stop the CIP Subsystem...................................................................................116
Stopping CIP...................................................................................................................118
Monitoring the Network (IP CIP).............................................................................................119
Testing Access to Internet Network Hosts by Using the Ping Command (IP CIP)..............................119
Displaying a Datagram’s Route to a Network Host by Using Traceroute...................................119
Event Management System (EMS) Messages........................................................................119
Troubleshooting Tools and Tips...............................................................................................119
CLIMCMD clim Command................................................................................................120
Event Logging..................................................................................................................121
Detecting Duplicate IP Addresses.......................................................................................122
Displaying Link Speed......................................................................................................122
Verifying the lunmgr Configuration of Two Storage CLIMs......................................................122
Tip: Finding an Available UDP Port (IP CIP Only)..................................................................125
CLIM and Host Incompatibility...........................................................................................125
Troubleshooting Network Applications Using Tcpdump.........................................................126
Mapping CLIM Name......................................................................................................128
Setting Up Multiple Providers per CLIM....................................................................................129
Enabling the MULTIPROV Attribute......................................................................................129
Disabling the MULTIPROV Attribute.....................................................................................130
Changing Providers, Adding and Starting a CLIM (IP and Telco Only).........................................130
CLIMs with MULTIPROV OFF..............................................................................................130
CLIMs with MULTIPROV ON..............................................................................................131
4 Upgrading CIP.......................................................................................133
Performing an Online Upgrade of the CIP Subsystem on the NonStop Host..................................133
Replace CIPMON (Only)..................................................................................................133
Replace CIPMAN (Only)...................................................................................................134
Replace CIPMAN and CIPMON Simultaneously..................................................................134
Replace CIPSAM.............................................................................................................135
Upgrading CLIM Software and Firmware.................................................................................135
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic................136
Upgrading CLIM Software with the System Running..............................................................136
Upgrading CLIM Firmware with the System Running..............................................................150
Upgrading Multiple CLIMs in Parallel..................................................................................160
Upgrading Multiple CLIMs of Different Types.......................................................................165
Upgrading CLIM Software or Firmware While the System is Down .............................................165
Overview of Optimized CLIM Software and Firmware Update Procedure.................................166
Prepare CLIMs for Down System Firmware Update................................................................166
Halt the Processors...........................................................................................................166
Update CLIM Software on a Down System..........................................................................166
Update CLIM Firmware on a Down System..........................................................................167
Load the System...............................................................................................................168
Falling Back to Conventional TCP/IP or NonStop TCP/IPv6........................................................168
Falling Back to Conventional TCP/IP or NonStop TCP/IPv6...................................................168
Falling Back to Previous RVUs that Support the Multiple Providers per CLIM Feature.......................169
Falling Back to a Previous CLIM Version...................................................................................169
Contents
5
5 LUN Manager for Storage CIP.................................................................170
Lunmgr Commands...............................................................................................................170
approve Command..........................................................................................................170
Binaryfind Command.......................................................................................................170
Clear Command..............................................................................................................170
Delete Command.............................................................................................................170
Enclosures Command.......................................................................................................171
Find Command................................................................................................................171
Help Command...............................................................................................................171
Led Command.................................................................................................................171
Print Command................................................................................................................172
Renumber Command........................................................................................................172
Scan Command...............................................................................................................172
Startover Command.........................................................................................................172
Unblock Command..........................................................................................................172
Update Command...........................................................................................................172
WWNs Command..........................................................................................................173
6 IP CIP Migration, Compatibility and Operational Differences........................174
Summary of High-Level Differences Between Previous TCP/IP Subsystems and CIP.........................174
Operational Differences Between Previous TCP/IP Subsystems and CIP........................................175
SLSA Subsystem...............................................................................................................181
Network Partitioning Differences........................................................................................182
Routing Differences..........................................................................................................182
Failover Differences (Fault Tolerance)..................................................................................183
Differences That Affect Planning for CLIMs Instead of G4SAs.................................................183
IPv6 Differences...............................................................................................................183
Fault Tolerant Sockets.......................................................................................................183
Remote Sockets................................................................................................................184
New Error Codes when Using IPSec...................................................................................184
Avoiding Interfaces With Link Pulse Down...........................................................................184
Error on Sockets When CIPSAM Process Aborts...................................................................186
Connecting to Non-Loopback Address after Binding to Loopback...........................................186
CIPSAM Commands.........................................................................................................186
Configuring SWAN Adapters on a CLIM............................................................................187
Application Programming Differences Between NonStop TCP/IPv6 and CIP.................................188
Suppressing Compatibility Errors........................................................................................188
Bind to INADDR_ANY and a Specific Address on the Same Interface.....................................188
Changing Destination of a Connected UDP Socket...............................................................189
Multicast Bind and Set or Join on Separate Interfaces...........................................................189
Multicast Loopback..........................................................................................................189
Receiving Broadcasts on Specific Addresses........................................................................189
Error after UDP Send to Unreachable Port...........................................................................189
Conversion of Limited Broadcast to Subnet-Directed Broadcast...............................................190
Binding to a Recently Used Address and Port.......................................................................190
Round-Robin Socket Support Considerations........................................................................190
Socket IOCTL Differences..................................................................................................190
Socket Options................................................................................................................191
TCP/IP Attributes in CIP.........................................................................................................193
NonStop TCP/IPv6 Attributes and Their CIP Equivalents........................................................194
Attribute Default Values and Ranges...................................................................................199
NonStop TCP/IPv6 Attributes Not Supported.......................................................................201
How to Migrate From NonStop TCP/IP or NonStop TCP/IPv6 to CIP...........................................203
Migrate the Environment...................................................................................................203
6
Contents
7 Storage CIP Migration, Compatibility and Operational Differences...............204
8 Collecting Data for CLIM Issues................................................................206
Create CLIM Debug Information.............................................................................................206
CLIM Log Files......................................................................................................................206
Collecting CLIM Log Files using CLIMDBUG.............................................................................206
OSM Event Viewer Log for CIP Event 5231..........................................................................209
Copying CLIM Debug Information to NonStop..........................................................................209
Collecting iLO and IML Logs...................................................................................................211
Collecting lunmgr Information.................................................................................................213
Collecting EMS Logs.............................................................................................................213
Collecting SCF Information.....................................................................................................213
Collecting Network Information..............................................................................................214
Collecting SSH Information....................................................................................................214
Collecting IB Network Status..................................................................................................214
9 Telco CIP Migration, Compatibility and Operational Differences...................215
10 SCF Reference for CIP...........................................................................216
SCF for Cluster I/O Protocols.................................................................................................216
SCF Commands for CIPMAN Compared to SCF Commands for CIPSAM.....................................216
Object Types........................................................................................................................217
CIPMAN PROCESS Object................................................................................................218
CIPSAM Object...............................................................................................................219
MON Object..................................................................................................................219
CLIM Object...................................................................................................................219
PROVIDER Object............................................................................................................219
ROUTE Object.................................................................................................................220
SUBNET Object...............................................................................................................220
Naming Convention Summary................................................................................................220
Wildcard Support.................................................................................................................221
Abbreviations.......................................................................................................................221
Summary States....................................................................................................................222
Sensitive and Nonsensitive Commands....................................................................................223
SCF HELP Facility..................................................................................................................223
LISTDEV CIP and LISTDEV TCPIP..............................................................................................224
CIPMAN SCF Commands......................................................................................................224
ABORT Commands..........................................................................................................224
ADD Commands..............................................................................................................226
ALTER Command.............................................................................................................231
DELETE Commands..........................................................................................................233
INFO Commands............................................................................................................235
LISTOPENS Commands.....................................................................................................243
NAMES Commands.........................................................................................................248
PRIMARY Command.........................................................................................................251
START Commands............................................................................................................251
STATS Commands............................................................................................................252
STATUS Commands..........................................................................................................257
STOP Commands.............................................................................................................272
SWITCH CLIM.................................................................................................................273
TRACE Commands...........................................................................................................275
VERSION Commands.......................................................................................................279
CIPSAM SCF Commands.......................................................................................................281
ABORT Command, CIPSAM..............................................................................................281
INFO Commands, CIPSAM...............................................................................................281
NAMES SUBNET, CIPSAM................................................................................................286
Contents
7
PRIMARY Command, CIPSAM...........................................................................................287
STATUS Command, CIPSAM..............................................................................................287
STOP Command, CIPSAM.................................................................................................288
TRACE Command, CIPSAM...............................................................................................288
VERSION Command, CIPSAM...........................................................................................289
11 CLIMCMD and CLIMCMD climconfig Commands (Man Pages)...................290
1 Standalone Commands (Man Pages)........................................................291
clim(1).................................................................................................................................292
climstatus(1).........................................................................................................................294
ifstart(1)...............................................................................................................................296
ifstop(1)...............................................................................................................................297
prov(1p)..............................................................................................................................298
psclim(1)..............................................................................................................................300
2 Climconfig (Man Pages)..........................................................................301
climconfig(1)........................................................................................................................302
climconfig.all(1)....................................................................................................................303
climconfig.arp(1)...................................................................................................................304
climconfig.bondmode(1)........................................................................................................306
climconfig.climiptables(1).......................................................................................................308
climconfig.failover(1).............................................................................................................310
climconfig.hostname(1)..........................................................................................................313
climconfig.interface(1)............................................................................................................314
climconfig.ip(1).....................................................................................................................321
climconfig.ip6tables(1)...........................................................................................................324
climconfig.iptables(1).............................................................................................................336
climconfig.prov(1).................................................................................................................347
climconfig.psk(1)...................................................................................................................349
climconfig.remote(1)..............................................................................................................351
climconfig.route(1).................................................................................................................356
climconfig.sa(1)....................................................................................................................362
climconfig.slaveinterface(1).....................................................................................................368
climconfig.snmp(1)................................................................................................................370
climconfig.sp(1)....................................................................................................................372
climconfig.sysctl(1).................................................................................................................376
climconfig.tunnel(1)...............................................................................................................378
climconfig.vpn(1)..................................................................................................................381
A SCF Error Messages...............................................................................383
B Fault Codes...........................................................................................401
Index.......................................................................................................416
8
Contents
Figures
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
OSM Service Connection displays for CIP...........................................................................31
Distribution of Functionality in the CIP Subsystem..................................................................32
Multiple CLIMs per Provider, Example Configuration.............................................................33
Multiple Providers per CLIM, Example Configuration.............................................................34
Intra-CLIM Interface Failover..............................................................................................37
CLIM-to-CLIM Failover, Single Interface...............................................................................38
Full CLIM Failover............................................................................................................39
DL385 G2 or G5 IP CLIM Interfaces, Five Copper Interfaces..................................................52
DL380 G6 IP CLIM, Five Copper Interfaces.........................................................................52
DL385 G2 or G5 IP CLIM Interfaces, Three Copper, Two Fiber Channel Interfaces....................53
DL380 G6 IP CLIM Three Copper, Two Fiber Interfaces.........................................................53
DL380p Gen8 IP CLIM 1 Interfaces — Five Copper Ethernet Interfaces....................................54
DL380p Gen8 IP CLIM and Telco CLIM Interfaces, Option 2 Three Copper, Two Optical
Interfaces........................................................................................................................55
DL 380 G6 IB CLIM 2 InfiniBand Interfaces, Three Copper Ethernet Ports................................56
DL385 G2 or G5 Storage CLIM Interfaces..........................................................................58
DL380 G6 Storage CLIM Interfaces....................................................................................58
DL380p Gen8 Storage CLIM Interfaces...............................................................................59
Bound Socket Problem Configuration Without Policy Based Routing........................................82
Bound Socket Problem Configuration With Policy Based Routing.............................................83
Server Socket Problem Configuration Without Policy Based Routing........................................84
Server Socket Problem Configuration With Policy Based Routing.............................................85
Configuration State..........................................................................................................98
Configuration State..........................................................................................................99
Two Interfaces Connected To The Same Subnet..................................................................185
Two CLIMs Connected to the Same Subnet........................................................................186
CIP SCF Object Hierarchy...............................................................................................218
Tables
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Interface Resource Failover Behavior...................................................................................40
Interface Type for Failover Behavior....................................................................................42
CLIM-to-CLIM Failover.......................................................................................................43
CLIM and Attached Storage Device Default Naming Conventions...........................................62
Sample Safe Linux Commands...........................................................................................69
Custom CIP Commands....................................................................................................71
Sample CLIM upgrade form, all types...............................................................................138
Sample populated Storage CLIM upgrade form..................................................................141
Sample populated IP CLIM upgrade form..........................................................................144
Sample populated Telco CLIM upgrade form.....................................................................146
Firmware Update Time Estimates and Calculation Form.......................................................154
Sample populated Storage CLIM group upgrade form........................................................161
Sample populated IP CLIM group upgrade form.................................................................164
Sample populated Telco CLIM group upgrade form............................................................164
Sample populated IP CLIM group upgrade form.................................................................165
High-Level Differences Between Conventional TCP/IP, Parallel Library TCP/IP, NonStop TCP/IPv6,
and CIP........................................................................................................................174
Subsystem Task Comparison............................................................................................176
Differences in Socket Options Defaults..............................................................................193
TCP/IP Attribute Default Values and Ranges.......................................................................199
20
21
22
23
24
25
26
27
28
29
30
TCP/IP Attributes, CIP Equivalents, and their CIP Default Values and Ranges..........................200
IOAM and CLIM Based Operations Comparison................................................................204
CLIM Based Operations Information.................................................................................205
IOAM and Telco CLIM Based Operations Comparison........................................................215
Commands and Object Types for CIPMAN........................................................................217
Commands and Object Types for CIPSAM.........................................................................217
Object Naming Convention Summary and Reserved Names ...............................................220
Command and Object Type Abbreviations........................................................................222
Object Summary States .................................................................................................222
Object State Descriptions................................................................................................222
Sensitive and Nonsensitive SCF Commands.......................................................................223
Examples
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Configure Failover for the CLIMs........................................................................................66
Climstatus Command ServerNet Status Information, IP and Telco CLIM....................................87
Climstatus Command ServerNet Status Information, Storage CLIM..........................................88
Climstatus Command Ethernet LAN Status (IP and Telco CLIM)...............................................88
Climstatus Command IP Routing Table Information (IP and Telco CLIM) (J06.10/H06.21 and
later RVUs)......................................................................................................................89
Climstatus Command IP Routing Table Information (IP and Telco CLIM) (RVUs prior to
J06.10/H06.21...............................................................................................................90
Climstatus Command Hard Disk Space Usage.....................................................................91
Climstatus Command Failover Configuration (IP CIP).............................................................91
Climstatus Command IPSec Configuration (IP and Telco CLIM)...............................................91
Climstatus Command SNMP Information.............................................................................92
Climstatus Command CLIM Configuration...........................................................................92
psclim Command.............................................................................................................93
CLIM-to-CLIM Failover (IP CIP)............................................................................................95
Ethtool Link Speed Display..............................................................................................122
Using tcpdump..............................................................................................................126
Enabling MULTIPROV.....................................................................................................129
Disabling MULTIPROV.....................................................................................................130
Changing Providers........................................................................................................131
Changing Providers or Adding New Providers...................................................................131
Collect Debug Data From Single CLIM..............................................................................208
Collect Debug Data From Multiple CLIMs..........................................................................208
Using Help to Obtain Information About an Error...............................................................223
ABORT CLIM.................................................................................................................224
ABORT MON................................................................................................................225
ABORT PROCESS...........................................................................................................226
ABORT PROVIDER..........................................................................................................226
ADD IP CLIM.................................................................................................................228
ADD Storage CLIM........................................................................................................228
ADD PROVIDER.............................................................................................................230
ADD ROUTE.................................................................................................................231
ALTER CLIM With MULTIPROV ON...................................................................................232
ALTER PROVIDER...........................................................................................................233
DELETE CLIM.................................................................................................................233
DELETE PROVIDER..........................................................................................................234
DELETE ROUTE..............................................................................................................235
INFO CLIM With Summary Display, NonStop NS16000 Series Server..................................235
INFO CLIM, Summary....................................................................................................236
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
INFO CLIM, Detailed, IP CLIM.........................................................................................236
INFO CLIM Detailed, Telco CLIM, OPEN MODE................................................................237
INFO CLIM Detailed, Storage..........................................................................................238
INFO CLIM With OBEYFORM Display..............................................................................238
INFO PROCESS Summary...............................................................................................238
INFO PROVIDER Summary Display..................................................................................239
INFO PROVIDER With Detailed Display............................................................................239
INFO PROVIDER (Maintenance) Detailed..........................................................................241
INFO PROVIDER (Maintenance) With OBEYFORM.............................................................241
INFO PROVIDER (IPDATA) With OBEYFORM.....................................................................242
INFO PROVIDER (ZTCO) With OBEYFORM.......................................................................242
INFO ROUTE Summary..................................................................................................242
INFO ROUTE With OBEYFORM......................................................................................243
LISTOPENS MON Summary............................................................................................243
LISTOPENS MON Detailed.............................................................................................244
LISTOPENS PROVIDER Summary......................................................................................246
LISTOPENS PROVIDER Detailed.......................................................................................246
NAMES $ZZCIP............................................................................................................249
NAMES CLIM................................................................................................................249
NAMES MON..............................................................................................................249
NAMES PROCESS.........................................................................................................250
NAMES PROVIDER........................................................................................................250
NAMES ROUTE.............................................................................................................251
PRIMARY PROCESS........................................................................................................251
START CLIM..................................................................................................................252
START PROCESS............................................................................................................252
START PROVIDER...........................................................................................................252
STATS CLIM...................................................................................................................253
STATS MON.................................................................................................................255
STATUS CLIM Summary..................................................................................................257
STATUS CLIM Detailed....................................................................................................258
STATUS CLIM Detailed....................................................................................................258
STATUS CLIM, Starting....................................................................................................264
STATUS CLIM, Detailed, Storage CLIM..............................................................................264
STATUS MON Summary.................................................................................................265
STATUS MON Detailed...................................................................................................266
STATUS PROCESS Summary............................................................................................266
STATUS PROCESS Detailed.............................................................................................267
STATUS PROVIDER Summary...........................................................................................267
STATUS PROVIDER Detail................................................................................................268
STATUS Maintenance PROVIDER Detail.............................................................................270
STATUS PROVIDER Route.................................................................................................271
STOP CLIM...................................................................................................................272
STOP MON..................................................................................................................272
STOP PROCESS.............................................................................................................273
STOP PROVIDER............................................................................................................273
SWITCH CLIM...............................................................................................................274
SWITCH CLIM RESTORE.................................................................................................274
TRACE CLIM.................................................................................................................277
TRACE MON................................................................................................................277
TRACE PROCESS...........................................................................................................278
TRACE PROVIDER..........................................................................................................279
VERSION CLIM Summary, IP...........................................................................................279
VERSION CLIM Detailed, IP............................................................................................280
VERSION MON Summary..............................................................................................280
93
94
95
96
97
98
99
100
101
102
103
104
105
VERSION MON Detailed................................................................................................281
VERSION PROCESS.......................................................................................................281
ABORT PROCESS...........................................................................................................281
INFO PROCESS (CIPSAM) Summary................................................................................282
INFO PROCESS (CIPSAM) Detailed..................................................................................282
INFO SUBNET (CIPSAM)................................................................................................285
INFO SUBNET Detailed..................................................................................................286
NAMES SUBNET (CIPSAM).............................................................................................286
PRIMARY PROCESS (CIPSAM).........................................................................................287
STATUS SUBNET (CIPSAM)..............................................................................................287
STOP PROCESS (CIPSAM)...............................................................................................288
TRACE PROCESS (CIPSAM).............................................................................................289
VERSION PROCESS.......................................................................................................289
About This Document
This manual provides overview information about the HP NonStopTM™ Cluster I/O Protocols (CIP)
subsystem as well as procedures for configuring, managing, and migrating to CIP.
Supported Release Version Updates (RVUs)
This manual supports J06.05 and H06.16 and subsequent J-series and H-series RVUs until otherwise
indicated in a replacement publication.
Intended Audience
This manual is intended for network and storage administrators who need procedures for installing
and managing the CIP subsystem on an HP Integrity NonStop system; system planners and other
decision makers can also use this manual to study the CIP product and the migration requirements
for using CIP.
New and Changed Information
New and Changed Information in the 541613-024 Edition
•
In Chapter 1, updated “Using Multiple SWAN Paths in a Single Provider” with details about
configuration under “Using Multiple Providers” (page 34).
•
In Chapter 3, corrected syntax in “Adding the Collector” under “Configuring Transport of
Authentication Events from CLIM” (page 108).
•
In Chapter 3, updated “climbkup and climrstr Considerations” (page 115) with additional
information.
•
In Chapter 4, updated “Estimating Time for CLIM Firmware Updates” (page 154) and
“Performing CLIM Firmware Updates with the System Running” (page 155) to clarify steps.
New and Changed information in the 541613-023 Edition
•
Corrected Figure 12: DL380p Gen8 IP CLIM 1 Interfaces — Five Copper Ethernet Interfaces
(page 54).
•
Updated climconfig.interface(1) with clearer syntax diagram.
Supported Release Version Updates (RVUs)
13
New and Changed Information in the 541613-022 Edition
Authentication Events
These are the updates associated with Authentication Events, effective with the H06.27/J06.16
RVU:
•
In Chapter 3, added new section “Configuring Transport of Authentication Events from CLIM”
(page 108).
IPSec Changes
•
In Chapter 1, added resources to table, “Interface Resource Failover Behavior” (page 40).
•
In Chapter 3, changed “climconfig tool” to “climconfig command tool” under “IPSec
Configuration” (page 48), “Configuration Changes” (page 48) and “Internet Protocol Security
(IPSec)” (page 48).
•
In Chapter 3, made additions and changes to these subsections:
◦
“Internet Protocol Security (IPSec)” (page 48)
◦
“IPSec Related Files” (page 49)
◦
“IPSec Configuration Files” (page 49)
◦
“Configuring IPSec (IP CIP)” (page 104)
◦
“Configuring Pre-Shared Keys” (page 105)
◦
“Configuring Security Policies” (page 105)
◦
“Configuring Security Associations” (page 106)
◦
“Configuring Remote Information” (page 106)
◦
“Using IPSec” (page 107)
Other Changes
•
14
In Chapter 3:
◦
Added information about the ifstop command in “Deactivating an Interface” (page 103).
◦
Added information to hplog under “Sample Safe Linux Commands” (page 69).
◦
Updated “Replicating the Configurations from One CLIM to Another CLIM” (page 99)
with corrected steps.
◦
Added information to “climbkup and climrstr Considerations” (page 115).
•
In Chapter 4 under “Performing CLIM Firmware Updates with the System Running” (page 155),
Step 9 now indicates that you need to do a power cycle to complete the firmware update.
•
In Chapter 10, made modifications to “TRACE PROVIDER” (page 278) description.
•
Added a command to the considerations list (prov(1p)) of the –prov standalone command.
New and Changed Information in Previous Editions
Changes to 541613-021 include:
DL380p Gen8 CLIMs
These are the updates associated with DL380p Gen8 CLIMs, which are effective with the
H06.26/J06.15 RVU:
•
In Chapter 1 under “CLIMCMD Tool” (page 29), added Note and Example showing how to
set the TACL parameter SUPPRESSCLIENTBANNER to display the SSH Client banner.
•
In Chapter 1 under “Integrated Lights Out (iLO)” (page 30), changed iLO 2 designation to
iLO to include all iLO versions.
•
In Chapter 1 under “IP CLIM” (page 51), added Figure 12: “DL380p Gen8 IP CLIM 1 Interfaces
— Five Copper Ethernet Interfaces” (page 54) and Figure 13: “ DL380p Gen8 IP CLIM and
Telco CLIM Interfaces, Option 2 Three Copper, Two Optical Interfaces” (page 55) showing
diagrams and descriptions of ports used.
•
In Chapter 1 under “Storage CLIM” (page 58), added Figure 17: “DL380p Gen8 Storage
CLIM Interfaces” (page 59) showing diagrams and descriptions of the Gen8 Storage CLIM
Interfaces.
Changed port numbering under all figures for consistency.
•
In Chapter 8 under “Collecting iLO and IML Logs” (page 211), updated screens and steps to
show the latest version of iLO.
Sustaining Changes
•
In Chpater 3 under “climbkup and climrstr Considerations” (page 115), added a note
indicating that a CLIM configured with T0853H01^ACB or later cannot be restored with a
pre- T0853H01^ACB backup. CLIMRSTR exits with errors if an incompatible backup file is
specified.
•
Added a note to the -peer_idvalue field under climconfig.remote(1) to indicate that the entire
pathname has to be specified for idvalue type file.
Changes to 541613–020 include:
Multiple Providers per CLIM
Effective with the H06.25/J06.14 RVU, a CLIM can be associated with multiple data providers
simultaneously. These are the updates associated with the Multiple Providers per CLIM functionality:
•
In Chapter 1, added section, “Multiple Providers per CLIM” (page 33) and modified sections
“Multiple CLIMs per Provider” (page 32) and “Using Multiple Providers” (page 34).
•
In Chapter 1, added information on how multiple providers affect routing to “Routing in the
CIP Subsystem” (page 34).
•
In Chapter 1, added information to “CIP iptables/ip6tables Support (climiptables)” (page 55)
to indicate that there is a separate configuration for each provider if MULTIPROV is ON.
•
In Chapter 2, added MULTIPROV option to “Configure and Start CIP” (page 65) and “Configure
CLIM-To-CLIM Failover (Applies to IP CIP Only, Not Storage CIP)” (page 66).
•
In Chapter 3, added a note on network-sensitive commands under “Using Linux Commands
and Custom CIP Commands” (page 69).
•
In Chapter 3, updated syntax under “Entering CIP Commands” (page 71). Updated text for
MULTIPROV and added text that climconfig never requires the provider option to CLIMCMD.
•
In Chapter 3 under “Policy Based Routing” (page 81), indicated that policy based routing
applies to all providers on the CLIM if the MULTIPROV ON option is used.
New and Changed Information
15
16
•
In Chapter 3 under “On the CLIM” (page 86), indicated that the provider option must be used
for CLIMs using the MULTIPROV ON option.
•
In Chapter 3, changed examples under:
◦
“Ethernet LAN Status” (page 88)
◦
“Kernel Routing Table Information” (page 89)
◦
“Hard Disk Space Usage” (page 91)
◦
“IPSec Configuration” (page 91)
•
In Chapter 3, deleted obsolete information from Example 13: “CLIM-to-CLIM Failover (IP CIP)”
(page 95).
•
In Chapter 3 under “Running tcpdump” (page 126), added example for CLIMs with MULTIPROV
ON.
•
In Chapter 3 under “Configuring CLIM-to-CLIM Failover (IP CIP)” (page 95), added reference
to section describing configuring CLIMs with MULTIPROV ON.
•
In Chapter 3 under “Configuring Pre-Shared Keys” (page 105), indicated that each provider
under MULTIPROV ON has its own pre-shared keys.
•
In Chapter 3 under “Configuring Security Policies” (page 105), indicated that each provider
under MULTIPROV ON has its own security policy configuration.
•
In Chapter 3 under “Configuring Security Associations” (page 106), indicated that each provider
under MULTIPROV ON has its own security association configuration.
•
In Chapter 3 under “Configuring Remote Information” (page 106), indicated that each provider
under MULTIPROV ON has its own remote configuration.
•
In Chapter 3 under “Using IPSec” (page 107), indicated that the example assumes MULTIPROV
is OFF.
•
In Chapter 3 under “Configuring climiptables” (page 109), changed syntax to include -prov
prov-name option.
•
In Chapter 3 under “Configuring iptables/ip6tables” (page 110), described the -prov
prov-name option.
•
In Chapter 3, added note under “Displaying a Datagram’s Route to a Network Host by Using
Traceroute” (page 119) and “Troubleshooting Network Applications Using Tcpdump” (page 126)
for CLIMs with the MULTIPROV attribute set to ON.
•
In Chapter 3, added new section, “Setting Up Multiple Providers per CLIM” (page 129).
•
In Chapter 3, revised section, “Changing Providers, Adding and Starting a CLIM (IP and Telco
Only)” (page 130).
•
In Chapter 4, added new section, “Falling Back to Previous RVUs that Support the Multiple
Providers per CLIM Feature” (page 169).
•
In Chapter 6 under “Network Partitioning Differences” (page 182), added information on the
MULTIPROV option.
•
In Chapter 6, changed table under “NonStop TCP/IPv6 Attributes and Their CIP Equivalents”
(page 194) to support the MULTIPROV option.
•
In Chapter 10 under “LISTOPENS PROVIDER” (page 245), added the MULTIPROV option to
the syntax.
•
In Chapter 10, made changes to several commands to support Multiple Providers per CLIM:
◦
“ADD CLIM” (page 226): Added the new MULTIPROV option and changed the PROVIDER
option. Added a new section, ADD CLIM Guidelines.
◦
“ADD PROVIDER” (page 228): Modified the character length under prov-name to seven
characters.
◦
“ADD ROUTE” (page 230): Changed the CLIM clim-name option to add the MULTIPROV
option.
◦
“ALTER CLIM” (page 231): Added this new ALTER command, along with syntax, field
descriptions, and guidelines, to add the MULTIPROV option.
◦
“ALTER PROVIDER” (page 232): Added prov-name and changed the ALTER PROVIDER
Guidelines.
◦
“INFO CLIM” (page 235): Updated the examples and field descriptions to support the
MULTIPROV functionality.
◦
“INFO PROVIDER” (page 238): Updated the example and field descriptions to support
the MULTIPROV functionality.
◦
“NAMES PROCESS” (page 249): Updated the example to support the MULTIPROV
functionality.
◦
“STATUS CLIM” (page 257): Updated the example and field descriptions to support the
MULTIPROV functionality.
◦
“SWITCH CLIM” (page 273): Updated the syntax and field descriptions to add the
PROVIDER option.
New and Changed Information
17
Man Page Updates for Multiple Providers per CLIM
•
Modified the following man pages under Climconfig (Man Pages) to support Multiple Providers
per CLIM:
◦
climconfig.all(1)
◦
climconfig.arp(1)
◦
climconfig.bondmode(1)
◦
climconfig(1)
◦
climconfig.climiptables(1)
◦
climconfig.interface(1)
◦
climconfig.ip6tables(1)
◦
climconfig.iptables(1)
◦
climconfig.prov(1)
◦
prov(1p)
◦
climconfig.psk(1)
◦
climconfig.remote(1)
◦
climconfig.route(1)
◦
climconfig.sa(1)
◦
climconfig.sp(1)
◦
climconfig.sysctl(1)
◦
climconfig.tunnel(1)
◦
climconfig.vpn(1)
Sustaining Changes
18
•
In Chapter 1, added a note and caution and modified other information under “IPSec
Configuration Files” (page 49).
•
In Chapter 1, modified information under “Restrictions” (page 60).
•
In Chapter 3, modified section “Displaying Man Pages for CIP Commands” (page 93)
•
In Chapter 3 under “Displaying Man Pages for CIP Commands” (page 93), modified syntax
and pointed to man page chapter. Eliminated references to “help” for Linux commands since
they use man commands, rather than help commends.
•
In Chapter 3 under “Installing X.509 Certificates” (page 104) indicated that while there are
independent IPSec configurations for each provider, they all look for certificates from this
common directory (/etc/racoon/certs).
•
In Chapter 4, added steps under “Replace CIPMON (Only)” (page 133).
•
In Chapter 4 under “Performing an Online Upgrade of the CIP Subsystem on the NonStop
Host” (page 133), modified the note concerning which RVUs are supported.
•
In Chapter 4, added new section, “Replace CIPMAN and CIPMON Simultaneously” (page 134).
•
In Chapter 4, added bullet to the Caution under “Upgrading CLIM Software and Firmware”
(page 135).
•
In Chapter 4, changed information under “Preparing to Update CLIM Firmware with the System
Running” (page 150) and “Firmware Update Time Estimates and Calculation Form” (page 154).
•
In Chapter 4, revised section “Upgrading CLIM Software or Firmware While the System is
Down ” (page 165).
•
In Chapter 6, rewrote section “Network Partitioning Differences” (page 182).
•
In Chapter 10 under “LISTOPENS PROVIDER” (page 245), added steps to the RecvQ fields.
•
Added a new section for standalone man pages: “Standalone Commands (Man Pages)”
(page 291).
•
Additional man pages descriptions are now included for clim(1), climstatus(1), ifstart(1),
ifstop(1), prov(1p), psclim(1) in a new section of this manual, “Standalone Commands (Man
Pages)” (page 291).
•
Corrected first example under climconfig.failover(1).
•
Added note to climconfig.remote(1).
Changes to 541613–019 include:
IP Tables Enhancement
IP Tables updates include:
•
In Chapter 1, added subsection, “CIP iptables/ip6tables Support (climiptables)” (page 55).
•
In Chapter 3, added information about IP Tables under “Displaying CLIM Status Information
With climstatus” (page 87):
•
•
•
◦
Added option t, climiptables config information, to the table.
◦
Referred to two examples under “IP Tables Status” (page 89).
In Chapter 3, added a new section, “Configuring CIP iptables/ip6tables (IP CIP)” (page 109),
with two subsections:
◦
“Configuring climiptables” (page 109)
◦
“Configuring iptables/ip6tables” (page 110)
In Chapter 8 under “Collecting CLIM Log Files using CLIMDBUG” (page 206) added statement:
Effective with the J06.13/H06.24 RVU, CLIMDBUG also collects the following information:
◦
SCF configuration details of CIP subsystem
◦
SSH configuration details
◦
EMS logs
◦
SSH logs
◦
NSK Software Configuration file
Added and changed man pages in “Climconfig (Man Pages)” (page 301):
◦
Updated climconfig(1)
◦
Added new man page, climconfig.climiptables(1).
New and Changed Information
19
◦
Added new man page, climconfig.iptables(1).
◦
Added new man page, climconfig.ip6tables(1).
•
For the failover command, climconfig.failover(1), updated error message to read: “Invalid
destination interface, it should be one of the eth[1-n], bond[0-n] or ib[0-n].”
•
For the interface command, climconfig.interface(1), updated the -mtu parameter and error
messages to indicate no support for InfiniBand.
•
For the sp command, climconfig.sp(1), added consideration for sp –add stating: “The
parameters protocol, mode and level are required and valid if and only if the parameter
specified for policy is ipsec.”
TCPTIMEWAIT Parameter
For the TCPTIMEWAIT parameter:
•
Added text to TCPTIMEWAIT in the table under “NonStop TCP/IPv6 Attributes and Their CIP
Equivalents” (page 194).
•
Added text to the “TCPTIMEWAIT” (page 198) subsection.
Src Parameter
-src option updates include:
•
Added new error message to climconfig.ip(1).
•
For climconfig.route(1), made these changes:
•
◦
Updated the syntax for the default and non-default IPv4 routes.
◦
Added the -src parameter and its description.
◦
Added a column for the -src parameter to the table that shows possible option
combinations for different route types.
◦
Added new error messages.
◦
Added the consideration, “-src is not valid for an IPv6 route.”
◦
Added Src to the examples.
For the interface command, added Src to “EXAMPLES” (page 319).
Obeyform Parameter
Obeyform updates include:
20
•
Added new climconfig.all(1) reference page.
•
Updated climconfig.arp(1).
•
Updated climconfig.bondmode(1).
•
Updated climconfig.climiptables(1).
•
Updated climconfig.failover(1).
•
Updated climconfig.interface(1).
•
Updated climconfig.psk(1).
•
Updated climconfig.remote(1).
•
Updated climconfig.route(1).
•
Updated climconfig.sa(1).
•
Updated climconfig.snmp(1).
•
Updated climconfig.sp(1).
•
Updated climconfig.sysctl(1).
•
Updated climconfig.tunnel(1).
CLIM-to-CLIM Replication
Replicate CLIM-to-CLIM updates include:
•
Added new subsection to Chapter 3: “Replicating the Configurations from One CLIM to Another
CLIM” (page 99).
OSM Down System CLIM Firmware Update Tool
OSM Down System CLIM Firmware Update Tool updates include:
•
Rewrote and rearranged text concerning software and firmware updates in Chapter 4.
Other Changes
•
Added link to “Upgrading IB and Telco CLIMs” to list under “Upgrading CLIM Software and
Firmware” (page 135).
•
Under “Collecting CLIM Log Files using CLIMDBUG” (page 206), added additional information
that CLIMDBUG.
Changes to 541613–018 include:
•
Added support to InfiniBand CLIM: “CIP Hardware Overview” (page 27), “IB CLIM” (page 56),
and “Upgrading IB and Telco CLIMs” (page 145).
•
Added a section on “Mapping CLIM Name” (page 128) under Troubleshooting.
•
Added a chapter “Collecting Data for CLIM Issues” (page 206).
•
Updated Table 4: CLIM and Attached Storage Device Default Naming Conventions (page 62)
for IB CLIM naming conventions.
•
Updated the manpages for climconfig.remote(1) command, climconfig.interface(1),
“climconfig.ip Description” (page 321), and climconfig.route(1).
•
Updated Considerations section of the climconfig.sysctl(1) command.
•
Added a note to “Upgrading CLIM Software and Firmware” (page 135) describing a shorter
procedure that can be used if you are not performing a SUT update.
Changes to 541613–017 include:
•
A correction was made to the ordered list on (page 118). The former step 2, stopping the
CLIMs, is now step 4, after stopping the Providers.
•
Reorganization of the CLIM software and firmware update procedures for use on an active
system, including the addition of two notes to the CLIM firmware update section.
•
The addition of CLIM software and firmware update procedures optimized for use when the
system is down or idle.
Changes to 541613-016 include:
•
•
Updated the Table 5: Sample Safe Linux Commands (page 69) with detail description for
Linux commands.
Updated the Example 69: STATUS CLIM Detailed (page 258), Example 77: STATUS PROVIDER
Detail (page 268), and Example 98: INFO SUBNET (CIPSAM) (page 285) with the additional
loopback address information.
New and Changed Information
21
•
Updated the “PARAMETERS” and “ERROR MESSAGES” section of the climconfig.interface(1)
man pages.
•
Replaced instances of “net.ipv4.tcp_rfc1337” with “net.ipv4.tcp_window_scaling” as
applicable.
•
Removed instances of “TCPTIMEWAIT”, as it is not supported for J06.10+ RVUs.
Notation Conventions
General Syntax Notation
This list summarizes the notation conventions for syntax presentation in this manual.
UPPERCASE LETTERS
Uppercase letters indicate keywords and reserved words. Type these items exactly as shown.
Items not enclosed in brackets are required. For example:
MAXATTACH
Italic Letters
Italic letters, regardless of font, indicate variable items that you supply. Items not enclosed in
brackets are required. For example:
file-name
Bold Text
Bold text in an example indicates user input typed at the terminal. For example:
ENTER RUN CODE
?123
CODE RECEIVED:
123.00
The user must press the Return key after typing the input.
[ ] Brackets
Brackets enclose optional syntax items. For example:
TERM [\system-name.]$terminal-name
INT[ERRUPTS]
A group of items enclosed in brackets is a list from which you can choose one item or none.
The items in the list can be arranged either vertically, with aligned brackets on each side of
the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For
example:
FC [ num ]
[ -num]
[ text]
K [ X | D ] address
{ } Braces
A group of items enclosed in braces is a list from which you are required to choose one item.
The items in the list can be arranged either vertically, with aligned braces on each side of the
list, or horizontally, enclosed in a pair of braces and separated by vertical lines. For example:
LISTOPENS PROCESS { $appl-mgr-name }
{ $process-name }
ALLOWSU { ON | OFF }
22
| Vertical Line
A vertical line separates alternatives in a horizontal list that is enclosed in brackets or braces.
For example:
INSPECT { OFF | ON | SAVEABEND }
… Ellipsis
An ellipsis immediately following a pair of brackets or braces indicates that you can repeat
the enclosed sequence of syntax items any number of times. For example:
M address [ , new-value ]…
- ] {0|1|2|3|4|5|6|7|8|9}…
An ellipsis immediately following a single syntax item indicates that you can repeat that syntax
item any number of times. For example:
"s-char…"
Punctuation
Parentheses, commas, semicolons, and other symbols not previously described must be typed
as shown. For example:
error := NEXTFILENAME ( file-name ) ;
LISTOPENS SU $process-name.#su-name
Quotation marks around a symbol such as a bracket or brace indicate the symbol is a required
character that you must type as shown. For example:
"[" repetition-constant-list "]"
Item Spacing
Spaces shown between items are required unless one of the items is a punctuation symbol such
as a parenthesis or a comma. For example:
CALL STEPMOM ( process-id ) ;
If there is no space between two items, spaces are not permitted. In this example, no spaces
are permitted between the period and any other items:
$process-name.#su-name
Line Spacing
If the syntax of a command is too long to fit on a single line, each continuation line is indented
three spaces and is separated from the preceding line by a blank line. This spacing distinguishes
items in a continuation line from items in a vertical list of selections. For example:
ALTER [ / OUT file-spec / ] LINE
[ , attribute-spec ]…
Notation for Messages
This list summarizes the notation conventions for the presentation of displayed messages in this
manual.
Bold Text
Bold text in an example indicates user input typed at the terminal. For example:
ENTER RUN CODE
Notation Conventions
23
?123
CODE RECEIVED:
123.00
The user must press the Enter key after typing the input.
Nonitalic Text
Nonitalic letters, numbers, and punctuation indicate text that is displayed or returned exactly
as shown. For example:
Backup Up.
Italic Text
Italic text indicates variable items whose values are displayed or returned. For example:
p-register
process-name
[ ] Brackets
Brackets enclose items that are sometimes, but not always, displayed. For example:
Event number = number [ Subject = first-subject-value ]
A group of items enclosed in brackets is a list of all possible items that can be displayed, of
which one or none might actually be displayed. The items in the list can be arranged either
vertically, with aligned brackets on each side of the list, or horizontally, enclosed in a pair of
brackets and separated by vertical lines. For example:
proc-name trapped [ in SQL | in SQL file system ]
{ } Braces
A group of items enclosed in braces is a list of all possible items that can be displayed, of
which one is actually displayed. The items in the list can be arranged either vertically, with
aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and
separated by vertical lines. For example:
obj-type obj-name state changed to state, caused by
{ Object | Operator | Service }
process-name State changed from old-objstate to objstate
{ Operator Request. }
{ Unknown.
}
| Vertical Line
A vertical line separates alternatives in a horizontal list that is enclosed in brackets or braces.
For example:
Transfer status: { OK | Failed }
% Percent Sign
A percent sign precedes a number that is not in decimal notation. The % notation precedes an
octal number. The %B notation precedes a binary number. The %H notation precedes a
hexadecimal number. For example:
%005400
%B101111
%H2F
P=%p-register E=%e-register
24
Related Information
Procedures that apply to the CIP subsystem but which are documented in other HP manuals are
not duplicated here. This subsection provides a guide to those procedures and other related
documentation.
Related Documents
CIP Subsystem Operations
In addition to this manual, to operate the CIP subsystem, you may need to refer to the SCF Reference
Manual for the Kernel Subsystem for information about managing persistence for generic processes.
The CIPMAN, CIPMON and CIPSAM processes are added and managed through the Kernel
subsystem. If you are managing the storage subsystem, also refer to the SCF Reference Manual
for the Storage Subsystem.
Linux Man Page Documentation and Help
You can get information about networking and IP protocol configuration from man pages and help
residing on your CLIM. Use the CLIMCMD man command from the NonStop host system, followed
by the feature for which you are seeking information. For example, N1002532 is the host name
of one of the CLIMs. (See “Displaying Man Pages for CIP Commands” (page 93) for the complete
syntax):
TACL> CLIMCMD n1002532 man climconfig
Press Enter before the output display starts. After all the output has been displayed, press the q
(quit) key to return to the TACL prompt.
This example displays information about the Linux free command:
TACL> climcmd n1002581 man free
To obtain information about the climconfig utility itself, enter:
TACL> CLIMCMD n1002532 climconfig -help
This command displays the climconfig syntax, including the version number and the supported
climconfig commands.
Alternatively, you can append the man command with the | more option. For example:
TACL> CLIMCMD dl385p man climconfig ~| more
Glossary
The terms used in this manual are defined in the common Glossary. The Glossary is located under
G in the NonStop Technical Library.
Publishing History
Part Number
Product Version
Publication Date
541613–017
H01
May 2011
541613–018
H01
July 2011
541613–019
H01
February 2012
541613–020
H01
August 2012
5416130–021
H01
February 2013
Related Information
25
HP Encourages Your Comments
HP encourages your comments concerning this document. We are committed to providing
documentation that meets your needs. Send any errors found, suggestions for improvement, or
compliments to:
[email protected]
Include the document title, part number, and any comment, error found, or suggestion for
improvement you have concerning this document.
26
1 Overview
The Cluster I/O Protocols (CIP) subsystem provides a configuration and management interface for
I/O on certain HP Integrity NonStop systems. To find out if your system supports CIP, see appropriate
planning guide; for example, for NS16000 Series systems, see the NS16000 Series Planning
Guide. You can also find information about which networking products are supported on your
system in the NonStop Networking Overview.
CAUTION: The CIP subsystem includes a front-end device running the Linux operating system.
Do not use any Linux command that is not documented in this manual as a supported command.
Using unsupported Linux commands can cause failure of the CIP subsystem.
This chapter provides an overview of the CIP subsystem including:
•
“CIP Hardware Overview” (page 27)
•
“CIP NonStop Host System Software Overview” (page 28)
•
“CIP CLIM Software Overview” (page 29)
•
“The CIP Subsystem for Internet Protocols (IP CIP)” (page 31)
•
“The CIP Subsystem for Storage I/O (Storage CIP) and the Storage Subsystem” (page 57)
•
“Subsystem ID and Product Numbers” (page 59)
•
“Capacity and Resource Use” (page 60)
Internet Protocol Version 6 (IPv6) Compliance
The CLIM complies with Internet Protocol version 6 (IPv6), an Internet Layer protocol for
packet-switched networks, and has passed official certification of IPv6 readiness.
CIP Hardware Overview
NOTE: Your system might require a NonStop System Console that supports DHCP and TFTP. For
more information, see the planning guide for your system.
The CLuster I/O Module (CLIM) provides the physical interface to the network or storage devices.
The CLIM includes a ServerNet PCIe card with multiple ports that interface to the ServerNet fabric
of the NonStop host system.
The CLIM is rack mounted in the NonStop system cabinet and connects to one or two X and Y-fabric
ports by means of fiber cables running from its ServerNet PICs to ServerNet ports on the NonStop
host system. The CLIM connects from its management processor interface (eth0) and its Integrated
Lights Out (iLO) interface to a maintenance switch.
Internet Protocol Version 6 (IPv6) Compliance
27
The CLIM can be configured for:
•
IP protocols (IP CLIM and IP CLIM Carrier Grade (CG)
IP CLIMs are configured with a Mode attribute of IP
•
Storage protocols (Storage CLIM and Storage CLIM CG)
Storage CLIMs are configured with a Mode attribute of STORAGE
•
Telco protocols (Telco CLIM and Telco CLIM CG)
Telco CLIMs are configured with a Mode attribute of OPEN
•
IB protocols (IB CLIM)
IB CLIMs are configured with a Mode attribute of OPEN
NOTE: To find out if your system supports Telco or IB CLIMs, see the planning guide for your
system.
The IP and Telco (OPEN mode) CLIMs are configured similarly and provide similar services. Notable
differences are that the Telco CLIM provides additional services provided by HP OpenCall software
for telecommunications. For information about the OpenCall product, see the Guide to Operations
and Maintenance for HP OpenCall Intelligent Network Server and the Installation Guide For HP
OpenCall Intelligent Network Server.
IB CLIMs (OPEN mode) provide InfiniBand connectivity to a customer-supplied IB switch using a
customer-supplied cable as part of the Low Latency Solution.
CIP NonStop Host System Software Overview
CIP requires the J06.04 or later J-series RVU, or the H06.16 or later H-series RVU, on the NonStop
host system.
CIP provides an integrated manageability solution from the NonStop host system to manage the
Linux capabilities of the CLIM. CIP provides SCF, a new command line interface, OSM, EMS, and
the NonStop I/O Essentials plug-in to HP Systems Insight Manager (SIM) for configuration, control,
and management of the NonStop connection to the CLIM, of TCP/IP, IPSec, and of LUNs on the
CLIM. CIP on the host also converts CLIM syslog and evlog events to EMS events.
NonStop Host System Management
The Subsystem Control Facility (SCF) is the management tool for the NonStop host system objects.
The objects in the NonStop host system allow monitoring of subsystem status and statistics and
provide a TCP/IP process to serve as a transport-service provider for NonStop host system socket
applications.
For information about SCF, see Chapter 10 (page 216).
Configuration Persistence
Persistence in the NonStop host system is provided through the system configuration database and
the persistence manager, which store and start the CIPMAN, CIPMON, CIPSAM (IP CIP only) SCF
objects ($ZZKRN.#ZZCIP, $ZZKRN.#cipsam_name and $ZZKRN.#CIPMON).
Maintenance Provider
Two SCF Provider objects (see “PROVIDER Object” (page 219)) are configured by default on two
IP or Telco CLIMs (one each) to provide OSM connectivity from the NonStop host system to the
dedicated service LAN and to support dedicated-service LAN traffic. These maintenance Providers
(MPs) connect through a logical interface (eth0:0).
The TYPE attribute for the maintenance Provider is MAINTENANCE.
28
Overview
NOTE: The physical interface eth0 connects each CLIM to the dedicated service LAN. Only IP
and Telco CLIMs can have the logical interface eth0:0 and the associated maintenance Providers.
NOTE:
In this manual, unless stated explicitly otherwise, “Provider” refers to an IPDATA Provider.
Maintenance Provider Restrictions
•
There is no failover support for the maintenance Provider. However, HP recommends configuring
two maintenance Providers running on different CLIMs with different IP addresses. OSM can
then switch to a different maintenance Provider if one of them fails.
•
The maintenance Provider supports only IPv4 addresses.
•
The maintenance Provider does not support the IP loopback address (127.0.0.1), 127.*.*.*,
class D, or class E IP addresses.
•
There is a limit of one maintenance Provider interface and one maintenance Provider IP address
for each CLIM.
CLIM Object Name and Hostname
The CLIM object name on the NonStop system must be the same as the host name on the CLIM
itself for the CLIM to be brought to the STARTED state. You assign the name. Host names on CLIMs
on different systems can be the same as long as the combination of the system name and the host
name on the CLIM are unique across the dedicated service LAN. For example, if you have two
systems named \A and \B, you can have a CLIM with a host name of CLIM1 on each system,
since the combination of system name and CLIM name are unique.
Neither the CLIM object name nor the host name on the CLIM can be changed while the CLIM
object is in the STARTED state. The CLIM object is configured by using SCF. The host name on the
CLIM is configured by using the climconfig tool.
CIP CLIM Software Overview
The CLIM runs the Linux operating system offering many of the open source networking features
and providing an intelligent device for storage applications. The CIP software on the CLIM uses
Linux tools to configure and control TCP/IP and IPSec, SNMP agents for health monitoring, HP
Integrated Lights Out (iLO) Management for low-level diagnostics, and the syslog and evlog event
mechanism for event reporting.
When using CIP, you do not need to use Linux commands directly on the CLIM and in fact very
few Linux commands are supported. Instead, use the CLIMCMD command line interface from the
TACL prompt on the NonStop host system. The CLIMCMD CLI provides persistence and failover
for the configuration and also offers only Linux commands that are safe to execute on the CLIM.
CLIM Management
A combination of OSM, the CLIMCMD tool, I/O Essentials, and an integrated Lights Out
Management (iLO) interface are the management tools for the CLIM.
CLIMCMD Tool
The CLIMCMD tool provides a pass-through for commands issued from the NonStop host system
to the CLIM. This mechanism uses a Secure Shell (SSH) server accepting SSH requests from the
NonStop host system. This tool provides support for both Storage and IP CIP.
The CLIMCMD tool with the climconfig command is used to configure networking attributes, SNMP
(for both IP and storage) and the LUN manager on the CLIM. The CLIMCMD tool is also used for
other commands. See Chapter 3 (page 69) for a complete list of CLIMCMD utilities.
You run the CLIMCMD tool on the NonStop host system from the TACL prompt.
CIP CLIM Software Overview
29
NOTE: The default behavior of CLIMCMD is to not display the SSH Client banner. Effective with
the J06.15 RVU, the SSH Client banner can be displayed in the output of CLIMCMD by setting the
TACL parameter SUPPRESSCLIENTBANNER to ‘N’ before executing CLIMCMD. To revert to the
default behavior, explicitly set the TACL param SUPPRESSCLIENTBANNER to any value other than
‘N’. For example:
> $SYSTEM SYSTEM 25> climcmd N1002531 psclim
PID
RSS %MEM %CPU
TIME START STAT CMD
4829 1024 0.0 0.0 00:00:27 Oct 12 Sl /usr/local/bin/climmon --time 30
4974 1180 0.0 0.0 00:00:31 Oct 12 Sl
confsync
4975 23604 0.6 0.0 00:01:39 Oct 12 Sl
cipssrv --number 0
4976 94008 2.3 0.5 00:44:18 Oct 12 Sl
climagt --number 1
Termination Info: 0
> #SET #PARAM SUPPRESSCLIENTBANNER N
> $SYSTEM SYSTEM 25> climcmd N1002531 psclim
SSH client version T9999H06_14Jun2012_comForte_SSH_0092
PID
RSS %MEM %CPU
TIME START STAT CMD
829 1024 0.0 0.0 00:00:27 Oct 12 Sl /usr/local/bin/climmon --time 30
4974 1180 0.0 0.0 00:00:31 Oct 12 Sl
confsync
4975 23604 0.6 0.0 00:01:39 Oct 12 Sl
cipssrv --number 0
4976 94008 2.3 0.5 00:44:18 Oct 12 Sl
climagt --number 1
Termination Info: 0
> #SET #PARAM SUPPRESSCLIENTBANNER Y
> $SYSTEM SYSTEM 25> climcmd N1002531 psclim
PID
RSS %MEM %CPU
TIME START STAT CMD
4829 1024 0.0 0.0 00:00:27 Oct 12 Sl /usr/local/bin/climmon --time 30
4974 1180 0.0 0.0 00:00:31 Oct 12 Sl
confsync
4975 23604 0.6 0.0 00:01:39 Oct 12 Sl
cipssrv --number 0
4976 94008 2.3 0.5 00:44:18 Oct 12 Sl
climagt --number 1
Termination Info: 0
Integrated Lights Out (iLO)
iLO is supported on the CLIM and is used for operator tasks such as remotely powering up or down
the CLIM and diagnostics. For more information about iLO features, refer to the HP website http://
www.hp.com/server/lights-out. For instructions for invoking the iLO management screen, see
“Change the CLIM Passwords” (page 64).
OSM
The OSM Service Connection is used for displaying the status of the CLIM and as an alternative
to SCF for starting, stopping, adding and deleting SCF CLIM objects, and for adding SCF CLIM
objects.
30
Overview
Figure 1 OSM Service Connection displays for CIP
For more information about using the OSM Service Connection, see the OSM Service Connection
User's Guide and the NonStop Operations Guide.
The OSM Low Level Link is used to:
•
Configure CLIMs, as described in the CLuster I/O Module (CLIM) Installation and Configuration
Guide.
•
Upgrade CLIM software, as described in Chapter 4 (page 133).
HP NonStop I/O Essentials
NonStop I/O Essentials is a plug-in to HP Systems Insight Manager (SIM). HP SIM is an infrastructure
management tool for HP systems that runs on the system console. The NonStop I/O Essentials
plug-in provides a graphical user interface alternative to the command line interfaces of the
CLIMCMD tool and SCF.
For more information about using NonStop I/O Essentials, see the NonStop I/O Essentials
Installation and Quick Start Guide.
Persistence
Persistence in the CLIM is provided by configuration files stored on the CLIM hard drive. Changes
made by using the CLIMCMD climconfig command line interface (CLI) to the protocol attributes
are stored and are persistent. For example:
> CLIMCMD n1002532 climconfig sysctl -update net.ipv4.tcp_keepalive_intvl 25
This command sets the time interval between the retransmissions of unacknowledged keepalive
packets to 25 seconds and the change is preserved across CLIM reboots.
The persistent CLIM configuration is backed up by the CLIM backup utility and, in the event of a
CLIM failure or CLIM hard drive failure, can be restored onto the replacement CLIM by using the
CLIM restore utility. See“Managing the Configuration Preservation” (page 113) for more information
about these utilities.
The CIP Subsystem for Internet Protocols (IP CIP)
The Cluster I/O Protocols (CIP) subsystem provides an IP facility for the NonStop system that
leverages current, open-source networking features and takes advantage of the NonStop system
architecture for application scalability. The Cluster I/O Protocols (CIP) subsystem also provides
The CIP Subsystem for Internet Protocols (IP CIP)
31
Telco connectivity with management facilities and Telco applications on the NonStop host and
Telco protocols on the CLIM. The CIP subsystem resides partly on the NonStop host system and
partly on the CLIM.
In the CIP subsystem, IP functionality is distributed between the NonStop system and the CLIM.
Figure 2: Distribution of Functionality in the CIP Subsystem shows this distribution of functionality.
Figure 2 Distribution of Functionality in the CIP Subsystem
CIP includes a NonStop host system subsystem that provides:
•
An application programmatic interface (API)
•
Transport service providers
•
A Subsystem Control Facility (SCF) interface for monitoring the subsystem and for configuring
host-to-CLIM relationships
NOTE: There are some migration considerations when porting applications from conventional
and Parallel Library TCP/IP and NonStop TCP/IPv6 to CIP. See Chapter 6 (page 174).
CIP provides a socket access method (SAM) process on the NonStop system for applications to
use as a transport service provider.
Monitoring and management of the CIP subsystem on the NonStop system is provided by SCF and
by the CLIMCMD CLI. See Chapter 10 (page 216), for more information.
You use the CLIMCMD climconfig tool to add, modify, delete, and display information in the
network, IPSec, and Failover configuration files. For more information about the climconfig tool,
see “Climconfig (Man Pages)” (page 301).
IP Protocols
IP CIP supports these protocols:
•
Transmission Control Protocol/Internet Protocol (TCP/IP) (including IPv6 and IPv4)
•
User Datagram Protocol (UDP)
•
Stream Control Transmission Protocol (SCTP)
•
IP Security (IPSec)
Telco Protocols
Telco CIP supports the Message Transfer Part Level 3 User Adaptation layer (M3UA) protocol.
Multiple CLIMs per Provider
Multiple IP and Telco CLIMs can be configured in the same IPDATA Provider. This feature provides
scalability for applications that need high bandwidth. Unless the MULTIPROV attribute is set for
multiple providers, as described under “Multiple Providers per CLIM”, a CLIM can only belong to
one IPDATA Provider, but a maintenance provider can also be configured to use it.
32
Overview
Figure 3 Multiple CLIMs per Provider, Example Configuration
Multiple Providers per CLIM
Effective with the H06.25/J06.14 RVU, a CLIM can be associated with multiple data providers
simultaneously. You can enable or disable this Multiple Providers per CLIM functionality on a
per-CLIM basis by setting a new MULTIPROV attribute of each CLIM object. The MULTIPROV attribute
is not valid for a CLIM with STORAGE MODE. See “ADD CLIM” (page 226), “ALTER CLIM”
(page 231), and climconfig.prov(1).
NOTE: Detailed displays of command output in this manual are updated to show support for
Multiple Providers per CLIM.
The CIP Subsystem for Internet Protocols (IP CIP)
33
Figure 4 Multiple Providers per CLIM, Example Configuration
Using Multiple Providers
You can use multiple providers to customize network configurations to an application's needs,
while isolating that application's configuration from other applications in other providers. To
associate a CLIM and all of its interfaces with multiple providers, set the MULTIPROV attribute of
the CLIM object to ON using the ADD CLIM or ALTER CLIM command. See “ADD PROVIDER”
(page 228) and “ADD CLIM” (page 226).
Using Multiple SWAN Paths in a Single Provider
CIP supports configuring path A and path B in a SWAN configuration to run in the same Provider
only on a single CLIM. If you use two CLIMs in a SWAN configuration, you must use different
Providers.
Using Multiple Listeners with Round Robin Sockets
NonStop TCP/IPv6 had a limitation of one listening process per processor per port. CIP does not
have this limitation. There can be many listening processes per processor per port. The only limitation
is the amount of memory available to create sockets.
Routing in the CIP Subsystem
In a Provider comprising multiple CLIMs, a socket that is bound to a specific local IP address other
than a loopback address (IPv4 127.0.0.1 or IPv6 ::1) is associated with a CLIM containing that
address. An outgoing connection or packet for these kinds of sockets is sent through that CLIM.
However, sockets not yet bound, bound to INADDR_ANY, or bound to a loopback address might
be used to listen for incoming connections or packets on addresses that exist in all the CLIMs of a
Provider and so are associated with all of the CLIMs. If the socket is used for an outgoing connection
or for sending a packet, the host must choose one of the CLIMs to send it. This process uses the
destination address and is similar to IP routing, but is used only to select a CLIM within a Provider.
With either type of binding, the sending CLIM then performs its own IP routing to select an interface
and the first hop in the external network.
34
Overview
Network routes are configured on the CLIMs. You specify static routes by using CLIMCMD climconfig
commands. Dynamic routes are created by the system as the result of various protocol events. CIP
keeps separate routing tables for IPv4 and IPv6 destinations. Default routes have a prefix or
subnet-mask length of zero and indicate where to send packets or connections when no other
routes match the destination address. Default routes can be static or dynamic. A CLIM that does
not have a default route cannot route to arbitrary destinations.
If a CLIM is configured to join multiple providers, an independent set of routes is maintained for
each of the providers. When sending packets, only routes for the provider that was used to send
the packet are used.
Each CLIM uploads a copy of the statically-configured entries, entries added for each local IP
address, and the dynamic default entries in its routing tables to the NonStop host system for each
interface as it reports that the interface is up. Each CLIM continues updating the host as changes
are made to its tables. The host merges the routing tables from all the CLIMs in a Provider into one
IPv4 and one IPv6 table for the Provider. When the host needs to use a destination address to
decide which CLIM gets an outgoing connection or packet, it consults the corresponding table. If
it finds that more than one CLIM could be used, it uses round-robin selection to help balance the
load among them. Once the connection or packet gets to the CLIM, the CLIM uses its own tables
to decide on an interface and first-hop destination.
In many environments, nearly all CLIMs have default routes defined and most traffic uses these
routes, so simple round-robin selection may not be adequate. The ROUTE object on the NonStop
host system allows additional control of default route use. Each ROUTE object indicates a CLIM to
use for a default route and a PRIORITY for its use. The PRIORITY is a number from 1 to 100 where
higher numbers indicate higher priority. The CLIM is considered only if it actually has a default
route defined in its routing table for the desired address family. When a default route is needed,
the CLIM with the highest priority is selected. If more than one CLIM has the highest priority,
round-robin selection is used. If no ROUTEs have an available CLIM, any CLIM with a default route
defined is used. If no CLIMs have a default route, the packet cannot be routed.
Every CLIM contains a loopback interface (lo) and the loopback addresses for the configured IP
address families (IPv4 127.0.0.1 and/or IPv6 ::1). When a NonStop host system application
connects or sends to a loopback address or to a local address, the connection or data is sent to
a CLIM and is looped back to the host using the loopback interface. If the sending socket is bound
to a specific local IP address other than a loopback address, then the CLIM containing that address
is chosen. If the socket is not bound or is bound to INADDR_ANY, the CLIM containing the
destination address is used. If the destination is a loopback address, any CLIM can be chosen.
NOTE: If a socket is bound to a specific local address and connects or sends to a local address
on a different CLIM, the data is passed from one CLIM to the other over the external network. Even
though the addresses are both local in the Provider, a path through the external network is required.
Sockets bound to a loopback address are replicated in all the CLIMs of the Provider like sockets
bound to INADDR_ANY. If the socket is later used to listen for incoming connections or packets,
it can get them at that address no matter to which CLIM they are directed.
The NonStop host system performs these steps to select a CLIM for an outgoing connection or
packet in Providers with multiple CLIMs:
1. If the socket has bound to a specific local IP address other than a loopback address (127.0.0.1
or ::1), use the CLIM containing that address.
2. If the destination address is a loopback address, make a round-robin selection of any CLIM.
3. If the destination address is a local address in one of the CLIMs, use that CLIM.
4. If the destination address matches one or more network-route entries that are not default routes,
make a round-robin selection of one of the CLIMs containing the entries with the same longest
matching prefix or subnet-mask length.
5. Make a round-robin selection of any available CLIM that has a default network-route entry.
When selecting a CLIM containing a default route, only the available CLIM(s) with the highest
The CIP Subsystem for Internet Protocols (IP CIP)
35
6.
ROUTE PRIORITY attribute value are considered. If there is more than one with the same highest
value, one is round-robin selected from that group. CLIMs with no ROUTE object are considered
to have the lowest priority, and if those are all that are available, one of them is round-robin
selected.
If no available CLIMs have a default network-route entry, then no route can be found. Return
an error to the application.
Failover in the CIP Subsystem
CIP failover allows the resources associated with a failing interface to be switched to another
interface so they remain available to the external network with minimal impact on socket
applications.
Upon failure of one or more Ethernet interfaces or an entire CLIM, CIP can ensure the availability
of the interface resources such as IP addresses, sockets, connections, routes, and tunnels by either
sharing those resources among multiple physical interfaces on the same CLIM or migrating them
to another interface on a different CLIM. While most resources can be migrated during failover,
some are lost if migration to a different CLIM is required. This section defines resources and
describes their treatment in failover situations.
There are two types of failover in CIP: failover from one interface to another in the same CLIM,
and failover from one CLIM to another.
Intra-CLIM Failover – Overview
Intra-CLIM failover occurs when a link to the external network has failed, but the CLIM is still
operational. It is configured and handled completely within the CLIM by using bonded interfaces.
The NonStop operating system does not need to take any action. All interface resources are
switched without disruption.
Bonded interfaces share interface resources among multiple physical interfaces. They can be
configured to be similar to NonStop TCP/IPv6 failover with the SHAREDIP option except that the
interfaces must be in the same CLIM and are not limited to just two interfaces. Bonded interfaces
do not support a mode similar to the NonStop TCP/IPv6 NONSHAREDIP option in which each
interface has a different IP address until failover.
Figure 5: Intra-CLIM Interface Failover (page 37) illustrates intra-CLIM failover. The figure uses
shaded rectangles to show CLIM interfaces, ovals for the resources using those interfaces, and
lines for the physical interfaces associated with them. Bonded interface bond1 is defined in the
CLIM to consist of the two slave physical interfaces: eth1 and eth2. If either slave interface goes
down, the other takes its traffic with no disruption. The NonStop OS tracks the bonded interface,
not the slave interfaces, so no changes are made in the NonStop OS tables or resource locations
when this occurs.
36
Overview
Figure 5 Intra-CLIM Interface Failover
CLIM-to-CLIM Failover – Overview
CLIM-to-CLIM failover is invoked when a CLIM fails, a non-slave physical interface or bonded
interface fails, or an SCF SWITCH command is issued. Physical interfaces fail when their driver
indicates a physical fault or link pulse remains down. Bonded interfaces fail when all their slave
interfaces fail. During failover, most interface resources are switched to their configured backup
interfaces in other CLIMs, but since much of the connection state was saved inside the original
CLIM, TCP and SCTP connections are lost and applications are given ECONNRESET errors.
Failure of an entire CLIM is treated as failure of all the interfaces on that CLIM and each interface
is failed over to its configured failover destination individually.
Interface resources are configured or created for each physical or bonded interface, called the
home interface, for those resources. These are listed in “Interface Names and Resources” (page 40).
A separate failover interface can also be configured for each interface. The failover interface must
be in the same broadcast domain as the home interface, its CLIM must be in the same Provider,
and if it uses failover, it must use this home interface as its failover interface. It need not be the
same type of interface, physical or bonding, but the IP configuration should match to avoid
unexpected changes in protocol behavior when failover occurs. Like interface configuration, failover
configuration is specified on the CLIMs.
If an interface or CLIM fails, its home interface resources are migrated to the failover interface(s)
and become visiting resources. If the interface or CLIM becomes available again, its resources are
not automatically moved back as this might disrupt TCP and SCTP connections. An SCF SWITCH
command must be used to manually restore resources to their home interface. If the failover interface
or CLIM fails, an attempt is made to automatically restore the visiting resources back to their home
interface.
Failover interfaces must be configured in pairs, where each interface specifies either the other as
its failover interface or no failover. To spread the load on other CLIMs when a CLIM fails, each of
the interfaces in a CLIM can be paired with interfaces in different CLIMs under the same Provider.
The CIP Subsystem for Internet Protocols (IP CIP)
37
As of the H06.21 and J06.10 RVUs, CLIM-to-CLIM failover is supported for all types of CLIMs, and
Telco CLIMs do not require a unique Provider.
Failover is not supported for the maintenance Provider interface, only the data LAN interfaces.
Multiple maintenance Providers can be configured on different CLIMs if fault-tolerance is desired
but fault handling must be done explicitly by the applications in that case.
Figure 6: CLIM-to-CLIM Failover, Single Interface (page 38) and Figure 7: Full CLIM Failover
(page 39) both show CLIM-to-CLIM failover. Figure 6: CLIM-to-CLIM Failover, Single Interface
(page 38) shows what happens when a single interface fails or loses network connectivity, but the
CLIM is still operational. The clim1.eth4 interface is paired with clim2.eth1 for failover. When
clim1.eth4 fails, its resources are moved to clim2.eth1 and the NonStop OS updates its tables so
references to clim1.eth4 are directed to clim2.eth1.
Figure 6 CLIM-to-CLIM Failover, Single Interface
38
Overview
Figure 7: Full CLIM Failover shows what happens when an entire CLIM fails. In the figure, CLIM2
has failed and the resources for all its interfaces have moved to interfaces in other CLIMs. The
NonStop OS has updated its tables to refer to their new locations.
Figure 7 Full CLIM Failover
Failover Behavior in Detail
This section describes CIP failover in more detail, including:
•
“Interface Names and Resources”
•
“CLIM Interface Types” (page 41)
•
“CLIM Bonded Interfaces” (page 42)
•
“CLIM-to-CLIM Failover” (page 43)
The CIP Subsystem for Internet Protocols (IP CIP)
39
•
“Fail Back (Restore Behavior)” (page 44)
•
“Failover Failure” (page 45)
•
“CLIM Startup Behavior” (page 45)
Interface Names and Resources
On the NonStop system, interfaces are given a unique name within a Provider by pre-pending the
CLIM home interface name with the CLIM name and a period (.). For instance: n1002531.eth4
or n1012542.bond0.
Physical and bonded interfaces are tied to physical ports and so cannot move in a literal sense.
However, many of the resources associated with an interface can be moved from one interface to
another, which is how failover works. The resources are given the name of their home interface,
so one can say that n1002531.eth2 is currently located at n1012542.eth4, meaning that the
resources configured or created for interface n1002531.eth2 have been moved to n1012542.eth4.
The NonStop OS contains an interface table that gives the current location of each interface name.
On the CLIM, each interface can contain resources from either none, one, or two interface names.
The normal state is to contain only the home resources. If CLIM resources have failed over, the
CLIM has no resources and the interface is down. If the failover interface has failed, the home
CLIM contains both the home resources and the visiting resources from the failover interface. Visiting
resources cannot be present unless the home resources are also present.
Table 1: Interface Resource Failover Behavior summarizes the interface resources, how they are
created, and how they are migrated during failover. Bonded interfaces share many of their resources
among multiple physical interfaces, making intra-CLIM failover a matter of just letting the others
take over the load. CLIM-to-CLIM failover requires actual migration of resources to a new location.
Table 1 Interface Resource Failover Behavior
40
Resource
Created by
Intra-CLIM Failover
CLIM-to-CLIM Failover
MAC address
Hardware parameter
Shared, migrated, or not
migrated depending on
bonding mode
Not migrated
Static IPv4 addresses
Configuration
Shared
Migrated
Static IPv6 addresses
Configuration
Shared
Migrated
Link-local and
autoconfigured IPv6
addresses
Protocol
Shared
Migrated
Joined-group multicast IP
addresses
Applications
Shared
Migrated
Solicited-node multicast IP
addresses
Protocol
Shared
Migrated
UDP sockets
Applications
Shared
Migrated
TCP listening sockets
Applications
Shared
Migrated
Static routes
Configuration
Shared
Migrated
Dynamic routes
Protocols
Shared
Not migrated, re-created as
needed
Static ARP entries
Configuration
Shared
Not migrated, must be
configured the same on the
failover CLIM
Dynamic ARP entries
Protocol
Shared
Not migrated, re-created as
needed
Overview
Table 1 Interface Resource Failover Behavior (continued)
Resource
Created by
Intra-CLIM Failover
CLIM-to-CLIM Failover
TCP connections
Applications
Shared
Not migrated, client can
reestablish the connections
SCTP connections
Applications
Shared
Not migrated, client can
reestablish the connections
Static IPv6-over-IPv4 Tunnels Configuration
Shared
Migrated when interface
containing the local address
is migrated
IPSec PSKs
Configuration
Shared
Not migrated, must be
configured the same on the
failover CLIM
IPSec SAs
Negotiation
Shared
Not migrated, renegotiated
by new endpoints
IPSec SPs
Configuration
Shared
Not migrated, must be
configured the same on the
failover CLIM
IPSec remotes
Configuration
Shared
Not migrated, must be
configured the same on the
failover CLIM
IPSec X.509 certificates
Configuration
Shared
Not migrated, must be
configured the same on the
failover CLIM
CLIM Interface Types
Table 2: Interface Type for Failover Behavior lists the various interface types supported by the CLIM
and how they are supported by failover.
The CIP Subsystem for Internet Protocols (IP CIP)
41
Table 2 Interface Type for Failover Behavior
Interface Type
Characteristics
Failover
Loopback
• Reflects output back to its input
• Named lo
Exists in every CLIM so failover is not needed.
Cannot be configured for failover, but does
have an entry in the NonStop OS interface
table.
• Corresponds to a physical Ethernet
interface connected to a user network
Can be configured for CLIM-to-CLIM failover.
The backup interface can be a physical or
bonded interface.
Physical (non-slave)
• Reports link pulse from the physical
interface
• Named by the CLIM kernel: eth1, eth2, …
Logical
• Adds an IP address to a physical interface Not supported and cannot be configured on
data LAN interfaces.
• Named by appending a colon (:) and
number to the physical interface name:
eth2:1
Bonding
• Combines two or more physical interfaces Can be configured for CLIM-to-CLIM failover.
If all its slave interfaces fail, the interface
for fault tolerance
resources of the bonded interface are migrated.
• Each physical interface is called a slave
The backup interface can be a physical or
interface
bonded interface.
• Reports link pulse down only if down on
all slave interfaces
• Named by the user, must be either :
bond0 or bond1 (only two bonded
interfaces allowed on each CLIM)
Slave
• A physical interface that is combined into Cannot be configured for failover and does
not have an entry in the NonStop OS interface
a bonded interface
table.
Static IPv6-over-IPv4
Tunnel
• Encapsulates IPv6 packets inside IPv4
packets.
• Named by the user, typically: TUN0,
TUN1, TUN2, …
Maintenance Interface
Follows the physical or bonded interface
associated with its local address. Cannot be
individually configured for failover, but does
have an entry in the NonStop OS interface
table.
Cannot be configured for failover and does
• Corresponds to a physical Ethernet
interface eth0 connected to the dedicated not have an entry in the NonStop
operating-system interface table.
service LAN
• Used for CLIM access to the dedicated
service LAN
• Named by the CLIM kernel as eth0. (A
single wire from the eth0 interface to the
dedicated service LAN is used for both
eth0 and eth0:0.)
Maintenance Provider
Interface
• Configured for maintenance Provider
• Used for NonStop OS access to the
dedicated service LAN
• Associated with maintenance interface
eth0
Cannot be configured for failover and does
not have an entry in the NonStop OS interface
table for a data Provider. Does have an entry
in the NonStop OS interface table for the
maintenance Provider.
• Added at startup, named eth0:0
CLIM Bonded Interfaces
CIP supports failover of Ethernet interfaces within the same CLIM using the CLIM bonding driver.
The bonding driver groups multiple physical interfaces, called slave interfaces, into a single bonded
interface. The bonding driver transparently handles failure of a slave interface by switching traffic
42
Overview
to the others. The number of bonded interfaces and the number of slaves in each is limited only
by the number of data LAN interfaces on the CLIM. Typically, the bonded interface takes up the
MAC address of its first slave.
A bonded interface can be configured to use one of several policies for fault tolerance and
bandwidth aggregation. CIP supports all current policy modes as long as their prerequisites are
met. See “climconfig.bondmode Description” (page 306) for descriptions of the bonding modes.
Interface resources are configured and created for the bonded interface, not the individual slave
interfaces. CLIM-to-CLIM failover can switch a bonded interface to a configured failover interface
by command or if the bonded interface indicates a failure. This occurs only if all its slaves have
failed.
As of J06.10 and H06.21, the DL380 G6 CLIM is available, which has 2 embedded NICs, one
for eth0 and eth1 and the other for eth2 and eth3. It also has one external PCI NIC for eth4 and
eth5. This allows you to create 2 bonded interfaces that are spread across two NICs, for example
eth1 and eth4 as bond0, and eth2 and eth5 as bond 1. In this configuration losing one NIC will
not result in losing an entire bond.
CLIM-to-CLIM Failover
CIP supports failover of individual interfaces from one CLIM to interfaces on other CLIMs under the
same Provider. Failover of an entire CLIM is treated as failover of all its interfaces. Table 3:
CLIM-to-CLIM Failover describes the various scenarios of failure and resulting failover action:
Table 3 CLIM-to-CLIM Failover
Failure Definition
Probable Causes
Resulting Failover Action
Failure in all processors to receive
heartbeat from CLIM for more than a
heartbeat time
• ServerNet path failure between all Initiate failover of all interfaces on the
CLIM
processors and the CLIM
• CLIM panic halt or hang
• CLIM reboot
• CLIM CLIMCMD clim stop
command
• CLIM software problem
Failure indication on data LAN
interface or on all interfaces in a
bonded interface
• NIC hardware failure
Initiate interface failover.
Loss of link pulse on data LAN
interface or on all interfaces in a
bonded interface for less than link
pulse time
• Transient condition
No failover action
• Recoverable failure in bonded
interface
• Cable briefly disconnected
• Cable permanently disconnected
• Switch or network down
Loss of link pulse on data LAN
interface or on all interfaces in a
• Cable permanently disconnected
Initiate interface failover
• Switch or network down
The CIP Subsystem for Internet Protocols (IP CIP)
43
Table 3 CLIM-to-CLIM Failover (continued)
Failure Definition
Probable Causes
Resulting Failover Action
CLIM-initiated interface down on a
data LAN interface
• CLIMCMD ifstop command
No failover, but interface resources
using the interface become unavailable.
Failure indication, loss of link pulse,
or CLIM-initiated interface down on
maintenance interface
• NIC hardware failure
No action.
bonded interface for more than link
pulse time
• Cable disconnected
• Switch or network down
• CLIMCMD ifstop command
Operator initiated failover
• SCF SWITCH CLIM command
Initiate CLIM or interface failover as
directed.
NonStop OS-initiated CLIM stop
• SCF ABORT CLIM or STOP CLIM
command
No failover, but the CLIM object goes
to the STOPPED state. Interface
resources still on the CLIM become
unavailable. Those resources that have
already failed over to other CLIMs
remain active unless the INTFALL option
is given.
Heartbeat time enforces sending a heartbeat signal from each CLIM to indicate it is running properly.
Failover is triggered only when all NonStop system processors have lost contact with the CLIM.
Link pulse time keeps failover from triggering because of a transient link pulse problem. It is a fixed
value less than two seconds.
All changes in the CLIM interface status are reported as EMS messages even if they do not result
in failover.
Each individual interface can be configured with its own failover interface, including the CLIM and
interface names. Failover interfaces are configured in pairs, so both interfaces of the pair specify
either the other as their failover interface or no failover. It is not necessary that all interfaces in a
CLIM have their failover interfaces on the same CLIM. It is also acceptable for a failover interface
to be a bonded interface or a physical interface regardless of the home-interface type.Table 1:
Interface Resource Failover Behavior (page 40) summarizes how CLIM-to-CLIM failover migrates
each type of interface resource from the failed interface to the failover interface. “Interface Resource
Migration” (page 45) describes migration of each of these resources in more detail. A two-way
periodic heartbeat timeout is used on both the NonStop host system and CLIM to detect failure of
a CLIM, the host, or the ServerNet connection between them. If a CLIM can no longer communicate
with any processor in the NonStop host system, it removes all the IP addresses from its data LAN
ports. If the NonStop host system is truly down, a down-state is conveyed to the external network.
If the NonStop host system is actually still up, it allows the host to migrate the IP addresses to
another CLIM. If no NonStop host system processor can communicate with a CLIM, the host initiates
a CLIM-to-CLIM failover of all the interfaces on the CLIM. The resources for each interface are
migrated to its configured failover interface. Each interface can have its own failover destination
and hence a CLIM failover could result in failover of interfaces to multiple CLIMs. Each interface
migrates separately from the others. Hence, a problem migrating one interface does not affect the
others.
Fail Back (Restore Behavior)
Fail back or restore is only supported by a manual method and initiated from the host only by
using a SWITCH CLIM command. Fail back of interfaces also follows the “check-break-make”
principle and the actual sequence is similar to a failover sequence. See “Failover in the CIP
Subsystem” (page 36) for an overview of the CIP failover sequence.
44
Overview
Failover Failure
When a CLIM-to-CLIM failover operation is started, the host tries to migrate the resources to the
failover interface and to the home interface alternately, separated by 10 seconds. If the resources
are successfully brought up on one of the interfaces, failover is complete. If the resources cannot
be brought up on either interface within 10 seconds, the failover has failed. Sockets using the
interface are marked to return an error to the application on the next or current socket call and
joined multicast groups are removed from the interface resources. The remaining resources, such
as IP addresses, become unavailable both to applications and to the external network.
If the resources end up on the same interface where they started, which might happen if the failed
interface comes back up quickly, it is still a failover operation and resources normally not preserved
across a CLIM-to-CLIM failover are lost.
After a failover failure, the host continues to try to migrate the remaining resources alternately to
the home or failover interfaces until it either succeeds or an SCF STOP or ABORT CLIM command
for the home CLIM is issued. When either the home or failover interface comes back up, the
resources migrate to that interface and become available again automatically.
CLIM Startup Behavior
If a CLIM crashes, it can lead to a failover, where all its interfaces are migrated to the failover
CLIM(s). If the failed CLIM subsequently boots up and brings all its interfaces to the UP state along
with the respective IP addresses, it could lead to a duplicate IP address conflict.
To avoid such scenarios, the CLIM boots in this manner:
•
All the Data LAN interfaces are disabled (DOWN state) on startup. However, all interfaces
are initiated (drivers for such Ethernet cards loaded) and the bonding configuration is done.
•
No IP addresses are assigned on any of the Data LAN interfaces. No tunnel configurations
are enabled/started.
•
Only the Maintenance interfaces and maintenance Provider interfaces are enabled (UP state)
and have their IP addresses assigned.
•
When an SCF START CLIM command is given on the host and the CLIM object goes to the
STARTED state, the host starts the home interface resources on the new CLIM if they do not
already exist on other CLIMs.
Interface Resource Migration
This section gives more details about how interface resources are treated during CLIM-to-CLIM
failover.
MAC Addresses
MAC addresses are associated with hardware and are not migrated. IPv6 addresses derived from
the home interface’s MAC address are migrated.
Sockets
How socket failover is performed depends on the socket state.
•
No migration needed. Sockets not yet bound, bound to INADDR_ANY, or bound to a loopback
or multicast address and have not done a TCP or SCTP connect might be used to listen for
incoming connections or packets on addresses that exist in all the CLIMs of a Provider, so they
are replicated in all the CLIMs. Since the socket exists in all the CLIMs of the Provider, the one
in the failing CLIM can be allowed to go away without migration since copies exist in the
other CLIMs.
•
Socket migrated. When a socket binds to a local address other than INADDR_ANY or a
loopback address, the copies in the CLIMs other than the one containing the local address
are removed, so the socket exists in only one CLIM. On failover, a new socket bound to the
The CIP Subsystem for Internet Protocols (IP CIP)
45
same IP address is re-created in the failover CLIM. Any state-changing operations done on
the socket since the bind (such as listen or setsockopt) are repeated in the failover CLIM.
•
Socket lost. When a socket has a TCP or SCTP connection, it is also removed on all but one
CLIM if this was not already been done by a previous bind. Sockets associated with TCP and
SCTP connections do not survive a failure. Each such socket is marked to return an error to
the NonStop application on its next or current socket call.
For TCP sockets, the failover CLIM attempts to reset the connection. This reset is not issued for
SCTP sockets.
A UDP connect by itself does not affect failover handling. UDP sockets always fall into the No
migration needed or the Socket migrated categories. For UDP sockets that have joined
a multicast group, the IP multicast addresses are moved to the failover CLIM. During migration of
UDP sockets, a transient loss of data may occur.
IP Addresses
All IP addresses associated with an interface are migrated during failover. Before an address can
be added to the failover CLIM, it must be removed from the home CLIM. When the failover addresses
are all removed from the network, the failover CLIM adds them to the failover interface and tells
the host to update its interface tables.
IPv4 Addresses
Static IPv4 addresses are part of the configuration files copied to the failover CLIM from the home
CLIM and are migrated by adding them to the destination interface.
Duplicate IP address checking is not done for IPv4 addresses. The failover and home interfaces
are tried alternately until one succeeds or the CLIM object is stopped. If it has not completed after
a certain time, the failover operation is declared a failure and all sockets are marked to return an
error on the current or next socket call.
IPv6 Addresses
Static IPv6 addresses are also part of the configuration files copied to the failover CLIM from the
home CLIM and are migrated by adding the failover addresses to the destination interface. The
link-local IPv6 address is derived from the MAC address of the home interface and is migrated by
adding it to the destination interface.
Auto configured IPv6 addresses are derived from the MAC address of the home interface and
prefixes advertised by routers in the external network. Since both interfaces of a failover pair must
be in the same broadcast domain, it is assumed they have the same prefixes. They are added to
the destination interface by using the prefixes in the auto-configured addresses of the home resources
for the destination interface. As the prefixes change or expire, the same changes are made to the
failed over auto-configuration addresses.
IPv6 automatically performs duplicate IP address checking. Duplicate addresses remain assigned
to the interface, but marked as tentative. If an address is still marked tentative after a certain time,
all the addresses are removed and the alternate interface is tried until one succeeds or the CLIM
object is stopped.
Multicast Addresses
IPv4 and IPv6 multicast addresses are added by applications when they join multicast groups by
means of the setsockopt() call. The NonStop host system code saves these addresses along with
their associated interfaces as it passes them to the CLIM. If the interface requires failover, the same
multicast groups are joined on the failover interface. Duplicate-address checking is not needed.
A solicited-node multicast address exists for each unicast address and is failed over with the unicast
address.
46
Overview
Routes
Static routes configured for an interface are migrated during failover. They are copied to the failover
CLIM from the home CLIM as part of the interface configuration and are added when the failover
logical interface is started.
Dynamic routes were created as the result of information received from routers in the external
network and are not failed over. The failover CLIM has or obtains similar information when it starts
taking over the workload of the failed interface.
TCP and SCTP Connections
TCP and SCTP connections are not migrated during CLIM-to-CLIM failover. An ECONNRESET error
is returned to the local application instead. For TCP connections, the failover CLIM attempts to reset
the connections that were using the failed interface so the remote application can be quickly
informed that the connection is gone. SCTP connections are not reset.
Clients are expected to handle error recovery by attempting to re-establish connections on a new
socket.
IPv6-over-IPv4 Tunnels
Static IPv6-over-IPv4 tunnel interfaces configured with a local address are migrated during failover
of that address. Their configuration is copied to the failover CLIM from the home CLIM as part of
the interface configuration and the interface is added when other failover resources are added.
IPSec Configuration
IPSec parameters are not migrated during failover. It is expected that the IPSec configuration on
the home and failover CLIMs is identical for addresses that can fail over between them. IPSec SAs
that were negotiated between the CLIM containing the failed interface and the remote endpoint
cannot be failed over. They must be renegotiated with the failover CLIM. The remote endpoint sees
an unexpected request for renegotiation, which it must allow.
Failover Configuration
Failover is configured on the CLIMs using the climconfig tool. See “Climconfig (Man Pages)”
(page 301) for command syntax.
CLIM Interface Configuration
Interfaces are configured on their home CLIM using the climconfig tool. Loopback, physical, and
IPv6-over-IPv4 tunnel interfaces can be configured. Intra-CLIM failover is configured by creating a
bonded interface and adding slave interfaces to it. Logical interfaces cannot be configured. Static
routes and ARP entries can be associated with interfaces.
The interface configurations are kept in standard CLIM files on the home CLIM and are copied to
a mirror file sub-tree on their failover CLIMs. Subsequent configuration changes trigger a copy of
the configuration again.
Failover Configuration
A non-slave physical or bonded interface can have a failover interface name associated with it. If
it does not, its interface resources do not fail over if the interface fails, loses link pulse, or the CLIM
fails. If it does, the failover interface name specifies the CLIM and interface to use for failover. The
failover CLIM must be different from the one on which the interface is configured; the failover
interface must be a non-slave physical or bonded interface on the failover CLIM. If an interface
and its failover interface both use failover, they must be configured to use each other. Even if an
interface is not configured for failover, that interface can be used as a failover interface by only
one other interface. The interfaces configured on a CLIM can specify failover interfaces on differing
CLIMs.
Both IPv4 and IPv6 addresses, if configured, are failed over. IPv4 resources include IPv4 addresses,
sockets, and routes. IPv6 resources are IPv6 addresses, sockets, routes, and tunnels.
The CIP Subsystem for Internet Protocols (IP CIP)
47
IPv6-over-IPv4 tunnel interfaces are not directly configured for failover; rather, they follow the
interface containing their configured local address. The interface name configured on the home
CLIM is used on the failover CLIM; therefore, tunnel interface names must not be the same on the
home and failover CLIMs.
Interface Status Control
The CLIMCMD utilities ifstart and ifstop are provided to bring interfaces up and down, respectively.
They coordinate with the CLIM software and host to start and stop the proper interface resources.
Failover is suppressed when an interface is brought down using ifstop.
The INTFALL option of the SCF ABORT CLIM command brings down all home interfaces on the
specified CLIM even if they have failed over to other CLIMs. Otherwise, failed-over interfaces are
not affected by ABORT CLIM. The INTFALL option can be used on CLIMs that have already been
aborted to bring down just the failed-over interfaces.
IPSec Configuration
IPSec is configured on the CLIM using the climconfig command tool (see “Climconfig (Man Pages)”
(page 301)). The IPSec configuration is not failed over and must be identical on the home and
failover CLIMs for addresses that can fail over between them.
Configuration Changes
When a configuration change is made using the climconfig command tool that affects failover,
such as changing interfaces, IP addresses, routes, or failover-interface names, the failover
configuration becomes invalid and failover does not occur until:
•
The failover configuration is propagated to all CLIMs containing failover interfaces. This is
done automatically as long as the failover CLIMs are available on the dedicated service LAN.
•
The home CLIM object is in the STARTED state, at least briefly, so the host can retrieve
information about the configuration change.
When an interface has failed over, changes made to its configuration do not take effect until the
interface is restored to its home interface.
Invalid Failover Configuration
Some invalid failover configurations cannot be detected until the affected CLIM objects become
STARTED. These invalid configurations include:
•
Failover interface does not exist or is not allowed, such as a slave or tunnel interface
•
Home and failover interfaces do not form a pair
•
A configuration change has been made and the CLIM has not copied the new configuration
files to the failover CLIM
•
A configuration change has been made and the home CLIM object never became STARTED
•
A CLIM interface is specified that is configured on the system, but is not under the same
Provider.
When an invalid failover configuration is detected, an EMS message is issued and failover does
not occur either manually or automatically. When the condition is repaired, another EMS message
indicates that failover is now possible.
Internet Protocol Security (IPSec)
For background information about IPSec, see the NonStop Networking Overview Manual.
The CLIM has IPSec functionality enabled by default. The climconfig command tool allows
configuration of the IPSec security policies, security associations and dynamic internet key exchange
(IKE) functionality using racoon.
48
Overview
IPSec security associations (SAs) can either be configured to be manually added to the security
association database (SAD), with fixed predetermined secret keys, or can be configured to be
automatically negotiated with the remote node.
Since manually added SAs pose a security risk over a period of time, HP discourages this practice,
and recommends configuration of automatically negotiated SAs instead.
CLIM runs a daemon process called racoon, which establishes automatically keyed IPSec security
associations and supports authentication using pre-shared keys or X.509 security certificates.
Whenever an application sends network data, the CLIM kernel checks whether there are security
policies in the security policy database (SPD) matching with the source and destination IP addresses.
If a security policy is found, and there is no security association corresponding to this security
policy, the kernel triggers the racoon daemon to establish the security association.
To accomplish this, racoon queries "remote" and automatic SA objects configured by climconfig
to determine the parameters for the Internet Key Exchange (IKE).
The climconfig remote objects tell racoon how to authenticate the remote peer and what parameters
to use for the security assocations for IKE phase 1. The climconfig automatic SA objects tell racoon
the SAs that need to be established with IKE phase 2, and added to the SAD for further
communication over the IPSec connection.
The application data is then transferred over the newly created IPSec connection.
IPSec Related Files
This section details the set of configuration files related to IPSec (setkey and racoon).
If the automatic SA establishment is preferred, either the mechanism of configuring the pre-shared
secret key or providing X.509 security certificates can be used for Internet key exchange (IKE).
IPSec Configuration Files
Files containing configuration details reside on the CLIM. The IPSec configuration commands are
used to edit the contents of these files. The IPSec configuration files are:
CAUTION: The IPSec configuration files must not be edited directly. Use the climconfig commands
to change them.
NOTE: For CLIMs with MULTIPROV ON, a separate copy of each one of the files listed here is
maintained for each provider.
File
Description
In CIP, Modify by using the...
psk.txt
Pre-shared secret key for
racoon IKE phase 1
“climconfig.psk Description”
(page 349)
/etc/racoon/certs/security-certificates
Security certificates to be used
instead of pre-shared key for
the key exchanges during the
racoon phase-1 IKE
establishment
These are generated by the
use of tools which generate a
certificate signing request.
See “Security Certificates –
Public and Private Key
Certificates” (page 50) and
“Installing X.509 Certificates”
(page 104)
racoon.conf
Racoon configuration,
containing configured
"remote" and "automatic SA"
configurations to direct
racoon on the parameters for
IKE negotiations.
“climconfig.remote
Description” (page 343) and
“climconfig.sa Description”
(page 354)“climconfig.sa
Description” (page 362)and
climconfig.remote(1)
The CIP Subsystem for Internet Protocols (IP CIP)
49
File
Description
In CIP, Modify by using the...
ipsec-tools.conf
IPSec Security Policies (SPs)
and manually configured
Security Associations (manual
SAs).
“climconfig.sp Description”
(page 364) and
“climconfig.sa Description"
(page 354)“climconfig.sa
Description” (page 362)and
“climconfig.sp Description”
(page 372)
psk.txt– pre-shared secret key for racoon IKE phase 1
The pre-shared secret keys are contained in the file psk.txt. This file consists of the IP addresses
or fully qualified domain names (FQDNs) of the remote machines with the corresponding secret
key.
A sample psk.txt file is:
# IPv4/IPv6 Adresses
192.168.2.100 simple psk
5.0.0.1
0xe10bd52b0529b54aac97db63462850f3
# USER_FQDN
[email protected] This is a psk for an email address
# FQDN
The secret key is a hexadecimal number or text. Any text or any hexadecimal number can be
specified as the pre-shared key.
Security Certificates – Public and Private Key Certificates
Instead of the pre-shared key mechanism, you can also use security certificates for the key exchanges
during the racoon phase-1 IKE (Internet key exchange) establishment. The security certificates are
X.509 generated public and private keys. These files are placed under the directory
/etc/racoon/certs/. These security files are generated by the use of tools which generate a
certificate signing request and are certified by the root certificate authorities like Verisign or Thawte
with the use of these tools. The generation of the certificates is not done by the IPSec configuration
tools. For procedures for using CIP IPSec, see “Using IPSec” (page 107).
Commands for Controlling Virtual Private Networks
The set of commands that allow you to activate and deactivate VPN connections are:
vpn
start
status
stop
sp
sa
X
X
X
X
See “Climconfig (Man Pages)” (page 301) for the command syntax and options for these commands.
Name Resolution
Name resolution for NonStop host system applications is processed by the NonStop operating
system socket library either by using the HOSTS and IPNODES files or by using the Domain Name
System (DNS). You configure the Guardian environment to use the HOSTS file (which invokes
IPNODES, if necessary) by specifying a DEFINE for =TCPIP^HOST^FILE.
When the DEFINE for =TCPIP^HOST^FILE is not set, the NonStop host system uses DNS. The
name server accessed is defined in the $SYSTEM.ZTCPIP.RESCONF file.
50
Overview
The Open System Services (OSS) environment inherits these Guardian-environment defines and
also uses the RESCONF files.
For information about using the resolver in applications, see the TCP/IP Programming Manual or
the Open System Services Library Calls Reference Manual for OSS socket-library applications. For
information about the use of defines and name-resolution files in the OSS environment, see the
Open System Services Management and Operations Guide.
SNMP Support
SNMP support is provided on the NonStop system with CIP, similar to the SNMP support on
NonStop systems without CIP, with a few exceptions mentioned below. Using SNMP on the NonStop
host system, you can integrate your SNMP-based management application to manage and monitor
the NonStop system. In addition, SNMP support is provided on the CLIMs, but only within the
dedicated service LAN. This support is used by HP management applications, such as OSM, to
monitor the CLIMs.
SNMP on the NonStop Host System
The NonStop SNMP support in CIP is similar to SNMP support in the NonStop TCP/IP and TCP/IPv6
environments. For the CIP subsystem, the SNMP agent, EMS Trap Subagent, NonStop NET/MASTER
Trap subagent, Host Resources subagent and TRAP Multiplexer subagent and Manager are
supported. However, the TCP/IP subagent (TCPIPSA) and Ethernet subagent (ETHSA) are not
supported for CIP subsystem. For configuring the supported SNMP components on NonStop refer
to SNMP Configuration and Management Manual.
CLIM SNMP Support
SNMPv1 support is provided on the CLIM, but only on the dedicated service LAN. It provides an
extensible agent for responding to SNMP queries for management information. CIP supports
configuring the SNMP agent (snmpd) on the CLIM using the climconfig interface. The SNMP agent
supports many existing networking, storage, and server MIBs that are qualified for Debian TE.
These are used by the NonStop management applications, such as OSM, to monitor the CLIMs.
NOTE: SNMP trapdests must be configured on each CLIM for it to be able to send the SNMP
traps to the NonStop host.
When the eth0 is configured/modified by the user using config ip -add eth0 ip-address
or climconfig interface -modify eth0 ip-address, the climconfig tool updates the
/etc/defaults/snmpd configuration file with the new listening address as the dedicated service
LAN IP.
The SNMP agent on the CLIM has public as trap community string. Public is the default
community string to be used when sending traps. The SNMP agent on the CLIM has public for
read-only and read-write as community names. These are the read-only and read-write communities
that are used to access the agent.
CLIM SNMP Agents
CLIM SNMP agents monitor CLIM hardware presence and status and environmental status. CLIM
SNMP agents also monitor attached SAS enclosures hardware presence and status and
environmental status.
The OSM server issues SNMP calls to obtain the information and status. The OSM server also
creates an SNMPTMUX process to listen to traps generated by CLIM SNMP agents.
IP CLIM
The IP CLIM provides the physical interface to the network and performs the IP protocol processing.
It can be configured with either five copper or three copper and two fiber Ethernet interfaces for
The CIP Subsystem for Internet Protocols (IP CIP)
51
customer data. (However, the Telco CLIM only supports copper Ethernet interfaces.) Another, built-in
Ethernet interface can also be used for customer data.
See the system planning guide for your system for more information about where the CLIM fits into
your NonStop system. For carrier grade CLIMs, contact your service provider for more information.
NOTE: The CLIM is intended only for the NonStop host system I/O functionality described in this
manual. HP does not support any other use of the CLIM. Any other use of the CLIM, including
installation of any unauthorized software, voids the warranty. In particular, do not attempt to install
customer code or any customer-originated Linux utilities within the CLIM.
The physical Ethernet interfaces on the CLIM include two built-in Ethernet interfaces and four
additional ones in one or two expansion PICs. The interfaces are named by the CLIM kernel from
top to bottom as shown in Figure 8: DL385 G2 or G5 IP CLIM Interfaces, Five Copper Interfaces
(page 52) or Figure 9: DL380 G6 IP CLIM, Five Copper Interfaces (page 52), depending on the
CLIM's model.
NOTE: In this manual, for IP CLIM and IP CIP, “interface” refers to the Ethernet port in the network
interface card (NIC). The term “port” refers to the UDP or TCP number present in the header of a
data packet and used to map data to a particular process running on a computer.
Figure 8 DL385 G2 or G5 IP CLIM Interfaces, Five Copper Interfaces
1
2
3
4
5
6
7
8
9
10
Slot 1. Customer-usable interfaces: 4 copper Ethernet interfaces, eth2 to eth5, numbered
from top to bottom
Slot 2 (empty)
Slot 3: two pair of ServerNet PICs
Slot 4 (empty)
Slot 5: SAS HBA for the internal disk
Two pair of ServerNet ports, from left to right: A — YX, B — YX
SAS HBA
eth1 customer-usable interface
Maintenance LAN interface. Eth0 and eth0:0 interface
ILO
Figure 9 DL380 G6 IP CLIM, Five Copper Interfaces
52
Overview
1
2
Slot 1: ServerNet PCIe card
Slot 2: 2-port network interface card, from left to right:
2A: eth 4
3
4
5
6
7
8
9
10
11
12
2B: eth 5
Slot 3 (empty)
Slot 4 (empty)
Slot 5 (empty)
Slot 6 (empty)
Four ServerNet ports, from left to right: XB, YB, XA, YA
LAN 4: eth 3 customer-usable interface
LAN 3: eth 2 customer-usable interface
ILO: Maintenance LAN interface
LAN 2: eth 1 customer-usable interface
LAN 1: Maintenance LAN interface. Eth0 and eth0:0 interface
An IP CLIM can also be configured with three copper ports and two Fibre Channel interfaces. Slots
2 and 4 can each contain one HP NC373F PCI Express Multifunction Gigabit Server Adapter. In
that case, the Fibre Channel interfaces are in slots 2 and 4 as show in Figure 10: DL385 G2 or
G5 IP CLIM Interfaces, Three Copper, Two Fiber Channel Interfaces (page 53) or Figure 11: DL380
G6 IP CLIM Three Copper, Two Fiber Interfaces (page 53), depending on the CLIM's model.
Figure 10 DL385 G2 or G5 IP CLIM Interfaces, Three Copper, Two Fiber Channel Interfaces
1
2
3
4
5
6
7
8
9
Slot 1: Customer-usable interface: 2 copper Ethernet interfaces, eth2 and eth3, numbered
from top to bottom
Slot 2: eth5 fibre channel customer-usable interface
Slot 3: two pair of ServerNet PICs
Slot 4: eth4 customer-usable interface
Slot 5: SAS HBA for the internal disk
Two pair of ServerNet ports, from left to right: A — YX, B — YX
eth1 customer-usable interface
Maintenance LAN interface. Eth0 and eth0:0 interface
ILO
Figure 11 DL380 G6 IP CLIM Three Copper, Two Fiber Interfaces
The CIP Subsystem for Internet Protocols (IP CIP)
53
2
Slot 1: ServerNet PCIe card
Slot 2: One port network interface card:
3
2A: eth 4: customer-usable optical interface
Slot 3: One port network interface card:
1
3A: eth 5: customer-usable optical interface
Slot 4 (empty)
Slot 5 (empty)
Slot 6 (empty)
Four ServerNet ports, from left to right: XB, YB, XA, YA
LAN 4: eth 3 customer-usable interface
LAN 3: eth 2 customer-usable interface
ILO: Maintenance LAN interface
LAN 2: eth 1 customer-usable interface
LAN 1: Maintenance LAN interface. Eth0 and eth0:0 interface
4
5
6
7
8
9
10
11
12
Gen8 IP and Telco CLIMs can be configured with five copper interfaces or three copper interfaces
and two Fibre Channel interfaces. In Figure 12: DL380p Gen8 IP CLIM 1 Interfaces — Five Copper
Ethernet Interfaces (page 54), slot 2 contains an Ethernet 4 and an Ethernet 5 port, from left to
right, whereas in Figure 13: DL380p Gen8 IP CLIM and Telco CLIM Interfaces, Option 2 Three
Copper, Two Optical Interfaces (page 55), slot 2 contains an Ethernet 5 and an Ethernet 4 port,
from left to right.
Figure 12 DL380p Gen8 IP CLIM 1 Interfaces — Five Copper Ethernet Interfaces
1
2
3
4
5
6
7
8
9
54
Slot 1: ServerNet PCIe card
Four ServerNet ports, from left to right: AY, AX, BY, BX
Slot 2: 2-port network interface card, from left to right: eth5, eth4
Slot 3 (empty)
Slots 4, 5, 6 (empty)
LAN 4: eth 3 customer-usable interface
LAN 3: eth 2 customer-usable interface
LAN 2: eth 1 customer-usable interface
LAN 1: Maintenance LAN interface. Eth0 and eth0:0 interface
ILO: Maintenance LAN interface
Overview
Figure 13 DL380p Gen8 IP CLIM and Telco CLIM Interfaces, Option 2 Three Copper, Two Optical
Interfaces
1
2
3
4
5
6
7
8
9
10
11
Slot 1: ServerNet PCIe card
Slot 2 from left to right: Ethernet 5 and Ethernet 4 ports
Slot 3: (empty)
Ethernet 5 port
Ethernet 4 port
Four ServerNet ports, from left to right: AY, AX, BY, BX
ILO: Maintenance LAN interface
LAN 1: Maintenance LAN interface. Eth0 and eth0:0 interface
LAN 2: eth 1 customer-usable interface
LAN 3: eth 2 customer-usable interface
LAN 4: eth 3 customer-usable interface
For information about the carrier-grade system version of the IP and Telco CLIMs, contact your
support provider.
NOTE:
The fiber Ethernet interface option is not available for the Telco CLIM.
CIP iptables/ip6tables Support (climiptables)
For CLIMs with MULTIPROV ON, each provider has its own iptables/ip6tables configuration, which
can be independently manipulated and disabled or enabled.
The CIP implementation of iptables/ip6tables only supports the INPUT chain of the ‘filter’ table. In
addition, CIP does not directly support invoking the Linux iptables/ip6tables through CLIMCMD.
Rather, CIP wraps these commands with similar iptables/ip6tables commands in climconfig. These
wrappers allow the CIP software to preserve similar iptables syntax while allowing CIP software
to:
1. Use iptables/ip6tables internally. CIP software filters out iptables/ip6tables commands that
are in conflict with CIP internal rules. The CIP rules are used during failover and to control the
dedicated service LAN IP traffic.
2. Provide automatic configuration persistence. The CIP software persists the iptables/ip6tables
configuration across CLIM boots and HP CLIM software restarts.
3. Provide configuration backup and restore. CIP software has a provision for allowing customers
to backup and restore the configuration of a CLIM, including the iptables/ip6tables
configuration.
4. Ensure that the exposed iptables/ip6tables functionality is conforming to the ways the CLIM
is used in the CIP environment. This involves removing the support for some functionality,
mostly related to router functionality which is not supported by the CLIM.
CIP iptables/ip6tables depends on Linux iptables/ip6tables. Functionality changes in subsequent
versions of Linux iptables/ip6tables may affect the functionality of CIP iptables/ip6tables.
The CIP Subsystem for Internet Protocols (IP CIP)
55
The following assumptions relate to CIP iptables/ip6tables support:
•
You must not execute the Linux native iptables/ip6tables commands directly.
•
You should not edit any configuration files on the CLIM.
•
You should invoke the climconfig commands provided for iptables/ip6tables support on the
CLIM, either through CLIMCMD or Nonstop I/O Essentials to configure and control
iptables/ip6tables.
•
Automatic failover of iptables/ip6tables rules is not supported. Similar to IPSec rules, you
have to pre-configure the failover CLIM’s iptables/ip6tables rules in anticipation of a failover.
You can compare the configuration of the home CLIM and failover CLIM by comparing the
–obeyform output of climiptables from each CLIM and ensuring any iptables/ip6tables rules
on the home CLIM exist on the failover CLIM in anticipation of a failover.
The only Linux built-in chain that is supported is the INPUT chain of the ‘filter’ tables. However, you
cannot manage it directly. Instead, use the CIP built-in chain CIP_INPUT as a target for commands
that are intended for the Linux INPUT chain.
The climiptables facility is disabled by default. Before using the facility it must be enabled using
“climconfig climiptables –enable”.
The climiptables are initialized during CLIM start up. At that time, the CIP built-in chains CIP_INPUT
and CIP_INPUT_p are created and the iptables and ip6tables configurations are set in place.
The CIP_INPUT_p chain is used internally for simulating policy setting on the CIP_INPUT chain and
should not be modified directly by the users.
IB CLIM
The IB CLIM is a DL380 G6 server which is used in some of the NonStop BladeSystem configurations
to provide InfiniBand connectivity through dual-port Host Channel Adapter (HCA) InfiniBand
interfaces. The HCA IB interface on the IB CLIM connects to a customer-provided IB switch using
a customer-supplied cable as a part of the Low Latency Solution.
NOTE: IB CLIMs are only used as a Low Latency Solution. They do not provide general purpose
InfiniBand connectivity for the NonStop systems.
The Low Latency Solution architecture provides a high speed and low latency messaging system
for stock exchange trading from the incoming trade server to the NonStop system. The solution
utilizes the third-party Informatica Ultra Messaging Streaming software for messaging and order
sequencing. For information about obtaining the UMS software, contact your service provider.
The Low Latency Solution also requires a customer-supplied IB switch and Subnet Manager software
either installed on the IB switch or running on another server.
Figure 14 DL 380 G6 IB CLIM 2 InfiniBand Interfaces, Three Copper Ethernet Ports
56
Overview
1
2
3
4
5
6
7
8
9
10
11
Slot 1: ServerNet PCIe card
Four ServerNet ports, from left to right: XB, YB, XA, YA
Slot 2 (empty)
Slot 3 (empty)
Slot 4: Two InfiniBand ports, from left to right: ib1, ib0
Slot 5 (empty)
Slot 6 (empty)
LAN 4: eth3 customer-usable interface
LAN 3: eth2 customer-usable interface
ILO: Maintenance LAN interface
LAN 2: eth1 customer-usable interface
LAN 1: Maintenance LAN interface. Eth0 and eth0:0 interface
NOTE: The Informatica software which is part of the Low Latency Solution uses only one InfiniBand
interface on the IB CLIM. HP recommends connecting to the ib0 InfiniBand interface for ease of
manageability.
The CIP Subsystem for Storage I/O (Storage CIP) and the Storage
Subsystem
To find out of your system supports Storage CLIMs, see the planning guide for your system or the
NonStop Networking Overview.
Storage CIP provides the NonStop host system storage subsystem an industry-standard server (the
CLIM). User applications, SQL, and DP2, can access Storage CLIMs without any changes.
Storage CIP uses mostly the same CLIM hardware as IP CIP with some additional storage specific
hardware such as storage-controller adapters and disk storage.
Storage CIP interfaces with the NonStop host system storage subsystem with these restrictions:
NOTE: For the remainder of this manual, Storage CIP refers to the Storage CIP subsystem ($ZZCIP)
and storage subsystem refers to the NonStop host system storage subsystem ($ZZSTO).
•
Storage CIP requires a CLIM object to be configured within the CIP subsystem before a CLIM
can be accessed by the storage subsystem. The storage subsystem cannot use a CLIM object
that is configured for IP. A CLIM object that is in use by the storage subsystem cannot be
removed from the CIP subsystem.
•
Some management and status information provided by the CIP subsystem is essential for
management of CLIMs by OSM and I/O Essentials. The CLIM object must be in the STARTED
state within the CIP subsystem in order for the CIP subsystem to provide some of this information
(mostly through the STATUS CLIM command).
•
CLIM hardware event reporting is provided using a common mechanism for both IP and
Storage CIP. Syslog and evlog events generated in the CLIM are sent to EMS and I/O
Essentials. The CLIM object must be in the STARTED state within the CIP subsystem for this
event reporting functionality to work.
The CIP subsystem allows you to configure and monitor the CLIM as a storage I/O device. To
configure storage features, such as disk paths, use the SCF interface for the storage subsystem.
See the SCF Reference Manual for the Storage Subsystem. Storage CIP commands include:
•
Adding a CLIM
•
Deleting a CLIM
•
Monitoring events from a CLIM
•
Obtaining information and various statistics about the CLIM
The CIP Subsystem for Storage I/O (Storage CIP) and the Storage Subsystem
57
Storage CLIM
For storage I/O, the CLIM supports Serial Attached SCSI (SAS) and fibre channel connections.
In addition to the features of the basic CLIM, the Storage CLIM can be configured with:
•
Host Bus Adapters (HBAs) that contain a serial attached SCSI (SAS) interface
•
HBAs that contain fibre channel ports
Figure 15: DL385 G2 or G5 Storage CLIM Interfaces (page 58) shows interfaces for the DL385
G2 or G5 Storage CLIM. Figure 16: DL380 G6 Storage CLIM Interfaces (page 58) shows interfaces
for the DL380 G6 CLIM.
Figure 15 DL385 G2 or G5 Storage CLIM Interfaces
1
2
3
4
5
6
7
8
9
Slot 1, Fibre Channel HBA, port 1 and port 2, numbered from top to bottom
Slot 2 — empty
Slot 3 — two pairs of ServerNet PICs
Slot 4 — SAS HBA
Slot 5 — SAS HBA that connects to the SAS disk enclosure and the internal drive
Two pair of ServerNet ports, from left to right: A — YX, B — YX
Slots 4 and 5 — SAS HBA
Maintenance LAN interface. Eth0 and eth0:0 interface
ILO
Additional SAS or FC HBA will be in slots 1 and 2.
Figure 16 DL380 G6 Storage CLIM Interfaces
1
2
Slot 1: ServerNet PCIe card
Slot 2: 2-port SAS HBA:
2A: SAS port 1E
3
4
5
58
Overview
2B: SAS port 2E
Slot 3 (empty)
Slot 4 (empty)
Slot 5 (empty)
6
7
8
9
10
11
12
Slot 6 (empty)
Four ServerNet ports, from left to right: XB, YB, XA, YA
LAN 4: no connect
LAN 3: no connect
ILO: Maintenance LAN interface.
LAN 2: no connect
LAN 1: Maintenance LAN interface. Eth0 and eth0:0 interface
Additional SAS or FC HBA can be added to slots in these combinations:
Configuration
Slot 2
Slot 3
Slot 4
One SAS HBA (default)
SAS
Two SAS HBA
SAS
SAS
One SAS HBA , one FC HBA
SAS
FC
One SAS HBA, two FC HBA
SAS
FC
FC
Two SAS HBA, one FC HBA
SAS
SAS
FC
Figure 17 DL380p Gen8 Storage CLIM Interfaces
1
2
3
4
5
6
7
8
Slot 1: ServerNet PCIe card
Slot 2: 2–port SAS HBA
Slot 3: (empty)
SAS port
SAS port
Four ServerNet ports, from left to right: AY, AX, BY, BX
ILO: Maintenance LAN interface
LAN 1: Maintenance LAN interface. Eth0 and eth0:0 interface
See your system planning guide for more information about the Storage CLIM. For information
about the carrier-grade system version of the Storage CLIM, contact your support provider.
Subsystem ID and Product Numbers
The CIP subsystem ID on the NonStop host system is ZCIP (number 259). CIP includes the following
software components on the NonStop host system and CLIM:
Component
Product Number
Manager process
T0690
CIP CLIM software
T0691
CIP Linux OS
T0692
Subsystem ID and Product Numbers
59
Component
Product Number
Socket access method
T0693
Monitor processes, Library
T0694
Subsystem Control Facility (SCF) product module
T0695
Trace facility
T0696
kIT-API software
T0715
comForte SSH
T0801
Storage CIP software
T0830
CLIMCMD
T0834
CLIM DVD installation software
T0853
CLIM DVD source
T0891
For descriptions of the manager, monitor, and socket access method processes, as well as the
trace facility and SCF, see Chapter 10 (page 216).
The CLIM software is pre-installed on new CLIMs.
Capacity and Resource Use
CIP has the following capacity:
Max number of CLIMs in a system
24 IP CLIMs, 22 Storage CLIMs
User Ethernet interfaces (IP CIP)
DL385 G2 or G5 CLIMs: Five; one embedded gigabit
Ethernet and four on NICs
DL380 G6 CLIMs: Five; 3 embedded ports and 2 on NICs
Serial attached SCSI (SAS) Host bus adapters (HBAs) and Two SAS ports. Can support a maximum of 4 SAS ports.
fiber channel (FC) HBAs (Storage CIP)
Can support a maximum of 4 FC ports.
Max number of sockets on a NonStop host system
processor (IP CIP)
128K (131,072)
Max number of sockets on a CLIM (IP CIP)
64K (65,536)
Max number of LUNs for each CLIM, including SAS disks, 512. Each primary, backup, mirror and mirror backup
ESS and tapes:
path is counted in this maximum.
Restrictions
These restrictions apply to the CLIM:
•
The eth0 interface and the eth0:0 interface, if configured, are restricted to dedicated service
LAN use and do not accept data traffic. For data traffic, use the eth1, eth2, eth3, eth4, and
eth5 interfaces.
•
You must use IPv4 for the dedicated service LAN IP addresses for the CLIM.
•
NOTE: Effective with J06.14/H06.25 and later RVUs, the following restriction has been
removed.
For CLIMs on RVUs prior to J06.14/H06.25, the default subnet of the dedicated service LAN
is 192.168.*.*/16; therefore, the data interfaces eth1 - eth5 and bond0 - bond1 cannot
have IP addresses in the 192.168.*.*/16 range. In addition, eth1 - eth5 cannot communicate
with hosts having an address in the 192.168.*.*/16 range when the address is already
assigned to the dedicated service LAN.
60
Overview
Example of eth1 - eth5 or bond0 - bond1 Address Restriction
When eth1 has an address in the 192.168.*.*/16 range, the dedicated LAN must not have
an address in the 192.168.*.*/16 range.
Example of Destination Restriction via Gateway
When eth1 has an address of 10.10.10.10/16 and tries to communicate with a remote host
which has an address in the 192.168.*.*/16 range, the dedicated LAN must not have an
address in the 192.168.*.*/16 range.
To avoid the restriction, change the dedicated service LAN addresses or change the addresses
of the conflicting subnet to use a different private subnet. Any address is valid, but these private
addresses are recommended:
10.0.0.0
-
10.255.255.255 (10/8 prefix)
172.16.0.0
-
172.31.255.155 (172.16/12 prefix)
192.168.0.0
-
192.168.255.255 (192.168/16 prefix)
See Chapter 6 (page 174) for a complete list of compatibility and migration considerations for IP
CIP.
Capacity and Resource Use
61
2 Quick Start
The installation of the CLIM is a service procedure; therefore, some basic configuration tasks have
been performed.
•
Two CLIMs are connected to the NonStop host system.
•
Management facilities OSM and SCF are installed and configured on the NonStop host system.
•
CIP subsystem components are installed on the NonStop host system.
•
CIP subsystem components are installed and configured on the CLIM.
•
NonStop system and CLIMs are powered up.
•
CLIM interface to the dedicated service LAN is configured.
•
◦
A CLIM has been added for the dedicated service LAN.
◦
Two maintenance Providers are configured for the dedicated service LAN. (These serve
the NonStop host system and all the CLIMs.)
The CIPMAN and CIPMON processes have been configured and started.
If your service provider has not already done so, change the default passwords on your CLIMs to
secure your environment. The iLO and eth0 interfaces have passwords.
CAUTION: Best Practice: You should always back up the configuration files after changing any
configuration information. For information on how to perform a backup, see “Managing the CLIM
Configuration Preservation” (page 114).
Default Processes and Naming Conventions
The CLIM comes with the software pre-installed. To upgrade the software, see “Performing an
Online Upgrade of the CIP Subsystem on the NonStop Host” (page 133).
The CLIM and attached storage devices have the default naming conventions shown in Table 4:
CLIM and Attached Storage Device Default Naming Conventions:
Table 4 CLIM and Attached Storage Device Default Naming Conventions
Resource Type
Naming Convention
Example
Description
IP CLIM
IGroup
N1002532
IP CLIM that has an X1 attachment point of
fiber on the ServerNet switch port located
in group 100, module 2, slot 5, port 3,
and fiber 2
All CLIMs are connected to both fabrics (X
and Y). However, the names of the CLIMs
are always dependent on their X fabric
connection. For example, if a CLIM has a
name of N1002532, you can determine
this information about it:
Module
Slot
Port
fiber1
• it is an IP CLIM
• its X1 connection point is c7000
ServerNet switch fiber at group 100,
module 2, slot 5, port 3, fiber 2
• its Y1 connection point is c7000
ServerNet switch fiber at group 100,
module 3, slot 7, port 3, fiber 2
This sample CLIM is never named
N1003732, because that name
62
Quick Start
Table 4 CLIM and Attached Storage Device Default Naming Conventions (continued)
Resource Type
Naming Convention
Example
Description
corresponds to the same CLIM as
N1002532.
Storage CLIM
SGroup
S1002532
Storage CLIM that has an X1 attachment
point of fiber on the ServerNet switch port
located in group 100, module 2, slot 5,
port 3, and fiber 2
O1002532
Telco CLIM that has an X1 attachment point
of fiber on the ServerNet switch port
located in group 100, module 2, slot
B1002534
IB CLIM that has an X1 attachment point of
fiber on the ServerNet switch port at group
100, module 2, slot 5, port 3, fiber 4
Module
Slot
Port
fiber
Telco CLIM
OGroup
Module
Slot
Port
fiber
IB CLIM for a NonStop
BladeSystem
BGroup
Module
Slot
Port
fiber
SAS disk volume
$SASnumber
$SAS20
Twentieth SAS disk volume
ESS disk volume
$ESSnumber
$ESS10
Tenth ESS disk volume in the system
Tape
$TAPEnumber
$TAPE01
First tape in the system
Maintenance CIPSAM
process
$ZTCPnumber
$ZTCP0
First maintenance CIPSAM process for the
system
Maintenance Provider
$ZZCIP.ZTCPnumber
ZTCP0
First maintenance Provider for the system,
associated with CIPSAM process $ZTCP0
Maintenance CIPSAM
process
$ZTCPnumber
$ZTCP1
Second maintenance CIPSAM process for
the system
Maintenance Provider
$ZZCIP.ZTCPnumber
ZTCP1
Second maintenance Provider for the
system, associated with CIPSAM process
$ZTCP1
IPDATA CIPSAM process
$ZTCnumber
$ZTC0
First IPDATA CIPSAM process for the system
IPDATA Provider
$ZZCIP.ZTCnumber
ZTC0
First IPDATA Provider for the system
Maintenance TELSERV
process
$ZTNPnumber
$ZTNP1
Second maintenance TELSERV process for
the system, associated with CIPSAM
process $ZTCP1
Non-maintenance TELSERV
process
$ZTNnumber
$ZTN0
First non-maintenance TELSERV process for
the system, associated with CIPSAM
process $ZTC0
Maintenance LISTNER
process
$ZPRPnumber
$ZPRP1
Second maintenance LISTNER process for
the system, associated with CIPSAM
process $ZTCP1
Non-maintenance LISTNER
process
$LSNnumber or $LSnnn
$LSN0
First non-maintenance Listner process for
the system, associated with CIPSAM
process $ZTC0
TFTP process
Automatically created by
WANMGR
Default Processes and Naming Conventions
63
Table 4 CLIM and Attached Storage Device Default Naming Conventions (continued)
Resource Type
Naming Convention
WANBoot process
Automatically created by
WANMGR
SWAN adapter
Snumber
1
Example
Description
S19
Nineteenth SWAN adapter in the system
The fiber number only applies to NonStop BladeSystems.
CAUTION: Do not change the names of the $ZTCP0 and $ZTCP1 processes, as doing so could
lead to internal errors.
Change the CLIM Passwords
If your service provider has not already done so, change the passwords on the maintenance
interface and the iLO interfaces of your CLIMs.
1. Change the password on the iLO interface of a CLIM (the default user name and password
for the iLO are: Admin and hpnonstop):
1. In the OSM Service Connection, right click on the CLIM and select Actions.
2. In the next screen, in the Available Actions drop-down window, select Invoke
iLO and click Perform Action.
3.
4.
5.
6.
7.
8.
2.
64
In the iLO interface, select the Administration tab.
Select the Admin local user.
Click View/Modify.
Change the password.
Click Save User Information.
Keep track of your CLIM iLO password.
Change the password of the maintenance interface (eth0):
Quick Start
•
From the NonStop host system, enter the CLIMCMD command for password:
> CLIMCMD {clim-name | ip-address | dns} passwd
It will ask for a password twice. For example:
$SYSTEM STARTUP 3> CLIMCMD n1002531 passwd
comForte SSH client version T9999H06_11Feb2008_comForte_SSH_0078
Enter new UNIX password: hpnonstop
Retype new UNIX password: hpnonstop
passwd: password updated successfully
Termination Info: 0
3.
Change the iLO and maintenance interface passwords for each CLIM.
The user name and password for the eth0:0 maintenance provider are the standard NonStop host
system ones, for example, super.super, and so on. Follow standard procedures for setting up
NonStop host system user names and passwords.
Configure and Start CIP
1.
2.
Enter SCF.
Check the CIP processes on the NonStop system.
> STATUS PROCESS $ZZKRN.ZZCIP
NONSTOP KERNEL — Status PROCESS \BLITUG.$ZZKRN.$ZZCIP
Symbolic Name
Name
State
Sub Primary
PID
0 ,317
Backup
PID
None
Owner
ID
255,255
Sub Primary
PID
0 ,320
1 ,301
2 ,292
None
Backup
PID
None
None
None
None
Owner
ID
255,255
255,255
255,255
ZZCIP
$ZZCIP STARTED
ZZCIP
> STATUS PROCESS $ZZKRN.CIPMON
NONSTOP KERNEL — Status PROCESS \BLITUG.$ZZKRN.$CIPMON
Symbolic Name
Name
State
CIPMON
CIPMON
CIPMON
CIPMON
$ZCM00
$ZCM01
$ZCM02
$ZCM03
STARTED
STARTED
STARTED
STOPPED
NOTE: The CIPMAN, CIPMON and (for IP CIP) CIPSAM processes are pre-configured. If
you need to add these processes to the persistence manager in the Kernel subsystem, see
“Starting and Restarting CIP” (page 100).
3.
Get the information on existing CLIMs from the NonStop host system.
• Determine the names of the CLIMs:
> Info CLIM $ZZCIP.*
CIP Info CLIM
Name
N1002541
N1002551
N1002581
N1002553
Mode
IP
IP
IP,STORAGE
STORAGE
Location
(100 ,2 ,5
(100 ,2 ,5
(100 ,2 ,5
(100 ,2 ,5
,4 ,1
,5, 1
,8 ,1
,5 ,3
)
)
)
)
ConnPts
2
2
1
2
Provider
ZTC0
ZTC0
ZSAM1
--
MultiProv
ON
OFF
OFF
--
In this example, the user-defined Provider names (defined by the TPNAME attribute) for
applications to use IP CIP are ZTC0 and ZSAM1.
Configure the Eth1 Through Eth5 Interfaces (Does Not Apply to Storage
CIP)
These interfaces, for customer data communication, are configured by using the TACL climconfig
facility. The TACL prompt ‘>’ is shown at the start of each command for clarity.
Configure and Start CIP
65
NOTE: You must name physical interfaces eth1, eth2, eth3, eth4 and eth5 and bonded interfaces
bond0 or bond1.
These procedures assume you have two CLIMs, each configured with physical interfaces eth1 and
eth2 and bonded interface bond0. This example shows how to change eth1 and eth2 on one CLIM
into a bonded interface and how to configure physical interface eth5 on both CLIMs. The example
uses the CLIM IP address and the CLIM host name to show different ways of qualifying the CLIM.
NOTE: In some commands, the CLIM IP address rather than the CLIM name is used in the
CLIMCMD command to demonstrate this option.
The CLIM IP address used in this example, 16.107.170.205, belongs to the CLIM dedicated
service LAN interface, eth0 of the first CLIM. The second CLIM is identified by its name N1002531.
1.
Create the physical interface eth5 on both CLIMs:
> CLIMCMD 16.107.170.205 climconfig interface -add eth5
> CLIMCMD 16.107.170.205 climconfig ip -add eth5
-ipaddress 172.17.188.195 -netmask 255.255.255.0
> CLIMCMD N1002531 climconfig interface -add eth5
> CLIMCMD N1002531 climconfig ip -add eth5
-ipaddress 172.17.100.50 -netmask 255.255.255.0
2.
Change the physical interfaces eth1 and eth2 to bonded interface bond1 on one of the CLIMs:
> CLIMCMD 16.107.170.205 ifstop eth1
> CLIMCMD 16.107.170.205 ifstop eth2
> CLIMCMD 16.107.170.205 climconfig interface -delete eth1
> CLIMCMD 16.107.170.205 climconfig interface -delete eth2
> CLIMCMD 16.107.170.205 climconfig interface -add bond1 -jumbo on
> CLIMCMD 16.107.170.205 climconfig ip -add bond1
-ipaddress 172.17.188.195 -netmask 255.255.255.0
> CLIMCMD 16.107.170.205 climconfig slaveinterface
-configure bond1 -add eth1
> CLIMCMD 16.107.170.205 climconfig slaveinterface
-configure bond1 -add eth2
> CLIMCMD 16.107.170.205 climconfig route -add bond1
-net -target 172.17.188.0 -netmask 255.255.255.0
-gateway 172.17.188.1
NOTE:
3.
You do not need to start the interfaces. They start automatically.
Add a default static route to the bond1 interfaces on each CLIM:
> CLIMCMD N1002532 climconfig route –add bond1 -default -gateway 172.17.188.1
> CLIMCMD N1002531 climconfig route -add bond1 -default -gateway 172.17.188.1
Configure CLIM-To-CLIM Failover (Applies to IP CIP Only, Not Storage CIP)
To configure failover, the two CLIMs must belong to the same Provider. In the example in “Configure
and Start CIP” (page 65), the CLIMs are in different Providers: ZTC00 and ZTC01. The CLIMs must
be reconfigured to be in the same Provider for failover. To reconfigure the CLIM, delete one of the
CLIMs and then re-add it to the same Providers as shown in Example 1: Configure Failover for the
CLIMs.
Example 1 Configure Failover for the CLIMs
1.
Stop the CLIM that is using ZTC00 by using the SCF ABORT command:
> ABORT CLIM N1002532
2.
Collect the current configuration by entering this SCF command and recording the display:
> INFO CLIM N1002532, OBEY
3.
66
Delete the CLIM:
Quick Start
> DELETE CLIM N1002532
CIP E00015 CLIM $ZZCIP.N1002532 is associated with an existing
Maintenance Provider object.
4.
Find the associated Maintenance Provider:
> INFO CLIM N1002532, detail
CIP Detailed info CLIM \MYSYS.$ZZCIP.N1002532
Mode...........................
Configured Location............
ConnPts........................
X1 Location....................
Y1 Location....................
SvNet ID 1.....................
IP
Group 100 , Module 2 , Slot 5 , Port 3 , Fiber 2
1
Group 100 , Module 2 , Slot 5 , Port 3 , Fiber 2
Group 100 , Module 3 , Slot 7 , Port 3 , Fiber 2
192.168.37.82
Network CLIM Information:
MultiProv....................... OFF
Provider........................ ZTC00
Index........................... 0
Maintenance Providers Configured:
ZTCP1........................... 192.168.37.99
NOTE:
5.
The Fiber field is displayed only for systems that support it.
Abort the maintenance Provider:
> ABORT PROVIDER ZTCP1, forced
6.
Delete the maintenance Provider.
a. Record the current configuration:
> INFO PROVIDER ZTCP1, obey
ADD PROVIDER
$ZZCIP.ZTCP1 , &
TPNAME
$ZTCP1 , &
HOSTNAME
"osmlany" , &
HOSTID
0.0.0.0 , &
TCP-LISTEN-QUE-MIN 128 , &
TYPE
MAINTENANCE , &
CLIM
N1002532
IPADDRESS 192.168.36.11
b.
Delete the Provider:
> DELETE PROVIDER ztcP1
7.
Delete the CLIM:
> DELETE CLIM N1002532
8.
Add the CLIM using the required data Provider:
> ADD CLIM N1002532, mode ip, connpt 1, location (100,2,5,3,2), provider ztc01
9.
Add a maintenance Provider using recorded attributes:
> ADD PROVIDER ztcp1, type maint, clim n1002532,
ip 192.168.36.11, hostname "osmlany"
10. Start the CLIM:
> START CLIM n1002532
11. Start the maintenance Provider:
> START PROVIDER ztcp1
12. Check the configuration:
> INFO CLIM *
CIP Info CLIM
Name
Mode
Location
ConnPts
Provider
MultiProv
Configure CLIM-To-CLIM Failover (Applies to IP CIP Only, Not Storage CIP)
67
N1002532
N1002531
IP
IP
(100 ,2 ,5 ,3 ,2)
(100 ,2 ,5 ,3 ,1)
1
1
ZTC01
ZTC01
OFF
OFF
Configure two-way failover for the bond1 and eth4 interfaces from source N1002532 to target
N1002531:
>
>
>
>
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
N1002532
N1002532
N1002531
N1002531
climconfig
climconfig
climconfig
climconfig
failover
failover
failover
failover
–add
–add
–add
–add
bond1 -dest N1002531.bond1
eth4 -dest N1002531.eth4
bond1 -dest N1002532.bond1
eth4 -dest N1002532.eth4
Check Network Applications (Does Not Apply to Storage CIP)
Check the LISTNER and TELSERV processes.
From the SCF prompt, issue the LISTOPENS MON commands:
> LISTOPENS MON $ZZCIP.*
This command displays all the processes that are using the CIP subsystem, including the LISTNER
and TELSERV processes.
68
Quick Start
3 CIP Configuration and Management
This chapter explains the tasks involved in configuring, running, and managing the CIP subsystem
on the NonStop host system and on the CLIM. Tasks that are only relevant for IP CIP, Storage CIP
or Telco CIP are identified throughout the text. For information about the LUN manager, see
Chapter 5 (page 170). The tasks covered in this chapter are:
CAUTION: Best Practice: You should always back up the configuration files after changing any
configuration information. For information on how to perform a backup, see“Managing the
Configuration Preservation” (page 113).
Using Linux Commands and Custom CIP Commands
Table 5: Sample Safe Linux Commands provides examples of Linux commands HP considers safe
to use with the CIP subsystem. For instructions on obtaining man pages and help for Linux
commands, see “Linux Man Page Documentation and Help” (page 25).
CAUTION: The CIP subsystem includes a front-end device running the Linux operating system. It
is safe to use Linux commands for simple operations, such as copying a file, searching a string,
or collecting logs. Table 5: Sample Safe Linux Commands shows examples of Linux commands
that are safe to use. Do not use any destructive Linux command on the CLIM. Using destructive
Linux commands can cause failure of the CIP subsystem.
NOTE: This table contains a number of network-sensitive commands that need to have a provider
specified when invoked on a CLIM with MULTIPROV ON. Those commands are flagged with an
X in the second column and are also listed under prov(1p).
Table 5 Sample Safe Linux Commands
Linux Command
Specify
Provider
arp -a
X
Task Description Location
Displays the Internet-to-Ethernet address translation tables used by the address
resolution protocol. See the arp man page for more information.
cat
Concatenates files and prints on the standard output. See the cat man page
for more information.
cd
Changes current directory. Use the help cd command for more information.
date
Prints or sets the system date and time. See the date man page for more
information.
dmesg
Prints or controls the kernel ring buffer. See the dmesg man page for more
information.
ethtool
interface-name
X
Displays ethernet card settings for the given interface. See the ethtool man
page for more information.
free
Displays amount of free and used memory in the system. See the free man
page for more information.
grep
Print lines matching a pattern. See the grep man page for more information.
hplog
X
HP ProLiant Integrated Management Logging (IML) utility. See the hplog
man page for more information.
Since hplog is not a network-sensitive command and its agents execute only
in %MAINT provider, hplog must always be executed in the ‘%MAINT’
provider.
ifconfig
X
Displays status of currently active interfaces. See ifconfig man page for
more information.
Using Linux Commands and Custom CIP Commands
69
Table 5 Sample Safe Linux Commands (continued)
Linux Command
Specify
Provider
Task Description Location
ifconfig
interface-name
X
Displays status for the given interface. See the ifconfig man page for
more information.
ifconfig -a
X
Displays status of all interfaces, even those that are down. See the ifconfig
man page for more information.
(other forms of this command are not supported)
ip addr show
X
Displays all the IP addresses for each of the network interfaces. See the ip
man page for more information.
ip route show
X
Displays contents of routing tables. See the ip man page for more
information.
ip link show
X
Lists all the network interfaces. See the ip man page for more information.
(Other forms of the ip command are not supported. Use the man 8 ip
command to obtain the man page for the Linux ip command instead of the
man ipcommand.)
less
Filter for paging through text, one screen at a time. But, it allows backward
movement in the file as well as forward movement. See the less man page
for more information.
ls
Lists directory contents. See the ls man page for more information.
man
An interface to the on-line reference manuals. See the man man page for
more information.
mii-tool
Displays the negotiated link speed and link status of each ethernet interface.
Not supported. Use the ethtool command.
mkdir
Creates directory/directories, if they do not exist. See the mkdir man page
for more information.
more
Filter for paging through text one screenful at a time. See the more man
page for more information.
netstat
X
Prints network connections, routing tables, masquerade connections, interface
statistics and multicast memberships. See the netstat man page for more
information.
ping
X
Sends ICMP ECHO_REQUEST to network hosts. See the ping man page for
more information.
ping6
X
Sends ICMP6 ECHO_REQUEST to network host. See the ping6 man page
for more information.
passwd
Changes passwords for user accounts. See the passwd man page for more
information.
pwd
Prints full filename of current working directory. See the pwd man page for
more information.
rm
Removes files or directories. See the rm man page for more information.
rmdir
Removes empty directories. See the rmdir man page for more information.
tcpdump
70
X
X
Dumps traffic on a network. See the tcpdump man page for more
information.
tee
Reads from standard input and writes to standard output and files. See the
tee man page for more information.
top -b
Displays Linux tasks. See the top man page for more information.
touch
Changes file timestamps. See the touch man page for more information.
CIP Configuration and Management
Table 5 Sample Safe Linux Commands (continued)
Linux Command
Specify
Provider
traceroute
X
Prints the route that packets take to the network host. See the traceroute
man page for more information.
traceroute6
X
Traces path to a network host. See the traceroute6 man page for more
information.
Task Description Location
vmstat
Reports virtual memory statistics. See the vmstat man page for more
information.
wc
Prints newline, word, and byte counts for each file. See the wc man page
for more information.
who
Shows who is logged on. See the who man page for more information.
Table 6: Custom CIP Commands lists the custom CIP commands.
Table 6 Custom CIP Commands
CIP Command
Task Description Location
climconfig
“Climconfig (Man Pages)” (page 301)
clim
“Troubleshooting Tools and Tips” (page 119)
climstatus
“Displaying CLIM Status Information With climstatus” (page 87) and“Monitoring CLIM Devices and
Network Interfaces” (page 94)
cmd
“Linux Command Logging with cmd Command Wrapper” (page 121) (J06.10/H06.21 and later
RVUs only)
ifstart
“Controlling Interface States (IP CIP)” (page 102)
ifstop
“Deactivating an Interface” (page 103)
lunmgr
Chapter 5: LUN Manager for Storage CIP (page 170)
psclim
“Displaying System Information” (page 93) and “Monitoring CLIM Processes” (page 94)
Enter Linux and CIP commands with the tools described under “Entering CIP Commands”
For an explanation of how to view man pages, see“Linux Man Page Documentation and Help”
(page 25).
Entering CIP Commands
The primary methods of entering commands for the CIP subsystem (see Table 5: Sample Safe Linux
Commands (page 69) and Table 6: Custom CIP Commands (page 71)) are the command line
interface tools: Subsystem Command Facility (SCF) and CLIMCMD. Occasionally, you also must
enter TACL commands. For example, for IP CIP, to established soft links for IPSec, you create and
run a TACL macro (see “Setting Up Links to the Certificate Revocation List (CRL) and to the Certificate
Authority (CA)” (page 105)).
Certain configuration and management tasks are performed by commands that are executed on
the CLIM. A TACL command line tool, CLIMCMD, is provided that enables you to enter those
commands on the NonStop host system; the commands are then run on the CLIM. CLIMCMD uses
root login for users belonging to the super group and non-root login for users belonging to the
non-super group.
To enter a CLIM command using CLIMCMD, enter the command name and any associated
arguments. The CLIMCMD... CLIMCONFIG portion of the command is not case sensitive but the
parameters are case sensitive. The syntax is:
CLIMCMD {clim-name | IP-address | host-name} [-provider prov-name]
[command [arguments]]
Entering CIP Commands
71
If clim-name is specified, the command line interface uses the SCF INFO CLIM CLIM-NAME,
DETAIL display to get the dedicated service LAN IP address corresponding to that CLIM. If the IP
address is specified, the command line interface uses SSH to run remote commands on the
CLIM.
For a MULTIPROV ON CLIM, -provider specifies the provider in which the command should be
executed.
If you omit command[arguments] from the CLIMCMD command, a list of supported Linux
commands for the specified CLIM is displayed.
CLIMCMD requires the presence of the dedicated service LAN Providers ZTCP0 and ZTCP1 and
the secure shell processes ZSSP0 and ZSSP1.
One of the CLIMCMD commands is climconfig. The climconfig command takes many arguments
and supplies most of the configuration interface to the CLIM. climconfig never requires the -provider
option to CLIMCMD. Refer to “Using Linux Commands and Custom CIP Commands” (page 69)
for a list of commands that must have the provider specified. Also see “Climconfig (Man Pages)”
(page 301) for syntax descriptions of these commands. Other CLIMCMD commands are documented
in this chapter.
The CLIMCMD command line interface has these assumptions:
•
The dedicated service LAN (eth0) is operational.
•
The CLIM has been properly installed and configured, with a secure relationship established
between the CLIM and the NonStop console.
•
climname is an invalid CLIM name
•
Maintenance Interface IP Address is not known
•
Neither (ZSSP0,ZTCP0) nor (ZSSP1,ZTCP1) pair of processes exist
•
Connection could not be established to the clim climname
Errors
Configuring CIP
To use CIP, you must configure components on the NonStop host system and the CLIM. It doesn’t
matter which set of components you configure first.
This subsection covers configuring CIP:
•
“On the NonStop Host System” (page 72)
•
“On the CLIM” (page 81)
On the NonStop Host System
Configure CIP components on the NonStop host system by using SCF. First add CIP processes to
the system configuration database by issuing SCF commands to the NonStop Kernel subsystem.
Then define the CIP management objects by issuing SCF commands to the CIP subsystem.
For more details about SCF commands you use with CIP, see Chapter 10 (page 216).
Configuration tasks explained in this subsection include:
72
•
“Configuring CIP Processes for Persistence” (page 73)
•
“Other CIP Management Objects” (page 73)
•
“Setting the Host Names (IP and Telco CIP Only)” (page 74)
•
“Customize the NETWORKS File” (page 77)
CIP Configuration and Management
Configuring CIP Processes for Persistence
Three types of CIP processes run on the NonStop host system:
•
CIPMAN. The CIPMAN process is the main management component on the NonStop host
system side of the CIP subsystem. The CIPMAN object is the root of all other CIP configuration
objects on the NonStop host system side and is used to configure, control, and query the
components of CIP on its local system. One CIPMAN process pair runs on each NonStop host
system. You can run the CIPMAN process pair only in processors 0 and 1 (the location of
$System.)
•
CIPMON. The CIPMON process is a monitor process (MON object). It is responsible for CLIM
connection management and for stack operations other than data transfer, for example socket
migration and OSS shared sockets. You configure one CIPMON process per processor, for
a maximum of 16 CIPMON processes per NonStop host system.
•
CIPSAM (for IP CIP only). The CIPSAM process pair is a transport provider: it provides the
Socket Interface TCP^PROCESS^NAME. You configure as many CIPSAM process pairs as
you need to serve applications on the local system.
To ensure the availability of your CIP subsystem, CIPMAN, CIPSAM (IP CIP only), and CIPMON
are configured as in the Kernel subsystem. These processes are pre-configured in manufacturing.
See Chapter 2 (page 62) for a list of pre-configured processes.
The SCF commands directed to the Kernel subsystem add the CIPMAN, CIPSAM and CIPMON
processes to the NonStop system configuration database. For information about the attributes
shown in these configuration examples, see the SCF Reference Manual for the Kernel Subsystem.
The CIPMAN, CIPSAM, and CIPMON processes are system-managed processes (managed by the
$ZPM persistence manager). By adding CIPMAN (#ZZCIP) with a nonzero AUTORESTART attribute
and a STARTMODE attribute set to SYSTEM, makes these processes persistent, so whenever the
processes stop, $ZPM restarts them. See “Starting CIP on the NonStop Host System” (page 100)
for examples of the SCF commands for adding these processes to the Kernel subsystem.
Other CIP Management Objects
In addition to the CIPMAN, CIPSAM and CIPMON processes, these CIP management objects are
also required.
•
CLIM. The CLIM object on the NonStop host system represents the NonStop host system
interface to a CLIM; it does not really represent the CLIM device itself. The CLIM itself starts
operating as soon as it boots the CLIM software, but the NonStop host system gains access
to the CLIM by starting the CLIM object.
•
PROVIDER (for IP CIP only). The PROVIDER object represents a transport service provider and
directs socket requests to a specific CLIM. Each provider must have a corresponding CIPSAM
process whose name is used by applications to select the transport service provider. It is best
to make the provider name the same as the CIPSAM name. If you do not, then you must specify
a TPNAME attribute in the ADD PROVIDER command and that attribute must match the CIPSAM
name.
To define these objects:
1. For IP CIP only, add a PROVIDER object by using the SCF ADD PROVIDER command:
> ADD PROVIDER $ZZCIP.ZTC02
The Provider name must match the CIPSAM process. You can either name the Provider to
match the CIPSAM process (for example, $ZZCIP.ZTC02, where $ZTC02 is a CIPSAM process
name) or use the TPNAME attribute (for example, $ZZCIP.SAM1 , TPNAME ZTC02, where
$ZTC02 is CIPSAM process name).
NOTE: If you want more than one provider for this CLIM, see “Setting Up Multiple Providers
per CLIM” (page 129) and “Changing Providers, Adding and Starting a CLIM (IP and Telco
Only)” (page 130).
Configuring CIP
73
2.
Add a connection to a CLIM by using the SCF ADD CLIM command:
NOTE: This step is usually done by your service provider but if you delete a CLIM for some
reason, you need to re-add it to make it operational again.
> ADD CLIM $ZZCIP.N1002532, LOCATION (100,2,5,3,2) , PROVIDER ZTC02
This step does not affect the CLIM itself; rather, this command adds a CLIM SCF object to the
CIP subsystem on the NonStop host system. Alternatively, you can use the Configure CLIM
action in the OSM Service Collection to add the connection to the CLIM. Add subsequent
CLIMs to the subsystem by using the OSM:
1. In OSM, right-click on the CLIMs object and select Actions.
2. Select the Configure CLIMs action and click Perform action
3. Read the confirmation text and then click OK.
4. Enter the desired CLIM parameters and click OK.
3.
For IP CIP, ADD a CIPSAM process to go with your new provider.
> ADD PROCESS $ZZKRN.#CIPSAM, AUTORESTART 10, PRIMARYCPU 1,&
BACKUPCPU 2, NAME $ZTC02, PROGRAM $SYSTEM.SYSTEM.CIPSAM, &
HOMETERM $ZHOME, STARTMODE SYSTEM, STOPMODE SYSMSG, &
STARTUPMSG "<BCKP-CPU>"
4.
The CIPSAM process starts automatically. For IP CIP, to start the provider, issue the SCF START
PROVIDER command. For example:
> START PROVIDER $ZZCIP.ZTC02
5.
To start the SCF CLIM object, issue the SCF START CLIM command. For example:
> START CLIM $ZZCIP.N1002532
Other Tasks (IP and Telco CIP Only)
Setting the Host Names (IP and Telco CIP Only)
Name resolution for CIP is a function of the socket library on the NonStop host system. To provide
for this function, customize the following files and parameters:
NOTE:
These files are in $SYSTEM.ZTCPIP on the NonStop host system.
For information about managing these files during a SUT installation, see the H06.xx Software
Installation and Upgrade Guide or the J06.xx Software Installation and Upgrade Guide. (H06.xx
and J06.xx are the RVUs associated with your CIP RVU. For example, if you have the CIP version
that supports H06.14, see the H06.14 Software Installation and Upgrade Guide in the NonStop
Technical Library (NTL) on docs.hp.com,.
•
The HOSTS file
•
The TCPIP^HOST^FILE DEFINE
•
The IPNODES file
•
The TCPIP^RESOLVER^ORDER PARAM
•
The RESCONF file
•
The NETWORKS file
Hosts within an IP network communicate through their IP addresses. However, IP addresses are
not easy to remember. As a result, it is common practice to assign host names to IP addresses;
commands can then refer to a host by name.
The component that provides the translation between a host name and an IP address is called a
Domain Name Resolver (DNR). To resolve names, the DNR uses either a Domain Name Server
(DNS) or a HOSTS file; configure the DNR to use one or the other.
74
CIP Configuration and Management
Using the Domain Name Server is the preferred way of resolving names on the network. If a name
server is not available, use a HOSTS or IPNODES file.
Configure the HOSTS File (IP CIP Only)
The HOSTS file is a simple edit type file that contains an entry for each remote host known to your
system. Specify each remote host's IP address, host name, and alias.
Each entry in the HOSTS file has this format:
IP_address host_name [alias...]
The IP_address is a 32-bit numeric value expressed in dotted decimal form. The IP_address must
begin in the first column of an entry in your edit file. The host_name and aliases are alphanumeric
and separated by at least one space. For example:
# HOSTS file
127.0.0.1 me loop geoff mark cyclone
128.1.1.1 CB21 cb21 6
128.1.2.1 CB22 cb22
Notice the first entry beginning with 127.0.0.1 has several aliases. This indicates user can use
any of these aliases to communicate with the destination host that has the IP address 127.0.0.1.
The IP address 127.0.0.1 is a TCP/IP convention that refers to “this” host or loopback.
Specifying an alias for a host is optional, and a host can have more than one alias; however, the
aliases must be separated by spaces and be on the same line. The other entries (beginning with
128.1.1.1) each have two host names: one in uppercase and one in lowercase. Neither the host
name nor the alias is case sensitive.
You can add comments to the HOSTS file by preceding the comment with a pound sign (#). You
can add comments as separate lines of the file or after the IP address and host entry. Include
comments like the line name or hardware address that can be used for reference.
The site update tape (SUT) comes with a sample HOSTS file called SMPLHOST, which is installed
into $SYSTEM.ZTCPIP. Modify this file for your environment.
Configure the TCPIP^HOST^FILE DEFINE
The default behavior of the Domain Name Resolver (DNR) is to use the Domain Name System
(DNS) (and the RESCONF file), rather than the HOSTS file. If you want the DNR to use the HOSTS
file, you must set the TCPIP^HOST^FILE environment variable, using a TACL ADD DEFINE command.
For example:
ADD DEFINE =TCPIP^HOST^FILE, FILE $SYSTEM.ZTCPIP.HOSTS
You also must set the TCPIP^HOST^FILE parameter at each terminal that uses the IP network. Then,
when you invoke a TCP/IP application, the DNR uses the appropriate HOSTS file to resolve
references to host names. For convenience, include an ADD DEFINE command as an entry in the
TACLCSTM file, so that the command is executed automatically every time you log onto the NonStop
system.
Configure the IPNODES File
The IPNODES file contains information regarding the known IPv6 (and IPv4) nodes on the network.
If you are using INET6 communications and want to use a name resolution file, you must create
$SYSTEM.ZTCPIP.IPNODES to support local definitions of IPv4 and IPv6 addresses. (For DUAL
mode, you can either use HOSTS for IPv4 addresses and IPNODES for IPv6 addresses, or you can
put your IPv4 addresses in IPNODES.)
The format of the IPNODES file is the same as for the HOSTS file. For example:
#
# ipnodes - local database associating names of nodes with IP
Configuring CIP
75
# addresses. IP addresses can be either an IPv4 or an IPv6 address.
# The ipnodes file can be used with, or instead of, the HOSTS file.
#
2::56:a00:20ff:fe7b:b667 foo # John Smith
16.107.182.52 grand-poohbah bobafet-xx
0:0:0:ffff:0d:1:44:3 bar-mapped
0:0:0:0:d:1:44:3 bar-compatible
1080:0:0:0:8:800:200c:417a some-addr
1080:0:0:0:8:0:0:0 compress-this
Items are separated by any number of blanks or tab characters, or both. The pound sign (#)
indicates the beginning of a comment; characters up to the end of the line are not interpreted by
routines that search the file. Network addresses, both IPv4 and IPv6, are converted to binary format
by using the inet_pton() routine from the NonStop OS sockets library. Node names can contain
any printable character other than a field delimiter, new line, or comment character.
The getaddrinfo() routines as defined in RFC 2553 (Basic Socket Interface Extensions for IPv6),
support the use of the $SYSTEM.ZTCPIP.IPNODES file. and getnameinfo()
There is no sample IPNODES file on the SUT; you must create this file yourself if you want to use
it.
Add the TCPIP^NODE^FILE DEFINE
If you want to use an IPNODES file that is located someplace other than the default location
($SYSTEM.ZTCPIP.IPNODES), set the TCPIP^NODE^FILE environment variable, by using the TACL
ADD DEFINE command:
ADD DEFINE =TCPIP^NODE^FILE, FILE $SYSTEM.ZTCPIP.IPNODES
Also, for the resolver to use IPNODES in stead of DNS, you must set the TCPIP^NODE^FILE DEFINE.
Add the TCPIP^RESOLVER^ORDER PARAM
You can override system defines for the HOSTS file by using the TCPIP^RESOLVER^ORDER PARAM.
The syntax is:
PARAM TCPIP^RESOLVER^ORDER value
value indicates the file that the socket library should query. Valid values are:
DNSONLY
Query only the DNS.
HOSTFILEONLY
Search only the HOSTS file.
DNS-HOSTFILE
Query the DNS and if the host name is not found, search the HOSTS file.
HOSTFILE-DNS
Search the HOSTS file and if the host name is not found, query the DNS.
This PARAM takes precedence over the HOSTS DEFINE. The PARAM name and value are not
case-sensitive.
If there are no DEFINEs or PARAMs in effect for the process, the socket library consults DNS first.
If it doesn’t find the address there, it consults the IPNODES file.
76
CIP Configuration and Management
Configure the RESCONF File
The DNR resolves domain names to IP addresses using either DNS or a HOSTS file to provide the
translation. If you did not set the TCP^HOST^FILE or TCP^NODE^FILE parameter, the DNR assumes
it must use DNS. To determine which DNS to use, the DNR interrogates the RESCONF file. Therefore,
you must configure the RESCONF file when using DNS.
The RESCONF file specifies the name of the domain in which the host is running and the IP addresses
of DNS servers to consult. The following example lists three DNS IP addresses (nameserver 127.1,
nameserver 50.0.0.23, and nameserver 50.0.0.36):
domain HP.COM
nameserver 127.1
nameserver 50.0.0.23
nameserver 50.0.0.36
The first server address is the primary server. If that server is unavailable, the resolver contacts the
second server. If the second is unavailable, the resolver tries to contact the third server. Notice that
the first server address is 127.1; this is the address you would use if the current NonStop host had
a server available.
The site update tape (SUT) comes with a sample RESCONF file that is installed into $SYSTEM.ZTCPIP.
The name of this file is SMPLRESC. Modify this file for your environment.
Add the TCPIP^RESOLVER^NAME DEFINE
To override the default RESCONF file, use the environment variable TCPIP^RESOLVER^NAME.
This variable provides flexibility in selecting the RESCONF file accessed for name resolution.
The default RESCONF file is located on $SYSTEM.ZTCPIP. To select a different RESCONF file, use
a TACL ADD DEFINE command like:
ADD DEFINE =tcpip^resolver^name, FILE $data.user.resconf
Customize the NETWORKS File
The NETWORKS file lists the names, numbers, and aliases of networks known to the current host.
This file converts an Internet network address to a symbolic name.
Applications use this file when they call a getnetbyaddr() or a getnetbyname() function. The
NETWORKS file included with the CIP software is a prototype; you should customize this file.
Each entry of the NETWORKS file has this format:
network_name network_number [alias...]
Where network_name is an alphanumeric name, network_number is the assigned network
number, and alias is an alphanumeric name.
The alias is optional for each network, and each network can have more than one alias. The aliases
for each network must be on the same entry line and separated by spaces.
Sample NETWORKS File: SMPLNETW
The site update tape (SUT) comes with a sample NETWORKS filethat is installed into
$SYSTEM.ZTCPIP. The name of this file is SMPLNETW and the contents are shown in the display:
#
# Network configuration file
#
loopback
127
xxx-ether
192.9.200
tdm-oldether
125
xxxether ethernet localnet
tdmoldether
#
# Internet networks
# Internet networks
Configuring CIP
77
#
arpanet
10
arpa
ucb-ether
46
ucbether
Modify this file for your environment.
Customizing the Protocols, Services, and Programs (IP and Telco CIP Only)
Applications that use CIP rely on several other configuration files on the host:
•
The PROTOCOL file, to identify all available protocols (TCP, UDP, and so on)
•
The SERVICES file, to identify all available port-level services (FTP, SMTP, and so on)
•
The PORTCONF file, to list the ports monitored by the LISTNER and to identify, for each port,
the program the LISTNER invokes to service requests
PROTOCOL File
The PROTOCOLfile contains the names of the protocols currently supported by the CIP software,
as well as some not currently supported. Applications use the PROTOCOL file to get protocol names
and Internet protocol numbers. When an application calls the functions getprotobyname or
getprotobynumber, the PROTOCOL file provides this information. You do not need to alter this
file.
Each entry has this format:
protocol_name protocol_number PROTOCOL_NAME
Where protocol_name is the protocol name in lowercase, protocol_number is the well-known
Internet protocol number and PROTOCOL_NAME is the protocol name in uppercase. (Because the
functions getprotobyname and getprotobynumber are case sensitive, both uppercase and
lowercase representations of the protocol names are included in the PROTOCOL file.)
Sample PROTOCOL File: SMPLPROT
The site update tape (SUT) comes with a sample PROTOCOL file that is installed into
$SYSTEM.ZTCPIP. The name of this file is SMPLPROT and the contents are shown in the display:
#
# @(#)protocols 1.1 Tandem
#
# Internet (IP) protocols
# This file is never consulted when the yellow pages are running
#
ip
0
IP
# internet protocol, pseudo protocol number
icmp
1
ICMP
# internet control message protocol
ggp
3
GGP
# gateway-gateway protocol
tcp
6
TCP
# transmission control protocol
pup
12
PUP
# PARC universal packet protocol
udp
17
UDP
# user datagram protocol
ipv6
41
IP
# internet protocol for v6
icmpv6 58
ICMP
# internet control message protocol for v6
Precede comment lines with a pound sign (#).
NOTE:
sctp
You must add an entry for SCTP to use that protocol. To use SCTP, add this line:
132
SCTP
# stream control transmission protocol
SERVICES File
The SERVICES file contains the Internet port level services that are available with the CIP software.
Applications use the SERVICES file to get the service port numbers and service names. When the
78
CIP Configuration and Management
application calls the getservbyname(), getservbynumber(), or getaddrinfo() function, CIP uses the
SERVICES file to provide that information.
Each entry specifies a service name, the port number through which that service is accessed, and
the corresponding protocol that supports that service. You can use an alias to identify the service.
Sample SERVICES File: SMPLSERV
The site update tape (SUT) comes with a sample SERVICES file that is installed into $SYSTEM.ZTCPIP.
The name of this file is SMPLSERV and the contents are shown in the display:
#
# @(#)services 1.16 90/01/03 SMI
#
# Network services, Internet style
# This file is never consulted when the NIS are
#
tcpmux
1/tcp
echo
7/tcp
echo
7/udp
discard
9/tcp
sink null
discard
9/udp
sink null
systat
11/tcp
users
daytime
13/tcp
daytime
13/udp
netstat
15/tcp
chargen
19/tcp
ttytst source
chargen
19/udp
ttytst source
ftp-data
20/tcp
ftp
21/tcp
telnet
23/tcp
smtp
25/tcp
mail
time
37/tcp
timserver
time
37/udp
timserver
name
42/udp
nameserver
whois
43/tcp
nicname
domain
53/udp
domain
53/tcp
hostnames
101/tcp
hostname
sunrpc
111/udp
sunrpc
111/tcp
piccolo
2787/udp
piccolo
piccolo
2787/tcp
piccolo
#
# Host specific functions
#
tftp
69/udp
rje
77/tcp
finger
79/tcp
link
87/tcp
ttylink
supdup
95/tcp
iso-tsap
102/tcp
x400
103/tcp
x400-snd
104/tcp
csnet-ns
105/tcp
pop2
109/tcp
uucp-path
117/tcp
nntp
119/tcp
usenet
ntp
123/tcp
NeWS
144/tcp
news
#
# UNIX specific services
#
# these are NOT officially assigned
#
exec
512/tcp
running
# rfc-1078
# usually to sri-nic
# usually to sri-nic
# Cornerstone Software
# Cornerstone Software
# ISO Mail
# Post Office
# Network News Transfer
# Network Time Protocol
# Window System
Configuring CIP
79
login
shell
printer
courier
uucp
biff
who
syslog
talk
route
new-rwho
rmonitor
monitor
pcserver
srvr
ingreslock
513/tcp
514/tcp
515/tcp
530/tcp
540/tcp
512/udp
513/udp
514/udp
517/udp
520/udp
550/udp
560/udp
561/udp
600/tcp
cmd
spooler
rpc
uucpd
comsat
whod
router routed
new-who
rmonitord
#
#
#
#
no passwords used
line printer spooler
experimental
uucp daemon
#
#
#
#
experimental
experimental
experimental
ECD Integrated PC board
1524/tcp
You may need to edit the SERVICES file for the DSM/SCM Planner Interface to work. For more
information, see the H06.nn Software Installation and Upgrade Guide or the J06.nn Software
Installation and Upgrade Guide for the RVU you are currently running.
PORTCONF File
The PORTCONF file specifies the ports that the LISTNER process listens to and the corresponding
server program it invokes when the request comes in.
Here is an example of the PORTCONF file:
#
ftp $system.ztcpip.ftpserv
finger $system.ztcpip.fingserv
7 $system.ztcpip.echoserv
Sample PORTCONF File: SMPLPORT
The site update tape, SUT, comes with a sample PORTCONF file that is installed into
$SYSTEM.ZTCPIP. The name of this file is SMPLPORT and the contents are:
#
# This file tells the listner program which ports to
# listen to, and what programs to run
# Telnet is directly, and does not use the listner's
# services.
# To run the listner use:
#
$system.ztcpip.listner / name.../ [config-file-name]
# where config-file-name is this file.
#
ftp
$system.ztcpip.ftpserv
finger $system.ztcpip.fingserv
7
$system.ztcpip.echoserv
You may need to edit the PORTCONF file for the DSM/SCM Planner Interface to work. For more
information, see the H06.nn Software Installation and Upgrade Guide or the J06.nn Software
Installation and Upgrade Guide for the RVU you are currently running.
For more information about the PORTCONF file, see the TCP/IP Applications and Utilities User
Guide.
80
CIP Configuration and Management
On the CLIM
Configuring the CLIM involves a variety of tasks:
•
“Setting the Host Name” (page 81)
•
“Defining Networking Interfaces (IP CLIM Only)” (page 81)
•
“Mapping IP Addresses to Ethernet Addresses (ARP) (IP CLIM Only)” (page 81)
Setting the Host Name
The CLIM host name identifies the CLIM in various banners and prompts.
s1002532
To change the host name, use the CLIMCMD {clim-name | ip-address } climconfig command.
See climconfig.hostname(1).
NOTE: The CLIM hostname must match the SCF CLIM object name. If the CLIM hostname and
SCF CLIM object name do not match, the CLIM does not go to the STARTED state.
Defining Networking Interfaces (IP CLIM Only)
The CLIMCMD climconfig interface command sets the protocols, IP addresses, and other parameters
for the interface. Using this command, you can add an interface, delete an interface, view and
modify attributes of existing interfaces. See climconfig.interface(1).
You may configure the interfaces eth1, eth2, eth3, eth4, and eth5 for data communications. Eth0
and eth0:0 are pre-configured.)
Mapping IP Addresses to Ethernet Addresses (ARP) (IP CLIM Only)
ARP maps IP addresses to hardware MAC addresses. The CLIM usually builds the ARP cache
automatically as it discovers the MAC addresses of other entities, but you can also add, delete,
and view ARP cache entries by using the “climconfig.arp Description” (page 304).
Policy Based Routing
NOTE:
Policy based routing applies to all providers for CLIMs with the MULTIPROV ON option.
For J06.04 to J06.09 and H06.16 to H06.20 RVUs, you cannot associate an application with a
specific interface on a CLIM by binding to the IP address configured on that interface. For these
RVUs, if you need to restrict access of an application to an interface, you can use one interface
or set of interfaces on a CLIM by just adding a subset of the possible physical interfaces (for
example, eth1 and eth2).
As of J06.10 and later J-series RVUs and H06.21 and later H-series RVUs, you can use policy
based routing to ensure that the interface with the IP address bound to a socket will be used by
that socket for outgoing network traffic, or that an interface with an IP address in the source address
of the network packet is used for routing the packet. This feature is enabled by default, but you
can disable it.
Use the CLIMCMD {clim-name | ip-address} clim command to enable or disable policy
routing. The default is on. See “CLIMCMD clim Command” (page 120) for syntax.
Figure 18: Bound Socket Problem Configuration Without Policy Based Routing (page 82) and
Figure 20: Server Socket Problem Configuration Without Policy Based Routing (page 84) show
configurations that may encounter routing problems. Figure 19: Bound Socket Problem Configuration
With Policy Based Routing (page 83) and Figure 21: Server Socket Problem Configuration With
Policy Based Routing (page 85) show the same configurations with policy routing enabled, which
alleviates the routing problems.
Policy Based Routing
81
Figure 18: Bound Socket Problem Configuration Without Policy Based Routing shows a bound
socket configuration with these characteristics:
•
There are two interfaces on the same IP subnet (A.0).
•
A.0/24 is the subnet route added automatically when the IP address A.11 was configured
on the CLIM.
•
eth3 is activated first (non-deterministic).
•
The subnet route on eth3 is used for all outgoing connections to the network.
•
The socket is bound to the A.11, IP address on eth1.
•
The source address used in the packet is the one that is bound by the socket.
Problem: A packet is sent out on the eth3 interface with a source address from the eth1 interface.
Figure 18 Bound Socket Problem Configuration Without Policy Based Routing
With policy based routing enabled and no configuration change, the packet is sent out on the
eth1 interface with a source address from the correct interface, eth1, as shown in Figure 19: Bound
Socket Problem Configuration With Policy Based Routing:
82
CIP Configuration and Management
Figure 19 Bound Socket Problem Configuration With Policy Based Routing
Figure 20 (page 84) shows a server socket configuration with these characteristics:
•
There are two interfaces on the same IP subnet (A.0)
•
A.0/24 is the subnet route added automatically when the IP address A.11 was configured
on the CLIM.
•
eth3 is activated first (non-deterministic)
•
The server is listening on the eth1 IP address
•
Incoming requests come through the eth1 interface
•
Outgoing requests go through the eth3 interface
Problem: The response is sent on a different interface than the one the request came in on.
Policy Based Routing
83
Figure 20 Server Socket Problem Configuration Without Policy Based Routing
With policy based routing enabled and no configuration change, the response is sent on the same
interface that the request came in on, as shown in Figure 21 (page 85):
84
CIP Configuration and Management
Figure 21 Server Socket Problem Configuration With Policy Based Routing
This CLIMCMD {clim-name | ip-address} climstatus -or report shows the additional
tables created by policy routing:
$SYSTEM.SABUN 22> climcmd n1002571 climstatus -or
SSH client version T9999H06_21Jun2010_comForte_SSH_088
------------------------------------------------------------------------------------IPv4 routing table
TABLE main:
10.11.12.0/24 dev eth5 proto kernel scope link src 10.11.12.109
172.17.213.0/24 dev eth5 proto kernel scope link src 172.17.213.112
192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.37.71
default via 172.17.213.1 dev eth5
TABLE ETH0:
192.168.0.0/16 dev eth0
TABLE ETH5:
10.11.12.0/24 dev eth5
172.17.213.0/24 dev eth5
default via 172.17.213.1 dev eth5
The original entries are listed under “TABLE MAIN”. Additional tables are listed as “TABLE ETH5”,
and so on.
Troubleshooting Routing
If you upgrade to RVU J06.10 / H06.21 and find that routing behavior has changed, disable
policy based routing. It is enabled by default. See “Policy Based Routing” (page 81) for details
and “CLIMCMD clim Command” (page 120) for syntax details.
Policy Based Routing
85
Displaying the CIP Configuration
This section describes how to display information on the NonStop host system and on the CLIM.
On the NonStop Host System
To display the configurations of CIP objects on the NonStop host system, use the SCF INFO
command and specify the name of the object. For example:
•
The INFO CLIM command indicates whether the specified CLIM is present and displays the
location of the CLIM (the group, module, slot, port and, on systems that support it, fiber) where
the CLIM is installed) as well as the name of the associated Provider.
•
The INFO PROCESS command displays the process ID of the CIPMAN and CIPSAM (IP CIP
only) processes.
•
The INFO PROVIDER command (for IP CIP only) displays, for the specified provider, the name
of the transport provider (CIPSAM) process, the name of the associated CLIM (if the detail
option is specified in the INFO PROVIDER command), and the configured host name (for
example, the Expand node name).
•
The STATUS CLIM command displays a variety of information about the CLIM.
•
The LISTDEV CIP command displays the CIP monitor and manager processes. See “LISTDEV
CIP and LISTDEV TCPIP” (page 224)
•
The LISTDEV TCPIP (for IP CIP only) command displays the TCP/IP processes, including the
CIPSAM processes. See “LISTDEV CIP and LISTDEV TCPIP” (page 224).
This is not a complete list of display commands. For more information about all commands, see
Chapter 10 (page 216), “Climconfig (Man Pages)” (page 301) and the various tasks described in
this chapter.
For Information About the...
See...
INFO CLIM command
“INFO CLIM” (page 235)
INFO PROCESS command
“INFO PROCESS” (page 238) and “INFO Commands, CIPSAM” (page 281)
INFO PROVIDER command
“INFO PROVIDER” (page 238)
STATUS CLIM command
“STATUS CLIM” (page 257)
LISTDEV TCPIP and LISTDEV CIP
“LISTDEV CIP and LISTDEV TCPIP” (page 224)
On the CLIM
Use the CLIMCMD command line interface from the TACL prompt on the NonStop host system to
display configuration information.
•
To display the current setting of a TCP/IP protocol parameter, use the climconfig sysctl info
command, specifying the all parameter. See “Climconfig (Man Pages)” (page 301) for details.
•
To display the routing table, you can use the Linux netstat -r command.
NOTE:
•
For better performance, always use the –n option.
To display the ARP cache, use the CLIMCMD arp command with no arguments. See the arp(8)
man page for details.
NOTE: netstat and arp are network-sensitive commands, requiring that the -provider option be
specified to CLIMCMD if the MULTIPROV option is ON.
86
CIP Configuration and Management
Displaying CLIM Status Information With climstatus
The climstatus script displays status information for CLIM objects and devices, including the
ServerNet, the Ethernet LAN, the kernel IP routing table, and hard disk drives.
Invoke climstatus either from the command line by using the CLIMCMD command from TACL or
(partially) from I/O Essentials. (I/O Essentials allows you to show Routing Table Information, which
is equivalent to climstatus -o r). Some of this information can also be obtained from the SCF
STATUS CLIM command. The syntax is:
CLIMCMD {clim-name | IP-address} climstatus [-o option]
option is any of these:
Option
Displays information about...
s
ServerNet. The display includes SCS status, X and Y fabric connectivity status, and link locations.
l
Status of the local area network. The display includes, for each interface, the interface name, type,
status, link status, and IP addresses (IPv4 and IPv6). LAN information is split into sections, one for the
data interfaces (loopback, eth2, eth3, eth4, eth5), and one for the maintenance interfaces (eth0).
r
Kernel IPv4 and IPv6 routing tables. The display for IPv4 includes the interface name, destination IP
address, the gateway address and network mask. The display for IPv6 includes the interface name,
destination IP address, and next hop.
h
File system disk space utilization. The display includes, for each configured disk, its name, type, size,
space used, space available, percentage in use, and mount point.
i
IPSec configuration.
f
Failover configuration.
m
SNMP configuration.
c
climprep config information.
t
climiptables config information.
Invoking the tool without options displays information about all components. Options allow you to
specify the components for which to display status.
ServerNet Status
This command provides ServerNet status information:
Example 2 Climstatus Command ServerNet Status Information, IP and Telco CLIM
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD n1002532 climstatus -o s
CLIM Configuration & Status:
Mode..................... IP
State.................... STARTED
ConnPts.................. 2
X1 Location.............. Group 100, Module 2, Slot 5, Port
Y1 Location.............. Group 100, Module 3, Slot 7, Port
X2 Location.............. Group 100, Module 2, Slot 5, Port
Y2 Location.............. Group 100, Module 3, Slot 7, Port
X1 Connection Status..... UP
Y1 Connection Status..... UP
X2 Connection Status..... UP
Y2 Connection Status..... UP
Last Restart Time........ Wed Oct 17 03:21:26 2007
CIP/Linux Hostname....... CLIM1
Network SW Version....... T0691H01_01MAY2008_AAA_CLIM
Storage SW Version....... T0691H01_01MAY2008_AAA_CLIM
CIP SW Version........... T0853h01_01AUG2008_23JUL2008_AAA
3,
3,
4,
4,
Fiber
Fiber
Fiber
Fiber
2
1
2
2
Telco SW Version........... T08718INS_17FEB2011_18JAN2011_XYZ
29West SW Version...........T01234IBX_17FEB2011_18JAN2011_XYZ
Number of Socket Servers. 1
Displaying the CIP Configuration
87
CIP/Linux Version:
Linux version 2.6.18-5-telco-amd64 (Debian 2.6.18.dfsg.1-14~hpde1.8)
([email protected]) (gcc version 4.1.2 20061115 (prerelease)
(Debian 4.1.1-21)) #1 SMP PREEMPT Fri Sep 28 20:50:40 UTC 2007
Example 3 Climstatus Command ServerNet Status Information, Storage CLIM
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD s1002531 climstatus -o s
CLIM Configuration & Status:
Mode..................... STORAGE
State.................... STARTED
ConnPts.................. 2
X1 Location.............. Group 100, Module 2, Slot 5, Port 3, Fiber 1
Y1 Location.............. Group 100, Module 3, Slot 7, Port 3, Fiber 1
X2 Location.............. Group 100, Module 2, Slot 5, Port 3, Fiber 2
Y2 Location.............. Group 100, Module 3, Slot 7, Port 3, Fiber 2
X1 Connection Status..... UP
Y1 Connection Status..... UP
X2 Connection Status..... UP
Y2 Connection Status..... UP
Last Restart Time........ Fri Apr 25 15:04:37 2008
CIP/Linux Hostname....... S1002531
Network SW Version....... T0691H01_01MAY2008_AAA_CLIM
Storage SW Version....... T0830H01_01MAY2007_22APR2008_
CIP SW Version........... T0853H01_01MAY2008_23APR2008_
Number of Socket Servers. 1
CIP/Linux Version:
Linux version 2.6.18-6-clim-amd64 (Debian 2.6.18.dfsg.1-18hpdeetch1hpde1.3)
( [email protected]) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21))
#1 SMP PREEMPT
Mon Mar 31 19:17:50 UTC 2008
Ethernet LAN Status
This display shows Ethernet LAN status information for an IP CLIM. Notice the separate displays
for the data interfaces and the dedicated service LAN (also called maintenance LAN):
Example 4 Climstatus Command Ethernet LAN Status (IP and Telco CLIM)
For CLIM(s) with the MultiProv feature enabled, the following is the output for LAN Interfaces status.
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD n1002532 climstatus -o l
MultiProv: ON
Maintenance LAN Status & IP Addresses:
Name
Status LkP
Master / IP Family & Address
lo
UP
-IPv4: 127.0.0.1
eth0
UP
UP
IPv4: 16.107.180.99
Maintenance Provider Interface Status & IP Addresses:
Name
Status LkP
Master / IP Family & Address
lo
UP
-IPv4: 127.0.0.1
eth0:0
UP
UP
IPv4: 16.107.180.100
Data Provider ZTC0 Interface Status & IP Addresses:
Name
Status LkP
Master / IP Family & Address
lo
UP
-IPv4: 127.0.0.1
IPv6: ::1
eth1
UP
UP
IPv4: 172.17.190.101
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:24de
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:24de
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:24de
eth2
UP
UP
IPv4: 172.17.190.102
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:24df
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:24df
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:24df
Data Provider ZTC1 Interface Status & IP Addresses:
88
CIP Configuration and Management
Name
lo
Status
UP
LkP
--
eth3
UP
UP
Master / IP Family & Address
IPv4: 127.0.0.1
IPv6: ::1
IPv4: 172.17.190.103
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:257e
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:257e
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:257e
Unconfigured Interfaces:
Name
Status LkP
eth4
DOWN
-eth5
DOWN
-bond0
DOWN
--
IP Tables Status
For examples of iptables/ip6tables information, see Section : To allow all inbound FTP traffic on
all but eth2 and to allow inbound telnet traffic only on eth2: (page 110) and Section : To allow
inbound SNMP TRAPS (port 162) from IP address 100.100.100.56 only: (page 111) under
Configuring CIP iptables/ip6tables (IP CIP) (page 109).
Kernel Routing Table Information
Example 5: Climstatus Command IP Routing Table Information (IP and Telco CLIM) (J06.10/H06.21
and later RVUs) shows the kernel routing table on an IP CLIM for J06.10/H06.21 and later RVUs.
IPv4 and IPv6 routing information is displayed separately. Example 6: Climstatus Command IP
Routing Table Information (IP and Telco CLIM) (RVUs prior to J06.10/H06.21 shows the kernel
routing table on an IP CLIM for RVUs prior to J06.10/H06.21.
Example 5 Climstatus Command IP Routing Table Information (IP and Telco CLIM) (J06.10/H06.21
and later RVUs)
For CLIM(s) with the MultiProv feature enabled, the following is the output for Kernel IP Routing
table.
$SYSTEM.SABUN 22> CLIMCMD n1002571 climstatus -o r
Maintenance LAN IPv4 Routing table
TABLE main:
16.107.172.0/22 dev eth0 proto kernel scope link
src 16.107.174.129
default via 16.107.172.1 dev eth0TABLE ETH0:
16.107.172.0 dev eth0 scope host
16.107.175.255 dev eth0 scope host
16.107.174.129 dev eth0 scope host
16.107.174.74 dev eth0 scope host
16.107.172.0/22 dev eth0
default via 16.107.172.1 dev eth0
Maintenance LAN IPv6 Routing table
TABLE main:
fe80::/64 dev eth0 proto kernel metric 256
advmss 1440 hoplimit 4294967295
mtu 1500
Maintenance Provider IPv4 Routing table
TABLE main:
16.107.173.0/22 dev eth0 proto kernel scope link
src 16.107.174.129
default via 16.107.173.1 dev eth0
Maintenance Provider IPv6 Routing table
TABLE main:
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440
hoplimit 4294967295
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440
Displaying the CIP Configuration
89
hoplimit 4294967295
Data Provider ZTC0 IPv4 Routing table
TABLE main:
1.1.1.1 dev eth2 scope host metric 5
1.1.1.0/24 dev eth2 proto kernel scope link
src 1.1.1.14
1.1.1.0/24 dev eth1 proto kernel scope link
src 1.1.1.15
1.1.1.0/24 dev eth3 proto kernel scope link
src 1.1.1.13
TABLE ETH1:
1.1.1.0/24 dev eth1
TABLE ETH2:
1.1.1.1 dev eth2 scope host
1.1.1.0/24 dev eth2
metric 5
TABLE ETH3:
1.1.1.0/24 dev eth3
Data Provider ZTC0 IPv6 Routing table
TABLE main:
fe80::/64 dev eth2 proto kernel metric 256
advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 proto kernel metric 256
advmss 1440 hoplimit 4294967295
fe80::/64 dev eth3 proto kernel metric 256
advmss 1440 hoplimit 4294967295
mtu 1500
mtu 1500
mtu 1500
TABLE ETH1:
fe80::/64 dev eth1 metric 256
hoplimit 4294967295
mtu 1500 advmss 1440
TABLE ETH2:
fe80::/64 dev eth2 metric 256
hoplimit 4294967295
mtu 1500 advmss 1440
TABLE ETH3:
fe80::/64 dev eth3 metric 256
hoplimit 4294967295
mtu 1500 advmss 1440
The original entries are listed under “TABLE MAIN”. Additional tables are listed as “TABLE ETH5”,
and so on.
Example 6 Climstatus Command IP Routing Table Information (IP and Telco CLIM) (RVUs prior to
J06.10/H06.21
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD n1002532 climstatus -o r
Kernel IP routing table:
Destination
Gateway
Genmask
Iface
localnet
*
255.255.255.0
eth0
172.17.214.0
*
255.255.255.0
eth1
172.17.0.0
172.17.214.1
255.255.0.0
eth1
224.0.0.0
*
240.0.0.0
eth1
224.0.0.0
*
240.0.0.0
eth0
default
16.107.192.1
0.0.0.0
eth0
.......................................................................
.......................................................................
Kernel IPv6 routing table:
Destination
Flags Metric Ref
Use Iface
::1/128
U
0
13
2
lo
90
CIP Configuration and Management
Next_Hop
::
::1.2.3.4/128
U
0
0
::3.4.5.6/128
U
0
0
::4.3.2.1/128
U
0
0
::16.107.192.195/128
U
0
0
::127.0.0.1/128
U
0
0
::172.17.190.2/128
U
0
0
::172.17.190.5/128
U
0
0
::172.17.214.50/128
U
0
0
3ffe:1200:aaaa:bbbb::/128
U
0
0
::
2
lo
2
lo
2
lo
2
lo
2
lo
2
lo
2
lo
2
lo
2
lo
::
::
::
::
::
::
::
::
Hard Disk Space Usage
This display shows information pertaining to hard disk space usage.
Example 7 Climstatus Command Hard Disk Space Usage
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD n1002532 climstatus -o h
CLIM1:~#climstatus -o h
Filesystem Disk Space Usage
Filesystem
Type
Size
/dev/sda2
ext3
32G
tmpfs
tmpfs
2.0G
tmpfs
tmpfs
10M
Used
11G
64K
9.8M
Avail
20G
2.0G
224K
Use%
36%
1%
98%
Mounted
/
/dev/shm
/dev
Failover Configuration
This display shows failover configuration.
Example 8 Climstatus Command Failover Configuration (IP CIP)
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD n1002531 climstatus -o f
Interface Failover Configuration:
Source
Destination
N1002531.eth1
N1002533.eth1
N1002531.eth2
N1002533.eth3
IPSec Configuration
This display shows IPSec configuration.
Example 9 Climstatus Command IPSec Configuration (IP and Telco CLIM)
For CLIM(s) with the MultiProv feature enabled, the following is the output for IPSec configuration.
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD n1002531 climstatus -o i
Data Provider ZTC0 Security Policies
--------------------------------------------------10.3.3.2[any] 10.1.1.2[any] any
in ipsec
esp/transport//require
created: Feb 8 14:54:57 2007 lastused:
lifetime: 0(s) validtime: 0(s)
spid=8 seq=2 pid=369
refcnt=1
10.1.1.2[any] 10.3.3.2[any] any
Displaying the CIP Configuration
91
out ipsec
esp/transport//require
created: Feb 8 14:54:57 2007 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1 seq=1 pid=369
refcnt=1
10.3.3.2[any] 10.1.1.2[any] any
fwd ipsec
esp/transport//require
created: Feb 8 14:54:57 2007 lastused:
lifetime: 0(s) validtime: 0(s)
spid=18 seq=0 pid=369
refcnt=1
--------------------------------------------------Data Provider ZTC0 Security Associations
--------------------------------------------------10.1.1.2 10.3.3.2
esp mode=tunnel spi=104020735(0x06333aff) reqid=0(0x00000000)
E: 3des-cbc 89bc2167 67e907db 36194b58 163d37f4 966907d8
c6dc4feb
A: hmac-md5 77902409 4ddf1ea3 7522e4b8 fb202793
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Feb 8 15:19:02 2007
current: Feb 8 15:19:20 2007
diff: 18(s)
hard: 28800(s) soft: 23040(s)
last:
hard: 0(s)
soft: 0(s)
current: 0(bytes)
hard: 0(bytes) soft: 0(bytes)
allocated: 0
hard: 0 soft: 0
sadb_seq=7 pid=863 refcnt=0
10.3.3.2 10.1.1.2
esp mode=tunnel spi=67944745(0x040cc129) reqid=0(0x00000000)
E: 3des-cbc ae9637c0 4093cc5e 457f248d a35518e2 3fe45e53
a1304a03
A: hmac-md5 883dd135 b494dff9 99bf9796 fe7b0165
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Feb 8 15:19:02 2007
current: Feb 8 15:19:20 2007
diff: 18(s)
hard: 28800(s) soft: 23040(s)
last:
hard: 0(s)
soft: 0(s)
current: 0(bytes)
hard: 0(bytes) soft: 0(bytes)
allocated: 0
hard: 0 soft: 0
sadb_seq=3 pid=863 refcnt=0
SNMP Information
This display shows SNMP information.
Example 10 Climstatus Command SNMP Information
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD n1002581 climconfig snmp -info
comForte SSH client version T9999H06_11Feb2008_comForte_SSH_0078
Trap Receiver IP Address
192.168.36.10
192.168.36.11
SNMP Agent State
STARTED
SNMP Agent Listening IP Address
192.168.37.81
Termination Info: 0
CLIM Configuration Information
This display shows CLIM configuration information.
Example 11 Climstatus Command CLIM Configuration
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD s1002581 climstatus -o c
92
CIP Configuration and Management
CLIMPREP Configuration:
VERSION
CONNECTED_GMS
SYS_NAME
SNET_SPEED
NETWORK_CLIM
DISK_CLIM
NUM_SNET_CONN
SWITCH_TYPE
PCI_SLOTS
1
100.2.3.3.0
MYSYS
2
1
0
2
1
1.2C,2.1F,3.DC,4.1F,5.VO
Displaying System Information
Use the psclim tool to display system information about CLIM processes. The psclim command
shows the process PID, memory used, percentage memory, percentage CPU time, accumulated
CPU time, start time, run status, and start command.
For field descriptions, see the ps(1) man page.
This command displays information about CLIM processes on s1002532:
Example 12 psclim Command
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD s1002532 psclim
PID RSS %MEM %CPU
TIME START STAT CMD
1640 1616 0.0 0.0 00:00:00 Sep 25 S
/usr/local/bin/climmon
1698 7312 0.1 0.0 00:00:00 Sep 25 S
confsync
1644 7360 0.1 0.0 00:00:00 Sep 25 S
cipssrv --number 0
1690 7316 0.1 0.0 00:00:00 Sep 25 S
climagt --number 1
Displaying Man Pages for CIP Commands
The CLIM man commands provide online documentation for the CLIM side of CIP. The man pages
include entries for the clim(1), climstatus(1), ifstart(1), ifstop(1), prov(1p), psclim(1), and climconfig(1)
commands and the CLIM configuration files. See Chapter 11: “CLIMCMD and CLIMCMD climconfig
Commands (Man Pages)” for documentation on CIP man pages.
Most Linux commands have man pages. You can access Linux man pages by using the CLIMCMD
command. The man commands have this syntax:
CLIMCMD {clim-name |IP-address} man [section] command
section
man pages are grouped into sections of related commands. By default, all sections are searched
for documentation on a command.
To disambiguate documentation for commands with the same name, you can optionally specify
the section to indicate which command is intended. For example, the linux command "ip" is
grouped into section 8, while the ip object of climconfig is documented in section 1. Specifying
the section to the man command allows these two different man pages to be accessed:
CLIMCMD N1002531 man 1 ip
CLIMCMD N1020531 man 8 ip
command
Is the CLIM or Linux command for which you want information. For example, the command
CLIMCMD n1002531 man man displays a description of the Linux man command. If you
want to see a man page for a climconfig command, enter climconfig.subcommand-name,
for example, CLIMCMD n1002531 man climconfig.failover.
You can obtain help by using the SCF help command. See “SCF HELP Facility” (page 223).
Displaying Man Pages for CIP Commands
93
Monitoring CIP
Because CIP resides on both the NonStop host system and the CLIM, monitoring it requires use of
the Subsystem Control Facility (SCF) and the CLIMCMD CLI.
On the NonStop Host System
Monitoring CIP Processes
To monitor the CIP processes on the NonStop host system, you use the SCF commands:
•
STATS CLIM, to display protocol statistics for individual processes on the CLIM
•
STATS MON, to display statistics pertaining to the interaction of CIP processes on the NonStop
host system with applications using the socket interface
For more information about these commands, see Chapter 10 (page 216).
Monitoring the Interface to the CLIM
To monitor the interaction between CIP processes on the NonStop host system and individual CLIMs,
you use the SCF commands:
•
STATUS MON, to display the status of the interaction of CIP processes on the NonStop host
system with individual CLIMs, for example, fabric status.
•
STATUS CLIM, to discover whether a given CLIM is present and, if so, whether it is started or
stopped and whether it is currently being traced. The detail option also displays information
about the physical connection of the CLIM to the NonStop host system.
For more information about these commands, see Chapter 10 (page 216).
On the CLIM
SCF commands on the NonStop host system can show only a limited amount of information about
the operation of the CLIM and its TCP/IP protocol stack. More information is available using
commands that run on the CLIM itself.
Monitoring CLIM Processes
You use the CLIM psclim script to monitor CLIM-specific processes.
This script is derived from the Linux ps command and reports information such as the process ID,
memory and CPU utilization, start time, and run status of specific processes on the CLIM.
For detailed information, see “Displaying System Information” (page 93).
Monitoring CLIM Devices and Network Interfaces
You use the CLIM climstatus script to monitor CLIM-specific resources. You can invoke the script
without options to monitor a wide range of CLIM devices or specify options to find out the status
of a particular resource:
•
The s option provides information about the ServerNet.
•
The l option provides information about the Local Area Network (Ethernet).
•
The r option provides information about the Kernel IP routing table.
•
The h option provides information about Linux file-system disks and disk space.
See “Displaying CLIM Status Information With climstatus” (page 87) for the syntax of this command.
Configuring Bonded Interface Failover (IP CIP)
To set up interface-to-interface failover, use these CLIMCMD {clim-name | ip-address}
climconfig commands:
94
CIP Configuration and Management
1.
2.
3.
Use interface to add a bonded interface.
Use ip to add an IP address to the bonded interface.
Use slaveinterface to configure the bonded interface with multiple slave interfaces. With
multiple physical interfaces configured for each bonding interface, when one physical interface
has a problem, the traffic will be switched to another interface.
Use the -primary option to designate a primary interface to be used for the bonded interface
when using bond mode 1. This interface will be used as the active interface for the bond
whenever it is available. See the “climconfig.slaveinterface Description” (page 368) command.
Also see Example 13: CLIM-to-CLIM Failover (IP CIP) (page 95) for an example of configuring
a primary interface for the bonded interface.
Configuring CLIM-to-CLIM Failover (IP CIP)
To set up CLIM-to-CLIM failover, use the CLIMCMD {clim-name | ip-address} climconfig
failover command to add a destination interface on a different CLIM.
For examples of these commands, see “Configure the Eth1 Through Eth5 Interfaces (Does Not
Apply to Storage CIP)” (page 65) and “Configure CLIM-To-CLIM Failover (Applies to IP CIP Only,
Not Storage CIP)” (page 66). For the full syntax of these commands, see “Climconfig (Man Pages)”
(page 301).
For faster failover, on the router, do not set the Retrans Timer field of the router advertisements, or
set it less than or equal to 1000ms.
CAUTION: If the Retrans Timer field of the router advertisements is set to greater than 1000ms,
failover may not work.
Example 13 CLIM-to-CLIM Failover (IP CIP)
This example is for CLIMs with MULTIPROV OFF. See “Setting Up Multiple Providers per CLIM”
(page 129) for a discussion of configuring CLIMs with MULTIPROV ON.
1. Find already configured CLIM interfaces.
> CLIMCMD c1002581 climconfig interface –info all
comForte SSH client version T999H06_20Mar2008_comForte_SSH_079
Interface
: lo
Interface
Type
: Loopback Interface
Interface
Interface
MTU
IP
Type
Size
Address
Netmask
ROUTE
Details
Route
Type
Destination Address
Netmask
Gateway
Address
Metric
Minimum RTO
InitCWND
Auto Negotiation Details
Status
Line Speed
Duplex
Software MAC Address
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
eth0
Physical Interface
1500
16.107.201.131
255.255.252.0
Interface
Interface
MTU
IP
:
:
:
:
eth1
Physical Interface
1500
16.107.201.90
Type
Size
Address
Default Route
0.0.0.0
0.0.0.0
16.107.200.1
0
Unspecified
Unspecified
on
Not Applicable
Not Applicable
Unspecified
Configuring CLIM-to-CLIM Failover (IP CIP)
95
Netmask
Details
Route
Type
Destination Address
Netmask
Gateway
Address
Metric
Minimum RTO
InitCWND
Auto Negotiation Details
Status
Line Speed
Duplex
Software MAC Address
:
:
:
:
:
:
:
:
:
:
:
:
:
:
255.255.252.0
Interface
Interface
IP
Type
Address
Netmask
:
:
:
:
eth0:0
Logical Interface
16.107.201.144
255.255.252.0
Type
Size
Address
Netmask
Details
Route
Type
Destination Address
Netmask
Gateway
Address
Metric
Minimum RTO
InitCWND
:
:
:
:
:
:
:
:
:
:
:
:
:
ib1
Physical Interface
2044
16.107.201.98
255.255.252.0
Type
Size
Address
Netmask
:
:
:
:
:
ib0
Physical Interface
2044
16.107.201.96
255.255.252.0
ROUTE
-
Interface
Interface
MTU
IP
ROUTE
-
Interface
Interface
MTU
IP
2.
Default Route
0.0.0.0
0.0.0.0
16.107.200.1
0
Unspecified
Unspecified
on
Not Applicable
Not Applicable
Unspecified
Default Route
0.0.0.0
0.0.0.0
16.107.200.1
0
Unspecified
Unspecified
Delete CLIM interfaces
> CLIMCMD c1002581 ifstop eth2 –force
comForte SSH client version T9999H06_20Mar2008_comForte_SSH_0079
Interface is stopped.
Termination info: 0
\BLITUG.$SYSTEM.SABUN 15> CLIMCMD c1002581 climconfig interface –delete eth2
comForte SSH client version T9999H06_20Mar2008_comForte_SSH_0079
Deleted the Interface.
Termination info: 0
3.
Check that all data interfaces are deleted.
> CLIMCMD C1002582 climconfig interface –info all
comForte SSH client version T9999H06_20Mar2008_comForte_SSH_0079
Interface
: lo
Interface Type
: Loopback Interface
Interface
Interface
Jumbo
IP
ROUTE
–
96
Type
Frame
Address
Netmask
Details
Route
Type
Destination Address
Netmask
Gateway
Address
CIP Configuration and Management
:
:
:
:
:
:
:
:
:
:
eth0
Physical Interface
NO
192.168.37.82
255.255.0.0
Default Route
0.0.0.0
0.0.0.0
0.0.0.0
Metric
Interface
Interface
Jumbo
IP
:
:
:
:
:
:
Type
Frame
Address
Netmask
0
eth0:0
Logical Interface
NO
192.168.36.11
255.255.0.0
Termination Info: 0
4.
Set up bond mode C1002581 and C1002582 on LAN A:
>
>
>
>
5.
climconfig
climconfig
climconfig
climconfig
bondmode
bondmode
bondmode
bondmode
–info
–modify 1
–info
–modify 1
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
c1002582
c1002582
c1002852
c1002582
climconfig
climconfig
climconfig
climconfig
interface –add bond0
slaveinterface –configure bond0 –add eth4
slaveinterface -configure bond0 -add eth5 -primary eth5
ip –add bond0 –ipaddress 10.1.100.11 –netmask 255.0.0.0
Bond the interface of C1002581 on LAN A with eth4 as primary.
>
>
>
>
7.
c1002582
c1002582
c1002581
c1002581
Bond the interface of C1002582 on LAN A with eth5 as primary.
>
>
>
>
6.
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
c1002581
c1002581
c1002851
c1002581
climconfig
climconfig
climconfig
climconfig
interface –add bond0
slaveinterface –configure bond0 –add eth5
slaveinterface -configure bond0 -add eth4 -primary eth4
ip –add bond0 –ipaddress 10.1.100.12 –netmask 255.0.0.0
Configure failover on C1002582:
> CLIMCMD C1002582 climconfig failover –add bond0 –dest C1002581.bond0
comForte SSH client version T9999H06_20Mar2008_comForte_SSH_0079
Added the Failover Configuration
Termination Info: 0
> CLIMCMD C1002582 climconfig failover –info C1002582 –interface bond0
comForte SSH client version T9999H06_20Mar2008_comForte_SSH_0079
SOURCE
DESTINATION
C1002581.bond0 C1002582.bond0
Termination Info: 0
Figure 22: Configuration State shows the configuration state at this point:
Configuring CLIM-to-CLIM Failover (IP CIP)
97
Figure 22 Configuration State
8.
Configure failover on C1002581:
> CLIMCMD C1002581 climconfig failover –add bond0 –dest C1002582.bond0c
9.
Configure LAN B.
> CLIMCMD c1002581 climconfig ip -add bond0 -ipaddress 10.13.100.21 netmask 255.0.0.0
> CLIMCMD c1002581 climconfig ip -add bond1 -ipaddress 10.14.100.22 -netmask 255.0.0.0
10. Configure LAN C
> CLIMCMD C1002582 climconfig interface –add eth2
> CLIMCMD C1002582 climconfig ip –add eth2 –ipaddress 10.25.100.31 –netmask 255.0.0.0
> CLIMCMD C1002582 climconfig ip –add eth2 –ipaddress 10.26.100.32 –netmask 255.0.0.0
Figure 23: Configuration State shows the state of the configuration at this point:
98
CIP Configuration and Management
Figure 23 Configuration State
Replicating the Configurations from One CLIM to Another CLIM
To replicate any portion or the entire configuration from one CLIM to another CLIM, use the IN
and OUT run options of CLIMCMD, described here:
1. Use this command:
CLIMCMD /OUT file-name/ {clim-name|IP address} climconfig command-args –obeyform
to obtain the desired configuration information from the CLIM to file-name. For example,
to place the configurations from C1002581 into the file ‘config,’ enter:
CLIMCMD /OUT config/ C1002581 climconfig interface –info all –obeyform
2.
3.
4.
Edit file-name for any changes in the configuration value.
Stop the destination CLIM.
Use this command:
CLIMCMD /IN file-name/ {clim-name|IP address}
to replicate the configuration on the destination CLIM. For example, to replicate the
configuration from C1002581 on C1002582, enter:
CLIMCMD /IN config/ C1002582
5.
6.
Start the CLIM.
For a Storage CLIM, you must run the lunmgr -a command for each enclosure so that they
will be numbered correctly.
For the full syntax of the climconfig commands, refer to “Climconfig (Man Pages)” (page 301).
Using the CLIMCMD /IN/ run-option
You can create a file manually with the set of commands to be executed on a CLIM and specify
the /IN/ run-option of CLIMCMD. It is mandatory that the user-created file have the command
‘exit’ added at the end.
Replicating the Configurations from One CLIM to Another CLIM
99
1.
Create a file ‘config’ with the list of commands followed by an ‘exit’. End-Of-Line characters
in a command that spans multiple lines must be escaped using the ‘\’ character, as shown in
the second command, below.
climconfig interface -add eth5
climconfig ip -add eth5 -ipaddress \
172.18.7.5 -netmask 255.255.255.0
exit
2.
Pass this file to the /IN/ run-option:
CLIMCMD /IN config/ C1002581
Linux C1002581 2.6.32-clim-18-amd64
#1 SMP Tue Jul 19 18:36:07 UTC 2011 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Jan 5 00:44:32 2012 from 15.154.112.213
C1002581:~# climconfig interface -add eth5
Added the Interface.
C1002581:~# climconfig ip -add eth5 -ipaddress \
> 172.18.7.5 -netmask 255.255.255.0
Added the IP.
C1002581:~# exit
logout
Termination Info: 0
Starting and Restarting CIP
Upon installation, the CLIM software is configured to start automatically when power is applied to
the CLIM device. On the NonStop host system side, first start CIP and then the applications that
will use the subsystem.
For examples of the commands needed to start the CIP subsystem, see Chapter 2 (page 62). The
commands shown are issued to the Kernel subsystem and they start the CIPMAN, CIPSAM (IP CIP
only) and CIPMON generic processes for the first time or after they have been stopped by an SCF
ABORT command to the Kernel subsystem. Because CIPMAN, CIPSAM and CIPMON are configured
as persistent processes, the persistence manager restarts them whenever the system is reloaded or
whenever an SCF STOP or ABORT command is issued to the CIP subsystem rather than to the
Kernel subsystem.
Starting CIP on the NonStop Host System
The CIP manager, monitor, and socket access method (SAM) (IP CIP only) processes are persistent
and are restarted by the persistence manager unless you set the AUTORESTART parameter to 0
(zero) and the STARTMODE parameter to MANUAL in SCF ADD command to the Kernel subsystem.
See “Managing Persistence on the NonStop Host System” (page 114) for more information about
managing persistence. The commands used for a typical configuration of the CIPMAN, CIPSAM
(IP CIP only), and CIPMON processes are:
1. On the NonStop host system, add the CIPMAN process to the system configuration database
by using SCF to the Kernel subsystem:
> ADD PROCESS $ZZKRN.#ZZCIP, AUTORESTART 10, PRIMARYCPU 0, &
BACKUPCPU 1, NAME $ZZCIP, PROGRAM $SYSTEM.SYSTEM.CIPMAN, &
HOMETERM $ZHOME, STARTMODE SYSTEM, STOPMODE SYSMSG, &
STARTUPMSG “<BCKP-CPU>”
100 CIP Configuration and Management
2.
Add the CIPMON process to the system configuration database by using SCF to the kernel
subsystem:
> ADD PROCESS $ZZKRN.#CIPMON, CPU ALL, NAME $ZCMnn, &
HOMETERM $ZHOME, AUTORESTART 10, &
PROGRAM $SYSTEM.SYSTEM.CIPMON, &
STARTMODE SYSTEM, STOPMODE SYSMSG
3.
For IP CIP, add the CIPSAM process (IP CIP only) to the system configuration database by
using SCF to the Kernel subsystem:
> ADD PROCESS $ZZKRN.#CIPSAM, AUTORESTART 10, PRIMARYCPU 0,&
BACKUPCPU 1, NAME $ZTC02, PROGRAM $SYSTEM.SYSTEM.CIPSAM, &
HOMETERM $ZHOME, STARTMODE SYSTEM, STOPMODE SYSMSG, &
STARTUPMSG "<BCKP-CPU>"
4.
Start all processes.
> START PROCESS $ZZKRN.#ZZCIP
> START PROCESS $ZZKRN.#CIPMON
> START PROCESS $ZZKRN.#CIPSAM
5.
Add a CLIM object.
> ADD CLIM $ZZCIP.N1002532
6.
Add a Provider object.
> ADD PROVIDER $ZZCIP.ZTC02
7.
Start the CLIM and Provider objects.
> START CLIM $ZZCIP.N1002532
> START PROVIDER $ZZCIP.ZTC02
You can also start and stop the CIP subsystem by using the SCF START and STOP commands to
the CIP subsystem ($ZZCIP). However, if $ZZCIP is a persistent process, it restarts automatically.
See “START PROCESS” (page 252) and “STOP PROCESS” (page 272).
Starting CIP on the CLIM
The CLIM itself starts automatically. Under certain circumstances, you may need to issue the ifstart
command. See “Controlling Interface States (IP CIP)” (page 102).
The SCF CLIM object does not start automatically, however. Start the CLIM by using the START
CLIM command. For example:
> START CLIM $ZZCIP.N1002532
Starting the IP Applications (IP CIP Only)
LISTNER and TELSERV come preconfigured on your system. However, if you need to start them,
follow these procedures.
1. Delete and add a DEFINE and PARAM for CIPSAM processes to be used as the transport
service providers for LISTNER and TELSERV.
From the SCF prompt, issue these commands:
>
>
>
>
>
2.
DELETE DEFINE =TCPIP^PROCESS^NAME
ADD DEFINE =TCPIP^PROCESS^NAME, CLASS MAP, FILE $ZTC0
DELETE PARAM TCPIP^PROCESS^NAME
PARAM TCPIP^PROCESS^NAME $ZTC0
PARAM ZTNT^TRANSPORT^PROCESS^NAME $ZTC0
Start LISTNER:
> RUN $SYSTEM.SYSnn.LISTNER /TERM $ZHOME, OUT $ZHOME, NAME $LSN0,
CPU 0, NOWAIT, PRI 160/1 LOG_GOTCONN
3.
Start TELSERV:
> RUN $SYSTEM.SYSnn.TELSERV /TERM $ZHOME, OUT $ZHOME, NAME $ZTN0,
CPU 1, NOWAIT, PRI 170/ -BACKUPCPU 0
Starting and Restarting CIP
101
Restarting CIP on the NonStop Host System
To restart the NonStop host system side of the CIP subsystem, you can stop and restart all the
objects subordinate to CIPMAN. This is like a reboot of the subsystem; all active connections are
stopped.
CAUTION: If you are not running an alternative TCP/IP subsystem, connect to CLCI by using the
OSM Low Level Link. (CLCI provides a primitive terminal emulation when no other TCP/IP subsystem
is available, but has limited functionality.) To connect to CLCI using OSM Low Level Link:
From the File menu, select Start Terminal Emulator > For Startup TACL.
This launches a CLCI TACL session.
1.
Stop the subordinate objects by using the SCF command:
> ABORT PROCESS $ZZCIP, SUB ONLY, FORCED
2.
Restart the subordinate objects by using the SCF command:
> START PROCESS $ZZCIP, SUB ONLY
Restarting CIP on the CLIM
To restart the CLIM, issue these CLIMCMD commands:
> CLIMCMD {clim-name | ip-address} clim abort
> CLIMCMD {clim-name | ip-address} clim start
You can also reboot a CLIM using the Reboot action in the OSM Service Connection.
For information about using the clim command, see “Troubleshooting Tools and Tips” (page 119).
Controlling Interface States (IP CIP)
To bring an interface up or down, use the ifstart and ifstop CLIMCMD commands. Use these
commands under these circumstances:
•
If you want to delete an interface once the CLIM is started; for example, if you want to change
physical interfaces to bonded interfaces. (You need to bring the interface down before doing
so.)
•
If you want to delete the only remaining slave of a bond. (You need to use ifstop on the bond
and then delete that slave.)
•
If you want to perform maintenance of the CLIM interfaces. (For example, when changing the
cables of an interface, you can do so without bringing down the entire CLIM. First issue an
ifstop command. This notifies the host that the interface is being intentionally brought down
for maintenance by the operator. The host does not take any action (such as failover) for that
interface. After you are done with the maintenance, issue an ifstart on the interface to
activate it for use.
NOTE: Sockets are not affected by ifstop but some socket operations that require the interface
state to be up may receive an error. For example, a connect may receive an unreachable
error.
Activating an Interface
Use the ifstart command to activate an interface if you stopped using the ifstop command. For all
data interfaces (eth1 – ethn, ib0–ibn, bonding and tunnel interfaces), this command informs the
NonStop host system to start using the specified interface. You execute the ifstart command on the
CLIM by using the CLIMCMD tool as described under “Entering CIP Commands” (page 71). Only
use the ifstart command to restart the interface after using ifstop command.
The ifstart command syntax is:
102 CIP Configuration and Management
CLIMCMD {clim-name | IP-address} ifstart interface
interface
Specifies the network interface name to be used by the NonStop host system for all interface
functionality. The interface name can be specified as a physical or bonded interface name,
for example, eth1 or bond0 or ib0, or a tunnel interface (for example, MYTUN).
Errors
•
The interface interface name is not configured.
•
This command is not supported for the interface eth0.
•
This command is not supported for the interface lo.
•
This command is not supported for the interface eth0:0.
•
slave interface is not configured for this bonded interface.
•
climagt process is not executing.
•
Interface is already in started state.
Deactivating an Interface
Use the ifstop command to deactivate an interface. ifstop brings down the physical, bonding, and
tunnel interfaces. All the IP addresses and routes associated with a network interface are deactivated,
including the IP addresses migrated to the failover CLIM.
You execute the ifstop command on the CLIM by using the CLIMCMD tool as described in “Entering
CIP Commands” (page 71).
For all data interfaces (eth1 - ethn, ib0–ibn, bonding, and tunnel interfaces), the ifstop command
brings down the interface. The interface is brought down by the NonStop host system. Issuing ifstop
on an interface does not trigger a failover.
If there is a tunnel associated with the specified interface, and if the tunnel interface is UP, CIP
does not allow the interface to be stopped. The tunnel interface must be stopped before its parent
interface can be stopped. The ifstop command syntax is:
CLIMCMD {clim-name |IP-address} ifstop interface [-force]
interface
Specifies the network interface to be brought down. The interface name can be a physical or
bonded interface name, for example, eth1, bond0, ib0 or a tunnel interface name (for example,
MYTUN).
-force
When used without –force option, ifstop prompts for confirmation before stopping the interface.
If the –force option is used, ifstop stops the interface without prompting for the confirmation.
Errors
•
The interface interface name is not configured.
•
This command is not supported for the interface eth0.
•
This command is not supported for the interface lo.
•
This command is not supported for the interface eth0:0.
•
climagt process is not executing.
•
Interface is in already in stopped state.
•
The interface interface has a tunnel interface associated with it. The tunnel interface should
be stopped prior to stopping the specified interface.
Controlling Interface States (IP CIP) 103
Configuring IPSec (IP CIP)
Internet protocol security (IPSec) provides application-transparent encryption services for IP network
traffic. You can set up IPSec on an IP-address-to-IP-address basis, and optionally on a UDP or TCP
port, but you cannot establish IPSec on a per interface basis.
NOTE:
In CIP, limited SCTP security is provided.
IPSec is configured on the CLIM using the climconfig command tool. See “Climconfig (Man Pages)”
(page 301) for detailed syntax of the IPSec configuration commands.
The IPSec configuration is not failed over and must be identical on the home and failover CLIMs
for addresses that can fail over between them.
Installing X.509 Certificates
Obtain certificates from a certificate authority (CA) and install them on the NonStop console by
following the instructions from your CA. Move the certificates, the private key files, and the certificate
revocation lists, which are stored in PEM format, to the /etc/racoon/certs directory on the
CLIM.
NOTE: While there are independent IPSec configurations for each provider, they all look for
certificates from this common directory (/etc/racoon/certs).
If the certificate of the peer is to be checked against a certificate authority, the certificate of the
CA also has to be stored in this directory. For OpenSSL to find the certificate it has to be linked
using the hashed name:
ln -s CAfile.pem 'openssl x509 -noout -hash < CAfile.pem'.0
If the certificate additionally is to be checked against a certificate revocation file (CRL) the CRL
must be stored in the same directory (/etc/racoon/certs) using a similar linked hashed name:
ln -s CRLfile.pem 'openssl x509 -noout -hash < CAfile.pem'.r0
Once the certificates are on the console, transfer them to the CLIM by using secure FTP from the
PuTTY application. You can find the PuTTY SFTP application (psftp.exe) on the console in C:\
Documents and Settings\Administrator\Desktop\putty\psftp.exe. From the DOS
comand prompt, run psftp.exe as follows:
psftp root@clim eth0 ip-address
NOTE: Use PuTTY only for transferring files between the CLIM and the console, not for CLIM
commands.
At the psftp prompt use the lcd command to go to the NonStop console folder where the certs
are located and the cd command to change directories to /etc/racoon/certs. Then use the
put command to transfer the files.
104 CIP Configuration and Management
Setting Up Links to the Certificate Revocation List (CRL) and to the Certificate Authority
(CA)
To set up links to the certificate revocation list (CRL) use this command (which executes using open
SSL):
1. Create a TACL macro file called clinks (for example) with these lines (substituting real values
for the parameters):
?tacl macro
CLIMCMD %1% ln -s /etc/racoon/certs/%2% /etc/racoon/certs/`openssl
x509 -noout -hash < /etc/racoon/certs/%2%`.0
CLIMCMD %1% ln -s /etc/racoon/certs/%3% /etc/racoon/certs/`openssl
x509 -noout -hash < /etc/racoon/certs/%2%`.r0
Where:
•
%1% is the CLIM name
•
%2% is the CA certificate file name
•
%3% is the CRL file name
For example:
TACL> clinks DL385C cacert.pem crl2.pem
Configuring Pre-Shared Keys
Pre-shared keys are used by the racoon daemon to establish automatically keyed IPSec security
associations. Use the climconfig psk commands to configure pre-shared keys. These commands
alter the contents of the /etc/racoon/psk.txt file.
NOTE: There are independent pre-shared key configurations for each provider when the
MULTIPROV option is ON for a particular CLIM and the -prov argument must be specified to
select the desired provider's configuration.
Climconfig Command Description
psk –add
Add pre-shared key information
psk –delete
Delete pre-shared key information
psk –info
Display pre-shared keys configured
Configuring Security Policies
Specific security requirements are defined at each node by a list of policies that form the node's
security policy database (SPD). The protection provided to each incoming or outgoing traffic flow
is verified or decided by consulting the SPD. You use the following climconfig commands to configure
the SPD. These commands alter the contents of the /etc/ipsec-tools.conf file.
SP objects added by climconfig are, by default, not immediately added to the active SPD maintained
by the kernel, unless the -load parameter is specified.
The climconfig sp -start command allows all configured SPs to be simultaneously added
to the SPD, allowing you to configure security policies carefully and then activate them as a group.
CLIMs that are rebooted automatically load all configured SPs into the SPD.
The climconfig sp -stop command removes all configured SP objects from the kernel's SPD,
but keeps them configured.
Configuring IPSec (IP CIP) 105
NOTE: There are independent security policy configurations for each provider when the
MULTIPROV option is ON for a particular CLIM, and the -prov argument must be specified to
select the desired provider's configuration.
Climconfig
Command
Description
sp –add
Add security policy configuration
sp –delete
Delete security policy configuration
sp –info
Display security policies configured
sp –start
Loads all configured security policies into the SPD
sp –stop
Empties the SPD, deactivating all configured security policies
Configuring Security Associations
Security associations are used by the authentication header (AH) and encapsulating security
payload (ESP) to agree upon the security algorithms, transforms, and parameters shared by the
sender and the receiver of a protected traffic flow. Use the climconfig sa command to configure
the security associations.
SA objects can either be configured as automatic SAs (the default), or as manual SAs (specified
with the -manual argument). Manual SAs are, by default, not immediately added to the active
SAD maintained by the kernel, unless the -load parameter is specified. Automatic SAs alter the
configuration of racoon, but racoon is not informed immediately of the change unless the -restart
argument is specified. Automatic SAs do not result in SAs being added to the SAD until racoon
successfully completes an IKE negotiation, as directed by the automatic SA configuration.
NOTE: There are independent security associations for each provider when the MULTIPROV
option is ON for a particular CLIM, and the -prov argument must be specified to select the desired
provider's configuration.
Climconfig
Command
Description
sa –add
Add security association to configuration file
sa –delete
Delete security association from configuration file
sa –info
Display security associations configured
Configuring Remote Information
The climconfig remote command alters racoon configuration to add or delete instructions for IKE
Phase 1 with remote peers, specifying how to authenticate the peer and what security parameters
to use for Phase 1 SAs. Like automatic SAs, racoon is not immediately informed when remote
configurations are added, unless the "-restart" parameter is specified to restart racoon with the
new configuration.
The remote command alters or gets information about the contents of the /etc/racoon/racoon.conf
file.
106 CIP Configuration and Management
NOTE: There are independent remote entries for each provider when the MULTIPROV option is
ON for a particular CLIM.
Climconfig
Command
Description
remote –add
Add remote entry into racoon.conf configuration file
remote –delete
Delete proposals for remote IP address from racoon.conf configuration file
remote –info
Display proposals and other configurations for the remote IP address from the racoon.conf
configuration file
Controlling the Virtual Private Network (VPN)
You activate and deactivate the virtual private network (VPN) connections by using the following
commands:
Command
Description
sp –start
Load configured security policies into the security policy database
vpn –status
Display status of virtual private network (VPN) connection
sp –stop
Unload security policies from security policy database
sa –stop
Unload security associations from security association database
Using IPSec
Tasks for configuring and managing IPSec are:
•
Configuring, controlling, and monitoring manual IPSec connections
•
Configuring, controlling, and monitoring automatic IPSec connections by using pre-shared
key or X.509 security certificates
•
Configuring all IPSec related attributes such as SP, SA, remote, and psk on a set of CLIMs
•
Adding a static route on the IPSec-enabled CLIM so the host routing decisions favor NonStop
host system application traffic to be forwarded to this CLIM
•
Restarting the racoon daemon if you add a new SA or remote attribute using the -restart
option. (Restart of racoon causes all active SAs in the kernel's SAD to be flushed (whether
these were automatically established by racoon, or were manually added SAs by climconfig).
This results in disruption of existing application data traffic over the established IPSec
connections.)
•
If a SP is modified (delete followed by add), a new IPSec connection is re-established
Here is a sample script for using CLIMCMD on a CLIM with MULTIPROV OFF on the NonStop host
system to issue IPSec climconfig commands to do sp, remote and sa with X.509 security certificates:
CLIMCMD 16.107.170.193 climconfig sp -add
-s 1.2.3.6 -d 1.2.3.4 -u any -dir in -policy ipsec
-protocol esp -mode transport -level require -load
CLIMCMD 16.107.170.193 climconfig sp -add
-s 1.2.3.4 -d 1.2.3.6 -u any -dir out -policy ipsec
-protocol esp -mode transport -level require -load
CLIMCMD 16.107.170.193 climconfig remote -add
-ip 1.2.3.6 -M base -idtype asn1dn
-pubcert host1_cert.pem
-privkey host1_key.pem -E 3des -H md5 -A rsasig
-D modp768 -restart
CLIMCMD 16.107.170.193 climconfig sa -add
Configuring IPSec (IP CIP) 107
-s 1.2.3.4 -d 1.2.3.6 -u any -P modp1024 -E aes
-A hmac_md5 -C deflate -restart
Configuring Transport of Authentication Events from CLIM
The CLIM Authentication Transport feature transports the authentication events from the CLIM to
the NonStop Host System. These authentication events record various security-related activities on
the CLIM. For example, events are generated by the SSHD process running on the CLIM when a
remote user attempts to log on to the CLIM. After the generation of these events on the CLIM, the
events are transported to the NonStop Host System. At the NonStop Host System, these
authentication events received from the CLIM are formatted and logged as EMS event 5239,
zcip-evt-clim-auth-event under a new EMS collector $ZCLA.
The EMS collector $ZCLA is automatically configured on the NonStop Host system as a persistent
process and is managed by the SCF KERNEL subsystem manager.
Checking the Status of the Collector $ZCLA
Issue this command to check the status of the $ZCLA collector:
$SYSTEM SYSTEM 2> scf status process $zzkrn.zcla
SCF - T9082H01 - (23JUN11) (02MAY11) - 05/02/2013 11:56:35 System \VIHAR
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
NONSTOP KERNEL - Status PROCESS \VIHAR.$ZZKRN.#ZCLA
Symbolic Name
Name
State
ZCLA
$ZCLA
STARTED
Total Errors = 0
Sub
Primary
PID
0,383
Backup
PID
1,380
Owner
ID
255,255
Total Warnings = 0
Starting the Collector
Issue this command to start the collector if the collector is in STOPPED state:
$SYSTEM SYSTEM 7> scf start process $zzkrn.zcla
SCF - T9082H01 - (23JUN11) (02MAY11) - 05/03/2013 14:58:09 System \VIHAR
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
KERNEL W00030 Process \VIHAR.$ZCLA started successfully.
Adding the Collector
Issue this command to add the collector with its default settings if the collector was not already
added:
ADD PROCESS $ZZKRN.ZCLA , &
AUTORESTART 5 , &
BACKUPCPU 1 , &
DEFAULTVOL $SYSTEM.ZAUDIT , &
HOMETERM $ZHOME , &
NAME $ZCLA , &
PRIMARYCPU 0 , &
PRIORITY 150 , &
PROGRAM $SYSTEM.SYSTEM.EMSACOLL , &
STARTMODE SYSTEM , &
STARTUPMSG "LOGSUBVOL $SYSTEM.ZAUDIT, SECURITY &
NUNU, LOGPREFIX C, BACKUP <BCKP—CPU>, EXT 512"
Refer to the SCF Reference Manual for the Kernel Subsystem for details on parameters, their values
and the commands to change the values of these default parameters.
Viewing the Events in the Collector $ZCLA
You can view the authentication events by using EMSDIST for the collector $ZCLA. Issue this
command:
108 CIP Configuration and Management
TACL> #SET #INFORMAT TACL
TACL> EMSDIST COLLECTOR $ZCLA, TYPE P, TEXTOUT [#MYTERM]
Retrieving the Events from the $ZCLA by an Application
This feature will allow security audit applications running on NonStop to access these logs and
include them in the audit reports. The application can retrieve these events from the collector $ZCLA.
Please refer to the EMS Manual for details on procedures to be used to retrieve the EMS messages
from the alternative collector.
Deleting the Collector
The logging of authentication events is an optional service. If you are not interested in authentication
events and do not want to have the collector $ZCLA running and creating the EMS logfiles, the
$ZCLA collector can be aborted and deleted. This stops logging of authentication events to the
collector $ZCLA. To abort and delete the $ZCLA collector, use the following commands:
$SYSTEM SYSTEM 3> scf abort process $zzkrn.zcla
SCF - T9082H01 - (23JUN11) (02MAY11) - 07/08/2013 20:24:47 System \VIHAR
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
KERNEL W00028 Process \VIHAR.$ZCLA aborted successfully.
$SYSTEM SYSTEM 4> scf delete process $zzkrn.zcla
SCF - T9082H01 - (23JUN11) (02MAY11) - 07/08/2013 20:24:57 System \VIHAR
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
Configuring CIP iptables/ip6tables (IP CIP)
To configure CIP iptables and ip6tables, use the CLIMCMD {clim-name | ip-address}
climconfig {climiptables|iptables|ip6tables} commands.
The CLIMCMD {clim-name | ip-address} climconfig climiptables command
enables and disables the configured functionalities for iptables and ip6tables, and also displays
the state and configurations of the iptables and ip6tables.
Before using climiptables you must enable the facility.
See : “Climconfig (Man Pages)” (page 301) for detailed syntax of the configuration commands.
The CLIMCMD {clim-name | ip-address} climconfig {iptables|ip6tables}
commands are used to configure the iptables and ip6tables configuration rules. Later in this section
are two examples of how one would use the climiptables facility: “To allow all inbound FTP traffic
on all but eth2 and to allow inbound telnet traffic only on eth2:” (page 110) and “To allow inbound
SNMP TRAPS (port 162) from IP address 100.100.100.56 only:” (page 111).
NOTE: The CIP iptables and ip6tables configurations are not failed over. You must pre-set the
failover CLIM’s iptables and ip6tables configuration in anticipation of a failover. You can compare
the configuration of the home CLIM and failover CLIM by comparing the –obeyform output of
climiptables from each CLIM and ensuring any iptables/ip6tables rules on the home CLIM exist
on the failover CLIM in anticipation of a failover.
Configuring climiptables
The command syntax for climconfig climiptables is
climconfig climiptables [-prov prov-name] {-enable | -disable
[-force] | -status | -info [-obeyform] | -h | -help | --help }
Climconfig Command
Description
climiptables -enable
Enable the iptables and ip6tables functionality
climiptables -disable [-force]
Disable the iptables and ip6tables functionality
Configuring CIP iptables/ip6tables (IP CIP) 109
Climconfig Command
Description
climiptables -status
Display the state of the climiptables
climiptables -info
Display the state of the climiptables and the iptables and ip6tables
configurations
climiptables -info -obeyform
Generate obeyform lines for the current iptables and ip6tables configurations
Configuring iptables/ip6tables
The command syntax for climconfig iptables is
climconfig iptables [HP options] arguments [-force]
The command syntax for climconfig ip6tables is
climconfig ip6tables [HP options] arguments [-prov prov-name] [-force]
The two options that can be used with iptables/ip6tables are -prov prov-name and -force. Each
provider has its own iptables and ip6tables configurations, and the -prov option to specify the
provider is mandatory on CLIMs that have the MULTIPROV ON option enabled. –force, used with
a sensitive command, causes the command to bypass user confirmation.
Climconfig iptables and climconfig ip6tables configure CIP iptables and ip6tables with the same
Linux iptables and ip6tables commands and options with some limitations:
•
Only INPUT chain of the ‘filter’ table is supported.
•
The Linux INPUT chain is accessed indirectly via the CIP built-in chain CIP_INPUT chain. Direct
access to the Linux INPUT chain is not permitted except for the ‘-L’ command.
•
The functionality of the configured iptables and ip6tables rules are controlled by the state of
climiptables. iptables and ip6tables can be configured while climiptables is disabled. The
configured iptables and ip6tables rules take no effect until climiptables is enabled.
Examples
To allow all inbound FTP traffic on all but eth2 and to allow inbound telnet traffic only on
eth2:
climcmd g6clim1 climconfig iptables -N ftp
climcmd g6clim1 climconfig iptables -A ftp -i eth2 -j REJECT
climcmd g6clim1 climconfig iptables -A CIP_INPUT -p tcp --dport 20:21 -j ftp
climcmd g6clim1 climconfig iptables -N telnetchain
climcmd g6clim1 climconfig iptables -A telnetchain ! -i eth2 -j REJECT
climcmd g6clim1 climconfig iptables -A CIP_INPUT -p tcp --dport 23 -j telnetchain
Following is the output for these commands:
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD g6clim1 climstatus -o t
climiptables Enabled: Yes
---------------------------------------------------------------------IPTABLES Configuration:
Chain INPUT (policy ACCEPT 11 packets, 889 bytes)
pkts bytes target
prot opt in
out
source
destination
7636 1970K ACCEPT
all -- any
any
g6clim1
anywhere
656K 228M ACCEPT
all -- eth0
any
anywhere
anywhere
204 13045 CIP_INPUT all -- any
any
anywhere
anywhere
146 9781 CIP_INPUT_p all -- any
any
anywhere
anywhere
110
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target
prot opt in
out
source
destination
Chain OUTPUT (policy ACCEPT 1166 packets, 220K bytes)
pkts bytes target
prot opt in
out
source
destination
CIP Configuration and Management
Chain CIP_INPUT (1 references)
pkts bytes target
prot opt in
18
972 ftp
tcp -- any
tcp dpts:ftp-data:ftp
4
224 telnet
tcp -- any
tcp dpt:telnet
out
any
source
anywhere
destination
anywhere
any
anywhere
anywhere
out
source
destination
Chain ftp (1 references)
pkts bytes target
prot opt in
out
2
120 REJECT
all -- eth2
any
reject-with icmp-port-unreachable
source
anywhere
destination
anywhere
Chain telnet (1 references)
pkts bytes target
prot opt in
out
1
60 REJECT
all -- !eth2 any
reject-with icmp-port-unreachable
source
anywhere
destination
anywhere
Chain CIP_INPUT_p (1 references)
pkts bytes target
prot opt in
IP6TABLES Configuration:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target
prot opt in
out
source
destination
21175 2062K ACCEPT
all
eth0
any
anywhere
anywhere
0
0 CIP_INPUT all
any
any
anywhere
anywhere
0
0 CIP_INPUT_p all
any
any
anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target
prot opt in
out
source
destination
Chain OUTPUT (policy ACCEPT 169 packets, 12844 bytes)
pkts bytes target
prot opt in
out
source
destination
Chain CIP_INPUT (1 references)
pkts bytes target
prot opt in
destination
out
source
Chain CIP_INPUT_p (1 references)
pkts bytes target
prot opt in
out
source
destination
---------------------------------------------------------------------Termination Info: 0
To allow inbound SNMP TRAPS (port 162) from IP address 100.100.100.56 only:
climcmd
climcmd
climcmd
climcmd
g6clim1
g6clim1
g6clim1
g6clim1
climconfig
climconfig
climconfig
climconfig
iptables
iptables
iptables
iptables
-N
-A
-A
-A
snmptrap
snmptrap ! -s 100.100.100.56 -j REJECT
CIP_INPUT -p tcp --dport 162 -j snmptrap
CIP_INPUT -p udp --dport 162 -j snmptrap
Following is the output for these commands:
\MYSYS.$SYSTEM.STARTUP 3> CLIMCMD g6clim1 climstatus -o t
climiptables Enabled: Yes
---------------------------------------------------------------------IPTABLES Configuration:
Chain INPUT (policy ACCEPT 1 packets, 64 bytes)
pkts bytes target
prot opt in
out
source
destination
5652 1325K ACCEPT
all -- any
any
G6CLIM1
anywhere
586K 228M ACCEPT
all -- eth0
any
anywhere
anywhere
14
725 CIP_INPUT all -- any
any
anywhere
anywhere
3
144 CIP_INPUT_p all -- any
any
anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target
prot opt in
out
source
destination
Chain OUTPUT (policy ACCEPT 821 packets, 165K bytes)
pkts bytes target
prot opt in
out
source
destination
Chain CIP_INPUT (1 references)
pkts bytes target
prot opt in
destination
out
source
Configuring CIP iptables/ip6tables (IP CIP)
111
10
2
528 snmptrap
117 snmptrap
tcp
udp
---
any
any
Chain CIP_INPUT_p (1 references)
pkts bytes target
prot opt in
any
any
anywhere
anywhere
anywhere
anywhere
out
source
destination
Chain snmptrap (2 references)
pkts bytes target
prot opt in
out
11
581 REJECT
all -- any
any
reject-with icmp-port-unreachable
tcp dpt:snmp-trap
udp dpt:snmp-trap
source
destination
!100.100.100.56 anywhere
IP6TABLES Configuration:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target
prot opt in
out
source
destination
16466 1599K ACCEPT
all
eth0
any
anywhere
anywhere
0
0 CIP_INPUT all
any
any
anywhere
anywhere
0
0 CIP_INPUT_p all
any
any
anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target
prot opt in
out
source
destination
Chain OUTPUT (policy ACCEPT 6 packets, 456 bytes)
pkts bytes target
prot opt in
out
source
destination
Chain CIP_INPUT (1 references)
pkts bytes target
prot opt in
destination
out
source
Chain CIP_INPUT_p (1 references)
pkts bytes target
prot opt in
out
source
destination
---------------------------------------------------------------------Termination Info: 0
Configuring Stream Control Transmission Protocol (SCTP) (IP and Telco
CIP)
CIP only supports one-to-one SCTP associations. To use SCTP, select the SCTP protocol socket
option from your application and ensure the PROTOCOL file contains an entry for SCTP. See the
TCP/IP Programming Manual for more information about setting the socket option to use SCTP.
See “PROTOCOL File” (page 78) in this manual for procedures for adding SCTP to the PROTOCOL
file.
Additional SCTP support is available on the Telco CLIM. Please see HP OpenCall INS documentation
for more information.
Round-Robin Filtering
For background information about round-robin filtering, see the NonStop TCP/IPv6 Configuration
and Management Manual.
To use the round-robin feature you must explicitly configure it; the default configuration is for
non-round-robin. If you are using Providers, you must also define the appropriate transport-service
provider (CIPSAM process) in the same TACL session in which you define the filter key so incoming
connections are distributed among application instances within the same Provider. For application
servers in a Provider environment to use the round-robin filtering feature, they must share both the
round-robin filter-key DEFINE and the transport-service provider DEFINE.
Enable round-robin filtering in CIP the same way you enable it in NonStop TCP/IPv6. Set the
DEFINE to enable round-robin filtering on your server processes by using this ADD DEFINE command
at the TACL prompt:
ADD DEFINE =PTCPIP^FILTER^KEY, CLASS MAP, FILE file-name
You can limit the shared ports by adding one or both of these DEFINEs:
ADD DEFINE =PTCPIP^FILTER^TCP^PORTS, FILE Pstartport.Pendport
ADD DEFINE =PTCPIP^FILTER^UDP^PORTS, FILE Pstartport.Pendport
The startport and endport variables are integers specifying the allowable port range. The
=PTCPIP^FILTER^TCP^PORTS key limits the shared TCP ports to the range defined in startportand
112
CIP Configuration and Management
endport. The =PTCPIP^FILTER^UDP^PORTS key limits the shared UDP ports to the range defined
in startport and endport. Ports outside those ranges are not shared.
You must always specify the =PTCPIP^FILTER^KEY DEFINE to enable round-robin filtering. If you
want to limit TCP and UDP ports, add the appropriate DEFINE after the =PTCPIP^FILTER^KEY
DEFINE.
In CIP, unlike in NonStop TCP/IPv6, you can have multiple application listeners in each processor.
NOTE:
The round-robin feature is used only for listening (server) sockets and not client sockets.
Logging Messages
The CLIM software logs error and some informational messages to /var/log/syslog as do the
kernel and most other applications. Messages from the CLIM software always include the component
name. The messages are forwarded to the Event Management System (EMS) on the NonStop host
system.
Configuring IPv6 (IP CIP)
This section provides an example of configuring IPv6.
1.
Configure IPv6 for the eth4 interfaces on each CLIM:
> CLIMCMD n1002532 climconfig ip -add eth4
-ipaddress 2001:0db8:0:0:0:0:1428:57ab -netmask 64
This interface is installed in network 2001:0db8:0:0/64.
> CLIMCMD n1002531 climconfig ip -add eth4
-ipaddress 2001:0db8:0:0:0:0:1428:57ac -netmask 64
2.
This interface is also in network 2001:0db8:0:0/64.
Add a default IPv6 static route to the eth4 interfaces on each CLIM.
> CLIMCMD n1002532 route –add eth4 -default –gateway 2001:0db8:0:0:0:0:0:1
> CLIMCMD n1002531 route –add eth4 -default –gateway 2001:0db8:0:0:0:0:0:1
Running Applications in Multiple Environments (IP CIP)
You may run applications in the conventional TCP/IP, NonStop TCP/IPv6 and CIP environments.
If you are using ATM or token-ring adapters your applications must use conventional TCP/IP. If
you are using Ethernet adapters, you can run your application in all environments.
Conventional TCP/IP and NonStop TCP/IPv6 environments cannot share the same LIF but they can
share an Ethernet 4 ServerNet adapter (E4SA) or Gigabit Ethernet 4-port ServerNet adapter (G4SA)
as those adapters have multiple LIFs. However, a Fast Ethernet ServerNet adapter (FESA) and a
Gigabit Ethernet ServerNet adapter (GESA) have only one LIF, so they can only support one
environment. Only CIP can run on a CLIM.
Managing the Configuration Preservation
The system configuration database (CONFIG) is part of the NonStop Kernel subsystem. The
conventional TCP/IP subsystem (NonStop TCP/IP) does not participate in the system configuration
database, but NonStop TCP/IPv6 and CIP do (although their configuration databases are not
compatible). When you configure CIP for the first time, the SCF objects are added to the system
configuration database and any alterations to those objects also update the configuration of those
objects in the system configuration database. The system configuration database stores your
subsystem configuration and can be accessed at any time to restore the subsystem to its last
configuration.
The CIPMAN, when started, starts any subordinate objects that are stored in the system configuration
database.
Logging Messages
113
Managing the Configuration Database on the NonStop Host System
Save your configuration database before configuring CIP for the first time and record the name
and date of the saved database. This saved configuration database can be used if higher RVUs
of CIP are incompatible with the CIP records residing in the system configuration database. If a
new RVU of CIP is incompatible with the data stored in the configuration database, you can restore
the saved configuration database and reconfigure CIP. This SCF command saves the current
configuration database file in a new file located at $SYSTEM.ZYSCONF.CONF0104:
> SAVE CONFIGURATI0N 01.04
The SCF SAVE command is documented in the SCF Reference Manual for J-Series and H-Series
RVUs.
CAUTION: The configuration database stores all SCF commands that you issue to modify your
CIP environment. If you use startup scripts to start your CIP subsystem, you should compare your
configuration database to those startup files to ensure that the startup files reflect these additional
modifications to the environment. For more detailed procedures and specific migration
considerations, see Chapter 6: IP CIP Migration, Compatibility and Operational Differences.
Managing Persistence on the NonStop Host System
You can add a generic process to the system configuration database and define that generic
process in such a way that the persistence manager restarts the generic process whenever the
generic process abends, is stopped through TACL, or the system is reloaded. To define the generic
process this way, set the STARTMODE to SYSTEM.
If you add the CIPMAN, CIPMON, or CIPSAM (IP CIP only) process as a generic process configured
in this way, these processes start automatically upon system reload and subsequently restores their
stored and subordinate objects. Alternatively, when you add the CIPMAN, CIPMON, or CIPSAM
process as a generic process to the system configuration database, you can choose to configure
it using STARTMODE MANUAL; this method requires that you start $ZZKRN.#ZZCIP manually by
using an SCF START command to the NonStop Kernel subsystem.
The persistence manager restarts persistent generic processes whenever they are stopped by the
TACL STOP command (if the generic process is configured with STARTMODE SYSTEM) in addition
to starting those generic processes when the system is reloaded. Hence, if CIPMAN, CIPMON, or
CIPSAM is a generic, persistent process (AUTORESTART > 0), any time you issue a TACL STOP
command to the CIP subsystem, CIPMAN, CIPMON, or CIPSAM gets restarted by the persistence
manager. To avoid this behavior and stop a persistent, generic, CIPMAN, CIPMON, or CIPSAM
process, issue the ABORT command to the NonStop Kernel subsystem as in this example:
> ABORT PROCESS $ZZKRN.#ZZCIP
> ABORT PROCESS $ZZKRN.#CIPMON
> ABORT PROCESS $ZZKRN.#CIPSAM
For more information about generic processes and the persistence manager, see the SCF Reference
Manual for the Kernel Subsystem.
Managing the CLIM Configuration Preservation
HP recommends that you store the CLIM configurations any time you change them. Two TACL
scripts are provided for this practice: one for backing up and one for restoring the CLIM
configuration.
NOTE:
You must be logged on as a super group user to run these commands.
climbkup and climrstr Command Synopsis
{climbkup | climrstr} {clim-name | ip-address | hostname}
[file-name | volume | volume.subvolume | subvolume.filename | volume.subvolume.filename]
114
CIP Configuration and Management
clim-name
Is the name of the CLIM to be backed up or restored.
ip-address
Is the IP address of the CLIM to be backed up or restored.
hostname
Is the hostname of the CLIM to be backed up or restored, without the subsystem qualifier. For
example: C1002531.
file-name
Is the name of the file on the NonStop system in which the backup configuration is stored. If
file-name is not specified, the default file name is BACKUPGZ.
subvolume
Is the name of the subvolume on the NonStop host system in which the backup configuration
is stored. If the command specifies a CLIM name, the default subvolume is clim-name. If the
command specifies an IP address, the default subvolume is the current subvolume.
volume
Is the name of the volume on the NonStop host system in which the backup configuration is
stored. If the command specifies a subvolume and no volume, the default volume is $SYSTEM.
If the command does not specify a volume or subvolume, the default location is
current-volume.subvolume.
climbkup and climrstr Considerations
•
A CLIM configured with J06.17 RVU or later can be restored with a backup file taken from
any RVU from J06.08 to the RVU with which the CLIM is configured. For example, if the CLIM
is configured with J06.17 RVU, any backup file taken from the RVUs J06.08 to J06.17 can
be used to restore on this CLIM.
This is not true for a CLIM configured with pre-J06.17 RVUs. In that case, a backup file should
be used only to restore on CLIMs that use the same RVU version as the backup file. For example,
if the backup file was taken from the J06.09 RVU, it can only be used to restore on a J06.09
CLIM. It may not be used to restore on a J06.10 CLIM.
•
CLIMRSTR is not designed to be run on a CLIM that is in the STARTED state. Additionally,
CLIMRSTR requires a reboot to be done after the restore. If a failover occurs during a restore
operation such that the CLIM being restored takes over the other CLIM, the failover information
and network configuration of the CLIM that fails may not be correct on the failover CLIM. HP
recommends using CLIMRSTR this way:
1. Abort or stop the CLIM.
2. Perform the restore operation.
3. Start the CLIM.
Examples
To create a backup copy of the CLIM configuration on the $SYSTEM volume of the NonStop host
system, use the CLIMBKUP clim-name TACL script. This command stores the configuration files
of CLIM n1002531 in $SYSTEM.n1002531:
tacl> CLIMBKUP n1002531
To restore your CLIM configuration files, use the CLIMRSTR clim-name TACL script. For example:
tacl> CLIMRSTR n1002531
This command copies the configuration information that was saved during the backup operation
on the NonStop host system from the $SYSTEM disk to the CLIM. Before invoking this command,
the CLIM should be stopped or aborted. Upon completion of this command, the CLIM must be
rebooted to load the new configuration.
Managing the Configuration Preservation
115
The following table shows examples of behavior for the CLIMBKUP command and indicates
differences in behavior between different releases:
Example Command
Backup File and Location (J06.06 and Behavior and File Backup Locations for
H06.17 and later RVUs)
Previous RVUs
CLIMBKUP N1002531
$system.n1002531.backupgz
Same
CLIMBKUP N1002531 file-name
$system.n1002531.file-name
$current-vol.file-name.backupgz
CLIMBKUP N1002531
subvol.file-name
$system.subvolume.file-name
UNSUPPORTED
CLIMBKUP N1002531 $volume
$volume.n1002531.backupgz
UNSUPPORTED
CLIMBKUP N1002531
$volume.subvolume
$volume.subvolume.backupgz
Same
CLIMBKUP N1002531
$volume.subvolume.file-name
$volume.subvolume.file
UNSUPPORTED
CLIMBKUP 192.0.2.1
$current-vol.current-subvol.backupgz
UNSUPPORTED
CLIMBKUP 192.0.2.1 file-name
$system.current-subvol.file-name
$current-vol.file-name.backupgz
CLIMBKUP 192.0.2.1
subvolume.file-name
$system.subvolume.file-name
UNSUPPORTED
CLIMBKUP 192.0.2.1 $volume
$volume.current-subvol.backupgz
UNSUPPORTED
CLIMBKUP 192.0.2.1
$volume.subvolume
$volume.subvolume.backupgz
Same
CLIMBKUP 192.0.2.1
$volume.subvolume.file-name
$volume.subvolume.file-name
UNSUPPORTED
Planning for Coexistence With Conventional TCP/IP (IP CIP Only)
For the same application processes, one socket can be associated with the conventional NonStop
TCP/IP subsystem, another with the NonStop TCP/IPv6 subsystem and another with the CIP
subsystem by programmatically changing the transport-service provider process.
NOTE:
Parallel Library TCP/IP cannot coexist with CIP.
Stopping CIP
CAUTION: If you are not running an alternative TCP/IP subsystem, connect to CLCI by using the
OSM Low Level Link. (CLCI provides a primitive terminal emulation when no other TCP/IP subsystem
is available, but has limited functionality.)
To stop the CIP subsystem follow these procedures:
•
“Preparing to Stop the CIP Subsystem”
•
“Stopping CIP” (page 118)
Preparing to Stop the CIP Subsystem
Task Summary
1.
2.
Ensure that you do not stop the TCP/IP process running your terminal.
Check for applications using CIP.
Tasks: Preparing to Stop the CIP Subsystem
1.
116
Ensure that you do not stop the TCP/IP process that is running your home terminal.
CIP Configuration and Management
a.
Enter WHO at the TACL prompt:
> WHO
\HOME.$SYSTEM.SYSTEM 2> WHO
Home terminal: $ZTNP1.#PTYPRAB
TACL process: \HOME.$Z34A
Primary CPU: 2 (NSR-G)
Default Segment File: $SYSTEM.#0000382
Pages allocated: 24 Pages Maximum: 1024
Bytes Used: 32820 (1%) Bytes Maximum: 2097152
Current volume: $SYSTEM.SYSTEM
Saved volume:
$SYSTEM.SYSTEM
Userid: 255,255 Username: SUPER.SUPER Security: "AAAA"
Logon name: SUPER.SUPER
The TELSERV process, $ZTNP1, is listed next to the HOME TERMINAL field. Make note
of the TELSERV process.
b.
Check all TCP/IP processes to find the one that has your TELSERV process listed as an
opener. This is the process that you do not want to shut down.
> SCF
> LISTDEV TCPIP
LDev
204
298
305
332
c.
d.
Name
$ZTC0
$TCPS3
$TCPS1
$ZTC01
PPID
1,302
3,278
1,341
0,301
BPID
0,322
1,389
Type
(48,0
(48,0
(48,0
(48,0
)
)
)
)
RSize
32000
57344
57344
57344
Pri
200
201
201
201
Program
\HOME.$SYSTEM.SYS07.TCPIP
\HOME.$SYSTEM.SYS07.CIPSAM
\HOME.$SYSTEM.SYS07.CIPSAM
\HOME.$SYSTEM.SYS07.CIPSAM
Make a note of the CIPSAM processes (in this example, $TCPS3, $TCPS1, $ZTC01) so
that you can shut them down in your shutdown procedures (see “Stopping CIP” (page 116).
Issue a LISTOPENS PROCESS $process-name on each process listed in the display for
LISTDEV TCPIP until you find the process that is running the TACL prompt of your home
terminal.
The listing shows all the processes depending on $ZTC0:
> LISTOPENS PROCESS $ZTC0
Openers
PPID
$ZPRP1
1,304
$ZPRP1
1,304
$ZPRP1
1,304
$ZTN1
1,305
$ZTSM
0,307
$ZCVP1
0,324
$ZPMP1
1,266
$ZPMP1
1,266
$ZTNP1
1,305
$ZNET
0,21
BPID
PLFN
4
5
6
3
22
1
2
3
4
2
BLFN
0
0
0
0
0
0
0
0
0
0
Protocol
TCP
TCP
TCP
TCP
TCP
UDP
UDP
TCP
TCP
#ZSPI
Lport
echo
finger
ftp
telnet
980
548
111
111
telnet
*
In the Openers column, $ZTNP1 is an opener of the $ZTC0 process. In this example,
$ZTNP1 is the TELSERV process running our home terminal so you must make sure you
do not shut it down. If the process running your home terminal is a CIPSAM process, use
TELNET to connect to another TCP/IP process (conventional TCP/IP or NonStop TCP/IPv6)
if one is available. If you are not running an alternative TCP/IP subsystem, connect to
CLCI by using the OSM Low Level Link. (CLCI provides a primitive terminal emulation
when no other TCP/IP subsystem is available, but has limited functionality.)
2.
Determine if any applications are using the CIPMONs and make a note of the application
names. Enter this command at the SCF prompt (a sample display follows this command):
The listing shows all the processes depending on the CIP subsystem:
> LISTOPENS MON $ZZCIP.*
CIP Listopens MON \HOME.$ZZCIP.#ZPTM0
Openers
$ZPT0
$ZPT0
$ZPT0
PPID
BPID
0,295
0,295
0,295
PLFN
BLFN
6
7
Protocol
5
0
0
0
Lport
TCP
TCP
TCP
echo
finger
ftp
Stopping CIP
117
$ZTN0
$ZTN0
$ZTN0
$ZTN0
$ZTN0
$ZTN0
$ZTN0
$ZTN0
$ZTN0
$Z07S
0,277
0,277
0,277
0,277
0,277
0,277
0,277
0,277
0,277
0,331
3
5
10
7
4
8
9
6
12
1
0
0
0
0
0
0
0
0
0
0
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
telnet
telnet
telnet
telnet
telnet
telnet
telnet
telnet
telnet
ftp
In the above display, you would record all the opener processes: $ZPT0, $ZTN0, $ZTF0,
$Z0KW, $Z0KX, $ZTN0, and $Z07S to be stopped.
Stopping CIP
You must stop the CIP subsystem from a conventional TCP/IP or NonStop TCP/IPv6 environment
or by using CLCI.
Perform the tasks in “Preparing to Stop the CIP Subsystem” (page 116) before following these
procedures.
Task Summary
1.
2.
3.
4.
5.
6.
Stop
Stop
Stop
Stop
Stop
Stop
all openers of the CIPMONs.
the CLIM.
the CIPSAM processes.
the PROVIDER objects.
the CIPMON processes.
the CIPMAN process.
1.
Stop all openers of the CIPMONs.
Tasks
NOTE: The LISTNER and TELSERV do not support the SCF ABORT command so you must
use the TACL STOP command to stop those processes.
Enter these commands at the TACL prompt:
> STOP PROCESS $ZTN0
> STOP PROCESS $LSN0
2.
Stop the CLIMs by entering these SCF commands:
> STOP CLIM $ZZCIP.clim-name
3.
Stop the CIPSAM processes by entering these SCF commands:
> ABORT PROCESS $ZZKRN.#CIPSAM
4.
Stop the PROVIDER objects by entering these SCF commands:
> ABORT PROVIDER $ZZCIP.ZTC1, FORCED
> ABORT PROVIDER $ZZCIP.ZTC0, FORCED
> ABORT PROVIDER $ZZCIP.ZTCP0, FORCED
> ABORT PROVIDER $ZZCIP.$ZTCP1, FORCED
5.
Stop the CIPMON processes:
> ABORT PROCESS $ZZKRN.#CIPMON
6.
Stop the CIPMAN process:
> ABORT PROCESS $ZZKRN.#ZZCIP
118
CIP Configuration and Management
Monitoring the Network (IP CIP)
To monitor your network, use these management tools:
•
ping command
•
Tracer utility
•
Event Management System (EMS) Messages
NOTE: Before using the ping and tracer utilities, set the transport provider name to the
appropriate CIPSAM process by using the ADD DEFINE TCPIP^PROCESS^NAME command.
Testing Access to Internet Network Hosts by Using the Ping Command (IP
CIP)
The ping command accepts an IPv4 address, IPv6 address, or node name on the command line.
For information about using the PING command, see the TCP/IP Applications and Utilities User
Guide.
Displaying a Datagram’s Route to a Network Host by Using Traceroute
The CLIMCMD {clim-name | ip-address} traceroute command displays the path taken by IP
packets on route to a network host. Use the CLIMCMD traceroute command to determine any
problems that these packets might encounter. From each gateway system along the path, the
CLIMCMD traceroute command tries to elicit an ICMP TIME_EXCEEDED message. From the
destination remote host, the CLIMCMD traceroute tries to elicit an ICMP_PORT_UNREACHABLE
message.
> CLIMCMD {clim-name | ip-address} traceroute
For more information see the traceroute man page by entering:
> CLIMCMD {clim-name | ip-address} man traceroute
For more information on tracing, see “TRACE Commands” (page 275).
NOTE: Since traceroute is a network-sensitive command, the provider option be specified to
CLIMCMD if the MULTIPROV option is ON. If the MULTIPROV attribute is set to ON, see the
Considerations section under prov(1p).
Event Management System (EMS) Messages
CIP generates event messages that are documented in the Operator Messages Manual.
NOTE: Messages with number 5227 are Linux messages: they have no immediate effect but
may indicate a problem on the CLIM. These are most likely informational events but may be used
by your service provider.
Linux events are also sent to EMS.
Troubleshooting Tools and Tips
Several tools are available to you for troubleshooting the CIP environment.
•
SCF STATUS, DETAIL command for information about all or failing CIP objects
•
SCF INFO, DETAIL command for information about all or failing CIP objects
•
SCF LISTOPENS, DETAIL command for information about MON and PROV (IP CIP only)
•
Linux tcpdump command to collect network tracing info.
You also can use the CLIMCMD {clim-name | ip-address} clim command to abort, reboot
and start the CLIM as well as to collect information. The CLIMCMD clim command is automatically
Monitoring the Network (IP CIP)
119
invoked when a CLIM stops because of issues in software. A snapshot file that captures the CLIM
debug files is created when a CLIM has failed due to a software or hardware problem or when a
CLIM is aborted by the operator by using the CLIMCMD clim abort command. The snapshot
is created as /home/debuginfo/clim-date-time.tgz. (date-time is computed and
replaced automatically). The snapshot includes the network configuration files, core files of the
CLIM software components, and network configuration in the kernel. This automatically created
snapshot is available as of the J06.04 and H06.16 RVUs.
However, in the following scenarios, the CLIM snapshot file is not created automatically:
•
Configuration issues
•
Failover issues
•
Any issue that does not result in an intended or unintended stop of the CLIM or CLIM software
In these scenarios, create the CLIM snapshot manually by using the CLIMCMD command clim
with the onlinedebug parameter on the problematic CLIM. The onlinedebug parameter
manually generates and archives the snapshot file /home/debuginfo/clim-date-time.tgz.
The onlinedebug parameter is available as of J06.05 and H06.16.
HP recommends sending this snapshot to your support provider for analysis during troubleshooting.
CLIMCMD clim Command
CLIMCMD {clim-name | clim-ip-address} clim [abort | clearlog | reboot
| start | onlinedebug | enable-policy-routing | disable-policy-routing | info ]
abort
Abort and dump all CLIM processes.
clearlog
Allows a CLIM that has stopped trying to restart itself after reaching a retry threshold to be
resumed. Should be followed by 'clim start'.
reboot
Reboots the CLIM, after taking a system memory dump.
start
Starts the CLIM software. The CLIMMON, CONFSYNC, CLIMAGT, and CIPSSRV processes
are started. Before starting the processes, CLIM related information is packaged into a
compressed tar file for debugging purpose.
onlinedebug
Packages clim-related information into a compressed tar file for debugging purposes.
enable-policy-routing
Enables policy based routing, which ensures that the interface with the IP address bound by a
socket will be used by that socket for outgoing network traffic, or that an interface with an IP
address in the source address of the network packet is used for routing the packet.
The default is enable-policy-routing.
disable-policy-routing
Disables policy routing on the next CLIM reboot.
info
Provides clim configuration information. This command displays the current value/status of
configurable clim parameters.
clim Command Examples
If you need to reboot the CLIM, issue the CLIMCMD clim command with the clearlog and reboot
options:
120 CIP Configuration and Management
> CLIMCMD n1002532 clim clearlog
> CLIMCMD n1002532 clim reboot
Here is an example of using onlinedebug:
> CLIMCMD n1002532 clim onlinedebug
Here is an example of checking policy routing settings:
> CLIMCMD n1002581 clim info
SSH client version T9999H06_21Jun2010_comForte_SSH_0088
policyRouting: Enabled
Termination Info: 0
Event Logging
The CIP subsystem generates NonStop host system reporting of CLIM issues. The report may be in
the form of error codes for cancelled commands or Event Management System (EMS) messages
issued in the NonStop host system. See the Operator Messages Manual for information about
events reported through the Event Management System (EMS).
Use the CLIMCMD climstatus command to show the current CLIM state and to obtain status
information. See “Displaying System Information” (page 93), climstatus(1)
NOTE:
For pre-J06.08 and H06.19 RVUs, the time zone on the CLIM is GMT.
For J06.08 and later J-series RVUs and H06.19 and later H-series RVUs, the time on the CLIM is
synchronized with the time on the NonStop host. For these RVUs, CLIMs run with the local time of
the NonStop host.
During a failure, some information is automatically dumped, zipped and stored in the
/home/debuginfo directory. Procedures for managing these files (copying, transferring, and
deleting) are similar to managing files collected by using tcpdump.
Linux Command Logging with cmd Command Wrapper
Certain native Linux commands issued via CLIMCMD, whether destructive or not, need to be logged
into the system log. cmd is the command wrapper used for executing supported Linux commands
on the CLIM and logs them into the system log. The user-entered command is logged in its entirety
to the system log, along with its arguments and information on the NonStop user who issued the
command. The result of the command, along with the CLIM user information, is written to the system
log.
NOTE:
This feature is supported for J06.10/H06.21 and later RVUs only.
The syntax is:
CLIMCMD {clim–name | ip-address } cmd command-name [arg1 arg2...argn]
command-name
Specifies the Linux command to be executed.
arg1
Specifies arguments for the command.
arg2
Specifies arguments for the command.
This example shows the execution of a rm command using the command wrapper, and the
corresponding text logged into syslog:
TACL> CLIMCMD C1002781 cmd rm file1
NonStop User: SUPER.OPER CLIM User: root Command Succeeded: rm file1
Troubleshooting Tools and Tips
121
Detecting Duplicate IP Addresses
As of RVU J06.10 / H06.21, CIP detects duplicate IPv4 addresses and MAC addresses in a subnet.
When a duplicate IP or MAC Address is detected, EMS Event 5230 will be created. One of these
alarms will be created:
•
Duplicate CLIM IP Address: A duplicate IP address has been detected within the same network
and a potential loss of network connectivity for sockets using that source IP address may occur.
This alarm must be manually deleted.
•
Duplicate CLIM MAC Address: A duplicate MAC address has been detected within the same
network and a potential loss of network connectivity through the interface with that MAC
address may occur. This alarm must be manually deleted.
Displaying Link Speed
Use ethtool to display the speed of a link. The syntax is:
ethtool
interface-name
where interface-name is eth1, eth2, etc. Example 14: Ethtool Link Speed Display shows the
display:
Example 14 Ethtool Link Speed Display
ethtool eth1
Settings for eth1:
Supported ports: [ TP ]
Supported link modes:
10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
<==== current Speed
Duplex: Full
<--- current duplex mode
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: g
Link detected: yes
Verifying the lunmgr Configuration of Two Storage CLIMs
To provide fault tolerance, two storage CLIMs must always be connected to the same physical disk.
Each storage CLIM identifies the disks connected to it and assigns a LUN to each device. This LUN
must match between the two CLIMs. If they point to different physical devices on the two CLIMs,
neither path to the disk can be started. This can occur when one storage CLIM in a pair is replaced
or a new enclosure is added or removed.
To detect LUN configuration problems, use the CLIMSCMP tool. The syntax is:
CLIMSCMP [/out out-file | /outv var-name] clim-name-1 clim-name-2
out out-file
Directs the display text to the file out-file.
outv var-name
Directs the display text to the variable var-name.
122
CIP Configuration and Management
clim-name-1
Specifies the name of the first storage CLIM to be compared.
clim-name-2
Specifies the name of the second storage CLIM to be compared.
CLIMSCMP Considerations
CLMSCMP must be run by a member of the SUPER group.
CLIMSCMP displays its completion status with a message completion code. Successful termination
results in a completion code equal to zero. Error conditions are reported with a completion code
greater than zero; warning conditions are reported with a completion code less than zero, as
follows:
Completion
Code
Description
-6
ESS LUN is connected through two different FC ports
-5
Tape enclosure is configured but not connected to the CLIM
-4
Disk enclosure is configured on both the CLIMs, but is disconnected from one of the CLIMs
-3
Disk enclosure is configured but not connected to the CLIM
-2
Certain enclosures were found to be single ported
0
Success
1
Syntax Error
2
At least one of the specified CLIMs does not exist in the CIP subsystem
3
At least one of the specified CLIMs is not of type STORAGE
4
SSH connection could not be established to at least one of the specified CLIMs
5
lunmgr –e command did not execute successfully on at least one of the specified CLIMs
6
A mismatch was found while comparing the enclosure information of the two CLIMs
7
A non-super group user invoked CLIMSCMP
8
Disk enclosure is connected to both the CLIMs, but not configured on one of the CLIMs
CLIMSCMP Examples
Below are examples of various configurations and the messages that CLIMSCMP returns.
•
All enclosures are correctly configured and connected on both the CLIMs:
TACL> CLIMSCMP C1002581 C1002582
The enclosure configurations of ‘C1002581’ and ‘C1002582’ CLIMs match.
Termination Info: 0
•
Enclosures are configured and connected to both the CLIMs but there is a mismatch in the
attribute values:
TACL> CLIMSCMP C1002581 C1002582
Error: Mismatch in enclosure configurations of two CLIMs
C1002581:
C1002582:
lun
200
200
type
1
1
stable address
enclosure 500143800045e880
enclosure 5001438000464500
serial #
SGA802004A
SGA802004H
revision
2.18
2.18
Termination Info: 6
Troubleshooting Tools and Tips
123
•
Disk enclosure is configured but not connected to the CLIM:
TACL> CLIMSCMP C1002581 C1002582
Warning: Enclosure disconnected from the CLIM 'C1002581'
C1002581:
lun
type
stable address
serial #
200
1
enclosure 500143800045e880
---
revision
---
Termination Info: -3
•
Disk enclosure is connected to both the CLIMs, but not configured on one of the CLIMs:
TACL> CLIMSCMP C1002581 C1002582
Error: Enclosure configured on the CLIM 'C1002581' but not on the CLIM 'C1002582'
C1002581:
lun
200
type
1
stable address
enclosure 500143800045e880
serial #
SGA802004A
revision
2.18
Termination Info: 8
•
Disk enclosure is configured on both the CLIMs, but is disconnected from one of the CLIMs:
TACL> CLIMSCMP C1002581 C1002582
Warning: Enclosure disconnected from the CLIM 'C1002533'
lun
type
C1002581:
300
1
C1002582:
300
1
Termination Info: -4
•
stable address
enclosure 500143800046f780
enclosure 500143800046f780
serial #
SGA8040070
-------
revision
2.28
------
Tape enclosure is configured but not connected to the CLIM:
TACL> CLIMSCMP C1002581 C1002582
Warning: Enclosure disconnected from the CLIM 'C1002581'
C1002582:
lun
1
type
3
stable address
tape HP M8505 #HU10837WNA
serial #
------
revision
------
Termination Info: -5
•
All enclosures are correctly configured and connected on both CLIMs. However, certain
enclosures were found to be single ported:
TACL> CLIMSCMP C1002581 C1002582
Warning: Following enclosures are single ported
C1002581:
C1002582:
lun
200
300
type
1
1
stable address
enclosure 500143800045e880
enclosure 500143800045e880
serial #
SGA802004A
SGA802004A
revision
2.18
2.18
400
500
1
1
enclosure 5001438000464500
enclosure 5001438000464500
SGA802004H
SGA802004H
2.18
2.18
Termination Info: -2
•
All the disk enclosures are correctly configured and connected on both the CLIMs. However,
certain enclosures have ESS LUNs connected through two different FibreChannel ports:
TACL> CLIMSCMP C1002551 C1002553
124
Warning: ESS LUN is connected through two different FC ports
lun
type
stable address
serial #
C1002551:
1000
2
port 50060e8004289406
10388
C1002553:
1000
2
port 50060e8004289413
10388
revision
5009
5009
Warning: ESS LUN is connected through two different FC ports
lun
type
stable address
serial #
C1002551:
1500
2
port 50060e8004289406
10388
C1002553:
1500
2
port 50060e8004289413
10388
revision
5009
5009
CIP Configuration and Management
Termination Info: 0
CLIMSCMP Messages
Error messages:
•
Error: Only SUPER group users are allowed to run 'CLIMSCMP'.
•
Error: No value specified for the 'run-option' run-option.
•
Error: Unsupported run-option 'run-option' specified.
•
Error: 'clim-name' is not a configured CLIM.
•
Error: 'clim-name-1' and 'clim-name-2' are not configured CLIMs.
•
Error: SSH connection could not be established to the CLIM 'clim-name'.
•
Error: SSH connection could not be established to the CLIMs 'clim-name-1' and
'clim-name-2'.
•
Error: No CLIMs specified for the comparison of enclosures.
•
Error: Only two CLIMs can be specified for the comparison of enclosures.
•
Error: 'clim-name' is not a storage CLIM.
•
Error: 'clim-name-1' and 'clim-name-2' are not storage CLIMs.
•
Error: Could not successfully execute 'lunmgr -e' on the CLIM 'clim-name'.
•
Error: Could not successfully execute 'lunmgr -e' on the CLIMs 'clim-name-1' and
'clim-name-2'
Warning messages:
•
Warning: Only SUPER group users are allowed to run 'CLIMSCMP'.
•
Warning: Following enclosures are single ported.
Tip: Finding an Available UDP Port (IP CIP Only)
Use the LISTOPENS MON command to display UDP ports in use. See the Expand Configuration
and Management Manual for examples of finding available UDP ports.
CLIM and Host Incompatibility
If the CLIM stays in the STARTING state, the CLIM software might be incompatible with the host.
In this case, event 5228 is generated. To fix this, upgrade or downgrade the CLIM software to
match the host RVU version. See Chapter 4 (page 133) for the CLIM upgrade procedure. See the
Software Installation and Upgrade Guide for your host system RVU for procedures for downgrading
the CLIM, or contact your service provider to perform the downgrade.
If the CLIM is in the STARTED state, you can determine the CLIM software version by using OSM
Low Level Link, OSM Service Connection, or by entering:
SCF > VERSION CLIM
$ZZCIP.clim-name
If the CLIM is not in the STARTED state, you can use either OSM Low Level Link or the CLIMCMD
command with the Linux cat subcommand by entering:
> climcmd clim-name cat /etc/vproc
Multiple RVUs of a CLIM are allowed on a system as long as all CLIMs have CLIM RVUs that are
compatible with the host RVU.
Troubleshooting Tools and Tips
125
Troubleshooting Network Applications Using Tcpdump
To trace and collect network traffic, you can use the Linux tcpdump command. On systems running
J06.06 or later J-series RVUs or H06.17 or later H-series RVUs, you can then transfer those files
to the NonStop host.
CAUTION: For pre-J06.06/H06.17 RVUs, do not use SFTP to transfer dumps and logs from
CLIMs to the NonStop host system. The only supported SFTP application for transferring files between
the CLIM and the console on pre-J06.06/H06.17 RVUs is PuTTY SFTP. Do not use PuTTY to enter
CLIM commands.
NOTE: Since tcpdump is a network-sensitive command, the provider option be specified to
CLIMCMD if the MULTIPROV option is ON. If the MULTIPROV attribute is set to ON, see the
Considerations section under prov(1p).
NOTE: In pre-J06.09/H06.20 RVUs, tcpdump can show large IP packets even when the jumbo
frame feature is not enabled on the CLIM interface. This can occur because Ethernet ports on the
IP and Telco CLIM were configured with TCP Segmentation Offloading (TSO) in hardware. TSO
enables the network stack to buffer a large stream of data (much larger than the supported MTU
of the medium) to the NIC. The NIC hardware segments it into MSS-sized packets with proper
sequence numbers. Because the packet-capture engine used by tcpdump operates above the
interface layer, the packet-capture engine captures the packet prior to the NIC-hardware
segmentation. This behavior results in packets captured by tcpdump showing a larger packet size
than the supported MTU. Packets passively captured on the wire (using a mirrored port on the
switch) would show the correct packet size.
Running tcpdump can impact system performance. These suggestions can reduce this impact:
1. Run tcpdump with -n to avoid name resolution.
2. Save the traces to a file with -w. This option causes the raw packets to be saved instead of
being parsed and printed in real time.
3. Do not run tcpdump with -i any.
4. Limit the capture size to the minimum when possible. Specifying -s 1500 can increase the
performance impact.
Running tcpdump
Here are steps for collecting traces by using tcpdump:
1. Create a trace directory on the CLIM
2. Identify all the TCP/IP attributes required to focus on only the data to be traced.
3.
•
Use the -n flag to avoid reverse look up of IP addresses
•
See the tcpdump man page for details.
Capture the trace data and save to the trace file in bin format.
NOTE:
4.
5.
6.
You must be logged on as a super group user to run tcpdump.
Move the collected trace file to the NonStop host or the NonStop console.
Remove the trace file and trace directory from the CLIM.
Decode the trace file.
Example 15 Using tcpdump
1.
Create a trace directory on the CLIM.
Use climcmd clim-name mkdir tracedir
> == Create a temporary directory on the CLIM
>
126
CIP Configuration and Management
>climcmd n1002582 mkdir /home/mylog
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
Termination Info: 0
> == List the directory and files
>
> climcmd N1002582 ls -lrt /home/mylog
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
total 0
2.
Capture the data.
a. For CLIMs with MULTIPROV OFF:
Use climcmd clim-name man tcpdump for information.
Press the break key
>
>
>
>
>
on Mr-Win6530 to stop the tracing.
== run tcpdump (must be super group user) and save
== the output goes to a binary file, that can be
== decoded by other tools or tcpdump itself
== Look for traffic from/to host 192.0.2.1
climcmd N1002582 tcpdump -n -i any -w /home/mylog/telnet-data-to-10 host 192.0.2.1
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
***CLIMCMD: Script terminated at user request
>
> == Stop tracing by the <break> key
b.
For CLIMs with MULTIPROV ON:
Use climcmd clim-name man tcpdump for information.
Press the break key
>
>
>
>
>
on Mr-Win6530 to stop the tracing.
== run tcpdump (must be super group user) and save
== the output goes to a binary file, that can be
== decoded by other tools or tcpdump itself
== Look for traffic from/to host 192.0.2.1
climcmd N1002582 –provider ZTC0 tcpdump -n -i any -w /home/mylog/telnet-data-to-10 host 192.0.2.1
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
***CLIMCMD: Script terminated at user request
>
> == Stop tracing by the <break> key
3.
Decode the trace file.
Use climcmd clim-name ls —lrt tracedir to list the trace file.
Use climcmd clim-name tcpdump -r tracefile to decode the file.
> == Check the trace output file
>
> climcmd N1002582 ls -lrt /home/mylog
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
total 124
-rw-r--r-- 1 root root 122880 2009-01-29 01:01 telnet-data-to-10
Termination Info: 0
>
> == Decode the tracefule using tcpdump -r
>
> climcmd N1002582 tcpdump -r /home/mylog/telnet*
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
reading from file /home/mylog/telnet-data-to-10, link-type LINUX_SSL (Linux cooked)
00:48:50:339967 IP N1002582.ssh > 192.0.2.1.44632: P 1:197(196) ack 0 win 349
9 <nop,nop,timestamp 135991971 86225567>
4.
Copy the trace file to the NonStop host.
Troubleshooting Tools and Tips
127
NOTE:
This SFTP syntax can be used for J06.06/H06.17 and later RVUs only.
Use sftp -S $zssp0 user@ip-address:trace-dir/trace-file target-file
> == Move the file from the CLIM to the host
>
> sftp -S $zssp0 [email protected]:/home/mylog/lnet-data-to-10 tcpd10
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
Connecting to 192.0.2.1...
Fetching /home/mylog/telnet-data-to-10 to tcpd10
-----------------------------------Filename
BytesNow %
Bytes/s
Remaining
-----------------------------------/home/mylog/telnet-data-to-10
0
0%
0.0KB
--:------------------------------------Filename
BytesNow %
Bytes/s
TimeSpent
-----------------------------------/home/mylog/telnet-data-to-10
192KB
106%
0.0KB
00:00
>
> fileinfo tcpd10
$MYSYS.MYSUB
CODE
TCPD10
0
>
EOF
196608
LAST MODIFIED
29JAN2009 0:21
OWNER
255,255
RWEP
NUNU
PExt SExt
14
112
For J06.10/H06.21 and later RVUs only, you can use the CLSFTP script. The syntax is:
CLSFTP {clim-name |clim-ip-address} [sftp commands]
For example:
> CLSFTP n1002532 get file2
In interactive mode:
TACL> CLSFTP n1002532
CLSFTP - T0834 - version 1.2, 29-SEP-2009
Run sftp in interactive mode.
using $ZSSP0...
comForte SFTP client version T9999H06_18Dec2009_comF ...
Connecting to 16.107.199.242 via SSH2 process $ZSSP0 ...
sftp> get file1
sftp> exit
5.
Delete the trace file.
Use climcmd clim-name rm /trace-dir/trace-file
Then use climcmd clim-name rmdir /trace-dir
> == Delete the file on the CLIM
>
> climcmd N1002582 rm /home/mylog/telnet-data-to-10
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
Termination Info: 0
> climcmd N1002582 ls -lrt /home/mylog
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
total 0
Termination Info: 0
> == Delete the directory used for tcpdump
>
> climcmd N1002582 rmdir /home/mylog
comForte SSH client version T999H06_14Oct2008_comForte_SSH_0081
Temination Info: 0
Mapping CLIM Name
Log files are collected to the location specified when performing the action “Set Location for CLIM
Log Collection” on the CLIMs object in the OSM Service Connection. The default location is
$system.zservice. The clim-name is mapped to a two character ID as shown:
128
CIP Configuration and Management
$system.zservice.zclimid file shows the CLIM name
to ID mapping – in the listing below N1002582 is mapped to 04.
\BLADQA3.$SYSTEM.ZSERVICE 25> fup copy zclimid
#ZCLIMID: Maps CLIM name to unique two character ID
N1002571 01
N1002573 02
N1002581 03
N1002582 04
N1002583 05
S1002531 06
S1002533 07
8 RECORDS TRANSFERRED
Files named ‘ZCL04*’ belong to CLIM debug files from CLIM N1002582.
There will be two sets of files, one set with ‘D’ (for data) in the
filename which contains the PAK-file with the CLIM log/crash files,
and the other set with ‘L’ in the filename which contains the log
of the user/OSM action of transferring the data from the CLIM file.
Both of these files, with the timestamp that is relevant to the problem
instance must be collected for analyzing a CLIM problem.
\BLADQA3.$SYSTEM.ZSERVICE 26> fileinfo zcl04*
$SYSTEM.ZSERVICE
CODE
EOF
LAST MODIFIED OWNER
ZCL04D01
1729
21759572 18MAY2011 11:29 255,255
ZCL04L01
101
28600 18MAY2011 11:29 255,255
ZCL04L02
101
2048 19MAY2011 14:35 255,255
\BLADQA3.$SYSTEM.ZSERVICE 27>
RWEP
CCCC
CCCC
CCCC
PExt
84
14
14
SExt
84
14
14
For more details, see “Collecting Data for CLIM Issues” (page 206).
Setting Up Multiple Providers per CLIM
Effective with the H06.25/J06.14 RVU, a CLIM can be associated with multiple data providers if
the MULTIPROV attribute of the CLIM object is set to ON (enabled). The default is OFF (disabled),
which configures the CLIM to use pre-Multiple Providers per CLIM behavior and use the sole provider
specified by the PROVIDER attribute of the CLIM object.
Each CLIM contains configuration information indicating whether the Multiple Providers per CLIM
functionality is enabled or disabled.
When you enable the Multiple Providers per CLIM functionality, you associate a data provider
with one or more data interfaces, which can be changed by using the climconfig command. See
climconfig.prov(1) for a description on how to add, delete, and obtain information on a provider.
See also these SCF commands and their guidelines for more information: “ADD CLIM” (page 226)
and “ALTER CLIM” (page 231). All the CLIMCMD commands and the SCF commands are described
under “CLIMCMD and CLIMCMD climconfig Commands (Man Pages)” (page 290) and “SCF
Reference for CIP” (page 216).
Enabling the MULTIPROV Attribute
To enable MULTIPROV for an existing CLIM object, follow these steps:
Example 16 Enabling MULTIPROV
1.
To turn the MULTIPROV feature on:
> SCF ALTER CLIM $ZZCIP.clim-name, MULTIPROV ON
2.
To verify that the MULTIPROV feature is on:
> CLIMCMD clim-name climstatus -o l
3.
To add new providers:
> CLIMCMD clim-name climconfig prov -add prov-name
Setting Up Multiple Providers per CLIM
129
NOTE:
An SCF PROVIDER object must also exist or be added.
Disabling the MULTIPROV Attribute
To disable MULTIPROV for an existing CLIM object, follow these steps:
Example 17 Disabling MULTIPROV
1.
Issue this command for each CLIM to display a list of providers for that CLIM:
> CLIMCMD clim-name climconfig prov -info all
2.
Delete the unneeded providers and the objects using each of these providers.
a. Issue these commands to delete the objects used by the providers:
> CLIMCMD clim-name ifstop interface-name
> CLIMCMD clim-name climconfig interface —delete interface-name
b.
Issue this command to delete the providers:
> CLIMCMD clim-name climconfig prov —delete prov-name
NOTE: When you delete a provider, you'll receive a message stating: Deleting the
Provider prov-name will delete the IPSec configurations and IPtables rules associated
with it. Continue? (yes/[no])?
3.
Verify that each unneeded provider is deleted and check the status of each CLIM:
> CLIMCMD clim-name climconfig prov —info all
> CLIMCMD clim-name climstatus —o l
4.
Turn the MULTIPROV feature OFF:
> SCF ALTER CLIM $ZZCIP.clim-name, MULTIPROV OFF, PROVIDER prov-name
NOTE: For this command to be successful, network resources on the CLIM must only belong
to the provider associated with the CLIM object.
5.
Recheck the status of each CLIM to verify that the CLIM's status has been changed to
MULTIPROV OFF.
> CLIMCMD clim-name climstatus —o l
Changing Providers, Adding and Starting a CLIM (IP and Telco Only)
CLIMs that are configured with the MULTIPROV feature OFF can participate in only a single IPDATA
provider, as described under “CLIMs with MULTIPROV OFF” (page 130).
CLIMs that are configured with the MULTIPROV feature ON can have any unassigned resources
assigned to new providers without affecting any existing provider configuration, as described
under “CLIMs with MULTIPROV ON” (page 131).
Two maintenance Providers on two IP or Telco CLIMs are configured by default for the system
(see“Maintenance Provider” (page 28) for more information). If you need to add maintenance
Providers for the system, use these SCF commands:
> ADD PROVIDER $ZZCIP.ZTCP0, TYPE MAINTENANCE, CLIM clim-name1, IPADDRESS ip-addr1
> ADD PROVIDER $ZZCIP.ZTCP1, TYPE MAINTENANCE, CLIM clim-name2, IPADDRESS ip-addr2
CLIMs with MULTIPROV OFF
To change the provider to which a CLIM with MULTIPROV OFF belongs, you stop, alter, and start
it.
130 CIP Configuration and Management
Example 18 Changing Providers
1.
Stop the CLIM by using the SCF ABORT CLIM command:
> ABORT CLIM $ZZCIP.clim-name, FORCE
2.
Change the CLIM's provider by using the SCF ALTER command:
> ALTER CLIM $ZZCIP.clim-name, PROVIDER prov-name
3.
Start the CLIM by using the SCF START command:
> START CLIM $ZZCIP.clim-name
> START PROVIDER $ZZCIP.prov-name
CLIMs with MULTIPROV ON
To change the providers that a CLIM provides services to, you discover the current usage of the
CLIM, free any resources that might be in use by pre-existing providers, and configure the new
provider.
Example 19 Changing Providers or Adding New Providers
1.
Determine what providers exist on the CLIM:
> CLIMCMD clim-name climconfig prov -info all
2.
Determine what interfaces are configured on the CLIM:
> SCF STATUS CLIM $ZZCIP.clim-name, DETAIL
3.
Delete any interfaces that are no longer needed:
CAUTION:
Deleting interfaces will also delete IP addresses and routes.
> CLIMCMD clim-name ifstop interface-name
> CLIMCMD clim-name climconfig interface -delete interface-name
4.
Delete any unused providers on the CLIM:
CAUTION: Deleting providers will also delete iptables rules and ipsec objects. Objects
include sp, sa, psk, remote, iptables and ip6tables.
> CLIMCMD clim-name climconfig prov -delete prov-name
5.
Add new providers, as necessary:
>
>
>
>
SCF
SCF
SCF
SCF
ADD PROCESS $ZZKRN.process-name, PROGRAM CIPSAM, NAME $process-name
ADD PROVIDER $ZZCIP.prov-name, TPNAME process-name
START PROCESS $ZZKRN.process-name
START PROVIDER $ZZCIP.prov-name
For more options on adding the provider, see ALTER CLIM Guidelines (page 232).
6.
Register the provider on the CLIM:
> CLIMCMD clim-name climconfig prov -add prov-name
7.
Configure unused interfaces in the new provider:
> CLIMCMD clim-name climconfig interface -add interface-name -prov prov-name
8.
Configure the objects for the new provider.
> CLIMCMD clim-name climconfig ip -add interface-name
-ipaddress ip-address netmask 255.255.255.0
Refer to the climconfig prov command and the other commands for objects, such as sp, sa,
psk, remote, iptables and ip6tables, under “Climconfig (Man Pages)” (page 301).
9.
Delete any unused providers on the NonStop system by issuing the following SCF commands:
a. Verify that the provider is unused:
Changing Providers, Adding and Starting a CLIM (IP and Telco Only)
131
> SCF INFO PROVIDER $ZZCIP.prov-name, DETAIL
b.
Delete the unused providers:
>
>
>
>
SCF
SCF
SCF
SCF
STOP PROVIDER $ZZCIP.prov-name
ABORT PROCESS $ZZKRN.process-name
DELETE PROCESS $ZZKRN.process-name
DELETE PROVIDER $ZZCIP.prov-name
For detailed information on how to use these commands, refer to “SCF Reference for CIP” (page 216)
and “CLIMCMD and CLIMCMD climconfig Commands (Man Pages)” (page 290).
132
CIP Configuration and Management
4 Upgrading CIP
This chapter provides procedures for online upgrading of CIP on the host and both online and
down system methods for upgrading CLIM software and firmware (see “Upgrading CLIM Software
and Firmware” (page 135)). This chapter also provides information on falling back to previous
TCP/IP subsystems and provides a pointer to information on falling back to previous CLIM versions
if needed.
Each procedure stands alone. If you are performing an RVU upgrade, you are likely to need to
upgrade CIP on the NonStop host and on the CLIM; however, you also can upgrade CLIM software
independently. If you have to update CIP on NonStop and the CLIM using an online procedure,
the CLIM must be done first.
Updating CLIM firmware is independent of CLIM software upgrades. Falling back to a previous
CLIM version, independently from an RVU fallback, should rarely be required.
Performing an Online Upgrade of the CIP Subsystem on the NonStop Host
For
1.
2.
3.
4.
5.
Telco applications, HP recommends that you:
Move traffic from the node.
Stop the DPA and HLR application processes on the node.
Shut down the INS node before performing an online CIP upgrade.
Start the INS node, DPA, and HLR applications.
Move traffic back to the node, starting with one link or linkset, and test traffic before moving
all the traffic back.
For information about INS, see the CMS documents Guide to Operations and Maintenance for
HP OpenCall Intelligent Network Serve and the Installation Guide For HP OpenCall Intelligent
Network Server.
NOTE: You cannot perform an online upgrade of the CIP subsystem to J06.08/H06.19 or later
RVUs from an RVU previous to that. A system load is required for these upgrades.
Replace CIPMON (Only)
TCP/IP socket connections are lost during this procedure. Storage paths are unaffected by this
procedure.
For each processor:
1. Rename the existing CIPMON and library files by using the TACL commands:
> RENAME $SYSTEM.SYSnn.CIPMON, $SYSTEM.SYSnn.CIPMONx
> RENAME $SYSTEM.SYSnn.ZCIPDLL, $SYSTEM.SYSnn.ZCIPDLLx
> RENAME $SYSTEM.SYSnn.ZCIPMDLL, $SYSTEM.SYSnn.ZCIPMDLx
2.
3.
4.
5.
6.
Install the new CIPMON as $SYSTEM.SYSnn.CIPMON.
Install the new CIP library as $SYSTM.SYSnn.ZCIPDLL.
Install the new Measure interface to CIP as $SYSTM.SYSnn.ZCIPMDLL.
Stop the measure subsystem.
Abort the CIPMON processes one processor at a time by using the SCF command:
CAUTION: IP CLIM connectivity is temporarily lost, which can affect this operation. For
example, if you are connected through $ZTC0 and stop the CIPMON process in the processor
where $ZTC0 is running, you lose connectivity. Options are to reconnect through $ZTC1 after
this operation or connect through $ZTC1 and perform this operation on the processor where
$ZTC0 is running then, once the CIPMON is running in that processor, connect through $ZTC0
and perform the operation on the processor running $ZTC1.
Performing an Online Upgrade of the CIP Subsystem on the NonStop Host
133
> ABORT MON $ZZCIP.ZCMprocessor-number
Open connections still exist, okay to continue? Y
7.
8.
The CIPMON processes are restarted automatically. Check to make sure each one is up before
doing the next one.
Restart the measure subsystem.
Replace CIPMAN (Only)
TCP/IP socket connections are not lost during this procedure. Storage paths are also unaffected
by this procedure.
1. Rename the existing CIPMAN file by using the TACL command:
> RENAME $SYSTEM.SYSnn.CIPMAN, $SYSTEM.SYSnn.CIPMANx
2.
3.
Install the new CIPMAN as $SYSTEM.SYSnn.CIPMAN.
Stop the CIPMAN process by using the SCF command:
> ABORT PROCESS $ZZKRN.#ZZCIP
4.
Restart the CIPMAN process by using the SCF command:
> START PROCESS $ZZKRN.#ZZCIP
Replace CIPMAN and CIPMON Simultaneously
This procedure is required if there is a requisite between the new CIPMAN (T0690) and CIPMON
(T0694) called out in the respective softdocs.
CAUTION: TCP/IP socket connections are lost during this procedure. Storage paths are unaffected
by this procedure.
1.
Rename the existing CIPMON and library files by using the TACL commands:
> RENAME $SYSTEM.SYSnn.CIPMON, $SYSTEM.SYSnn.CIPMONx
> RENAME $SYSTEM.SYSnn.ZCIPDLL, $SYSTEM.SYSnn.ZCIPDLLx
> RENAME $SYSTEM.SYSnn.ZCIPMDLL, $SYSTEM.SYSnn.ZCIPMDLx
2.
Rename the existing CIPMAN file by using the TACL command:
> RENAME $SYSTEM.SYSnn.CIPMAN, $SYSTEM.SYSnn.CIPMANx
3.
4.
5.
6.
7.
8.
Install the new CIPMON as $SYSTEM.SYSnn.CIPMON.
Install the new CIP library as $SYSTM.SYSnn.ZCIPDLL.
Install the new Measure interface to CIP as $SYSTM.SYSnn.ZCIPMDLL.
Install the new CIPMAN as $SYSTEM.SYSnn.CIPMAN.
Stop the Measure subsystem.
Abort the CIPMON processes on all CPUs (see CAUTION below):
> ABORT PROCESS $ZZKRN.CIPMON
9.
Wait for the CIPMON processes to stop (approximately 15 to 30 seconds):
file $SYSTEM.SYSnn.CIPMONx is no longer Open.
10. Stop the CIPMAN process by using the SCF command:
> ABORT PROCESS $ZZKRN.#ZZCIP
11. Restart the CIPMAN process by using the SCF command:
> START PROCESS $ZZKRN.#ZZCIP
12. Restart the CIPMON processes by using the SCF command:
134
Upgrading CIP
> START PROCESS $ZZKRN.CIPMON
13. Restart the Measure subsystem.
CAUTION: You must connect to CLCI by using the OSM Low Level Link to perform this procedure.
(CLCI provides a primitive terminal emulation when TCP/IP subsystem is available, but has limited
functionality.) To connect to CLCI using OSM Low Level Link:
From the File menu, select Start Terminal Emulator > For Startup TACL. This launches a CLCI TACL
session.
Replace CIPSAM
TCP/IP socket connections are lost during this procedure. Storage paths are unaffected by this
procedure.
For CIPSAM processes configured under the Persistence Manager, use the SCF ABORT and START
PROCESS commands to the Kernel subsystem, for example: > ABORT PROCESS $ZZKRN.name
and > START PROCESS $ZZKRN.name.
1. Rename the existing CIPSAM file by using the TACL command:
> RENAME $SYSTEM.SYSnn.CIPSAM, $SYSTEM.SYSnn.CIPSAMx
2.
3.
4.
Install the new CIPSAM as $SYSTEM.SYSnn.CIPSAM.
List all CIPSAM and other TCP/IP processes by using the SCF LISTDEV command.
If the OSM maintenance processes are configured on CLIMs, stop them by using the SCF
Abort command on the maintenance Providers. For example:
> ABORT PROCESS $ZTCP0
> ABORT PROCESS $ZTCP1
5.
Check to ensure the maintenance processes are stopped by using the SCF LISTDEV command.
If the processes do not appear in the display, they are stopped. For example:
> LISTDEV TCPIP
6.
Start the OSM maintenance processes by using the SCF START command to the Kernel
subsystem. For example:
> START PROCESS $ZZKRN.ZTCP0
> START PROCESS $ZZKRN.ZTCP1
7.
Stop and restart the remaining CIPSAM processes by :
1. Using the SCF ABORT command to the Kernel ($ZZKRN) or to the CIP subsystem ($ZZCIP).
2. Checking that the CIPSAM processes are stopped by using the SCF LISTDEV command.
3. Restarting the CIPSAM processes by using the SCF START command to the Kernel or CIP
subsystem.
Upgrading CLIM Software and Firmware
A new OSM tool, the Down System CLIM Firmware Update Tool, now makes it possible to update
the firmware for all CLIM components, in a single action, while the NonStop system is not running.
Because this method allows the updates to be run on multiple CLIMs at the same time, resulting in
a much more efficient update process, this is now the method prescribed for use during planned
Upgrading CLIM Software and Firmware
135
system down time, such as during RVU upgrades. As a result of this new option, this chapter now
contains completely separate procedures for:
•
“Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic”
(page 136)
•
“Upgrading CLIM Software or Firmware While the System is Down ” (page 165)
CAUTION:
Before attempting the procedures in this section:
•
Ensure that the NonStop console has at least 2 GB memory (4 GB is recommended), before
upgrading your CLIMs.
•
Be sure that the CLIM software is compatible with the host RVU you are currently running. For
more information, see “CLIM and Host Incompatibility” (page 125).
•
Fix all alarms and bad attribute values in the OSM Service Connection before upgrading
CLIMs.
•
“Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic”
(page 136) requires careful planning (as described in this section) and execution to ensure the
storage and networking resources that support your environment are protected.
•
“Upgrading CLIM Software or Firmware While the System is Down ” (page 165) involves
having the requisite software and advance preparation (as described in this section) before
bring the system down.
•
Ensure the version of OSM Low Level Link has been updated to the requisite version as specified
in the T0853 softdoc.
Upgrading CLIM Software and Firmware While Maintaining Network or
Storage Traffic
This section describes the procedures for upgrading CLIM software and firmware when you are
not planning to bring the system down. It consists of two parts:
•
“Upgrading CLIM Software with the System Running” (page 136)
•
“Upgrading CLIM Firmware with the System Running” (page 150)
If you plan to bring down the system, as needed during an RVU upgrade, see “Upgrading CLIM
Software or Firmware While the System is Down ” (page 165) for a faster, more efficient process.
TIP: If you are updating a system with SPRs, without a SUT update, and if you need to perform
a CLIM software update, you can do updates in this order and perform only one reboot:
1. Apply the SPRs.
2. Update firmware using OSM Service Connection Multi-Resource Actions dialog box (see
“Upgrading CLIM Firmware with the System Running” (page 150)) but do not reboot the CLIM.
3. Update CLIM software (see “Updating CLIM Software Using the OSM Low-Level Link” (page 147))
including the reboot of the CLIM.
Upgrading CLIM Software with the System Running
You can perform CLIM software updates either one CLIM at a time or multiple CLIMs in parallel.
If you are comfortable performing more than one CLIM upgrade at a time, additional considerations
for group updates are provided in:
136
•
“Upgrading Multiple CLIMs in Parallel” (page 160)
•
“Upgrading Multiple CLIMs of Different Types” (page 165)
Upgrading CIP
NOTE:
•
Performing multiple CLIM updates in parallel is optional and helps in reducing the total time
for upgrading all the CLIMs.
•
CLIM software updates (excluding reboot) take about 10-15 minutes.
The
1.
2.
3.
4.
5.
6.
steps for upgrading are:
“Enabling the FTP Port on the Console” (page 137)
“Backing up the CLIM Configuration Files” (page 137)
“Installing the new CLIM Software on the System Console” (page 137)
“Identifying the Target Software” (page 138)
“Creating a CLIM Upgrade Form” (page 138)
Depending on your configuration, performing one or more of:
•
“Upgrading Storage CLIMs” (page 139)
•
“Upgrading IP CLIMs” (page 143)
•
“Upgrading IB and Telco CLIMs” (page 145)
Enabling the FTP Port on the Console
Before upgrading the CLIM software, enable the FTP port on the console. The way you perform
this step depends on whether or not a firewall package is configured on the console. If a firewall
package is not configured, use the standard Windows method to enable this port. If a firewall
package is configured, see the system console operations personnel.
Backing up the CLIM Configuration Files
Before upgrading the CLIM software, save your configuration files onto the NonStop host by using
the Backup Tool described in “Managing the CLIM Configuration Preservation” (page 114). The
Backup Tool archives configuration files, log files, and trace files.
Installing the new CLIM Software on the System Console
For the Telco CLIM, if you have an INS software upgrade DVD, follow the same instructions for
that DVD.
NOTE: The Telco CLIM may require both a CLIM software upgrade and INS software upgrade.
The INS software upgrade does not include CLIM software upgrade.
CLIM software is delivered on a DVD or, for J06.08 and H06.19 and later RVUs, as a
downloadable file from Scout for NonStop Servers. You must load the software from the CLIM DVD
Installation Software or from NonStop Scout onto the system console, then install it from the system
console onto the CLIM.
For
1.
2.
3.
the CLIM DVD:
Insert the CLIM DVD into the CD/DVD drive on the system console.
In Windows, click the CD/DVD drive symbol.
Click the setup icon, then follow the prompts to load the CLIM software on the system console.
Scout for NonStop Servers:
1. Follow the download procedures provided in Scout for installing a self-extracting SPR (.exe)
on T0853.
NOTE: Downloading the file takes approximately 15 minutes. The process does not provide
a status of the operation during this time. Please wait until it completes.
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
137
2.
Click the setup icon, then follow the prompts to load the CLIM software on the system console.
NOTE:
The download from Scout of T0853 provides all necessary components.
Identifying the Target Software
1.
2.
3.
List the existing software versions for all CLIMs by using the SCF VERSION CLIM $ZZCIP.*
command.
List the available software version for the CLIM available on the NonStop console by using
OSM Low-Level Link. See “Updating CLIM Software Using the OSM Low-Level Link” (page 147)
for an example of using OSM Low-Level Link to determine the CLIM software versions on the
console.
Make note of the software versions to install on the CLIMs from the console or, if further updates
are needed, from Scout for NonStop Servers.
Creating a CLIM Upgrade Form
Prepare a form to keep track of your CLIMs. Table 7: Sample CLIM upgrade form, all types shows
an example:
Table 7 Sample CLIM upgrade form, all types
CLIM name
138
Upgrading CIP
Type
Running
Maint
Prov?
If yes,
which Storage
one?
path
B/up CLIM name
B/up
CLIM
started?
Switch
Normal
and abort Upgrade CLIM
operations
done?
done? restarted? resumed?
Upgrading Storage CLIMs
1. Prepare the Storage CLIM for Upgrade (skip if the host system is not running)
a.
List the CLIMs.
> SCF INFO CLIM $ZZCIP.*
Name
Mode
Location
N1002541 IP
(100 ,2 ,5
N1002542 IP
(100 ,2 ,5
N1002581 IP
(100 ,2 ,5
N1002582 IP
(100 ,2 ,5
N1012581 IP
(101 ,2 ,5
N1012582 IP
(101 ,2 ,5
O1002571 OPEN
(100 ,2 ,5
O1002572 OPEN
(100 ,2 ,5
S1002531 STORAGE
(100 ,2 ,5
S1002533 STORAGE
(100 ,2 ,5
,4
,4
,8
,8
,8
,8
,7
,7
,3
,3
,1
,2
,1
,2
,1
,2
,1
,2
,1
,3
)
)
)
)
)
)
)
)
)
)
ConnPts
1
1
1
1
1
1
1
1
2
2
Provider
CSAM2
ZTC0
ZTC0
CSAM2
CSAM5
CSAM5
CSAM3
CSAM4
---
There are two Storage CLIMs configured in this example (S1002531 and S1002533).
b.
Ensure all the Storage CLIMs are in the STARTED state by issuing the SCF STATUS CLIM
command to the CIP subsystem.
> STATUS CLIM $ZZCIP.S*
CIP Status CLIM
Name
S1002531
S1002533
c.
Present
Yes
Yes
State
STARTED
STARTED
Trace
OFF
OFF
Determine which Storage CLIMs are configured to provide dual paths to a set of disks by
issuing the SCF STATUS CLIM command to the storage subsystem.
> STATUS CLIM $ZZSTO.S1002531 , DETAIL
STORAGE - Detailed Status CLIM \MYSYS.$ZZSTO.#S1002531
Configured Devices:
Name
State
$SYSTEM-P
*STARTED
$DATA00-P
*STARTED
$DATA01-P
*STARTED
$OSS-P
*STARTED
$DATA03-P
*STARTED
$KMSF1-P
*STARTED
$DATA00-MB
STARTED
$DATA01-MB
STARTED
$OSS-MB
STARTED
$DATA03-MB
STARTED
Substate
Primary PID
0,257
0,327
0,326
0,323
0,325
0,324
0,327
0,326
0,323
0,325
Backup PID
1,257
1,310
1,313
1,319
1,315
1,317
1,310
1,313
1,319
1,315
> STATUS CLIM $ZZSTO.S1002533 , DETAIL
STORAGE - Detailed Status CLIM \MYSYS.$ZZSTO.#S1002533
Configured Devices:
Name
State
$SYSTEM-B
STARTED
$DATA00-B
STARTED
$DATA01-B
STARTED
$OSS-B
STARTED
$DATA03-B
STARTED
$KMSF1-B
STARTED
$DATA00-M
*STARTED
$DATA01-M
*STARTED
$OSS-M
*STARTED
$DATA03-M
*STARTED
Substate
Primary PID
0,257
0,327
0,326
0,323
0,325
0,324
0,327
0,326
0,323
0,325
Backup PID
1,257
1,310
1,313
1,319
1,315
1,317
1,310
1,313
1,319
1,315
These commands show that CLIMs S1002531 and S1002533 provide dual paths to the same
disks.
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
139
NOTE: The STATUS CLIM $ZZSTO.clim-name shows the status of the disk volumes
belonging to this CLIM and shows the active path (denoted by the asterisk (*) in the State
field).
d.
Switch the disk paths by using the SCF SWITCH CLIM command to the Storage subsystem
($ZZSTO).
> SWITCH CLIM $ZZSTO.S1002531 , AWAY
e.
Ensure the switch worked by issuing the STATUS CLIM command to the storage subsystem.
> STATUS CLIM $ZZSTO.S1002531 , DETAIL
STORAGE - Detailed Status CLIM \MYSYS.$ZZSTO.#S1002531
Configured Devices:
Name
State
$SYSTEM-P
STARTED
$DATA00-P
STARTED
$DATA01-P
STARTED
$OSS-P
STARTED
$DATA03-P
STARTED
$KMSF1-P
STARTED
$DATA00-MB
STARTED
$DATA01-MB
STARTED
$OSS-MB
STARTED
$DATA03-MB
STARTED
Substate
Primary PID
0,257
0,327
0,326
0,323
0,325
0,324
0,327
0,326
0,323
0,325
Backup PID
1,257
1,310
1,313
1,319
1,315
1,317
1,310
1,313
1,319
1,315
S1002531 has disk paths that have no asterisk (*) next to STARTED in the State field, which
means the paths configured on this CLIM are not active.
> STATUS CLIM $ZZSTO.S1002533 , DETAIL
STORAGE - Detailed Status CLIM \MYSYS.$ZZSTO.#S1002533
Configured Devices:
Name
State
$SYSTEM-B
*STARTED
$DATA00-B
*STARTED
$DATA01-B
*STARTED
$OSS-B
*STARTED
$DATA03-B
*STARTED
$KMSF1-B
*STARTED
$DATA00-M
*STARTED
$DATA01-M
*STARTED
$OSS-M
*STARTED
$DATA03-M
*STARTED
Substate
Primary PID
0,257
0,327
0,326
0,323
0,325
0,324
0,327
0,326
0,323
0,325
Backup PID
1,257
1,310
1,313
1,319
1,315
1,317
1,310
1,313
1,319
1,315
The backup disk paths are active on S1002533. Since all the disks still have active paths
provided by CLIM S1002533, you can abort CLIM S1002531.
f.
Abort the Storage CLIM by issuing the SCF ABORT CLIM command to the CIP subsystem.
> ABORT CLIM $ZZCIP.S1002531
g.
Ensure the CLIM is STOPPED by issuing the SCF STATUS CLIM command to the CIP subsystem.
> STATUS CLIM $ZZCIP.S1002531
CIP Status CLIM
Name
Present
S1002531 Yes
h.
State
STOPPED
Trace
OFF
Update the form as shown in Table 8: Sample populated Storage CLIM upgrade form
140 Upgrading CIP
Table 8 Sample populated Storage CLIM upgrade form
CLIM name
Type
S1002531
St
Running
Maint
Prov?
If yes,
which Storage
one? path
B/up CLIM name
P
B/up
Switch
CLIM
CLIM
and abort Upgrade restarted
started ? done ?
done ? ?
S1002533
Y
S1002531
Y
Normal
operations
resumed?
Y
MB
S1002533
St
B
M
i.
Continue with “2. Upgrade the Storage CLIM” (page 141).
2. Upgrade the Storage CLIM
a.
b.
Perform the software upgrade as described in “Updating CLIM Software Using the OSM
Low-Level Link” (page 147)
Return to this procedure and continue with “3. Resume Storage CLIM Normal Operations (skip
if the host system is not running)” (page 141).
3. Resume Storage CLIM Normal Operations (skip if the host system is not running)
a.
Check that the upgraded CLIM is operational.
> STATUS CLIM $ZZCIP.*
CIP Status CLIM
Name
N1002541
N1002542
N1002581
N1002582
N1012581
N1012582
O1002571
O1002572
S1002531
S1002532
b.
c.
Present
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
State
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
Trace
OFF
OFF
OFF
OFF
OFF
OFF
OFF
OFF
OFF
OFF
Start the Storage CLIM if it is STOPPED.
Check that the disk paths configured in the Storage CLIM are started by issuing the STATUS
CLIM command to the storage subsystem.
> STATUS CLIM $ZZSTO.S1002531 , DETAIL
STORAGE - Detailed Status CLIM \MYSYS.$ZZSTO.#S1002531
Configured Devices:
Name
State
$SYSTEM-P
STARTED
$DATA00-P
STARTED
$DATA01-P
STARTED
$OSS-P
STARTED
$DATA03-P
STARTED
$KMSF1-P
STARTED
$DATA00-MB
STOPPED
$DATA01-MB
STARTED
$OSS-MB
STARTED
$DATA03-MB
STARTED
d.
Substate
Primary PID
0,257
0,327
0,326
0,323
0,325
0,324
0,327
0,326
0,323
0,325
Backup PID
1,257
1,310
1,313
1,319
1,315
1,317
1,310
1,313
1,319
1,315
Start any stopped disk paths of the Storage CLIM by issuing the SCF RESET DISK and START
DISK commands to the storage subsystem. For example:
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
141
> RESET DISK $DATA00-MB
> START DISK $DATA00-MB
STORAGE W01001 To START the disk, SCF must revive the information on
\MYSYS.$DATA00-MB. This operation might IMPACT system
performance, especially users of $DATA00-MB.
Do you want to start a disk revive on \MYSSY.$DATA00-MB (Y/[N])Y
Enter Y and press Enter at the prompt.
e.
Check the disk status again by issuing the SCF STATUS CLIM command to the storage
subsystem.
> STATUS CLIM $ZZSTO.S1002531 , DETAIL
STORAGE - Detailed Status CLIM \MYSYS.$ZZSTO.#S1002531
Configured Devices:
Name
State
$SYSTEM-P
STARTED
$DATA00-P
STARTED
$DATA01-P
STARTED
$OSS-P
STARTED
$DATA03-P
STARTED
$KMSF1-P
STARTED
$DATA00-MB
STARTED
$DATA01-MB
STARTED
$OSS-MB
STARTED
$DATA03-MB
STARTED
f.
Substate
Primary PID
0,257
0,327
0,326
0,323
0,325
0,324
0,327
0,326
0,323
0,325
Backup PID
1,257
1,310
1,313
1,319
1,315
1,317
1,310
1,313
1,319
1,315
Switch the disk paths for the Storage CLIM back to the default by using the SCF SWITCH CLIM
command to the storage subsystem.
> SWITCH CLIM $ZZSTO.S1002531 , DEFAULT
g.
Ensure the switch worked and make sure there is at least one active path on the restarted CLIM
as indicated by an asterisk (*) next to STARTED in the State field. Use the SCF STATUS
CLIM command to the storage subsystem.
> STATUS CLIM $ZZSTO.S1002531 , DETAIL
STORAGE - Detailed Status CLIM \MYSYS.$ZZSTO.#S1002531
Configured Devices:
Name
State
$SYSTEM-P
*STARTED
$DATA00-P
*STARTED
$DATA01-P
*STARTED
$OSS-P
*STARTED
$DATA03-P
*STARTED
$KMSF1-P
*STARTED
$DATA00-MB
STARTED
$DATA01-MB
STARTED
$OSS-MB
STARTED
$DATA03-MB
STARTED
Substate
Primary PID
0,257
0,327
0,326
0,323
0,325
0,324
0,327
0,326
0,323
0,325
Backup PID
1,257
1,310
1,313
1,319
1,315
1,317
1,310
1,313
1,319
1,315
> STATUS CLIM $ZZSTO.S1002533 , DETAIL
STORAGE - Detailed Status CLIM \MYSYS.$ZZSTO.#S1002533
Configured Devices:
Name
State
$SYSTEM-B
STARTED
$DATA00-B
STARTED
$DATA01-B
STARTED
$OSS-B
STARTED
$DATA03-B
STARTED
$KMSF1-B
STARTED
$DATA00-M
*STARTED
$DATA01-M
*STARTED
$OSS-M
*STARTED
$DATA03-M
*STARTED
142
Upgrading CIP
Substate
Primary PID
0,257
0,327
0,326
0,323
0,325
0,324
0,327
0,326
0,323
0,325
Backup PID
1,257
1,310
1,313
1,319
1,315
1,317
1,310
1,313
1,319
1,315
h.
i.
Update the form.
Wait for about 15 minutes to make sure the system returns to normal operating condition
before updating the backup CLIM.
You have now completed the procedure for upgrading a Storage CLIM. Continue upgrade
operations until all Storage CLIMs are upgraded.
Upgrading IP CLIMs
CAUTION:
During this procedure, the IP CLIM loses connectivity.
1. Prepare IP CLIMs for Upgrade (skip if the host system is not running)
This example shows the preparation step for a failover-configured CLIM. If you are performing this
step on a non-failover-configured CLIM or on a CLIM that is part of a multi-line-path Expand
configuration, start with the Abort CLIM step.
a. List the CLIMs.
> SCF
> INFO CLIM $ZZCIP.*
Name
Mode
Location
N1002541 IP
(100 ,2 ,5
N1002542 IP
(100 ,2 ,5
N1002581 IP
(100 ,2 ,5
N1002582 IP
(100 ,2 ,5
N1012581 IP
(101 ,2 ,5
N1012582 IP
(101 ,2 ,5
O1002571 OPEN
(100 ,2 ,5
O1002572 OPEN
(100 ,2 ,5
S1002531 STORAGE
(100 ,2 ,5
S1002533 STORAGE
(100 ,2 ,5
,4
,4
,8
,8
,8
,8
,7
,7
,3
,3
,1
,2
,1
,2
,1
,2
,1
,2
,1
,3
)
)
)
)
)
)
)
)
)
)
ConnPts
1
1
1
1
1
1
1
1
2
2
Provider
CSAM2
ZTC0
ZTC0
CSAM2
CSAM5
CSAM5
CSAM3
CSAM4
---
According to the info display there are six IP CLIMs (N1002541, N1002542, N1002581,
N1002582, N1012581, N1012582).
b.
Determine which IP CLIMs are configured as failover pairs and ensure the primary and backup
interfaces are up and their link pulses are up.
> STATUS PROVIDER
F Home
N1002582.bond0
N1002582.bond1
N1002582.eth3
T N1002541.tun624
N1002541.bond0
N1002541.eth3
N1002541.eth2
N1002541.eth1
$ZZCIP.* , DETAILExcerpt from PROVIDER CSAM2
Sts LkP
Failover/(Assoc)
Sts LkP
Current
UP
UP
N1002541.bond0
UP
UP
N1002582.bond0
UP
UP
N1002541.eth1
UP
UP
N1002582.bond1
UP
UP
N1002541.eth3
UP
UP
N1002582.eth3
UP
UP
(N1002541.eth2)
--N1002541.tun624
UP
UP
N1002582.BOND0
UP
UP
N1002541.bond0
UP
UP
N1002582.eth3
UP
UP
N1002541.eth3
UP
UP
--N1002541.eth2
UP
UP
--N1002541.eth1
Fovr
Home
Home
Home
-Home
Home
---
This extract shows that N1002541 and N1002582 are configured as a failover pair in
Provider CSAM2, that all failover interfaces have status UP and link pulse UP, and the interfaces
are running on their home CLIM.
NOTE: If the interfaces are not running on their home CLIMs, perform an SCF SWITCH CLIM,
RESTORE command to the CIP subsystem and check again.
c.
For a failover-configured CLIM, perform a manual failover.
1. Switch the CLIM activity to the backup CLIM.
> SWITCH CLIM $ZZCIP.N1002582 , FAILOVER
Open connections still exist, okay to continue? Y
NOTE:
2.
TCP and SCTP connections are lost during a failover.
Ensure the switch worked.
> STATUS PROVIDER $ZZCIP.CSAM2 , DETAILExcerpt from PROVIDER CSAM2
F Home
Sts LkP
Failover/(Assoc)
Sts LkP
Current
Fovr
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
143
N1002582.bond0
N1002582.bond1
N1002582.eth3
T N1002541.tun624
N1002541.bond0
N1002541.eth3
N1002541.eth2
N1002541.eth1
d.
UP
UP
UP
UP
UP
UP
UP
UP
UP
UP
UP
UP
UP
UP
UP
UP
N1002541.bond0
N1002541.eth1
N1002541.eth3
(N1002541.eth2)
N1002582.bond0
N1002582.eth3
UP
UP
UP
-UP
UP
---
UP
UP
UP
-UP
UP
---
N1002541.bond0
N1002541.bond1
N1002541.eth3
N1002541.tun624
N1002541.bond0
N1002541.eth3
N1002541.eth2
N1002541.eth1
BkOP
BkOP
BkOP
-Home
Home
---
Abort the CLIM.
> ABORT CLIM $ZZCIP.N1002582
Open connections still exist, okay to continue? Y
Ensure that the CLIM you are about to upgrade is stopped.
> SCF STATUS CLIM $ZZCIP.N1002582
CIP Status CLIM
Name
Present
N1002582 Yes
e.
State
STOPPED
Trace
OFF
Update the form as shown in Table 9: Sample populated IP CLIM upgrade form:
Table 9 Sample populated IP CLIM upgrade form
f.
CLIM name
Type
N1002541
IP
N1002582
IP
Running
Maint
Prov?
If yes,
which Storage
one? path
B/up CLIM name
$ZTCP1
B/up
Switch
CLIM
CLIM
and abort Upgrade restarted
started ? done ?
done ? ?
N1002582
N
N1002541
Y
Normal
operations
resumed?
Y
Continue with “2. Upgrade the IP CLIMs” (page 144).
2. Upgrade the IP CLIMs
a.
b.
Perform the software upgrade as described in “Updating CLIM Software Using the OSM
Low-Level Link” (page 147).
Return to this procedure and continue with “3. Resume IP CLIM Normal Operations (skip if
the host system is not running)” (page 144).
3. Resume IP CLIM Normal Operations (skip if the host system is not running)
a.
Start the IP CLIM that you upgraded.
> START CLIM $ZZCIP.N1002582
b.
Check the status of the upgraded IP CLIM.
> STATUS CLIM $ZZCIP.N1002582
CIP Status CLIM
Name
N1002582
c.
Present
Yes
State
STARTED
Trace
OFF
Switch the IP failover CLIMs back.
> SWITCH CLIM $ZZCIP.N1002582 , RESTORE
Open connections still exist, okay to continue? Y
d.
Ensure the default failover activity is restored.
> STATUS PROVIDER
Excerpt
F Home
N1002582.bond0
N1002582.bond1
N1002582.eth3
T N1002541.tun624
N1002541.bond0
144 Upgrading CIP
$ZZCIP.CSAM2 , DETAIL
Sts
UP
UP
UP
UP
UP
LkP
UP
UP
UP
UP
UP
Failover/(Assoc)
N1002541.bond0
N1002541.eth1
N1002541.eth3
(N1002541.eth2)
N1002582.bond0
Sts
UP
UP
UP
-UP
LkP
UP
UP
UP
-UP
Current
N1002582.bond0
N1002582.bond1
N1002582.eth3
N1002541.tun624
N1002541.bond0
Fovr
Home
Home
Home
-Home
N1002541.eth3
N1002541.eth2
N1002541.eth1
UP
UP
UP
UP
UP
UP
N1002582.eth3
UP
---
UP
---
N1002541.eth3
N1002541.eth2
N1002541.eth1
Home
---
N1002582.bond0, N1002582.bond1 and N1002582.eth3 have a status of UP, show Home
in the Fovr field and show themselves as the current interfaces in the Current field. They
have been restored to the default.
You have now completed the procedure for upgrading an IP CLIM. Continue upgrade operations
until all IP CLIMs are upgraded.
Upgrading IB and Telco CLIMs
CAUTION:
During this procedure, the Telco CLIM loses connectivity.
For Telco CLIMs, redundancy is configured at the application level. Multiple links using different
CLIMs are configured to each destination and traffic is load balanced across all active links to that
destination. There is no failover for Telco CLIMs, just a redistribution of load across the link-set
going to a common destination.
CAUTION: Determine the configuration for all links on all the Telco CLIMs. Make sure that all the
links on the CLIM being upgraded have a companion link to the same destination on another CLIM
and that all those links are displaying a healthy status before performing the upgrade.
NOTE: IB CLIMs are similar to Telco CLIMs although they do not have the CCMI tool. Use the
procedure for Telco CLIMs for upgrading IB CLIMs.
1. Prepare the Telco CLIM for Upgrade (skip if the host system is not running)
a.
List the CLIMs:
> SCF
> INFO CLIM $ZZCIP.*
Name
Mode
Location
N1002541 IP
(100 ,2 ,5
N1002542 IP
(100 ,2 ,5
N1002581 IP
(100 ,2 ,5
N1002582 IP
(100 ,2 ,5
N1012581 IP
(101 ,2 ,5
N1012582 IP
(101 ,2 ,5
O1002571 OPEN
(100 ,2 ,5
O1002572 OPEN
(100 ,2 ,5
S1002531 STORAGE
(100 ,2 ,5
S1002533 STORAGE
(100 ,2 ,5
,4
,4
,8
,8
,8
,8
,7
,7
,3
,3
,1
,2
,1
,2
,1
,2
,1
,2
,1
,3
)
)
)
)
)
)
)
)
)
)
ConnPts
1
1
1
1
1
1
1
1
2
2
Provider
CSAM2
ZTC0
ZTC0
CSAM2
CSAM5
CSAM5
CSAM3
CSAM4
---
There are two Open/Telco CLIMs (O1002571 and O1002572), configured in Providers
CSAM3 and CSAM4.
b.
c.
Examine the linkset configuration by generating a configuration report with the HP OpenCall
INS Command Control and Monitoring Interface (CCMI). The Guide to Operations and
Maintenance for HP OpenCall Intelligent Network Serve describes the Configuration Report
generated from the System Home Page (used to get to CCMI) and the instructions for generating
the report are in the online help.
Ensure all Telco CLIMs are in the STARTED state.
> STATUS CLIM $ZZCIP.O*
CIP Status CLIM
Name
O1002571
O1002572
d.
Present
Yes
Yes
State
STARTED
STARTED
Trace
OFF
OFF
Determine which Telco CLIMs are configured as multi-link by using CCMI. See the Guide to
Operations and Maintenance for HP OpenCall Intelligent Network Server.
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
145
e.
f.
Depending on your Method of Procedure, if appropriate, deactivate the signal link provided
by the CLIM you are about to upgrade by using CCMI. (The syntax for the instructions are in
the online help.)
Abort the CLIM.
> ABORT CLIM O1002571
Open connections still exist, okay to continue? Y
g.
Check that the CLIM was stopped.
> STATUS CLIM O1002571
CIP Status CLIM
Name
Present
O1002571 Yes
h.
State
STOPPED
Trace
OFF
Update the form as shown in Table 10: Sample populated Telco CLIM upgrade form:
Table 10 Sample populated Telco CLIM upgrade form
i.
CLIM name
Running
Maint
Prov?
If yes,
B/up
which
Storage
CLIM
Type one?
Provider path B/up CLIM name started ?
Switch
and
CLIM
Normal
abort
Upgrade restarted operations
done ? done ? ?
resumed?
O1002571
Telco
O1002572
Y
Y
O1002572 Telco
O1002571
N
Continue with “2. Upgrade the Telco CLIM” (page 146).
2. Upgrade the Telco CLIM
a.
b.
Perform the software upgrade as described in “Updating CLIM Software Using the OSM
Low-Level Link” (page 147).
Return to this procedure and continue with “3. Resume Telco CLIM Normal Operations (skip
if the host system is not running)” (page 146).
3. Resume Telco CLIM Normal Operations (skip if the host system is not running)
a.
Check that the upgraded Telco CLIM is operational.
> STATUS CLIM $ZZCIP.*
CIP Status CLIM
Name
N1002541
N1002542
N1002581
N1002582
N1012581
N1012582
O1002571
O1002572
S1002531
S1002532
b.
c.
d.
e.
146
Present
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
State
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
STARTED
Trace
OFF
OFF
OFF
OFF
OFF
OFF
OFF
OFF
OFF
OFF
Start the Telco CLIM if it is STOPPED.
If you deactivated the signal link provided by the CLIM you upgraded, reactivate it by using
CCMI.
Check that the links and default activity are restored by using CCMI. See the Guide to
Operations and Maintenance. This may take several minutes.
Update the form.
Upgrading CIP
You have now completed the procedure for upgrading a Telco CLIM. Continue upgrade operations
until all Telco CLIMs are updated.
Updating CLIM Software Using the OSM Low-Level Link
This procedure uses the IP CLIM as an example but the steps are the same for all CLIM types.
1. Log onto the OSM Low-Level Link on each CLIM.
2.
This dialog box is displayed:
3.
Select the Software Update option and, if updating INS on a Telco CLIM, also select the
Configure box.
Click OK.
4.
The Software Update dialog box appears. If you selected multiple options, they are performed
in sequential order; first the software update, then the INS Software Update.
5.
Select the correct software version from the Available versions on NSC drop-down
menu.
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
147
148
6.
Click Update.
7.
Follow the instructions displayed by OSM Low-Level Link to reboot the CLIM. This dialog box
is shown after the update is completed on the CLIM:
Upgrading CIP
8.
9.
Click OK.
Check the status in the log and ensure it shows that the software passed and that the version
matches what you selected. For example:
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
149
10. Click Reboot.
11. To check the CLIM status, log onto its iLO and use the psclim command.
12. To check the version, from the iLO, use the cat /etc/vproc command. The version should
match your new version.
13. Update the form.
14. Continue with the resume normal operations step for your CLIM type.
Upgrading CLIM Firmware with the System Running
NOTE: This is no longer the best method to update CLIM firmware during an RVU upgrade. Since
you will need to bring down the system for the RVU migration, “Upgrading CLIM Software or
Firmware While the System is Down ” (page 165) provides a faster, more efficient method.
Preparing to Update CLIM Firmware with the System Running
This section contains notes, guidelines, and cautions to be followed to reduce the risk of interrupting
network or storage traffic during the firmware updates.
•
Firmware versions must be compatible on the system. Verify all firmware versions. For more
information, see the NonStop Firmware Matrices document available on the web at
www.hp.com/go/nonstop-docs. To locate the document, in the main page, click HP Integrity
NonStop Service Information under NonStop Technical Library.
•
You can update the firmware on multiple CLIMs by using the OSM Service Connection
Multi-Resource Actions dialog box. If you plan to perform an update the firmware on multiple
CLIMs at once, follow the same grouping scheme described in “Upgrading Multiple CLIMs in
Parallel” (page 160).
If the software or firmware update is to be done on a production NonStop system and storage
or network traffic needs to be maintained, the updates of multiple CLIMs can still be done in
parallel, but consideration has to be given not to affect storage or network traffic. Refer to
“Upgrading Multiple CLIMs in Parallel” (page 160) for the procedure.
150
•
You may not need to update firmware on all Storage CLIMs; for example, if the firmware
update is for FC HBA firmware, you only need to upgrade Storage CLIMs that have an FC
HBA installed.
1. If upgrading firmware from SPRs, place the files in the currently running SYSnn so that
OSM can compare the new and current versions.
2. Check the firmware versions by using OSM Service Connection Multi-Resource Actions
dialog box.
3. Update firmware as appropriate.
•
To ensure peak OSM performance, verify to make sure that the -Xmx200m Java runtime
parameter is set:
1. Close all Internet Explorer windows.
2. Go to Control Panel→Start→Java.
3. In the Java Control Panel dialog box, select the Java tab.
4. Under Java Applet Runtime Settings, click View.
5. In the Java Runtime Settings dialog box, make sure that -Xmx200m is entered under the
Java Runtime Parameters column for each supported JRE version listed.
Upgrading CIP
6.
Click OK to dismiss both the Java Runtime Settings and Java Control Panel dialog boxes.
CAUTION:
•
For G2 and G5 CLIMs, if multiple CLIM component firmware updates are required, update
the SAS HBA firmware in slot 5 last. During a SAS update of the slot-5 HBA, the CLIM may
be rebooted automatically.
•
Even though, in the OSM Multi-Resource window, these objects can be selected and an action
performed on them at the same time, internally, the OSM server performs these actions one
at a time to maintain system stability:
◦
CLIM FC card (BIOS and firmware)
◦
CLIM SAS card (BIOS and firmware)
◦
SAS Disk enclosure firmware
Divide Storage CLIMs into Primary and Backup Path Groups
This optional procedure explains how to divide CLIMs into two groups such that the CLIMs configured
as the primary and mirror paths for any given disk are not in the same group. The purpose is so
you can update SAS card firmware and later reboot the CLIMs by group (as directed, in “Performing
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
151
CLIM Firmware Updates with the System Running” (page 155)), and not bring down both paths for
any disk.
•
Check the storage disk configuration on the running NonStop system.
•
Make a primary group and a backup group based on the CLIMs configured as primary and
backup paths for disks.
1. Find out through which CLIMs the disk paths are configured and the status of the paths:
a. Using the Multi-Resource Actions window, select the resource type CLIM Attached
Disk.
All the logical disks configured through CLIMs are listed.
The Primary Path or Backup Path attributes show the configured CLIM information
of the disk.
The Primary Path State and Backup Path State attribute show whether the path through
the CLIM connected to the disk is up or down.
152
Upgrading CIP
2.
Divide all the Storage CLIMs into two groups such that the same group does not have
both CLIMs configured as primary and mirror paths for the same disk. For example, the
data shown in the images in previous step, the CLIMs must be divided as:
◦
Group 1 – C1002543, C1002533
◦
Group 2 – C1002541, C1002531
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
153
•
Check which two CLIMs implement $ZTCP0 and $ZTCP1.
At the TACL prompt, issue the command:
TACL> SCF INFO SUBNET $ZTCP*.*, DETAIL
This shows which CLIMs implement the two processes. For example (IP addresses and system
name removed):
In this example, CLIMs C1002581 and C1002583 implement the $ZTCP0 and $ZTCP1
processes.
Estimating Time for CLIM Firmware Updates
You can use Table 11 (page 154) to estimate the total amount of time needed to update the specified
components in your environment.
Table 11 Firmware Update Time Estimates and Calculation Form
Object
T#
CLIM ROM T0848
CLIM iLO
T0848
Number of
components
updated
Estimated time (minutes)
Up to 16
2 to 4
Up to 32
4 to 8
Up to 16
5 to 7. No reboot
required.
Up to 32
15 to 21
NIC
T0849
Multiple NICs
on different
CLIMs (1 NIC
per CLIM)
2
Smart
Array
Controller
T0846
Up to 16
2 to 4
Up to 32
4 to 8
154 Upgrading CIP
Comments
A maximum of 8 are
updated in parallel.
Estimated time for your
environment (fill in the
value based on the
information in the
previous columns)
Table 11 Firmware Update Time Estimates and Calculation Form (continued)
Estimated time for your
environment (fill in the
value based on the
information in the
previous columns)
Object
T#
Number of
components
updated
SAS HBA
Firmware
T0842
1
2 to 4
Single update
>1
2 to 4 minutes per SAS
HBAs to be updated
This firmware is
updated serially.
1
2 to 4
Single update
>1
2 to 4 minutes per SAS
HBAs to be updated
This firmware is
updated serially.
1
2 to 4
Single update
>1
2 to 4 minutes per SAS
HBAs to be updated
This firmware is
updated serially.
Multiple NICs
on a single
CLIM
2 times the number of
NICs on the CLIM
1
15 to 20
>1
15 to 20 minutesper
MSA70
1
8 to 10
>1
8 to 10 minutes per
D2700
1
8 to 10
>1
8 to 10 minutes per
M8390-12
1
8 to 10
>1
8 to 10 minutes per
M8391-24
SAS HBA
BIOS
FC HBA
Firmware
MSA70
D2700
SAS disk
enclosure
T0842
T0843
T0841
T0841
M8390-12CG T0856
M8391-24x T0856
Estimated time (minutes)
Comments
This firmware is
updated serially.
Total Time:
Performing CLIM Firmware Updates with the System Running
This procedure presents a suggested sequence for updating CLIM firmware using the OSM Service
Connection.
1. To update CLIM iLO firmware:
a. Open the OSM Service Connection Multi-Resource dialog box.
b. Click Display →Multi-Resource Actions
c. Select the resource type CLIM.
d. Choose the iLO Update action.
e. Select all the CLIMs that show the iLO Compare State attribute as Down-rev.
f. Add the selected CLIMs to the bottom pane.
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
155
g.
h.
Click Perform Action.
Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
The progress bar at the bottom indicates the result of the performed actions
(Passed/Failed). A
(Passed) or a (Failed) indication at the side of each component
shows the individual resource action result.
Click Action Summary to view the summary of all the actions performed on the system.
If this is the only firmware being updated, only an iLO reset is required.
2.
3.
156
Once the updates are completed, click Remove All to clear the bottom pane.
To update ROM firmware:
a. Perform steps 1.a through 1.c.
b. Choose the ROM Update action.
c. Select all the CLIMs that show the ROM Compare State attribute as Down-rev and add
them to the bottom pane.
Upgrading CIP
d.
e.
Click Perform Action.
Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
4.
To update CLIM NIC firmware:
a. Perform steps 1.a through 1.b.
b. Select the resource type CLIM NIC.
c. Choose the Firmware Update action.
d. Select all the CLIM NICs that show the Firmware Compare State attribute as Down-rev.
e. Add the selected CLIM NICs to the bottom pane.
f. Click Perform Action.
g. Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
5.
To update CLIM smart array controller firmware:
a. Perform steps 1.a through 1.b.
b. Select the resource type CLIM Smart Array Controller.
c. Choose the Firmware Update action.
d. Select all the CLIM Smart Array Controller that show the Firmware Compare State attribute
as Down-rev.
e. Add the selected CLIM Smart Array Controllers to the bottom pane.
f. Click Perform Action.
g. Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
6.
To update CLIM FC card BIOS:
a. Perform steps 1.a through 1.b.
b. Select the resource type CLIM FC Card.
c. Select all the CLIM FC Cards that show the BIOS Compare State attribute as Down-revand
choose the BIOS Update action.
d. Add the selected CLIM FC cards to the bottom pane.
e. Click Perform Action.
f. Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
7.
8.
Once the updates are completed, click Remove All to clear the bottom pane.
To update FC card firmware:
a. Perform steps 1.a through 1.b.
b. Select the resource type CLIM FC Card.
c. Choose the Firmware Update action.
d. Select all the CLIM FC Cards that show the Firmware Compare State attribute as Down-rev
and add them to the bottom pane.
e. Click Perform Action.
f. Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
9.
To update SAS disk enclosure firmware:
a. Perform steps 1.a through 1.b.
b. Select the resource type SASDiskEnclosure.
c. Choose the Firmware Update action.
NOTE: After you update the firmware, perform a power cycle to complete the MSA70
firmware update. (Even though the updated firmware revision information displays, the
firmware is not completely updated until the power cycle occurs.)
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
157
d.
e.
f.
g.
Select all the SAS Disk Enclosures that show the Firmware Compare State attribute as
Down-rev.
Add the selected SAS Disk Enclosures to the bottom pane.
Click Perform Action.
Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
10. To update CLIM SAS card BIOS:
a. Perform steps 1.a through 1.b.
b. Select the resource type CLIM SAS Card.
c. Choose the BIOS Update action.
d. Select all the CLIM SAS Cards that show the BIOS Compare State attribute as Down-rev.
e. Add the selected CLIM SAS Cards to the bottom pane.
f. Click Perform Action.
g. Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
11. Once the updates are completed, click Remove All to clear the bottom pane.
12. To update SAS card firmware:
a. Perform steps 1.a through 1.b.
b. Update firmware of CLIM SAS cards that are not in slot 5:
i. Choose the Firmware Update action.
ii. Select all the CLIM SAS cards that show the Firmware Compare State attribute as
Down-rev and that are not in slot 5 (that is, whose Resource Name does not end
with $ZZCIP.Clim-Name.5), and add them to the bottom pane.
iii. Click Perform Action.
iv. Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
c.
d.
Once the updates are completed, click Remove All to clear the bottom pane.
Update the down-rev CLIM SAS cards that are in slot 5 and the first group:
i. Choose the Firmware Update action.
ii. Select the SAS cards of Storage CLIMs that show the Firmware Compare State attribute
as Down-rev that are in slot 5 (that is, whose Resource Name ends with
‘$ZZCIP.Clim-Name.5), and whose CLIMs belong to the first group of Storage
CLIMs to be updated (determined previously by looking at the primary and backup
paths of disks). Add these SAS Cards to the bottom pane.
iii. Group the SAS cards of half the networking CLIMs that show the Firmware Compare
State attribute as Down-rev that are in slot 5 (that is, whose Resource Name ends
with $ZZCIP.Clim-Name.5). (Include the CLIM implementing $ZTCP0 in this group,
but NOT the CLIM implementing $ZTCP1.) Add these SAS cards to the bottom pane.
iv. Click Perform Action.
NOTE: During a SAS update of the slot-5 HBA, the CLIM may be rebooted
automatically.
v.
e.
f.
158
Upgrading CIP
Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
Step 12.d may result in some CLIMs being rebooted automatically, which will result in
CLIMs transitioning to the STARTING state as shown by the SCF STATUS CLIM
$ZZCIP.* command. If any CLIM has changed to the STARTING state, wait until the
recovery is completed and the CLIM changes back to the STARTED state.
Once the updates are completed, click Remove All to clear the bottom pane.
g.
h.
Wait for the updated CLIMs to return to the STARTED state, determined by using the SCF
STATUS CLIM $ZZCIP.* command to find the current status
Update down-rev firmware of the remaining CLIM SAS cards that are in slot 5.
i. Choose the Firmware Update action.
ii. Select the SAS cards of Storage CLIMs that show the Firmware Compare State attribute
as Down-rev, that are in slot 5 (that is, whose Resource Name ends with
‘$ZZCIP.Clim-Name.5), and whose CLIMs belong to the second group of Storage
CLIMs to be updated (determined previously by looking at the primary and backup
paths of disks). Add these SAS cards to the bottom pane.
iii. Select the SAS cards of the second group of networking CLIMs that show the Firmware
Compare State attribute as Down-rev, and are in slot 5 (that is, whose Resource
Name ends with $ZZCIP.Clim-Name.5). (Include the CLIM implementing $ZTCP1
in this group.) Add these SAS cards to the bottom pane.
iv. Click Perform Action.
NOTE: During a SAS update of the slot-5 HBA, the CLIM may be rebooted
automatically.
v.
i.
j.
Check the estimated time in Table 11 (page 154) and wait for the updates to complete.
(See the figures in step 1.h.)
Step 12.h may result in some CLIMs being rebooted automatically which will result in
CLIMs being transitioned to the STARTING state as shown by the SCF STATUS CLIM
$ZZCIP.* command. If any CLIM has changed to the STARTING state, wait until the
recovery is completed and the CLIM changes back to STARTED state.
Wait for the updated CLIMs to return to the STARTED state by using the SCF STATUS
CLIM $ZZCIP.* command to find the current status.
Once all the CLIMs and their components are updated, the CLIMs must be rebooted.
Verify if any CLIM was automatically rebooted as a result of the firmware update in step 12.d or
12.h. If so, do NOT reboot it again by using the CLIM reboot procedure in “Rebooting CLIMs
When the System is Up” (page 159).
Rebooting CLIMs When the System is Up
This procedure reboots CLIMs in parallel while avoiding losing access to the OSM Service
Connection, $SYSTEM, or any disk revives.
1. Switch away the paths of the first group of Storage CLIMs:
a. Open the OSM Service Connection Multi-Resource Actions window by using the OSM
Service Connection window and clicking Display→Multi-Resource Actions.
b. Select the resource type CLIM.
c. Choose the Switch Storage Paths Away action.
d. Select the first group of Storage CLIMs to be updated (determined previously by looking
at the primary and backup paths of disks) and add them to the bottom pane.
NOTE: Do not select any Storage CLIM that already was rebooted at the end of firmware
update procedure.
e.
f.
2.
Click Perform Action.
Wait for the updates to complete. See the figures in step 1.h of “Upgrading CLIM Firmware
with the System Running” (page 150).
Add the first group of networking CLIMs:
Select half of the networking CLIMs (include the CLIM implementing $ZTCP0 in this half, but
not the CLIM implementing $ZTCP1), and add them to the bottom pane. Do not select any
networking CLIM that already was rebooted at the end of the firmware-update procedure.
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
159
3.
Reboot all the selected Storage and networking CLIMs.
a. Select Reboot.
b. Click Perform Action.
4.
Wait for the CLIMs to return to the STARTED state by using the SCF STATUS CLIM $ZZCIP.*
command.
Click Remove All to clear the bottom pane.
Switch away the paths of the second group of Storage CLIMs to be updated.
a. Select the second group of Storage CLIMs to be updated (determined previously by
looking at the primary and backup paths of disks) and add them to the bottom pane, but
do not select any Storage CLIM that was already rebooted at the end of firmware update
procedure.
b. Choose the Switch Storage Paths Away action.
c. Click Perform Action.
d. Wait for the updates to complete. See the figures in step 2 of “Upgrading CLIM Firmware
with the System Running” (page 150).
5.
6.
7.
Select the second group of the networking CLIMs:
Select the other half of the networking CLIMs not included in the first set of reboots (include
the CLIM implementing $ZTCP1 in this half), but do not select any networking CLIM that was
already rebooted at the end of firmware update procedure, and add them to the bottom pane.
8.
Reboot all the selected Storage and networking CLIMs.
a. Select Reboot to reboot all the selected Storage and networking CLIMs.
b. Click Perform Action.
9.
Wait for the CLIMs to return to the STARTED state by using the SCF STATUS CLIM $ZZCIP.*
command.
Upgrading Multiple CLIMs in Parallel
You can upgrade four CLIMs simultaneously. This example uses these 10 CLIMs:
•
Two Storage CLIMs providing dual paths to a set of disks.
•
Two IP CLIMs that form a failover pair.
•
Two IP CLIMs that are used for an Expand multi-line-path configuration.
•
Two IP CLIMs that are not in any backup configuration.
•
Two Telco CLIMs that provide multiple links for INS applications.
In this example, the CLIMs are grouped by type, but you can also update multiple CLIM types in
parallel. See “Upgrading Multiple CLIMs of Different Types” (page 165).
To upgrade multiple CLIMs, update the software on each CLIM that is configured with a backup,
one at a time, and ensure the first of each of these upgraded CLIMs is operational before updating
the backup CLIMs. If you upgrade CLIMs that are not configured with some form of backup, plan
for the unavailability of these network or storage resources.
To update multiple CLIMs, open one window with OSM Low-Level Link for each CLIM.
CAUTION:
To make sure there are sufficient resources, upgrade four or fewer CLIMs at a time.
Upgrading Groups of Storage CLIMs
Although this example shows two Storage CLIMs, you can have four Storage CLIMs providing
paths to a disk volume. If so, update one CLIM per disk volume at a time.
160 Upgrading CIP
NOTE: Examples of Storage CLIMs not in fault-tolerant configurations include Storage CLIMs that
are connected to a disk or tape that has no functioning backup path. If you have disks that do not
have a backup path, only update the primary Storage CLIM that provides its path after planning
for the unavailability of these disks.
1.
For each Storage CLIM, check that the CLIM has a backup path by following steps 1 - 3 in
“1. Prepare the Storage CLIM for Upgrade (skip if the host system is not running)” (page 139).
Return to this procedure and fill in the group upgrade form as shown in this example (Table 12:
Sample populated Storage CLIM group upgrade form). When you are filling in the group
form, put the primary Storage CLIMs in one upgrade group and the backup CLIMs in another
group so that a path to each disk remains active when one of the CLIMs is stopped.
Table 12 Sample populated Storage CLIM group upgrade form
CLIM name
Type Group
S1002531
Stor
A
Running
Maint
Prov?
If yes,
B/up
which Storage
CLIM
one? path B/up CLIM name started ?
P
S1002533
Y
S1002531
Y
Switch
and
CLIM
Normal
abort
Upgrade restarted operations
done ? done ? ?
resumed?
MB
S1002533
Stor
B
B
M
2.
3.
Perform the remaining preparation steps, steps 4 - 7, in “1. Prepare the Storage CLIM for
Upgrade (skip if the host system is not running)” (page 139), but return to this procedure to
complete the group form. (Do not perform the software upgrade yet.)
Look at the form, which tells you which CLIMs are in the first group (group A in this example)
and, selecting up to four CLIMs from this group, perform “2. Upgrade the Storage CLIM”
(page 141) on all the CLIMs simultaneously by using multiple sessions of OSM Low-Level Link,
one for each CLIM. For example:
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
161
4.
For each CLIM in the group, perform “3. Resume Storage CLIM Normal Operations (skip if
the host system is not running)” (page 141).
Upgrading Groups of IP CLIMs
CAUTION: When upgrading multiple IP CLIMs at a time, do not upgrade the one where $ZTC0
is configured or you will lose your session.
1.
2.
See steps 1 - 2 of “1. Prepare IP CLIMs for Upgrade (skip if the host system is not running)”
(page 143) to determine which IP CLIMs are configured as failover pairs then return to this
procedure. Do not perform the failover yet.
Divide all IP CLIM failover pairs in the system into the groups and update the form.
•
Upgrade Group A
N1002541
•
Upgrade Group B
N1002582
3.
Determine if any CLIMs have $ZTCP0 and $ZTCP1.
> INFO PROVIDER $ZZCIP.ZTCP0 , DETAIL
CIP Detailed info PROVIDER \MYSYS.$ZZCIP.ZTCP0
*TPName....................
Type......................
*HostID....................
*Hostname..................
*TCP-Listen-Que-Min........
162
Upgrading CIP
$ZTCP0
MAINTENANCE
1.2.3.4
home1
128
*BRecvPort................. No Ports Specified
*CLIM...................... N1002581
*IPAddress................. 192.168.36.10
> INFO PROVIDER $ZZCIP.ZTCP1 , DETAIL
CIP Detailed info PROVIDER \MYSYS.$ZZCIP.ZTCP1
*TPName....................
Type......................
*HostID....................
*Hostname..................
*TCP-Listen-Que-Min........
*BRecvPort.................
*CLIM......................
*IPAddress.................
$ZTCP1
MAINTENANCE
0.0.0.0
osmlany
128
No Ports Specified
N1002582
192.168.36.11
The maintenance Providers $ZTCP0 and $ZTCP1 are in N1002581 and N1002582.
4.
Divide the CLIMs associated with $ZTCP0 and $ZTCP1 into two different groups and update
the form accordingly.
CAUTION: If one of these CLIMs is not in the started state, or its eth0:0 interface is not in
the started state, correct this condition before upgrading. An SCF STATUS PROVIDER
$ZZCIP.ZTCP* , DETAIL command shows the status of the eth0:0 interface (ensure Status
and LkP show UP) and of the provider (ensure State and TPStatus show as Started).
•
Upgrade Group A
N1002541, N1002581
•
Upgrade Group B
N1002582
5.
6.
7.
Determine which CLIMs are configured for Expand multi-line paths. See the Expand
Configuration and Management Manual. In this example, the two IP CLIMs N1012581 and
N1012582 are configured in Provider CSAM5, which is the Provider for an Expand
multi-line-path configuration.
Make sure all lines part of the path are up.
Divide these CLIMs into the groups and add them to the form.
Group A
N1002541, N1002581, N1012581
Upgrade Group B
N1002582, N1002542, N1012582
8.
Identify the IP CLIMs that are not configured with backups, either through IP failover or through
Expand multi-line path redundancy. In this example, these CLIMs include N1002542 and
N1002581. N1002581 was already put in group A as part of the step to divide the
maintenance Provider CLIMs. N1002542 goes in group B. (It is not actually necessary to
divide the CLIMs that are not configured with backup into different groups because they are
independent. However, because CLIMs should only be upgraded in groups of four, it is a
good practice to balance the number of CLIMs between groups.)
Add them to the form.
Upgrade Group B
N1002582, N1002542
9.
Complete the form as shown in Table 13: Sample populated IP CLIM group upgrade form:
Upgrading CLIM Software and Firmware While Maintaining Network or Storage Traffic
163
Table 13 Sample populated IP CLIM group upgrade form
Running
Maint
Prov?
If yes,
B/up
which Storage
CLIM
one? path B/up CLIM name started ?
CLIM name
Type Group
N1002541
IP
A
N1002542 IP
B
N1002581
IP
B
ZTCP0
N1002582 IP
A
ZTCP1
N1012581
IP
N1012582
IP
N1002582
Switch
and
CLIM
Normal
abort
Upgrade restarted operations
done ? done ? ?
resumed?
Y
N/A
N/A
N1002541
Y
A
N1012582
Y
B
N1012581
Y
10. Return to steps 3 - 5 of “1. Prepare IP CLIMs for Upgrade (skip if the host system is not running)”
(page 143) and perform the failover for the failover-configured CLIMs in the primary group.
11. For up to four CLIMs in the first group, perform “2. Upgrade the IP CLIMs” (page 144) by using
multiple sessions of OSM Low-Level Link, one for each CLIM.
12. For each CLIM in the group, perform step “3. Resume IP CLIM Normal Operations (skip if the
host system is not running)” (page 144).
Upgrading Groups of Telco CLIMs
CAUTION: Make sure you have a second CLIM that is connected to the same set of links before
you perform the upgrade.
1.
2.
Follow the information gathering steps, steps 1 - 4 of “1. Prepare the Telco CLIM for Upgrade
(skip if the host system is not running)” (page 145) then return to this procedure.
Divide all Telco CLIM pairs in the system, where both CLIMs are in the started state and the
links are also functioning, into groups, and enter them on the form as shown in Table 14:
Sample populated Telco CLIM group upgrade form:
Table 14 Sample populated Telco CLIM group upgrade form
3.
4.
5.
Running
Maint
Prov?
If yes,
which
Storage
CLIM name Type Group one? Provider path B/up CLIM name
B/up
CLIM
started
?
O1002571 Telco A
O1002572
Y
O1002572 Telco B
O1002571
Y
Switch
and
Upgrade CLIM
Normal
abort
done restarted operations
done ? ?
?
resumed?
Return to “1. Prepare the Telco CLIM for Upgrade (skip if the host system is not running)”
(page 145), and perform steps 5 - 7, deactivating links and aborting the CLIMs in the first
group. Fill in the group form in this procedure.
For up to four CLIMs in the first group, perform step “2. Upgrade the Telco CLIM” (page 146)
by using multiple sessions of OSM Low-Level Link, one for each CLIM.
For each CLIM in the group, perform step “3. Resume Telco CLIM Normal Operations (skip
if the host system is not running)” (page 146).
164 Upgrading CIP
Upgrading Multiple CLIMs of Different Types
1.
Follow the procedures for dividing the CLIMs into groups as described in “Upgrading Groups
of Storage CLIMs” (page 160), “Upgrading Groups of IP CLIMs” (page 162), and “Upgrading
Groups of Telco CLIMs” (page 164) and complete the form as shown in Table 15: Sample
populated IP CLIM group upgrade form:
Table 15 Sample populated IP CLIM group upgrade form
Running
Maint
Prov?
If yes,
B/up
which Storage
CLIM
one? path B/up CLIM name started ?
CLIM name
Type Group
N1002541
IP
A
N1002542 IP
B
N1002581
IP
B
ZTCP0
N1002582 IP
A
ZTCP1
N1012581
IP
N1012582
IP
O1002571
N1002582
Y
N1002541
Y
A
N1012582
Y
B
N1012581
Y
Telco A
O1002572
Y
O1002572 Telco B
O1002571
Y
S1002533
Y
S1002531
Y
S1002531
St
A
P
Switch
and
CLIM
Normal
abort
Upgrade restarted operations
done ? done ? ?
resumed?
MB
S1002533
St
B
M
B
2.
3.
4.
Follow the procedures for completing the preparation steps for each CLIM type as described
in “Upgrading Groups of Storage CLIMs” (page 160), “Upgrading Groups of IP CLIMs”
(page 162), and “Upgrading Groups of Telco CLIMs” (page 164).
Follow the procedures for upgrading the CLIMs, using appropriate groups such that a backup
of each CLIM remains active during the procedure, by following the upgrade procedure as
described in “Upgrading Groups of Storage CLIMs” (page 160), “Upgrading Groups of IP
CLIMs” (page 162), and “Upgrading Groups of Telco CLIMs” (page 164). You can upgrade
multiple types of CLIMs at a time.
Follow the procedures for resuming operations as described in “Upgrading Groups of Storage
CLIMs” (page 160), “Upgrading Groups of IP CLIMs” (page 162), and “Upgrading Groups of
Telco CLIMs” (page 164).
Upgrading CLIM Software or Firmware While the System is Down
This section describes how to update CLIM software and firmware during planned system down
time, such as during an RVU upgrade, and provides guidance on optimizing CLIM software and
firmware updates during an RVU upgrade. Updating CLIM software and firmware when the system
is down, when there is no need to maintain network or storage traffic, is the fastest, most efficient
method. All CLIM firmware can be updated simultaneously through the Down System CLIM Firmware
Update Tool. To update CLIM firmware when the system is down, you must also have the following
Upgrading CLIM Software or Firmware While the System is Down
165
requisite software, and also perform an action in the OSM Service Connection before halting the
system:
•
OSM Service Connection, T0682 H02 ACV or later
This SPR must be installed on $SYSTEM.SYS00 (having it in any other $SYSTEM.SYSnn is
insufficient) for the Down System CLIM Firmware Update to work correctly.
•
OSM Console Tools product T0634 G06 ABB and later
•
SSH product T0801 ABA or later
•
Update OSM Low Level Link to the requisite version as specified in the T0853 softdoc.
Overview of Optimized CLIM Software and Firmware Update Procedure
1.
2.
3.
4.
5.
“Prepare CLIMs for Down System Firmware Update” (page 166)
“Halt the Processors” (page 166)
“Update CLIM Software on a Down System”
“Update CLIM Firmware on a Down System” (page 167)
“Load the System” (page 168)
Prepare CLIMs for Down System Firmware Update
In order to update CLIM firmware while the system is down, you must first perform the Prepare for
Down System CLIM Firmware Update action in the OSM Service Connection. The action is located
under the CLIMs object (the container object under which all individual CLIMs on the system reside).
For more information, see the OSM Service Connection online help. Upon successful completion
of this action, you will be able to perform the updates when the system is down, using the Down
System CLIM Firmware Update Tool (see “Update CLIM Firmware on a Down System” (page 167)).
Halt the Processors
Halt all the processors by using the OSM Low-Level Link, as described in the <RVU> Software
Installation and Upgrade Guide.
Update CLIM Software on a Down System
Use the OSM Low-Level Link to update the CLIM software on all CLIMs in parallel.
NOTE:
1.
This procedure requires two NonStop system consoles (NSCs).
Install CLIM software on both NSCs.
You will update half of the CLIMs using the first NSC and the other half using the second NSC.
2.
3.
From each NSC, start multiple OSM Low-Level Link sessions, one for each CLIM to be updated.
For each OSM Low-Level Link session:
a. Choose Software Update.
b.
c.
166 Upgrading CIP
Enter the IP address of this NSC.
Select the software version to use (IP address altered for example):
d.
Click Update.
When the update is complete, it displays a dialog box stating that the update is complete.
e.
Click OK.
f.
Click Reboot in the I Software Update dialog box.
OSM Low-Level Link automatically logs you off after the reboot.
Update CLIM Firmware on a Down System
Use the Down System CLIM Firmware Update Tool, located on the NonStop system console, to
perform the firmware updates. Updating CLIM firmware while the system is down requires this tool
and any requisite software, as described in “Upgrading CLIM Software or Firmware While the
System is Down ” (page 165). Using this method also requires that you perform the Prepare for
Upgrading CLIM Software or Firmware While the System is Down
167
Down System CLIM Firmware Update action before halting all processors, as described in “Prepare
CLIMs for Down System Firmware Update” (page 166).
Use the Down System CLIM Firmware Update Tool, installed on NonStop system consoles as part
of the OSM Console Tools product T0634 G06 ABB (and later), to perform the CLIM firmware
updates.
The Down System CLIM Firmware Update Tool is launched from the Windows Start menu by
selecting All Programs > HP OSM > Down System CLIM Firmware Update Tool. For more information
on using the tool, see the online help available from within the tool.
When the firmware updates have completed, the Down System CLIM Firmware Update Tool
automatically reboots all CLIMs that require a reboot. You can now load the NonStop system,
using the OSM Low-Level Link, as described in the <RVU> Software Installation and Upgrade
Guide.
Load the System
When all CLIM firmware updates have completed and the Down System CLIM Firmware Update
Tool has rebooted any CLIMs that require a reboot, load the NonStop system using the OSM
Low-Level Link, as described in the <RVU> Software Installation and Upgrade Guide.
Use the OSM Service Connection Multi-Resource Actions dialog box to confirm the CLIM firmware
versions.
Falling Back to Conventional TCP/IP or NonStop TCP/IPv6
This subsection provides fallback procedures for returning your system to use either conventional
TCP/IP or NonStop TCP/IPv6. In addition to reading these procedures, see “Managing the
Configuration Preservation” (page 113).
NOTE: Parallel Library TCP/IP fallback is not listed here as it requires that you fall back to a
G-series RVU. This procedure assumes that you are on an H-series or J-series RVU.
NOTE: To fall back to a previous version of the CLIM software, see the H06.nn Software Installation
and Upgrade Guide or the J06.nn Software Installation and Upgrade Guide for the RVU you are
currently running.
Falling Back to Conventional TCP/IP or NonStop TCP/IPv6
1.
2.
Follow one of the shutdown procedures in this section to stop CIP.
Switch over to the existing conventional TCP/IP or NonStop TCP/IPv6 environment.
Reset the DEFINEs, PARAMs, and transport-service provider name-set procedure calls for your
applications back to the conventional TCP/IP or TCP6SAM process name.
a. Determine the name of your preferred transport-service provider name by using use the
LISTDEV command to obtain a list of running TCP/IP processes:
> LISTDEV TCPIP
b.
3.
Change the transport-service provider name for Guardian and OSS applications to the
conventional TCP/IP or TCP6SAM process by entering one of these commands:
•
ADD DEFINE =TCPIP^PROCESS^NAME, class map, file $tcpip-process-name
•
PARAM TCPIP^PROCESS^NAME $tcpip-process-name
Change these procedure calls for Guardian and OSS socket applications:
•
socket_set_inet_name() (for Guardian applications)
•
socket_transport_name_set() (for OSS applications)
168 Upgrading CIP
Falling Back to Previous RVUs that Support the Multiple Providers per CLIM
Feature
You can fall back to a previous RVU that is supported by Multiple Providers per CLIM, but keep
an IP and OPEN MODE (Telco or IB) CLIM at the new level if it is either configured with MULTIPROV
OFF, or you install the minimum SPRs to support the Multiple Providers per CLIM feature along with
that RVU.
Although Multiple Providers per CLIM support is effective with the J06.14/H06.25 or subsequent
RVUs, you can also use Multiple Providers per CLIM on NonStop operating systems with IP and
OPEN MODE (Telco or IB) CLIMs beginning with the J06.08/H06.19 RVUs with a defined set of
SPRs. Refer to the Cluster I/O Module (CLIM) Software Compatibility Reference for specific
information on which SPRs are supported for each RVU.
You only need to take fallback action on CLIMs configured with MULTIPROV ON. To determine if
any CLIMs are configured in this manner, issue the SCF INFO CLIM $ZZCIP.* command.
Delete the multiple provider associations and turn the MULTIPROV attribute off, as described under
“Disabling the MULTIPROV Attribute” (page 130).
Falling Back to a Previous CLIM Version
It should never be necessary to fall back to a previous CLIM version, but if you want to do so, have
your service provider see the Reimaging or Downgrading a CLIM service procedure. If you have
to revert the software on the CLIMs during an RVU fallback, see the H06.nn Software Installation
and Upgrade Guide or the J06.nn Software Installation and Upgrade Guide for the RVU you are
currently running. The procedures in those guides account for the timing of CLIM fallback in the
context of a system RVU fallback.
Falling Back to Previous RVUs that Support the Multiple Providers per CLIM Feature
169
5 LUN Manager for Storage CIP
In addition to this manual, see the SCF Reference Manual for the Storage Subsystem for commands
such as STATUS CLIM, INFO CLIM, and configuring a disk or tape through a CLIM.
Lunmgr Commands
The lunmgr manages the LUN number assignments that the CLIM uses to communicate with the
NonStop host system. Command syntax for lunmgr is:
CLIMCMD clim-name | IP-address -option
The lunmgr accepts these command line options:
approve Command
Displays the next enclosure number assignment that requires approval and accepts approval or
change of the assigned number. Valid replies are y (approve), n (do not approve), or a base LUN
number valid for the enclosure type. Yesall automatically approves all assignments at once. Verbose
displays the enclosure table and enclosures present. The syntax is:
-a [ yesall | verbose ] | --approve [ yesall | verbose ]
Valid user replies are:
y
Approve
n
Do not approve
lun
A base LUN number valid for the enclosure type
Yesall
Automatically approves all assignments at once.
Verbose
Displays the enclosure table and enclosures present.
Binaryfind Command
Finds the physical identity and location of a device LUN. This command is like the --find command
but produces a binary format output. It is not useful to an interactive user. The syntax is:
-b [lun] |
--binaryfind [lun]
lun
Is a decimal LUN number.
Clear Command
Clears devices from the LUN table in kernel memory and blocks all subsequent lunmgr commands
except --unblock and --clear. If no slot is specified, the command clears the entire LUN table.
If a slot but no port is specified, the command clears all LUNs connected to the slot. This option is
used internally during maintenance procedures such as firmware replacement. No NonStop I/O
process should have any paths UP through the cleared port(s). The syntax is:
-c [slot slotnum [port portnum]]| --clear [slot slotnum [port portnum]]
Delete Command
Deletes enclosure table entries but only if there are no corresponding device LUNs. If no LUN is
specified, delete all enclosure table entries with no corresponding device LUNs. The syntax is:
-d [lun]|--delete [lun]
170
LUN Manager for Storage CIP
lun
Is a decimal LUN number.
If no lun is specified, deletes all enclosure table entries with no corresponding device LUNs.
Confirms with "Are you sure?".
Enclosures Command
Displays the enclosure table and enclosures present. The syntax is:
-e |
--enclosures
Example of Lunmgr Enclosures Command
Verify that the CLIM can see the corresponding ESS port WWN and that it is in the CLIM's enclosure
table with the lunmgr --enclosures command.
> CLIMCMD s1002532 lunmgr --enclosures
The system displays the enclosures. This example shows two ESS ports connected but not yet
approved into the enclosure table and one connected SAS disk enclosure that has been approved:
-- Enclosure table -lun
type
stable address
100
1
enclosure 500110a000781200
-- Enclosures present -dev
type
stable address
sda
2
port 50060e8004289406
sdw
2
port 50060e8004289416
sg63
1
enclosure 500110a000781200
controller
slot 1, port 1
slot 1, port 1
slot 3, port 1, expander 1
serial #
revision
SGA7060029 2.10
Type 1 is a SAS disk enclosure. Type 2 is an ESS port. You can identify the port WWNs of the
ESS in the stable-address column.
Find Command
Finds the physical identity of a device LUN. If no LUN is specified, find all devices. This provides
additional information which is not shown by --print. The syntax is:
-f [lun] | --find [lun]
lun
Is a decimal LUN number.
If no lun is specified, find all devices.
Example of Lunmgr Find Command
To obtain the Storage CLIM's LUN for the SCF ADD DISK command:
> CLIMCMD s1002532 lunmgr --find
lunmgr displays the Storage CLIM's LUN:
lun
1012
1513
type
2 (disk-ess)
2 (disk-ess)
controller
slot 1, port 1
slot 1, port 1
location
port 50060e8004289406, lun 12 (0xc)
port 50060e8004289416, lun 13 (0xd)
The LUN shown on the left (under lun) is the Storage CLIM's LUN that you use in the SCF ADD
DISK command. The port and LUN on the right (under location) are the ESS's port WWN and
LUN.
Help Command
Displays a list of valid lunmgr options and effects. The syntax is:
-h | --help
Led Command
Turns on or off an enclosure or disk locator LED. The syntax is:
Lunmgr Commands
171
-l lun { on | off } |
--led lun { on | off }
lun
Is a decimal LUN number.
Print Command
Displays a device LUN table entry from kernel memory. If no LUN is specified, display the entire
device LUN table. The syntax is:
-p [lun]| --print [lun]
If no lun is specified, find all devices.
Renumber Command
Renumber an old enclosure base LUN to a new value. This command fails if any device in the old
enclosure has an I/O operation outstanding or there is already an enclosure with the new LUN
value. The syntax is:
-r old new | --renumber old new
old
Is the old LUN value.
new
Is the new LUN value.
If any device in old enclosure has an I/O outstanding or there is already an entry for new, returns
an error. Confirms with "Are you sure?".
Scan Command
Scan all HBA ports for new devices. This option should be used after you create new ESS LUNs
or new virtual tapes in a VTS so that the CLIM sees the new device LUNs. The syntax is:
-s | --scan
Startover Command
Clears the device LUN table, enclosure table, and enclosure LCDs. If the existing enclosure table
is significantly different from what is desired, then --startover followed by --approve may
be simpler to use than several --delete and --renumber commands. The syntax is:
--startover
Unblock Command
Unblocks lunmgr so that all subsequent lunmgr commands are allowed. If multiple --clear commands
have been entered, then an equal number of --unblock commands must be entered before other
commands, including --update, are allowed. The syntax is:
--unblock
Update Command
Finds new storage devices and assigns new device LUN numbers to them. The verbose option
displays the device table and devices present. This option is used internally whenever devices are
added or removed, so it is rarely necessary to use --update interactively. The --approve and
--unblock options automatically perform an --update.
172
•
Recognizes and ignores non-storage devices.
•
Recognizes known devices by stable attributes and updates volatile I/O address.
LUN Manager for Storage CIP
•
Assigns new Storage CLIM LUN numbers to previously unknown storage devices.
•
Recognizes the CLIM boot disk and excludes it from the LUN Table.
The syntax is:
-u [ verbose ]| --update [ verbose ]
Verbose
Displays the device table and devices present.
Considerations for the Update Command
Only 512 devices per CLIM are supported. If the device table is full, lunmgr displays this error
message on the screen and in the NonStop host system EMS log:
Can't add lun lun_number. 512 devices already in table.
The recovery is to make fewer than 512 devices visible to the CLIM. Contact your service provider
for this task.
WWNs Command
Displays the WWNs of all fibre channel HBA ports. The syntax is:
-w | --wwns
Lunmgr Commands
173
6 IP CIP Migration, Compatibility and Operational
Differences
The same methods of specifying a NonStop TCP/IPv6 transport-service provider are available for
CIP. Once CIP is installed, applications can use CIP by specifying a CIPSAM process name as
their transport-service provider. An application can change transport-service providers while running
and can also have sockets using conventional NonStop TCP/IP, NonStop TCP/IPv6 and CIP at
the same time. (Parallel Library TCP/IP cannot co-exist with NonStop TCP/IPv6.)
This chapter covers:
•
“Summary of High-Level Differences Between Previous TCP/IP Subsystems and CIP”
•
“Operational Differences Between Previous TCP/IP Subsystems and CIP” (page 175)
•
“Application Programming Differences Between NonStop TCP/IPv6 and CIP” (page 188)
•
“TCP/IP Attributes in CIP” (page 193)
•
“How to Migrate From NonStop TCP/IP or NonStop TCP/IPv6 to CIP” (page 203)
For high-level comparisons of all NonStop networking products, see the NonStop Networking
Overview.
Summary of High-Level Differences Between Previous TCP/IP Subsystems
and CIP
Table 16 summarizes the differences between conventional TCP/IP, Parallel Library TCP/IP,
NonStopTCP/IPv6, and CIP.
NOTE: To find out which servers support these subsystems, see the planning guide for your system
or the NonStop Networking Overview.
Table 16 High-Level Differences Between Conventional TCP/IP, Parallel Library TCP/IP, NonStop
TCP/IPv6, and CIP
Conventional TCP/IP
Parallel Library TCP/IP
NonStop TCP/IPv6
CIP
Supported interface types:
Supported interface types:
Ethernet (Ethernet, Fast
Ethernet, Gigabit Ethernet
with Jumbo frames)
Supported interface types:
Ethernet (Ethernet, Fast
Ethernet, Gigabit Ethernet
with Jumbo frames)
Supported interface types:
Ethernet (Gigabit) with Jumbo
frames
System configuration
System configuration
database: Does not support database: Supports
System configuration
database: Supports
System configuration
database: Supports
Subsystem name: TCPIP
Subsystem name: PTCPIP
Subsystem name: TCPIPV6
Subsystem name: CIP
Transport-service provider
name: ($ZTC0 default) or
any TCP/IP process name.
Program name is TCPIP
transport-service provider
name: Any TCPSAM
process name. ($ZTC0
default). Program name is
TCPSAM.
transport-service provider
name: Any TCP6SAM
process name. ($ZTC0
default) Program name is
TCP6SAM
transport-service provider
name: Any CIPSAM process
name. ($ZTC0 default)
Program name is CIPSAM.
SPI subsystem ID: ZTCI
SPI subsystem ID: ZTCP
SPI subsystem ID: ZTC6
SPI subsystem ID: ZCIP
SPI subsystem number: 80
SPI subsystem number: 220 SPI subsystem number: 246
• ATM
• Ethernet (Ethernet, Fast
Ethernet, Gigabit Ethernet
without Jumbo frames)
• SNAP (token-ring or
Ethernet)
• X.25
174
IP CIP Migration, Compatibility and Operational Differences
SPI subsystem number: 259
Table 16 High-Level Differences Between Conventional TCP/IP, Parallel Library TCP/IP, NonStop
TCP/IPv6, and CIP (continued)
Conventional TCP/IP
Parallel Library TCP/IP
NonStop TCP/IPv6
CIP
Transport service provider
process: TCP/IP PROCESS
object
Transport service provider
process: TCPSAM
PROCESS object
Transport service provider
process: TCP6SAM
PROCESS object
Transport service provider
process: CIPSAM PROCESS
object
Supported protocols
TCP/IP
TCP/IP
TCP/IP and SCTP (see
“Configuring Stream Control
Transmission Protocol (SCTP)
(IP and Telco CIP)” (page 112))
Operational Differences Between Previous TCP/IP Subsystems and CIP
Several operational differences exist between CIP and previous NonStop host system TCP/IP
subsystems. The main differences are:
•
CIP does not use the ServerNet LAN Systems Access (SLSA) subsystem.
•
Routing configuration and behavior are different.
•
IPSec is a new feature supported in CIP.
•
The SUBNET object is only provided as a subordinate object for the CIPSAM (transport provider)
object for application backward-compatibility. You do not configure the SUBNET.
•
There is no neighbor discovery and autoconfiguration (ND6HOSTD) process. In NonStop
TCP/IPv6, the ND6HOSTD process received and processed IPv6 router advertisement (RA)
packets and updated the global IPv6 address information in the DNS. You could use it for
updating the DNS with automatically generated IPv6 addresses.
•
The SNMP TCP/IP subagent (TCPIPSA) is not supported and therefore you cannot collect
information on the CLIM from the NonStop SNMP agent.
•
The CIP operational interface is significantly different. Table 17: Subsystem Task
Comparisonshows how conventional NonStop TCP/IP, Parallel Library TCP/IP, and NonStop
TCP/IPv6 tasks are performed in CIP.
Operational Differences Between Previous TCP/IP Subsystems and CIP
175
Table 17 Subsystem Task Comparison
Task
In Conventional TCP/IP, Use... In Parallel Library TCP/IP and In CIP, Use...
NonStop TCP/IPv6, Use...
Abort adapter (or SLSA SCF ABORT SAC
module)
command
SLSA SCF ABORT ADAPTER
command
SCF ABORT CLIM command
Abort a MON
object
No equivalent
SCF ABORT PROCESS
$ZZKRN.#TCPMON or
ABORT MON
$ZZTCP.#ZPTMn
SCF ABORT PROCESS
$ZZKRN.#CIPMON or ABORT
MON $ZZCIP.#ZCMnn
Abort MAN
process
No equivalent
SCF ABORT PROCESS
$ZZTCP command
SCF ABORT PROCESS $ZZCIP
command
Abort transport
service provider
process
SCF ABORT PROCESS
TCP/IP
process-namecommand
SCF ABORT PROCESS
$TCP6SAM-process-name
SCF ABORT PROVIDER
$ZZCIP.provider-name
Abort a network
route.
SCF ABORT ROUTE
command
SCF ABORT ROUTE command CLIMCMD clim-name
climconfig route - delete
command. In CIP, there is no
need to stop a route before
deleting it
Abort a network SCF ABORT SUBNET
interface from
command
being used by the
subsystem.
SCF ABORT SUBNET
command
CLIMCMD clim-name ifstop
interface command
Abort Provider
No equivalent
No equivalent
SCF ABORT PROVIDER
command
Add a Manager
process
No equivalent
SCF ADD PROCESS
$ZZKRN.#ZZTCP command
ADD PROCESS
$ZZKRN.#ZZCIP command
Add a Monitor
process
No equivalent
No equivalent
ADD PROCESS
$ZZKRN.#CIPMON command
Add a network
interface
SCF ADD SUBNET command SCF ADD SUBNET command
CLIMCMD clim-name
climconfig interface -add
command
Add an entry in
the ARP table
SCF ADD ENTRY command
SCF ADD ENTRY command
CLIMCMD clim-name
climconfig arp -add command
Add a network
route
SCF ADD ROUTE command
SCF ADD ROUTE command
CLIMCMD clim-name
climconfig route -add
command
Add a
No equivalent
host-to-CLIM route
No equivalent
SCF ADD ROUTE command
Add addrmap
object
No equivalent
No equivalent
Add server object SCF ADD SERVER command No equivalent
No equivalent
Add provider
object
No equivalent
ADD SUBNET, LNPTPLIST
SCF ADD PROVIDER command
Add an adapter
(or module)
SLSA SCF ADD ADAPTER
SLSA SCF ADD ADAPTER
SCF ADD CLIM command
SCF ADD ADDRMAP
command
Alter attribute
SCF ALTER SUBNET
values of a
command
network interface
176
IP CIP Migration, Compatibility and Operational Differences
SCF ALTER SUBNET command CLIMCMD clim-name
climconfig interface -modify
command to change jumbo
frames and netmask. All other
attributes must be changed by
using the CLIMCMD
Table 17 Subsystem Task Comparison (continued)
Task
In Conventional TCP/IP, Use... In Parallel Library TCP/IP and In CIP, Use...
NonStop TCP/IPv6, Use...
clim-name | ip-address
climconfig sysctl command.
Alter network
environment
attributes
SCF ALTER PROCESS
command
SCF ALTER MON command
SCF ALTER PROVIDER
command and CLIMCMD
sysctl command. (See
Chapter 3 (page 69) for
information about this
command.
Alter provider
object
No equivalent
No equivalent
SCF ALTER PROVIDER
command
Alter path to the
CLIM
No equivalent
No equivalent
SCF DELETE and ADD ROUTE
commands
Delete ARP entries SCF DELETE ENTRY
command
SCF DELETE ENTRY command CLIMCMD clim-name
climconfig arp -delete
command
Delete a
No equivalent
host-to-CLIM route
No equivalent
SCF DELETE ROUTE command
Delete adapter
(or module)
SLSA DELETE ADAPTER
SCF DELETE CLIM command
Delete PROVIDER No equivalent
object
No equivalent
SCF DELETE PROVIDER
command
Delete network
route
SCF DELETE ROUTE command CLIMCMD clim-name
climconfig route -delete
command
SLSA DELETE ADAPTER
SCF DELETE ROUTE
command
Delete ADDRMAP SCF DELETE ADDRMAP
object
command
No equivalent
No equivalent
Delete SERVER
object
SCF DELETE SERVER
command
No equivalent
No equivalent
Delete network
interface
SCF DELETE SUBNET
command
SCF DELETE SUBNET
command
CLIMCMD clim-name
climconfig interface -delete
command
Get Info about
SCF INFO ENTRY command SCF INFO ENTRY command
entries in the ARP
table, neighbor
discovery code or
both
CLIMCMD clim-name
climconfig arp -info command
Get Info about
networking
environment
settings
SCF INFO PROVIDER
command for some variables
and CLIMCMD climconfig
object -info commands,
depending on which
networking environment
settings are needed.
SCF INFO PROCESS, DETAIL SCF INFO MON, DETAIL
command
command
Get Info about
SCF INFO ADDRMAP
ADDRMAP object command
Get Info about
network routes
No equivalent
SCF INFO ROUTE command SCF INFO ROUTE command
No equivalent
CLIMCMD clim-name
climconfig route -info
command
Operational Differences Between Previous TCP/IP Subsystems and CIP 177
Table 17 Subsystem Task Comparison (continued)
Task
In Conventional TCP/IP, Use... In Parallel Library TCP/IP and In CIP, Use...
NonStop TCP/IPv6, Use...
Get Info about
the SERVER
object
SCF INFO SERVER command No equivalent
No equivalent
Get Info about
the host-to-CLIM
route
No equivalent
No equivalent
SCF INFO ROUTE command
Get Info about
the PROVIDER
object
No equivalent
INFO SUBNET command LNP SCF INFO PROVIDER
field
command
Get Info about
No equivalent
the MAN process
Get Info about
current attribute
settings for
network routes
178
SCF INFO PROCESS
command
SCF INFO ROUTE command SCF INFO ROUTE command
SCF INFO PROCESS
command
CLIMCMD clim-name
climconfig route -info
command
Get Info about
SCF INFO SUBNET
current attribute
command
settings for a
network interface
SCF INFO SUBNET command CLIMCMD clim-name
climconfig interface -info
command
Get Info about
current attribute
settings for
host-to-CLIM
routes
No equivalent
No equivalent
Get Info about
the adapter
configuration
SLSA INFO ADAPTER, INFO SLSA INFO ADAPTER, INFO
SAC, INFO PIF
SAC, INFO PIF
Get Info about
the PROVIDER
object
No equivalent
INFO SUBNET command LNP SCF INFO PROVIDER
field
command
Get Info about
the process
SCF INFO PROCESS
command
SCF INFO PROCESS
command
SCF INFO PROCESS
command
Get Info about
the ADDRMAP
object
SCF INFO ADDRMAP
command
No equivalent
No equivalent
Get Info about
the SERVER
object
SCF INFO SERVER command No equivalent
No equivalent
SCF INFO ROUTE command
SCF INFO CLIM command
List information
No equivalent
about
applications with
open sockets in
CPUs within
which a specified
MON is running
SCF LISTOPENS MON
command
SCF LISTOPENS MON
command
List information
SCF LISTOPENS PROCESS
about
command
applications with
open sockets
associated with a
transport provider
SCF LISTOPENS PROCESS
command (for CIPSAM
process)
SCF LISTOPENS PROVIDER
command
IP CIP Migration, Compatibility and Operational Differences
Table 17 Subsystem Task Comparison (continued)
Task
In Conventional TCP/IP, Use... In Parallel Library TCP/IP and In CIP, Use...
NonStop TCP/IPv6, Use...
Get Names of
No equivalent
host-to-CLIM route
names
No equivalent
Get Names of
ENTRY objects
SCF NAMES ENTRY
command
SCF NAMES ENTRY command No equivalent. Entries are not
named.
Get Names of
network routes
SCF NAMES ROUTE
command
SCF NAMES ROUTE
command
No equivalent. Network routes
are not named.
Get Names of
SCF NAMES SUBNET
network interface command
names
SCF NAMES SUBNET
command
CLIMCMD clim-name
climconfig interface -info all
command
Make Primary
SCF PRIMARY PROCESS
process the
command
backup process
and make backup
process the
primary process
SCF PRIMARY PROCESS
command
SCF PRIMARY PROCESS
command
Start MON
objects on each
processor
No equivalent
SCF START MON command
SCF START PROCESS
$ZZKRN.#CIPMON command
Start an adapter
(or module) for
host operations
SLSA SCF START ADAPTER
command
SLSA SCF START ADAPTER
command
SCF START CLIM command
Start a network
interface
SCF START SUBNET
command
SCF START SUBNET command If stopped by ifstop, CLIMCMD
clim-name ifstart command,
otherwise SCF START CLIM
Start network
routes
SCF START ROUTE command SCF START ROUTE
None (a network route is
started when it is added)
Start PROVIDER
object
No equivalent
No equivalent, LNPs are
started when configured
SCF START PROVIDER
command
Get Statistics on
statistics for
protocol layers
SCF STATS PROCESS
command
SCF STATS MON command
SCF STATS MON command
for socket send size histogram.
Obtain other statistics with the
Linux netstat -s command by
entering CLIMCMD
clim-name netstat -s
-n. For better performance,
always use the –n option.
SCF STATS PROCESS for
TCP6SAM command
No equivalent
Get Statistics for SCF STATS PROCESS
a
command
transport-provider
process
SCF NAMES ROUTE
command
Get Statistics for
specified route
SCF STATS ROUTE command SCF STATS ROUTE command
No equivalent
Get Statistics on
a specified
SUBNET
SCF STATS SUBNET
command
SCF STATS SUBNET command No equivalent
Get Statistics
about the CLIM
object in the CIP
subsystem
No equivalent
No equivalent
SCF STATS CLIM command
Operational Differences Between Previous TCP/IP Subsystems and CIP
179
Table 17 Subsystem Task Comparison (continued)
Task
In Conventional TCP/IP, Use... In Parallel Library TCP/IP and In CIP, Use...
NonStop TCP/IPv6, Use...
Get Statistics
SCF STATS ADDRMAP
about the
command
ADDRMAP object
No equivalent
Get dynamic
Status of a
specified entry
SCF STATUS ENTRY command No equivalent
SCF STATUS ENTRY
command
No equivalent
Get dynamic
No equivalent
Status of a MON
process
SCF STATUS MON command climcmd climname
netstat –s
Get Status on
SCF STATUS PROCESS
primary and
TCP/IP
backup processes process-namecommand
SCF STATUS PROCESS
$ZZTCP command for MAN
process
SCF STATUS PROCESS
$ZZCIP for MAN process
Get Status on the SCF STATUS PROCESS
transport-service TCP/IP process-name
provider
SCF STATUS PROCESS
TCP6SAM-name
No equivalent
Get Status on a
SCF STATUS SUBNET
network interface command
SCF STATUS SUBNET
command
CLIMCMD clim-name
climstatus -o l
Get Status on
network routes
SCF STATUS ROUTE command None, routes have no status
SCF STATUS ROUTE
command
Get Status on the SCF STATUS ADAPTER
adapter (or
$ZZLAN.adapter-name
module)
SCF STATUS ADAPTER
$ZZLAN.adapter-name
SCF STATUS CLIM
clim-name, CLIMCMD
clim-name climstatus and
CLIMCMD clim-name psclim
commands. See Chapter 3
(page 69) for information
about these CLIMCMD
commands.
Get Status on the No equivalent
PROVIDER object
No equivalent
SCF STATUS PROVIDER
command
Get Status on the SCF STATUS SERVER
SERVER object
command
No equivalent
No equivalent
Stop a MAN
process
No equivalent task is needed SCF STOP PROCESS
as there is no MAN process command. (If the process is
configured as persistent, the
STOP command must be
issued to the kernel subsystem
or the persistence manager
restarts it.)
SCF STOP PROCESS
command. If the process is
configured as persistent, the
ABORT command must be
issued to the Kernel subsystem
or the persistence manager
restarts it. See “Starting and
Restarting CIP” (page 100). If
there are open sockets, you
ABORT PROCESS, FORCED
command.
Stop a MON
process
No equivalent task is needed SCF STOP MON command
as there is no MON process
SCF STOP MON if no open
sockets, otherwise, ABORT
MON, FORCED command. (If
the process is configured as
persistent, the ABORT
command must be issued to
the Kernel subsystem or the
persistence manager restarts
it. See “Starting and Restarting
CIP” (page 100).
180 IP CIP Migration, Compatibility and Operational Differences
Table 17 Subsystem Task Comparison (continued)
Task
In Conventional TCP/IP, Use... In Parallel Library TCP/IP and In CIP, Use...
NonStop TCP/IPv6, Use...
Stop a network
interface
SCF STOP SUBNET command SCF STOP SUBNET command CLIMCMD clim-name ifstop
command
Stop a network
route
SCF STOP ROUTE command SCF STOP ROUTE command
None, delete route with
CLIMCMD climconfig route
-delete command
Stop an adapter
(or module)
SLSA SCF STOP ADAPTER
command
SCF STOP CLIM if no open
sockets, otherwise, ABORT
CLIM, FORCED command
Stop
SCF STOP PROCESS TCP/IP SCF STOP PROCESS
TCP6SAM process-name
process-name
a transport-
SLSA SCF STOP ADAPTER
command
serviceprovider
process
SCF STOP PROCESS CIPSAM
process-name. If persistent,
SCF ABORT PROCESS
$ZZKRN.#CIPSAM. If
persistent and you only want
to stop one CIPSAM process,
you can stop it implicitly by
stopping the PROVIDER object
upon which the CIPSAM
process depends.
Stop a PROVIDER No equivalent
object
No equivalent
SCF STOP PROVIDER if no
open sockets, otherwise,
ABORT PROVIDER, FORCED
command
Switch the CLIM
No equivalent
SCF SWITCH CLIM command
Trace IP interfaces SCF TRACE SUBNET
command
SCF TRACE SUBNET
command
CLIMCMD clim-name
tcpdump (See the man page
for information about
tcpdump.)
Trace a process
SCF TRACE PROCESS
command
SCF TRACE PROCESS
command
SCF TRACE PROCESS
command (traces the Manager
process)
Trace a MON
process activities
No equivalent
SCF TRACE MON command
SCF TRACE MON command
Trace PROVIDER
object
No equivalent
No equivalent
SCF TRACE PROVIDER
command (only one provider
in a processor can be traced)
Trace CLIM object No equivalent
No equivalent
SCF TRACE CLIM command
Get Version level No equivalent
of MAN process
SCF VERSION PROCESS
command
SCF VERSION PROCESS
command
Get Version of
No equivalent
the CLIM software
No equivalent
SCF VERSION CLIM command
Get Version level No equivalent
of the MON
object
SCF VERSION MON
command
SCF VERSION MON
command
No equivalent
SLSA Subsystem
CIP does not use the SLSA subsystem. In conventional TCP/IP, Parallel Library TCP/IP and NonStop
TCP/IPv6, there were two things you needed to do with the SLSA subsystem: Ensure that it was
running before you started using TCP/IP and associate a specific network interface with your
TCP/IP transport-provider process. In the previous subsystems, you could use the SLSA DEVICENAME
Operational Differences Between Previous TCP/IP Subsystems and CIP
181
attribute of the SUBNET object to specify which interface the TCP/IP transport-provider process
would use to send and receive data.
In CIP, there is no underlying subsystem that you have to ensure is running.
In CIP, you can associate a transport-provider process (CIPSAM) with a CLIM but not with a single
interface on a CLIM. You associate a network CLIM with a Provider by using the PROVIDER attribute
of the CLIM object. (A maintenance Provider can be associated with a CLIM but there is no CLIM
attribute for IP data Providers. See “ADD PROVIDER” (page 228) and “ADD ROUTE” (page 230).)
Network Partitioning Differences
In conventional TCP/IP, you can have multiple TCP/IP processes, each having one or more interfaces
uniquely associated with it. In NonStop TCP/IPv6, you can configure the environment to use
logical-network partitioning, each partition having one or more interfaces uniquely associated with
it.
In CIP, with the MULTIPROV option OFF, you can use the SCF PROVIDER object for network
partitioning but you can only restrict a whole CLIM to a Provider (partition). You cannot restrict
individual interfaces to a Provider. If you must associate an application with a specific IP address,
bind the application to that IP address. Alternatively, you can use one interface or set of interfaces
on a CLIM by just adding a subset of the possible physical interfaces (for example, eth1 and eth2).
In CIP, with the MULTIPROV option ON, you can use the SCF PROVIDER object for network
partitioning, with each PROVIDER having one or more interfaces on one or more CLIMs uniquely
associated with it.
Confining Applications that Bind to INADDR_ANY
Server applications that are not configured with a specific IP address to accept incoming TCP/IP
requests probably bind to INADDR_ANY. This allows the applications to accept requests on all IP
addresses in the partition. You might be using network partitioning to confine such applications to
a subset of the addresses on the system. However, many third-party applications can be configured
to bind to a specific address so that they accept connections only to that address, much like binding
to INADDR_ANY on a partition with one interface, as shown in this diagram:
For example, the TCP/IP parameters used by the iTP Secure WebServer are configured in the
Accept command. If this command has no address option, the WebServer binds to INADDR_ANY.
However, if you add an address option with an IP address, the WebServer binds just to that
address.
Routing Differences
The SCF ROUTE object plays a different role in the CIP environment than it did in the previous
subsystem environments. In the CIP subsystem, the ROUTE object allows you to prioritize the CLIM(s)
to use when no specific route matching the destination is configured on any CLIM in the Provider.
In the previous subsystems, the ROUTE object allowed you to specify a route for the first hop on
182
IP CIP Migration, Compatibility and Operational Differences
the network. To specify a route for the first hop on the network in CIP, use the climconfig route
commands.
Failover Differences (Fault Tolerance)
There are two forms of failover in CIP: CLIM-to-CLIM failover and interface-to-interface failover.
CLIM-to-CLIM failover allows an interface on a CLIM to fail over to an interface on another CLIM.
Interface-to-interface failover is provided by the bonding feature. Use the CLIMCMD Climconfig
commands to establish failover between interfaces on a CLIM and between interfaces on two
different CLIMs.
Bonded interfaces share interface resources among multiple physical interfaces. They can be
configured to be similar to NonStop TCP/IPv6 and Parallel Library TCP/IP failover with the SHAREDIP
option, except that the interfaces must be in the same CLIM and are not limited to just two interfaces.
The NonStop TCP/IPv6 and Parallel Library TCP/IP NONSHAREDIP option is most similar
CLIM-to-CLIM failover in that each interface has a different IP address until failover with some
important differences.
While most resources can be migrated during failover, some are lost if migration to a different
CLIM is required. Unlike NonStop TCP/IPv6 and Parallel Library TCP/IP, CIP does not migrate
socketsthat have TCP or SCTP connections to the new CLIM. During a CLIM-to-CLIM failure, such
sockets are closed and TCP or SCTP sessions lost. (For a description of interface resources, see
“Failover in the CIP Subsystem” (page 36).
Restoring resources to their home interface when it comes back up is not done automatically and
requires you to issue an SCF SWITCH CLIM command. However, visiting resources using an
interface that fails do attempt restoration to their home interface automatically. The restore procedure
is similar to a failover sequence in how it handles interface resource migration. See “CLIM Startup
Behavior” (page 45) for information about how the CLIM manages recovery.
For procedures for setting up bonded interfaces and CLIM-to-CLIM failover, see “Configuring
Bonded Interface Failover (IP CIP)” (page 94).
Differences That Affect Planning for CLIMs Instead of G4SAs
In CIP, there are differences from conventional TCP/IP and NonStop TCP/IPv6 in how the physical
interfaces are divided among transport-service providers. These differences affect planning decisions
for the number of CLIMs needed to support some existing G4SA-based network configurations.
Each logical network partition (LNP) in NonStop TCP/IPv6 or conventional TCP/IP process can
have its own, independent set of resources (Ethernet interfaces). One interface on a G4SA can be
part of one partition or process while another interface can be part of another partition or interface.
The four different interfaces of one G4SA can belong to four different partitions or processes.
In CIP, each Provider can include more than one CLIM but a CLIM cannot be divided among
different Providers. Hence, all Ethernet interfaces on a CLIM can only belong to one Provider.
If you had a network configuration with a G4SA split between four LNPs or TCP/IP processes, one
interface on each, you may need to change your configuration set-up or add more CLIMs to achieve
the same result.
IPv6 Differences
Automatic tunnels are not supported in CIP.
Fault Tolerant Sockets
Conventional TCP/IP is a NonStop process pair and therefore allows sockets to be transferred
from an application in one processor to its backup on another. NonStop TCP/IPv6 and CIP do not
support this socket feature.
Operational Differences Between Previous TCP/IP Subsystems and CIP 183
Remote Sockets
Conventional TCP/IP is a process and can receive socket requests from remote NonStop systems.
NonStop TCP/IPv6 does not support this feature, nor does CIP. The EXPANDSECURITY MON
attribute is only useful if remote sockets are supported and hence is not supported in CIP.
New Error Codes when Using IPSec
If IPSec is being used, there might be some new error codes:
•
EAGAIN is returned if there is no security association (SA) already established and an SA
setup is started between CIP and the client. (The connect receives an EAGAIN error.) The next
connect that is done after the SA is established works fine.
•
ESRCH is returned if the policy says that IPSec must be used, no keys have been entered
manually, and racoon is not running.
Avoiding Interfaces With Link Pulse Down
For J06.04 to J06.09 and H06.16 to H06.20, conventional TCP/IP and NonStop TCP/IPv6 only
select interfaces that have link pulse up for sending connections or data. CIP does not check for
link pulse when selecting interfaces. If there are two interfaces (for example, eth2 and eth3)
configured on the same subnet, and one interface loses link pulse, it is possible that the IP CLIM
will choose the interface that has link pulse down to send packets to that subnet. To avoid this
behavior, either have the interface configured for failover or take the interface down (ifstop).
Figure 24: Two Interfaces Connected To The Same Subnet (page 185) and Figure 25: Two CLIMs
Connected to the Same Subnet (page 186) show configurations that may encounter routing problems.
Figure 24: Two Interfaces Connected To The Same Subnet shows subnet routes with these
characteristics:
•
There are two interfaces on the same IP subnet (A.0)
•
Both interfaces have the same subnet route to the network
•
eth3 is activated first (non-deterministic)
•
The subnet route on eth3 is used for all outgoing connections to the network
•
The route through eth3 continues to be used even after it has lost link pulse
The network becomes unreachable from a CLIM.
184 IP CIP Migration, Compatibility and Operational Differences
Figure 24 Two Interfaces Connected To The Same Subnet
Figure 25: Two CLIMs Connected to the Same Subnet shows subnet routes on two CLIMs:
•
There are two interfaces on two CLIMs of the provider on the same IP subnet (A.0)
•
CLIMs are selected in round robin order for outgoing connections
•
The route through CLIM B continues to be used even after it has lost link pulse
The network becomes unreachable for half of the outgoing connections.
Operational Differences Between Previous TCP/IP Subsystems and CIP 185
Figure 25 Two CLIMs Connected to the Same Subnet
As of J06.10 and later J-series RVUs and H06.21 and later H-series RVUs, this problem has been
fixed.
Error on Sockets When CIPSAM Process Aborts
In NonStop TCP/IPv6, when a SAM process is aborted, all existing sockets created using that SAM
return an error on the current or next operation. In CIP, when a SAM process is aborted, existing
sockets continue unaffected, but no new sockets can be created. To obtain behavior similar to
NonStop TCP/IPv6, abort the Provider object.
Connecting to Non-Loopback Address after Binding to Loopback
Conventional TCP/IP and NonStop TCP/IPv6 allow a socket bound to a loopback address to
connect to any local address, whether it is a loopback address or not. CIP allows such sockets
only to connect to a loopback address.
CIPSAM Commands
NonStop TCP/IPv6 provides a socket access method (SAM) SCF and SPI interface matching that
of conventional TCP/IP for applications using that interface to get information about the TCP/IP
subsystem. CIP also provides a SAM interface for the same reason, but supports fewer commands.
Data that does not exist on CIP is displayed as dummy data for compatibility reasons.
186 IP CIP Migration, Compatibility and Operational Differences
The commands supported by NonStop TCP/IPv6 and those supported by CIP are:
Command/Object
Process
Abort
NonStop TCP/IPv6, CIP
Info
Nonstop TCP/IPv6, CIP
Listopens
NonStop TCP/IPv6
Names
Route
Subnet
NonStop TCP/IPv6, , CIP
NonStop TCP/IPv6, CIP
NonStop TCP/IPv6, , CIP
NonStop TCP/IPv6, CIP
Primary
NonStop TCP/IPv6, CIP
Stats
NonStop TCP/IPv6
NonStop TCP/IPv6
NonStop TCP/IPv6
Status
NonStop TCP/IPv6
NonStop TCP/IPv6
NonStop TCP/IPv6, CIP
Stop
NonStop TCP/IPv6, CIP
Trace
NonStop TCP/IPv6, CIP
Version
NonStop TCP/IPv6, CIP
Applications that expect the SAM process to have certain product numbers, versions, process
name, or program name must be changed.
Configuring SWAN Adapters on a CLIM
Configuring SWAN adapters on a CLIM is the same as for standard IP, with one additional step
performed on the Provider: the Provider must have the bootp receive port set. This is done with the
SCF ALTER PROVIDER command. In the following example, the SWAN TCP processes (Providers)
are $ZTC0 and $ZTC1:
24> alter prov $zzcip.ztc0, brecvport 67
25> info prov $zzcip.ztc0, detail
CIP Detailed Info PROVIDER \NSBLDE6.$ZZCIP.ZTC0
*TPName....................
*Type......................
*HostID....................
*Hostname..................
*TCP-Listen-Que-Min........
*BRecvPort.................
*Family....................
*Share-Ports...............
$ZTC0
IPDATA
0.0.0.0
NSBLDE6
128
(67 )
INET
1000
Associated CLIMs:
Name
Index
C1002581
0
26> alter prov $zzcip.ztc1, brecvport 67
27> info prov $zzcip.ztc1, detail
CIP Detailed Info PROVIDER \NSBLDE6.$ZZCIP.ZTC1
*TPName....................
*Type......................
*HostID....................
*Hostname..................
*TCP-Listen-Que-Min........
*BRecvPort.................
*Family....................
*Share-Ports...............
$ZTC1
IPDATA
0.0.0.0
NSBLDE6
128
(67 )
INET
1000
Operational Differences Between Previous TCP/IP Subsystems and CIP
187
Associated CLIMs:
Name
Index
C1002582
0
Application Programming Differences Between NonStop TCP/IPv6 and
CIP
If your application makes sophisticated use of the NonStop TCP/IP, Parallel Library TCP/IP or
TCP/IPv6 programming API, it may be affected by differences in the CIP API. Review this section
to determine if your application might be affected. If the behavioral differences in the API do not
actually result in real problems for your application, you can use the suppress-all-errors feature to
allow your application to continue running in the case of minor differences in the CIP environment.
See Suppressing Compatibility Errors.
This section describes application features and behaviors that need to be changed for CIP. Topics
described are:
•
“Suppressing Compatibility Errors”
•
“Bind to INADDR_ANY and a Specific Address on the Same Interface”
•
“Changing Destination of a Connected UDP Socket”
•
“Multicast Bind and Set or Join on Separate Interfaces”
•
“Multicast Loopback”
•
“Receiving Broadcasts on Specific Addresses”
•
“Error after UDP Send to Unreachable Port” (page 189)
•
“Conversion of Limited Broadcast to Subnet-Directed Broadcast” (page 190)
•
“Round-Robin Socket Support Considerations”
•
“Socket IOCTL Differences”
•
“Socket Options”
•
“Binding to a Recently Used Address and Port” (page 190)
Suppressing Compatibility Errors
CIP does not support certain features supported by previous NonStop TCP/IP implementations. If
you run an application in CIP that contains unsupported features, compatibility errors result. To
allow applications not expecting these errors to run without modification, CIP supports a DEFINE
to suppress errors caused by incompatibility:
ADD DEFINE =CIP^COMPAT^ERROR, FILE SUPPRESS
If the DEFINE is set with a file name of “SUPPRESS” when an application starts, socket calls that
try to invoke a behavior allowed in a previous implementation but not in CIP return as if successful,
even though the behavior did not occur as expected. If the DEFINE is not set or if the file name is
not “SUPPRESS”, attempts to use behaviors that CIP does not support cause socket calls to return
the appropriate error.
Bind to INADDR_ANY and a Specific Address on the Same Interface
Conventional TCP/IP and NonStop TCP/IPv6 consider a bind to INADDR_ANY on a TCP or SCTP
socket to exclude IP addresses that are bound to a specific address in another socket, so it is
allowed to have both a socket bound to INADDR_ANY and one bound to a specific address on
the same TCP or UDP port. CIP considers a bind to INADDR_ANY to include all IP addresses. If
another socket is bound to a specific address on the same interface, an INADDR_ANY bind receives
an error.
In some cases, this incompatibility can be overcome by using one CLIM for applications using
specific binds and another for INADDR_ANY binds, each in a different Provider. The only use of
188 IP CIP Migration, Compatibility and Operational Differences
this feature that cannot be solved using more CLIMs is a server that binds to INADDR_ANY to act
as a backup for other servers that each bind to a specific address.
Changing Destination of a Connected UDP Socket
Conventional TCP/IP and NonStop TCP/IPv6 select a local interface based on the destination
address for each connect operation done on an unbound UDP socket or one bound to
INADDR_ANY. In CIP, once a connect operation is done on an unbound UDP socket or one bound
to INADDR_ANY, the socket is implicitly bound to an address and interface on a CLIM that has a
route to the destination address. Subsequent connect operations are sent to the same CLIM, even
if it does not have a route to the new destination address. If the CLIM cannot reach the destination,
the application gets an EACCESS error. You can avoid a problem by ensuring that all CLIMs in a
Provider are configured with the same routes.
Multicast Bind and Set or Join on Separate Interfaces
In Conventional TCP/IP and NonStop TCP/IPv6, applications can bind (using the bind call) a
socket to a multicast address on one interface, join (using the setsockopt call with the IP_ADD
_MEMBERSHIP or IPV6_JOIN_GROUP option) a multicast group on another interface, and set the
multicast send interface (using the setsockopt with the IP_MULTICAST_IF or IPV6_MULTICAST_IF
option) to yet another interface with no restrictions. In CIP, the interfaces that are referred to for
these operations must be on the same CLIM. Furthermore, each interface on a CLIM can fail over
to a different CLIM, so CIP might need to rearrange the interfaces during failover. CIP requires
binding as well as joining to a multicast group before receiving messages from that group. If your
applications use different interfaces for bind, join, and set, you need to change them.
Multicast Loopback
In Conventional TCP/IP and NonStop TCP/IPv6, an application that joins a multicast group receives
data sent to that group even from the same interface or controller.
In CIP, for IPv4, if the interfaces are on the same CLIM, an application will not receive the data
unless the sender sets the IP_MULTICAST_LOOP socket option and joins the receiver's multicast
group. For IPv6, an application receives the data regardless of whether the sender sets the
IP_MULTICAST_LOOP option and has joined the receiver's multicast group.
Receiving Broadcasts on Specific Addresses
NonStop TCP/IPv6 and Conventional TCP/IP route incoming broadcast packets (IP Address
255.255.255.255) to sockets bound to a specific IP address. CIP does not support this behavior.
CIP has a Provider attribute that gives a list of the port numbers requiring emulation of the older
behavior:
BRECVPORT port [, port] …
This attribute specifies the UDP ports to receive broadcast messages on sockets bound to specific
IP addresses as well as INADDR_ANY. Up to eight port numbers can be specified, each a port
number not in the ephemeral or shared-port ranges. Ports not in the list can receive broadcast
messages only on sockets bound to INADDR_ANY.
This attribute adds a configuration step, but makes application changes unnecessary. See “ADD
PROVIDER” (page 228) and “ALTER PROVIDER” (page 232) for BRECVPORT syntax.
NOTE:
BRECVPORT is not supported with CLIM-to-CLIM failover.
Error after UDP Send to Unreachable Port
If a UDP message is sent to an unreachable port, the resulting ICMP error always causes
Conventional TCP/IP and NonStop TCP/IPv6 to return an error on the next request. CIP sometimes
does not return an error at all or returns the error on a subsequent request.
Application Programming Differences Between NonStop TCP/IPv6 and CIP 189
Conversion of Limited Broadcast to Subnet-Directed Broadcast
If the destination address is the limited broadcast address (255.255.255.255), conventional
TCP/IP and NonStop TCP/IPv6 convert the address to a subnet-directed broadcast address (the
specific subnetid and hostid are all ones) whether the socket is bound or unbound. CIP does this
conversion only if the socket is unbound.
Binding to a Recently Used Address and Port
Conventional TCP/IP and NonStop TCP/IPv6 allowed immediate reuse of an address and port if
the SO_REUSEADDR socket option is set on the next use. CIP requires that the SO_REUSEADDR
option be set on both the previous and next use. If the SO_REUSEADDR option is not set on both
the previous and next use, there can be a delay of up to several minutes the address and port can
be reused.
Round-Robin Socket Support Considerations
The NonStop TCP/IPv6 and Parallel Library TCP/IP round-robin filtering feature introduced
considerations for applications and some of these considerations also apply to CIP:
•
If the first application that binds to a TCP or UDP port using round-robin filtering is a privileged
user (for example, a super-group user), all further applications sharing the port must also be
privileged.
•
All applications must bind using the same family value (for example, AF_INET or AF_INET6).
•
If your application uses round robin sockets where the same a TCP or UDP port is shared
between an IPv4 socket and an IPv6 socket, you must change the application to use different
TCP or UDPs for the different address families. Mixed family sockets cannot share the same
TCP or UDP.
Socket IOCTL Differences
This section documents the changes to IOCTL commands that can be issued from the Guardian
library calls socket_ioctl and socket_ioctl_nw and the Open System Services (OSS) system call
ioctl.
Adding and Deleting Routes by Name
SIOCADDRT (add route) and SIOCDELRT (delete route) behave differently in CIP.
Conventional TCP/IP and NonStop TCP/IPv6 can use route names to identify routes as well as
addresses. CIP does not have route names. CIP can add routes, but does not save or assign a
route name, so route names cannot be used to identify a route for deleting. If a route name is used
with SIOCDELRT, the request is ignored if the compatibility error DEFINE is SUPPRESS or else
returns an error.
Deleting ARP Entries
SIOCDARP (delete ARP entry) behaves differently.
When an ARP table entry is deleted using an IOCTL command in conventional TCP/IP or NonStop
TCP/IPv6, the entry is completely removed. CIP retains the entry, but shows its HW address field
as incomplete.
Getting Netmask and Broadcast Address on IPv6 Sockets
SIOCGIFBRDADDR (get broadcast address) and SIOCGIFNETMASK (get network address mask)
are supported differently in CIP, for IPv6 sockets.
NonStop TCP/IPv6 allows these IOCTL commands on IPv4 and IPv6 sockets, but on IPv6 sockets,
NonStop TCP/IPv6 returns IPv4 addresses. CIP does not support the operation on IPv6 sockets at
all.
190 IP CIP Migration, Compatibility and Operational Differences
Socket Options
Some socket options that are supported by NonStop TCP/IPv6 are not supported by or have
changed with CIP and require application changes. These options are set by the Guardian
setsockopt, setsockopt_nw library calls or the OSS setcsockopt system call.
Socket Options Supported Differently
These socket options are supported differently in CIP:
Level IPPROTO_TCP
This TCP_SACKENA socket option for level IPPROTO_TCP, which enables TCP selective
acknowledgements, is supported differently in CIP. Use the CLIMCMD {clim–name |
ip–address} climconfig sysctl command to set the net.ipv4.tcp_sack parameter.
SO_PMTU
This socket option, which turns path discovery on and off, is not supported in CIP. Use the CLIMCMD
{clim–name | ip–address} climconfig sysctl command to change the net.ipv4.ip_no_pmtu_disc
parameter.The SO_PMTU
TCP_RXMTCNT
CIP does not support the socket option TCP_RXMTCNT but you can configure the interfaces to
achieve the same result. Use the CLIMCMD {clim–name | ip–address} climconfig sysctl
command to change the net.ipv4.tcp_retries2 parameter.
Unsupported Socket Options
These socket options are not supported by CIP.
Level IPPROTO_TCP
Some NonStop TCP/IPv6 socket options for level IPPROTO_TCP are not supported by CIP:
•
TCP_DROP_IDLE
This socket option, which was supported but not documented, is no longer supported. See
Table 18 (page 193) for default behavior.
•
IP_RECVDSTADDR
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
TCP_KEEPINIT
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
TCP_MINRXMT
The TCP_MINRXMT socket option, which sets the minimum time for TCP retransmission timeouts
is not supported in CIP.
•
TCP_MAXRXMT
The TCP_MAXRXMT socket option, which sets the maximum time for TCP retransmission timeouts,
is not supported in CIP.
•
TCP_NODELACK
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
Application Programming Differences Between NonStop TCP/IPv6 and CIP
191
•
TCP_PAWS
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
TCP_PROBE_IDLE
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
TCP_PUSH
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
TCP_RXMTCNT
This socket option, which set the maximum time for a TCP retransmission timeout, is not
supported. See Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
TCP_RPTR2RXT
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
TCP_SACKENA
This socket option, which enabled TCP selective acknowledgements, is not supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
TCP_TOTRXMTVAL
The TCP_TOTRXMTVAL socket option, which sets the maximum continuous time spent
retransmitting without receiving an acknowledgement from the other endpoint, is not supported
in CIP.
•
TCP_TSOPTENA
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
Level SOL_SOCKET
•
SO_DONTROUTE
This socket option, which specifies not to route messages, is not supported. See Table 18:
Differences in Socket Options Defaults (page 193) for default behavior.
•
SO_PMTU
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
•
SO_USELOOPBACK
This socket option, which was supported but not documented, is no longer supported. See
Table 18: Differences in Socket Options Defaults (page 193) for default behavior.
New Socket Option SO_ACCPTCONN
The SO_ACCEPTCONN socket option is not supported by conventional TCP/IP or TCP/IPv6, but is
supported by CIP.
192 IP CIP Migration, Compatibility and Operational Differences
Different Socket Options Defaults
Table 18 Differences in Socket Options Defaults
Previous TCP/IP
Subsystem Default
Level
Socket Option
CIP Default
SOL_SOCKET
SO_BROADCAST
SOL_SOCKET
SO_SNDBUF
61440
88000*
SOL_SOCKET
SO_RCVBUF
61440
88000*
IPPROTO_TCP
TCP_SACKENA
0
ENOPROTOOPT (With compatibility
define returns 0)
IPPROTO_TCP
TCP_MINRXMT
2
ENOPROTOOPT (With compatibility
define returns 2)
IPPROTO_TCP
TCP_MAXRXMT
128
ENOPROTOOPT (With compatibility
define returns 128)
IPPROTO_TCP
TCP_RXMTCNT
12
ENOPROTOOPT (With compatibility
define returns 12)
IPPROTO_TCP
TCP_TOTRXMTVAL
1440
ENOPROTOOPT (With compatibility
define returns 1440)
SOL_SOCKET
SO_USELOOPBACK
0
ENOPROTOOPT (With compatibility
define returns 0)
IPPROTO_TCP
TCP_RPTR2RXT
0
ENOPROTOOPT (With compatibility
define returns 0)
IPPROTO_TCP
TCP_KEEPINIT
75
ENOPROTOOPT (With compatibility
define returns 75)
IPPROTO_TCP
TCP_PUSH
0
ENOPROTOOPT (With compatibility
define returns 0)
IPPROTO_TCP
TCP_NODELACK
0
ENOPROTOOPT (With compatibility
define returns 0)
IPPROTO_TCP
TCP_TSOPTENA
Unsupported
ENOPROTOOPT (With compatibility
define returns 0)
IPPROTO_TCP
TCP_PAWS
20
ENOPROTOOPT (With compatibility
define returns 20)
IPPROTO_TCP
TCP_PROBE_IDLE
75
ENOPROTOOPT (With compatibility
define returns 75)
IPPROTO_TCP
TCP_DROP_IDLE
600
ENOPROTOOPT (With compatibility
define returns 600)
IPPROTO_IP,
IPPROTO_IPV6
IP_RECVDSTADDR
0
ENOPROTOOPT (With compatibility
define returns 0)
SOL_SOCKET
SO_PMTU
0
ENOPROTOOPT (With compatibility
define returns 0) See “TCPPATHMTU”
(page 197) for procedures on how to set
the interface to provide this functionality.
0
*See “TCPRECVSPACE” (page 197) and “INITIAL-TTL” (page 195) for information about changing these defaults by
using the CLIMCMD {clim–name | ip–address} climconfig sysctl command.
TCP/IP Attributes in CIP
Some conventional TCP/IP process and Parallel Library TCP/IP and NonStop TCP/IPv6 MON
attributes are not supported in CIP and some are supported differently.
TCP/IP Attributes in CIP
193
NonStop TCP/IPv6 Attributes and Their CIP Equivalents
Many of the TCP/IP stack environment variables that you set by using attributes in the NonStop
TCP/IPv6 ALTER MON/SUBNET command are now set in the CLIM environment. This subsection
lists the attributes that you can configure on the NonStop TCP/IPv6 TCP6MON/SUBNET process
and an equivalent way of configuring that attribute in CIP. The following table shows NonStop
TCP/IPv6 attributes and the equivalent CIP action required to achieve the same result. For NonStop
TCP/IP attributes and their CIP equivalents, including default, minimum, and maximum values, see
Table 19: TCP/IP Attribute Default Values and Ranges (page 199).
If you use this MON/SUBNET attribute in TCP/IPv6:
Do this in CIP:
“INITIAL-TTL” (page 195)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.ip_default_ttl
value
“HOSTID” (page 195)
ADD PROVIDER
“HOSTNAME” (page 196)
ADD PROVIDER
“MIN-EPHEMERAL-PORT, MAX-EPHEMERAL-PORT” (page
196)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.ip_local_port_range
'value value'
NOTE: Changes to this sysctl parameter must be made
on all CLIMs that share the same Provider. Also, all
providers sharing a CLIM must similarly share that sysctl
value.
(page 196)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_window_scaling
value
“TCPKEEPCNT” (page 196)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update
net.ipv4.tcp_keepalive_probes value
“TCPKEEPIDLE” (page 196)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_keepalive_time
value
“TCPKEEPINTVL” (page 196)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_keepalive_intvl
value
“TCP-MAX-REXMIT-COUNT” (page 197)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_retries2 value
“TCPPATHMTU” (page 197)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.ip_no_pmtu_disc
value
“TCPRECVSPACE” (page 197)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_rmem 'value
value value'
NOTE: Changes to this sysctl parameter must be made
on all CLIMs that share the same Provider. Also, all
providers sharing a CLIM must similarly share that sysctl
value.
“TCPSACKON” (page 197)
194
IP CIP Migration, Compatibility and Operational Differences
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_sack value
If you use this MON/SUBNET attribute in TCP/IPv6:
Do this in CIP:
“TCPSENDSPACE” (page 197)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_wmem 'value
value value'
NOTE: Changes to this sysctl parameter must be made
on all CLIMs that share the same Provider. Also, all
providers sharing a CLIM must similarly share that sysctl
value.
“TCPTIMEWAIT” (page 198)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_tw_recycle
value
NOTE: Changes to this sysctl parameter must be made
on all CLIMs that share the same Provider.
This change in sysctl parameter requires a CLIM restart.
Connections that go through TCP state aware nodes, such
as firewalls, NAT devices or load balancers may see
dropped frames. The more connections there are, the more
likely you will see this issue.
“UDPRECVSPACE” (page 198)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.core.rmem_max value and
CLIMCMD clim-name climconfig sysctl -update
net.core.rmem_default value
NOTE: Changes to this sysctl parameter must be made
on all CLIMs that share the same Provider. Also, all
providers sharing a CLIM must similarly share that sysctl
value.
“UDPSENDSPACE” (page 199)
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.core.wmem_max value and
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.core.wmem_default value
NOTE: Changes to this sysctl parameter must be made
on all CLIMs that share the same Provider. Also, all
providers sharing a CLIM must similarly share that sysctl
value.
“IPV6RAENABLE” (page 199)
Controlled by climconfig sysctl, with the default as ON.
CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv6.conf.all.autoconf
0 CLIMCMD{clim–name | ip–address}
climconfig sysctl -update net.ipv6.conf.<
intf-name>.autoconf 0
NOTE: The above commands are for disabling IPv6
auto-configuration.
INITIAL-TTL
This NonStop TCP/IPv6 Monitor attribute, which specifies the initial value for UDP and
TCPtime-to-live, can be set by using the CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.ip_default_ttl command.
HOSTID
This NonStop TCP/IPv6 Monitor attribute, which specifies the identification number (usually the
host number part of the Internet address that is assigned to this host) is set by using the NonStop
host system SCF commands ADD PROVIDER or ALTER PROVIDER. (See Section Chapter 10 (page 216)
for more information about the HOSTID attribute.)
TCP/IP Attributes in CIP 195
HOSTNAME
This NonStop TCP/IPv6 Monitor attribute, which specifies the official name by which the NonStop
host is known to the Internet, is set by using the NonStop host system SCF commands ADD PROVIDER
or ALTER PROVIDER. (See Chapter 10 (page 216) for more information about the HOSTNAME
attribute.)
MIN-EPHEMERAL-PORT, MAX-EPHEMERAL-PORT
These NonStop TCP/IPv6 Monitor attributes specify the starting and ending port numbers to allocate
for TCP and UDP ephemeral ports. An equivalent effect can be created by using the CLIMCMD
{clim–name | ip–address} climconfig sysctl -update
net.ipv4.ip_local_port_range command.
This attribute, if changed, must be the same on all CLIMs in a Provider.
RFC1323-ENABLE
This NonStop TCP/IPv6 Monitor attribute, which causes TCP to support TCP Large Windows as
documented in RFC 1323, can be set by issuing the CLIMCMD {clim–name | ip–address}
climconfig sysctl -update net.ipv4.tcp_window_scaling command.
TCPKEEPCNT
This NonStop TCP/IPv6 Monitor attribute, which specifies the number of times a keep-alive packet
is sent without receiving an acknowledgment, can be set by issuing the CLIMCMD {clim–name
| ip–address} climconfig sysctl -update net.ipv4.tcp_keepalive_probes command.
NOTE: The default for the TCPKEEPCNT attribute differs from that of the tcp_keepalive_probes
attribute. To change the tcp_keepalive_probes default to match the TCPKEEPCNT default, issue the
CLIMCMD command:
climconfig sysctl -update net.ipv4.tcp_keepalive_probes 8
TCPKEEPIDLE
This NonStop TCP/IPv6 Monitor attribute, which specifies the amount of time, in seconds, before
TCP issues a keep-alive packet on sockets that have enabled this option, can be set by issuing the
CLIMCMD {clim–name | ip–address} climconfig sysctl -update
net.ipv4.tcp_keepalive_time command.
NOTE: The default for the TCPKEEPIDLE attribute differs from that of the tcp_keepalive_time
attribute. To change the tcp_keepalive_time default to match the TCPKEEPIDLE default, issue the
CLIMCMD command:
climconfig sysctl -update net.ipv4.tcp_keepalive_time 75
TCPKEEPINTVL
This NonStop TCP/IPv6 Monitor attribute, which specifies the time interval in seconds between
retransmissions of unacknowledged keepalive packets, can be set by issuing the CLIMCMD
{clim–name | ip–address} climconfig sysctl -update
net.ipv4.tcp_keepalive_intvl command.
NOTE: The default for the TCPKEEPINTVL attribute differs from that of the tcp_keepalive_intvl
attribute. To change the tcp_keepalive_intvl default to match the TCPKEEPINTVL default, issue the
CLIMCMD command:
climconfig sysctl -update net.ipv4.tcp_keepalive_intvl 75
196
IP CIP Migration, Compatibility and Operational Differences
TCP-MAX-REXMIT-COUNT
This NonStop TCP/IPv6 Monitor attribute, which set the maximum number of continuous
retransmissions allowed before a TCP connection was dropped, can be set by issuing the CLIMCMD
{clim–name | ip–address} climconfig sysctl command. See “TCP_RXMTCNT” (page 191).
TCPPATHMTU
This NonStop TCP/IPv6 Monitor attribute is used to turn on Path MTU discovery. Path MTU discovery
is on by default in CIP; if you want Path MTU discovery turned off, use the CLIMCMD {clim–name
| ip–address} climconfig sysctl -update net.ipv4.ip_no_pmtu_disc command.
TCPRECVSPACE
This NonStop TCP/IPv6 MON attribute, which sets the size of the window for receiving data for
the TCP protocol, can be set globally with the CLIMCMD {clim–name | ip–address} climconfig
sysctl -update net.ipv4.tcp_rmem "value value value" command.
This attribute, if changed, must be the same on all CLIMs in a Provider.
The value variables affect kernel behavior for different conditions:
•
The first value sets the minimum TCP receive send buffer space available for a single TCP
socket.
•
The second value sets the default buffer space allowed for a single TCP socket.
•
The third value sets the maximum TCP receive buffer space.
You can also set the maximum and default sizes for socket buffers for all connections by using the
climconfig sysctl -update net.core.rmem_max value and
net.core.rmem_default value sysctl commands.
NOTE: The net.ipv4.tcp_rmem parameter overrides the net.core.rmem_max and
net.core.rmem_default sysctl commands for TCP connections. Changes to this sysctl parameter
must be made on all CLIMs that share the same Provider.
To change the sysctl parameters on the CLIM:
1. Stop the CLIMs and the Provider.
2. Alter the sysctl parameters.
3. Start the CLIMs and the Provider.
If the CLIM is an Open type, reboot it.
Background
CIP supports the RFC1323 TCP high performance extensions. This includes large TCP windows to
support links with high latency or bandwidth. To make use of them, you must increase the send
and receive buffer sizes.
Programmatic Alternative
The TCP send window size can also be set on individual sockets by setting the SO_RCVBUF option.
TCPSACKON
This NonStop TCP/IPv6 Monitor attribute, which specifies whether or not all TCP connections use
TCP selective acknowledgements (unless specifically disabled by an application) can be set by
using the CLIMCMD {clim–name | ip–address}climconfig sysctl -update
net.ipv4.tcp_sack command.
TCPSENDSPACE
This NonStop TCP/IPv6 MON attribute, which sets the size of the window for sending data for
the TCP protocol, can be set globally by using the CLIMCMD {clim–name |
TCP/IP Attributes in CIP
197
ip–address}climconfig sysctl -update net.ipv4.tcp_wmem "value value
value" command.
This attribute, if changed, must be the same on all CLIMs in a Provider.
The value variables affect kernel behavior for different conditions:
•
The first value sets the minimum TCP send buffer space available for a single TCP socket.
•
The second value sets the default buffer space allowed for a single TCP socket.
•
The third value sets the maximum TCP send buffer space.
You can also set the maximum and default sizes for socket buffers for all connections by using the
climconfig sysctl -update net.core.wmem_max value and sysctl
net.core.wmem_default value sysctl commands.
NOTE: Changes to the sysctl net.core.wmem_default parameter must be made on all
CLIMs that share the same Provider. To change the sysctl parameters:
1. Stop the CLIMs and the Provider.
2. Alter the sysctl parameters.
3. Start the CLIMs and the Provider.
If the CLIM is an Open type, reboot it.
The net.ipv4.tcp_wmem command overrides the net.core.wmem_max and
net.core.wmem_default sysctls for TCP connections.
Background
CIP supports the RFC1323 TCP high performance extensions. This includes large TCP windows to
support links with high latency or bandwidth. To make use of them, you must increase the send
and receive buffer sizes.
Programmatic Alternative
The TCP send window size can also be set on individual sockets by setting the SO_SNDBUF option.
TCPTIMEWAIT
This NonStop TCP/IPv6 attribute, which sets the minimum amount of time in seconds that a TCP
connection remains in the TIME_WAIT state, can be set by using the command:
CLIMCMD {clim-name | ip-address} climconfig sysctl -update
net.ipv4.tcp_tw_recycle value command.
If this parameter is set(1), the sockets will remain in TIME_WAIT state, which is a function of the
round trip time of the connection.
If this parameter is unset(0), the socket will remain in TIME_WAIT state for a fixed time of 60
seconds.
This attribute must be same on all CLIMs that share the same provider. If there is a change in the
sysctl parameter value, restart the CLIM.
Connections that go through TCP state aware nodes, such as firewalls, NAT devices or load
balancers may see dropped frames. The more connections there are, the more likely you will see
this issue.
UDPRECVSPACE
This NonStop TCP/IPv6 Monitor attribute, which specifies the size of the window used for receiving
data for the UDP protocol, can be set by using the climconfig sysctl -update
net.core.rmem_max value and climconfig sysctl -update
net.core.rmem_default value commands.
198 IP CIP Migration, Compatibility and Operational Differences
This attribute, if changed, must be the same on all CLIMs in a Provider. If the CLIM is an Open
type, reboot it.
UDPSENDSPACE
This NonStop TCP/IPv6 Monitor attribute, which specifies the size of the window used for sending
data for the UDP protocol can be set by using the climconfig sysctl -update
net.core.wmem_max value and climconfig sysctl -update
net.core.wmem_default value commands.
This attribute, if changed, must be the same on all CLIMs in a Provider. If the CLIM is an Open
type, reboot it.
IPV6RAENABLE
If this attribute is set to ON, the NonStop TCP/IPv6 implementation performs the following tasks
when a router advertisement (RA) is received:
Router discovery
Learns the IPv6 address of a router and installs default
routes in the TCP/IPv6 routing tables.
On-Link prefix discovery
Learns IPv6 on-link prefix (ranges of IPv6 addresses that
are directly reachable on a given link).
Stateless address configuration
Automatically creates and deletes interface addresses.
Interface attribute configuration
Automatically configures datalink attributes such as hop
limit, reachable time, retransmit time, and link MTU.
Sends RA message to ND6HOSTD process
ND6HOSTD process is responsible for updating the global
address information in DNS automatically.
If this attribute is set to OFF, it disables the routing table and interface configuration update during
RA message processing. TCPMON still sends RA messages to ND6HOSTD process. The default
is OFF.
In CIP, this attribute is controlled by climconfig sysctl, with the default as ON.
CLIMCMD {clim–name | ip–address} climconfig sysctl
-update net.ipv6.conf.all.autoconf 0
CLIMCMD {clim–name | ip–address} climconfig sysctl
-update net.ipv6.conf.<intf-name>.autoconf 0
ND6HOSTD is not supported in CIP.
Attribute Default Values and Ranges
Table 19: TCP/IP Attribute Default Values and Ranges shows TCP/IPv6 attributes and their default
values and allowable ranges. Table 20: TCP/IP Attributes, CIP Equivalents, and their CIP Default
Values and Ranges (page 200) shows these same attributes, their CIP equivalents, and their CIP
defaults values and allowable ranges.
Table 19 TCP/IP Attribute Default Values and Ranges
TCP/IPv6 Attribute
TCP/IPv6 Minimum
TCP/IPv6 Default Value Value
INITIAL-TTL
64
30
MIN-EPHEMERAL-PORT
1024
1024
(MAX-EPHEMERAL-PORT-16)
MAX-EPHEMERAL-PORT
65024
16
65535
RFC1323–ENABLE
ON
—
—
TCPKEEPCNT
6
1
20
TCP/IPv6 Maximum Value
TCP/IP Attributes in CIP 199
Table 19 TCP/IP Attribute Default Values and Ranges (continued)
TCP/IPv6 Attribute
TCP/IPv6 Minimum
TCP/IPv6 Default Value Value
TCP/IPv6 Maximum Value
TCPKEEPIDLE (seconds)
75
1
7200
TCPKEEPINTVL (seconds)
75
1
1260
TCP-MAX-REXMIT-COUNT
12
1
12
TCPPATHMTU
ON
—
—
TCPRECVSPACE
61400
512
61400
TCPSACKON
OFF
—
—
TCPSENDSPACE
61400
512
61400
UDPRECVSPACE
42080
512
61400
UDPSENDSPACE
9216
512
9216
MAX-PRIV-PORT
1023
IPV6RAENABLE
OFF
—
—
TCPTIMEWAIT (seconds)
60
1
120
1–(MIN-EPHEMERAL-PORT)
Table 20: TCP/IP Attributes, CIP Equivalents, and their CIP Default Values and Ranges (page 200)
shows TCP/IPv6 attributes, their CIP equivalents, and their CIP defaults values and allowable
ranges.
Table 20 TCP/IP Attributes, CIP Equivalents, and their CIP Default Values and Ranges
TCP/IP Attribute
CIP Equivalent Attribute
CIP Default Value
CIP
Minimum
Value
INITIAL-TTL
net.ipv4.ip_default_ttl
64
0
255
MIN-EPHEMERAL-PORT net.ipv4.ip_local_port_range
32768
1024
65535–SHARE_PORTS.
If the maximum value of
net.ipv4.ip_local_port_range
is set greater than
64535 the CLIM
doesn't start with
default SHARE-PORTS
value.
MAX-EPHEMERAL-PORT net.ipv4.ip_local_port_range
61000
1024
65535
RFC1323–ENABLE
net.ipv4.tcp_window_scaling
TCPKEEPCNT
net.ipv4.tcp_keepalive_probes
9
TCPKEEPIDLE (seconds) net.ipv4.tcp_keepalive_time
7200
TCPKEEPINTVL
(seconds)
75
net.ipv4.tcp_keepalive_intvl
CIP Maximum Value
(<50)
TCP-MAX-REXMIT-COUNT net.ipv4.tcp_retries2
15
TCPPATHMTU
net.ipv4.ip_no_pmtu_disc
0
TCPRECVSPACE
net.ipv4.tcp_rmem
4096–88000–1048576 4096
1048576
TCPSACKON
net.ipv4.tcp_sack
1
1048576
TCPSENDSPACE
net.ipv4.tcp_wmem
4096–88000–1048576 4096
UDPRECVSPACE
net.core.rmem_default/rmem_max 42080
200 IP CIP Migration, Compatibility and Operational Differences
0
0
1048576
1048576
Table 20 TCP/IP Attributes, CIP Equivalents, and their CIP Default Values and Ranges (continued)
CIP Default Value
CIP
Minimum
Value
TCP/IP Attribute
CIP Equivalent Attribute
CIP Maximum Value
UDPSENDSPACE
net.core.wmem_default/wmem_max 9216
1048576
MAX-PRIV-PORT
(built-in)
1023
1048576
IPV6RAENABLE
net.ipv6.conf.all.autoconf
1
0
1
TCPTIMEWAIT
(seconds)
net.ipv4.tcp_tw_recycle
0
0
1
NonStop TCP/IPv6 Attributes Not Supported
ARPTIMER-REFRESHED
This NonStop TCP/IPv6 Monitor attribute is not supported in CIP because CIP already restarts the
ARP timer on each reference and cannot be configured differently. This action is the same as the
NonStop TCP/IPv6 default.
TCPTIMEWAIT
This NonStop TCP/IPv6 Monitor attribute is not supported in CIP. The TIME_WAIT period cannot
be configured in CIP. The application can use SO_REUSEADDR option to re-use the port.
ICMP-FILTER-PKTS
This NonStop TCP/IPv6 Monitor attribute is used to control the flow of the ICMP packets into the
system. CIP does not support this capability.
DELAYACKS
This NonStop TCP/IPv6 Monitor attribute, which specifies whether acknowledgments for TCP
packets be sent immediately (as soon as a packet is received), is not supported in CIP. CIP uses a
sophisticated ACK delay algorithm that makes this option unnecessary.
DELAYACKSTIME
This NonStop TCP/IPv6 Monitor attribute, which specifies how much the delay time is before an
ACK (acknowledgment) is sent for a packet, is not supported in CIP.
ALLNETSARELOCAL
This NonStop TCP/IPv6 Monitor attribute is a method of optimizing maximum segment size (MSS).
CIP does not change the MSS advertisement based on whether the address is local. It uses the
higher of the first hop device MTU and the /proc variable ip_rt_min_advmss, but may be overridden
by information stored in the routing table from previous connections to the same remote address.
The ALLNETSARELOCAL attribute therefore does not apply to CIP, but the advertised MSS may not
match that of NonStop TCP/IPv6.
MAX-PRIV-PORT
This NonStop TCP/IPv6 Monitor attribute, which specified the largest TCP and UDP port number
that needed super-user access, is not supported by CIP. The value is fixed at 1023.
NONSHAREDOUTDIST
This NonStop TCP/IPv6 Monitor attribute, which specified whether or not the outbound data paths
for connections over nonshared IP failover pairs are distributed over both SUBNETs of the failover
pair, is not supported in CIP.
TCP/IP Attributes in CIP 201
In NonStop TCP/IPv6, interfaces configured for NONSHAREDIP failover have separate IP addresses
and outgoing data uses the usual routing table rules. (Only the first routing table match is used in
NonStop TCP/IPv6, however, so even if both interfaces have a route, only one is selected.)
SHAREDIP always alternates between the two interfaces of a failover pair and this option tells
TCP/IPv6 to do the same for NONSHAREDIP.
In CIP, CLIM-to-CLIM failover most closely resembles the NonStop TCP/IPv6 NONSHAREDIP
failover. CIP uses round-robin rotation among the routes to CLIMs, so load balancing occurs as
long as routes to both CLIMs exist. You can ensure any static routes are added to both CLIMs;
dynamic routes will match because the CLIMs must be on the same LAN segment. This option is
no longer needed in CIP. (See “Failover Differences (Fault Tolerance)” (page 183).)
PORT-SHARE-ENABLE-ALL
This NonStop TCP/IPv6 Monitor attribute allows applications running in different processors to
bind to the same TCP or UDP yet have different IP addresses. CIP algorithms makes this attribute
unnecessary, and it is therefore not supported in CIP. (This attribute enabled behavior unique to
the NonStop TCP/IPv6 architecture.)
TCP-INIT-REXMIT-TIMEOUT
This NonStop TCP/IPv6 Monitor attribute, which sets the initial retransmit timer-value in milliseconds
to use on a TCP connection, is not supported in CIP.
TCP-MAX-REXMIT-TIMEOUT
This NonStop TCP/IPv6 Monitor attribute, which sets the maximum time value in milliseconds
allowed for a TCP retransmission timeout, is not supported by CIP.
TCP-MIN-REXMIT-TIMEOUT
This NonStop TCP/IPv6 Monitor attribute, which set the minimum value allowed for the TCP
retransmission timeout, is not supported by CIP.
TCP-TOTAL-REXMIT-DURATION
This NonStop TCP/IPv6 Monitor attribute, which sets the total time a TCP connection can be in the
retransmission state without receiving an acknowledgement from the other endpoint before the TCP
connection is dropped, is not supported in CIP.
TCPCWNDMULTIPLIER
This NonStop TCP/IPv6 Monitor attribute, which was used to calculate the initial TCP congestion
window, is not supported by CIP. CIP uses its own algorithm to calculate the initial TCP congestion
window, ranging from 1 to 4. Higher values are considered potentially harmful to overall network
stability and so the CIP defaults are used in CIP.
TCPCOMPAT42
This NonStop TCP/IPv6 Monitor attribute, which set a flag to make the TCP6MON compatible
with Berkeley Standard Distribution TCP/IP (BSD) 4.2 versions, is not supported by CIP. In BSD
4.2, TCP sequence numbers were 32-bit signed values. Modern implementations of TCP use
unsigned values. This option caused the initial sequence number to start in the range 2^31 rather
than the full unsigned range of 2^32. Also, under BSD 4.2, keepalive packets must contain at
least one byte, or else the remote end does not respond. The default for this attribute was ON.
IRDP SUBNET
The IRDP SUBNET attribute enables or disables the ICMP Router Discovery Protocol on the SUBNET
interface. IRDP is a mechanism for locating default routers. CIP does not support this attribute.
202 IP CIP Migration, Compatibility and Operational Differences
How to Migrate From NonStop TCP/IP or NonStop TCP/IPv6 to CIP
Migrate the Environment
If you are running multiple TCP/IP subsystems and want to use CIP for your application but the
default TCP/IP process ($ZTC0) is assigned to either Nonstop TCP/IPv6 or conventional TCP/IP,
you can migrate your application to the CIP subsystem by adding a DEFINE or PARAM establishing
another (non $ZTC0) CIPSAM process as the transport service provider in the TACL environment
in which your program is running. The procedure documented here includes that final step of setting
the DEFINE or PARAM as well as the preliminary steps of preparing for using the CIP environment.
To migrate to the CIP networking environment:
1. Have your support provider install the CLIMs and bring up the subsystem.
2. Make any changes to your applications required by the compatibility differences documented
in this chapter.
3. Change the applications to use a CIPSAM process.
a. Find a CIPSAM process by using the SCF LISTDEV CIP command or create a CIPSAM
process (see Chapter 2 (page 62)) that matches the name of the TCP/IP process your
applications are using.
b. Set up the transport-service provider name for Guardian and OSS applications to the
CIPSAM process by entering one of these commands:
•
ADD DEFINE =TCPIP^PROCESS^NAME, class map, file $cipsam-process-name
•
PARAM TCPIP^PROCESS^NAME $cipsam-process-name
•
Use these procedure calls to set the transport-service provider to a CIPSAM process:
◦
socket_set_inet_name() (for Guardian applications)
◦
socket_transport_name_set() (for OSS applications)
How to Migrate From NonStop TCP/IP or NonStop TCP/IPv6 to CIP 203
7 Storage CIP Migration, Compatibility and Operational
Differences
The user applications, NonStop SQL/MP, NonStop SQL/MX and Disk Process 2 (DP2) can access
the Storage CIP devices without any changes.
There are operational differences between configuring the storage subsystem on IOAM based
systems and on CLIM based systems. This chapter describes those differences. The two biggest
differences are the introduction of a new I/O subsystem (CIP) for CLIM configuration and of a new
SCF object type, the Storage CLIM. The Storage CLIM is managed by commands from both the
Storage subsystem and the CIP subsystem. The SCF product module for the storage subsystem uses
the management object $ZZSTO and the SCF product module for the CIP subsystem uses the
management object $ZZCIP.
NOTE: To find out if your system supports Storage CLIMs, see the planning guide for your system
or the NonStop Networking Overview.
You can perform these tasks by using the SCF product module in the storage subsystem:
•
INFO CLIM $ZZSTO.clim-name
•
STATUS CLIM $ZZSTO.clim-name
•
SWITCH CLIM $ZZSTO clim-name
Alternatively, each of the above commands can be issued from the CIP subsystem by substituting
$ZZCIP for $ZZSTO for the management process specification. The INFO and STATUS commands
display different information if issued to the CIP subsystem. The SWITCH command, when issued
to the CIP subsystem, moves the IP resources back to the home interfaces. When issued to the
storage subsystem, the SWITCH command initiates disk-path switches for the disks configured
through the CLIM and sometimes takes paths up or down. For more information about the behavior
of these commands when issued to the storage subsystem, see the SCF Reference Manual for the
Storage Subsystem.
These tasks can be done only through the CIP subsystem:
•
ABORT CLIM $ZZCIP.clim-name
•
ADD CLIM $ZZCIP.clim-name
•
DELETE CLIM $ZZCIP.clim-name
•
NAMES CLIM $ZZCIP.clim-name
•
START CLIM $ZZCIP.clim-name
•
STATS CLIM $ZZCIP.clim-name
•
STOP CLIM $ZZCIP.clim-name
•
TRACE CLIM $ZZCIP.clim-name
•
VERSION CLIM $ZZCIP.clim-name
Table 21 (page 204) compares tools and tasks on IOAM or CLIM operations:
Table 21 IOAM and CLIM Based Operations Comparison
Tool/Task
IOAM Based Operations
CLIM Based Operations
Communication device
FCSA
Storage CLIM
Built-in storage
Fiber channel disk module FCDM
SAS disk enclosure
204 Storage CIP Migration, Compatibility and Operational Differences
Table 21 IOAM and CLIM Based Operations Comparison (continued)
Tool/Task
IOAM Based Operations
CLIM Based Operations
Management interface
SCF for storage subsystem
SCF for storage subsystem, SCF for CIP
subsystem and CIP subsystem
CLIMCMD command line interface (CLI)
Add a storage communication device No equivalent
SCF command ADD CLIM
$ZZCIP.clim-name
Manage the LUN numbering to allow No equivalent
the CLIM to communicate with ESS
and attached storage
CLIMCMD lunmgr command
Table 22: CLIM Based Operations Information lists information sources for CLIM-based storage
operations.
Table 22 CLIM Based Operations Information
Information
SCF for the storage subsystem $ZZSTO
SCF Reference Manual for the Storage Subsystem
SCF for the CIP subsystem $ZZCIP
This manual, Chapter 10 (page 216)
How to manage LUN numbering
This manual, Chapter 5 (page 170)
Installation and initial configuration of the CLIM
Your service provider has access to the CLuster I/O Module
(CLIM) Installation and Configuration Guide and to other
service procedures.
Carrier Grade IP CLIM (IP CLIM CG)
See your service provider.
205
8 Collecting Data for CLIM Issues
This chapter provides various procedures for collecting NonStop system data for different CLIM
types in case of failures.
CLIM Type
Failure Type
What to do
All
All
Create CLIM debug information
All
All
Copy CLIM debug information to
NonStop
All
All
Collect EMS logs (both ZLOG and $0)
All
CLIM hung/not responding/reset
Collect iLO and IML logs
All
SSOCLIM/CLIMCMD issues
Collect SSH specific information
Storage
All
Collect lunmgr information
Storage
All
Collect SCF device configuration
information
IP/Telco
All
Collect network information
IB
All
Collect IB network status
Create CLIM Debug Information
To create a compressed tar file containing debugging information for the CLIM, run the following
command at the TACL prompt:
TACL->CLIMCMD clim-name clim onlinedebug
... done
The compressed tar file /home/debuginfo/clim-<yyyymmddhhmmss>.tgz has
been created.
Termination Info: 0
CLIM Log Files
As of H06.23/J06.12, OSM collects CLIM logs from CLIMs that recover from a crash. OSM only
collects the logs whenever the CLIM transitions to STARTED state. OSM also has an action, “Collect
CLIM Logs”, on the CLIMs object in the OSM Service Connection that can be used to collect logs
for all CLIMs in the system.
Collecting CLIM Log Files using CLIMDBUG
In a CLIM failure, the debug information is automatically collected, zipped, and saved on the CLIM
in the /home/debuginfo directory as a .tgz file. The CLIMDBUG tool detects the log files on
the CLIM, copies them to the NonStop file system, and packs them into a single data file. On
successful transfer to the NonStop Host, the CLIMDBUG tool deletes the log files from the CLIM.
Only supergroup users can execute this operation.
NOTE: Collecting CLIM log information using CLIMDBUG is supported on systems running J06.12
or later RVUs.
Effective with the J06.13/H06.24 RVU, CLIMDBUG also collects the following information:
•
SCF configuration details of CIP subsystem
•
SSH configuration details
•
EMS logs
206 Collecting Data for CLIM Issues
•
SSH logs
•
NSK Software Configuration file
The syntax is as follows:
CLIMDBUG [/run-option /]{clim-name-pattern | ip-address }[pak file]
Where:
run-option can be any of the options:
online
Generates an online CLIM debug data file before transferring the debug files to the host.
originator originator-name
Allows you to specify whether the tool is being invoked from another program or script.
out out-file
Redirects the display text to the file out-file.
outv var-name
Redirects the display text to the variable var-name.
pri priority
Specifies the execution priority.
clim-name-pattern
Specifies the CLIM name and supports patterns to target multiple CLIM names. The pattern may
contain '?' for matching exactly one character and '*' for matching zero or more characters.
ip-address
Specifies the IP address of the eth0 interface of the CLIM. It does not support any patterns to
target multiple CLIMs.
pakFile
An optional parameter which specifies the file location for the debug file on the NonStop Host
file system. The parameter may be of the format of $vol, $vol.subvol,
$vol.subvol.filename, subvol.filename, or filename.
If vol or subvol is not specified, the default values are applied. If the filename is not specified,
a unique filename from $vol.subvol is generated.
If nothing is specified for the pakFile parameter, the default values are applied. The default
values for $vol and subvol for the data file are $system and zservice respectively.
Collecting CLIM Log Files using CLIMDBUG 207
Example 20 Collect Debug Data From Single CLIM
\BLOKE.$SYSTEM.STARTUP 3> CLIMDBUG N1002582 $SYSTEM.OSMTEST
Debug Info CLIM \BLOKE.$ZZCIP.N1002582
PAK File....................$SYSTEM.OSMTEST.ZCL04D01
Contents of PAK File......../home/debuginfo/clim-20101116220455.tgz
/home/debuginfo/clim-20101116220456.tgz
/home/debuginfo/clim-20101116220457.tgz
Log File....................$SYSTEM.ZSERVICE.ZCL04L10
Termination Info: 0
Example 21 Collect Debug Data From Multiple CLIMs
\BLOKE.$SYSTEM.STARTUP 3> CLIMDBUG /online/ S100253*
Debug Info CLIM \BLOKE.$ZZCIP.S1002531
PAK File...................$SYSTEM.ZSERVICE.ZCL06D08
Contents of PAK File......./home/debuginfo/clim-20101116220458.tgz
Log File...................$SYSTEM.ZSERVICE.ZCL06L11
Debug Info CLIM \BLOKE.$ZZCIP.S1002533
PAK File.....................$SYSTEM.ZSERVICE.ZCL07D09
Contents of PAK File........./home/debuginfo/clim-20101116220459.tgz
Log File.....................$SYSTEM.ZSERVICE.ZCL07L11
Termination Info: 0
CLIMDBUG tool reports completion status on the last line of the displayed text as Termination
Info:completion-code. The tool also, sets the :_completion:completioncode TACL
variable to an appropriate completion-code value.
On successful execution, the tool reports the completion-code as zero. Unsuccessful execution
results in a non-zero completion-code. The errors are reported with positive completion-code
where as warnings are reported with negative completion-code.
Completion-code
Description
–1
A non-super group user invoked CLIMDBUG
–2
There are no debug data files on the target CLIM
0
Success
1
Syntax Error
2
Less than 20 GB free disk space is available under the volume $vol on the NonStop file system
where the data file needs to be created
3
clim-name-pattern is either invalid or it does not match any CLIM under the NonStop host
4
SSH connection could not be established to the target CLIM
5
Failure in generating online CLIM debug data file on the target CLIM
6
Failure in transferring debug data files from the target CLIM
7
Failure in creating the data file on the NonStop Host
208 Collecting Data for CLIM Issues
OSM Event Viewer Log for CIP Event 5231
CLIMDBUG tool logs an EMS event for invocations which result in either success or error conditions.
The following is the event log for CIP Event 5231:
Header_type:
Checksum:
Last_error:
Last_error_tkncode:
Max_field_version:
SSID:
Used_byte_length:
Buffer_byte_length:
Console-Print:
Generating-CPU:
Emphasis:
Event-Number:
Standard-defined-type:
User-defined-type:
Event-Hdr-Version:
ZEMS-TKN-FORWARDED:
Generation-Timestamp:
Logged-Timestamp:
Node-Name:
Node-Number:
Generating-PIN:
Process-Descriptor:
ZEMS-TKN-REDUNDANT:
Suppress-Display:
Userid:
Subject-Mark:
CLuster IO Module:*
(1,255,100):
NonStop-User-ID:-
1
F
no_error (0)
(0,0,0)
0
TANDEM.CIP.H02
225
225
F
1
F
CLIM Debug Info Collection Event
not-specified (0)
undefined (0)
2
F
2011-06-24 01:34:15.060.473
2011-06-24 01:34:15.061.571
"\BLOKE"
85
44
"\BLOKE.$Z0A9:3385669"
F
F
255 255
(5231)
"N1002582 "
"CLIMDBUG N1002582 $SYSTEM.ZSERVICE.ZCL04D01
[Termination Info: 0]"
"SUPER.SUPER"
11-06-24 01:34:15 \BLOKE.$Z0A9 TANDEM.CIP.H02 005231 CLIM Debug Info
Collection Event
CLIM Name: N1002582
CLIMDBUG N1002582 $SYSTEM.ZSERVICE. ZCL04D01 [Termination Info: 0]
Initiated by NonStop user: SUPER.SUPER
Copying CLIM Debug Information to NonStop
Use any of the methods described here to troubleshoot failures detected in the CLIM.
NOTE: If the system is running J06.12+, then the preferred method to collect the debug information
is through OSM Service Connection. For more details, see “CLIM Log Files” (page 206)
Method 1: If the CLSFTP script is present on the NonStop system:
1.
List all the CLIM debug files.
TACL->CLIMCMD clim-name ls /home/debuginfo
SSH client version T9999H06_21Jun2010_comForte_SSH_0088
clim-20100802125044.tgz
climVersion
Termination Info: 0
2.
Obtain CLIM debug files. Be sure that you transfer all.tgz files in the /home/debuginfo
directory to NonStop.
For example:
TACL-> CLSFTP clim-name get clim-debug-filename nsk-filename
\JUNO1.$SYSTEM.MM 10> clsftp C100271 get /home/debuginfo/clim-20100802125044.tgz
climtgz1
Copying CLIM Debug Information to NonStop 209
CLSFTP - T0834 - version 1.2, 29-SEP-2009
using $ZSSP0...
SFTP client version T9999H06_21Jun2010_comForte_SFTP_0088
Connecting to 16.107.200.21 via SSH2 process $ZSSP0 ...
sftp> get /home/debuginfo/clim-20100802125044.tgz climtgz1
Fetching /home/debuginfo/clim-20100802125044.tgz to climtgz1
---------------------------------- -------- --- ------- ---------Filename
BytesNow
% Bytes/s Remaining
---------------------------------- -------- --- ------- ---------/home/debuginfo/clim-20100802125044.tgz
0
0%
0.0KB
--:-/home/debuginfo/clim-20100802125044.tgz
280KB
1% 280.0KB
01:19
/home/debuginfo/clim-20100802125044.tgz
952KB
4% 476.0KB
00:45
…
/home/debuginfo/clim-20100802125044.tgz
22MB 99% 672.0KB
00:00
---------------------------------- -------- --- ------- ---------Filename
BytesNow
% Bytes/s TimeSpent
---------------------------------- -------- --- ------- ---------/home/debuginfo/clim-20100802125044.tgz
22MB 100% 665.4KB
00:34
23167953 bytes transferred in 34 seconds (665.4KB/s)
sftp>
SFTP Completion Code = 0
\JUNO1.$SYSTEM.MM 11>
Method 2: If the CLSFTP script is not present on the NonStop system:
1.
Obtain IP address of CLIM.
SCF - T9082H01 - (04DEC06) (15NOV06) - 03/11/2010 12:33:02 System \NINJA
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
CIP Detailed Info CLIM \NINJA.$ZZCIP.C1002533
Mode....................... STORAGE
Configured Location........ Group 100 , Module 2 , Slot 5 , Port 3 ,
Fiber 3
ConnPts.................... 2
X1 Location................ Group 100 , Module 2 , Slot 5 , Port 3 ,
Fiber 3
Y1 Location................ Group 100 , Module 3 , Slot 7 , Port 3 , Fiber 3
Net ID 1................. 0x000E3F62
X2 Location................ Group 100 , Module 2 , Slot 5 , Port 3 , Fiber 4
Y2 Location................ Group 100 , Module 3 , Slot 7 , Port 3 , Fiber 4
SvNet ID 2................. 0x000E3F63
Maintenance Interface IP... 192.168.37.33
2.
Use the returned IP address to access the CLIM and transfer the files. Be sure that you transfer
all.tgz files in the /home/debuginfo directory to NonStop.
For example:
<TACL> sftp –S $zssp0 –i $system.zservice.superkey root@ clim eth0
IP: clim-filename nsk-filename
\JUNO1.$SYSTEM.MM 14> sftp -S $zssp0 -i $system.zservice.superkey
[email protected]:/home/debuginfo/clim-20100802125044.tgz climtgz2
\JUNO1.$SYSTEM.MM 14..
SFTP client version T9999H06_21Jun2010_comForte_SFTP_0088
Connecting to 16.107.200.21 via SSH2 process $zssp0 ...
Fetching /home/debuginfo/clim-20100802125044.tgz to climtgz2
---------------------------------- -------- --- ------- ---------Filename
BytesNow
% Bytes/s Remaining
---------------------------------- -------- --- ------- ---------/home/debuginfo/clim-20100802125044.tgz
0
0%
0.0KB
--:-/home/debuginfo/clim-20100802125044.tgz
28KB
0% 28.0KB
13:27
/home/debuginfo/clim-20100802125044.tgz
672KB
2% 336.0KB
01:05
….
/home/debuginfo/clim-20100802125044.tgz
22MB 98% 679.0KB
00:00
---------------------------------- -------- --- ------- ---------Filename
BytesNow
% Bytes/s TimeSpent
---------------------------------- -------- --- ------- ---------/home/debuginfo/clim-20100802125044.tgz
22MB 100% 665.4KB
00:34
210
Collecting Data for CLIM Issues
23167953 bytes transferred in 34 seconds (665.4KB/s)
\JUNO1.$SYSTEM.MM 15>
3.
Delete the .tgz files from the CLIM (execute this step for each .tgz file).
TACL> CLIMCMD clim-name rm /home/debuginfo/clim-20090604152715.tgz
TACL>
4.
Send the files to HP technical support.
Collecting iLO and IML Logs
To collect information for a CLIM that is hung or not responding when an automatic reset of a CLIM
is detected:
1. Open the iLO window. Invoke the OSM Service Connection on the NonStop Console.
2.
Select Invoke iLO in OSM SC.
3.
Log in with your username and password.
Collecting iLO and IML Logs
211
4.
212
Click IML. Copy the log information from the screen and include it in the case data.
Collecting Data for CLIM Issues
5.
Click iLO Event Log. Copy the log information from the screen and include it in the case data.
Collecting lunmgr Information
To collect lunmgr information for any failures detected in the Storage CLIM types:
1. Save the output to a file.
TACL->CLIMCMD clim-name lunmgr -e
TACL->CLIMCMD clim-name lunmgr -f
TACL->CLIMCMD clim-name lunmgr -p
2.
Send the output file to HP technical support.
Collecting EMS Logs
To collect log information for any failures detected in the CLIM:
1. Collect the files $system.zservice.zzsv* and $system.zlogNN.zzev*, which contain
the events for the period of interest.
2. Send the files to HP technical support.
Collecting SCF Information
To collect SCF configuration information for any failures detected in the CLIM:
1. Save output to a file.
TACL->scf
TACL->scf
TACL->scf
TACL->scf
2.
info disk $*,obey
info disk $*,obey
status disk $*
status disk $*
Send the output file to HP technical support.
Collecting lunmgr Information
213
Collecting Network Information
To collect network configuration information for any failures detected in an IP, Telco or IB CLIM:
1. Use allow all error in SCF for the following commands:
TACL>
TACL>
TACL>
TACL>
TACL>
scf
scf
scf
scf
scf
info clim $zzcip.*, detail
status clim $zzcip.*, detail
info prov $zzcip.*, detail
status prov $zzcip.*, detail
status prov $zzcip.*, route, cpu 0
Run the above commands on each running CPU.
TACL>
TACL>
TACL>
TACL>
TACL>
2.
scf
scf
scf
scf
scf
version
version
version
version
version
$zzcip
mon $zzcip.*
clim $zzcip.*
$ztcp0
$ztcp1
Send the files to HP technical support.
Collecting SSH Information
To collect SSH specific information for failures such as SSOCLIM or CLIMCMD issues detected with
the CLIMs:
1. Save the output to a file.
TACL> scf info proc $zzkrn.ssh-*, detail
TACL> scf status proc $zzkrn.ssh-*, detail
2.
3.
Collect the files $system.zssh.sshcfg,$system.zssh.sshdb, and
$system.zssh.sshlog*.
Send the files to HP technical support.
Collecting IB Network Status
To collect the IB network status for any failures detected on an IB CLIM:
1. Collect InfiniBand network status using the following command:
CLIMCMD clim-name ibstat > /tmp/ibstat.out
2.
214
Send the /tmp/ibstat.out file to HP technical support.
Collecting Data for CLIM Issues
9 Telco CIP Migration, Compatibility and Operational
Differences
There are operational differences between configuring the 6763 Common Communication ServerNet
Adapter and CLIMs systems. This chapter describes those differences. The two biggest differences
are the introduction of a new I/O subsystem (CIP) for CLIM configuration and the absence of the
SLSA subsystem.
NOTE: The Telco CLIM is not a replacement for the CCSA because it does not provide E1/T1
support.
Table 23: IOAM and Telco CLIM Based Operations Comparison shows comparison between tools
and tasks on IOAM and CLIM based operations:
Table 23 IOAM and Telco CLIM Based Operations Comparison
Tool/Task
IOAM Based Operations
CLIM Based Operations
Communication device
6763 CCSA
Telco CLIM
Management interface
SCF for the SLSA subsystem
SCF for CIP subsystem and CIP
subsystem CLIMCMD command line
interface (CLI)
Add a Telco communication device
SCF command ADD ADAPTER
$ZZLAN.adapter-name
SCF command ADD CLIM
$ZZCIP.CLIM-name
Add a logical interface to a device
SCF command ADD LIF
$ZZLAN.lif-name
No equivalent
Start a Telco communication device
SCF command START ADAPTER
$ZZLAN.adapter-name
SCF command START CLIM
$ZZCIP.CLIM-name
Obtain information about a Telco
communication device
SCF command STATUS ADAPTER
$ZZLAN.adapter-name or INFO
ADAPTER $ZZLAN.adapter-name
SCF command STATUS CLIM
$ZZCIP.CLIM-name or INFO CLIM
$ZZCIP.CLIM-name
Obtain version information about
software on a Telco communication
device
No equivalent
SCF command VERSION CLIM
$ZZCIP.CLIM-name
215
10 SCF Reference for CIP
This section provides information about:
•
The Subsystem Control Facility (SCF)
•
SCF commands available for CIP
•
Trace commands available for CIP
SCF for Cluster I/O Protocols
SCF provides an operator interface to an intermediate process, the Subsystem Control Point (SCP),
which in turn provides the interface to the I/O processes of the various subsystems.
The CIP subsystem runs on the NonStop system and the CLuster I/O Module (CLIM). This chapter
explains the SCF commands that control the SCF objects that reside on the NonStop host system
and on the CLIM.
The CIP subsystem supports Ethernet connectivity.
SCF Commands for CIPMAN Compared to SCF Commands for CIPSAM
This section describes SCF command syntax for both the CIPMAN and the CIPSAM processes.
CIPSAM SCF syntax differs from CIPMAN syntax because CIPSAM provides backward compatibility
for applications. The CIPSAM and CIPMAN processes support different subordinate objects and
yield different command results for subordinate objects they share. For example, CIPMAN does
not have a SUBNET object. The SUBNET object is supported for the CIPSAM process to allow
applications to obtain information about the CLIM interfaces in a format that is compatible with
previous NonStop TCP/IP products. The object type name SUBNET, maintained for compatibility,
really refers to a home CLIM interface as seen from the host. SUBNET object names are generated
by CIPSAM and consist of “#SN” followed by a three-digit number. They are assigned to interfaces
when the interfaces are first reported and do not change as long as the CIP subsystem continues
running. The INFO SUBNET command displays the CLIM and interface name referenced by a
SUBNET object. Also, INFO PROCESS for the CIPSAM process displays information an application
would obtain from the INFO PROCESS command for the TCP6SAM process in NonStop TCP/IPv6,
including a DETAIL option (not supported in INFO PROCESS for the CIPMAN process). The INFO
PROCESS command for CIPSAM allows compatibility for applications written for the conventional
NonStop TCP/IP product.
NOTE: Many of the values for INFO PROCESS for CIPSAM are dummy values supplied for
backward compatibility only.
Conventional TCP/IP supplied detailed information on the TCP/IP process, which served as the
transport-service provider in that subsystem.
Table 24: Commands and Object Types for CIPMAN lists commands and object types for CIPMAN:
216
SCF Reference for CIP
Table 24 Commands and Object Types for CIPMAN
Object Types
SCF Command
CLIM
MON
PROCESS
PROVIDER
ABORT
X
X
X
X
ADD
X
X
ALTER
X
X
DELETE
X
X
X
INFO
X
X
X
LISTOPENS
NAMES
X
X
X
ROUTE
X
X
X
X
PRIMARY
X
X
X
START
X
X
X
STATS
X
X
STATUS
X
X
X
X
STOP
X
X
X
X
SWITCH
X
TRACE
X
X
X
X
VERSION
X
X
X
Table 25: Commands and Object Types for CIPSAM lists commands and object types for CIPSAM:
Table 25 Commands and Object Types for CIPSAM
Object Types
SCF Command
PROCESS
ABORT
X
INFO
X
NAMES
PRIMARY
SUBNET
X
X
X
STATUS
X
STOP
X
TRACE
X
VERSION
X
Object Types
You can monitor and control the CIP subsystem by issuing commands that act on one or more CIP
subsystem objects. Each object has an object type and an object name. The object type describes
the type of object. The object name uniquely identifies the object within the system.
Figure 26: CIP SCF Object Hierarchy shows the full object hierarchy for CIPMAN, CIPSAM, and
the CLIM software. The CIPMAN, CIPSAM, MON, CLIM, ROUTE, and PROVIDER objects reside
on the NonStop host system and are controlled and displayed by SCF commands directed to
CIPMAN, CIPSAM, or the persistence manager ($ZZKRN). This section describes those commands.
Object Types
217
The hostname, TCP/IP, interface, route, and arp objects reside in the CLIM and are controlled and
displayed by the CLIM software commands and configuration files.
Figure 26 CIP SCF Object Hierarchy
CIPMAN PROCESS Object
The CIPMAN PROCESS object is the main management object on the NonStop host system side
of the CIP subsystem. The CIPMAN object is the root of the other configuration objects and is used
to configure, control, and query the components of CIP on its local system.
The CIPMAN process is started by the persistence manager. It is not involved in normal data transfer
or socket creation but is required for SCF commands, error recovery, and changes in object status.
It can be stopped for a short period, such as an online upgrade, with no affect on the normal
operation of the subsystem.
For specific information about adding and starting the CIPMAN process, see “Starting CIP on the
NonStop Host System” (page 100). For general information about configuring generic processes
(to be started and restarted as necessary by the persistence manager), see the SCF Reference
Manual for the Kernel Subsystem.
218
SCF Reference for CIP
CIPSAM Object
The CIPSAM process object represents a transport-service provider process. In CIP, the CIPSAM
object can be used only to display and control the CIPSAM process itself. The CIPSAM process is
started by the persistence manager. For specific information about adding and starting the CIPSAM
process, see “Starting CIP on the NonStop Host System” (page 100). For general information about
configuring generic processes (to be started and restarted as necessary by the persistence manager),
see the SCF Reference Manual for the Kernel Subsystem
MON Object
The MON object represents the CIPMON process and is used to query the subsystem on a processor
or replace CIPMON and the CIP library. It is referenced in SCF commands as ZCMnn (no leading
$ or # character), where nn is the two-digit processor number. The MON object can be in one of
either the STOPPED, STARTING, STARTED, or STOPPING states. (For definitions of these states,
see “Summary States” (page 222).)
CIPMONs are started using the persistence manager. MON objects are added or deleted
automatically by CIPMAN to match the running processors. A MON object state of STARTED
indicates that CIPMON is running on the processor and CIPMAN has established communication
with it. An individual CIPMON process can be manually stopped for online replacement or software
reset by issuing a STOP or ABORT command to its MON object; the persistence manager then
automatically restarts the CIPMON process. When the MON process is stopped, the operation of
CIP on its processor is halted and existing sockets are closed.
For specific information about adding and starting the CIPMON process, see “Configuring CIP
Processes for Persistence” (page 73). For general information about configuring generic processes
(to be started and restarted as necessary by the persistence manager), see the SCF Reference
Manual for the Kernel Subsystem.
CLIM Object
The CLIM object on the NonStop host system represents the NonStop host system interface to a
CLIM; it does not really represent the CLIM itself. The CLIM itself starts operating as soon as it boots
the CLIM software, but the NonStop host system gains access to the CLIM by starting the CLIM
object. A CLIM object can be in one of either the STOPPED, STARTING, or STARTED state. (For
definitions of these states, see “Summary States” (page 222).)
The LOCATION attribute gives the group, module, slot, port, and fiber of the ServerNet switch to
which the actual CLIM is connected. If the specified location does not reference an operational
CLIM, then the CLIM object cannot enter the STARTED state.
PROVIDER Object
The PROVIDER object represents a transport-service provider and directs socket requests to a specific
CLIM. Each Provider must have a corresponding CIPSAM process. You associate the Provider with
the CIPSAM process when you add the Provider object. (See “ADD PROVIDER” (page 228).) When
a socket is created, the socket is associated with the CIPSAM process that is set as the environment’s
transport service provider for the session.
The PROVIDER attribute of the CLIM specifies the IPDATA Provider object with which the CLIM is
associated. Multiple CLIMs can be associated with each Provider. This feature allows socket
applications to treat the set of CLIMs associated with the same Provider object as a single
multi-homed host. The sockets created by socket applications can be on any of the CLIMs associated
with the Provider depending on the local IP address associated with each socket. In a Provider
comprising multiple CLIMs, a socket that is bound to a specific local IP address other than a
loopback address (IPv4 127.0.0.1 or IPv6 ::1) exists only in the CLIM containing that address. An
outgoing connection or packet for these kinds of sockets is sent through that CLIM. However, sockets
not yet bound, bound to INADDR_ANY, or bound to a loopback address might be used to listen
for incoming connections or packets on addresses that exist in all the CLIMs of a Provider, so are
Object Types
219
replicated in all the CLIMs. If the socket is used for an outgoing connection or for sending a packet,
the host must choose one of the CLIMs to send it. This process uses the destination address and is
similar to IP routing, but is used only to select a CLIM within a Provider. With either type of binding,
the sending CLIM performs its own IP routing to select an interface and the first hop in the external
network. See “ROUTE Object” and for more information about routing in CIP.
The HOSTNAME and HOSTID attributes give the name returned by gethostname() and the
number returned by the gethostid() socket library calls when the provider is selected.
A PROVIDER can be in one of either the STARTED, STARTING, or STOPPED state. (For definitions
of these states, see “Summary States” (page 222).) If an application tries to create a socket when
the Provider is not in the STARTED state, the application programmatic interface (API) returns an
error. Aborting a Provider that has open sockets also causes the API to return an error on the next
or pending operation.
For more information about the Provider object, see “ADD PROVIDER” (page 228).
ROUTE Object
The ROUTE object specifies which CLIM to use for default routing when there is no non-default
routing specified on any CLIM that can be used for routing to the specified destination and the
connection is not already tied to a specific CLIM. The ROUTE object is a method of selecting a
CLIM for default routing when all other routing methods have failed (for example, no specific route
or rule exists that would cause a specific CLIM to be picked). The route used in the external TCP/IP
network is then determined by the configuration of network routes on the selected CLIM. See
“Climconfig (Man Pages)” (page 301) for information about configuring network routes by using
the CLIMCMD climconfig tool. See “Routing in the CIP Subsystem” (page 34) for more information
about routing in CIP. Multiple CLIMs can define different default routes, however, and the ROUTE
object on the NonStop host system controls which CLIM to select by assigning a PRIORITY attribute
to each CLIM.
The ROUTE is subordinate to the Provider object and requires a unique name. There are no reserved
names.
SUBNET Object
An object represents the interface in the CIP subsystem. It is provided for backward compatibility
and its fully qualified name is of the format: $ZZCIP.#subnet-name. The subnet name can be a
maximum of eight alphanumeric characters. SUBNET names are generated by CIPSAM, not the
user, and are always #SNnnnn, where nnnn is a unique number for each interface. The INFO
SUBNET command displays the association between SUBNET names and CLIM interfaces.
Naming Convention Summary
Table 26: Object Naming Convention Summary and Reserved Names summarizes the reserved
names for each object type and the naming convention rules.
Table 26 Object Naming Convention Summary and Reserved Names
Object Type
Reserved Names
MON (CIPMON) ZCMnn
Starting Symbol
(Required)
First Character
Requirement
Naming
Recommendation
Character Limit
None
N/A
MON names are
assigned
automatically.
5
null
N/A
N/A
N/A
N/A
N/A
PROCESS
(CIPMAN)
$ZZCIP
$
N/A
The name is
always $ZZCIP.
5
220 SCF Reference for CIP
Table 26 Object Naming Convention Summary and Reserved Names (continued)
Object Type
Reserved Names
Starting Symbol
(Required)
First Character
Requirement
Naming
Recommendation
Character Limit
PROCESS
(CIPSAM)
None
$
Letter
ZTCxx where xx
are letters or
numeric digits.
5
CLIM
None
N/A
Letter
N, S, or OGroup
8
Module
Slot
Port
Fiber
PROVIDER
None
N/A
Letter
Limit to 5
characters; use
CIPSAM process
name.
7
ROUTE
None
N/A
Letter
None
8
Wildcard Support
Normally, an SCF command line must include an object specifier composed of the object type and
an object name. For many commands, the CIP subsystem accepts object-name templates. In an
object-name template, one object name can be used to indicate that multiple objects of a given
object type are to be affected by the command.
Object-name templates allow you to specify multiple objects by entering either a single wild-card
character, or text and one or more wild-card characters. In the CIP subsystem, you can use these
wild-card characters:
*
Use an asterisk (*) to represent a character string of undefined length. The first example gives status all CLIMs
subordinate to $ZZCIP. The second gives information on all CLIMs subordinate to $ZZCIP that have names
starting with CL. The third gives status for all CLIMs subordinate to $ZZCIP that have names starting with CL
and ending with 5.
SCF> STATUS CLIM $ZZCIP.*
SCF> INFO CLIM $ZZCIP.CL*
SCF> STATUS CLIM $ZZCIP.CL*5
?
Use the question mark to represent a single unknown character in a specific position. For example, $ZZCIP.S?1
selects all object names subordinate to $ZZCIP that begin with S, end with 1, and contain exactly one
character between the S and the 1.
You can use wildcard characters in any combination.
If you have set a default process name by using the ASSUME command, you can omit the process
name and use the asterisk (*) to specify all objects of the specified object type under the assumed
process. For example, the next two commands set the default process to $ZZCIP and display
information about all CLIMs under $ZZCIP:
SCF> ASSUME PROCESS $ZZCIP
SCF> INFO CLIM *
Abbreviations
Command and object type names can be abbreviated as long as the abbreviation is not ambiguous.
Table 27: Command and Object Type Abbreviations shows the minimal abbreviations currently
allowed for CIP commands and object types:
Wildcard Support 221
Table 27 Command and Object Type Abbreviations
Command
Abbreviation
Object Type
Abbreviation
ABORT
AB
CLIM
CLI
ADD
AD
MON
MO
ALTER
ALT
PROCESS
PROC
DELETE
DELE
PROVIDER
PROV
INFO
INF
ROUTE
ROU
LISTOPENS
LISTO
NAMES
NA
PRIMARY
PRI
START
STAR
STATUS
STATU
SWITCH
SW
TRACE
TR
VERSION
VERS
Summary States
The CIP subsystem objects have operational states, known as summary states. The summary state
of an object at a given instant is important; certain commands have no effect on an object when
it is in one state but can affect the object when it is in another state.
The summary states supported by the CIP subsystem are STARTED/UP, STARTING, STOPPING,
and STOPPED/DOWN. Table 28: Object Summary States shows states for each object:
Table 28 Object Summary States
Object
STOPPED
STARTED
STARTING
CLIM
X
X
X
MON
X
X
X
X
X
X
X
STOPPING
null
PROCESS (CIPMAN
or CIPSAM)
PROVIDER
X
SUBNET
X
X
ROUTE
Table 29: Object State Descriptions describes object states:
Table 29 Object State Descriptions
In this state...
The object is...
STARTED
Running and ready to accept requests from other subsystem components. This state is called STARTED
in SCF and UP in CIP.
STOPPED
Defined (that is, the object exists) but is not accepting requests from other subsystem components.
The STOPPED summary state is not applicable to the PROCESS object. If the PROCESS object is
not STARTED, it is undefined (that is, the process does not exist).
222 SCF Reference for CIP
Table 29 Object State Descriptions (continued)
In this state...
The object is...
STARTING
Attempting to start, either because a command was issued to start it or because it is recovering
from an error.
STOPPING
Shutting down because a command was issued to stop it.
Sensitive and Nonsensitive Commands
Table 30: Sensitive and Nonsensitive SCF Commands lists the sensitive and nonsensitive CIP SCF
commands. For information about how to use sensitive and nonsensitive commands, see the SCF
Reference Manual for J-Series and H-Series RVUs.
Table 30 Sensitive and Nonsensitive SCF Commands
Sensitive Commands
Nonsensitive Commands
ABORT Commands
INFO Commands
ADD Commands
LISTOPENS Commands
ALTER Command
NAMES Commands
DELETE Commands
STATS Commands (without the RESET option)
START Commands
STATUS Commands
STATS Command (with the RESET option)
VERSION Commands
STOP Commands
SWITCH Commandss
PRIMARY Commands
TRACE Commands
SCF HELP Facility
The SCF HELP CIP command provides an online help facility for the NonStop host system side of
CIP. The syntax is:
HELP CIP [ command [ object-type ]]
HELP CIP
Gives an overview of the CIP subsystem.
HELP CIP command
Explains the specified CIP command.
HELP CIP command object-type
Explains the specified CIP command/object-type combination.
HELP CIP object-type
Explains for a specified CIP object type.
HELP CIP error number
Provides more detailed information about an error.
For example, you can obtain help about error 00004 by entering help CIP 4 as shown:
Example 22 Using Help to Obtain Information About an Error
4> help cip 4
HELP CIP 00004
Sensitive and Nonsensitive Commands 223
CIP E00004 Duplicate attribute specified.
Probable Cause
You specified an attribute more than once in a command.
Recommended Action
Omit the duplicate attribute and retry the command.
5>
LISTDEV CIP and LISTDEV TCPIP
When you need to obtain a list of CIP processes, use the LISTDEV CIP command. The SCF LISTDEV
CIP command lists all the CIP processes and the SCF LISTDEV TCPIP command lists all the TCP/IP
processes (including conventional TCP/IP and NonStop TCP/IPv6, if present). A program name
in the SCF LISTDEV display of CIPSAM indicates a CIP socket access method process.
CIPMAN SCF Commands
ABORT Commands
ABORT is a sensitive command used to halt the operation of the specified object even if it has
existing users. If any sockets are using the object, a warning is first issued and the operator must
confirm that execution is desired, unless the FORCED option is specified. The object is left in the
STOPPED state if the command succeeds.
ABORT CLIM
The ABORT CLIM command stops operations on the specified CLIM even if it has open sockets.
Existing sockets are closed and the CLIM refuses all new connections that would have been directed
to the NonStop host system. If the associated PROVIDER object is in the STARTED state, that provider
goes to the STARTING state.
ABORT CLIM Command Syntax
ABORT CLIM $ZZCIP.clim-name [,FORCED ][,INTFALL]
clim-name
Is the name of the CLIM to abort. A wildcard can specify a set of the CLIMs known to this
system.
FORCED
Causes the command to execute without displaying a warning and request for operator
confirmation.
INTFALL
Causes all interfaces configured on the specified CLIM to be stopped, even the ones that are
running on other CLIMs due to failover. This option works even if the specified CLIM(s) are
already in the STOPPED state.
Example 23: ABORT CLIM ends operation of N1002532.
Example 23 ABORT CLIM
> ABORT CLIM $ZZCIP.N1002532
Open sockets still exist, okay to continue? Y
ABORT MON
The ABORT MON command terminates the operation of the CIPMON process, even if it has open
sockets, clearing all connections and closing all sockets on its processor. If the process has been
224 SCF Reference for CIP
configured as persistent (AUTORESTART not equal to 1 in the command defining CIPMON as a
generic process), the persistence manager restarts it.
This command can be used for online replacement of the CIPMON and CIP Library modules, as
discussed in Chapter 3 (page 69).
ABORT MON Command Syntax
ABORT MON $ZZCIP.ZCMnn [,FORCED]
MON $ZZCIP.ZCMnn
identifies the CIPMON process to ABORT. The variable nn can be 00 through 15. A wildcard
can specify multiple MONs in this system.
Example 24: ABORT MON ends operation of the CIPMON process on processor 3.
Example 24 ABORT MON
> ABORT MON $ZZCIP.ZCM03
Open sockets still exist, okay to continue? Y
ABORT MON Guidelines
If autorestart is off or if CIPMON is not configured under the persistence manager, you must allow
a delay of at least 15 seconds between an ABORT or STOP MON command and a subsequent
START MON command. This 15 second delay is necessary because MONs on processors that
have sockets take longer to change their status to STOPPED after an ABORT or STOP than those
on processors that do not have sockets. If the START is issued before the 15 second delay, MONs
start only on processors that do not have sockets. MONs on processors with sockets stay in the
stopped state and you need to reissue the START command.
NOTE:
The recommended autorestart value is 10. With this setting, the problem does not occur.
ABORT PROCESS
The ABORT PROCESS command terminates the operation of the CIPMAN process, even if there
are open sockets. Subordinate objects need not be stopped and are not affected unless SUB ALL
or SUB ONLY is specified. If the process has been configured as persistent (AUTORESTART not
equal to 1 in the command defining CIPMAN as a generic process), the persistence manager
restarts it. This command can be used for online replacement of the CIPMAN module.
If SUB ALL or SUB ONLY is used, the CIP subsystem stops operation, and all existing sockets are
cleared. If any sockets exist, the command displays a warning and request for operator confirmation.
The FORCED option overrides the warning and confirmation request.
ABORT PROCESS Command Syntax
ABORT PROCESS $ZZCIP
[, SUB [ ONLY | ALL | NONE ]]
[,FORCED ]
SUB
Determines the set of objects and subordinate objects that the command targets:
•
ONLY specifies that only subordinate objects are targets of the command.
•
ALL specifies that the named object and the subordinate objects are targets of the command.
This is the default used if the SUB keyword is used but no option is selected.
•
NONE specifies that none of the subordinate objects are targets of the command. This is
the default selected if the SUB keyword is not used.
FORCED
Causes the command to execute without displaying a warning and request for operator
confirmation.
CIPMAN SCF Commands 225
Causes the command to execute without displaying a warning and request for operator confirmation.
Example 25 stops the CIP subsystem until the persistence manager restarts it.
Example 25 ABORT PROCESS
> ABORT PROCESS $ZZCIP , SUB ALL
Open sockets still exist, okay to continue? Y
ABORT PROCESS Guidelines
MON objects are not affected even with the SUB ALL or SUB ONLY options
ABORT PROVIDER
The ABORT PROVIDER command terminates operations on a provider, even if the provider has
open sockets. Existing sockets and connections associated with the provider are cleared.
ABORT PROVIDER Command Syntax
ABORT PROVIDER $ZZCIP.prov-name [,FORCED]
prov-name
Is the name of the provider to abort. A wildcard can specify a set of providers.
FORCED
Causes the command to execute without displaying a warning and request for operator
confirmation.
Example 26 halts PROVIDER ZTC2 with no warning, even if sockets currently exist:
Example 26 ABORT PROVIDER
> ABORT PROVIDER $ZZCIP.ZTC2 , FORCED
ABORT PROVIDER Guidelines
HP recommends having a 15–second delay between issuing an ABORT PROVIDER command and
issuing a DELETE PROVIDER command. This delay is especially recommended for the
MAINTENANCE PROVIDER.
ADD Commands
ADD is a sensitive command that adds an object to the CIP subsystem. The fully qualified name
assigned to the created object must be unique. The ADD command does not support wildcard
characters.
The CIP subsystem does not support the ADD MON or ADD PROCESS command. Add the CIPMON
and CIPMAN processes in the Kernel subsystem, as described in Chapter 3 (page 69).
ADD CLIM
The ADD CLIM command makes a CLIM known to the system by specifying the name and location
of the CLIM. The subsystem does not reveal whether an operational CLIM exists at the specified
LOCATION until the CLIM object is started.
ADD CLIM Command Syntax
ADD CLIM $ZZCIP.clim-name
,LOCATION (group, module, slot, port, fiber)
[ , CONNPTS { 1 | 2 } ]
[ , MODE STORAGE | [, MODE {IP | OPEN}]
[, MULTIPROV { ON | OFF } ]
[, PROVIDER prov-name] ]
226 SCF Reference for CIP
clim-name
Specifies the name to be assigned to the CLIM. The name must be from one to eight
alphanumeric characters long and use a leading alphabetic character. It must be unique within
this system. The name must be the same as the CLIM hostname defined in the climconfig
hostname command.
HP recommends using a naming convention that identifies the physical location of the CLIM.
See “Naming Convention Summary” (page 220) for information about how to name the CLIM.
LOCATION (group ,module, slot, port, fiber )
Identifies the CLIM in terms of the physical location of the ServerNet switch to which the CLIM
is connected. The group specifies the system enclosure, the module specifies the subset of the
group, the slot specifies physical, labeled space in the module that identifies a particular
ServerNet PIC. The port identifies a specific ServerNet connector within the ServerNet switch
to which the CLIM is connected by a ServerNet cable. The fiber identifies a specific connector
within ServerNet cable to which the CLIM is connected.
Any one of the ServerNet ports to which the CLIM is connected can be specified and the other(s)
are discovered automatically.
The same location must not already be in use by another configured CLIM.
The CLIM LOCATION attributes depend on whether your system has P-switches, VIO modules,
or Blade switches. Valid CLIM LOCATION attributes for each of these types are:
Group
Module
P-Switch
100
VIO
Blade switch
Slot
Port
Fiber
2 for X-fabric and 4, 5, 6, 7, 8, 9
3 for Y-fabric
1, 2, 3, 4
not supported
100
2 for X-fabric and 3, 4
3 for Y-fabric
1, 2, 3, 4
not supported
100, 101, 102,
103
2 for X-fabric and 5 for X-fabric
3 for Y-fabric
and 7 for
Y-fabric
3, 4, 5, 6, 7, 8
1, 2, 3, 4
CONNPTS { 1 | 2 }
Indicates whether there are one or two ServerNet connections for each fabric between the
CLIM and the NonStop host system. The default is 2 for a STORAGE-mode CLIM and 1 for an
IP-mode CLIM.
MODE { IP | STORAGE | OPEN }
Specifies the operation mode of the CLIM. IP mode provides access to TCP/IP networking.
STORAGE mode provides access to disks and other storage devices. OPEN MODE provides
access to the Telco CLIM. The default MODE is IP. A CLIM can be in IP and STORAGE modes
and then provides access to both networks and to disks and other storage media.
MULTIPROV { ON | OFF }
Specifies whether the new CLIM with IP or OPEN MODE will support association with multiple
IPDATA providers simultaneously. MULTIPROV OFF means that the CLIM can only be associated
with the IPDATA provider specified by the PROVIDER attribute of that CLIM. MULTIPROV ON
means that each data interface can be independently associated with an IPDATA provider.
The MULTIPROV attribute is not valid for a CLIM with STORAGE MODE. The default is
MULTIPROV OFF.
PROVIDER prov-name
Is the name of the single provider associated with the CLIM when MULTIPROV is OFF. If this
CLIM has the MULTIPROV attribute set to ON, this provider is only used for an initial provider
association for that CLIM during migration from MULTIPROV OFF.
CIPMAN SCF Commands 227
The provider must already exist and must be of type IPDATA, but need not be started when
configured. This attribute is valid only for a CLIM which has IP or OPEN MODE (i.e., a CLIM
that can be used for TCP/IP networking).
The same IPDATA provider can be associated with more than one CLIM. The default provider
is ZTC0, which always exists and always is of type IPDATA.
Example 27 adds to the system a network CLIM named N1002533 that is connected to the
ServerNet switch in group 100, module 2, slot 5, port 3, fiber 3 and is associated with PROVIDER
CSAM:
Example 27 ADD IP CLIM
> ADD CLIM $ZZCIP.N1002533, LOCATION (100,2,5,3,3), PROVIDER CSAM, MODE IP
This command adds to this system a Storage CLIM named S1002531 that is connected to the
ServerNet switch in group 100, module 2, slot 5, port 3, fiber 1:
Example 28 ADD Storage CLIM
> ADD CLIM $ZZCIP.S1002531, LOCATION (100,2,5,3,1), MODE STORAGE
ADD CLIM Guidelines
•
For an IP or OPEN MODE CLIM with MULTIPROV ON, an IPDATA provider is associated with
each data interface that can be changed by the climconfig command. For an IP or OPEN
MODE CLIM with MULTIPROV OFF, all data interfaces are associated with the IPDATA provider
specified by the PROVIDER attribute of that CLIM.
•
The MULTIPROV attribute of a CLIM object has a direct impact on a CLIM-based configuration
(a network configuration added using climconfig with the PROV attribute specified). When
the MULTIPROV attribute is changed, the CLIM-based configuration is updated by CIP software
to reflect the change in the MULTIPROV attribute. If MULTIPROV is changed from OFF to ON,
all network resources already configured on the CLIM are associated with the provider specified
by the PROVIDER attribute of the CLIM object. If MULTIPROV is changed from ON to OFF, all
network resources configured on that CLIM (specified by the PROVIDER attribute of the
climconfig command used to configure the network resource) will no longer be explicitly
associated with any specific provider, but are implicitly associated with the PROVIDER attribute
of the CLIM object.
ADD PROVIDER
The ADD PROVIDER command creates a transport-service provider for application use. The
PROVIDER object allows you to specify certain characteristics for applications such as IPv4 or IPv6.
ADD PROVIDER Command Syntax
ADD PROVIDER $ZZCIP.prov-name
[[,TYPE IPDATA]
[,SHARE-PORTS num-ports]
[,FAMILY {INET | DUAL}]|
,TYPE MAINTENANCE, CLIM clim-name, IPADDRESS ip-addr]
[,TPNAME tp-name]
[,HOSTNAME hostname]
[,HOSTID hostid]
[,BRECVPORT (port [,port [...]])]
[,TCP-LISTEN-QUE-MIN queue-size]
prov-name
Specifies the name given to the provider. The name must be from one to seven alphanumeric
characters long and use a leading alphabetic character. If the name is no more than five
characters long, it can serve as both the provider name and the CIPSAM process name; in that
228 SCF Reference for CIP
case, omit the TPNAME option from the command. However, if the provider name is more
than five characters long, it cannot be a CIPSAM process name; in that case, you must use the
TPNAME option to specify the CIPSAM process name. The provider name must be unique
within this system.
TYPE {IPDATA | MAINTENANCE}
Specifies the type of provider. IPDATA provider provides TCP/IP access by means of the data
Ethernet ports of one or more CLIMs associated with that IPDATA provider. MAINTENANCE
provider provides TCP/IP access by means of the maintenance Ethernet interface of a specific
CLIM using a specific IP address. The default TYPE is IPDATA.
SHARE-PORTS num-ports
Is the number of ports reserved for TCP, SCTP, and UDP shared-ephemeral ports that can be
on multiple CLIMs. Shared-ephemeral ports are those assigned by the CIP subsystem when an
application has not bound to a specific IP address and interface. This attribute is valid only for
a provider of TYPE IPDATA. The default is 1000. Possible values are in the range from 100 to
4000.
FAMILY {INET | DUAL}
Specifies the network mode of the provider. You can specify these modes:
•
INET – the provider is operated in IPv4 only mode
•
DUAL – the provider is operated in both IPv4 mode and IPv6 mode
The default FAMILY is INET.
CLIM clim-name
Is the name of the CLIM associated with the Maintenance provider. This attribute is valid only
for a provider of TYPE MAINTENANCE. The CLIM must already have been added and must
be of IP MODE (that is, it must support TCP/IP networking), but does not need to be started.
The same CLIM must not be associated with any other Maintenance provider.
IPADDRESS ip-addr
Specifies the IPv4 address associated with the Maintenance provider. This attribute is valid
only for a provider of TYPE of MAINTENANCE. The IP address must be associated with the
maintenance provider interface of the CLIM associated with the Maintenance provider (using
CLIM-based configuration) before the Maintenance provider can be accessible by socket
applications. Only class A, B, or C IP addresses are supported. IP address 127.*.*.* and D
and E type addresses are not supported.
TPNAME tp-name
Is the CIPSAM transport-service provider process name. This is the name applications use to
select the provider. It must be a valid process name with a leading dollar sign ($). The default
value is the name of the PROVIDER object itself with a dollar sign ($) prepended. The process
need not exist when you add the provider.
HOSTNAME hostname
Is the hostname returned by gethostname() when the transport-service provider is selected. The
hostname is a string of up to 49 characters. The default is the Expand system name without
the leading backslash (\).
HOSTID hostid
Is the host ID returned by gethostid() when the provider is selected. The host ID is in dotted
quad format similar to an IPv4 address (but it is not actually an IPv4 address). The default value
is 0.0.0.0.
BRECVPORT ( [ , port ] [ , port ] ... )
Specifies the UDPports that receive broadcast messages on sockets bound to specific IP addresses
or INADDR_ANY. Ports not in the list can receive broadcast messages only on sockets bound
CIPMAN SCF Commands 229
to INADDR_ANY. Up to eight port numbers can be specified. The range for each port number
is 1 to 65535. The default is no port specified.
NOTE: If any of the specified UDP ports are in the ephemeral or shared ephemeral port
range, the behavior is the same as those ports not being specified.
TCP-LISTEN-QUE-MIN queue-size
Is the minimum queue length that is allocated on a TCP socket when a socket LISTEN or
ACCEPT_NW1 function call is handled. This value is used if the queue length specified in the
socket request is lower, otherwise the queue length in the socket request is used. The default
is 128. The range is 1 to 1024.
Example 29 adds an IPDATA provider named CSAM with an associated CIPSAM named $CSAM.
The HOSTNAME is the local system name (MYSYS).
Example 29 ADD PROVIDER
> ADD PROVIDER $ZZCIP.CSAM
ADD PROVIDER Guidelines
•
The CIP subsystem automatically adds a default IPDATA provider named ZTC0 during subsystem
start up if that provider does not already exist. This default IPDATA provider cannot be deleted.
•
There is no access to the loopback IP address over Maintenance providers.
•
PROVIDER objects of TYPE MAINTENANCE always operate in IPv4–only mode.
•
The
1.
2.
3.
•
HP recommends having a 15 second delay between issuing a DELETE PROVIDER command
and issuing an ADD PROVIDER command. This delay is especially recommended for the
MAINTENANCE provider.
correct order for adding CLIM and PROVIDER objects to the CIP subsystem is:
Add PROVIDER objects with IPDATA TYPE
Add CLIM objects
Add PROVIDER objects with MAINTENANCE TYPE
ADD ROUTE
The SCF ADD ROUTE command creates a new ROUTE object in this system associated with an
existing IPDATA provider. By adding a ROUTE, you can cause a provider to use a specific CLIM
for default routing (when there is a valid default route configured on that CLIM). The SCF ROUTE
object creates a route from the host to the specified CLIM. (See “ROUTE Object” (page 220) for
more information about using the ROUTE object in CIP.)
ADD ROUTE Command Syntax
ADD ROUTE $ZZCIP prov-name.route-name
, CLIM clim-name, FAMILY { INET | INET6 | DUAL }
[,PRIORITY priority]
prov-name
Specifies the parent provider. The provider must already exist and must be of type IPDATA.
route-name
Specifies the name to be assigned to the ROUTE. The name must be from one to eight
alphanumeric characters long and use a leading alphabetic character. It must be unique within
the parent provider.
CLIM clim-name
Is the name of the CLIM associated with ROUTE. If the specified CLIM has the MULTIPROV
attribute set to OFF, that CLIM must be associated with the parent provider (through the
PROVIDER attribute of that CLIM). To be configured, the CLIM must already have been added,
230 SCF Reference for CIP
but need not be started. The same CLIM must not be associated with any other ROUTE object
of the same family type with the same parent provider as this new ROUTE object.
FAMILY { INET | INET6 | DUAL }
Specifies the IP family for which this ROUTE object is applicable. This value can be:
•
INET, which indicates this ROUTE object is applicable to IPv4
•
INET6, which indicates this ROUTE object is applicable to IPv6
•
DUAL, which indicates this ROUTE object is applicable to both IPv4 and IPv6
The default value is the same as the parent IPDATA provider object FAMILY (either INET or
DUAL).
PRIORITY priority
Specifies the relative priority level of ROUTE in relation to other ROUTE objects associated with
the same provider. The priority value must be between 1 and 100. The default value is 50.
Example 30 adds a route named ROUTE1 associated with parent PROVIDER ZTC0 and with
N1002532. The priority is 50.
Example 30 ADD ROUTE
> ADD ROUTE $ZZCIP.ZTC0.ROUTE1, CLIM N1002532
ALTER Command
The ALTER command includes ALTER CLIM and ALTER PROVIDER.
ALTER CLIM
The ALTER CLIM command is a sensitive command that changes one or more attributes of an
existing CLIM in the target system. Only MULTIPROV and PROVIDER attributes can be changed
using the ALTER CLIM command.
ALTER CLIM Command Syntax
ALTER CLIM $ZZCIP.clim-name
[, MULTIPROV { ON | OFF } ]
[, PROVIDER prov-name ]
clim-name
specifies the name of the CLIM to be altered.
MULTIPROV { ON | OFF }
Specifies whether the new CLIM with IP or OPEN MODE will support association with multiple
IPDATA providers simultaneously. MULTIPROV OFF means that the CLIM can only be associated
with the IPDATA provider specified by the PROVIDER attribute of that CLIM. MULTIPROV ON
means that each CLIM can be associated with multiple IPDATA providers. The MULTIPROV
attribute is not valid for a CLIM with STORAGE MODE. The default is MULTIPROV OFF.
PROVIDER prov-name
Is the name of the single provider associated with the CLIM when MULTIPROV is OFF. If this
CLIM has the MULTIPROV attribute set to ON, this attribute is only used for an initial provider
association for that CLIM during migration from MULTIPROV OFF.
The provider must already exist and must be of type IPDATA. This attribute is valid only for a
CLIM which has IP or OPEN MODE (i.e., a CLIM that can be use for TCP/IP networking).
The same IPDATA provider can be associated with more than one CLIM. The default provider
is ZTC0, which always exists and always is of type IPDATA.
This command reconfigures CLIM N1002541 so its MULTIPROV attribute is ON.:
CIPMAN SCF Commands
231
Example 31 ALTER CLIM With MULTIPROV ON
> ALTER CLIM $ZZCIP.N1002541, MULTIPROV ON
ALTER CLIM Guidelines
•
The MULTIPROV and PROVIDER attributes can be altered only when the specified CLIM is not
in STORAGE MODE.
•
If the specified CLIM has the MULTIPROV attribute set to OFF, the PROVIDER attribute can be
altered only when the specified CLIM is in STOPPED state with no active interfaces failed-over
to any other CLIMs and there are no ROUTE objects associated with the specified CLIM.
•
The MULTIPROV attribute can be altered to OFF only if the parent of all ROUTE objects
associated with the specified CLIM is the same as the PROVIDER attribute of that CLIM.
•
The MULTIPROV attribute can be altered to OFF when the specified CLIM is in STARTED state
only if all configured network resources on the specified CLIM are associated with the provider
specified by the PROVIDER attribute of that CLIM.
•
If both the MULTIPROV and PROVIDER attributes are being altered with the same command
line, the behavior is the same as first altering the PROVIDER attribute (assuming the previous
value of the MULTIPROV attribute) followed by altering the MULTIPROV attribute. If either
attribute cannot be altered, both attributes will not be changed and the command will fail.
•
If the MULTIPROV attribute is altered successfully while the CLIM is not in STARTED state, the
CIP subsystem will attempt to make sure that the configuration on that CLIM matches the
updated MULTIPROV attribute during CLIM start up. If the configuration on that CLIM cannot
be converted to match the updated MULTIPROV attribute, the CLIM will not be able to go to
STARTED state and there will be an EMS event to indicate a configuration mismatch problem.
In particular, if the MULTIPROV attribute is OFF but the CLIM is configured with MULTIPROV
ON and has any configured network resources associated with a provider other than the
provider specified by the PROVIDER attribute of that CLIM object, then the CLIM configuration
cannot be converted to MULTIPROV OFF.
•
The CLIM may be altered in any state with the restrictions listed above.
ALTER PROVIDER
The ALTER PROVIDER command is a sensitive command that changes one or more attributes of an
existing provider in the target system.
ALTER PROVIDER Command Syntax
ALTER PROVIDER $ZZCIP.prov-name
[,TPNAME tp-name]
[,HOSTNAME hostname]
[,HOSTID hostid]
[,BRECVPORT {RESET |(port [,port [...]])]
[,TCP-LISTEN-QUE-MIN queue-size ]
[[,SHARE-PORTS num-ports] [,FAMILY {INET|DUAL}]|
[,CLIM clim-name], IPADDRESS ip-addr]]
prov-name
specifies the name of the provider to be altered
For the attribute definitions, see “ADD PROVIDER” (page 228)
Example 32 reconfigures PROVIDER ZTC1 so its HOSTID is 25.0.0.0.
232 SCF Reference for CIP
Example 32 ALTER PROVIDER
> ALTER PROVIDER $ZZCIP.ZTC1, HOSTID 25.0.0.0
ALTER PROVIDER Guidelines
•
The CLIM attribute and IPADDRESS attribute can be altered only when the specified provider
is of MAINTENANCE TYPE and is in the STOPPED state.
•
The SHARE-PORTS attribute can be altered only when the specified provider is of IPDATA
TYPE, the provider is in the STOPPED STATE, and all associated CLIMs are in the STOPPED
state (or there is no associated CLIM). Associated CLIMs include all CLIMs with MULTIPROV
ON that have one or more interfaces associated with the specified provider.
•
The FAMILY attribute can be altered only when the specified provider is of IPDATA TYPE and
is in STOPPED state.
•
HOSTNAME, HOSTID, BRECVPORT, and TCP-LISTEN-QUE-MIN attributes can be altered even
when the specified provider is in the STARTING or STARTED state. However, the new attribute
values do not apply retroactively. For example, only new socket requests after the ALTER
PROVIDER command completion are affected by the new attribute values.
•
TPNAME can only be altered when the specified Provider is in the STOPPED state.
•
Specifying BREVPORT RESET resets the list of UDP ports that receive broadcast messages on
sockets bound to specific IP addresses or INADDR_ANY. The reset is to no ports specified. If
you specify BRECVPORT with a list of ports, CIP sets the list of UDP ports that receive broadcast
messages on sockets bound to specific IP addresses or INADDR_ANY to the new list of ports.
The old list (if it existed) is ignored and no longer stored.
DELETE Commands
DELETE is a sensitive command that removes the specified object from the subsystem.
DELETE CLIM
The DELETE CLIM command deletes the specified CLIM object from this system.
DELETE CLIM Command Syntax
DELETE CLIM $ZZCIP.clim-name
clim-name
Specifies the name of the CLIM to delete.
Example 33 deletes S1003741 from this system.
Example 33 DELETE CLIM
> DELETE CLIM $ZZCIP.S1003741
DELETE CLIM Command Guidelines
•
The CLIM object must be in the STOPPED state, and no MAINTENANCE PROVIDER can exist
that specifies the CLIM in its configuration. If an existing MAINTENANCE PROVIDER refers
to the CLIM in its configuration, you must delete the MAINTENANCE PROVIDER before deleting
the CLIM.
•
If there are any ROUTE objects subordinated to the associated IPDATA provider object that
point to the specified CLIM, you cannot delete the CLIM . You must delete those ROUTE objects
before deleting the CLIM.
•
If there are any interfaces associated with the specified CLIM still running on a failover CLIM,
you cannot delete the CLIM. Use the STATUS CLIM command to obtain the list of CLIM interfaces
CIPMAN SCF Commands 233
that are still running. Use the ABORT CLIM, INTFALL command to stop these interfaces on the
failover CLIM.
•
If the CLIM is configured in STORAGE MODE and is being used by the storage subsystem,
you cannot delete the CLIM.
DELETE PROVIDER
The DELETE PROVIDER command deletes the specified provider from this system. The provider must
be in the STOPPED state, and no CLIM can exist that specifies the provider in its configuration. For
the IPDATA provider, if an existing CLIM refers to the provider in its configuration, you must delete
the CLIM before deleting the provider.
The subordinated ROUTE objects must be deleted before the PROVIDER object can be deleted.
DELETE PROVIDER Command Syntax
DELETE PROVIDER $ZZCIP.prov-name
prov-name
Is the name of the provider to delete.
Example 34 deletes the provider named ZTC2.
Example 34 DELETE PROVIDER
> DELETE PROV $ZZCIP.ZTC2
Guidelines
•
The default IPDATA provider name ZTC0 cannot be deleted.
•
The proper order for deleting objects is:
1. Remove all ROUTE objects
2. Remove all PROVIDER objects of TYPE MAINTENANCE
3. Remove all CLIM objects
4. Remove all PROVIDER objects of TYPE IPDATA
This order avoids the problem of a delete request being rejected due to the specified object
being referenced by other objects.
•
HP recommends a 15–second delay between issuing a DELETE PROVIDER command and
issuing an ADD PROVIDER command. This delay is especially recommended for the
MAINTENANCE PROVIDER.
•
The IPDATA provider object cannot be deleted if there are configured interfaces associated
with the provider, including data interfaces configured on CLIMs that have the MULTIPROV
attribute set to ON. To see these data interfaces, issue the CLIMCMD
{clim-name|ip-address} climconfig prov -info {prov-name | all}, as described under
climconfig.prov(1).
DELETE ROUTE
The SCF DELETE ROUTE command deletes the specified ROUTE object from this system.
DELETE ROUTE Command Syntax
DELETE ROUTE $ZZCIP.prov-name.route-name
prov-name
Specifies the parent provider.
route-name
Specifies the name of the ROUTE to delete.
Example 35 deletes a ROUTE named ROUTE2 associated with parent provider ZTC1.
234 SCF Reference for CIP
Example 35 DELETE ROUTE
> DELETE ROUTE $ZZCIP.ZTC1.ROUTE2
INFO Commands
INFO is a non-sensitive command that displays the configured settings for the specified object. An
asterisk (*) next to a field name in the display indicates that the attribute is alterable. By default,
the command displays a summary of the object configuration. Some commands allow specification
of one or either of the following modifiers to change the output format:
DETAIL
Specifies that the display is to include additional detailed information about the object.
OBEYFORM
Causes the configuration to be displayed as ADD or ALTER commands so that it can be
re-created.
INFO CLIM
The INFO CLIM command displays the configured attributes for the specified CLIM(s).
NOTE: The storage subsystem ($ZZSTO) also supports an INFO CLIM command. For syntax and
display examples, see the SCF Reference Manual for the Storage Subsystem.
INFO CLIM Command Syntax
INFO CLIM $ZZCIP.clim-name[,{DETAIL | OBEYFORM}]
clim-name
Is the name of the CLIM to display. A wildcard can specify multiple CLIMs.
DETAIL
Specifies that the display is to include additional detailed information about the CLIM.
OBEYFORM
Causes the configuration to be displayed as ADD command(s), so that it can be re-created.
Example 36 displays summary information for all CLIMs recognized by this system.
Example 36 INFO CLIM With Summary Display, NonStop NS16000 Series Server
> INFO CLIM $ZZCIP.*
CIP Info CLIM
Name
N100241
N100373
S101252
S101373
Mode
IP
IP
STORAGE
STORAGE
Location
(100 ,2 ,4
(100 ,2 ,5
(101 ,2 ,5
(101 ,3 ,7
ConnPts
,1)
,1)
,1 )
,3 )
2
2
2
2
Provider
ZTC0
ZTC0
---
Mode
Shows the operating mode of the CLIM. An IP CLIM provides access to TCP/IP networking. A
STORAGE CLIM provides access to disks and other storage devices. A CLIM can provide both
access to TCP/IP networking and access to disks and other storage devices.
ConnPts
Shows whether there are one or two ServerNet connections for each fabric between the CLIM
and the NonStop host.
Provider
Shows the name of the IPDATA provider associated with a CLIM that is configured for IP MODE.
Example 37 shows summary information for all known CLIMs on a NonStop system.
CIPMAN SCF Commands 235
Example 37 INFO CLIM, Summary
> INFO CLIM $ZZCIP.*
CIP Info CLIM
Name
N1002541
N1002551
N1002581
N1002553
Mode
IP
IP
IP,STORAGE
STORAGE
Location
(100 ,2 ,5
(100 ,2 ,5
(100 ,2 ,5
(100 ,2 ,5
,4
,5
,8
,5
,1
,1
,1
,3
)
)
)
)
ConnPts
2
2
1
2
Provider *MultiProv
ZTC0
ON
ZTC0
ON
ZSAM1
OFF
---
Location
Shows the location specified in the ADD CLIM command and is composed of five numbers:
group, module, slot, port, and fiber.
For descriptions of the fields, see Example 38.
Example 38 displays detailed information for N1002541, which is configured for IP MODE.
Example 38 INFO CLIM, Detailed, IP CLIM
> INFO CLIM $ZZCIP.N1002541, DETAIL
CIP Detailed Info CLIM \MYSYS.$ZZCIP.N1002541
Mode.......................
Configured Location........
ConnPts....................
X1 Location................
Y1 Location................
SvNet ID 1.................
X2 Location................
Y2 Location................
SvNet ID 2.................
Maintenance Interface IP...
IP
Group 100 , Module 2 , Slot
2
Group 100 , Module 2 , Slot
Group 100 , Module 3 , Slot
0x000E3F22
Group 100 , Module 2 , Slot
Group 100 , Module 3 , Slot
0x000E3F23
16.105.172.18 (Last Known)
5 , Port 4 , Fiber 1
5 , Port 4 , Fiber 1
7 , Port 3 , Fiber 1
5 , Port 3 , Fiber 2
7 , Port 3, Fiber 2
Network CLIM Information:
*MultiProv.................. ON
*Provider................... ZTC0
Index...................... 2
Maintenance Providers Configured:
ZTCP0
16.107.186.106
NOTE: The Fiber attribute might not be supported on your system. For more information, see the
planning guide for your system.
Mode
Shows the operating mode of the CLIM. An IP CLIM provides access to TCP/IP networking. A
STORAGE CLIM provides access to disks and other storage devices. A Telco CLIM (Mode
OPEN) provides access to Telco protocols to communicate with a Telco network.
Configured Location
Lists the location configured in the ADD CLIM command.
ConnPts
Shows whether there are one or two ServerNet connections for each fabric between the CLIM
and the NonStop host.
X1 Location
Shows the CLIM's expected X-fabric connection location based on the configured location.
Y1 Location
Shows the CLIM's expected Y-fabric connection location based on the configured location.
236 SCF Reference for CIP
SvNet ID 1
Shows the CLIM ServerNet ID based on the configured location.
X2 Location
Shows the CLIM’s expected second X-fabric connection location based on the configured
location. This attribute is applicable only when the CLIM’s CONNPTS attribute is 2.
Y2 Location
Shows the CLIM’s expected second Y-fabric connection location based on the configured
location. This attribute is applicable only when the CLIM’s CONNPTS attribute is 2.
SvNet ID 2
Shows the CLIM’s second ServerNet ID based on the configured location. This attribute is
applicable only when the CLIM’s CONNPTS attribute is 2.
Maintenance Interface IP
Shows the dedicated service LAN (eth0) IP address of the CLIM.
If the CLIM is in the STOPPED state, this field indicates the last known dedicated service LAN
IP address. If the information is not known, Not Known is displayed. If the information is based
on last known information, but may not be accurate, (Last Known) is shown after the IP
address.
MultiProv
Shows whether the specified IP or OPEN MODE CLIM support association with multiple IPDATA
providers simultaneously.
Provider
Shows the name of the single IPDATA provider associated with a CLIM that is configured with
IP or OPEN MODE and MULTIPROV OFF. For an IP or OPEN MODE CLIM with MULTIPROV
ON, this shows the name of the IPDATA provider that would be associated with all networking
objects configured on the CLIM during conversion from MULTIPROV OFF CLIM-based
configuration to MULTIPROV ON CLIM-based configuration.
Index
Shows the index value for this IP or Telco CLIM within the associated IPDATA provider. This
attribute is applicable only when the CLIM is configured with IP or OPEN MODE. This value
is internally generated by CIPMAN.
Maintenance Providers Configured
Shows the name of maintenance providers that are associated with this CLIM and the IP
addresses that have been configured for each maintenance provider. This attribute is applicable
only when the CLIM is configured with IP MODE. This entry is not shown if no maintenance
provider is associated with this CLIM.
This is a sample detailed display of Telco CLIM O1002543, (Open MODE):
Example 39 INFO CLIM Detailed, Telco CLIM, OPEN MODE
> INFO CLIM $ZZCIP.01002543, DETAIL
CIP Info 01002543 DETAIL
CIP Detailed Info CLIM \MYSYS.$ZZCIP.01002543
Mode.......................
Configured Location........
ConnPts....................
X1 Location................
Y1 Location................
SvNet ID 1.................
X2 Location................
Y2 Location................
SvNet ID 2.................
OPEN
Group 100 ,
2
Group 100 ,
Group 100 ,
0x000E3F26
Group 100 ,
Group 100 ,
0x000E3F27
Module 2 , Slot 5 , Port 4, Fiber 3
Module 2 , Slot 5 , Port 4, Fiber 3
Module 3 , Slot 7 , Port 4, Fiber 3
Module 2 , Slot 5 , Port 4, Fiber 4
Module 3 , Slot 7 , Port 4, Fiber 4
CIPMAN SCF Commands 237
Maintenance Interface IP... 16.105.172.20
Network CLIM Information:
MultiProv.................. OFF
Provider................... ZSAM2
Index...................... 0
For definitions of the fields, see Example 38 (page 236).
This is a sample detailed display of S1002551, configured as Storage MODE:
Example 40 INFO CLIM Detailed, Storage
> INFO CLIM $ZZCIP.S1002551, DETAIL
CIP Detailed Info CLIM \MYSYS.$ZZCIP.S1002551
Mode.......................
Configured Location........
ConnPts....................
X1 Location................
Y1 Location................
SvNet ID 1.................
X2 Location................
Y2 Location................
SvNet ID 2.................
Maintenance Interface IP...
STORAGE
Group 100 , Module
2
Group 100 , Module
Group 100 , Module
0x000E3F28
Group 100 , Module
Group 100 , Module
0x000E3F29
16.105.172.19
2 , Slot 5 , Port 5 , Fiber 1
2 , Slot 5 , Port 5 , Fiber 1
3 , Slot 7 , Port 5 , Fiber 1
2 , Slot 5 , Port 5 , Fiber 2
3 , Slot 7 , Port 5 , Fiber 2
The Fiber attribute might not be supported on your system. For more information, see the planning
guide for your system.
For definitions of the fields, see the IP CLIM example.
A sample display N1002531 in the form of a command (Obey) file is:
Example 41 INFO CLIM With OBEYFORM Display
> INFO CLIM $ZZCIP.N1002531, OBEYFORM
ADD CLIM $ZZCIP.N1002531 , &
MODE
IP , &
CONNPTS
2 , &
LOCATION
(100 , 2 , 5 , 3 , 1 ) , &
MULTIPROV OFF , &
PROVIDER
ZSAM2
INFO PROCESS
The INFO PROCESS command displays attributes of the CIPMAN process. The DETAIL and
OBEYFORM options are not valid for this command.
INFO PROCESS Command Syntax
INFO PROCESS $ZZCIP
Example 42 displays summary information for CIPMAN on this system.
Example 42 INFO PROCESS Summary
> INFO PROCESS $ZZCIP
CIP Info PROCESS \MYSYS.$ZZCIP
PPID................ ( 2,289) BPID............... ( 3,271)
INFO PROVIDER
The INFO PROVIDER command displays the configured attributes for the specified PROVIDERs on
this system.
238 SCF Reference for CIP
INFO PROVIDER Command Syntax
INFO PROVIDER $ZZCIP.prov-name [,DETAIL | ,OBEYFORM]
provider-name
Is the name of the PROVIDER object about which to display information. A wildcard can specify
multiple providers.
DETAIL
Specifies that the display is to include additional detailed information about the provider.
OBEYFORM
Causes the configuration to be displayed as ADD or ALTER command(s), so that it can be
re-created.
Example 43 displays summary information for all PROVIDER objects.
Example 43 INFO PROVIDER Summary Display
> INFO PROVIDER $ZZCIP.*
CIP Info PROVIDER
Name
PROV1
ZTC0
ZTCP0
*TPName
$ZCSM1
$ZTC0
$ZTCP0
TYPE
IPDATA
IPDATA
MAINTENANCE
*HOSTNAME
MYSYS
MYSYS
MYSYSMAINT
Name
Is the name of the provider.
*TPName
Is the name of the transport-service provider (CIPSAM) process.
Type
Shows the type of provider. An IPDATA provider provides TCP/IP access by means of the data
Ethernet ports on one or more CLIMs associated with that IPDATA provider. The MAINTENANCE
provider provides TCP/IP access by means of the maintenance Ethernet interface on a specific
CLIM using a specific IP address.
*HOSTNAME
Is the name of the NonStop host system.
Example 44 shows the detailed configuration of ZTC0 (IPDATA Provider).
Example 44 INFO PROVIDER With Detailed Display
> INFO PROVIDER $ZZCIP.ZTC0, DETAIL
CIP Detailed Info PROVIDER \MYSYS.$ZZCIP.ZTC0
*TPName....................
Type......................
*HostID....................
*Hostname..................
*TCP-Listen-Que-Min........
*BRecvPort................
*Family....................
*Share-Ports...............
$ZTC0
IPDATA
0.0.0.0
MYSYS
128
No Ports Specified
INET
1000
CLIMs Associated through CLIM’s PROVIDER Attribute:
Name
N1002541
N1002551
CLIMs Providing Data Access:
Name
Index
MultiProv
CIPMAN SCF Commands 239
N1002541
N1002551
N1002543
1
2
3
ON (Last Known)
OFF
ON
TPName
Is the CIPSAM transport-service provider process name. This is the name applications use to
select the transport provider. It must be a valid process name with a leading dollar sign ($).
The default value is the name of the PROVIDER object itself with a dollar sign ($) prepended.
The process need not exist when you add the provider.
Type
Shows the type of provider. An IPDATA provider provides TCP/IP access by means of the data
Ethernet ports on one or more CLIMs associated with that IPDATA provider. A MAINTENANCE
provider provides TCP/IP access by means of the maintenance Ethernet interface of a specific
CLIM using a specific IP address.
HostID
Is the host ID returned by gethostid() when the transport provider is selected. The host ID is an
IPv4 address in dotted quad format. The default is 0.0.0.0.
Hostname
Is the hostname returned by gethostname() when the transport provider is selected. The hostname
is a string of up to 49 characters. The default is the Expand system name without the leading
backslash (\).
TCP-Listen-Que-Min
Shows the minimum queue length that is allocated on a TCP socket when a socket LISTEN or
ACCEPT_NW1 function call is handled. This value is used if the queue length specified in the
socket request is lower, otherwise the queue length in the socket request is used.
BRecvPort
Shows the list of UDP ports that receive broadcast messages on sockets bound to specific IP
addresses or INADDR_ANY. Ports not in the list can receive broadcast messages only on
sockets bound to INADDR_ANY. If no port has been specified, “No Ports Specified” is displayed.
NOTE: If any of the UDP ports shown are in the ephemeral or shared ephemeral port range,
the behavior is the same as those ports not being in the BRECVPORT list.
Family
Specifies the network mode of the provider. INET family indicates the provider is operated in
IPv4 only mode. DUAL family indicates the provider is operated in both IPv4 mode and IPv6
mode.
Share-Ports
shows the number of ports reserved for TCP and UDP shared-ephemeral ports. Ephemeral ports
are those assigned by CIP subsystem when an application has not bound to a specific port.
This attribute is applicable only when PROVIDER TYPE is IPDATA.
CLIMs Associated through CLIM’s PROVIDER Attribute
Lists the CLIMs associated with this provider. The PROVIDER attribute of these CLIMs is this
provider. This attribute is applicable only when the provider is of TYPE IPDATA.
NOTE: The list may be empty if there is no CLIM associated with the specified IPDATA
provider.
Name
Is the name of the CLIM.
240 SCF Reference for CIP
CLIMs Providing Data Access
Lists the CLIMs actively providing network resources for use by this provider. Each of these
CLIMs contains one or more interfaces associated with this provider. This attribute is applicable
only when the provider is of TYPE IPDATA.
NOTE: The list may be empty if there is no CLIM actively providing resources to the specified
IPDATA provider. This attribute is displayed using — for both Name and Index.
Name
Is the name of the CLIM.
Index
Is the index value for the CLIM within the provider.
MultiProv
Is the MULTIPROV attribute value of the CLIM. “OFF” means the CLIM has the MULTIPROV
attribute set to OFF. “ON” means the CLIM has the MULTIPROV attribute set to ON and currently
has active interfaces associated with this provider. “ON (Last Known)” means the CLIM has
the MULTIPROV attribute set to ON and previously had active interfaces associated with this
provider.
Example 45 shows detailed information for the provider ZTC0 (MAINTENANCE PROVIDER).
Example 45 INFO PROVIDER (Maintenance) Detailed
> INFO PROVIDER $ZZCIP.ZTCP0, DETAIL
CIP Detailed Info PROVIDER \MYSYS.$ZZCIP.ZTCP0
*TPName....................
Type......................
*HostID....................
*Hostname..................
*TCP-Listen-Que-Min........
*BRecvPort................
*CLIM......................
*IPAddress.................
$ZTCP0
MAINTENANCE
0.0.0.0
MYSYSMAINT
100
( 109 , 1154 )
N1003741
16.107.186.106
CLIM
Shows the name of the CLIM associated with the provider. This command is valid only for a
PROVIDER of TYPE MAINTENANCE.
IP Address
Shows the IP address associated with the provider. This attribute is valid only for a PROVIDER
of TYPE MAINTENANCE.
Example 46 requests information for the PROVIDER ZTCP0 (maintenance provider) in the form of
a command (Obey) file.
Example 46 INFO PROVIDER (Maintenance) With OBEYFORM
> INFO PROVIDER $ZZCIP.ZTCP0, OBEYFORM
ADD PROVIDER $ZZCIP.ZTCP0 , &
TPNAME
$ZTCP0 , &
HOSTNAME “MYSYSMAINT” , &
HOSTID
1.2.3.4 , &
TCP-LISTEN-QUE-MIN 100 , &
BRECVPORT ( 109 , 154 ),
TYPE
MAINTENANCE , &
CLIM
N1003741 , &
IPADDRESS 16.107.186.106
CIPMAN SCF Commands
241
Example 47 “INFO PROVIDER (IPDATA) With OBEYFORM” requests information for the provider
PROV1 (IP Data Provider), in the form of a command (Obey) file.
Example 47 INFO PROVIDER (IPDATA) With OBEYFORM
> INFO PROVIDER $ZZCIP.PROV1, OBEYFORM
ADD PROVIDER $ZZCIP.PROV1 , &
TPNAME
$ZCSM1 , &
HOSTNAME “MYSYS” , &
HOSTID
200.0.0.0 , &
TCP-LISTEN-QUE-MIN 128 , &
TYPE
IPDATA , &
FAMILY
INET , &
SHARE-PORTS 1000
NOTE: Special handling of OBEYFORM output is done for the default IPDATA provider (ZTC0).
For example, it must be specified using ALTER instead of ADD because ZTC0 cannot be added.
NOTE: When the BRECVPORT attribute has no ports specified, the OBEYFORM output for the
non-default IPDATA provider (in ADD format) does not omit the BRECVPORT attribute. For default
IPDATA provider in ALTER format, the BRECVPORT attribute is specified as BRECVPORT RESET.
Example 48 shows the INFO PROVIDER command for the default IPDATA PROVIDER (ZTCO). This
command provides the output in a different format because the default IPDATA provider cannot
be added. It can only be altered.
Example 48 INFO PROVIDER (ZTCO) With OBEYFORM
> ALTER PROVIDER $ZZCIP.ZTC0 , &
TPNAME
$ZTC0 , &
HOSTNAME "MYSYS" , &
HOSTID
1.2.3.4 , &
TCP-LISTEN-QUE-MIN 128 , &
BRECVPORT RESET , &
FAMILY INET , &
SHARE-PORTS 1000
For information about these attributes, see “INFO PROVIDER” (page 238).
INFO ROUTE
The SCF INFO ROUTE command displays the configuration of the specified ROUTE(s).
INFO ROUTE Command Syntax
INFO ROUTE $ZZCIP.prov-name.route-name [,OBEYFORM]
prov-name
Specifies the parent provider. A wildcard can specify multiple parent providers.
route-name
Specifies the name of the ROUTE to display. A wildcard can specify multiple ROUTEs.
OBEYFORM
Causes the configuration to be displayed as ADD command(s), so that it can be re-created.
Example 49 shows the configuration of all ROUTE objects associated with provider PROV1.
Example 49 INFO ROUTE Summary
> INFO ROUTE $ZZCIP.PROV1.*
CIP Info ROUTE
242 SCF Reference for CIP
Name
PROV1.DFLT1
PROV1.DFLT2
Family
DUAL
DUAL
CLIM
Priority
N1003741
50
N1002532
90
Example 50 shows the configuration of ROUTE DFLT2 associated with provider PROV1 in the form
of a command (Obey) file.
Example 50 INFO ROUTE With OBEYFORM
> INFO ROUTE $ZZCIP.PROV1.DFLT2, OBEYFORM
ADD ROUTE
$ZZCIP.PROV1.DFLT2 , &
CLIM
N1002532 , &
FAMILY
DUAL , &
PRIORITY 90
For display field descriptions, see “ADD ROUTE” (page 230).
LISTOPENS Commands
LISTOPENS is a non-sensitive command that displays a list of the processes that currently have
open sockets. By default, a summary of the processes and sockets is displayed. All commands
allow a DETAIL modifier to show additional, detailed information.
LISTOPENS MON
The LISTOPENS MON command displays a list of all sockets opened by processes in the processor
containing the specified CIPMON.
LISTOPENS MON Command Syntax
LISTOPENS MON $ZZCIP.ZCMnn [,DETAIL]
ZCMnn
Identifies the CIPMON process to which the command applies. nn is a two-digit value in the
range 00 through 15. A wildcard can specify multiple MONs.
Example 51 displays a summary list of all processes in this system that have opened sockets in
CIP:
Example 51 LISTOPENS MON Summary
> LISTOPENS MON $ZZCIP.*
CIP Listopens MON \MYSYS.$ZZCIP.ZCM01
Openers
\MYSYS.$ZPRP0
\MYSYS.$RMAIL
\MYSYS.$MYWEB
\MYSYS.$MYWEB
Ppid
0,20
1,162
1,333
0,427
State
LISTEN
LISTEN
LISTEN
LISTEN
Proto
TCP
TCP
TCP
TCP
Lport
ECHO
10293
http
5988
Provider
ZTCP0
ZTCP0
ZTCP0
ZTCP0
CLIM
N1002531
N1002531
N1002531
N1002531
Proto
TCP
TCP
TCP
TCP
UDP
Lport
telnet
telnet
telnet
10513
5010
Provider
ZTC0
ZTC0
ZTC1
ZTC1
ZTC0
CLIM
N1003742
N1003742
N1003742
N1003742
N1003742
CIP Listopens MON \MYSYS.$ZZCIP.ZCM02
Openers
\MYSYS.$ZTN0
\MYSYS.$ZTN0
\MYSYS.$ZTN1
\MYSYS.$TEST6
\MYSYS
Ppid
2,24
2,24
2,35
2,325
2,210
State
LISTEN
LISTEN
LISTEN
LISTEN
LISTEN
Opener
Is the system name and process name of the process that opened the socket. If the process has
no name, then only the system name appears.
CIPMAN SCF Commands 243
Ppid
Is the PID (cpu, process number) of the primary process that opened the socket.
Bpid
Is the PID (cpu, process number) of the backup process that opened the socket. If the process
pair has no backup, the field is blank.
Proto
Is the protocol used to open the socket.
Provider
Is the provider used to open the socket.
CLIM
Is the CLIM that contains the socket.
Lport
Is the local port number associated with the socket. Common port numbers are displayed with
a text name.
Example 52 displays detailed information about opened sockets in processor 2.
Example 52 LISTOPENS MON Detailed
>LISTOPENS MON $ZZCIP.*, DETAIL
CIP Detailed Listopens MON \SYSA.$ZZCIP.ZCM01
Opener:\SYSA.$
Plfn:6
Proto:TCP
Provider:CSAM1
Lport:5000
FPort:0
Ppid: 1,325
Bpid: 0, 0
Blfn:2
State:0x0000080
SendQ:0
CLIM:N1002532
CLIM-FD:14
Laddr:172.17.190.151
Faddr:0.0.0.0
RecvQ:0
CIP Detailed Listopens MON \SYSA.$ZZCIP.ZCM02
Opener:\SYSA.$
Plfn:6
Proto:TCP
Provider:CSAM1
Lport:0
FPort:0
Ppid: 2,304
Bpid: 0, 0
Blfn:1
State:0x0000080
SendQ:0
CLIM:N1002532
CLIM-FD:15
Laddr:0.0.0.0
Faddr:0.0.0.0
RecvQ:0
Opener
Is the system name and process name of the process that opened the socket. If the process has
no name, then only the system name appears.
Ppid
Is the PID (cpu, process number) of the primary process that opened the socket.
Bpid
Is the PID (cpu, process number) of the backup process that opened the socket. If the process
pair has no backup, the field is blank.
Plfn
Is the logical file number of the socket in the primary process.
Blfn
Is the logical file number of the socket in the backup process, or zero if the backup process
does not exist or have the socket open.
Proto
Is the protocol used to open the socket.
244 SCF Reference for CIP
State
Is the current state of the socket. The State value is either a translated text string for a TCP state
or a cumulative bitwise value in hex format that represents a socket state.
Text value:
ESTAB
indicates the socket is connected to a remote socket.
LISTEN
indicates the socket is in a listening state and is waiting for a connection from a remote host
CLOSING
indicates the socket is in the process of closing
Hex value:
0x00010
indicates the socket can’t send any more data to its peer.
0x00020
indicates the socket can’t receive any more data from its peer.
0x00080
indicates the socket is operated in a privileged mode. This usually means the application is started
by a super user.
0x00100
indicates the socket is operated in a non-blocking io mode.
0x04000
indicates the socket is a listening socket.
0x08000
indicates the socket has received a 0-byte indication. This usually means its peer socket is closed.
SendQ
Is the number of bytes of data in the send queue of the socket.
RecvQ
Is the number of bytes of data in the receive queue of the socket. If the socket state is "LISTEN"
this is the number of connections queued on the socket yet to be accepted by the application.
Provider
Is the provider used to open the socket.
CLIM
Is the CLIM that contains the socket.
CLIM-FD
Is the CLIM software file descriptor number of the socket on the CLIM.
Lport
Is the local port number associated with the socket. Common port numbers are displayed with
a text name.
Laddr
Is the local IP address associated with the socket.
Fport
Is the remote port number associated with the socket. Common port numbers are displayed
with a text name. An asterisk (*) signifies that no remote port number is associated with the
socket.
Faddr
Is the remote IP address associated with the socket.
LISTOPENS PROVIDER
The LISTOPENS PROVIDER command displays all sockets using the specified provider and identifies
the process that opened each socket.
CIPMAN SCF Commands 245
LISTOPENS PROVIDER Command Syntax
LISTOPENS PROVIDER $ZZCIP.prov-name [,DETAIL]
prov-name
Is the name of the provider to which the command applies. A wildcard can specify a set of
providers.
Example 53 displays information about processes that have opened sockets on PROVIDER ZTC0.
Example 53 LISTOPENS PROVIDER Summary
> LISTOPENS PROV $ZZCIP.ZTC0
CIP Listopens PROVIDER \MYSYS.$ZZCIP.ZTC0
Openers
\MYSYS.$MYWEB
\MYSYS.$MYWEB
Ppid
1,333
1,333
Openers
\MYSYS.$ZTN0
\MYSYS.$ZTN0
\MYSYS
Ppid
2,24
2,24
2,210
State
LISTEN
LISTEN
State
LISTEN
LISTEN
LISTEN
Proto Lport
TCP
http
TCP
http
Proto
TCP
TCP
UDP
Provider
ZTC0
ZTC0
Lport
telnet
telnet
5010
Provider
ZTC0
ZTC0
ZTC0
CLIM
N1002532
N1002532
CLIM
N1002532
N1002532
N1002532
Opener
Is the system name and process name of the process that opened the socket. If the process has
no name, then only the system name appears.
Ppid
Is the PID (cpu, process number) of the primary process that opened the socket.
Bpid
Is the PID (cpu, process number) of the backup process that opened the socket. If the process
pair has no backup, the field is blank.
Proto
Is the protocol used to open the socket.
Provider
Is the provider used to open the socket.
CLIM
Is the CLIM that contains the socket.
Lport
Is the local port number associated with the socket. Common port numbers are displayed with
a text name.
Example 54 displays detailed information about opened sockets using provider CSAM1.
Example 54 LISTOPENS PROVIDER Detailed
>LISTOPENS PROV $ZZCIP.CSAM1, DETAIL CIP Detailed Listopens provider \EUROPA.$ZZCIP.CSAM
Opener:\EUROPA.$ Ppid: 2,480
246 SCF Reference for CIP
Bpid: 0,0
Plfn:2
Blfn:5
Proto:TCP
State:LISTEN
SendQ:0
RecvQ:0
Provider:CSAM
CLIM:*mult*
CLIM-FD:41
Lport:3333
Laddr:0.0.0.0
FPort:0
Faddr:0.0.0.0
Opener:\EUROPA.$ Ppid: 2,480
Bpid:0,0
Plfn:7
Blfn:5
Proto:TCP
State:ESTAB
SendQ:0
RecvQ:0
Provider:CSAM
CLIM:DL385F
CLIM-FD:34
Lport:3333
Laddr:172.17.188.142
FPort:22861
Faddr:172.17.188.142
Opener:\EUROPA.$ Ppid: 2,500
Proto:TCP
Provider:CSAM
Lport:27501
Bpid: 0,0
State:0x00180
CLIM:DL385G
Plfn:2
Blfn:5
SendQ:0
RecvQ:0
CLIM-FD:42
Laddr:172.17.188.152 FPort:0
Faddr:0.0.0.0
Bpid: 0,0
Plfn:7
Blfn:5
Proto:TCP
State:0x080B0
SendQ:0
RecvQ:0
Provider:CSAM
CLIM:DL385F
CLIM-FD:34
Lport:3333
Laddr:172.17.188.142
FPort:27818
Faddr:172.17.188.142
Opener:\EUROPA.$ Ppid: 2,480
Opener
Is the system name and process name of the process that opened the socket. If the process has
no name, then only the system name appears.
Ppid
Is the PID (cpu, process number) of the primary process that opened the socket.
Bpid
Is the PID (cpu, process number) of the backup process that opened the socket. If the process
pair has no backup, the field is blank.
Plfn
Is the logical file number of the socket in the primary process.
Blfn
Is the logical file number of the socket in the backup process, or zero if the backup process
does not exist or have the socket open.
Proto
Is the protocol used to open the socket.
State
Is the current state of the socket. The State value is either a translated text string for a TCP state
or a cumulative bitwise value in hex format that represents a socket state.
Text value:
ESTAB
indicates the socket is connected to a remote socket.
LISTEN
indicates the socket is in a listening state and is waiting for a connection from a remote host
CLOSING
indicates the socket is in the process of closing
CIPMAN SCF Commands 247
Hex value:
0x00010
indicates the socket can’t send any more data to its peer.
0x00020
indicates the socket can’t receive any more data from its peer.
0x00080
indicates the socket is operated in a privileged mode. This usually means the application is started
by a super user.
0x00100
indicates the socket is operated in a non-blocking io mode.
0x04000
indicates the socket is a listening socket.
0x08000
indicates the socket has received a 0-byte indication. This usually means its peer socket is closed.
SendQ
Is the number of bytes of data in the send queue of the socket.
RecvQ
Is the number of bytes of data in the receive queue of the socket. If the socket state is "LISTEN"
this is the number of connections queued on the socket yet to be accepted by the application.
Provider
Is the PROVIDER used to open the socket.
CLIM
Is the CLIM that contains the socket.
CLIM-FD
Is the CLIM software file descriptor number of the socket on the CLIM.
Lport
Is the local port number associated with the socket. Common port numbers are displayed with
a text name.
Laddr
Is the local IP address associated with the socket.
Fport
Is the remote port number associated with the socket. Common port numbers are displayed
with a text name. An asterisk (*) signifies that no remote port number is associated with the
socket.
Faddr
Is the remote IP address associated with the socket.
NAMES Commands
NAMES is a non-sensitive command that displays a list of object types and names for the specified
objects.
NAMES $ZZCIP
The NAMES command with no object type is identical to the “NAMES PROCESS”. The only required
attribute for the NAMES command with no object type is the MAN process name, $ZZCIP. The
NAMES PROCESS command shows the types and names of all objects subordinate to the specified
process.
NAMES $ZZCIP Command Syntax
NAMES $ZZCIP
248 SCF Reference for CIP
Example 55 NAMES $ZZCIP
> NAMES PROCESS $ZZCIP
CIP Names PROCESS \MYSYS.$ZZCIP
PROCESS
$ZZCIP
MON
$ZZCIP.ZCM00 $ZZCIP.ZCM01 $ZZCIP.ZCM02 $ZZCIP.ZCM03
PROVIDER
$ZZCIP.ZTC0
$ZZCIP.PROV1
CLIM
$ZZCIP.N1002532 $ZZCIP.N1003741
NAMES CLIM
The NAMES CLIM command displays the names of the specified CLIMs known by this system.
NAMES CLIM Command Syntax
NAMES CLIM $ZZCIP.clim-name
clim-name
Specifies the CLIM names to display. If no such CLIM is known to this system, the output is an
error message. A wildcard can specify multiple CLIMs.
Example 56 displays the names of all CLIMs known by this system.
Example 56 NAMES CLIM
> NAMES CLIM $ZZCIP.*
CIP Names CLIM \MYSYS.$ZZCIP.*
CLIM
$ZZCIP.N1002532
$ZZCIP.N1003741
$ZZCIP.N1012542
NAMES MON
The NAMES MON command displays the names of the specified MON objects in this system.
NAMES MON $ZZCIP.ZCMnn
ZCMnn
Identifies the CIPMON process names to display. nn is a two-digit value in the range 00
through 15. A wildcard can specify multiple MONs in this system.
Example 57 displays the names of all MONs in this system:
Example 57 NAMES MON
> NAMES MON $ZZCIP.*
CIP Names MON \MYSYS.$ZZCIP.*
MON
$ZZCIP.ZCM00
$ZZCIP.ZCM01
$ZZCIP.ZCM02
$ZZCIP.ZCM03
NAMES PROCESS
The NAMES PROCESS command displays the types and names of all objects subordinate to the
specified process.
CIPMAN SCF Commands 249
NAMES PROCESS Command Syntax
> NAMES PROCESS $ZZCIP
This command displays the names and types of all objects subordinate to CIPMAN on this system.
Example 58 NAMES PROCESS
> NAMES PROCESS $ZZCIP
CIP Names PROCESS \MYSYS.$ZZCIP
PROCESS
$ZZCIP
MON
$ZZCIP.ZCM00
$ZZCIP.ZCM01
PROVIDER
$ZZCIP.ZTC0
$ZZCIP.PROV1
ROUTE
$ZZCIP.ZTC0.ROUTE1
CLIM
$ZZCIP.N1002532
$ZZCIP.ZCM02
$ZZCIP.ZCM03
$ZZCIP.ZTC0.ROUTE2
$ZZCIP.PROV1.MYROUTE
$ZZCIP.N1003741
NAMES PROVIDER
The NAMES PROVIDER command displays the names of the specified PROVIDER objects on this
system.
NAMES PROVIDER Command Syntax
NAMES PROVIDER $ZZCIP.prov-name
prov-name
Identifies the PROVIDER object names to display. A wildcard can specify multiple providers.
Example 59: NAMES PROVIDER displays the names of all providers known by this system:
Example 59 NAMES PROVIDER
> NAMES PROV $ZZCIP.*
CIP Names PROVIDER \MYSYS.$ZZCIP.*
PROVIDER
$ZZCIP.SAM0
$ZZCIP.SAM1
$ZZCIP.SAM2
NAMES ROUTE
The NAMES ROUTE command displays the names of the specified ROUTE objects on this system.
NAMES ROUTE Command Syntax
NAMES ROUTE $ZZCIP.prov-name.route-name
prov-name
Specifies the parent provider. A wildcard can specify multiple parent providers.
route-name
Specifies the name of the ROUTE to display. A wildcard can specify multiple ROUTEs.
Example 60 displays the names of all ROUTE objects known by this system.
250 SCF Reference for CIP
Example 60 NAMES ROUTE
> NAMES ROUTE $ZZCIP.*
CIP Names ROUTE \MYSYS.$ZZCIP.*
ROUTE
$ZZCIP.ZTC0.ROUTE1
$ZZCIP.ZTC0.ROUTE2
$ZZCIP.PROV1.MYROUTE
PRIMARY Command
The PRIMARY command changes the specified object in an object pair from the backup to the
primary.
PRIMARY PROCESS
The PRIMARY PROCESS command is a sensitive command that changes which process of the
CIPMAN process pair is the primary.
PRIMARY PROCESS Command Syntax
PRIMARY PROCESS $ZZCIP [,CPU cpu-number]
cpu-number
Is the new primary processor number. If you specify the current primary processor, the command
does nothing. If you specify the current backup processor (or if you omit this parameter), the
command switches to the backup processor. If you specify a number other than the current
primary or backup processor, the command returns an error.
This command switches CIPMAN to its backup process:
Example 61 PRIMARY PROCESS
> PRIMARY PROCESS $ZZCIP
START Commands
START is a sensitive command used to initiate operations on the specified object. The object enters
the STARTING state, then progresses to the STARTED state if no error occurs during startup.
START CLIM
The START CLIM command starts operations on the specified CLIM.
If the device at the configured LOCATION does not quickly respond as an operational CLIM, the
CLIM object stays in the STARTING state. If an operational CLIM responds later, the CLIM object
goes to the STARTED state.
Prior to J06.08 and H06.19, the START command for the CLIM did not check that climcmnd was
set up on that CLIM. As of J06.08 and H06.19, it does check.
START CLIM Command Syntax
START CLIM $ZZCIP.clim-name
clim-name
Is the name of the CLIM to start. A wildcard can specify a set of CLIMs.
This command starts operations on S1003741.
CIPMAN SCF Commands
251
Example 62 START CLIM
> START CLIM $ZZCIP.S1003741
START PROCESS
The START PROCESS command starts the operation of all the objects in the CIP subsystem on this
system. Because the target object is already started (by the persistence manager), the SUB ONLY
option must be specified.
START PROCESS Command Syntax
START PROCESS $ZZCIP, SUB ONLY
SUB
Determines the set of objects and subordinate objects that the command targets. ONLY specifies
that only subordinate objects are targets of the command.
This commands starts all the configured objects in the CIP subsystem on this system.
Example 63 START PROCESS
> START PROCESS $ZZCIP, SUB ONLY
START PROCESS Guidelines
MON objects are not affected by the START PROCESS, SUB ONLY command.
START PROVIDER
The START PROVIDER command starts operations on the specified provider. The provider goes to
the STARTED state only if the associated CLIM is in the STARTED state; otherwise it goes to the
STARTING state. The associated CIPSAM process need not be running for the provider to be
STARTED, but applications cannot use the provider until the CIPSAM process is started.
START PROVIDER Command Syntax
START PROVIDER $ZZCIP.prov-name
prov-name
Is the name of the provider to start. A wildcard can specify a set of providers.
Example 64 starts all configured providers:
Example 64 START PROVIDER
> START PROVIDER $ZZCIP.*
STATS Commands
STATS is a non-sensitive command that displays statistical information for the specified object.
The STATS command shows statistics related to the NonStop system, the CLIM software, and
communication between the two. The Linux ip, and netstat commands and the climconfig route
command get TCP/IP, interface, and route statistics for the CLIMs . To access the Linux commands,
enter:
CLIMCMD clim-name Linux-command
The RESET modifier resets the statistics to zero after displaying them. The command is sensitive if
you specify RESET.
STATS CLIM
The STATS CLIM command displays statistical information kept by the NonStop Enterprise Division
software on the specified CLIMs, which must be in the STARTED state.
252 SCF Reference for CIP
The statistics pertain to the operation of the CLIM software and the CLIM-side communication with
the NonStop host system. To get TCP/IP protocol statistics, use the Linux netstat command on the
CLIM. (To obtain information about the netstat command, enter CLIMCMD clim-name man
netstat at the TACL prompt.)
NOTE:
For better performance, always use the –n option with netstat.
STATS CLIM Command Syntax
STATS CLIM $ZZCIP.clim-name [,RESET]
clim-name
Is the name of the CLIM for which to display statistical information. A wildcard can specify a
set of CLIMs.
RESET
Resets statistics to zero after displaying them.
Example 65: STATS CLIM displays statistics for N1003741.
Example 65 STATS CLIM
> STATS CLIM $ZZCIP.N1003741
CIP Stats CLIM \COCOA.$ZZCIP.N1003741
Sample Time ... 11 Jun 2008, 23:51:49.000
Reset Time .... 09 Jun 2008, 2:28:39.000
CLIMMON STATS
Event Log Entries......... 0
CLIMAGT Failures.......... 0
Restarts.................. 1
CIPSSRV0 Failures......... 0
CLIMAGT STATS
Event Log Entries...........
Buffer denials..............
IT-API errors...............
Last IT-API error code......
Linux errors................
Last Linux errno............
Current bfr bytes in use....
High bfr bytes in use.......
Total msgs sent.............
Total msgs received.........
Current connected Cpus......
Queued Commands.............
7
0
4
12
2
22
0
2048
289299
289293
4
2
High connected Cpus......... 4
Failed Commands............. 0
CIPSSRV0 STATS
Event Log Entries...........
Buffer denials..............
IT-API errors...............
Last IT-API error code......
Linux errors................
Last Linux errno............
Current bfr bytes in use....
High bfr bytes in use.......
Total msgs sent.............
Total msgs received.........
Total bytes sent............
Total bytes received........
Current connected Cpus......
Deferred Sends..............
Current TCP Listen Sockets..
Current UDP Sockets.........
Current TCP Connections.....
0
0
0
0
0
0
1048727
1048727
69
76
1080
1024
4
0
0
0
0
High connected Cpus.........
Failed Commands.............
High TCP Listen Sockets.....
High UDP Sockets............
High TCP Connections........
4
0
0
1
1
CIPMAN SCF Commands 253
CLIMMON STATS
Heads the statistics taken from the CLIMMON process, which starts and monitors the other CIP
subsystem components on the CLIM.
Event Log Entries
Shows the number of syslog entries generated by the CLIMMON process since the last reset.
Restarts
Shows the number of times CLIMMON restarted the CLIMAGT and CIPSSRVx processes since
the last reset. All these processes are restarted when any one indicates a failure.
CLIMAGT Failures
Shows the number of times the CLIMAGT process indicated a failure since the last reset.
CIPSSRVx Failures
Shows the number of times the given CIPSSRV process indicated a failure since the last reset.
Only one CIPSSRV process (CIPSSRV0) is present in CIP.
CLIMAGT STATS
Heads the statistics taken from the CLIMAGT process, which performs management requests
originating from the NonStop host system.
Event Log Entries
Shows the number of syslog entries generated by the process since the last reset.
Buffer Denials
Shows the number of times a buffer for communication with the NonStop host system could not
be obtained since the last reset; this symptom indicates memory overflow.
IT-API Errors
Shows the number of errors returned from the low-level ServerNet communication handlers
since the last reset.
Last IT-API error code
Shows the status code of the last IT-API error or zero if there has been no error.
Linux Errors
Shows the number of errors returned from the CLIM side of CIP since the last reset.
Last Linux errno
Shows the errno value of the last CLIM software error or zero if there has been no error.
Current bfr bytes in use
Shows the amount of memory currently used for communication with the NonStop host system.
High bfr bytes in use
Shows the highest amount of memory used for communication with the NonStop host system
since the last reset.
Current connected Cpus
Shows the current number of NonStop host system processors connected.
High connected Cpus
Shows the highest number of NonStop host system processors connected at one time since the
last reset.
Total msgs sent
Shows the total number of messages sent to all NonStop host system processors since the last
reset.
Total msgs received
Shows the total number of messages received from all NonStop host system processors since
the last reset.
254 SCF Reference for CIP
Queued Commands
Shows the number of SCF commands queued for processing.
Failed Commands
Shows the total number of SCF commands that could not be completed since the last reset.
CIPSSRVx STATS
Heads the statistics taken from each CIPSSRV process, which performs application socket
requests. Only one CIPSSRV process (CIPSSRV0) is present in CIP. Statistics with the same title
as those for the CLIMAGT contain the same information for the CIPSSRV process. Those unique
to CIPSSRV follow:
Total bytes sent
Shows the total number of data bytes sent to all NonStop host system processors.
Total bytes received
Shows the total number of data bytes received from all NonStop host system processors.
Deferred Sends
Shows the total number of times a send request could not be performed immediately.
Failed Commands
Shows the total number of socket requests that could not be completed since the last reset.
Current TCP Listen Sockets
Shows the current number of open TCP listen sockets.
High TCP Listen Sockets
Shows the highest number of TCP listen sockets open at one time since the last reset.
Current UDP Sockets
Shows the current number of open UDP sockets.
High UDP Sockets
Shows the highest number of UDP sockets open at one time since the last reset.
Current TCP Connections
Shows the current number of TCP connections.
High TCP Connections
Shows the highest number of TCP connections at one time since the last reset.
STATS MON
The STATS MON command displays the statistics kept by the specified CIPMON process or
processes running on this system.
STATS MON Command Syntax
STATS MON $ZZCIP.ZCMnn, [RESET]
ZCMnn
Identifies the CIPMON process for which to display statistics. nn is a two-digit value in the
range 00 through 15. A wildcard (*) can specify multiple CIPMONs.
Example 66: STATS MON displays statistics for the CIPMON object ZCM01.
Example 66 STATS MON
> STATS MON $ZZCIP.ZCM01
CIP Stats MON \COCOA.$ZZCIP.ZCM00
Sample Time ... 11 Jun 2008, 23:55:55.300
Reset Time .... 07 Jun 2008, 16:15:13.781
SOCKET STATS
CIPMAN SCF Commands 255
Total Recv Socket Reqs......
Total Recv Errors...........
Total Send Socket Reqs......
Total Send Errors...........
Data Bytes Sent.............
Data Bytes Received.........
Total Connections Out.......
Current TCP Listen Sockets..
Current UDP Sockets.........
Current TCP Connections.....
0
0
0
0
0
0
0
0
0
0
SOCKET SEND SIZE HISTOGRAM
Size 1-128..................
Size 257-512................
Size 1025-2048..............
Size 4097-8192..............
Size 12289-16384............
Size 32769 and larger.......
0
0
0
0
0
0
MON STATS
Total Messages Sent.........
Total Messages Received.....
Current Connected CLIMs.....
Total Rejected Connections..
0
0
2
129
Total Connections In........
High TCP Listen Sockets.....
High UDP Sockets............
High TCP Connections........
0
0
0
0
Size
Size
Size
Size
Size
0
0
0
0
0
129-256................
513-1024...............
2049-4096..............
8193-12288.............
16385-32768............
High Connected CLIMs........ 2
Deferred Sends.............. 0
Total Recv Socket Reqs
Shows the total number of receive socket requests across all CLIMs since the last reset.
Total Recv Errors
Shows the total number of receive socket requests that returned an error since the last reset.
Total Send Socket Reqs
Shows the total number of send socket requests across all CLIMs since the last reset.
Total Send Errors
Shows the total number of send socket requests that returned an error since the last reset.
Data Bytes Sent
Shows the total number of data bytes sent to all CLIMs since the last reset.
Data Bytes Received
Shows the total number of data bytes received from all CLIMs since the last reset.
Total Connections Out
Shows the total number of connection requests sent to all CLIMs since the last reset.
Total Connections In
Shows the total number of connection requests received from all CLIMs since the last reset.
Current TCP Listen Sockets
Shows the current number of open TCP listen sockets.
High TCP Listen Sockets
Shows the highest number of open TCP listen sockets at one time since the last reset.
Current UDP Sockets
Shows the current number of open UDP listen sockets.
High UDP Sockets
Shows the highest number of UDP listen sockets open at one time since the last reset.
Current TCP Connections
Shows the current number of TCP connections.
256 SCF Reference for CIP
High TCP Connections
Shows the highest number of TCP connections at one time since the last reset.
SOCKET SEND SIZE HISTOGRAM
Shows the number of socket send requests across all CLIMs, organized by the length of the
request.
Size x-xxxx
Is the count of socket sends between x and xxxx bytes.
Size 32769 and larger
Is the count of socket sends greater than 32769 bytes.
Total Messages Sent
Shows the total number of messages sent to all CLIMs since the last reset.
Total Messages Received
Shows the total number of messages received from all CLIMs since the last reset.
Current connected CLIMs
Shows the current number of CLIMs connected.
High connected CLIMs
Shows the highest number of CLIMs connected at one time since the last reset.
Total Rejected Connections
Shows the total number of attempts to connect to a CLIM that were rejected.
Deferred Sends
Shows the total number of times a send request could not be performed immediately.
STATUS Commands
STATUS is a non-sensitive command that displays the current status of an object as viewed by this
system or CIPMON. Some STATUS commands accept the DETAIL option, which specifies that the
display is to include additional, detailed status information about the object.
STATUS CLIM
The STATUS CLIM command displays the current status of the specified CLIM object(s) on this
system. The summary display shows the summary state, which reflects the last START/STOP/ABORT
command issued to the object. The detailed display also shows the status of the CLIM interfaces
and the connections to the CLIM from the individual CIPMONs. Use the CLIM software climstatus
command on the CLIM to display similar information from the viewpoint of the CLIM.
NOTE: The storage subsystem ($ZZSTO) also supports a STATUS CLIM command. For syntax
and display examples, see the SCF Reference Manual for the Storage Subsystem.
STATUS CLIM Command Syntax
STATUS CLIM $ZZCIP.clim-name [,DETAIL]
clim-name
Is the name of the CLIM for which to display status information. A wildcard can specify a set
of CLIMs.
Example 67: STATUS CLIM Summary shows the state of all configured CLIMs:
Example 67 STATUS CLIM Summary
> STATUS CLIM $ZZCIP.*
CIP Status CLIM \MYSYS.$ZZCIP.*
Name
N1002532
Present
Yes
State
STARTED
Trace
OFF
CIPMAN SCF Commands 257
N1003741
N1012542
Yes
Yes
STARTED
STARTED
1, 2
2
Present
Indicates whether an operational CLIM is present at the configured location and can have any
of the values
Yes
CLIM is connected at all configured locations and is usable
Partial
CLIM is connected at some but not all configured locations and is usable
No
CLIM is not connected at any of the configured locations (not usable)
Conflict
Two or more CLIMs are connected to the configured locations (not usable)
Problem
A connection problem exists at one or more configured locations (not usable)
Trace
Shows a list of the processors that have started a trace on the CLIM, or OFF if none.
Example 68: STATUS CLIM Detailed displays detailed status information for N100234 on a
NonStop NS16000 server.
Example 68 STATUS CLIM Detailed
NOTE: The storage subsystem ($ZZSTO) also supports a STATUS CLIM command. For syntax
and display, see the SCF Reference Manual for the Storage Subsystem.
> STATUS CLIM $ZZCIP.N100234, DETAIL
Example 69: STATUS CLIM Detailed displays detailed status information for C100271 on a
NonStop system.
Example 69 STATUS CLIM Detailed
This example shows the Multiple Providers per CLIM option, MULTIPROV ON, and displays output
for multiple providers.
> STATUS CLIM $ZZCIP.C100271, DETAIL
CIP Detailed Status CLIM \NSAA11.$ZZCIP.N1002541
Mode......................
Multiprov.................
CLIM HW Connection Status.
State.....................
ConnPts...................
X1 Location...............
Expected Y1 Location......
X2 Location...............
Expected Y2 Location......
X1 Connection Status......
Y1 Connection Status......
X2 Connection Status......
Y2 Connection Status......
Trace Status..............
IP
ON
Connected
STARTED
2
Group 100
Group 100
Group 100
Group 100
Connected
Connected
Connected
Connected
OFF
,
,
,
,
Module
Module
Module
Module
2
3
2
3
,
,
,
,
Slot
Slot
Slot
Slot
7
7
7
7
,
,
,
,
Last Restart Time......... 16 May 2012, 13:10:29.000
CLIM Hostname............. C100271
CIP SW Version............ T0853H01_17AUG2012_15MAY2012_ACA
Port
Port
Port
Port
Network SW Version........ T0691H01_17AUG2012_ACA_CLIM_E13
Storage SW Version........ T0830H01_17AUG2012_14MAY2012_AAZ
Number of Socket Servers.. 1
258 SCF Reference for CIP
1
1
2
2
Linux Version:
Linux 3.2.12-clim-5-amd64 #1 SMP Fri Apr 27 22:27:05 UTC 2012
Fabric Status:
CIPMON
Mgmt
ZCM00
XY-1
ZCM01
XY-1
ZCM02
XY-1
ZCM03
XY-2
ZCM04
XY-1
ZCM05
XY-2
ZCM06
XY-2
ZCM07
XY-1
ZCM08
XY-1
ZCM09
XY-2
ZCM10
XY-2
ZCM11
XY-1
ZCM12
XY-2
ZCM13
XY-1
ZCM14
XY-1
ZCM15
XY-2
Data
XY-1
XY-1
XY-1
XY-2
XY-1
XY-2
XY-2
XY-1
XY-1
XY-2
XY-2
XY-1
XY-2
XY-1
XY-1
XY-2
CLIM Maintenance Interface Status & IP Addresses:
lo
Sts:UP Lkp:-IPv4: 127.0.0.1
IPv6: ::1
eth0
Sts:UP Lkp:UP
IPv4: 16.107.184.190
IPv6: fe80::21c:c4ff:fede:d112
Data Provider CSAM Interface Status & IP Addresses:
Flg Name
Status LkP
Master / IP Family & Address
lo
UP
-IPv4: 127.0.3.2
IPv4: 127.0.0.1
IPv6: ::1
eth5
UP
UP
IPv4: 172.17.190.34
IPv6: 3ffe:1200:190:1:21f:29ff:fe0d:ac1e
IPv6: 3ffe:1200:190:2:21f:29ff:fe0d:ac1e
IPv6: fe80::21f:29ff:fe0d:ac1e
eth1
UP
UP
IPv4: 172.17.190.30
IPv6: 3ffe:1200:190:1:21c:c4ff:fede:d110
IPv6: 3ffe:1200:190:2:21c:c4ff:fede:d110
IPv6: fe80::21c:c4ff:fede:d110
(T) TUN0
UP
UP
eth1
IPv6: 1234::12
IPv6: fe80::ac11:be1e
bond1
UP
UP
IPv4: 172.17.190.32
IPv4: 172.17.190.31
IPv6: 3ffe:1200:190:2:21f:29ff:fe0d:ac1d
IPv6: 3ffe:1200:190:1:21f:29ff:fe0d:ac1d
IPv6: fe80::21f:29ff:fe0d:ac1d
eth3
RDY
UP
bond1
IPv4: 0.0.0.0
eth2
RDY
UP
bond1
IPv4: 0.0.0.0
Data Provider CSAM2 Interface Status & IP Addresses:
Flg Name
Status LkP
Master / IP Family & Address
lo
UP
-IPv4: 127.0.3.2
IPv4: 127.0.0.1
IPv6: ::1
CIPMAN SCF Commands 259
eth4
UP
UP
IPv4:
IPv6:
IPv6:
IPv6:
172.17.190.33
3ffe:1200:190:2:21f:29ff:fe0d:ac1f
3ffe:1200:190:1:21f:29ff:fe0d:ac1f
fe80::21f:29ff:fe0d:ac1f
Data Provider LOOP Interface Status & IP Addresses:
Flg Name
Status LkP
Master / IP Family & Address
lo
UP
-IPv4: 127.0.3.2
IPv4: 127.0.0.1
IPv6: ::1
Interface Failover Configuration and Status:
Flg Name
Failover/(Assoc) Fovr
C100271.eth5
C100263.eth5
Home
C100271.bond1
-(T) C100271.TUN0
(C100271.eth1)
Home
C100271.eth1
C100263.eth1
Home
C100271.eth4
--
Current
C100271.eth5
C100271.bond1
C100271.TUN0
C100271.eth1
C100271.eth4
Provider
CSAM
CSAM
CSAM
CSAM
CSAM2
NOTE: The Fiber attribute might not be supported on your system. For more information, see the
planning guide for your system.
NOTE: CLIM Maintenance Interface Status & IP Addresses, Maintenance Provider Interface Status
& IP Addresses, and Data Interface Status & IP Addresses are usually available only if the CLIM is
in the STARTED state.
Mode
Shows the operation mode of the CLIM. An IP CLIM (Mode is IP) provides access to TCP/IP
networking. A STORAGE CLIM (Mode is STORAGE) provides access to disks and other storage
devices. An OPEN CLIM (Mode is OPEN) provides access to hosting application code other
than the standard HP CLIM code and can be used for telecommunication or financial
applications. CLIM can provide both access to TCP/IP networking and access to disks and
other storage devices.
MultiProv
Indicates whether the specified IP or OPEN MODE CLIM supports association with multiple
IPDATA providers simultaneously.
CLIM HW Connection Status
Indicates overall hardware connectivity between a CLIM and this NonStop system at the
configured locations and can have any of the values:
Connected
CLIM is connected at all configured locations and is usable.
Partially Connected
CLIM is connected at some but not all configured locations and is usable.
Not Connected
CLIM is not connected at any of the configured locations (not usable).
Conflict
Two or more CLIMs are connected to the configured locations (not usable).
Connection Problem
A connection problem exists at one or more configured locations (not usable).
State
Shows the CLIM object state, either STOPPED, STARTING, or STARTED. If the object is STOPPED,
the subsequent fields are omitted. If the object is not STARTED, the CLIM restart time, hostname,
versions, and interface status fields are omitted.
260 SCF Reference for CIP
ConnPts
Shows whether there are one or two ServerNet connections configured per fabric between
CLIM and the NonStop host system.
X1 Location
Shows the CLIM’s first X-fabric location based on the configured location.
Y1 Location
Shows the CLIM’s first Y-fabric location based on the configured location.
X2 Location
Shows the CLIM’s second X-fabric location based on the configured location. This is applicable
only when CLIM’s CONNPTS attribute is 2.
Y2 Location
Shows the CLIM’s second Y-Fabric location based on the configured location. This is applicable
only when CLIM’s CONNPTS attribute is 2.
X1 Connection Status, Y1 Connection Status, X2 Connection Status, Y2 Connection Status
Indicate whether the CLIM is connected to each ServerNet fabric at the expected location. X2
Connection Status and Y2 Connection Status are applicable only when the CLIM’s CONNPTS
attribute is 2. The possible values are:
Connected
The CLIM is correctly connected at the specified location.
Not Connected
No operational device is connected at the specified location.
Port Misconfigured
The specified location is not configured for connection with a CLIM.
Location Mismatch
The CLIM is not configured to be connected at the specified location.
System Mismatch
The CLIM is not configured to be connected to this system.
Mode Mismatch
The MODE attribute of this CLIM object does not match the corresponding
mode configured on the CLIM hardware.
ConnPts Mismatch
The number of ServerNet connections per fabric configured for this CLIM
object is different than the value configured on the CLIM hardware.
Unsupported Location
Specified location is not a supported connection location for a CLIM on this
system.
Trace Status
Shows the processors that are tracing the CLIM and each trace file name. If no processor is
tracing the CLIM, the value in this field is OFF.
Last Restart Time
Shows the time of the last CLIM software restart as saved by the CLIM.
CIP/Linux Hostname
Shows the CLIM software hostname configured on the CLIM. This must be identical to CLIM
object name.
Network SW Version
Shows the version of CIP subsystem network software running on the CLIM.
Storage SW Version
Shows the version of Storage subsystem software installed on the CLIM.
Number of Socket Servers
Shows the number of Socket Server (CIPSSRV) processes running on the CLIM.
CIP/Linux Version
Shows the version of CLIM software running on the CLIM. This value is retrieved from the
/proc/version file.
CIPMAN SCF Commands
261
Fabric Status
Displays the CIPMON status, connections to the CLIM, and availability of the X and Y ServerNet
fabrics for each running processor in the system. The Mgmt column shows the management
connection to CLIMAGT, and the Data column shows the data path connections to the CIPSSRV
processes. The possible values are:
MON-DOWN
CIPMON is down.
--
CIPMON is up, but no connection is established.
X-
Connection is established; only the X fabric is available.
-Y
Connection is established; only the Y fabric is available.
XY
Connection is established; X and Y fabrics are available.
The number suffix (for example, -1) indicates the particular set of ServerNet fabrics being used
for the connection with the CLIM. For example XY-1 indicates that a connection is established
on both fabrics using SvNet ID 1 (that is, ServerNet ID of the first set of ServerNet connections).
CLIM Maintenance Interface Status & IP Addresses
Shows the dedicated service LAN interface (eth0) on the CLIM, giving the interface status (UP
or DOWN), link pulse status, and IP address. If multiple IP addresses are associated with the
maintenance interface, they are shown on separate lines.
Maintenance Provider Interface Status & IP Addresses
Shows the maintenance provider interface (eth0:0) on the CLIM configured to support
Maintenance Provider, showing:
Interface name
Name of maintenance provider interface on the CLIM (eth0:0)
Interface status
UP, DOWN or DNOP (down due to operator command)
Link pulse status
UP, DOWN, or — if no link pulse status
IP address(es)
IP address family and actual IP address for the interface
If multiple IP addresses are associated with the maintenance provider interface, they are shown
on separate lines.
This attribute is applicable only when there is a maintenance provider interface configured on
the CLIM and if the CLIM has IP MODE. Link pulse status of the maintenance provider interface
is identical to link pulse status of CLIM dedicated service LAN interface.
Data Provider prov-name Interface Status & IP Addresses
Shows the CLIM’s data interfaces on the CLIM for a particular provider, including:
Flag
Indicates a special condition of the interface or IP address:
• (V) for IP address created to support failover from other CLIM
• (F) for interface that is currently active on a different CLIM)
• (T) for manually configured IPv6-over-IPv4 tunnel interface
• (X) indicates an interface whose failover configuration is invalid
Interface name
Is the name of the interface on the CLIM
Interface status
Is UP, RDY, DNOP, or DOWN.
• UP indicates the interface resources are active and usable
• RDY indicates the interface is usable but resources are not active
262 SCF Reference for CIP
• DNOP indicates the interface is down due to an operator command (not
usable)
• DOWN indicates the interface is down due to a failure on the CLIM (not
usable)
Link pulse status
Is UP, DOWN, or —
• UP indicates the link is active
• DOWN indicates the link is inactive
• — indicates no link pulse status
if no link pulse status
Master name
Is the name of the master interface if this is a slave interface (otherwise, this
attribute is empty)
IP addresses
Is the IP address family and actual IP address associated with the interface
Physical interfaces other than eth0, logical interfaces, and bonded interfaces are shown. Slave
interfaces show their master bonded interface in the column labeled Master. Each IP address
associated with an interface (there can be multiple IP addresses) is shown on separate line.
More information about the CLIM interfaces can be retrieved using the CLIM software ifconfig
command on the CLIM.
This attribute is applicable only if the CLIM is of IP or OPEN MODE and is in the STARTED
state.
NOTE: If the specified prov-name does not exist on the system, “(Provider Does Not Exist)”
will be appended to the header line. If the specified is not an IPDATA Provider, “(Provider Not
IPDATA)” will be appended to the header line. In both cases, you cannot use the interfaces
associated with those providers.
Interface Failover Configuration and Status
Shows the CLIM’s data interfaces failover configuration and status information. Field definitions
are:
Flag
Indicates a special condition of the interface:
• (V) indicates an interface failover from another CLIM
• (F) for an interface that is currently active on a different CLIM)
• (T) indicates a manually configured IPv6-over-IPv4 tunnel interface
• (X) indicates an interface whose failover configuration is invalid
• (P) indicates an interface whose provider configuration is invalid or does not exist
Interface name
Name of interface from the socket-application perspective, (host interface name)
Failover/(assoc)
Name of the failover interface for the specified interface or the name of the associate interface
for a tunnel interface. If this field is shown in parentheses, then it is an associate interface.
Failover status
Indicates the failover status of the interface:
• — indicates that no failover is configured
• HOME indicates that the interface is running on its home interface
• BkFO indicates that the interface is running on its failover interface due to a failure
condition
• BkOP indicates the interface is running on its failover interface due to an operator request
• BkUN indicates the interface is running at its failover interface for an unknown reason.
(CIPMAN has restarted.)
CIPMAN SCF Commands 263
Current location
Indicates the current location of the interface (home interface or failover interface). If there
is no failover (HOME or __), the location is the same as the interface name. If there is failover,
then this field is identical to the failover interface at the time of the failover.
Provider
Indicates the name of the associated IPDATA provider.
NOTE:
Interface failover status is only applicable when CLIM has IP or OPEN MODE.
NOTE: In special cases, current can be something other than the home interface or the
current failover interface. In such a case, current is the previous failover interface (which
was correct at the time the interface failed over), but the failover configuration for that interface
has changed to use a different failover interface.
Example 70: STATUS CLIM, Starting displays detailed status information on a CLIM in STARTING
state:
Example 70 STATUS CLIM, Starting
> STATUS CLIM $ZZCIP.N1002541, DETAIL
CIP Detailed Status CLIM \MYSYS.$ZZCIP.N1002541
Mode......................
MultiProv.................
CLIM HW Connection Status.
State.....................
ConnPts...................
X1 Location...............
Y1 Location...............
X1 Location...............
Y1 Location...............
X1 Connection Status......
Y1 Connection Status......
X2 Connection Status......
Y2 Connection Status......
Trace Status..............
IP
ON
Not Connected
STARTING
2
Group 100 , Module
Group 100 , Module
Group 100 , Module
Group 100 , Module
Not Connected
Not Connected
Not Connected
Not Connected
OFF
2
3
2
3
,
,
,
,
Slot
Slot
Slot
Slot
5
7
5
7
,
,
,
,
Port
Port
Port
Port
4
4
4
4
,
,
,
,
Fiber
Fiber
Fiber
Fiber
1
1
2
2
Last Known Problem........ CLIM Hardware Not Connected
Last Known MultiProv IPDATA Provider Associations:
ZTC0
ZSAM1
Last Known Problem
Shows last known reason for the CLIM staying in STARTING state. This entry applies to
STARTING state, only, and is not shown for CLIMs in STOPPED or STARTED state.
Last Known MultiProv IPDATA Provider Associations
Lists the IPDATA providers that are associated with this CLIM based on the last known
configuration information for that CLIM. This entry applies only when the CLIM has IP or OPEN
MODE with MULTIPROV ON in STARTING or STOPPED state. This entry is not shown for CLIMs
with STORAGE MODE, CLIMs with MULTIPROV OFF or CLIMs in STARTED state. If there are
no known IPDATA providers associated with a CLIM with MULTIPROV ON, no names are
listed.
Example 71: STATUS CLIM, Detailed, Storage CLIM displays detailed status information for CLIM
S1002553:
Example 71 STATUS CLIM, Detailed, Storage CLIM
> STATUS CLIM $ZZCIP.S1002553, DETAIL
CIP Detailed Status CLIM \MYSYS.$ZZCIP.S1002553
264 SCF Reference for CIP
Mode......................
CLIM HW Connection Status.
State.....................
ConnPts...................
X1 Location...............
Y1 Location...............
X2 Location...............
Y2 Location...............
X1 Connection Status......
Y1 Connection Status......
X2 Connection Status......
Y2 Connection Status......
Trace Status..............
STORAGE
Connected
STARTED
2
Group 100
Group 100
Group 100
Group 100
Connected
Connected
Connected
Connected
OFF
,
,
,
,
Module
Module
Module
Module
2
3
2
3
,
,
,
,
Slot
Slot
Slot
Slot
5
7
5
7
,
,
,
,
Port
Port
Port
Port
5
5
5
5
,
,
,
,
Fiber
Fiber
Fiber
Fiber
3
3
4
4
Last Restart Time......... 02 Sep 2007, 12:40:55.000
CLIM Hostname............. S1002541
CIP SW Version............ T0853H01_01MAY2008_03MAR2008_
Network SW Version........ T0691H01_01MAY2008_AAA_CLIM
Storage SW Version........ TXXXXH06_19MAY2007_H06_YYYYYYY
Number of Socket Servers.. 1
Linux Version:
Linux version 2.6.18-6-clim-amd64 (Debian 2.6.18.dfsg.1-18hpdeetch
1hpde1.1) ([email protected]) (gcc version 4.1.2 20061115 (prerelease) (Debian
4.1.1-21)) #1 SMP PREEMPT Thu Feb 28 01:10:30 UTC 2008
Fabric Status:
CIPMON
Mgmt
ZCM00
XY-1
ZCM01
XY-2
ZCM02
XY-1
ZCM03
XY-2
Data
XY-1
XY-2
XY-1
XY-2
CLIM Maintenance Interface Status & IP Addresses:
lo
Sts:UP LkP:-IPv4: 127.0.0.1
IPv6: ::1
eth0
Sts:UP LkP:DOWN IPv4: 16.107.175.77
For field descriptions, see the STATUS CLIM Detailed display for the IP CLIM.
NOTE: The Fiber attribute might not be supported on your system. For more information, see the
planning guide for your system.
STATUS MON
The STATUS MON command displays the current status of the specified MON(s), in this system.
STATUS MON Command Syntax
STATUS MON $ZZCIP.ZCMnn [,DETAIL]
ZCMnn
Identifies the CIPMON process for which to display status. nn is a two-digit value in the range
00 through 15. A wildcard can specify multiple MONs in this system.
Example 72 displays the status of all CIP MONs in this system.
Example 72 STATUS MON Summary
> STATUS MON $ZZCIP.*
CIP Status MON \MYSYS.$ZZCIP.*
MON
ZCM00
ZCM01
ZCM02
ZCM03
ZCM05
ZCM06
ZCM07
Pid
-1, -1
-1, -1
-1, -1
3,26
5,26
6,26
7,26
Status
STOPPED
STOPPED
STOPPED
STARTED
STARTED
STOPPED
STARTED
Priority
-1
-1
-1
200
200
200
200
Trace
OFF
OFF
OFF
OFF
OFF
OFF
OFF
CIPMAN SCF Commands 265
Example 73 displays detailed status information for the MON named ZCM03:
Example 73 STATUS MON Detailed
> STATUS MON $ZZCIP.ZCM03, DETAIL
CIP Detailed Status MON \MYSYS.$ZZCIP.ZCM03
Heap Memory Limit........
Heap Memory Used.........
PID......................
Priority.................
QIO Pool Current.........
QIO Pool Limit...........
State....................
Trace Status.............
Trace Filename...........
Fabric Status:
CLIM
Mgmt
N1002532
XY-1
N1003741
XY-2
N1012542
X--1
Data
XY-1
XY-2
X--1
133615616
147832
( 3, 26)
200
729934
0
STARTED
OFF
Numdata
1
1
1
Fabric Status
Displays the connections to each known CLIM and the availability of the X and Y ServerNet
fabrics. The Mgmt column shows the management connection to CLIMAGT, the Data column
shows the data path connections to the CIPSSRV processes, and the Numdata column shows
the number of CIPSSRV processes. The possible values are:
--
CIPMON is up, but no connection is established.
X-
Connection is established; only the X fabric is available.
-Y
Connection is established; only the Y fabric is available.
XY
Connection is established; both the X and Y fabrics are available.
The number suffix (for example, -1) indicates the particular set of ServerNet fabrics being used
for the connection with the CLIM. For example, XY-1 indicates that a connection is established
on both fabrics using SvNet ID 1 (the ServerNet ID of the first set of ServerNet connections0.
STATUS PROCESS
The STATUS PROCESS command displays the current status of the CIPMAN process in this system.
STATUS PROCESS Command Syntax
STATUS PROCESS $ZZCIP [,DETAIL]
Example 74 displays the state of the CIPMAN process:
Example 74 STATUS PROCESS Summary
> STATUS PROCESS $ZZCIP
CIP Status PROCESS \MYSYS.$ZZCIP
Name
State
PPID
BPID
Priority
Trace
$ZZCIP
STARTED
( 0, 22)
( 1, 11)
200
OFF
Example 75 displays the detailed state of the CIPMAN process:
266 SCF Reference for CIP
Example 75 STATUS PROCESS Detailed
> STATUS PROCESS $ZZCIP, DETAIL
CIP Detailed Status PROCESS \MYSYS.$ZZCIP
Heap Memory Limit........
Heap Memory Used.........
PID Primary..............
PID Backup...............
Priority.................
QIO Pool Current.........
QIO Pool Limit...........
State....................
Trace Status.............
Trace Filename...........
133615616
69632
( 0, 22)
( 1, 11)
200
0
0
STARTED
OFF
STATUS PROVIDER
The STATUS PROVIDER command displays the status of the specified providers in this system.
STATUS PROVIDER Command Syntax
STATUS PROVIDER $ZZCIP.prov-name [,{DETAIL | ROUTE[,CPU cpu]}]
prov-name
Is the name of the provider for which to display status information. A wildcard can specify
multiple providers.
DETAIL
Specifies that the display is to include additional detailed status information about the provider.
ROUTE
Specifies that the display is to show Provider-routing information. This option is not valid for
the MAINTENANCE provider.
CPU cpu
Specifies the CPU for which to obtain Provider-routing information. The Default is to let CIPMAN
automatically select a CPU.
Example 76 displays the status of all known providers.
Example 76 STATUS PROVIDER Summary
> STATUS PROV $ZZCIP.*
CIP Status PROVIDER
Name
ZCSAM
PROV1
Status
STARTED
STARTED
TPStatus
Started
Invalid
Trace
OFF
(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15)
TPStatus
Shows the status of the transport-service provider process associated with the Provider. The
possible values are:
Started
The TP is running and is a CIPSAM process.
Invalid
A process with the specified TP name is running but the program name is not CIPSAM.
Stopped
No process with the specified TP name is running in the system.
Trace
Shows which processors that have started a trace on the Provider. OFF indicates that no
processor is tracing the Provider.
CIPMAN SCF Commands 267
Example 77 displays detailed status information for IPDATA PROVIDER ZTC0.
Example 77 STATUS PROVIDER Detail
-> STATUS PROV $ZZCIP.ZTC0, DETAIL
CIP Detailed Status PROVIDER \MYSYS.$ZZCIP.ZTC0
State....................
TPStatus.................
Type.....................
Family...................
Current Access...........
Trace Status.............
STARTED
Started
IPDATA
DUAL
( 0, 1, 2, 3 )
OFF
Interface Status & IP Addresses:
Name
Current
lo
N1002532.lo
N1003741.lo
N1002532.eth1
N1002532.eth1
N1002532.eth2
N1002532.eth2
N1002532.eth3
N1002532.eth3
N1002532.eth4
N1003741.eth3
N1003741.eth1
N1003741.eth1
N1003741.eth2
N1002532.eth2
N1003741.eth3
N1003741.eth3
N1003741.eth4
N1003741.eth4
Status LkP
Fovr Index
UP
--0x00000001
IPv4: 127.0.0.1
IPv6: ::1
UP
--0x00000001
IPv4: 127.0.0.2
UP
--0x00000001
IPv4: 127.0.1.2
UP
UP
HOME 0x00003002
IPv4: 172.17.190.101
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:24de
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:24de
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:24de
UP
UP
-0x00003004
IPv4: 172.17.190.102
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:24df
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:24df
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:24df
UP
UP
HOME 0x00003005
IPv4: 172.17.190.103
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:257e
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:257e
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:257e
UP
UP
BkFO 0x00003006
IPv4: 172.17.190.104
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:257f
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:257f
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:257f
UP
UP
HOME 0x00004003
IPv4: 172.17.190.81
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:42ec
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:42ec
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:42ec
UP
UP
BkOP 0x00004004
IPv4: 172.17.190.82
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:42ed
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:42ed
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:42ed
UP
UP
HOME 0x00004005
IPv4: 172.17.190.83
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:42ee
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:42ee
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:42ee
UP
DOWN HOME 0x00004006
IPv4: 172.17.190.84
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:42ef
IPv6: 3ffe:1200:0190:0001:0215:60ff:fe04:42ef
IPv6: fe80:0000:0000:0000:0215:60ff:fe04:42ef
Interfaces Failover Configuration and Status:
F
Home
Sts LkP
Failover/(Assoc)
N1002532.eth1
UP
UP
N1003741.eth1
N1002532.eth2
UP
UP
N1003721.eth3
(X) N1002532.eth3
UP
UP
N1002532.eth4
DOWN DOWN N1003741.eth3
N1003741.eth1
UP
UP
N1002532.eth1
268 SCF Reference for CIP
Sts
UP
--UP
UP
LkP
UP
--UP
UP
Current
N1002532.eth1
N1002532.eth1
N1002532.eth3
N1003741.eth3
N1003741.eth1
Fovr
HOME
-HOME
BkFO
HOME
N1003741.eth2
N1003741.eth3
(X) N1003741.eth4
DNOP DOWN
UP
UP
UP
UP
N1002532.eth2
N1002532.eth4
UP
UP
N1002532.eth2
DOWN DOWN N1003741.eth3
--N1003741.eth4
BkOP
HOME
HOME
Type
Shows the type of provider. An IPDATA provider provides TCP/IP access through data Ethernet
ports of one or more CLIMs associated with that IPDATA provider. A MAINTENANCE provider
provides TCP/IP access through the maintenance Ethernet interface of a specific CLIM using a
specific IP address.
Current Access
Shows the processors that have established access to the provider.
Trace Status
Shows the processors that are tracing the provider and each trace file name.
Family
Specifies the network mode of the provider. An INET family indicates the provider operates
only in IPv4 mode. A DUAL family indicates the provider operates in both IPv4 mode and IPv6
mode.
Interface Status & IP Addresses
Shows the data interfaces associated with the provider, giving:
Name
Is the interface name from socket application perspective (host interface name)
Current
Is the current location of the interface (which can be different in the case of failover). If
no failover is configured (HOME or —), Current is identical to the failover interface at
the time of the failover. For the special interface lo, this field is empty.
Status
Is the interface status.
• UP indicates the interface resource is active and usable
• DNOP indicates the interface is down due to operator command. It is not usable.
• DOWN indicates the interface is down due to a failure on the CLIM. It is not usable.
• -- indicates no CLIM in the STARTED state is associated with the interface.
LkP
Indicates the link pulse status:
• UP indicates the link is active and usable
• DOWN indicates the link is down and not usable
• -- indicates there is no link pulse status
Fovr
Is the failover status of the interface.
• -- indicates no failover is configured
• HOME indicates the provider is running on the home interface
• BkFO indicates the provider is running on the failover interface due to a failure
• BkOP indicates the provider is running on the failover interface due to an operator
request
• BkUN indicates the provider is running on the failover interface after a CIPMAN
restart
Index
Interface index value within the associated IPDATA Provider
IP address
IP address family and actual IP addresses associated with the interface. Each IP address
(there can be multiple) is shown on a separate line.
CIPMAN SCF Commands 269
Interface Failover Configuration and Status
Shows the failover configuration and status for each data interfaces associated with the provider
that has been configured to support failover, showing:
F
Indicates special condition of interface:
• T indicates a manually configured IPv6-over-IPv4 tunnel interface
• X indicates the interface whose failover configuration is invalid
Home
Indicates the home interface name
Failover/(Assoc)
Indicates the failover-interface name or the name of the associate interface for a tunnel
interface. (The associate interface is shown in parentheses.)
Current
Indicates the current location (which can be different in the case of a failover). If no
failover has occurred, that is, if this is the home interface, then this value is identical
to the interface name. If a failover has occurred, then this value is identical to the
failover interface (at the time of failover).
Fovr
Is the failover status of the interface.
• — indicates no failover is configured
• HOME indicates the provider is running on the home interface
• BkFO indicates the provider is running on the failover interface due to a failure
• BkOP indicates the provider is running on the failover interface due to an operator
request
• BkUN indicates the provider is running on the failover interface after a CIPMAN
restart
For the home interface and the failover interface, these additional values are possible:
Sts
Interface status
• -- Indicates the CLIM associated with the interface is not in the STARTED state
• UP indicates the interface resources are active and usable
• RDY indicates the interface is usable but resources are not active
• DNOP indicates the interface is down due to an operator command, and is not usable
• DOWN indicates the interface is down due to a failure on the CLIM, and is not usable
LkP
Indicates the link pulse status (UP, DOWN, or, if there is no link-pulse status, —)
Example 78 shows the detailed status of the MAINTENANCE PROVIDER ZTCP0.
Example 78 STATUS Maintenance PROVIDER Detail
> STATUS PROVIDER $ZZCIP.ZTCP0, DETAIL
CIP Detailed Status PROVIDER \MYSYS.$ZZCIP.ZTCP0
State.................... STARTED
TPStatus................. Started
Type..................... MAINTENANCE
CLIM..................... N1003741
Current Access........... ( 0, 1, 2, 3 )
Trace Status:
CPU Filename
0
\MYSYS.$DATA.TEST1.TRCPRV
Interface Status & IP Address:
Name
Status LkP IP Address
N1003741.eth0:0
UP
UP
16.107.186.106
270 SCF Reference for CIP
CLIM
Shows the name of the CLIM associated with the MAINTENANCE provider. This attribute is
applicable only to provider with TYPE MAINTENANCE.
Interface Status & IP Address
Shows the maintenance Provider interface associated with the provider, giving the name,
interface status (UP, DNOP (down due to operator command, or DOWN), link pulse status,
and IP address associated with the interface.
NOTE:
This attribute is not shown unless the provider is in the STARTED state.
Example 79: STATUS PROVIDER Route displays status of a provider route:
Example 79 STATUS PROVIDER Route
> STATUS PROVIDER $ZZCIP.ZTC0, ROUTE, CPU 0
CIP Detailed Status PROVIDER \MYSYS.$ZZCIP.ZTC0
Provider State.................. STARTED
Provider Routing Status (CPU 0):
Destination/Prefix Length
IPv4: 16.150.0.0/8
IPv4: default
IPv6: 3ffe:1200:0190:0002:0215:60ff:fe04:42ec/128
IPv6: default
Type
G
S
CLIM
ROUTE
Pri
N1002532
N1002532
ROUTE1
50
N1002532
N1002532
ROUTE1
50
Provider State
Indicates the PROVIDER object state, either STOPPED, STARTING, or STARTED.
CPU
Indicates the processor where provider routing information is obtained.
Destination/Prefix Length
Is the address family, IP address of the remote host or network that can be reachable via the
CLIM specified in the CLIM field, and the number of bits in the prefix or subnet mask. The
keyword default is shown for default routes (IP address and prefix length zero).
Type
Indicates the state, type, and origin of the route:
G
The destination is a gateway, not on the local subnetwork
H
The route is for a specific host, not a network
S
The route was manually added
CLIM
Is the CLIM through which the remote host or network specified in the DESTINATION field is
to be reached.
ROUTE
Is the name of the ROUTE object subordinated to the specified PROVIDER object that is
associated with the default route of the specified CLIM. This field is only shown for default
routes that have associated ROUTE object.
Pri
Is the priority of the ROUTE object subordinated to the specified PROVIDER object that is
associated with the default route of the specified CLIM. This field is only shown for default
routes that have associated ROUTE object.
CIPMAN SCF Commands
271
STATUS PROVIDER Guidelines
The STATUS PROVIDER ROUTE command is rejected if the PROVIDER object is of TYPE
MAINTENANCE.
STOP Commands
STOP is a sensitive command that halts the operation of the specified object. If existing sockets
are using the object, the command fails. The object is left in the STOPPED state if the command
succeeds.
STOP CLIM
The STOP CLIM command stops operations on the specified CLIM, provided that the system has
no existing sockets using the CLIM. If the associated PROVIDER object is in the STARTED state, the
provider goes to the STARTING state.
STOP CLIM Command Syntax
STOP CLIM $ZZCIP.clim-name
clim-name
Is the name of the CLIM to be stopped. A wildcard can specify a set of CLIMs.
Example 80: STOP CLIM stops the CLIM N1003741:
Example 80 STOP CLIM
> STOP CLIM $ZZCIP.N1003741
STOP MON
The STOP MON command terminates the specified CIPMON process on this system, provided
that there are no open sockets in its processor. If the process has been configured as persistent
(AUTORESTART not equal to 1 in the command defining CIPMON as a generic process), the
persistence manager restarts it. This command can be used for online replacement of the CIPMON
and CIP Library modules.
STOP MON Command Syntax
STOP MON $ZZCIP.ZCMnn
ZCMnn
Identifies the CIPMON process to be stopped. nn is a two-digit value in the range 00 through
15. A wildcard can specify a set of MONs in this system.
Example 81: STOP MON stops the MON ZCM03:
Example 81 STOP MON
> STOP MON $ZZCIP.ZCM03
STOP PROCESS
The STOP PROCESS command stops the operation of the CIPMAN process, provided that doing
so would affect no open sockets. This can only occur if there are no active CIPMON processes
running or all existing CLIM and PROVIDER objects are in the STOPPED state. Subordinate objects
states are not affected unless SUB ALL or SUB ONLY is specified. If the process has been configured
as persistent (AUTORESTART not equal to 1 in the command defining CIPMON as a generic
process), the persistence manager restarts it.
STOP PROCESS Command Syntax
STOP PROCESS $ZZCIP [,SUB [ ONLY | ALL | NONE ] ]
272 SCF Reference for CIP
SUB
Determines the set of objects and subordinate objects that the command targets:
•
ONLY specifies that only subordinate objects are targets of the command.
•
ALL specifies that the named object and the subordinate objects are targets of the command.
This is the default used if the SUB keyword is used but no option is selected.
•
NONE specifies that none of the subordinate objects are targets of the command. This is
the default selected if the SUB keyword is not used.
Example 82 stops the CIP subsystem on this system.
Example 82 STOP PROCESS
> STOP PROCESS $ZZCIP, SUB ALL
STOP PROCESS Guidelines
MON objects are not affected by STOP PROCESS even when the SUB ALL or SUB ONLY option
is specified.
STOP PROVIDER
The STOP PROVIDER command terminates operations on a provider, provided that the system has
no existing sockets using the provider.
STOP PROVIDER Command Syntax
STOP PROVIDER $ZZCIP.prov-name
prov-name
Is the name of the provider to stop. A wildcard can specify a set of providers.
Example 83 stops the PROVIDER ZTC1.
Example 83 STOP PROVIDER
> STOP PROVIDER $ZZCIP.ZTC1
STOP PROVIDER Guidelines
HP recommends a 15–second delay between issuing a STOP PROVIDER command and issuing a
DELETE PROVIDER command. This delay is especially recommended for the MAINTENANCE
PROVIDER.
SWITCH CLIM
The SWITCH CLIM command initiates a manual CLIM-to-CLIM failover operation. It can specify
either a single interface or all the interfaces on a CLIM. The type of operation is given as a parameter
and can be:
FAILOVER
Migrate all the resources using the specified interface(s) to the alternate interface of their configured
failover pair(s). Both home and visiting resources could be moved.
RESTORE
Migrate the home resources of the specified interface(s) back to their home interface(s), reversing the
actions of a previous automatic failover. Resources already on their home interface are not moved.
CIPMAN SCF Commands 273
NOTE: Do not use the SWITCH command to fail over interfaces you plan to delete. The interface
remains in the UP state when you use the SWITCH command. Before deleting an interface, use
ifstop. The ifstop command deactivates the interface, preventing autoconfigured IPv6 addresses
and link local addresses from being created in the interim.
NOTE: The storage subsystem ($ZZSTO) also supports a SWITCH CLIM command. For syntax
and display examples, see the SCF Reference Manual for the Storage Subsystem.
SWITCH CLIM Command Syntax
SWITCH CLIM $ZZCIP.clim-name
{,FAILOVER | ,RESTORE }
{ [,INTF intf-name] | [, PROVIDER prov-name ] }
[,FORCED]
clim-name
Is the name of the CLIM containing the interface(s) upon which to perform failover. Wildcard
characters are not allowed.
FAILOVER
Moves all resources off the specified interface(s) to the alternate failover location(s).
RESTORE
Moves the home resources of the specified interface(s) back to the home interface(s).
INTF intf-name
Specifies the name of a single interface for the failover operation. The CLIM name part of the
interface name must not be specified. Wildcard characters are not allowed. If this option and
the PROVIDER option are omitted, then all interfaces on the CLIM are specified.
PROVIDER prov-name
Specifies the name of a single IPDATA provider for the failover operation. All interfaces
associated with the specified IPDATA provider on that CLIM are affected by this failover
operation. Wildcard characters are not allowed. If this option and the INTF option are omitted,
all interfaces on the CLIM are specified.
FORCED
Indicates that no warning should be issued and confirmation is assumed.
Example 84 migrates all interface resources off of N1002532 to prepare for maintenance.
Example 84 SWITCH CLIM
> SWITCH CLIM $ZZCIP.N1002532,FAILOVER
Open connections still exist, okay to continue? Y
Example 85 manually restores interface clim2.eth3 back to N1003741.
Example 85 SWITCH CLIM RESTORE
> SWITCH CLIM $ZZCIP.N1003741,RESTORE, INTF ETH3
Open connections still exist, okay to continue? Y
SWITCH CLIM Guidelines
•
•
274
For each specified interface, the interface must be up, a failover interface must be defined
and valid, the destination CLIM must be in the STARTED state, and the destination interface
must be up. No error is generated for interface resources that have already been migrated,
but an error is given if interface resources cannot be migrated.
Before migrating interface resources, each destination CLIM checks whether the migrating
addresses already exist on the IP network. If any do, CIP issues an error and does not switch
the interface. This behavior helps synchronize IP-address migration between the CLIMs involved.
SCF Reference for CIP
It does not affect other interfaces that are migrating at the same time. The SWITCH command
does not complete until the outcome of the failover is known. If the duplicate-address check
and resource migration may take some time, there could be a delay before SCF issues the
next command prompt.
•
Failover migrates nearly all interface resources, but not TCP or SCTP connections. If a TCP or
SCTP connection would be lost during a manual failover, SCF issues a warning and the
operator must confirm that execution is desired, unless the FORCED option is specified.
TRACE Commands
TRACE is a sensitive command that controls trace-data collection for the specified object in a
NonStop system. Trace data is saved in a disk file. You can later read the file by using the Ptrace
utility, which is described in the PTrace Reference Manual.
NOTE: When logging the trace records to a file using the "log" command, PTrace abends if the
log file exceeds 99,999 lines because a file on the NonStop host system can support a maximum
of 99,999 lines only.
All TRACE commands accept these options:
TRACE Command Syntax
{,STOP |,TO file-spec
[,{BULKIO|NOBULKIO}]
[,COUNT count]
[,LOCKSIZE locksize]
[,NOCOLL]
[,PAGES pages
[,RECSIZE size]
[,SELECT {select-option|select-option ...}][,WRAP]}
STOP
Ends the trace currently in progress. A TRACE command must include either the STOP option
or the TO option.
TO file-spec
Starts the trace collection and specifies the name of the file in which to store the results of the
trace. A TRACE command must include either the STOP option or the TO option.
BULKIO | NOBULKIO
Designates whether TRACE should use bulk I/O for tracing. Bulk I/O is faster than conventional
I/O, reducing the number of missing frame errors reported by PTrace, but only one user can
access the file at a time. The default value is BULKIO. BULKIO cannot be used with the NOCOLL
option.
COUNT count
Specifies the number of trace records to be captured. The count is an integer in the range -1
through 32767. If it is omitted or equals -1, records are accumulated until the trace is stopped
with the STOP option.
LOCKSIZE locksize
Designates how much memory space, in units of pages, is locked down at one time. The value
must be less than or equal to the value of PAGES. The default value is the lesser of PAGES and
64 pages.
NOCOLL
Indicates that the trace collector process should not be initiated. The disk file is to be written
to by Guardian. The attributes WRAP and NOCOLL cannot be specified together.
PAGES pages
Designates how much space, in pages, is allocated in the extended data segment used for
tracing. Valid range is from 4 to 1024 pages. The default value is 64 pages.
CIPMAN SCF Commands 275
RECSIZE size
Specifies the length, in bytes, of the data in the trace data records. The size is an integer from
16 to 4050 bytes. The default value is 120 bytes.
SELECT { select-option | ( select-option , ... ) }
Selects the operations to be traced. Valid select options are described with each command.
WRAP
Specifies that when the trace disk file end-of-file (EOF) mark is reached, trace data wraps
around to the beginning of the file and overwrites any data there.
TRACE CLIM
The TRACE CLIM command starts or stops tracing of CIP Library operations for the specified CLIM
on the processor specified in the CPU modifier. Each CLIM can have no more than one trace active
at a time on each processor, but multiple CLIM/processor combinations can be tracing
simultaneously to different trace files.
This command does not control tracing on the CLIM itself, but rather tracing of operations on the
NonStop system for a particular CLIM. To trace on the CLIM, use CLIM software commands.
TRACE CLIM Command Syntax
TRACE CLIM $ZZCIP.clim-name
{,STOP |,TO file-spec
[,{BULKIO|NOBULKIO}]
[,COUNT count]
[,LOCKSIZE locksize]
[,NOCOLL]
[,PAGES pages
[,RECSIZE size]
[,SELECT {select-option|select-option ...}][,WRAP]}
clim-name
Identifies the CLIM whose operations are to be traced.
CPU cpu
Optional with STOP and identifies the processor on which to stop tracing. If this option is not
specified, all processors stop tracing the CLIM. CPU is required with the TO option and identifies
the processor on which to start tracing the CLIM.
SELECT { select-opt | ( select-opt , … ) }
Selects the operations to be traced. Valid select options are:
ALL
-1
Trace all operations
CALLIN
0
Trace calls in from external components to this CLIM
CALLOUT
1
Trace calls out to external components from this CLIM
CALLLOCAL
2
Trace local calls for the CLIM in the CIP library
PING
3
Trace ping-related actions for this CLIM
SMACH
4
Trace CIP library state machine operations for this CLIM
ITAPIINTR
5
Trace IT-API interrupt events
ITAPIXFER
6
Trace IT-API events
CMOMSG
7
Trace messages between CIPMON and the CIP library for this CLIM
ERROR
8
Trace CIP library errors for CLIM
Example 86 starts a trace of operations in processor 1 for N1003741 to file
$DATA00.TRC1003741.CPU1.
276 SCF Reference for CIP
Example 86 TRACE CLIM
> TRACE CLIM $ZZCIP.N1003741, TO $DATA00.TRC1003741.CPU1, CPU 1, RECSIZE 4050
TRACE MON
The TRACE MON command starts or stops tracing of CIPMON operations on a specific processor.
Each processor can have at most one trace command active at a time, but multiple processors can
be tracing simultaneously to different trace files.
TRACE MON Command Syntax
TRACE MON $ZZIP.ZCMnn
{,STOP | ,TO file-spec
[,{BULKIO|NOBULKIO}]
[,COUNT count]
[,LOCKSIZE locksize]
[,NOCOLL]
[,PAGES pages
[,RECSIZE size]
[,SELECT {select-option |select-option ...}][,WRAP]}
ZCMnn
Identifies the CIPMON process to trace. nn is a two-digit value in the range 00 through 15.
SELECT { select-opt | ( select-opt , ... ) }
Selects the operations to be traced. Valid select options are:
ALL
-1
All other options
EVT
0
CIPMON events
INTMSG
1
CIPMON internal messages
MEMORY
2
CIPMON internal memory resource mgmt
MSG
3
CIPMON messages
QUEUE
4
CIPMON internal queue operations
REQ
5
CIPSREQ operations
SMACH
6
CIPMON state machines operations
TIMER
7
CIPMON timer activities
USEFUL
8
A combination of the most useful keywords above (default)
Example 87 starts a trace of memory allocation and other significant operations in ZCM02 to file
TRACE1.
Example 87 TRACE MON
> TRACE MON $ZZCIP.ZCM02, TO TRACE1, SELECT (USEFUL,MEMORY), RECSIZE 4050
TRACE PROCESS
The TRACE PROCESS command starts or stops tracing of CIPMAN operations. Only one trace
command can be active at a time.
NOTE:
Set the record size for TRACE PROCESS to 200.
TRACE PROCESS Command Syntax
TRACE PROCESS $ZZCIP.ZCM
{,STOP | ,BACKUP
[,{BULKIO|NOBULKIO}]
CIPMAN SCF Commands 277
[,COUNT count]
[,LOCKSIZE locksize]
[,NOCOLL]
[,PAGES pages
[,RECSIZE size]
[,SELECT {select-option|select-option ...}][,WRAP]}
BACKUP
Specifies that the current backup CIPMAN process is to be traced. The default is to trace the
primary process. The same process continues to be traced if its primary/backup status changes
later.
SELECT { select-opt | ( select-opt , … ) }
Selects the operations to be traced. Valid select options are:
ALL
-1
All options listed below
PROCESS
0
CIPMAN process management/operation
OBJECT
1
CIP subsystem objects management
CLIM
2
CLIM connection management
QIO
3
QIO memory and messages operations
SPI
4
SPI requests processing
HWACCESS
5
CLIM hardware access management
CONFIG
6
Configuration Database operations
DEBUG
7
Miscellaneous operations (Trace, EMS, Exception)
Example 88 starts a trace of CIPMAN to file TRACE2.
Example 88 TRACE PROCESS
> TRACE PROCESS $ZZCIP, TO TRACE2, RECSIZE 4050
TRACE PROVIDER
The TRACE PROVIDER command starts or stops tracing of CIP Library operations for the specified
PROVIDER on the processor given in the CPU attribute. Only one provider can have the trace active
on a processor at a time and a provider can be traced on all or a set of processors at a time to
separate trace files. Different providers can be traced on different processors simultaneously.
Each provider can have no more than one trace active at a time on each processor, but multiple
provider/processor combinations can be tracing simultaneously to different trace files.
NOTE:
Set the record size for TRACE PROVIDER to 300.
TRACE PROVIDER Command Syntax
TRACE PROVIDER $ZZIP.ZCM.prov-name
{,STOP [,CPU cpu]|,TO file-spec
[,{BULKIO | NOBULKIO}]
[,COUNT count]
[,LOCKSIZE locksize]
[,NOCOLL]
[,PAGES pages
[,RECSIZE size]
[,SELECT {select-option|select-option ...}][,WRAP]}
prov-name
Identifies the provider to trace.
278 SCF Reference for CIP
CPU cpu
Optional with STOP and identifies the processor on which to stop tracing. If this option is not
specified, all processors stop tracing the provider. CPU is required with the TO option and
identifies the processor on which to start tracing the provider.
SELECT { select-opt | ( select-opt , ... ) }
Selects the operations to be traced. Valid select options are:
ALL
-1
All available options
EVT
0
PROVIDER events
REQIN
1
PROVIDER input requests
REQOUT
2
PROVIDER output requests
LOGIC
3
Provider logic events
DATIN
4
Provider incoming data
DATOUT
5
Provider outgoing data
This command starts a trace of PROVIDER ZTC1 on processor 0 to file $DATA00.TRZTC1.CPU0.
Example 89 TRACE PROVIDER
> TRACE PROVIDER $ZZCIP.ZTC1, TO $DATA00.TRZTC1.CPU0, CPU 0, RECSIZE 4050
VERSION Commands
VERSION is a non-sensitive command that displays version information about the CIP subsystem
components. Some version commands recognize the DETAIL option, which provides additional
information.
VERSION
The VERSION command with no object type is identical to the “VERSION PROCESS”. You must
specify the MAN process name.
VERSION Command Syntax
VERSION $ZZCIP
VERSION CLIM
The VERSION CLIM command displays the version numbers of software components running on
the specified CLIM. The version of components provided CIP is followed by the CLIM software
version.
VERSION CLIM Command Syntax
VERSION CLIM $ZZCIP.clim-name [,DETAIL]
clim-name
Identifies the CLIM for which to display version information. A wildcard can specify multiple
CLIMs.
DETAIL
Specifies that the display is to include additional version information.
Example 90 displays the version of N1012542
Example 90 VERSION CLIM Summary, IP
> VERSION CLIM $ZZCIP.N1012542
VERSION CLIM \MYHOST.$ZZCIP.N1012542: T0853H01_01NOV2008_03SEP2008
CIP SW: T0853H01_01NOV2008_24SEP2008_AAB
CIPMAN SCF Commands 279
NETWORK: T0691H01_01NOV2008_AAF_CLIM
STORAGE: T0830H01_01NOV2007_24SEP2008_
SYSTEM: Linux version 2.6.18-6-clim-amd64 (Debian 2.6.18.dfsg.1-18hpdeetch
1hpde1.1) ([email protected]) (gcc version 4.1.2 20061115 (prerelease) (Debian
4.1.1-21)) #1 SMP PREEMPT Thu Feb 28 01:10:30 UTC 2008
CIP SW
Shows the version of CIP subsystem software running on the CLIM.
NETWORK
Shows the version of networking software running on the CLIM.
STORAGE
Shows the version of storage software running on the CLIM.
SYSTEM
Shows the version of system software running on the CLIM.
Example 91: VERSION CLIM Detailed, IP displays the version for CLIM N1002532:
Example 91 VERSION CLIM Detailed, IP
> VERSION CLIM $ZZCIP.N1002532, DETAIL
Detailed VERSION CLIM \MYHOST.$ZZCIP.N1002532
SYSTEM \MYHOST
T0853H01_01NOV2008_24SEP2008
GUARDIAN – T9060 – (Q06)
SCF KERNEL – T9082H01 – (04DEC06) (15NOV06)
CIP PM – T0695H01 – (01AUG2008) (H01 SCF AAB)
CIP SW: T0853H01_01NOV2008_24SEP2008_AAB
NETWORK: T0691H01_01NOV2008_AAF_CLIM
STORAGE: T0830H01_01NOV2008_24SEP2008_
SYSTEM: Linux version 2.6.18-6-clim-amd64 (Debian 2.6.18.dfsg.1-18hpdeetch
1hpde1.1) ([email protected]) (gcc version 4.1.2 20061115 (prerelease) (Debian
4.1.1-21)) #1 SMP PREEMPT Thu Feb 28 01:10:30 UTC 2008
VERSION MON
The VERSION MON command displays the version number of the specified CIPMON process.
VERSION MON Command Syntax
VERSION MON $ZZCIP.ZCMnn [,DETAIL]
ZCMnn
Identifies the CIPMON process for which to display version information. nn is a value in the
range 00 through 15. A wildcard can specify multiple CIPMONs.
DETAIL
Causes the command to display additional information, as shown in the second example.
Example 92 displays the versions of all CIPMONs on this system:
Example 92 VERSION MON Summary
> VERSION MON $ZZCIP.*
Version MON \MYSYS.$ZZCIP.ZCM00:
Version MON \MYSYS.$ZZCIP.ZCM01:
Version MON \MYSYS.$ZZCIP.ZCM02:
Version MON \MYSYS.$ZZCIP.ZCM03:
Version MON \MYSYS.$ZZCIP.ZCM04:
Version MON \MYSYS.$ZZCIP.ZCM05:
Version MON \MYSYS.$ZZCIP.ZCM07:
CIPMonitor
CIPMonitor
CIPMonitor
CIPMonitor
CIPMonitor
CIPMonitor
CIPMonitor
-
T0694H01_01AUG08_AAB_MON_Q41
T0694H01_01AUG08_AAB_MON_Q41
T0694H01_01AUG08_AAB_MON_Q41
T0694H01_01AUG08_AAB_MON_Q41
T0694H01_01AUG08_AAB_MON_Q41
T0694H01_01AUG08_AAB_MON_Q41
T0694H01_01AUG08_AAB_MON_Q41
Example 93: VERSION MON Detailed shows MON detailed version information for CIPMON on
processor 3:
280 SCF Reference for CIP
Example 93 VERSION MON Detailed
> VERSION MON $ZZCIP.ZCM03, DETAIL
Version PROCESS \MYSYS.$ZZCIP.ZCM03
CIPMonitor - T0694H01_01AUG2008_AAB_MON_Q41
GUARDIAN - T9050 - {T06)
SCF KERNEL - T9082H01 - (04DEC06) )15NOV06)
CIP PM - T0695H01 - (05AUG2008) (H01 SCF AAB)
VERSION PROCESS
The VERSION PROCESS command displays the version number of the CIPMAN process.
VERSION PROCESS Command Syntax
VERSION PROCESS $ZZCIP [,DETAIL]
Example 94 displays the version of CIPMAN.
Example 94 VERSION PROCESS
> VERSION PROCESS $ZZCIP
T0690H01_01AUG08_AAB_MAN_Q38
CIPSAM SCF Commands
The SCF commands for CIPSAM support the PROCESS and SUBNET objects and require the name
of a CIPSAM process running on this system. The SUBNET object refers to a home CLIM interface
as seen from the NonStop host system. SUBNET object names are generated by CIPSAM and
consist of “#SN” followed by a four-digit number. They are assigned to interfaces when the interfaces
are first reported and do not change as long as the CIP subsystem continues running. The INFO
SUBNET command displays the CLIM and interface name referenced by a SUBNET object.
Table 25 lists the SCF commands and object types supported by the CIPSAM process. The page
number of the command description follows the command name.
ABORT Command, CIPSAM
The only supported ABORT command for CIPSAM is ABORT PROCESS.
ABORT PROCESS
The ABORT PROCESS command for CIPSAM stops and deletes the CIPSAM process immediately,
without regard for open sockets. Open sockets using the CIPSAM process are not affected, but no
new sockets can be created.
ABORT PROCESS Command Syntax
ABORT PROCESS $cipsam-name
cipsam-name
Is the name of the CIPSAM process to abort.
Example 95 displays the command to abort the CIPSAM process named $ZTC1.
Example 95 ABORT PROCESS
> ABORT PROCESS $ZTC1
INFO Commands, CIPSAM
The INFO PROCESS and INFO SUBNET commands are supported for the CIPSAM process.
CIPSAM SCF Commands
281
INFO PROCESS
The INFO PROCESS command displays attributes of the CIPSAM process. For compatibility with
the SAM process of TCP/IPv6, attributes that do not apply to CIP are displayed with zero (0) values.
INFO PROCESS Command Syntax
INFO PROCESS $cipsam-name [,DETAIL]
cipsam-name
Is the name of the CIPSAM process for which to display information.
DETAIL
Specifies that the display is to include additional detailed information about the object.
Example 96 displays summary information for the CIPSAM process named $ZTC1.
Example 96 INFO PROCESS (CIPSAM) Summary
> INFO PROCESS $ZTC1
CIP Info PROCESS \MYSYS.$ZTC1
*TCPSendSpace
0
*TCPReceiveSpace *UDPSendSpace *UDPReceiveSpace
0
0
0
Example 96 displays detailed information for the CIPSAM process named $ZTC1:
Example 97 INFO PROCESS (CIPSAM) Detailed
> INFO PROCESS $ZTC1, DETAIL
CIP Detailed Info PROCESS \MYSYS.$ZTC1
*TCP Send Space.........
*UDP Send Space.........
*Delay Ack Time.........
*Keep Alive Idle........
*Keep Alive Interval....
*Host ID ...............
*Host Name .............
Program Filename ......
*Debug..................
*Full Dump..............
*All Nets Are Local.....
*TCP Compat 42..........
*EXPAND Security........
*TCP Path MTU...........
*TCP Time Wait..........
Trace Status...........
Trace Filename ........
*ARP Timer Refreshed ...
*RFC1323 Enable ........
*TCP Init Rexmit Timeout
*TCP Min Rexmit Timeout.
*TCP Listen Queue Min...
*Initial TTL............
0
*TCP Receive Space...... 0
0
*UDP Receive Space...... 0
0
*Delay Ack.............. OFF
0
*Keep Alive Retry Cnt... 0
0
QIO Limit..............
0%
0.0.0.0
See "SCF->HELP CIP info process" to view values.
\MYSYS.SYSTEM.SYS00.CIPSAM
OFF
OFF
OFF
OFF
OFF
OFF
0
OFF
ON
OFF
0
0
0
0
ms
ms
The only attributes with real values are:
Program Filename
Is the name of the file that is being executed for this CIPSAM process.
Trace Status
ON when the process is being traced using SCF.
282 SCF Reference for CIP
Trace Filename
Is the name of the current trace file.
Trace Status
ON when the process is being traced using SCF.
Trace Filename
Is the name of the current trace file.
ARPTIMER-REFRESHED
Always ON in the CIP environment. This attribute causes TCP to restart the ARP timer every
time the ARP table entry is referenced when transmitting an IP packet.
Some of the other attributes are no longer viewable with the CIP info process command but can
be checked by issuing a sysctl command. Some attributes are not applicable in CIP and some are
still applicable and available through the INFO PROCESS CIPSAM command.
TCP Send Space
tacl> CLIMCMD clim-name sysctl net.ipv4.tcp_wmem. Is the space reserved for
send operations for the TCP protocol.
TCP Receive Space
tacl> CLIMCMD clim-name sysctl net.ipv4.tcp_rmem. Is the space reserved for
receive operations for the TCP protocol.
UDP Send Space
tacl> CLIMCMD clim-name sysctl net.core.wmem_max or tacl> CLIMCMD
clim-name sysctl net.core.wmem_default. Is the space reserved for send operations
for the UDP protocol.
UDP Receive Space
tacl> CLIMCMD clim-name sysctl net.ipv4.tcp_rmem or tacl> CLIMCMD
clim-name sysctl net.core.rmem_default. Is the space reserved for send operations
for the UDP protocol.
Delay Ack
Is a switch indicating if TCP is delaying acknowledgments. This attribute no longer applies in
the CIP environment.
Delay Ack Time
Is the amount of time in 10 ms intervals that the acknowledgments are delayed. This attribute
no longer applies in the CIP environment.
Keep Alive Idle
tacl> CLIMCMD clim-name sysctl net.ipv4.tcp_keepalive_time. Is the amount
of time in seconds before TCP issues a keep-alive packet on sockets that have enabled this
option. See also “TCP/IP Attributes in CIP” (page 193).
Keep Alive Retry Cnt
tacl> CLIMCMD clim-name sysctl net.ipv4.tcp_keepalive_probes. Is the number
of times a keep-alive packet is sent without receiving an acknowledgment after which the TCP
connection is dropped.
Keep Alive Interval
tacl> CLIMCMD clim-name sysctl net.ipv4.tcp_keepalive_intvl. Is the time
interval in seconds between retransmissions of unacknowledged keep-alive packets. See also
“TCP/IP Attributes in CIP” (page 193).
QIO Limit
scf> STATUS MON $ZZCIP.ZCMnn, detail. Is a percentage between 0 and 100,
representing the amount of queued I/O or shared memory allowed to this process.
CIPSAM SCF Commands 283
Host Id
scf> INFO Provider $ZZCIP.provider-name, DETAIL. Is the ID (usually the host
number part of the Internet address that is assigned to this host). It is a 32-bit number.
Host Name
scf> INFO Provider $ZZCIP.provider-name , DETAIL. Is the official name by
which the host upon which the TCP/IP process is running is known in the Internet. This is a
character string no longer than 50 characters.
Debug
No longer applies in the CIP environment.
Full Dump
No longer required for the CIPSAM process as there is a dump function on the CLIM.
ALLNETSARELOCAL
No longer applies in the CIP environment. ALLNETSARELOCAL set to ON causes TCP to use
the interface MTU as a base for the determination of the TCP Maximum Segment Size (MSS)
for each non-local TCP connection. A non-local TCP connection is one that goes to another
network (not just another subnetwork). The default is ON. If this switch is OFF, TCP conforms
to RFC-specified behavior and uses 512 bytes as the default MSS for non-local segments. When
ON, for example for Ethernet, the non-local MSS is 1460. This can be a large benefit to
performance.
TCPCOMPAT42
No longer applies in the CIP environment. TCPCOMPAT42 was the flag used to set the TCP/IP
process compatible with BSD4.2 versions. See “TCPCOMPAT42” (page 202) for more information
about this feature.
EXPANDSECURITY
No longer applies in the CIP environment. EXPANDSECURITY set to ON caused TCP to check
if a SOCKET request from another NonStop Expand node has passed the Expand security
check.
TCPPATHMTU
tacl> CLIMCMD clim-name sysctl net.ipv4.ip_no_pmtu_disc . If set to ON,
causes TCP to use PATH MTU discovery on all TCP type sockets (SOCK_STREAM), unless
disabled by the SETSOCKOPT for SO_PMTU. The default for this option is OFF. See also
“TCP/IP Attributes in CIP” (page 193).
RFC1323-ENABLE
tacl> CLIMCMD clim-name sysctl net.ipv4.tcp_window_scaling . If set to ON,
causes TCP to support TCP Large Windows as documented in RFC 1323. When this option is
enabled, the TCP/IP process uses the TCP Window Scale and Timestamp options as described
in RFC 1323. The largest TCP window supported is 262144 bytes when this option is enabled,
and 65535 when the option is disabled. The default for this option is ON.
TCP-INIT-REXMIT-TIMEOUT
Not supported in the CIP environment. TCP-INIT-REXMIT-TIMEOUT was the initial retransmit
timer value in milliseconds to use on a TCP connection.
TCP-MIN-REXMIT-TIMEOUT
Not supported in the CIP environment. TCP-MIN-REXMIT-TIMEOUT was the minimum value
allowed for the TCP retransmission timeout.
TCP-LISTEN-QUE-MIN
scf> INFO Provider $ZZCIP.provider-name, DETAIL. Is the minimum queue length
that is set on a TCP socket when the TCP/IP process handles a socket LISTEN or ACCEPT_NW1
function call. This value is used if the queue length specified in the socket request is lower,
284 SCF Reference for CIP
otherwise the queue length in the socket request is used. The default value is 5. The range is
1 to 1024.
INITIAL-TTL
tacl> CLIMCMD clim-name sysctl net.ipv4.ip_default_ttl. Specifies the initial
value for UDP and TCP TTL.
INFO SUBNET
The INFO SUBNET command displays attributes of the CLIM interfaces belonging to a CIPSAM
provider in a format compatible with previous NonStop TCP/IP products. Only IPv4 addresses are
shown. Some field names in the header are tagged with an asterisk even though they are not
alterable.
INFO SUBNET Command Syntax
INFO SUBNET $cipsam-name.subnet-name [,DETAIL]
cipsam-name
Is the CIPSAM process containing the SUBNET to display.
subnet-name
Is the internally-generated SUBNET name for the CLIM interface to display. A wildcard can
specify a set of SUBNETs.
DETAIL
Specifies that the display is to include additional detailed status information about the SUBNET.
Example 98 shows info for all interfaces in the Provider associated with $ZTC02.
Example 98 INFO SUBNET (CIPSAM)
-> INFO SUBNET $ZTC02.*
CIP Info SUBNET \MYSYS.$ZTC02.*
Name
#SN0001
#SN0001
#SN0002
#SN0003
#SN0004
#SN0005
#SN0001
#SN0007
#SN0008
Devicename
LO
N1002532.lo
N1002532.ETH1
N1002532.ETH2
N1002532.ETH3
N1002532.ETH4
N1003741.lo
N1003741.BOND0
N1003741.BOND1
*ADDRESS
127.0.0.1
127.0.0.2
172.17.190.101
172.17.190.102
172.17.190.103
172.17.190.104
127.0.1.2
172.17.190.81
172.17.190.83
TYPE
LOOP-BACK
LOOP-BACK
ETHERNET
ETHERNET
ETHERNET
ETHERNET
LOOP-BACK
ETHERNET
ETHERNET
*SUBNETMASK
SuName
%HFF000000
%HFFFFFFFF
%HFFFFFF00
%HFFFFFF00
%HFFFFFF00
%HFFFFFF00
%HFFFFFFFF
%HFFFFFF00
%HFFFFFF00
QIO
OFF
OFF
ON
ON
ON
ON
OFF
ON
ON
*R
N
N
N
N
N
N
N
N
N
Name
Shows the internally-generated SUBNET name #SNnnn.
Devicename
Shows the home CLIM name and interface name associated with the SUBNET, converted to
upper case.
ADDRESS
Shows the first known IPv4 address associated with the CLIM interface.
TYPE
Shows the type of interface, LOOP-BACK for interfaces named “lo” and ETHERNET for all
others.
SUBNETMASK
Shows the subnet-mask for the first known IPv4 address associated with the CLIM interface.
SuName
Is always blank.
CIPSAM SCF Commands 285
QIO
Shows OFF for interfaces named “lo” and ON for all others.
R
Always shows N.
Example 99 detailed info for the interface identified as SUBNET #SN004 in the Provider for $ZTC2.
Example 99 INFO SUBNET Detailed
> INFO SUBNET $ZTC2.#SN004,DETAIL
CIP Detailed Info SUBNET \MYSYS.$ZTC2.#SN004
Name
Devicename
*ADDRESS
TYPE
#SN004
N1002532.ETH4
172.17.190.104
Trace Status ........ OFF
Trace Filename ......
Interface MTU ....... 1500
Gateway ............. OFF
ETHERNET
*SUBNETMASK
SuName
QIO *R
%HFFFFFF00
ON
N
Trace Status
Is always OFF. Tracing of CLIM interfaces is set up on the CLIM.
Trace Filename
Is always blank.
Interface MTU
Is the Maximum Transfer Unit (MTU) size for the interface.
Gateway
Is always OFF.
State
Always shows STARTED.
NAMES SUBNET, CIPSAM
The only supported NAMES command for CIPSAM is NAMES SUBNET.
NAMES SUBNET
The NAMES SUBNET command shows the names of the specified SUBNETs. SUBNET names are
generated by CIPSAM for all CLIM interfaces existing within the Provider.
NAMES SUBNET Command Syntax
NAMES PROCESS cipsam-name.subnet-name
cipsam-name
Is the name of the CIPSAM process containing the SUBNET names to display.
subnet-name
Identifies the SUBNET object names to display. A wildcard can specify multiple SUBNETs.
Example 100 shows names for subnet $ZTCO:
Example 100 NAMES SUBNET (CIPSAM)
> NAMES SUBNET $ZTC0.*
CIP Names SUBNET \MYSYS.$ZTC0.*
SUBNET
#SN0001
#SN0002
286 SCF Reference for CIP
#SN0003
#SN0004
#SN0005
#SN0006
#SN0007
#SN0008
PRIMARY Command, CIPSAM
The only supported PRIMARY command for CIPSAM is PRIMARY PROCESS.
PRIMARY PROCESS
The PRIMARY PROCESS command is a sensitive command that changes which process of the
CIPSAM process pair is currently the primary. This command does not affect existing sockets.
PRIMARY PROCESS Command Syntax
PRIMARY PROCESS $cipsam-name [,CPU cpu-number]
cipsam-name
Is the name of the CIPSAM process to switch.
CPU cpu-number
Specifies the processor number of the current backup process. If you omit this option, the current
backup processor is assumed. If you specify a processor other than the current primary or
backup, the command returns an error.
Example 101 switches $ZTC1 to its backup process.
Example 101 PRIMARY PROCESS (CIPSAM)
> PRIMARY PROCESS $ZTC1, CPU CPU number of backup process
STATUS Command, CIPSAM
The only supported STATUS command for CIPSAM is STATUS SUBNET.
STATUS SUBNET
The STATUS SUBNET command displays the current status of CLIM interfaces belonging to a
CIPSAM’s Provider in a format compatible with previous NonStop TCP/IP products.
STATUS SUBNET Command Syntax
STATUS SUBNET [$cipsam-name][.subnet-name]
cipsam-name
Is the name of the CIPSAM process containing the SUBNET names to display.
subnet-name
Is the internally-generated SUBNET name for the CLIM interface to display. A wildcard can
specify a set of SUBNETs. The INFO SUBNET command displays the SUBNET name associated
with each CLIM interface.
Example 98 shows the status of all SUBNETs in $CSAM2’s Provider.
Example 102 STATUS SUBNET (CIPSAM)
> STATUS SUBNET $CSAM2.*
CIP Status SUBNET \MYSYS.$CSAM2.*
Name
#SN0001
#SN0002
#SN0003
#SN0004
#SN0005
#SN0006
#SN0007
#SN0008
Status
STARTED
STARTED
STOPPED
STARTED
STARTED
STARTED
STARTED
STARTED
CIPSAM SCF Commands 287
STOP Command, CIPSAM
The only supported STOP command for CIPSAM is STOP PROCESS.
STOP PROCESS
The STOP PROCESS command stops the operation of the specified CIPSAM process if it has no
open sockets. If sockets are open, the command returns an error.
STOP PROCESS Command Syntax
STOP PROCESS $cipsam-name
cipsam-name
Is the name of the CIPSAM process to stop.
Example 103 stops the CIPSAM process named $ZTC1.
Example 103 STOP PROCESS (CIPSAM)
> STOP PROCESS $ZTC1
TRACE Command, CIPSAM
The only supported TRACE command for CIPSAM is TRACE PROCESS.
TRACE PROCESS
The TRACE PROCESS command starts or stops tracing of CIPSAM operations.
TRACE PROCESS Command Syntax
TRACE PROCESS $cipsam-name
{{,STOP |[,BACKUP]}
{,TO file-spec |
[,BACKUP count]|
[,LOCKSIZE]|
[,NOCOLL]|
[,PAGES pages]|
[,RECSIZE size]|
[,WRAP]}}
PROCESS $cipsam-name
Is the name of the CIPMAN process. If you omit the object name, SCF uses the assumed object
name. For information about the ASSUME command, see the SCF Reference Manual for J-Series
and H-Series RVUs.
STOP
Discontinues the trace currently in progress.
TO file-spec
Specifies the name of the file into which the results of the trace operation are to be placed. It
is a required option if the STOP option is not used.
BACKUP
If BACKUP is specified, the command applies to the backup CIPMAN process (that is, the trace
is stopped or started on the backup). If omitted, the primary is assumed. CIPMAN must be
running as a fault-tolerant process pair if this syntax is used. If primary CIPMAN is being traced
when a takeover by backup CIPMAN occurs, the trace of the same CIPMAN continues, but
most events that were being traced prior to the CIPMAN switch are no longer traced. This is
because CIPMAN being traced is no longer the primary. If neither PRIMARY nor BACKUP is
designated, primary CIPMAN is traced.
288 SCF Reference for CIP
COUNT count
count is an integer in the range -1 to (32k-1). It specifies the number of trace records to
be captured. If COUNT is not specified (or is specified as -1), records are accumulated until the
trace is stopped or the file file-spec is full.
NOCOLL
Indicates that the trace collector process should not be initiated. The disk file is to be written
to by Guardian. The attributes WRAP and NOCOLL cannot be specified together.
PAGES pages
pages specifies how many extended data segment pages are allocated when tracing. An
integer value in the range 4 to 64 is expected. The default is 64 pages.
RECSIZE size
size is an integer in the range 1024 to 4050. It controls the length of the data in the trace
data records. The trace header not included in the RECSIZE. The default is 120 bytes. Eight
bytes are used for the header, and 120 bytes are trace data.
WRAP
Specifies that when the trace disk file end-of-file (EOF) is reached, trace data wraps around to
the beginning of the file and overwrites any data that is there.
This command starts a trace of $ZTC2 to file TRACE5.
Example 104 TRACE PROCESS (CIPSAM)
> TRACE PROCESS $ZTC2, TO TRACE5, RECSIZE 4050, SELECT ALL
VERSION Command, CIPSAM
The only supported VERSION command for CIPSAM is VERSION PROCESS.
VERSION PROCESS
The VERSION PROCESS command displays the version number of the specified CIPSAM process.
VERSION PROCESS Command Syntax
VERSION PROCESS $cipsam-name
Example 105 displays the version of the CIPSAM process named $ZTC1:
Example 105 VERSION PROCESS
> VERSION PROCESS $ZTC1
$ZTC1: T0693H01_01AUG2008_AAB_SAM_Q35
CIPSAM SCF Commands 289
11 CLIMCMD and CLIMCMD climconfig Commands (Man
Pages)
man pages are described in these sections:
•
“Standalone Commands (Man Pages)” (page 291)
•
“Climconfig (Man Pages)” (page 301)
These sections contain the information for the individual man pages, and can also be viewed
directly on the CLIM. The pages listed under Standalone Commands are separate programs that
are accessible through CLIMCMD, whereas those pages in the Climconfig section are accessible
through CLIMCMD climconfig, as described in those sections.
You can view a list of these man pages in the Table of Contents of this manual or issue the man
and help commands, as described under “Linux Man Page Documentation and Help” (page 25)
and “Displaying Man Pages for CIP Commands” (page 93).
For the Multiple Providers per CLIM enhancement effective with the H06.25/J06.14 RVU, there is
a standalone prov(1p) command and also a prov(1) climconfig command. To display the standalone
prov(1p) man page, you would issue the man page command man 1p prov, and to display the
climconfig.prov(1) man page, you would issue the man 1 prov command. Syntax for man pages
is described in detail in the sections documenting them; for this example, see prov(1p) and
climconfig.prov(1).
290 CLIMCMD and CLIMCMD climconfig Commands (Man Pages)
Standalone Commands (Man Pages)
This section contains reference pages for standalone commands. These standalone commands
have a man-page format that includes the title of the man page, represented in man page format
(for example, climstatus(1).
These man pages are also available on the CLIM, using the "man" command through CLIMCMD
or when logged into the CLIM directly with putty.
291
clim(1)
NAME
clim -- query and control the CLIM software.
SYNOPSIS
CLIMCMD {clim-name|ip-address} clim [option]
clim Description
clim provides a set of commands to query and control the CLIM software, and to display the
process status of each of the clim processes.
PARAMETERS
abort
Abort and dump all CLIM processes.
clearlog
Allows a CLIM that has stopped trying to restart itself after reaching a retry threshold to be
resumed. Should be followed by 'clim start'.
disable-policy-routing
Disables policy routing on the next CLIM reboot.
enable-policy-routing
Enables policy routing on the next CLIM reboot. This is the default configuration.
info
Provides clim configuration information. This command displays the current value/status of
configurable clim parameters.
onlinedebug
Packages clim-related information into a compressed tar file for debugging purposes.
reboot
Reboots the CLIM, after taking a system memory dump.
start
Starts the CLIM software.
status
Displays the process status of the CLIM processes. The details of the CLIM processes in terms
of system resource consumption are displayed. This is essentially the same as executing the
psclim command at the prompt.
ERROR MESSAGES
None.
CONSIDERATIONS
1.
If the application restart threshold is exceeded, the 'clim start' command will output an error
message and switch from doing an application level restart to doing a CLIM reboot.
If the CLIM reboot threshold is exceeded, the 'clim start' command will output an error message
and exit without attempting to do any further application-level restarts or reboots. Once the
CLIM has given up attempting to restart the CLIM, operator intervention will be required to
enable the CLIM to restart. The operator can accomplish this by using the 'clim clearlog'
command, which will delete the log.
EXAMPLES
None.
292
SEE ALSO
psclim(1), climstatus(1)
293
climstatus(1)
NAME
climstatus -- displays CLIM specific status information
SYNOPSIS
CLIMCMD {clim-name|ip-address} climstatus [-o option]
climstatus Description
climstatus is a program that provides active status information about active objects on specific
CLIMs: (See climconfig(1) for information on obtaining permanent configuration information.)
- ServerNet
- EtherNet, Local Area Network (LAN)
- Kernel IP Routing Table
- Secondary Storage Devices, Hard Disk Drives (HDD)
- IP Security policies and associations
- Interface Failover configuration
- SNMP Configuration information
- climprep configuration information
- iptables and ip6tables configuration
climstatus, when invoked, provides status information of all the above-mentioned components by
default. However, a user can view status information pertaining to a particular component by
providing a -o option to the climstatus command, followed by a character that represents the desired
component. The set of characters representing each component is listed under Parameters.
PARAMETERS
This section lists the options that can be used after the -o option.
c
Displays climprep information.
f
Displays interface failover information.
h
Displays the information pertaining to Filesystem Disk space usage on the CLIM. Displays
information specific to the Filesystem disk space and usage status, such as name, type, size,
used and available amount of space, percentage of used space, and the mount point.
i
Displays the information pertaining to the IPSec, such as security policies and associations.
l
Displays the status information pertaining to Local Area Network (EtherNet) only. Displays
information specific to the Network such as the Interface name, type, status, link status, and IP
addresses(both IPv4 and IPv6). The LAN information is categorized into three separate classes:
Maintenance, Maintenance Provider and Data. The interface "eth0" is the onboard interface
that has been reserved as the Maintenance interface and is used for clim internal housekeeping
activities. The other interfaces are open for normal Data usage.
m
Displays CLIM SNMP information.
294
r
Displays the status information pertaining to Kernel IP Routing Table. Displays information
specific to the Kernel IPv4 routing table such as the Interface name, Destination IP address,
Gateway, and Mask. In case of the Kernel IPv6 routing table, only Interface name, Destination
IP address, and Next Hop information is displayed.
s
Displays the status information pertaining to ServerNet only. Displays information specific to
ServerNet, X and Y Fabric connectivity status, as well as their link locations in terms of Group
Module Slot Port (GMSP).
t
Displays iptables and ip6tables information.
ERROR MESSAGES
None.
CONSIDERATIONS
None.
EXAMPLES
None.
SEE ALSO
None.
295
ifstart(1)
NAME
ifstart -- start an interface
SYNOPSIS
CLIMCMD {clim-name|ip-address} ifstart interface
ifstart Description
ifstart allows you to activate an interface if you have stopped the interface using the ifstop command.
For all network interfaces (ethernet, ip-over-infiniband, bonding and tunnel interfaces), this command
activates the specified interface.
PARAMETERS
interface
Specifies the name of the network interface that is to be started and made available to the
NonStop host. The interface name can be specified as a physical or bonded interface name,
for example, eth1 or bond0 or ib0, or a tunnel interface (for example, MYTUN).
ERROR MESSAGES
The interface interface-name is not configured.
This command is not supported for this interface.
climagt process is not executing.
Interface is already in started state.
CONSIDERATIONS
None.
EXAMPLES
> CLIMCMD N1002581 ifstart eth3
SEE ALSO
Ifstop(1), climconfig(1)
296
ifstop(1)
NAME
ifstop -- stop an interface
SYNOPSIS
CLIMCMD {clim-name|ip-address} ifstop interface [-force]
ifstop Description
Use the ifstop command to deactivate an interface. ifstop brings down the ethernet,
ip-over-infiniband, bonding and tunnel interfaces and deactivates all the IP addresses and routes
associated with the network interface.
PARAMETERS
interface
Specifies the name of the network interface that is to be stopped and made unavailable to the
NonStop host. The interface name can be specified as a physical or bonded interface name,
for example, eth1 or bond0 or ib0, or a tunnel interface (for example, MYTUN).
-force
When used without –force option, ifstop prompts for confirmation before stopping the interface.
If the –force option is used, ifstop stops the interface without prompting for the confirmation.
ERROR MESSAGES
The interface interface-name is not configured.
This command is not supported for this interface.
climagt process is not executing.
Interface is in already in stopped state.
The interface interface-name has a tunnel interface associated with it. The tunnel interface
should be stopped prior to stopping the specified interface.
CONSIDERATIONS
If there is a tunnel associated with the specified interface, and if the tunnel interface is UP, CIP
does not allow the interface to be stopped.
The tunnel interface must be stopped before its parent interface can be stopped.
EXAMPLES
> CLIMCMD N1002581 ifstop eth3
SEE ALSO
Ifstart(1), climconfig(1)
297
prov(1p)
NAME
prov -- execute a program under the context of a provider’s network stack
SYNOPSIS
CLIMCMD {clim-name|ip-address} prov {prov-name} {command}
[arg1..argN]
prov Description
CLIMs utilize multiple independent network stacks, or “providers.” At any time, a CLIM can have
some of the following providers:
%DEFAULT
The reserved network stack that is used for all data communications on CLIMs configured in
SCF with the MULTIPROV attribute set to OFF.
%MPROV
A reserved network stack used to service the optional maintenance provider configurable on
the preconfigured SCF CLIM object.
%MAINT
A reserved network stack used to host CLIM manageability processes that provide services to
the preconfigured maintenance LAN.
provName
Provider objects registered with the “climconfig prov –add prov-name” command, on CLIMs
configured in SCF with the MULTIPROV attribute set to ON.
PARAMETERS
prov-name
Provider name.
command
The command to be executed in the provider specified by prov-name.
arg1..argN
Optional arguments to the command.
ERROR MESSAGES
The specified provider does not exist.
CONSIDERATIONS
When logged into an interactive shell on the CLIM, commands that are network-sensitive will use
the services of the currently active provider, and so only have access to the network configuration
and devices that are in use by that provider.
To select a different provider, the command must instead be run using the prov command, which
runs the program under the network stack context of the selected provider.
Commands that are invoked from NSK, through CLIMCMD, allow the provider to be selected in
CLIMCMD syntax, and do not require the “prov” command to be invoked.
Only programs that utilize the network stack require the prov command to be used. These programs
include:
- arp
- ethtool
- hplog
298
- ifconfig
- ip addr show
- ip route show
- ip link show
- mii-tool
- netstat
- ping
- ping6
- tcpdump
- traceroute
- traceroute6
EXAMPLES
> CLIMCMD N1002581 prov zct1 ping 10.1.1.1
> CLIMCMD N1002581 prov zsam traceroute 10.3.3.1
> CLIMCMD N1002581 prov csam ethtool –i eth1
SEE ALSO
climconfig.prov(1), traceroute(1), ping(8), ethtool(8)
299
psclim(1)
NAME
psclim -- display the status of the CLIM processes
SYNOPSIS
CLIMCMD {clim-name|ip-address} psclim
psclim Description
psclim is a derivation of the 'ps' command. It displays system information about the CLIM processes.
The CLIM processes consist of climmon, confsync, climagt and one or more cipssrv. The information
being displayed consists of process PID, memory used, percentage memory, percentage CPU time,
accumulated CPU time, start time, run status, and start command.
PARAMETERS
None
ERROR MESSAGES
None
CONSIDERATIONS
None.
EXAMPLES
CLIMCMD CLIM1:~#psclim
PID RSS
%MEM %CPU
TIME
6554 1648 0.0 0.0
00:00:00
6555 2416 0.0 0.0
00:00:00
6570 1174 0.0 0.0
00:00:00
6575 2192 0.0 0.2
00:00:00
SEE ALSO
ps(1, clim(1), climstatus(1)
300
START
14:56
14:56
14:56
14:56
STAT
S
S
S
S
CMD
/usr/local/bin/climmon
cipssrv --number 0
confsync
climagt --number 1
Climconfig (Man Pages)
This section contains reference pages for the climconfig command. Climconfig commands have a
man-page format that includes the title of the man page, represented in man page format (for
example, climconfig.arp(1).
These man pages are also available on the CLIM, using the "man" command through CLIMCMD
or when logged into the CLIM directly with putty.
301
climconfig(1)
NAME
climconfig -- configure network protocol parameters
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig command [parameter]
climconfig Description
This command is a parameter to the CLIMCMD command-line interface. It allows you to configure
network, IPSec, climiptables, iptables, ip6tables, failover and SNMP parameters. Enter CLIMCMD
at the TACL prompt on the NonStop system followed by the clim-name or CLIM IP address,
climconfig and one or more command objects and associated parameters.
COMMANDS
climconfig supports the network configuration commands documented in this section.
ERROR MESSAGES
None.
EXAMPLES
> CLIMCMD N1002581 climconfig arp -add eth1 -host 17.24.17.50 &
-hwaddress 00:0E:7f:F5:6E:8A
SEE ALSO
For details about the climconfig command arguments, see the following man pages:
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
CLIMCMD
302
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
{clim-name|ip-address}
man
man
man
man
man
man
man
man
man
man
man
man
man
man
man
man
man
man
man
man
man
climconfig.all
climconfig.arp
climconfig.bondmode
climconfig.climiptables
climconfig.failover
climconfig.hostname
climconfig.interface
climconfig.ip
climconfig.ip6tables
climconfig.iptables
climconfig.prov
climconfig.psk
climconfig.remote
climconfig.route
climconfig.sa
climconfig.slaveinterface
climconfig.snmp
climconfig.sp
climconfig.sysctl
climconfig.tunnel
climconfig.vpn
climconfig.all(1)
NAME
climconfig.all -- display the entire CLIM configuration
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig all -info [-obeyform]
climconfig.all Description
This command displays the entire CLIM configuration.
PARAMETERS
–info
Displays the cumulative output of these commands:
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
interface –info all
route –info all
arp –info
snmp –info
bondmode –info
failover –info
sysctl –info all
psk –info
sp –info
sa –info
remote –info
climiptables –info
prov –info
–info —obeyform
Displays the cumulative output of these commands followed by the “exit” command:
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
climconfig
interface –info all -obeyform
snmp –info -obeyform
bondmode –info -obeyform
failover -info –obeyform
sysctl –info all -obeyform
psk -info -obeyform
sp -info -obeyform
sa -info -obeyform
remote -info -obeyform
climiptables -info -obeyform
prov –info -obeyform
ERROR MESSAGES
None.
EXAMPLES
> CLIMCMD n100253 climconfig all –info
> CLIMCMD n100253 climconfig all –info —obeyform
303
climconfig.arp(1)
NAME
climconfig.arp -- manage arp entries
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig arp -add
{eth0|interface} -host host -hwaddress MAC-address
CLIMCMD {clim-name|ip-address} climconfig arp -delete
{eth0|interface} -host host
CLIMCMD {clim-name|ip-address} climconfig arp -info
[-obeyform]
climconfig.arp Description
This command:
arp -add
adds information about ARP entries.
arp -delete
deletes manually-added ARP entries.
arp -info
displays manually-added and kernel-added ARP entries.
The arp -add and arp -delete commands add to or delete from the /etc/network/
interfaces file and if the interface is active, to the kernel. If the interface is not active, the add
and delete commands affect only the /etc/network/interfaces file. The arp -info
command displays information about ARP entries in the kernel (includes both manually-added and
automatically-added entries). Entries that are automatically added by the Kernel cannot be deleted
using this command. This command does not support InfiniBand interfaces.
PARAMETERS
eth0
Specifies the dedicated service LAN interface.
interface
Specifies an interface to configure. The interface can be either an existing physical interface
name (for example, eth2) or a bonding interface name (for example, bond0).
-host host
Specifies the host. Use the host IP address for this parameter.
-hwaddress MAC-address
Specifies the MAC address of the host.
-delete eth0
Specifies the dedicated service LAN interface.
-delete interface
Specifies an interface (physical or bonding).
-info
Displays information about ARP entries.
-obeyform
Generates user-configured ARP entries.
ERROR MESSAGES
For arp -add and arp -delete:
304
The interface interface-name is not configured.
This command is not supported for the interface lo.
This command is not supported for the interface eth0:0.
This command is not supported for the interface tunnel-interface.
The specified arp entry already exists for the interface-name.
This command does not support InfiniBand interfaces.
EXAMPLES
> CLIMCMD clim1 climconfig arp -add eth1 –host 15.76.219.4
–hwaddress 00:0E:7f:F5:6E:8A
> CLIMCMD 17.21.201.2 climconfig arp -delete eth1
–host 15.76.219.4
> CLIMCMD n100253 climconfig arp -info
Interface
: eth0
IP Address
: 16.107.199.1
Hardware Address : 00:01:30:10:E6:50
Hardware Type
: ether
Flags
: C
Mask
:
> CLIMCMD n100253 climconfig arp -info -obeyform
climconfig arp \
-add
eth0 \
-host
192.168.36.11 \
-hwaddress
00:1c:c4:de:cf:ae
climconfig arp \
-add
eth0 \
-host
15.146.232.113 \
-hwaddress
00:1b:78:07:69:70
climconfig arp \
-add
eth0 \
-host
15.146.232.1 \
-hwaddress
00:19:bb:1c:0c:00
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
305
climconfig.bondmode(1)
NAME
climconfig.bondmode -- change bonding mode, get bondmode info
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig bondmode
-modify bonding-mode
CLIMCMD {clim-name|ip-address} climconfig bondmode
-info [-obeyform]
climconfig.bondmode Description
This command displays information about the bonding mode. The bonding mode applies to all
the bonding interfaces in the CLIM. Only one slave in the bond is active.
The supported bonding modes are:
mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active
if, and only if, the active slave fails. The bond's MAC address is externally visible on only one
port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The
primary option, specified in the climconfig slave interface command, affects the behavior of
this mode.
mode=5 (balance-tlb)
Adaptive transmit load balancing: channel bonding that does not require any special switch
support. The outgoing traffic is distributed according to the current load (computed relative to
the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave
fails, another slave takes over the MAC address of the failed receiving slave.
mode=6 (balance-alb)
Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic,
and does not require any special switch support. The receive load balancing is achieved by
ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on
their way out and overwrites the source hardware address with the unique hardware address
of one of the slaves in the bond such that different peers use different hardware addresses for
the server.
A different slave becomes active if the active slave fails. The bond MAC address is externally
visible on only one network interface to avoid problems in the switch. This mode provides fault
tolerance.
Configuring the bonding mode applies to both bond interfaces, bond0 and bond1. Even if those
bonds are assigned to different providers on CLIMs with MULTIPROV ON, the bonding mode still
applies to both.
PARAMETERS
–modify bonding-mode
Specifies the bonding mode to be applied to all the bonding interfaces
–info
Displays the configured bonding mode. The display format is:
Bonding Mode : 1 ( active-backup )
–obeyform
Generates the configured bonding mode information in modify command format. The display
format is:
climconfig bondmode -modify bonding-mode
306
ERROR MESSAGES
For bondmode -modify, one or more of the Bonding interfaces is UP
The value of the bonding mode should be either 1, 5, or 6
The software MAC address of the slaves <slave interface> and <slave interface> of bonding
interface <bonding interface> cannot be same for bonding mode <mode>.
EXAMPLES
> CLIMCMD n100253 climconfig bondmode –info
Bonding Mode : 1 ( active-backup )
> CLIMCMD n100253 climconfig bondmode –info -obeyform
climconfig bondmode -modify 1
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
307
climconfig.climiptables(1)
NAME
climconfig.climiptables -- configure climiptables
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig
[-prov prov-name] -enable
CLIMCMD {clim-name|ip-address} climconfig
[-prov prov-name] -disable [-force]
CLIMCMD {clim-name|ip-address} climconfig
[-prov prov-name] -info [-obeyform]
CLIMCMD {clim-name|ip-address} climconfig
[-prov prov-name] -status
climiptables
climiptables
climiptables
climiptables
climconfig.climiptables Description
This command allows you to display and configure CLIM IP tables:
climiptables -enable
activates configurations for the climiptables. Enable and disable states are persistent through
CLIM reboots and software updates.
climiptables -disable
deactivates configurations for the climiptables. Enable and disable states are persistent through
CLIM reboots and software updates.
climiptables -info
displays the state of the climiptables, iptables and ip6tables configurations.
climiptables -info -obeyform
obtains the obeyform lines for configuring climiptables in add/delete command format.
climiptables -status
displays the state of the climiptables.
PARAMETERS
-force
Used with the -disable option, causes the command to bypass user confirmation.
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own iptables
configuration. The provider name is case-insensitive and always converted to UPPER case.
-obeyform
Used with the -info option, obtains climiptables configuration in obeyform format.
ERROR MESSAGES
For climconfig climiptables [-enable | -disable [-force] | -info
[-obeyform]]:
Error: File /etc/clim/climiptables/state does not exist.
Error: Cannot open the file /etc/clim/climiptables/state: error code.
Error: invalid version string “version”, file “/etc/clim/climiptables/state”.
Error: version string major, minor is not compatible, file “/etc/clim/climiptables/state”.
Error: Invalid climiptables state file.
308
CONSIDERATIONS
None.
EXAMPLES
To enable climiptables:
> CLIMCMD N1002581 climconfig climiptables -enable -force -prov MSC2
climiptables is now enabled
> CLIMCMD N1002581 climconfig climiptables -disable -force -prov MSC2
Do you want to continue with DISABLING climiptables? yes/[no] - yes
climiptables is now disabled
> CLIMCMD N1002581 climconfig climiptables -force -disable
climiptables is now disabled
> CLIMCMD N1002581 climconfig climiptables -status
climiptables is currently enabled
> CLIMCMD N1002581 climconfig climiptables -info
climiptables is currently enabled
iptables configuration:
-N snmptrap
-A CIP_INPUT -p tcp -m tcp --dport 162 -j snmptrap
-A CIP_INPUT -p udp -m udp --dport 162 -j snmptrap
-A snmptrap ! -s 100.100.100.56/32 -j
REJECT --reject-with icmp-port-unreachable
ip6tables configuration:
-P CIP_INPUT DROP
> CLIMCMD N1002581 climconfig climiptables -info -obeyform
climconfig climiptables -disable -force
climconfig iptables -force -N abc
climconfig iptables -force -P CIP_INPUT ACCEPT
climconfig iptables -force -A abc -p tcp -j ACCEPT
climconfig ip6tables -force -P CIP_INPUT DROP
climconfig climiptables -enable
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
SEE ALSO
climconfig iptables, ip6tables
309
climconfig.failover(1)
NAME
climconfig.failover -- configure failover
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig failover -add src-interface
-dest dest-clim-name.dest-interface
CLIMCMD {clim-name|ip-address} climconfig failover -delete
{src-interface|all} [-force]
CLIMCMD {clim-name|ip-address} climconfig failover -info
clim-name -interface {interface-name|all}[-obeyform]
climconfig.failover Description
This command allows you to configure the failover behavior between CLIMs. You can configure
both physical and bonding interfaces to failover to an interface on a different CLIM.
failover -add
adds a failover configuration to the failover.conf file. The command must be run for the
CLIM that contains the src-interface for which the failover configuration is to be added.
failover -delete
deletes the failover configuration for the specified interface. The command must be run for the
CLIM that contains the src-interface with the failover configuration that is to be deleted.
failover -info
displays the failover configuration of the specified interface. This command can be run for any
CLIM.
PARAMETERS
src-interface
Specifies the native interface name. It can be a physical (Ethernet or InfiniBand) or bonding
interface.
dest-clim-name
Specifies the destination CLIM.
dest-interface
Specifies the destination interface. The specified interface can be a physical interface (Ethernet
or InfiniBand) or a bonding interface.
-all
Deletes all of the failover configurations for the native CLIM.
clim-name
Specifies the CLIM containing the interface whose failover configuration is to be displayed.
-clim
Is the interface containing the failover configuration to display. If you specify interface-name
the output is only one line.
interface-name
Specifies the interface for the failover configuration. For the -info command, the display format
is: clim-name.interface-name.failover clim name.failover-interface
all
Specifies all failover configurations for the CLIM. The display format is:
clim-name.interface-name failover-clim-name.failover-interface-name
310
-force
Runs the command without prompting for confirmation.
-obeyform
Generates failover configuration information in add command format.
ERROR MESSAGES
For failover -add:
Invalid source interface.
Invalid destination interface, it should be one of the eth[1-n], bond[0-n], or ib[0-n].
Source and Destination CLIM name are same.
Failover configuration for the source interface exists.
The specified destination already exists.
An Ethernet interface can failover only to another Ethernet interface. The dest-interface
is not an Ethernet interface.
An InfiniBand interface can failover only to another InfiniBand interface. The dest-interface
is not an InfiniBand interface.
For failover -delete:
Failover configuration for the source interface does not exist.
For failover -info:
The CLIM clim-name does not exist.
The interface interface-name does not exist.
CONSIDERATIONS
Failover of virtual interfaces is not supported.
Failover configuration for a tunnel interface is not supported. Tunnel interfaces are automatically
failed over along with the parent physical or bonding interface.
There cannot be multiple failover configurations for a source interface.
Both of the interfaces in the failover pair must be configured as part of the same provider.
lo, eth0, and eth0:0 cannot be configured to fail over.
To achieve a failover configuration, two interfaces are associated as a failover pair.
Each interface can be paired with no more than one other interface and each interface of a pair
must use either the other as its failover interface or no failover interface.
At the time of configuration, the climconfig tool does not validate whether the failover configurations
follow failover pairs. The host validates the configuration when the CLIM is STARTED.
At the time of configuration, the climconfig tool does not validate whether the destination CLIM
and destination interface exist and are part of the same provider. The NonStop server host does
this validation when the CLIM is STARTED.
If src-interface is Ethernet, then the dest-interface> should also be Ethernet.
If src-interface is InfiniBand, then the dest-interface should also be InfiniBand.
Only CLIM interfaces of the same type can be paired. Ethernet and InfiniBand interface pairing is
invalid.
For Example, Ethernet interfaces can be paired with only Ethernet interfaces and InfiniBand with
only InfiniBand interfaces.
EXAMPLES
> CLIMCMD clim1 climconfig failover -add eth1 -dest climy.eth2
> CLIMCMD 17.205.15.2 climconfig failover -delete eth1
311
> CLIMCMD n100253 climconfig failover -info clim2 eth1
SOURCE
DESTINATION
FAMILY
clim2.eth1 clim1.eth1
INET
clim1.eth2 clim3.eth1
INET
> CLIMCMD n100253 climconfig failover –info climx –interface eth1
SOURCE
DESTINATION
climx.eth1
climy.eth2
> CLIMCMD n100253 climconfig failover –info climx –interface eth1 -obeyform
climconfig failover \
-add
eth1 \
-dest
climy.eth2
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
SEE ALSO
climconfig interface -add
312
climconfig.hostname(1)
NAME
climconfig.hostname -- manage the CLIM host name
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig hostname -modify hostname
CLIMCMD {clim-name|ip-address} climconfig hostname -info
climconfig.hostname Description
This command modifies and displays the host name of the CLIM.
PARAMETERS
–modify
Changes the host name of the specified CLIM.
–info
Displays the host name of the specified CLIM.
hostname
Specifies the host name to be modified. The hostname is converted to upper case.
ERROR MESSAGES
None
CONSIDERATIONS
The host name of a CLIM cannot be modified when the CLIM is in the STARTED state.
The CLIM host name and the SCF CLIM object name must match. If you change the CLIM host
name, you also need to change the name of the CLIM in the host. Use SCF to delete the CLIM and
then add a new CLIM with a name that matches the new host name you have assigned to the
CLIM.
Hostname cannot exceed 8 characters.
If there are any failover configurations existing for the CLIM for which you change the hostname,
the climconfig tool automatically changes the source-CLIM name in its failover configurations.
If the interfaces of the other CLIM are configured to fail over to this CLIM, manually change the
failover configurations of the other CLIMs.
EXAMPLES
> CLIMCMD 172.18.105.17 climconfig hostname -info
CLIM1
> CLIMCMD 172.18.105.17 climconfig hostname -modify N100253
SEE ALSO
SCF DELETE CLIM command, SCF ADD CLIM command
313
climconfig.interface(1)
NAME
climconfig.interface -- manage CLIM interfaces
SYNOPSIS
interface -add command:
CLIMCMD {clim-name|ip-address} climconfig interface -add
{eth0:0|interface-name} [-prov prov-name] [-mtu mtu-value |
-jumbo { on | off } ]
interface -delete command:
CLIMCMD {clim-name|ip-address} climconfig interface -delete
{eth0:0|interface-name}
interface -modify command for eth0 interface:
CLIMCMD {clim-name|ip-address} climconfig interface -modify
eth0
{ [-ipaddress ipv4-address -netmask ipv4-netmask] |
[-autonegotiation on] |
[-autonegotiation on -linespeed 1000 [-duplex full ] ] |
[-autonegotiation { on | off } -linespeed {10 | 100} -duplex { half | full } ]
}[-force]
interface -modify command for data interfaces:
CLIMCMD {clim-name|ip-address} climconfig interface -modify
interface-name
{ [-mtu mtu-value] |
[-jumbo { on | off } ] |
[-autonegotiation on] |
[-autonegotiation on -linespeed 1000 -duplex full]] |
[-autonegotiation { on | off } -linespeed { 10 | 100 } -duplex { half | full } ] |
[-macaddr {mac address | default} ]
}[-force]
For changing the eth0 IP address:
CLIMCMD {clim-name|ip-address} climconfig interface -modify
eth0 -ipaddress ipv4-address -netmask ipv4-netmask
For changing MTU settings:
CLIMCMD {clim-name|ip-address} climconfig interface -modify
interface-name -mtu mtu-value
For changing jumbo frame settings:
CLIMCMD {clim-name|ip-address} climconfig interface -modify
interface-name -jumbo { on | off }
For changing Ethernet card settings:
CLIMCMD {clim-name | ip-address} climconfig interface -modify
interface-name [ –force ]
{[ -autonegotiation on ] |
[ -autonegotiation on -linespeed 1000 [ –duplex full ] ] |
[ -autonegotiation { on | off } –linespeed { 10 | 100 }
-duplex { half | full } ] }
For changing the MAC address for physical and slave interfaces:
CLIMCMD {clim-name|ip-address} climconfig interface -modify
interface-name -macaddr {mac-address|default} [-force]
For displaying the configuration of an interface:
CLIMCMD {clim-name|ip-address} climconfig interface -info
{eth0|eth0:0|interface-name|all}[–obeyform]
314
climconfig.interface Description
This command does the following:
interface -add
adds the interface name to the /etc/network/interfaces file of the CLIM. The host brings
up the interface when it is added.
If the CLIM has MULTIPROV ON and the operator specifies the -prov command with the name
of an unconfigured prov object, that object is implicitly added. Thus, for an unknown provider,
you can specify climconfig interface -add interface-name -prov prov-name,
which would be the equivalent of issuing the two commands, climconfig prov -add
prov-name and climconfig interface -add interface-name -prov prov-name.
The interface can be added even when the CLIM is in the STARTED state.
Slave interfaces can be added by using the slaveinterface –configure command. If
a bonding interface does not have any slave interfaces, it is not activated by the host.
interface -delete
removes the configured physical or bonding interface and its configuration (all the IP addresses
and routes associated with the interface) from the /etc/network/interfaces file of CLIM.
interface -modify
changes the existing interface configuration in the CLIM /etc/network/interfaces file.
For eth0, its IP address or MAC address settings can be modified. For modifying parameters
of any option, only the modified parameter can be specified and other unmodified parameters
need not be specified. You can modify the jumbo setting, IP address, mtu, autonegotiation
settings, and MAC address individually, but not all on the same command. If an option does
not exist, the new option and its parameter can be added. However, you cannot delete a
previously configured option. This command does not support InfiniBand interfaces.
interface -info
displays the configuration of an interface. For a given interface, the IP address, netmask,
gateway, minimum TCP Retransmission Timeout (RTO) value (in milliseconds), and other
information, are displayed. An interface can have both IPv4 and IPv6 addresses; in this case,
the command displays both of the configuration details for the interface. The command displays
the configurations only for an interface existing in the /etc/network/interfaces file. To
display the configurations for an interface existing in the kernel, use the ifconfig command.
PARAMETERS
eth0
Specifies the dedicated service LAN interface.
eth0:0
Specifies the maintenance Provider LAN interface.
interface
Refers to the physical (Ethernet or InfiniBand interface) or logical (software abstraction such as
bond or tunnel) interfaces on the CLIM.
interface-name
Specifies the interface for the operation. For the -macaddr option, the interface, including
slave interfaces must be physical interfaces. For other options, the interface can be either a
physical interface (for example, eth1, ib0) or a bonding interface (for example, bond0).
-ipaddress ipaddress
Specifies an IPv4 address.
315
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own interface
configuration. The provider name is case-insensitive and always converted to UPPER case.
-netmask netmask
Specifies an IPv4 network address in dotted quad form.
all
Displays information for all interfaces.
-obeyform
This option displays the user-configured resources of an interface in add command format.
-mtu
Sets frame size for an interface. If the option is not specified, the default frame size is 1500.
For physical and bonding interface allowable values are 1280 to 9000.
For tunnel interfaces allowable values are 1280 to 65508.
If the mtu option is set for bonding interface, it will also be applied to a slave interface.
Setting mtu option separately for a slave interface is not allowed.
You cannot specify both the jumbo and mtu options.
mtu cannot be specified for eth0, eth0:0, and InfiniBand interfaces.
Specifying mtu overrides previous values set for jumbo.
-jumbo on
Changes jumbo frames for an interface other than eth0 or eth0:0. If jumbo is set (on), the frame
size is 9000 bytes. If jumbo is reset (off), the frame size is1500 bytes. If the option is not
specified, the default frame size is 1500 bytes.
The jumbo option has a limited set of allowable values (1500 - OFF and 9000 - ON) for frame
size, whereas the mtu option supports a range of values. The mtu option is the recommended
method for setting the MTU size.
The climconfig tool reports an error if the NIC does not support a frame size of 9000 bytes.
If the jumbo option is set for a bonding interface, it will also be applied to a slave interface.
Setting the jumbo option separately for a slave interface is not allowed.
If the bonding interface is UP, the jumbo option is set and a slave interface is added that does
not support frames of 9000 bytes, Climconfig reports an error while adding the slave interface.
You cannot specify both the jumbo and mtu options.
A jumbo frame cannot be set for eth0 and eth0:0.
Specifying jumbo overrides previous values set for mtu.
-jumbo off
Disables jumbo frames for an interface. The frame size is set to 1500 bytes. If this parameter
is not specified, the jumbo option is reset and the frame size set to 1500 bytes.
-force
Causes the command to modify the interface without prompting for confirmation.
-autonegotiation on
Enables autonegotiation.
-autonegotiation off
Disables autonegotiation. -linespeed and -duplex options must be specified.
-linespeed 10
Sets the linespeed to 10MB/sec.
316
-linespeed 100
Sets the linespeed to 100MB/sec.
-linespeed 1000
Sets the linespeed to 1000MB/sec. This option can be set only if -autonegotiation is set
to on.
-duplex half
Sets the duplex mode to half.
-duplex full
Sets the duplex mode to full.
-macaddr
Specifies the MAC address to be assigned to the specified interface. If default is specified,
the original hardware MAC address is assigned.
NOTE: When the interface is deleted from the configuration, either as a slave interface or
an independent interface, the configured software MAC address is not retained with the
interface.
ERROR MESSAGES
For interface -add:
The interface interface-name is already configured as an independent interface.
Interface interface-name is slave interface for a bonding interface. It cannot be configured
as an independent interface.
Interface interface-name does not exist in the kernel.
The -jumbo option is not supported for eth0/eth0:0.
The -mtu option is not supported for eth0/eth0:0 or for ib0/ib1.
Only one of -jumbo or -mtu options can be specified.
A value within the range 1280 to 9000 must be specified for -mtu option.
The –prov option is not supported for CLIM with SCF MULTIPROV option set to OFF.
The –prov option must be specified for CLIM with SCF MULTIPROV option set to ON.
The –prov option is not supported for eth0 and eth0:0.
The specified provider name is invalid; it must not be more than seven characters and must be
alpha-numeric characters with the first character being alphabetic.
For interface -delete:
This command is not supported for the interface eth0.
This command is not supported for the interface lo.
The interface interface-name is not configured.
The interface interface-name has a tunnel interface tunnel-interface-name associated
with it.
The interface interface-name is UP, cannot execute this command.
Cannot execute this command for the interface eth0:0, with eth0:0 in use.
For interface -modify:
This command is not supported for the interface lo.
The -jumbo option is not supported for eth0/eth0:0 or ib0/ib1.
The -mtu option is not supported for eth0/eth0:0.
Only one of -jumbo or -mtu options can be specified.
A value within the range 1280 to 9000 must be specified for -mtu option.
317
The IPv6 family cannot be specified for the eth0.
-ipaddress option for the command - "climconfig interface -modify", is supported only for eth0.
The interface interface-name is not configured.
Cannot execute this command for the interface eth0 when the CLIM is in STARTED state.
The tunnel interface and its parent interface have different jumbo settings.
Internal Error in updating SLNP rules, error-code.
The specified MAC address is not a software MAC address.The software MAC address of the
slaves slave-interface-1 and slave-interface-2 of bonding interface
bonding-interface cannot be the same for bonding mode mode.
This command is not supported for InfiniBand interfaces.
The specified Jumbo value already exists for the interface.
The specified interface does not support the specified speed and mode.
For interface -info:
The interface interface-name is not configured.
WARNING MESSAGES
For interface -modify:
Warning: SNMP configuration file /etc/default/snmpd is missing.
Warning: SNMP configuration file /etc/default/snmpd is corrupt.
Warning: Cannot restart SNMP daemon.
Warning: Cannot restart SNMP agents.
Warning: Cannot write to SNMP configuration file /etc/default/snmpd.
CONSIDERATIONS
Considerations for interface -add:
The bonding interface will find an entry as one of the interfaces, with the slave interfaces
configured within that bonding interface definition. Slave interfaces should not be added using
this command. Slave interfaces for a bonding interface can be configured using the command
climconfig slaveinterface -configure . . ..
The climconfig tool does not allow addition of a virtual interface other than eth0:0.
eth0:0 cannot be added when the CLIM is in the STARTED state.
If the interface to be added is UP, it should first be brought down using the CLIMCMD ifstop
command, and then added.
Considerations for interface -delete:
You cannot delete eth0, the dedicated service LAN interface.
lo, the loopback interface, cannot be deleted.
This command cannot be executed when the specified interface is active (UP). Use the CLIMCMD
ifstop command to deactivate the interface before deleting it.
An interface cannot be deleted before deleting any tunnel interface associated with it.
This command cannot be used to delete tunnel interfaces.
eth0:0, the maintenance provider interface, cannot be deleted when eth0:0 is in use by the
NonStop host.
Considerations for interface -modify:
You cannot modify the IP address and netmask of eth0 when the CLIM is in the STARTED state.
To modify the IP address on a CLIM, do a climcmd clim-name clim stop, then a
climcmd clim-name climconfig interface -modify eth0 -ipaddress new
318
eth0 ip address -netmask 255.255.252.0. Then issue the SCF CLIM START command
to restart the CLIM after the changes.
An IPv6 address cannot be assigned to eth0 interface.
The -jumbo option cannot be used for eth0 and eth0:0.
If the Maximum Transfer Unit (MTU) of an active interface is changed using the jumbo option,
a failover of that interface might occur.
The loopback interface, lo, cannot be modified.
Not all ethernet cards support all linespeeds and duplex modes.
Fibre channel supports only –autonegotiation on.
Gigabit ethernet standard requires auto-negotiation to be ON. You cannot specify SPEED 1000
Mb/s and AUTONEGOTIATION OFF.
A MAC address can be modified only for an interface that is DOWN (stopped). Therefore,
effectively, eth0 MAC address cannot be changed.
When a MAC address is being modified, the interface must not have been failed over.
The software MAC addresses of all slaves of a bonding interface must be unique in bonding
modes 5 (balance-tlb) and 6 (balance-alb). A check is performed when you attempt to change
the bonding mode.
If the eth0 IP address is being changed, the known host information SSHDB on the NonStop
host must be modified. Here are the required steps:
1. At the TACL prompt, enter:
Tacl> sshcom open $zssp0; mode client;
info knownhost *:old-eth0-ip-address.22;
exit
2.
For each entry listed above (one per user), issue this command:
sshcom open $zssp0; mode client;
delete knownhost user-name:old-eth0-ip-address.22;
exit
The old-eth0-ip-address is the IP address configured on eth0 that is being changed
to a new IP address.
EXAMPLES
> CLIMCMD clim1 climconfig interface -add eth1 -jumbo on
> CLIMCMD clim1 climconfig interface –add bond0 -jumbo on
> CLIMCMD clim1 climconfig interface -delete eth1
> CLIMCMD clim1 climconfig interface -modify eth0
-ipaddress 15.76.217.112 -netmask 255.255.128.0
> CLIMCMD 17.205.15.2 climconfig interface -modify eth1
-jumbo off
> CLIMCMD 15.205.15.2 climconfig interface -modify
-autonegotation off -linespeed 100 -duplex half
eth1
> CLIMCMD 15.205.15.2 climconfig interface –modify eth2
–autonegotiation on –linespeed 1000
> CLIMCMD 15.205.15.2 climconfig interface -modify eth2
-macaddr 00:16:b4:3B:90:EE
> CLIMCMD 16.107.170.241 climconfig interface -info all
> CLIMCMD 16.107.170.241 climconfig interface -info all -obeyform
319
SEE ALSO
climconfig ip -add
320
climconfig.ip(1)
NAME
climconfig.ip -- add or delete IP addresses
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig ip -add
{eth0|eth0:0|interface} -ipaddress ip-address -netmask netmask
CLIMCMD {clim-name|ip-address} climconfig ip -delete interface
-ipaddress ip-address -netmask netmask [-force]
climconfig.ip Description
This command does the following:
ip -add
adds an IP address to an existing interface. Multiple IP addresses can be added to an interface.
ip -delete
deletes an IP address from the specified interface. The IP address is deleted from the
configuration file. If the IP address exists in the kernel, it is deleted from the kernel.
PARAMETERS
eth0
Specifies the dedicated service LAN interface.
eth0:0
Specifies the maintenance provider LAN interface.
interface
Specifies an interface. This parameter can be either a physical interface name (such as eth1,
ib0), a bonding interface name (such as bond0), or a tunnel interface (such as tun0).
-ipaddress ipaddress
Is the new IP address to be assigned to the interface (for ip -add) or the IP address to be
deleted from the interface (for ip -delete). It can be an IPv4 or an IPv6 IP address.
-netmask netmask
Specifies the netmask for the interface. For IPv4 addresses, use dotted quad format. For IPv6
addresses, use the number of bits appropriate for the IPv6 address (for example, 64).
-delete interface
Deletes an IP address for the specified physical or bonding interface from the /etc/network/
interfaces file of the CLIM. This command also deletes the tunnel configurations associated
with the interface.
-force
Causes the command to delete the IP address without prompting for confirmation.
ERROR MESSAGES
For ip -add:
The interface interface-name is not configured.
This command is not supported for the interface lo.
Configuring IPv6 "address" is not allowed for eth0 and eth0:0 interfaces.
Interface "eth0" already has an IP.
Interface "eth0:0" already has an IP.
The specified IP address already exists for the interface.
321
Cannot execute this command for the interface interface-name when the CLIM is in STARTED
state.
The "IPv4" family cannot be specified for the "tunnel interface".
For ip -delete:
This command is not supported for the interface lo.
The interface interface-name is not configured.
The specified IP address ip-address is not configured for the interface.
The IP address cannot be deleted from eth0.
The IP address cannot be deleted from eth0:0 with eth0:0 in use.
A route with the specified IP address as a –src exists.
WARNING MESSAGES
For ip -add:
Warning: SNMP configuration file /etc/default/snmpd are missing.
Warning: SNMP configuration file /etc/default/snmpd are corrupt.
Warning: Cannot restart SNMP daemon.
Warning: Cannot write to SNMP configuration file /etc/default/snmpd.
Cannot restart SNMP agents.
For ip -delete:
Warning: Could not remove IPv4 compatible IPv6 address from the kernel.
CONSIDERATIONS
For ip -add:
For SNMP listening address configuration, when the IP address is added to eth0, the climconfig
tool updates the /etc/defaults/snmpd configuration file with the new listening address
as the dedicated service LAN IP.
Tunnel interfaces can be assigned only with IPv6 addresses.
An IPv6 address cannot be assigned to eth0 and eth0:0.
Only one IPv4 address can be assigned to eth0 or eth0:0.
The IP address is added either to the /etc/network/interfaces file, to the kernel, or to
both. The behavior is defined as:
—If the specified interface is down, the IP address is added to the file.
—If the CLIM is in the STOPPED state, the IP address is added to the file.
—If the specified interface is UP and the CLIM is in the STARTED state, the IP address is added
to the file and to the kernel.
The customer data interfaces, eth1 - eth5, cannot have IP addresses in the 192.168.*.* range,
or whatever the dedicated service LAN address range is for the system.
If the same static IPv6 address is configured and added to more than one CLIM, during the
interface activation, the IPv6 address being duplicated remains as a tentative address. This
IPv6 address is not automatically removed from the kernel/file configuration by climconfig. It
is the operator's responsibility to remove such duplicate static IPv6 addresses from the
configuration.
For ip -delete:
The IP address cannot be deleted from eth0.
The IP address cannot be deleted from eth0:0, with eth0:0 in use.
IP address from Loopback interface lo, cannot be deleted.
322
All the routes belonging to an interface for a particular network are automatically deleted from
the kernel when the last IPv4 address belonging to that network is deleted from the interface.
However, the routes remain in the configuration file. These routes will come into effect only
when the interface is restarted (ifstop followed by ifstart) or when the routes are deleted and
then added back after adding at least one IPv4 address corresponding to that network. For
example:
interface -info eth5
Interface
Interface Type
MTU
Size
IP
Address
Netmask
ROUTE
Details
Route Type
Destination Address
Netmask
Gateway Address
Metric
Minimum RTO
:
:
:
:
:
:
:
:
:
:
:
:
eth5
Physical Interface
1500
172.17.190.71
255.255.255.0
Default Route
0.0.0.0
0.0.0.0
172.17.190.1
0
Unspecified
When the IP 172.17.190.71 is deleted, the default route 172.17.190.1 is automatically
deleted from the kernel.
EXAMPLES
> ip -add eth1 –ipaddress 15.76.217.14 –netmask 255.255.255.0
323
climconfig.ip6tables(1)
NAME
climconfig.ip6tables -- configure ip6tables
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig ip6tables
[-prov prov-name] [-force] arguments
Or,
CLIMCMD {clim-name|ip-address} climconfig ip6tables
[-prov prov-name] arguments [-force]
climconfig.ip6tables Description
This command supports the following options. If a command is labeled as sensitive, a user
confirmation is required for execution unless the -force option is also specified.
--append | -A chain rule-specification [options]
This command appends one or more rules to the end of the selected chain. When the source
and/or destination names resolve to more than one address, a rule will be added for each
possible address combination. This command is valid only for the CIP_INPUT chain and
user-defined chains.
--delete | -D chain [rulenum | rule-specification [options]]
This command deletes one or more rules from the selected chain. There are two versions of
this command: the rule can be specified as a number in the chain (starting from 1 for the first
rule) or a rule to match. For the latter case, the specified rule must match an existing entry in
the chain exactly. This command is valid only for the CIP_INPUT chain and user-defined chains.
This is a sensitive command.
--insert | -I chain [rulenum] rule-specification [options]
This inserts one or more rules in the selected chain as the given rule number. Number starts
from 1. This is also the default if no rule number is specified. This command is valid only for
the CIP_INPUT chain and user-defined chains.
--replace | -R chain rulenum rule-specification [options]
This command replaces a rule in the selected chain. If the source and/or destination names
resolve to multiple addresses, the command will fail. Rules are numbered starting at 1. This
command is valid only for the CIP_INPUT chain and user-defined chains. This is a sensitive
command.
--list | -L [chain [rulenum]]
Lists all rules or the rule of the specified rule number in the selected chain. Any chain (including
the built-in chains) can be listed. This command is valid for all chains including the Linux built-in
chains, the CIP built-in chains, and all user-defined chains. If no chain is selected, all chains
are listed.
--list-rules | -S [chain [rulenum]]
Prints all rules or the rule of the specified rule number in the selected chain in form of
iptables/ip6tables commands. This command is valid only for the CIP_INPUT chain and
user-defined chains. If no chain is selected, all users chains, if any, and the CIP_INPUT chain
are listed.
--flush | -F [chain]
This command deletes all user-defined rules in a chain. This command is valid only for the
CIP_INPUT chain and user-defined chains. If no chain is specified, this flushes all rules in the
CIP_INPUT chain and in all user-defined chains. The CIP_INPUT_p chain is not flushed. This is
a sensitive command.
324
--zero | -Z [chain]
This command zeros out the packet and bytes counters in the specified chain or all chains if
the chain name is not specified. This applies to all user-defined chains, the CIP built-in chain
and Linux built-in chains if chain is not specified. A user may also specify the Linux built-in
INPUT chain for this command.
--new | -N chain
This command creates a new user-defined chain by the given name. There must be no target
of that name already, or an error is returned. Creating a CIP reserved chain (a name begins
with CIP_) and any of the Linux built-in chains (INPUT, OUTPUT, and FORWARD) is not allowed.
--delete-chain | -X [chain]
Delete the user-defined chain specified. There must be no references to the chain. If there are,
you must delete or replace the referring rules before the chain can be deleted. The chain must
also be empty, i.e. not containing any rules. If no argument is given, it will attempt to delete
every user-defined chain in the table. The following built-in chains cannot be deleted: CIP_INPUT,
CIP_INPUT_p, INPUT, OUTPUT, and FORWARD.
--rename-chain | -E old-chain new-chain
This command renames the specified user-defined chain to the user-supplied name. Any
references to the old chain name are automatically renamed by Linux iptables/ip6tables itself.
The following built-in chains cannot be renamed: CIP_INPUT, CIP_INPUT_p, INPUT, OUTPUT,
and FORWARD.
--policy | -P chain target
This command sets the policy for the chain to the given target. Only a CIP built-in CIP_INPUT
chain can be specified with a policy. Neither Linux built-in nor user-defined chains can be
policy targets.
Setting a policy to CIP_INPUT chain causes the target (the first and only rule) in CIP_INPUT_p
chain to be replaced.
-h | -help | --help
This command prints the climconfig iptables/ip6tables help information. If it is specified after
a match extension, some more information pertinent to that match could also be given.
PARAMETERS
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own iptables
configuration. The provider name is case-insensitive and always converted to UPPER case.
-force
Used with a sensitive command, causes the command to bypass user confirmation. Must be
either ahead of the command or at end of the line.
[!] --protocol | -p proto
To match protocol proto, which is either a protocol name or number. Supported protocols
are: all(0), tcp(6), udp(17), icmpv6(58), esp(50), ah(51), and sctp(132). When the "!" argument
is used, the ‘match’ operation is changed to the ‘not match’ operation.
[!] --source | --src | -s address[/mask]
To match a source address. Address can be either a network IPv4/IPv6 address (with /mask),
or a plain IP address. The mask can be either a network mask or a plain number, specifying
the number of 1s at the left side of the network mask. Thus, a mask of 24 is equivalent to
255.255.255.0. When the "!" argument is used the ‘match’ operation is changed to the ‘not
match’ operation.
325
[!] --destination | --dst | -d address[/mask]
To match a destination address. Address can be either a network IP address (with /mask), or
a plain IPv4/IPv6 address. The mask can be either a network mask or a plain number, specifying
the number of 1s at the left side of the network mask. Thus, a mask of 24 is equivalent to
255.255.255.0. When the "!" argument is used the ‘match’ operation is changed to the ‘not
match’ operation.
[!] --in-interface | -i interface_name[+]
To match a packet by the interface in which it was received. If the interface name ends in a
"+", then any interface which begins with this name will match. If this option is omitted, any
interface name will match. When the "!" argument is used the ‘match’ operation is changed
to the ‘not match’ operation.
--jump | -j target
Jump to a target, which can be a user-defined chain, a built-in or extension target.
--match | -m match-module-name
Load a match extension module.
--numeric | -n
Select numeric output of addresses and ports.
--table | -t table
Specify table to manipulate. table must be ‘filter’.
--verbose | -v
Verbose mode.
--line-numbers
Print line numbers when listing.
--exact | -x
To expand numbers (display exact values).
--set-counters | -c pkts bytes
This enables the administrator to initialize the packet and byte counters of a rule (during INSERT,
APPEND, REPLACE operations). For example,
iptables -A CIP_INPUT -c 100 2000 -p tcp -i eth2
--dport 21 -j ACCEPT
would set the rule in the CIP_INPUT chain for accepting ftp packets targeted for interface eth2
and, at the same time, initialize the number of packets accepted to be 100 and number of
bytes to be 2000.
Match Extensions ip6
The supported match extensions are based on the Linux iptables man pages. They are subject to
future changes made by Linux iptables implementation.
ah
Matches the SPIs in Authentication header of IPsec packets.
[!] --ahspi spi[:spi]
[!] --ahlen length
--ahres
comment
Allows you to add comments (up to 256 characters) to any rule.
--comment comment
Example:
ip6tables -A CIP_INPUT -s fe80::221:5aff:fec9:1a32/64
-m
comment --comment 'A privatized IP block'
326
connbytes
Matches by how many bytes/packets a connection has transferred.
[!] --connbytes from:[to]
--connbytes-dir {original|reply|both}
--connbytes-mode {packets|bytes|avgpkt}
Example:
ip6tables .. -m connbytes --connbytes 10000:100000
--connbytes-dir both --connbytes-mode bytes ...
connlimit
Allows you to restrict the number of parallel TCP connections to a server per client IP address
(or address block).
[!] --connlimit-above n
--connlimit-mask prefix_length
Examples:
# allow 2 telnet connections per client host
ip6tables -p tcp --syn --dport 80 -s fe80::/64
-m connlimit
--connlimit-above 16 --connlimit-mask 64 -j REJECT
connmark *
Matches packets in connections with value set by CONNMARK target.
Not supported because it is valid only in the mangle table.
conntrack
Matches additional connection tracking information.
[!] --ctstate statelist
statelist is a comma-separated list of the connection states to match.
[!] --ctproto l4proto
[!] --ctorigsrc address[/mask]
[!] --ctorigdst address[/mask]
[!] --ctreplsrc address[/mask]
[!] --ctrepldst address[/mask]
Matches against original/reply source/destination address.
[!] --ctorigsrcport port
[!] --ctorigdstport port
[!] --ctreplsrcport port
[!] --ctrepldstport port
Matches against original/reply source/destination port (TCP/UDP/etc.) or GRE key.
[!] --ctstatus [NONE|EXPECTED|SEEN_REPLY|ASSURED|CONFIRMED][,...]
[!] --ctexpire time[:time]
--ctdir {ORIGINAL|REPLY}
dccp *
Matches DCCP-specific fields and types.
Not supported because CIP does not support Datagram Congestion Control Protocol.
dscp *
Matches the 6-bit DSCP field within the TOS field in the IP header.
327
Not supported because Differentiated Services Code Point is QoS related.
dst
Matches parameters in Destination Options header.
[!] --dst-len length
--dst-opts type[:length][,type[:length]...]
esp
Matches the SPIs in ESP header of IPsec packets.
[!] --espspi spi[:spi]
eui64
Matches EUI-64 part of a stateless auto configured IPv6 address.
frag
Matches parameters in the Fragment header.
[!] --fragid id[:id]
[!] --fraglen length
--fragres
--fragfirst
--fragmore
--fraglast
hashlimit
Hashlimit for something like per destination-ip or per (destip, destport) tuple. It gives you the
ability to express:
“1000 packets per second for every host in 192.168.0.0/16”
“100 packets per second for every service of 192.168.1.1”
with a single ip6tables rule.
--hashlimit-upto amount[/second|/minute|/hour|/day]
--hashlimit-above amount[/second|/minute|/hour|/day]
--hashlimit-burst amount
--hashlimit-mode {srcip|srcport|dstip|dstport},...
--hashlimit-srcmask prefix
--hashlimit-dstmask prefix
--hashlimit-name foo
--hashlimit-htable-size buckets
--hashlimit-htable-max entries
--hashlimit-htable-expire msec
--hashlimit-htable-gcinterval msec
hbh
Matches parameters in Hop-by-Hop Options header.
[!] --hbh-len length
--hbh-opts type[:length][,type[:length]...]
helper
Specifies the conntrack-helper module.
[!] --helper string
328
hl
Matches the Hop Limit field in the IPv6 header.
[!] --hl-eq value
--hl-lt value
--hl-gt value
icmp6
Matches ICMPv6-specific values.
[!] --icmp-type {type[/code]|typename}
Allows specification of the ICMPv6 type, which can be a numeric ICMPv6 type, type and code,
or one of the ICMPv6 type names shown by the command:
ip6tables -p ipv6-icmp -h
iprange
Matches on a given arbitrary range of IP addresses.
[!] --src-range from[-to]
[!] --dst-range from[-to]
ipv6header
Matches IPv6 extension headers and/or upper layer header.
--soft
[!] --header header[,header...]
length
Matches the length of a packet against a value or range of values.
[!] --length length[:length]
limit
Matches a rule to a specified rate. A rule using this extension will match until this limit is reached
(unless the '!' flag is used).
[!] --limit rate [/second|/minute|/hour|/day]
--limit-burst number
mac
Matches source MAC address.
[!] --mac-source address
mark *
Matches packets with value previously set by MARK target.
Not supported because it is valid only in the mangle table.
mh *
Matches the Mobility Header (MH) type.
Not supported because CIP does not support ipv6-mh protocol.
multiport
Matches a set of source or destination ports.
[!] --source-ports | --sports port[,port|,port:port]...
[!] --destination-ports | --dports port[,port|,port:port]...
[!] --ports port[,port|,port:port]...
owner *
Matches various characteristics of the (locally generated) packet creator.
329
Not supported because it is only valid in the OUTPUT and POSTROUTING chains.
physdev *
Matches on the bridge port input and output devices enslaved to a bridge device.
Not supported because CIP is not a bridge device.
pkttype
Matches link-layer packet type.
[!] --pkt-type {unicast|broadcast|multicast}
policy
Matches IPsec policy.
--dir {in|out}
--pol {none|ipsec}
--strict
[!] --reqid id
[!] --spi spi
[!] --proto {ah|esp|ipcomp}
[!] --mode {tunnel|transport}
[!] --tunnel-src addr[/mask]
[!] --tunnel-dst addr[/mask]
--next
quota
Implements network quota by decrementing a byte counter with each packet.
--quota bytes
The quota in bytes.
rateest *
Rate estimator.
Not supported because it is mainly for making routing decisions (mangle table).
realm *
Matches the routing realm.
Not supported because it is for dynamic routing.
recent
Matches against dynamically constructed list of IP addresses.
--name name
[!] --set
--rsource
--rdest
[!] --rcheck
[!] --update
[!] --remove
--seconds seconds
--hitcount hits
--rttl
rt
Matches on IPv6 routing header.
330
--rt-type [!] type
--rt-segsleft [!] num[:num]
--rt-len [!] length
--rt-0-res
--rt-0-addrs ADDR[,ADDR...]
--rt-0-not-strict
sctp
Matches SCTP-specific information.
[!] --source-port | --sport port[:port]
[!] --destination-port | --dport port[:port]
[!] --chunk-types all|any|only chunktype[:flags] [...]
set *
Matches IP sets which can be defined by ipset(8).
Not supported because ipset is not supported.
state
Allows access to conntrack state for this packet.
[!] --state statelist
Where statelist is a comma-separated list of the connection states to match. Possible states
are INVALID, ESTABLISHED, NEW, and RELATED.
statistic
Matches packets based on some statistic condition.
--mode mode
--probability p
--every n
--packet p
string
Matches a given string pattern.
--algo bm|kmp
--from offset
--to offset
[!] --string pattern
[!] --hex-string pattern
tcp
Matches TCP-specific values.
[!] --source-port | --sport port[:port]
[!] --destination-port | --dport port[:port]
[!] --tcp-flags mask comp
[!] --syn
[!] --tcp-option number
tcpmss
Matches the TCP MSS field of the TCP header.
[!] --mss value[:value]
331
time
Matches the arrival time/date of packets.
--datestart YYYY[-MM[-DD[Thh[:mm[:ss]]]]]
--datestop MM[-DD[Thh[:mm[:ss]]]]]
--timestart hh:mm[:ss]
--timestop hh:mm[:ss]
[!] --monthdays day[,day...]
[!] --weekdays day[,day...]
--utc
Interprets the times given for --datestart, --datestop, --timestart and --timestop to be utc.
--localtz
Interprets the times given for --datestart, --datestop, --timestart and --timestop to be local kernel
time. (Default)
tos
Matches the 8 bits ToS (Type of Service) field in the IP header.
[!] --tos value[/mask]
[!] --tos symbol
u32
Tests whether quantities of up to 4 bytes extracted from a packet have specified values. The
specification of what to extract is general enough to find data at given offsets from tcp headers
or payloads.
[!] --u32 tests
The argument amounts to a program in a small language described below:
tests := location "=" value | tests "&&" location "=" value
value := range | value "," range
range := number | number ":" number
a single number, n, is interpreted the same as n:n. n:m is interpreted as the range of numbers
>=n and <=m.
location := number | location operator number
operator := "&" | "<<" | ">>" | "@"
The operators &, <<, >> and && mean the same as in C. The = is really a set membership
operator and the value syntax describes a set. The @ operator is what allows moving to the
next header.
udp
Matches UDP-specific values.
[!] --source-port | --sport port[:port]
[!] --destination-port | --dport port[:port]
Target Extensions ip6
The supported target extensions are based on the Linux ip6tables man pages. They are subject to
future changes made by Linux ip6tables implementation.
log
When the LOG target is set for a rule, the Linux kernel will print some information on all matching
packets (i.e., most IP header fields) to syslog. This is a "non-terminating target", i.e. rule traversal
continues at the next rule. So if you want to LOG the packets you refuse, use two separate rules
with the same matching criteria, first using target LOG, the next using DROP (or REJECT).
332
LOG has the following options:
--log-level level
Level of logging (keyword or numeric): debug (or 7), info (or 6), notice (or 5), warning (or 4),
err (or 3), crit (or 2), alert (or 1), emerg (or 0).
Default is warning if not specified. If the specified severity of log-level is ‘info’ or above (e.g.,
warning), the log message is also sent to NSK host generating a 5232 EMS event in $0.
NOTE: Care should be used so as to not flood EMS with events.
--log-prefix prefix
Prefix log messages with the specified prefix; up to 25 letters long, and useful for distinguishing
messages in the logs.
--log-tcp-sequence
Log TCP sequence numbers. This is a security risk if the log is readable by users.
--log-tcp-options
Log options from the TCP packet header.
--log-ip-options
Log options from the IP packet header.
--log-uid
Log the userid of the process which generated the packet.
Example 1:
Both syslog and EMS display the message.
climiptables –A CIP_INPUT –j LOG --log-level info --log-prefix
“LOGDROP”
climiptables –A CIP_INPUT –j DROP
Example 2:
The message is only logged in the syslog not in EMS.
climiptables –A CIP_INPUT –j LOG --log-level debug --log-prefix
“LOGDROP”
climiptables –A CIP_INPUT –j DROP
reject
Used to send back an error packet in response to the matched packet: otherwise it is equivalent
to DROP so it is a terminating TARGET, ending rule traversal. The following option controls the
nature of the error packet returned:
--reject-with type
The type given for ip6tables can be
icmp6-no-route
no-route
icmp6-adm-prohibited
adm-prohibited
icmp6-addr-unreachable
addr-unreach
icmp6-port-unreachable
port-unreach
333
ERROR MESSAGES
climconfig ip6tables requires options/commands.
Try 'climconfig ip6tables -h' for more information.
climconfig ip6tables Error: File /etc/clim/climiptables/state does not exist.
climconfig ip6tables Error: Cannot open the file /etc/clim/climiptables/state: error-code.
Error: invalid version string 'version', file ‘/etc/clim/climiptables/state’.
Error: version string major, minor is not compatible, file ‘/etc/clim/climiptables/state’.
climconfig ip6tables Error: Invalid climiptables state file.
climconfig ip6tables Error: max prefix length for '--log-prefix' is 25.
climconfig ip6tables Error: Deleting/Appending/Renaming/Flushing a rule from/to the Linux built-in
chain 'xxx’ is not allowed.
climconfig ip6tables Error: Deleting/Appending/Renaming/Flushing a rule from/to the CIP policy
chain is not allowed.
CONSIDERATIONS
None.
EXAMPLES
> climcmd n1002583 climconfig ip6tables -S
-N ftp
-N telnet
-A CIP_INPUT -p tcp -m tcp --dport 20:21 -j ftp
-A CIP_INPUT -p tcp -m tcp --dport 23 -j telnet
-A ftp -i eth2 -j REJECT --reject-with icmp-port-unreachable
-A telnet ! -i eth2 -j REJECT --reject-with icmp-port-unreachable
Termination Info: 0
> climcmd n1002583 climconfig ip6tables -vL
Chain INPUT (policy ACCEPT 11 packets, 889 bytes)
pkts bytes target
prot opt in
out
source
destination
7636 1970K ACCEPT
all -- any
any
N1002583
657K 229M ACCEPT
all -- eth0
any
anywhere
204 13045 CIP_INPUT
all -- any
any
anywhere
146 9781 CIP_INPUT_p all -- any
any
anywhere
anywhere
anywhere
anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target
prot opt in
out
source
destination
Chain OUTPUT (policy ACCEPT 1313 packets, 246K bytes)
pkts bytes target
prot opt in
out
source
destination
Chain CIP_INPUT (1 references)
pkts bytes target
prot opt
destination
18
972 ftp
tcp -tcp dpts:ftp-data:ftp
4
224 telnet
tcp -tcp dpt:telnet
in
out
source
any
any
anywhere
anywhere
any
any
anywhere
anywhere
out
source
out
source
Chain CIP_INPUT_p (1 references)
pkts bytes target
prot opt in
destination
Chain ftp (1 references)
pkts bytes target
prot opt
334
in
destination
120 REJECT
all -eth2
reject-with icmp-port-unreachable
2
Chain telnet (1 references)
pkts bytes target
prot opt in
destination
1
60 REJECT
all -- !eth2
reject-with icmp-port-unreachable
Termination Info: 0
any
anywhere
out
source
any
anywhere
anywhere
anywhere
SEE ALSO
climconfig iptables, climiptables
335
climconfig.iptables(1)
NAME
climconfig.iptables -- configure iptables
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig iptables
[-prov prov-name] [-force] arguments
Or,
CLIMCMD {clim-name|ip-address} climconfig iptables
[-prov prov-name] arguments [-force]
climconfig.iptables Description
This command supports the following arguments. If a command is labeled as sensitive, a user
confirmation is required for execution unless the -force option is also specified.
--append | -A chain rule-specification [options]
This command appends one or more rules to the end of the selected chain. When the source
and/or destination names resolve to more than one address, a rule will be added for each
possible address combination. This command is valid only for the CIP_INPUT chain and
user-defined chains.
--delete | -D chain [rulenum | rule-specification [options]]
This command deletes one or more rules from the selected chain. There are two versions of
this command: the rule can be specified as a number in the chain (starting from 1 for the first
rule) or a rule to match. For the latter case, the specified rule must match an existing entry in
the chain exactly. This command is valid only for the CIP_INPUT chain and user-defined chains.
This is a sensitive command.
--insert | -I chain [rulenum] rule-specification [options]
This inserts one or more rules in the selected chain as the given rule number. Number starts
from 1. This is also the default if no rule number is specified. This command is valid only for
the CIP_INPUT chain and user-defined chains.
--replace | -R chain rulenum rule-specification [options]
This command replaces a rule in the selected chain. If the source and/or destination names
resolve to multiple addresses, the command will fail. Rules are numbered starting at 1. This
command is valid only for the CIP_INPUT chain and user-defined chains. This is a sensitive
command.
--list | -L [chain [rulenum]]
Lists all rules or the rule of the specified rule number in the selected chain. Any chain (including
the built-in chains) can be listed. This command is valid for all chains including the Linux built-in
chains, the CIP built-in chains, and all user-defined chains. If no chain is selected, all chains
are listed.
--list-rules | -S [chain [rulenum]]
Prints all rules or the rule of the specified rule number in the selected chain in form of
iptables/ip6tables commands. This command is valid only for the CIP_INPUT chain and
user-defined chains. If no chain is selected, all users chains, if any, and the CIP_INPUT chain
are listed.
--flush | -F [chain]
This command deletes all user-defined rules in a chain. This command is valid only for the
CIP_INPUT chain and user-defined chains. If no chain is specified, this flushes all rules in the
CIP_INPUT chain and in all user-defined chains. The CIP_INPUT_p chain is not flushed. This is
a sensitive command.
336
--zero | -Z [chain]
This command zeros out the packet and bytes counters in the specified chain or all chains if
the chain name is not specified. This applies to all user-defined chains, the CIP built-in chain
and Linux built-in chains if chain is not specified. A user may also specify the Linux built-in
INPUT chain for this command.
--new | -N chain
This command creates a new user-defined chain by the given name. There must be no target
of that name already, or an error is returned. Creating a CIP reserved chain (a name begins
with CIP_) and any of the Linux built-in chains (INPUT, OUTPUT, and FORWARD) is not allowed.
--delete-chain | -X [chain]
Delete the user-defined chain specified. There must be no references to the chain. If there are,
you must delete or replace the referring rules before the chain can be deleted. The chain must
also be empty, i.e. not containing any rules. If no argument is given, it will attempt to delete
every user-defined chain in the table. The following built-in chains cannot be deleted: CIP_INPUT,
CIP_INPUT_p, INPUT, OUTPUT, and FORWARD.
--rename-chain | -E old-chain new-chain
This command renames the specified user-defined chain to the user-supplied name. Any
references to the old chain name are automatically renamed by Linux iptables/ip6tables itself.
The following built-in chains cannot be renamed: CIP_INPUT, CIP_INPUT_p, INPUT, OUTPUT,
and FORWARD.
--policy | -P chain target
This command sets the policy for the chain to the given target. Only a CIP built-in CIP_INPUT
chain can be specified with a policy. Neither Linux built-in nor user-defined chains can be
policy targets.
Setting a policy to CIP_INPUT chain causes the target (the first and only rule) in CIP_INPUT_p
chain to be replaced.
-h | -help | --help
This command prints the climconfig iptables/ip6tables help information. If it is specified after
a match extension, some more information pertinent to that match could also be given.
PARAMETERS
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own iptables
configuration. The provider name is case-insensitive and always converted to UPPER case.
-force
Used with a sensitive command, causes the command to bypass user confirmation. Must be
either ahead of the command or at end of the line.
[!] --protocol | -p proto
To match protocol proto, which is either a protocol name or number. Supported protocols
are: all(0), tcp(6), udp(17), icmp(1), esp(50), ah(51), and sctp(132). When the "!" argument
is used, the ‘match’ operation is changed to the ‘not match’ operation.
[!] --source | --src | -s address[/mask]
To match a source address. Address can be either a network IPv4/IPv6 address (with /mask),
or a plain IP address. The mask can be either a network mask or a plain number, specifying
the number of 1s at the left side of the network mask. Thus, a mask of 24 is equivalent to
255.255.255.0. When the "!" argument is used the ‘match’ operation is changed to the ‘not
match’ operation.
337
[!] --destination | --dst | -d address[/mask]
To match a destination address. Address can be either a network IP address (with /mask), or
a plain IPv4/IPv6 address. The mask can be either a network mask or a plain number, specifying
the number of 1s at the left side of the network mask. Thus, a mask of 24 is equivalent to
255.255.255.0. When the "!" argument is used the ‘match’ operation is changed to the ‘not
match’ operation.
[!] --in-interface | -i interface_name[+]
To match a packet by the interface in which it was received. If the interface name ends in a
"+", then any interface which begins with this name will match. If this option is omitted, any
interface name will match. When the "!" argument is used the ‘match’ operation is changed
to the ‘not match’ operation.
--fragment | -f
To match only the second and subsequent fragments of a datagram.
! --fragment | -f
To match only the first fragment, or an unfragmented datagram.
--jump | -j target
Jump to a target, which can be a user-defined chain, a built-in or extension target.
--match | -m match-module-name
Load a match extension module.
--numeric | -n
Select numeric output of addresses and ports.
--table | -t table
Specify table to manipulate. table must be ‘filter’.
--verbose | -v
Verbose mode.
--line-numbers
Print line numbers when listing.
--exact | -x
To expand numbers (display exact values).
--set-counters | -c pkts bytes
This enables the administrator to initialize the packet and byte counters of a rule (during INSERT,
APPEND, REPLACE operations). For example,
iptables -A CIP_INPUT -c 100 2000 -p tcp -i eth2
--dport 21 -j ACCEPT
would set the rule in the CIP_INPUT chain for accepting ftp packets targeted for interface eth2
and, at the same time, initialize the number of packets accepted to be 100 and number of
bytes to be 2000.
Match Extensions ip
The supported match extensions are based on the Linux iptables man pages. They are subject to
future changes made by Linux iptables implementation.
addrtype
Matches packets based on address type. Valid address types are: UNSPEC, UNICAST, LOCAL,
BROADCAST, ANYCAST, MULTICAST, BLACKHOLE, UNREACHABLE, PROHIBIT, THROW,
NAT, XRESOLVE.
[!] --src-type type
[!] --dst-type type
--limit-iface-in
338
ah
Matches the SPIs in Authentication header of IPsec packets.
[!] --ahspi spi[:spi]
comment
Allows you to add comments (up to 256 characters) to any rule.
--comment comment
Example:
iptables -A INPUT -s 192.168.0.0/16 -m comment
--comment 'A privatized IP block'
connbytes
Matches by how many bytes/packets a connection has transferred.
[!] --connbytes from:[to]
Matches packets from a connection whose packets/bytes/average packet size is more than
FROM and less than TO bytes/packets. If TO is omitted, only a FROM check is done. "!" is
used to match packets not falling in the range:
--connbytes-dir {original|reply|both}
--connbytes-mode {packets|bytes|avgpkt}
Example:
iptables .. -m connbytes --connbytes 10000:100000
--connbytes-dir both
--connbytes-mode bytes ...
connlimit
Allows you to restrict the number of parallel TCP connections to a server per client IP address
(or address block).
[!] --connlimit-above n
--connlimit-mask bits
Examples:
# allow 2 telnet connections per client host
iptables -p tcp --syn --dport 23 -m connlimit
--connlimit-above 2 -j REJECT
connmark *
Matches packets in connections with value set by CONNMARK target.
Not supported because it is valid only in the mangle table.
conntrack
Matches additional connection tracking information.
[!] --ctstate statelist
statelist is a comma-separated list of the connection states to match.
[!] --ctproto l4proto
[!] --ctorigsrc address[/mask]
[!] --ctorigdst address[/mask]
[!] --ctreplsrc address[/mask]
[!] --ctrepldst address[/mask]
Matches against original/reply source/destination address.
[!] --ctorigsrcport port
[!] --ctorigdstport port
339
[!] --ctreplsrcport port
[!] --ctrepldstport port
Matches against original/reply source/destination port (TCP/UDP/etc.) or GRE key.
[!] --ctstatus [NONE|EXPECTED|SEEN_REPLY|ASSURED|CONFIRMED][,...]
[!] --ctexpire time[:time]
--ctdir {ORIGINAL|REPLY}
dccp *
Matches DCCP-specific fields and types.
Not supported because CIP does not support Datagram Congestion Control Protocol.
dscp *
Matches the 6-bit DSCP field within the TOS field in the IP header.
Not supported because Differentiated Services Code Point is QoS related.
ecn
Matches different ECN fields in the TCP and IPv4 headers.
[!] --ecn-tcp-cwr
[!] --ecn-tcp-ece
[!] --ecn-ip-ect num
esp
Matches the SPIs in ESP header of IPsec packets.
[!] --espspi spi[:spi]
hashlimit
Hashlimit for something like per destination-ip or per (destip,destport) tuple. It gives you the
ability to express:
'1000 packets per second for every host in 192.168.0.0/16'
'100 packets per second for every service of 192.168.1.1'
with a single iptables rule.
--hashlimit-upto amount[/second|/minute|/hour|/day]
--hashlimit-above amount[/second|/minute|/hour|/day]
--hashlimit-burst amount
--hashlimit-mode {srcip|srcport|dstip|dstport},...
--hashlimit-srcmask prefix
--hashlimit-dstmask prefix
--hashlimit-name foo
--hashlimit-htable-size buckets
--hashlimit-htable-max entries
--hashlimit-htable-expire msec
--hashlimit-htable-gcinterval msec
helper
Specifies the conntrack-helper module.
[!] --helper string
icmp
This extension is loaded if '--protocol icmp' is specified. It provides the following option:
[!] --icmp-type {type[/code]|typename}
340
Allows specification of the ICMP type, which can be a numeric ICMP type, type/code pair,
or one of the ICMP type names shown by the command: iptables -p icmp -h
iprange
Matches on a given arbitrary range of IP addresses.
[!] --src-range from[-to]
[!] --dst-range from[-to]
length
Matches the length of a packet against a value or range of values.
[!] --length length[:length]
limit
Matches a rule to a specified rate. A rule using this extension will match until this limit is reached
(unless the '!' flag is used).
[!] --limit rate [/second|/minute|/hour|/day]
--limit-burst number
mac
Matches source MAC address.
[!] --mac-source address
mark *
Matches packets with value previously set by MARK target.
Not supported because it is valid only in the mangle table.
multiport
Matches a set of source or destination ports.
[!] --source-ports | --sports port[,port|,port:port]...
[!] --destination-ports | --dports port[,port|,port:port]...
[!] --ports port[,port|,port:port]...
owner *
Matches various characteristics of the (locally generated) packet creator.
Not supported because it is only valid in the OUTPUT and POSTROUTING chains.
physdev *
Matches on the bridge port input and output devices enslaved to a bridge device.
Not supported because CIP is not a bridge device.
pkttype
Matches link-layer packet type.
[!] --pkt-type {unicast|broadcast|multicast}
policy
Matches IPsec policy.
--dir {in|out}
--pol {none|ipsec}
--strict
[!] --reqid id
[!] --spi spi
[!] --proto {ah|esp|ipcomp}
[!] --mode {tunnel|transport}
341
[!] --tunnel-src addr[/mask]
[!] --tunnel-dst addr[/mask]
--next
quota
Implements network quota by decrementing a byte counter with each packet.
--quota bytes
The quota in bytes.
rateest *
Rate estimator.
Not supported because it is mainly for making routing decisions (mangle table).
realm *
Matches the routing realm.
Not supported because it is for dynamic routing.
recent
Matches against dynamically constructed list of IP addresses.
--name name
[!] --set
--rsource
--rdest
[!] --rcheck
[!] --update
[!] --remove
--seconds seconds
--hitcount hits
--rttl
sctp
Matches SCTP-specific information.
[!] --source-port | --sport port[:port]
[!] --destination-port | --dport port[:port]
[!] --chunk-types all|any|only chunktype[:flags] [...]
set *
Matches IP sets which can be defined by ipset(8).
Not supported because ipset is not supported.
socket
Matches if an open socket can be found by doing a socket lookup on the packet.
state
Allows access to conntrack state for this packet.
[!] --state statelist
Where statelist is a comma-separated list of the connection states to match. Possible states
are INVALID, ESTABLISHED, NEW, and RELATED.
statistic
Matches packets based on some statistic condition.
--mode mode
342
--probability p
--every n
--packet p
string
Matches a given string pattern.
--algo bm|kmp
--from offset
--to offset
[!] --string pattern
[!] --hex-string pattern
tcp
Matches TCP-specific values.
[!] --source-port | --sport port[:port]
[!] --destination-port | --dport port[:port]
[!] --tcp-flags mask comp
[!] --syn
[!] --tcp-option number
tcpmss
Matches the TCP MSS field of the TCP header.
[!] --mss value[:value]
time
Matches the arrival time/date of packets.
--datestart YYYY[-MM[-DD[Thh[:mm[:ss]]]]]
--datestop YYYY[-MM[-DD[Thh[:mm[:ss]]]]]
--timestart hh:mm[:ss]
--timestop hh:mm[:ss]
[!] --monthdays day[,day...]
[!] --weekdays day[,day...]
--utc
Interprets the times given for --datestart, --datestop, --timestart and --timestop to be utc.
--localtz
Interprets the times given for --datestart, --datestop, --timestart and --timestop to be local kernel
time. (Default)
tos
Matches the 8 bits ToS (Type of Service) field in the IP header.
[!] --tos value[/mask]
[!] --tos symbol
ttl
Matches the Time to Live (TTL) field in the IP header.
--ttl-eq ttl
--ttl-gt ttl
--ttl-lt ttl
343
u32
Tests whether quantities of up to 4 bytes extracted from a packet have specified values. The
specification of what to extract is general enough to find data at given offsets from tcp headers
or payloads.
[!] --u32 tests
The argument amounts to a program in a small language described below:
tests := location "=" value | tests "&&" location "=" value
value := range | value "," range
range := number | number ":" number
a single number, n, is interpreted the same as n:n. n:m is interpreted as the range of numbers
>=n and <=m.
location := number | location operator number
operator := "&" | "<<" | ">>" | "@"
The operators &, <<, >> and && mean the same as in C. The = is really a set membership
operator and the value syntax describes a set. The @ operator is what allows moving to the
next header.
udp
Matches UDP-specific values.
[!] --source-port | --sport port[:port]
[!] --destination-port | --dport port[:port]
Extensions with an asterisk (*) are not supported but are not disallowed by CIP.
Target Extensions ip
The supported target extensions are based on the Linux iptables man pages. They are subject to
future changes made by Linux iptables implementation.
log
When the LOG target is set for a rule, the Linux kernel will print some information on all matching
packets (i.e., most IP header fields) to syslog. This is a "non-terminating target", i.e. rule traversal
continues at the next rule. If you want to LOG the packets you refuse, use two separate rules
with the same matching criteria, first using target LOG, the next using DROP (or REJECT).
LOG has the following options:
--log-level level
Level of logging (keyword or numeric): debug (or 7), info (or 6), notice (or 5), warning (or 4),
err (or 3), crit (or 2), alert (or 1), emerg (or 0).
Default is warning if not specified. If the specified severity of log-level is 'info' or above (e.g.,
warning), the log message is also sent to NSK host generating a 5232 EMS event in $0.
NOTE: Care should be used so as to not flood EMS with events.
--log-prefix prefix
Prefix log messages with the specified prefix; up to 25 letters long, and useful for distinguishing
messages in the logs.
--log-tcp-sequence
Log TCP sequence numbers. This is a security risk if the log is readable by users.
--log-tcp-options
Log options from the TCP packet header.
--log-ip-options
Log options from the IP packet header.
344
--log-uid
Log the userid of the process which generated the packet.
Example 1:
Both syslog and EMS display the message.
climiptables –A CIP_INPUT –j LOG --log-level info --log-prefix
“LOGDROP”
climiptables –A CIP_INPUT –j DROP
Example 2:
The message is only logged in the syslog not in EMS.
climiptables –A CIP_INPUT –j LOG --log-level debug --log-prefix
“LOGDROP”
climiptables –A CIP_INPUT –j DROP
reject
Used to send back an error packet in response to the matched packet: otherwise it is equivalent
to DROP so it is a terminating TARGET, ending rule traversal. The following option controls the
nature of the error packet returned:
--reject-with type
The type given for iptables can be
icmp-net-unreachable
icmp-host-unreachable
icmp-port-unreachable
icmp-proto-unreachable
icmp-net-prohibited
icmp-host-prohibited
icmp-admin-prohibited
ERROR MESSAGES
climconfig iptables requires options/commands. Try 'climconfig iptables -h' for more information.
climconfig iptables Error: File /etc/clim/climiptables/state does not exist.
climconfig iptables Error: Cannot open the file /etc/clim/climiptables/state: error-code
Error: invalid version string 'version', file ‘/etc/clim/climiptables/state’.
Error: version string major, minor is not compatible, file ‘/etc/clim/climiptables/state’.
climconfig iptables Error: Invalid climiptables state file.
climconfig iptables Error: max prefix length for '--log-prefix' is 25
climconfig iptables Error: Deleting/Appending/Renaming/Flushing a rule from/to the Linux built-in
chain 'xxx’ is not allowed.
climconfig iptables Error: Deleting/Appending/Renaming/Flushing a rule from/to the CIP policy
chain is not allowed.
CONSIDERATIONS
None.
EXAMPLES
> climcmd n1002583 climconfig iptables -S
-N ftp
-N telnet
-A CIP_INPUT -p tcp -m tcp --dport 20:21 -j ftp
345
-A CIP_INPUT -p tcp -m tcp --dport 23 -j telnet
-A ftp -i eth2 -j REJECT --reject-with icmp-port-unreachable
-A telnet ! -i eth2 -j REJECT --reject-with icmp-port-unreachable
Termination Info: 0
> climcmd n1002583 climconfig iptables -vL
Chain INPUT (policy ACCEPT 11 packets, 889 bytes)
pkts bytes target
prot opt in
out
source
destination
7636 1970K ACCEPT
all -- any
any
N1002583
anywhere
657K 229M ACCEPT
all -- eth0
any
anywhere
anywhere
204 13045 CIP_INPUT
all -- any
any
anywhere
anywhere
146 9781 CIP_INPUT_p all -- any
any
anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target
prot opt in
out
source
destination
Chain OUTPUT (policy ACCEPT 1313 packets, 246K bytes)
pkts bytes target
prot opt in
out
source
destination
Chain CIP_INPUT (1 references)
pkts bytes target
prot opt in
out
destination
18
972 ftp
tcp -- any
any
anywhere
tcp dpts:ftp-data:ftp
4
224 telnet
tcp -- any
any
anywhere
tcp dpt:telnet
Chain CIP_INPUT_p (1 references)
pkts bytes target
prot opt in
destination
out
source
anywhere
anywhere
source
Chain ftp (1 references)
pkts bytes target
prot opt in
out
source
destination
2
120 REJECT
all -- eth2
any
anywhere
anywhere
reject-with icmp-port-unreachable
Chain telnet (1 references)
pkts bytes target
prot opt in
out
source
destination
1
60 REJECT
all -- !eth2 any
anywhere
anywhere
reject-with icmp-port-unreachable
Termination Info: 0
SEE ALSO
climconfig ip6tables, climiptables
346
climconfig.prov(1)
NAME
climconfig.prov -- configure prov
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig prov
-add prov-name
CLIMCMD {clim-name|ip-address} climconfig prov
-delete prov-name [-force]
CLIMCMD {clim-name|ip-address} climconfig prov
-info {prov-name | all} [-obeyform]
climconfig.prov Description
This command allows you to display and configure climconfig prov objects.
All network objects configured on CLIMs with the MULTIPROV attribute set to OFF are associated
with the provider that this CLIM is assigned to in the SCF CLIM object configuration.
Network objects configured on CLIMs with the MULTIPROV attribute set to ON must be explicitly
associated with a provider. That association is represented by a climconfig prov object.
prov -add
configures a new provider association. The new provider will have a loop back interface
configured automatically. The provider name must not be more than seven characters long and
must be alpha-numeric characters with the first character being alphabetic, and should directly
correspond to the name of the PROVIDER object in SCF that this CLIM will provide network
services to. The name can be specified in case-insensitive manner. climconfig converts the name
to upper case.
prov -delete
deletes a provider association. All network objects configured using this provider association
should be deleted first before deleting the prov object. If any network objects are associated
with it, an error message is generated.
NOTE: The sp, sa, psk, remote, iptables and ip6tables objects will be automatically deleted
if the provider is deleted, and no error will be generated.
prov -info
displays all the configured provider associations.
prov -info -obeyform
obtains the obeyform lines for configuring the provider association in add format.
PARAMETERS
-force
Used with the -delete option, causes the command to bypass user confirmation.
-obeyform
Used with the -info option, obtains the provider association configuration in obeyform format.
ERROR MESSAGES
For climconfig prov -add:
Error: The specified provider name already exists.
Error: The specified provider name is invalid; it must not be more than seven characters and
must be alpha-numeric characters with the first character being alphabetic.
347
For climconfig prov -delete:
Error: The specified provider name does not exist.
Error: The specified provider has one or more interfaces still associated with it.
Error: The specified provider name is invalid; it must not be more than seven characters and
must be alpha-numeric characters with the first character being alphabetic.
CONSIDERATIONS
Climconfig prov objects are added implicitly during interface addition, so this command is only
required if a provider with only loopback needs to be added.
The deletion of a provider results in deletion of IPSec and iptables objects. If you want to preserve
this configuration for later re-use, you can first run climconfig all -info -obeyform to
capture the configuration of these objects.
EXAMPLES
To add the provider ztc1:
> CLIMCMD n1002581 climconfig prov -add ztc1
To delete the provider ztc1:
> CLIMCMD n1002581 climconfig prov -delete ztc1
To display all providers:
> CLIMCMD n1002581 climconfig prov -info all
ztc0
ztc1
To display all providers with the obeyform option:
> CLIMCMD n1002581 climconfig prov -info all -obeyform
climconfig prov –add ztc0
climconfig prov –add ztc1
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
Exit
SEE ALSO
prov.1p (man 1p prov)
348
climconfig.psk(1)
NAME
climconfig.psk -- configure pre-shared keys
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig psk -add
[-prov prov—name] -ip {ip-address|fqdn}
-k {hex-number|string}
CLIMCMD {clim-name|ip-address} climconfig psk -delete
[-prov prov—name] -ip {ip-address|fqdn}
CLIMCMD {clim-name|ip-address} climconfig psk -info
[-prov {prov—name | all}] [-ip {ip-address|fqdn}]
[-obeyform]
climconfig.psk Description
This command does the following:
psk -add
adds a pre-shared key for an IP address or fully-qualified domain name (FQDN) to the psk.txt
file. Both the -ip and -k parameters are required.
psk -delete
deletes the pre-shared key for a given IP address or deletes the FQDN from the psk.txt file.
The -ip parameter is required.
psk -info
displays the pre-shared key for a given IP address or displays the FQDN from the psk.txt
file. The -ip parameter is optional; if it is omitted, all pre-shared keys for various IP addresses
from the psk.txt file are displayed.
PARAMETERS
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own IPSec
configuration. The provider name is case-insensitive and always converted to UPPER case.
-ip ip-address
Specifies an IPv4 or IPv6 address.
-ip fqdn
Specifies a fully qualified domain name.
-k string
Specifies a key as a series of hexadecimal digits preceded by 0x or double-quoted character
string.
-obeyform
Displays the pre-shared key configuration in the format of add command(s).
ERROR MESSAGES
For psk -add:
Please give the correct options. (The wrong options are displayed.)
For psk -delete:
The pre-shared key for the matched IP address is not found.
For psk -info:
There are no pre-shared keys found for the matching IP address.
349
If no options are specified, all the pre-shared keys from the file psk.txt are displayed.
EXAMPLES
> CLIMCMD n1002581 climconfig psk -add –ip 10.1.1.2
–k 0x12abfe34
> CLIMCMD n1002581 climconfig psk -add –ip 10.3.3.2
–k ""simple psk""
> CLIMCMD n1002581 climconfig psk -add –prov ztc0 –ip 10.3.3.2
–k “simple psk”
> CLIMCMD n1002581 climconfig psk -delete –ip 10.3.3.2
> CLIMCMD n1002581 climconfig psk -delete –prov ztc0 –ip 10.3.3.2
> CLIMCMD n1002581 climconfig psk -info
> CLIMCMD n1002581 climconfig psk -info –ip 10.3.3.2
> CLIMCMD n1002581 climconfig psk -info –prov zsam1 –ip 10.2.2.1
> CLIMCMD n1002581 climconfig psk -info –prov ztc0 –obeyform
The sample display for the psk -info command is:
10.3.3.2
simple psk
The sample display for the psk -info -obeyform command is:
climconfig psk -add \
-ip
10.3.3.2 \
-k
"simple psk"
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
350
climconfig.remote(1)
NAME
climconfig.remote -- manage remote configuration for security associations
SYNOPSIS
Remote configuration for authentication method of pre-shared key:
CLIMCMD {clim-name | ip-address} climconfig remote -add
[-prov prov—name] -ip {ip-address | anonymous}
-M exchange_mode [-idtype address [-idvalue ip-address]
| -idtype {fqdn | user_fqdn} -idvalue string
| -idtype keyid -idvalue file]
[-peer_idtype address [-peer_idvalue ip-address]
| -peer_idtype {fqdn | user_fqdn} -peer_idvalue string
| -peer_idtype keyid -peer_idvalue file [-verify_identifier]]
[-dpd_delay seconds [-dpd_retry seconds]
[-dpd_maxfail number]]
-E encryption_algorithm
-H hash_algorithm [-A pre_shared_key]
-D dh_group [-restart [-force]]
Remote configuration for authentication method of certificates:
CLIMCMD {clim-name | ip-address} climconfig remote -add
[-prov prov—name] -ip {ip-address | anonymous}
-M exchange_mode [-idtype asn1dn [-idvalue string]]
[-peer_idtype asn1dn [-peer_idvalue string]
[-verify_identifier]]
-pubcert certfile -privkey privkeyfile
[-dpd_delay seconds [-dpd_retry seconds]
[-dpd_maxfail number]]
-E encryption_algorithm
-H hash_algorithm -A {rsasig | gssapi_krb}
-D dh_group [-gssid string] [-restart [-force]]
Remote -delete command:
CLIMCMD {clim-name | ip-address} climconfig remote -delete
[-prov prov—name] -ip {ip-address | anonymous} [-restart
[-force]]
Remote -add_proposal command for pre-shared key:
CLIMCMD {clim-name | ip-address} climconfig remote
–add_proposal [-prov prov—name] –ip {ip-address | anonymous}
-E encryption_algorithm -H hash_algorithm
[-A pre_shared_key]
-D dh_group [-restart [-force]]
Remote -add_proposal command for certificates:
CLIMCMD {clim-name | ip-address} climconfig remote
–add_proposal [-prov prov—name] –ip {ip-address | anonymous}
-E encryption_algorithm -H hash_algorithm
-A {rsasig | gssapi_krb}
-D dh_group [-gssid string] [-restart [-force]]
Remote -delete_proposal command:
CLIMCMD {clim-name | ip-address}
climconfig remote –delete_proposal
[-prov prov—name] –ip {ip-address | anonymous}
–tag tag-id [-restart [-force]]
Remote -info command:
CLIMCMD {clim-name | ip-address} climconfig remote -info
[-prov {prov—name | all}][-ip {ip-address | anonymous}]
[-obeyform]
351
climconfig.remote Description
remote -add
adds a remote entry into the configuration file racoon.conf.
remote -add_proposal
adds an additional proposal for the remote ip-address into the configuration file racoon.conf
for the phase 1 IKE negotiation. A maximum of 10 proposals can exist in a remote configuration.
remote -delete
deletes a remote entry from the configuration file racoon.conf.
remote -delete_proposal
deletes a proposal with a tag identifier for the remote IP address from the configuration file
racoon.conf. At least one proposal must exist in a remote configuration.
remote -info
displays the remote configurations from the configuration file racoon.conf.
PARAMETERS
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own IPSec
configuration. The provider name is case-insensitive and always converted to UPPER case.
–ip ip-address
Specifies the IP address in the configuration file racoon.conf for which the remote command
is issued.
–ip anonymous
Indicates that no IP address is specified.
–M exchange_mode
Defines the exchange mode for phase 1 when the racoon is the initiator. This parameter also
defines the acceptable exchange mode when the racoon is the responder. exchange_mode
is one or more of: main, aggressive, or base. You can specify more than one mode by
separating them with a comma and enclosing them in double quotes. If you specify multiple
modes, the racoon uses the first mode when it is the initiator.
–idtype
Specifies the identifier sent to the remote host and the type to use in the phase 1 negotiation.
The value is one of: user_fqdn, fqdn, address, keyid, or asn1dn.
–idvalue
Specifies the idtype value. The value is one of: ip-address, string, file.
NOTE:
When the value is of type file, the entire pathname has to be specified.
–peer_idtype
Specifies the peer's identifier to be received. If it is not defined, racoon will not verify the peer's
identifier in ID payload transmitted from the peer. If it is defined, the behavior of the verification
depends on the flag of verify_identifier. The value is one of: user-fqdn, fqdn, address,
keyid or asn1dn.
–peer_idvalue
Specifies the peer_idtype value. The value is one of: ip-address, string, file.
NOTE:
352
When the value is of type file, the entire pathname has to be specified.
–verify_identifier
To verify the peer's identifier, set this to on. In this case, if the value defined by -peer_idtype
is not the same as the peer's identifier in the ID payload, the negotiation will fail. The default
is off.
–pubcert certfile
Specifies the file name of a public certificate.
–privkey privkeyfile
Specifies the file name of a private key. If you omit the –pubcert or -privkey option, the
default behavior is to use the pre-shared key. The default path for pre-shared key is /etc/
racoon/psk.txt.
–dpd_delay seconds
Activates Dead Peer Detection (DPD) and specifies the time, in seconds, allowed between two
proof of liveliness requests. The default value is 0, which disables DPD monitoring but negotiates
DPD support.
–dpd_retry seconds
Sets the delay, in seconds, to wait for a proof of liveliness before considering it as failed and
send another request. The default value is 5. This is set only if dpd_delay is set.
–dpd_maxfail number
Sets the maximum number of liveliness proofs to request, without reply, before considering the
peer is dead. The default value is 5. This is set only if dpd_delay is set.
–A authentication_method
Specifies the authentication method used for the phase 1 negotiation. This parameter is required.
The method is one of the values: pre_shared_key, rsasig, or gssapi_krb.
–D dh_group
Defines the group used for the Diffie-Hellman exponentiations. This parameter is required.
group is one of the values: modp768, modp1024, modp1536, modp2048, modp3072,
modp4096, modp6144, or modp8192. You can also specify one of the numerals 1, 2, 5, 14,
15, 16, 17, or 18 as the DH group number. When you choose aggressive mode, you must
define the same DH group in each proposal.
–E encryption_algorithm
Specifies the encryption algorithm used for the phase 1 negotiation. This parameter is required.
The algorithm is one of the following: des, 3des, blowfish, cast128, or aes for Oakley.
Do not use this parameter for other transforms.
–H hash_algorithm
Specifies the hash algorithm used for the phase 1 negotiation. This parameter is required.
hash_algorithm is one of the values: md5, sha1, sha256, sha384, or sha512 for Oakley.
–gssid string
Specifies the GSS-API endpoint name, to be included as an attribute in the SA, if the gssapi_krb
authentication method is used. If gssid is not defined, the default value host/hostname' is
used, where hostname is the value returned by the hostname command.
–tag tag-id
The tag identifier that identifies the proposal of a remote configuration. Tag ids are numbered
from 1 to 10.
–restart
Causes the newest racoon.conf file to be loaded by restarting the racoon daemon. A warning
about the restart of the racoon daemon is issued to inform users that the SAs established in the
SAD will be disconnected.
353
–force
Used with the -restart option, causes the command to bypass user confirmation.
-obeyform
Displays the remote configuration in the format of add command(s).
ERROR MESSAGES
For remote -add:
Please give the correct options. (The incorrect option is displayed.)
For remote -delete:
The remote information for the matched IP-address is not found.
For remote -info:
The remote information for the IP-address is not found.
CONSIDERATIONS
The configuration information is not loaded until the racoon daemon is restarted. To restart the
racoon daemon, use the restart option.
If no options are specified for the remote -info command all the remote information for the IP
addresses contained in the configuration file racoon.conf are displayed.
EXAMPLES
> CLIMCMD clim1 climconfig remote -add –ip 10.1.1.2 –M main
-dpd_delay 60 –E 3des –H md5 –A pre_shared_key –D modp768
> CLIMCMD 17.205.17.2 climconfig remote -add –ip anonymous –M main
–E 3des –H md5 –A pre_shared_key –D modp768 –restart
> CLIMCMD n100253 climconfig remote -add –ip anonymous –M main
–E 3des –H md5 –A pre_shared_key –D modp768 –restart -force
> CLIMCMD clim1 climconfig remote -add –ip 10.1.1.2 –M main
–pubcert pubkey.pem –privkey privkey.pem –E 3des –H md5 –A rsasig
–D modp768 –restart
> CLIMCMD clim1 climconfig remote -add –ip 10.1.1.2 –M main
–pubcert pubkey.pem –privkey privkey.pem –E 3des –H md5 –A rsasig
–D modp768 –restart -force
> CLIMCMD n100253 climconfig remote -add –ip anonymous –M main
–pubcert pubkey.pem –privkey privkey.pem –E 3des –H md5 –A rsasig
–D modp768
With the following command, you will be asked for confirmation that you want to restart the racoon
daemon:
> CLIMCMD clim1 climconfig remote -delete –ip 10.1.1.2 –restart
The following command does not prompt for confirmation:
> CLIMCMD clim1 climconfig remote -delete –ip 10.1.1.2
–restart -force
> CLIMCMD clim1 climconfig remote -delete –ip anonymous
> CLIMCMD clim1 climconfig remote –add_proposal –ip 10.1.1.2
–E 3des –H md5 –A pre_shared_key –D modp768 –restart
> CLIMCMD clim1 climconfig remote –delete_proposal –ip 10.1.1.2
–tag 2 –restart –force
> CLIMCMD n100253 climconfig remote -info –ip anonymous
354
> CLIMCMD n100253 climconfig remote -add –prov ztc0 –ip 10.1.1.2
–M main –dpd_delay 60 –E 3des –H md5 –A pre_shared_key –D modp768
> CLIMCMD n100253 climconfig remote -delete –prov ztc0
–ip 10.1.1.2 –restart
> CLIMCMD n100253 climconfig remote –add_proposal –prov zsam1
–ip 10.1.1.2 –E 3des –H md5 –A pre_shared_key –D modp768 –restart
> CLIMCMD n100253 climconfig remote –delete_proposal –prov zsam1
–ip 10.1.1.2 –tag 2 –restart –force
> CLIMCMD n100253 climconfig remote –info –prov zsam1
> CLIMCMD n100253 climconfig remote –info –prov ztc1 –obeyform
> CLIMCMD 17.205.17.2 climconfig remote -info
Sample display for remote info:
remote 10.2.2.1 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
> CLIMCMD n100253 climconfig remote -info -ip anonymous -obeyform
> CLIMCMD 17.205.17.2 climconfig remote -info -obeyform
The sample display for a remote -info -obeyform command is:
climconfig remote -add \
-ip
10.2.2.1 \
-M
main \
-E
3des \
-H
sha1 \
-A
pre_shared_key \
-D
modp1024
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
SEE ALSO
climconfig psk, climconfig sa, climconfig sp
355
climconfig.route(1)
NAME
climconfig.route -- configure routes
SYNOPSIS
Command to add IPv4 route (non-default):
CLIMCMD {clim-name|ip-address} climconfig route -add
{eth0|eth0:0 | interface} -target ipv4-address {-host | -net}
[-netmask netmask] [-gateway gateway] [-mt metric]
[-minrto time] [-initcwnd number] [-src ipv4-address]
Command to add IPv6 route (non-default):
CLIMCMD {clim-name|ip-address} climconfig route
-add interface -target ipv6-address {-host|-net}
[-netmask netmask] [-gateway gateway] [-mt metric]
[-minrto time] [-initcwnd number]
Command to add default IPv4 route:
CLIMCMD {clim-name|ip-address} climconfig route -add
{eth0|eth0:0|interface} -default -gateway gateway
[-mt metric] [-minrto time] [-initcwnd number]
[-src ipv4-address]
Command to add default IPv6 route:
CLIMCMD {clim-name|ip-address} climconfig route
-add interface -default -gateway gateway [-mt metric]
[-minrto time] [-initcwnd number]
Command to delete IPv4/IPv6 routes:
CLIMCMD {clim-name|ip-address} climconfig route -delete
{ eth0|eth0:0 | interface} [-target ip-address] {-host|-net}
[-netmask netmask] [-gateway gateway] [-default] [-force]
Command to delete default IPv4/IPv6 routes:
CLIMCMD {clim-name|ip-address} climconfig route
-delete { eth0|eth0:0 |interface} -default -gateway gateway
Command to obtain info about a route:
CLIMCMD {clim-name|ip-address} climconfig route
-info [-usrconfig | -obeyform]
Command to add a route to a host in a different network:
CLIMCMD {clim-name| ip-address} climconfig route
-add {eth0|eth0:0|interface} -net -target host-ip
-gateway gateway
climconfig.route Description
This command does the following:
route -add
adds a static route through an interface to specific hosts or networks.
route -delete
deletes a route from an interface.
route -info
displays route information.
PARAMETERS
{-add|-delete} eth0
Specifies the dedicated service LAN interface. Valid only for IPv4 routes.
356
{-add|-delete} eth0:0
Specifies the maintenance Provider LAN interface. Valid only for IPv4 routes.
NOTE: eth0:0 is a logical interface and is hosted on the physical interface eth0 and both
the interfaces have to belong to same subnet. Climconfig will maintain the same set or routes
on both the interfaces. If a route is added to either eth0 or eth0:0, climconfig will add it to
both eth0 and eth0:0.
{-add|-delete} interface
Specifies one of the following interfaces:
An existing physical interface (for example, eth1 or ib0).
A bonding interface (for example, bond0).
A point-to-point tunnel interface (for example, mytun). Only IPv6 routes can be added to a
tunnel interface.
–host
Indicates that the route is to the host within the network (within the same subnet). The –netmask,
–net, –default, and –gateway parameters are not valid with the –host parameter.
–net
Indicates that the route is to the network or to a host in another network. The –default
parameter is not valid with the –net parameter. Also:
If –netmask is not specified, the route is to a host in a different subnet.
If –netmask is specified, the route is a network route. For a network route, you can specify
the –gateway parameter.
–target
Specifies the destination network or host. Specify a dotted-quad format IPv4 address or a
colon-delimited IPv6 address.
–netmask netmask
Specifies the netmask to be used. For an IPv4 address, specify the netmask as an IPv4 address
in dotted quad form; for an IPv6 address, specify the netmask as a number of bits (for example,
64). This parameter is not valid with the –default and –host options. If this parameter is
omitted and –net is specified, default netmask values are 255.255.255.255 for IPv4 routes
and 128 for IPv6 routes.
–gateway
Specifies a gateway address. This parameter is required if the –default parameter is specified.
–mt
Specifies the distance to the target, measured in hops. This number is used to indicate the cost
of the route so that the best route, potentially among multiple routes to the same destination,
is selected.
–minrto
Specifies the minimum Retransmission Timeout (RTO) value, in milliseconds, to be used with
the specified destination. Specify a decimal or integer value; for example, 5.5. The minimum
RTO depends on the clock interrupt frequency, and might therefore get modified when assigned
to the kernel.
If the failed over route is the same as the home route, the failed over route uses the home route's
minrto value.
–initcwnd
Specifies the maximum initial congestion window (cwnd) size in MSS (Maximal Segment Size)
of a TCP connection. It sets the initial congestion window size to n * MSS. Value is from 1 to
357
4294967295. This option is used to improve performance on routes to SWAN concentrators,
with a recommended value of 7.
-default
Specifies to use the default route if no other route matches. This option is not valid with the
–host, –net, –netmask, and –target options.
-usrconfig
Valid only with the route -info command. This option displays user-configured routes only.
If this option is omitted, the command displays the user configured routes and the dynamic
routes added by the kernel.
-obeyform
Generates user-configured route (IPv4 and IPv6) information in add command format.
-force
If used without –force option, this command prompts for confirmation before deleting the
route.
-src
The source IP address to use for outgoing connections or UDP packets using this route if the
socket is not bound to an IP address. The option is useful if there is an interface with multiple
IP Addresses and it is desired that outgoing client connection requests or UDP packets using
that interface use a particular IP Address on that interface to the specified location. The –src
option is valid for IPv4 routes only.
This table shows possible option combinations for different route types:
–target
–netmask
–gateway
–mt
–minrto
–initcwnd
-src
–net
required
optional
optional
optional
optional
optional
optional
–host
required
optional
optional
optional
optional
optional
optional
–default
optional
optional
required
optional
optional
optional
optional
ERROR MESSAGES
For route -add:
This command is not supported for the interface lo.
The interface interface-name is not configured.
Configuring IPv6 route is not allowed for eth0 and eth0:0 interfaces.
The IPv4 family cannot be specified for the tunnel interface.
The specified route already exists for the interface-name.
The specified IP Address ip-address is not configured for interface-name
The –src parameter is not valid for an IPv6 route.
For route -delete:
The interface interface-name is not configured.
This command is not supported for the interface lo.
The specified route is not configured for the interface-name.
CONSIDERATIONS
Valid combinations of options for different route types for route -add and route -delete
are:
If the -net option is specified, then -target is required, and -netmask, -gateway, and
-mt (route -add only) are optional.
358
If -host is specified, then -target is required, -netmask and -gateway are not required,
and -mt (route -add only) is optional.
If -default is specified, then -target and -netmask are not required, -gateway is
required, and -mt (route -add only) is optional.
If -all (route -delete only) is specified, then -target, -netmask, -gateway, and
-mt (route -add only) are not valid.
A route added by the route -add command is added to the /etc/network/interfaces
file, to the kernel or to both, as follows:
If the specified interface is down, the route is added to the file.
If the CLIM is in the STOPPED state, the route is added to the file.
If the specified interface is UP and CLIM is in the STARTED state and ifactivate is issued
to the home resources by CLIMAGT, the route is added to the file and to the kernel.
If the specified interface is UP and CLIM is in the STARTED state and ifdeactivate is issued
to the home resources by CLIMAGT, the route is added to the file.
All the options specified with climconfig route –add -net (except the –mt option) should
be specified for climconfig route –delete –net.
-src is not valid for an IPv6 route.
EXAMPLES
> CLIMCMD clim1 climconfig route -add eth1 -net
-target 15.76.217.1 -netmask 255.255.255.0
-gateway 15.76.217.101
> CLIMCMD n100253 climconfig route -add eth2 -default
-gateway 23.34.34.34
> CLIMCMD n100253 climconfig route -delete eth1 -net
-target 15.76.217.0 –netmask 255.255.255.0
> CLIMCMD clim1 climconfig route -delete eth2 -default
-gateway 23.34.35.1
> CLIMCMD 17.205.15.2 climconfig route -info
CLIMCMD 17.205.15.2 climconfig route -info
Maintenance LAN routes
Interface : eth0
Destination : 16.107.168.0
Netmask : 255.255.252.0
Gateway : 0.0.0.0
Flags : U
Metric : 0
Ref : 0
Use : 0
MinRTO : Unspecified
InitCWND : Unspecified
Src : 16.107.168.71
Interface : eth0
Destination : 0.0.0.0
Netmask : 0.0.0.0
Getway : 16.107.168.1
Flags : UG
349
Metric : 0
Ref : 0
Use : 0
MinRTO : 5ms
InitCWND : Unspecified
359
Src : Unspecified
Interface : lo
Destination : 1128
Gateway :
Metric : 0
MinRTO : Unspecified
InitCWND : Unspecified
Src : Unspecified
Interface : lo
Destination : fe80::128
Gateway :
Flags : U
Metric : 0
Ref : 0
Use : 2
MinRTO : 5ms
InitCWND : Unspecified
Src : Unspecified
Maintenence provider routes
Interface : eth0
Destination : 16.107.168.0
Netmask : 255.255.252.0
Gateway : 0.0.0.0
Flags : U
Metric : 0
Ref : 0
Use : 0
MinRTO : Unspecified
InitCWND : Unspecified
Src : 16.107.168.71
Interface : eth0
Destination : 0.0.0.0
Netmask : 0.0.0.0
Getway : 16.107.168.1
Flags : UG
349
Metric : 0
Ref : 0
Use : 0
MinRTO : 5ms
InitCWND : Unspecified
Src : Unspecified
Interface : lo
Destination : 1128
Gateway :
Metric : 0
MinRTO : Unspecified
InitCWND : Unspecified
Src : Unspecified
Interface : lo
Destination : fe80::128
Gateway :
Flags : U
Metric : 0
Ref : 0
Use : 2
MinRTO : 5ms
InitCWND : Unspecified
Src : Unspecified
Data Provider ZTC1 routes
360
Interface : eth1
Destination : 16.107.170.0
Netmask : 255.255.255.0
Gateway : 16.107.170.1
Flags : U
Metric : 0
Ref : 0
Use : 0
MinRTO : Unspecified
InitCWND : 32768
Src : 16.107.170.31
Termination Info: 0
> CLIMCMD 17.205.15.2 climconfig route -info -obeyform
climconfig route \
-add
eth0 \
-default \
-gateway
15.146.232.1
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
SEE ALSO
SCF ADD ROUTE command
361
climconfig.sa(1)
NAME
climconfig.sa -- configure security associations
SYNOPSIS
The command for managing security associations to the configuration file ipsec-tools.conf
is:
CLIMCMD {clim-name|ip-address} climconfig sa -add –manual
[-prov prov—name] -s src-ip -d dst-ip -p protocol
-i spi [-m {tunnel|transport}] algorithm [-load]
The command for adding proposals for a security association into the configuration file
racoon.conf is:
CLIMCMD {clim-name|ip-address} climconfig sa -add
[-prov prov—name]{ -s src-id -d dst-id -u upperspec|
anonymous} [-P pfs_group] -E encryption_algorithm
-A authentication_algorithm -C compression_algorithm
[-restart [-force]]
The command for deleting a security association from the configuration file ipsec-tools.conf
is:
CLIMCMD {clim-name|ip-address} climconfig sa -delete -manual
[-prov prov—name] -s src-id -d dst-id -u upperspec|
anonymous} -p protocol -i spi [-unload [-force]]
The command for deleting a security association from the configuration file racoon.conf is:
CLIMCMD {clim-name|ip-address} climconfig sa -delete
[-prov prov—name] {-s src-id -d dst-id -u upperspec|
anonymous} [-restart [-force]]
The command for obtaining information about a security association is:
CLIMCMD {clim-name|ip-address} climconfig sa -info
[-prov {prov—name | all}] anonymous|[-s src-ip]
[-d dst-ip][-p protocol]|[-u upperspec]][-obeyform]
The command for unloading SAs from the SAD is:
CLIMCMD {clim-name|ip-address} climconfig sa -stop
[-prov prov—name][-s src-ip -d dst-ip
-p {esp|ah|ipcomp}|-i spi-value][-force]
climconfig.sa Description
The sa command does the following:
sa -add
adds the proposals for a security association into the configuration file racoon.conf. The
command parameters are reformatted into a sainfo <...> format that the racoon daemon
accepts. The SA establishment depends on the application connect.
sa -add -manual
adds a security association to the configuration file ipsec-tools.conf. The command
parameters are reformatted into an add <...> type of setkey command. The SA is not
loaded into the SAD unless the -load option is specified.
sa -delete
deletes the security associations from the file racoon.conf. If there are any SAs activated
on the CLIM, they are not affected.
sa -delete -manual deletes the security associations from the file ipsec-tools.conf.
If any SAs are activated on the CLIM, they are not affected. The SA is not unloaded from the
SAD unless the -unload option is specified.
362
NOTE:
The -manual part of the command must follow sa -add and sa -delete directly.
sa -info
displays security association configurations from the file ipsec-tools.conf or
racoon.conf. If no options are selected, all the SAs are listed from both of these configuration
files.
sa -stop
unloads security associations from the SAD. If you specify any of the optional parameters in
the first group (-s, -p, -d, -i), you must specify all of them. sa -stop is one of the commands
for deactivating VPN connections.
PARAMETERS
-manual
When specified with the add subcommand, adds a security association into the
ipsec-tools.conf file. The command parameters are reformatted into an add <...>
type of setkey command. The SA is not loaded into the SAD unless the -load option is
specified.
When specified with the delete subcommand, deletes a security association from the
ipsec-tools.conf file. If there are any SAs activated on the CLIM, they are not impacted.
The SA is not unloaded from the SAD unless the -unload option is specified.
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own IPSec
configuration. The provider name is case-insensitive and always converted to UPPER case.
-s src-ip
Specifies the source IP address of the secure communication as either an IPv4 or IPv6 address,
and an optional port number enclosed in brackets, in the following form:
address [/ prefix] [[port]]
prefix and port must be decimal numbers.
-d |dst-id
Specifies the destination IP address of the secure communication as either an IPv4 or IPv6
address, and an optional port number between square brackets, in the following form:
address [/ prefix] [[port]]
-E
Is the encryption algorithm. Supported algorithms are: des, 3des, des_iv64, des_iv32,
rc5, rc4, idea, 3idea, cast128, blowfish, null_enc, twofish, rijndael, aes
(used with ESP). This option is for the sa -add commands (not sa -add -manual) for which the
configurations go into the racoon.conf file.
-A
Authentication algorithm. Supported algorithms include des, 3des, des_iv64, des_iv32,
hmac_md5, hmac_sha1, hmac_sha256, hmac_sha384, hmac_sha512, non_auth (used
with ESP authentication and AH). This option is for the sa -add commands (not sa -add -manual)
for which the configurations go into the racoon.conf file.
-C
Compression algorithm. The supported algorithm is deflate (used with IPComp). This option
is for the sa -add commands (not sa -add -manual) for which the configurations go into the
racoon.conf file.
363
-p
Specifies the protocol. protocol is one of : esp, ah, or ipcomp. You must specify one of
these protocols.
-u
Upper layer protocol to be specified. Any of the protocols from the /etc/protocols file can
be specified as upperspec, or icmp6, ip4, or any. any indicates any protocol. A protocol
number can also be specified.
-i spi
Specifies the security parameter index (SPI) for the SAD. SPI must be a decimal number or a
hexadecimal number with a 0x prefix. SPI values between 0 and 255 are reserved for future
use by IANA and cannot be used.
NOTE:
The SPI value must be unique.
-m mode
Specifies the mode. Possible values are: transport or tunnel.
-load
Used with the sa add command. This is an optional parameter. If you specify this option, the
SA is loaded into the SAD. For the sa add –auto command, you are warned that the racoon
daemon will be restarted so as to load the newest racoon.conf file and that the restart will
disconnect the SAs established in the SAD.
-P
Specifies the PFS group, which defines the group of Diffie-Hellman exponentiations. If PFS is
not required, you can omit this parameter. Any proposal is accepted if this parameter is not
specified. group is one of following: modp768, modp1024, modp1536, modp2048,
modp3072, modp4096, modp6144, modp8192. Or 1, 2, 5, 14, 15, 16, 17, or 18 can be
used to define the DH group number.
algorithm
(for sa -add -manual only) is one of: -E ealgo key, -A aalgo key, or -C calgo [-R].
-E ealgo key
Specifies the encryption algorithm for ESP. ealgo key is one of:
3des-cbc (164-bit key)
3des-deriv (192-bit key)
aes-ctr (160/224/288-bit key)
Blowfish-cbc (40- to 448-bit key)
Cast128-cbc (40- to 128-bit key)
des-cbc (64-bit key)
des-deriv (64-bit key)
null (0- to 2048-bit key)
rijndael-cbc (128/192/256-bit key)
twofish-cbc (0- to 256-bit key)
-A aalgo key
Specifies the authentication algorithm for ESP. aalgo key is one of:
Aes-xcbc-mac (128-bit key)
hmac-md5 (128-bit key)
hmac-sha1 (160-bit key)
hmac-sha256 (256-bit key)
364
hmac-sha384 (384-bit key)
hmac-sha512 (512-bit key)
hmac-ripemd160 (160-bit key)
keyed-md5 (128-bit key)
keyed-sha1 (160-bit key)
null (0- to 2048-bit key)
Tcp-md5 (8- to 640-bit key)
-C calgo [R]
Specifies a compression algorithm for IPComp. calgo [R] is either deflate or
Algorithm.
If -R is specified, the SPI field value is used as the IPComp compression parameter index
(CPI) on wire as-is. If -R is not specified, the kernel uses well-known CPI on wire, and the
SPI field is used only as an index for kernel-internal usage.
key
Must be a double-quoted character string or a series of hexadecimal digits preceded by
0x.
-unload
Used with the sa -delete -manual command. This is an optional parameter; if it is specified,
the SA is unloaded from the SAD. The command prompts for confirmation to unload the SA
from the SAD.
-restart
Used with the sa -add and sa -delete commands. This is an optional parameter; if it is
specified, the racoon daemon is restarted so that the newest racoon.conf is loaded.
NOTE: The restart of the racoon daemon leads to the disconnection of the SAs already loaded
into the SAD. A new connection established thereafter loads the SA into the SAD. You are
prompted for confirmation to restart the racoon daemon.
-force
Used with -unload or -restart to cause the command to bypass user confirmation.
-obeyform
Displays the security association configuration in the format of add command(s).
ERROR MESSAGES
For sa -add and sa -add -manual:
Please give the correct options. (The incorrect options are displayed.)
For sa -delete and sa -delete -manual:
Please give the correct options. (The incorrect option is displayed.)
The security association for the matched options is not found.
For sa -info:
There are no security associations with the matched options.
For sa -stop:
SA configuration(s) not unloaded from the SAD.
CONSIDERATIONS
For sa -info, if no options are specified, all the security associations in the configuration files
ipsec-tools.conf and racoon.conf are listed.
For sa -stop:
365
The src-ip and dst-ip pair, upperspec and spi value are optional parameters. If the src-ip
and dst-ip pair are specified, all the SAs that match the src-ip and dst-ip are unloaded
from the SAD. If no option is specified, all the SAs currently loaded in the kernel are unloaded.
Unless you specify the -force option, you are prompted for confirmation.
EXAMPLES
> CLIMCMD clim1 climconfig sa -add
–manual –s 10.1.1.2 –d 10.3.3.2
–p esp –i 0x200 –m transport
–E 3des-cbc 0x123456789123456789123456789123456789123456789123
–A hmac-md5 0x12345678912345678912345678912345
> CLIMCMD clim1 climconfig sa -add -manual -s 10.1.1.2
-d 10.3.3.2 -p esp -i 0x200 -m transport
-E 3des-cbc 0x123456789123456789123456789123456789123456789123
-A hmac-md5 0x12345678912345678912345678912345 -load
> CLIMCMD clim1 climconfig sa -add –s 10.1.1.2
–d 10.3.3.2 –u any –E 3des –A hmac_md5
> CLIMCMD clim1 climconfig sa -add -s 10.1.1.2
-d 10.3.3.2 -u any -E 3des -A hmac_md5 –restart
> CLIMCMD clim1 climconfig sa -add -s 10.1.1.2
-d 10.3.3.2 -u any -E 3des -A hmac_md5 –restart -force
> CLIMCMD clim1 climconfig sa -delete –manual
–s 10.1.1.2 –d 10.3.3.2 –p esp -i 0x200 –unload
> CLIMCMD clim1 climconfig sa -delete -manual
-s 10.1.1.2 -d 10.3.3.2 -p esp -i 0x200
> CLIMCMD clim1 climconfig sa -delete -manual
-s 10.1.1.2 -d 10.3.3.2 -p esp -i 0x200 -unload -force
> CLIMCMD clim1 climconfig sa -delete –s 10.1.1.2
–d 10.3.3.2 –u any
> CLIMCMD clim1 climconfig sa -delete -s 10.1.1.2
-d 10.3.3.2 -u any -restart
> CLIMCMD clim1 climconfig sa -delete -s 10.1.1.2
-d 10.3.3.2 -u any –restart -force
> CLIMCMD clim1 climconfig sa -info
> CLIMCMD clim1 climconfig sa -stop –s 10.1.1.2
–d 10.3.3.2 –p esp –i 0x200
> CLIMCMD clim1 climconfig sa -stop –s 10.1.1.2
–d 10.3.3.2 –p esp –i 0x200 -force
> CLIMCMD clim1 climconfig sa -stop
> CLIMCMD clim1 climconfig sa –stop -force
> CLIMCMD clim1 climconfig sa -add –prov ztc0 -s 10.1.1.2
-d 10.3.3.2 -u any -E 3des -A hmac_md5
> CLIMCMD clim1 climconfig sa -add -manual –prov zsam1
-s 10.1.1.2
-d 10.3.3.2 -p esp -i 0x200 -m transport
-E 3des-cbc 0x123456789123456789123456789123456789123456789123
366
-A hmac-md5 0x12345678912345678912345678912345 –load
> CLIMCMD clim1 climconfig sa -delete -manual –prov zsam1
-s 10.1.1.2 -d 10.3.3.2 -p esp -i 0x200 –unload -force
> CLIMCMD clim1 climconfig sa -delete –prov ztc0 -s 10.1.1.2
-d 10.3.3.2 -u any
> CLIMCMD clim1 climconfig sa –info –prov zsam1
> CLIMCMD clim1 climconfig sa –info –prov ztc1 –obeyform
> CLIMCMD clim1 climconfig sa -info -obeyform
The sample output for sa -info -obeyform is:
# Auto SAs:
climconfig sa -add \
-s
5.5.5.7 \
-d
6.6.6.7 \
-u
any \
-P
18 \
-E
des_iv64 \
-A
des_iv64 \
-C
deflate
# Manual SAs:
climconfig sa -add -manual \
-s
1.1.1.1 \
-d
2.2.2.2 \
-p
esp \
-i
1024 \
-m
transport \
-E
des-cbc 0x1122334455667788
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
SEE ALSO
climconfig vpn and climconfig sp
367
climconfig.slaveinterface(1)
NAME
climconfig.slaveinterface -- configure bonding interfaces
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig slaveinterface
-configure bonding-interface-name
{ [-add interface-name ]
[ -delete interface-name ]
[ -primary interface-name ]
| none ]}}
climconfig.slaveinterface Description
This command configures existing bonding interfaces by adding or deleting slave interfaces. With
this command, you can add new slave interfaces or delete existing slave interfaces. The addition
or deletion of slave interfaces can be done dynamically (when the bonding interface is up). This
command is not supported for InfiniBand interfaces.
PARAMETERS
bonding-interface-name
Is the name of the bonding interface to be configured.
-add interface
Adds a slave interface to a bonding interface. To add a slave interface to a bonding interface,
specify the interface name along with the –add option.
-delete interface
Deletes a slave interface from a bonding interface. To delete a slave interface from a bonding
interface, specify the interface name along with the –delete option.
-primary interface | none
Specifies a slave as a primary slave. To remove a configured primary slave, specify -primary
with the none option.
ERROR MESSAGES
The slave interface slave-interface-name specified with -add and -delete option is the
same.
The interface bonding-interface-name is not configured.
The interface bonding-interface is not a bonding interface.
Slave interface slave-interface-name is not configured for this bonding interface.
The specified interface slave-interface-name is already a slave of
bonding-interface-name interface.
This command is not supported for the interface eth0.
The specified interface slave-interface-name is already configured as an independent
interface.
The specified interface slave-interface-name does not exist in the kernel.
The specified slave interface slave-interface-name is not a physical interface.
The interface slave-interface-name is the first slave interface of the bonding interface and
the bonding interface is UP.
The slave specified with –primary is not one of the configured slaves of this bond interface.
bonding-interface-name is already configured with the specified primary slave.
bonding-interface-name is already configured without a primary slave.
368
Bonding is not supported for InfiniBand interfaces.
CONSIDERATIONS
The bonding interface should be configured using the command climconfig interface –add
bonding-interface before adding the slave interfaces.
eth0 cannot be configured as a slave interface of a bonding interface.
A physical interface cannot be a slave interface for more than one bonding interface.
A physical interface cannot be configured independently before being configured as the slave
interface.
Dynamically deleting (that is, deleting when the bonding interface is UP) the first slave interface
of a bonding interface is not allowed.
Using the -primary option:
In active-backup mode, the primary slave will always be the active slave, if functional.
Example 1:
Bond0 is configured with eth2 and eth3, without any slave specified as primary.
If eth2 is configured as the first slave, it will be used as long as it is functional (link pulse is present
and interface driver indicates that the interface is present). eth2 is active and eth3 is passive. If
eth2 fails, bond0 will start using eth3. If eth2 later becomes functional, bond0 continues to use
eth3 and will switch to eth2 only if eth3 fails.
Example 2:
Bond0 is configured with eth2 and eth3, with eth2 specified as primary.
eth2 will be used as long as it is functional (link pulse is present and interface driver indicates that
the interface is present). If eth2 fails, bond0 will start using eth3. If eth2 later becomes functional,
bond0 switches to eth2 from eth3, even though eth3 is functional.
In balance-tlb mode, outgoing traffic is distributed according to the current load (computed
relative to the speed) on each slave. Incoming traffic is received by the primary slave. Transmission
of broadcasts and multicasts is done through the primary slave.
In balance-alb mode, the outgoing and incoming traffic is distributed among all slaves.
Transmission of broadcasts and multicasts is through the primary slave.
Multiple instances of the –primary option are not allowed in a command line.
The –primary option can be specified regardless of the bond interface status.
If the slave interface specified as the primary is removed from the bonded interface, that interface
will not have any slave configured as primary.
When the configured primary slave is deleted from the bonding interface, a warning is issued.
EXAMPLES
> climconfig slaveinterface -configure bond0 -add eth1
> climconfig slaveinterface -configure bond0 -delete eth1
> climconfig slaveinterface -configure bond0 –primary eth1
> climconfig slaveinterface -configure bond0 -add eth1
–delete eth2 –primary eth3
> climconfig slaveinterface -configure bond0 –delete eth1
–add eth3
SEE ALSO
climconfig interface -add
369
climconfig.snmp(1)
NAME
climconfig.snmp -- configure snmp
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig snmp -add trap-receiver-ipaddress
CLIMCMD {clim-name|ip-address} climconfig snmp -delete trap-receiver-ipaddress
CLIMCMD {clim-name|ip-address} climconfig snmp -start
CLIMCMD {clim-name|ip-address} climconfig snmp -stop [-force]
CLIMCMD {clim-name|ip-address} climconfig snmp -info [-obeyform]
climconfig.snmp Description
This command does the following:
•
snmp -add adds a trap receiver IP address to the /etc/snmp/snmpd.conf file and restarts
the SNMP daemon and agents. The trap receiver address defines the host that receives traps.
•
snmp -delete deletes a trap receiver IP address from the /etc/snmp/snmpd.conf file
and restarts the SNMP daemon and agents.
•
snmp -start explicitly starts the SNMP daemon and agents.
•
snmp -stop explicitly stops the SNMP daemon and agents.
•
snmp -info displays SNMP configuration information. The display format is:
Trap Receiver IP Address ip-address-1
.
.
.
ip-address-n
SNMP Agent State
state
SNMP Agent Listening IP Address ip-address
PARAMETERS
trap-receiver-ipaddress
Specifies the trap receiver IP address to be added to or deleted from the configuration file.
-force
Causes the command to stop the SNMP daemon and agents without confirmation.
–obeyform
Displays SNMP configuration information in add command format.
ERROR MESSAGES
For climconfig snmp -add:
•
Trapsink already exists in SNMP configuration.
•
Internal error cannot restart the SNMP daemon, error-code.
•
Internal error cannot restart the SNMP agents, error-code.
For climconfig snmp -delete:
370
•
Trapsink already exists in SNMP configuration.
•
Internal Error cannot restart SNMP daemon, error-code.
•
Internal error cannot restart the SNMP agents, error-code.
For climconfig snmp -start:
•
SNMP daemon and agents are already in started state.
•
Internal error cannot start SNMP daemon, error-code.
•
Internal error cannot start the SNMP agents, error-code.
For climconfig snmp -stop:
•
SNMP daemon and agents are already in stopped state.
•
Internal Error cannot stop SNMP daemon, error-code.
•
Internal error cannot stop the SNMP agents, error-code.
CONSIDERATION
•
You can designate multiple hosts to receive traps by using snmp -add to add additional trap
receiver IP addresses to the /etc/snmp/snmpd.conf file.
EXAMPLES
> CLIMCMD N1002581 climconfig snmp -info
Trap Receiver IP Address
192.168.1.192
192.168.1.193
192.168.1.194
SNMP Agent State
STARTED
SNMP Agent Listening IP Address
192.1.1.1
> CLIMCMD N1002581 climconfig snmp -info -obeyform
climconfig snmp -add 192.168.1.192
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
371
climconfig.sp(1)
NAME
climconfig.sp -- configure security policies
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig sp -add
[-prov prov—name] -s src-range -d dst-range -u upperspec
-dir {in|out } -policy {discard|none|ipsec}
-protocol {esp|ah|ipcomp }
-mode {tunnel -srcdst src_ip-dst_ip|transport }
-level {use|require|unique|default} [-load]
CLIMCMD {clim-name|ip-address} climconfig sp -delete
[-prov prov—name] -s src-range -d dst-range -u upperspec
-dir {in|out } [-unload [-force]]
CLIMCMD {clim-name|ip-address} climconfig -info
[-prov {prov—name | all}] [-s src-range ]
[-d dst-range] [-u upperspec][-obeyform]
CLIMCMD {clim-name|ip-address} climconfig sp -start
[-prov prov—name] [ -s src-range -d dst-range [-u upperspec]]
CLIMCMD {clim-name|ip-address} climconfig sp -stop
[-prov prov—name] [ -s src-range -d dst-range -u upperspec
-dir {in|out }] [-force]
climconfig.sp Description
This command does the following:
sp -add
adds a security policy to the configuration file ipsec-tools.conf. The command parameters
are reformatted into a spdadd < ...> type setkey command. The SP is not loaded into
the SPD unless the -load option is specified.
sp -delete
deletes a security policy from the configuration file ipsec-tools.conf. If any SPs were
already activated, they are not impacted. The SP is not unloaded from the SPD unless the
-unload option is specified.
sp -info
displays security policy information from the configuration file ipsec-tools.conf. If no
options are selected, all the SPs are listed from the ipsec-tools.conf file.
sp -start
loads security policies into the SPD. sp -start is one of the commands for activating VPN
connections.
sp -stop
unloads security policies from the SPD. sp -stop is one of the commands for deactivating
VPN connections.
PARAMETERS
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own IPSec
configuration. The provider name is case-insensitive and always converted to UPPER case.
-s src-range
Specifies the source of the secure communication as an IPv4 or IPv6 address and an optional
port number between square brackets. This takes the form:
372
address[/prefixlen][[port]]
-d dst-range
Specifies the destination of the secure communication as an IPv4 or IPv6 address and an
optional port number between square brackets. This takes the following form:
address[/prefixlen][[port]]
-u upperspec
Specifies the upper layer protocol. Any of the protocols from the /etc/protocols file can
be specified as upperspec, icmp6, ip4, or any. The any option indicates any protocol.
You can also specify the protocol number.
NOTE:
The upperspec parameter does not work in the forwarding case.
There are many protocols in /etc/protocols, but protocols other than TCP, UDP, and ICMP
may not be suitable to use with IPSec.
-dir direction
Specifies in or out.
-policy policy
Is one of the values: discard, none, or ipsec.
The discard parameter causes the packet-matching indexes to be discarded. The none
parameter causes the IPSec operation not to take place on the packet. The ipsec parameter
causes the IPSec operation to take place on the packet.
-protocol protocol
One of: esp, ah, or ipcomp.
-mode mode
Either transport or tunnel.
-srcdst src_ip-dst_ip
Specifies the end-point addresses of the tunnel. This parameter is specified as two addresses
separated by a hyphen (-). If -mode is transport, this option is not required. If -mode is
tunnel, this parameter is required.
-level policy-level
Specifies the policy level. The value is one of: default, use, require, or unique. If the
SA is not available in every level, the kernel requests the key-exchange daemon to establish a
suitable SA.
The default option causes the kernel, when the kernel processes the packet, to consult the
system-wide default for the protocol specified; for example, the esp_trans_deflev sysctl
variable.
The use sysctl option causes the kernel to use an SA if it is available; otherwise the kernel
continues to run in normal operation.
The require option causes the SA to be required whenever the kernel sends a packet matched
with the policy.
The unique option is the same as the require option. Additionally, the unique option
allows the policy to match the unique out-bound SA. If policy level -level is specified as
unique, racoon configures the SA for the policy.
-load
Causes the SP to be loaded into the SPD. This parameter optional, and is used with the sp
-add command.
373
-unload
Causes the SP to be unloaded from the SPD. This parameter is optional, and is used with the
sp -delete command. Unless you specify the -force parameter, you are prompted for
confirmation for this command.
-force
Causes the command to run without confirmation.
-obeyform
Displays the security policy configuration in the format of add command(s).
ERROR MESSAGES
For sp -add:
Please give the correct options.
For sp -delete:
Please give the correct options. (The incorrect option is displayed).
The security policy for the matched options is not found.
For sp -start:
SP configuration not found.
For sp -info:
Please give the correct options. (The incorrect option is displayed.)
There are no security policies with the matched options.
For sp -stop:
SP configuration(s) not unloaded from the SPD.
CONSIDERATIONS
For sp -add:
The parameters protocol, mode and level are required and valid if and only if the parameter
specified for policy is ipsec.
For sp -stop:
The src-ip, dst-ip and upperspec are optional parameters. If src-ip and dst-ip pair
is provided, all SPs that match the src-ip and dst-ip are unloaded from the SPD. If no
option is provided, all the SPs currently loaded in the kernel are unloaded.
Unless you specify -force you are prompted for confirmation to unload the SP(s) from the
SPD.
You must add the SP configurations separately for different IPSec protocols ESP and AH.
However, in the file, the configuration is represented as a single configuration instead of two
separate configurations. For example:
spdadd 1.2.3.4 4.3.2.1 any -P in ipsec
ah/transport//require
esp/transport//require;
When you add the SP configuration for the second, different protocol and specify the -load
option, the IPSec tool unloads the previous old SP configuration (AH or ESP protocol) from the
SPD and loads the new SP configuration (both AH and ESP protocols) into the SPD.
If you do not use the -load option, for example, if you do not load the SP configuration for
the second protocol added, you must unload the old SP configuration manually (climconfig
sp -stop <...> command) and then load the new SP configuration manually (climconfig
sp -start <...> command).
NOTE: If you try to load the new SP configuration without unloading the old SP configuration,
the new SP configuration is not loaded into the SPD.
374
For sp -info:
If no options are specified, the list of all security policies in the configuration file
ipsec-tools-conf is displayed.
EXAMPLES
> CLIMCMD clim1 climconfig sp -add
-s 10.1.1.0/24[any] -d 10.3.3.0/24[any]
-u any -dir in -policy ipsec -protocol esp -mode
tunnel -srcdst 10.2.2.1-10.2.2.2 -level require -load
> CLIMCMD clim1 climconfig sp -add -s 10.1.1.2
-d 10.3.3.2 -u any -dir out -policy ipsec -protocol esp
-mode transport -level require -load
> CLIMCMD clim1 climconfig sp -delete -s 10.1.1.2
-d 10.3.3.2 -u any -dir out -unload
> CLIMCMD clim1 climconfig sp -delete -s 10.1.1.2
-d 10.3.3.2 -u any -dir out -unload -force
> CLIMCMD clim1 climconfig sp -info -s 10.1.1.0
-d 10.3.3.0 -u any
> CLIMCMD clim1 climconfig sp -info
> CLIMCMD clim1 climconfig sp -stop
> CLIMCMD clim1 climconfig sp -stop -force
> CLIMCMD clim1 climconfig sp -info –obeyform
> CLIMCMD clim1 climconfig sp -info –s 10.1.1.0
–d 10.3.3.0 –u 1 -obeyform
> CLIMCMD clim1 climconfig sp -add –prov ztc0
–s 10.1.1.2 –d 10.3.3.2 –u any –dir out –policy ipsec
–protocol esp –mode transport –level require –load
> CLIMCMD clim1 climconfig sp -delete –prov ztc0
–s 10.1.1.2 –d 10.3.3.2 –u any –dir out –unload –force
> CLIMCMD clim1 climconfig sp –info –prov zsam1
> CLIMCMD clim1 climconfig sp –info –prov ztc1 -obeyform
The sample output for sp -info -obeyform is:
climconfig sp -add \
-s
10.1.1.2 \
-d
10.3.3.2 \
-u
any \
-dir
out \
-policy
ipsec \
-protocol
esp \
-mode
transport \
-level
require
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
SEE ALSO
climconfig.sa, climconfig.vpn
375
climconfig.sysctl(1)
NAME
climconfig.sysctl -- set or display CLIM kernel parameters
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig sysctl
-update {clim-name|ip-address}
CLIMCMD {clim-name|ip-address} climconfig sysctl -info {all|param-name}[-obeyform]
CLIMCMD {clim-name|ip-address} climconfig sysctl -delete param-name
param-value
climconfig.sysctl Description
This command sets the kernel parameter param-name values specified by param-value. In
addition, this command causes an entry corresponding to the parameter to be added to or updated
in the configuration file /etc/clim/kernelparam.conf. The configuration file /etc/clim/
kernelparam.conf is dedicated to maintaining only the customer-configured kernel parameters.
When the CLIM is started, a script reads the /etc/clim/kernelparam.conf configuration
file and sets the user configured kernel parameters in the kernel. Your changes remain persistent
across CLIM reboots. To preserve changes made to the configuration file, a backup must be done,
which can be restored when the CLIM is updated or the disk is replaced.
This command also displays the user-configured kernel parameters along with their corresponding
values existing in the /etc/clim/kernelparam.conf file.
This command internally invokes the Linux provided sysctl utility with the param-name and
param-value as arguments. Therefore, the behavior of this command is similar to that of the
Linux provided sysctl utility. For information about the sysctl parameters, see the sysctl(8) man page
on the CLIM.
PARAMETERS
param-name
For sysctl -update, denotes the kernel parameter to be updated with the new value.
For sysctl -info, specifies the kernel parameter in the /etc/clim/kernelparam.conf
file to be displayed.
For sysctl -delete, deletes the specified kernel parameter from the /etc/clim/
kernelparam.conf file. The parameter value remains unchanged in the kernel and is reset
to its default value when the CLIM is rebooted.
param-value
Specifies the new value for the kernel parameter param-name.
all
Displays all the user-configured kernel parameters along with their corresponding values as
they exist in the /etc/clim/kernelparam.conf file.
-obeyform
Generates the modify kernel parameter commands.
ERROR MESSAGES
The error messages are the same as those returned by the Linux sysctl utility. See the sysctl man
page for information about errors.
376
CONSIDERATIONS
•
If the param-value has multiple entries, you must specify the entries as space separated values
within single quotes.
•
Changes to these sysctl parameters must be done for every CLIM in a Provider:
◦
net.core.rmem_default
◦
net.core.rmem_max
◦
net.core.wmem_default
◦
net.core.wmem_max
◦
net.ipv4.ip_local_port_range
◦
net.ipv4.tcp_rmem
◦
net.ipv4.tcp_wmem
•
If a sysctl is deleted, the change will come into effect only after a CLIM reboot.
•
On a CLIM with MULTIPROV set to ON, the sysctl settings apply to all providers associated
with that CLIM.
•
Changes to sysctl parameters should not be made when the CLIM is in STARTED state. To
change the sysctl parameters on the CLIM:
1. Stop the CLIMs and the Provider(s).
2. Alter the sysctl parameters.
3. Start the CLIMs and the Provider(s).
If the CLIM is an Open type, you must reboot it.
EXAMPLES
> CLIMCMD n100253 climconfig sysctl -update net.ipv4.conf.all.forwarding
1
> CLIMCMD n100253 climconfig sysctl -update net.ipv4.tcp_rmem '4096 87380 1048576'
> CLIMCMD n100253 climconfig sysctl -info net.ipv4.tcp_rmem
net.ipv4.tcp_rmem = 4096
87380
1048576
> CLIMCMD n100253 climconfig sysctl -info all
net.ipv4.tcp_rmem = 4096
87380
1048576
net.ipv4.conf.all.forwarding = 1
> CLIMCMD n100253 climconfig sysctl -info all -obeyform
climconfig sysctl -update net.ipv4.tcp_fin_timeout 60
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
377
climconfig.tunnel(1)
NAME
climconfig.tunnel -- modify tunnel configuration
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig tunnel
-add tunnel-interface -ipaddress ipv6-address
-netmask netmask
-endpoint {ipv4-address | any}
-local ipv4-address
[-ttltime ttl-time] - intf parent-interface
[-mtu mtu-value | -jumbo { on | off } ]
CLIMCMD {clim-name|ip-address} climconfig tunnel -delete interface
CLIMCMD {clim-name|ip-address} climconfig tunnel -info
{tunnel-interface|all}[-obeyform]
climconfig.tunnel Description
This command does the following:
tunnel -add
adds an IPv6-over-IPv4 (point-to-point) tunnel configuration to the /etc/network/interfaces
file. IPv6 packets are encapsulated in IPv4 headers and sent across the IPv4 infrastructure
through the configured tunnel. If the -mtu option is not specified, the tunnel interface is activated
with an MTU size of 20 bytes less than its parent interface MTU size or with a value of 1280,
whichever is higher.
NOTE: When adding a tunnel interface to CLIMs with MULTIPROV ON, the tunnel is added
to the same provider that the parent interface belongs to and does not need to be explicitly
indicated in the command line.
tunnel -delete
deletes an existing tunnel interface. If the tunnel is active, the tunnel configuration cannot be
deleted.
tunnel -info
displays tunnel configuration information for a specified tunnel interface. The display format
is:
Interface Name
IPv6 Address
Netmask
Remote Endpoint
Local Endpoint
TTL Time
MTU Size
tunnel-interface
ip-address
netmask
ip-address
ip-address
ttltime
value
If the Local Endpoint, Gateway, and TTL Time fields are not configured, they do not appear in
the display.
The -obeyform display format is:
climconfig tunnel -add interface-name -ipaddress
ipv6–address
-netmask ipv6–prefix -endpoint ipv4–address
-local ipv4–address -intf parent-interface
[-mtu mtu-value][-ttltime ttl-time]
378
PARAMETERS
tunnel-interface
Is the name of the tunnel interface to be added, deleted, or displayed. The tunnel interface
name is case sensitive.
all
Displays the configurations of all the interfaces.
-obeyform
For a specified Tunnel interface name, displays Tunnel configuration in add command format.
–ipaddress ipv6-address
Is an IPv6 address.
–netmask netmask
Is the netmask for the IPv6 address, specified as a number of bits, for example, 64.
–endpoint {ipv4-address|any}
Is the address of the tunnel endpoint. Specify either a dotted quad IPv4 address or any. If it
is specified as any, the kernel determines the remote endpoint by examining the 6to4 address
and creates a 6to4 tunnel. 6to4 tunnels do not have an IPv6 link local address like point-to-point
tunnels. The local IPv4 address will be added as an IPv6 compatible IPv4 address. The kernel
then encapsulates the packet and sends it to the IPv4 address embedded in the packet.
–local ipv4-address
Is the address of the local endpoint, specified as a dotted quad IPv4 address.
–ttltime ttl-time
Is the TTL setting indicating the network time to live. The maximum value is 255.
–intf parent-interface
Specifies the parent interface name (for example, eth1 or bond1) that hosts the local endpoint
IPv4 address.
-mtu
Sets frame size for an interface. Allowable values are 1280 to 65508.
You cannot specify both the jumbo and mtu options.
Specifying the mtu option overrides previous values set for jumbo.
–jumbo { on | off }
Sets or resets jumbo frames for a tunnel interface. If set to ON, the frame size is set to 9000
bytes. If reset (OFF), the frame size is set to 1500 bytes.
The jumbo option has a limited set of allowable values (1500 - OFF and 9000 - ON) for frame
size, whereas the mtu option supports a range of values. The mtu option is the recommended
method for setting MTU size.
You cannot specify both the jumbo and mtu options.
Specifying jumbo overrides previous values set for mtu.
ERROR MESSAGES
For tunnel -add:
Tunnel interface interface is already configured as an independent interface.
parent-interface is invalid parent interface.
The interface parent-interface is not configured.
The IP address ipv4-address specified with the -local option is not configured with the
specified interface parent-interface.
A tunnel for the specified endpoints exists.
379
Another tunnel with the same endpoints should not exist.
Only one of -jumbo or -mtu options can be specified.
A value within the range of 1280 to 65508 must be specified for the -mtu option.
For tunnel -delete:
The interface tunnel-interface is not configured.
The interface tunnel-interface is UP; cannot execute this command.
For tunnel -info:
Tunnel interface interface configuration does not exist.
CONSIDERATIONS
As of J06.10 and H06.21, tunnels can be added only in upper case, but existing tunnels in lower
case are supported and do not need to be deleted and re-added.
The parent interface and the local endpoint address should be configured before adding the tunnel
interface.
eth0, lo, and eth0:0 are not valid parent interfaces for a tunnel interface.
A tunnel interface cannot be the parent interface of a tunnel interface.
If the Maximum Transfer Unit (MTU) value of an active interface is changed using the jumbo option,
a failover of that interface might occur.
A different tunnel with the same endpoints cannot exist.
EXAMPLES
> CLIMCMD clim1 climconfig tunnel -add MYTUN1
-ipaddress 2001:0db8:fff5:6::101
-netmask 64 -endpoint 15.76.217.111 -local 15.76.217.35 -intf eth1
>
CLIMCMD 100.253.17.2 climconfig tunnel -delete MYTUN1
> CLIMCMD clim1 climconfig tunnel
Interface
:
Interface Type
:
MTU
Size
:
Associated Parent Interface Name:
Local
Endpoint Address
:
Remote
Endpoint Address
:
TTL
value
:
IP
Address
:
-info MYTUN1
MYTUN1
Point-to-Point Tunnel Interface
1280
eth5
1.2.3.15
1.2.3.4
Unspecified
dead:beef:face::1/64
> CLIMCMD clim1 climconfig tunnel -info TUN2 -obeyform
climconfig tunnel \
-add TUN2 \
-ipaddress 3ffe::218:71ff:fe79:b378 \
-netmask 64 \
-local 173.17.190.40 \
-endpoint 173.17.190.100 \
-intf eth4
#CLIMCMD expects 'exit' to be the last command.
#This is required to terminate CLIMCMD session.
exit
Termination Info: 0
SEE ALSO
climconfig vpn
380
climconfig.vpn(1)
NAME
climconfig.vpn -- obtain information about virtual private networks
SYNOPSIS
CLIMCMD {clim-name|ip-address} climconfig vpn -status
[-prov {prov—name | all}] [-s src-ip -d dst-ip]
climconfig.vpn Description
This command displays the status of the VPN connection established between the source and
destination IP addresses. The security policy and the association loaded in the Security Policy
Database (SPD) and Security Association Database (SAD) are displayed in that order. -d and -s
are optional parameters; if they are omitted, the status of all the VPN connections is shown.
PARAMETERS
-s src-ip
Specifies the source IP address.
-d dst-ip
Specifies the destination IP address.
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own IPSec
configuration. The provider name is case-insensitive and always converted to UPPER case.
ERROR MESSAGES
The status for the VPN connection between src-ip and dst-ip is not found. Please check for
the correct options and retry again.
EXAMPLES
> CLIMCMD clim1 climconfig vpn -status
Security Policies from SPD:
10.2.2.0/24[any] 10.1.1.2[any] any
in ipsec
esp/tunnel/10.2.2.1-10.1.1.2/require
ah/tunnel/10.2.2.1-10.1.1.2/require
created: Jun 22 20:48:13 2008 lastused:
lifetime: 0(s) validtime: 0(s)
spid=8 seq=2 pid=369
refcnt=1
10.1.1.2[any] 10.2.2.0/24[any] any
out ipsec
esp/tunnel/10.1.1.2-10.2.2.1/require
ah/tunnel/10.1.1.2-10.2.2.1/require
created: Jun 22 20:48:13 2008 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1 seq=1 pid=369
refcnt=1
Security Associations from SAD:
10.1.1.2 10.2.2.1
esp mode=tunnel spi=262906055(0x0faba0c7)
reqid=0(0x00000000)
E: 3des-cbc f1eee61a f2642ace 2c89c610 c245978d 7ea13336
133d84d2
A: hmac-md5 d34b8476 cb8bda72 9d1b8e0b 059f14ad
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Jun 22 21:03:02 2008
current: Jun 22 21:03:22 2008
381
diff: 20(s)
hard: 28800(s) soft: 23040(s)
last: Jun 22 21:03:03 2008
hard: 0(s)
soft: 0(s)
current: 252(bytes)
hard: 0(bytes) soft: 0(bytes)
allocated: 3
hard: 0 soft: 0
sadb_seq=3 pid=727 refcnt=0
10.2.2.1 10.1.1.2
esp mode=tunnel spi=7523920(0x0072ce50) reqid=0
(0x00000000)
E: 3des-cbc b5e66f7b faeb03c3 4571b6ed 5686d721 c05350ad
49e967c2
A: hmac-md5 9206a14f 0f6dfb3a a2138e04 dc1c4140
seq=0x00000000 replay=4 flags=0x00000000 state=mature
created: Jun 22 21:03:03 2008
current: Jun 22 21:03:22 2008
diff: 19(s)
hard: 28800(s) soft: 23040(s)
last: Jun 22 21:03:03 2008
hard: 0(s)
soft: 0(s)
current: 408(bytes)
hard: 0(bytes) soft: 0(bytes)
allocated: 3
hard: 0 soft: 0
sadb_seq=1 pid=727 refcnt=0
SEE ALSO
climconfig sa -stop, climconfig sp -start, climconfig sp -stop
382
A SCF Error Messages
This appendix describes the CIP subsystem SCF error messages. Error messages are listed with
their accompanying subsystem programmatic interface (SPI) token.
For operator messages, see the Operator Messages Manual.
CIP 00001 (zcip-err-cmd-not-implemented)
CIP E00001 Command not implemented.
Cause
You entered a command that the CIP SCF product module does not support.
Effect
The SCF command is not executed.
Recovery
Check the SCF section of this manual for a list of supported commands.
CIP 00002 (zcip-err-internal-error)
CIP E00002 CIP SCF Product Module Internal Error - contact GCSC.
Cause
CIP SCF Product Module encountered an internal error.
Effect
The SCF command is not executed.
Recovery
This is a serious error. Send complete error information to your Global Customer Support Center
for analysis.
CIP 00003 (zcip-err-case-out-of-range)
CIP E00003 CIP SCF Product Module Internal Error: Case value out of range.
Cause
An invalid case value was generated with no associated case label.
Effect
The SCF command is not executed.
Recovery
This is a serious error. Send complete error information to your Global Customer Support Center
analyst for analysis.
CIP 00004 (zcip-err-cmd-attr-dup)
CIP E00004 Duplicate attribute specified.
Cause
You specified an attribute more than once in a command.
Effect
The SCF command is not executed.
Recovery
Omit the duplicate attribute and retry the command.
383
CIP 00005 (zcip-err-wild-not-sup)
CIP E00005 Object name object-name contains wild cards not allowed for this command.
object-name
Is the object name string that generated the error.
Cause
You attempted to use wildcard characters (*,?) in an object name for a command that does not
support wild-cards.
Effect
The SCF command is not executed.
Recovery
Reissue the command without wild-card characters in the object name.
CIP 00006 (zcip-err-cip-internal)
CIP E00006 INTERNAL ERROR: error-number, Origin origin,
Severity level for object-name.
error-number
Specifies an internal error number.
origin
Indicates where the internal error originated, such as CIPMAN, CIPMON, CIPSREQ.
level
Tells whether this error is informative, warning, fatal, or unrecognized.
object-name
Is the object name string that generated the error.
Cause
An internal error occurred within the CIP subsystem (CIPMAN, CIPMON, CIPSREQ).
Effect
The SCF command is not executed.
Recovery
This is a serious error. Send complete error information to your Global Customer Support Center
for analysis.
CIP 00007 (zcip-err-process-busy)
CIP E00007 CIP process is busy - cannot process request.
Cause
CIPMAN or one of the CIPMONs is busy and cannot process the given request at this time.
CIPMAN or CIPMON is probably starting up.
Effect
The SCF command is not executed.
Recovery
Retry command later. If this problem persists, contact your service provider.
CIP 00008 (zcip-err-clim-inuse)
CIP E00008 CLIM object-name is already assigned
to another Provider or another Route.
384 SCF Error Messages
object-name
Is the CLIM object specified in the ADD or ALTER PROVIDER, or ADD ROUTE command.
Cause
The CLIM name in an ADD or ALTER PROVIDER command is already assigned to another
Maintenance Provider or the CLIM name in an ADD ROUTE command is already assigned to
another Route with an overlapping IP-address family.
Effect
The CLIM cannot be assigned to two Maintenance Providers or Routes with an overlapping
IP-address family.
Recovery
Assign a different CLIM to the Maintenance Provider you want to add or alter or remove the
current Maintenance Provider that is using the specified CLIM. Use INFO CLIM, DETAIL command
to display the Maintenance Provider associated with that CLIM. Or assign a different CLIM to
the Route you want to add or assign a different IP address family to the Route you want to add
or remove the current Route that is using the specified CLIM. Use INFO ROUTE command to
display the CLIM and IP address family associated with each ROUTE object.
CIP 00009 (zcip-err-tpname-inuse)
CIP E00009 Transport Provider process specified for
provider-name is already assigned
to another Provider.
provider-name
Is the PROVIDER object specified in the ADD or ALTER PROVIDER command.
Cause
The transport provider process (CIPSAM process) name in an ADD or ALTER PROVIDER command
is already assigned to another provider.
Effect
The SCF command is rejected.
Recovery
Assign a different transport provider process to the provider you want to add or alter or remove
the current provider that is associated with the specified transport provider process. Use the SCF
INFO PROVIDER command to display the transport provider processes assigned to the providers
in the CIP subsystem.
CIP 00010 (zcip-err-tpname-invalid)
CIP E00010 tp-name is an invalid TP name.
tp-name
Is the name of transport provider process (CIPSAM process) specified in the ADD or ALTER
PROVIDER command.
Cause
The specified transport provider process (CIPSAM process) name is not a valid transport provider
process name.
Effect
The SCF command is rejected.
Recovery
Re-issue the command with a valid transport provider process (TP) name.
CIP 00011 (zcip-err-location-invalid)
CIP E00011 Invalid CLIM location location.
385
location
Is the CLIM location (group, module, slot, port, and, for systems that support it, fiber) that is
invalid.
Cause
The LOCATION attribute in an ADD CLIM command is invalid because:
•
One or more of the numbers contain invalid characters.
•
Any of the group, module, slot, port or fiber values are out of range.
•
Two or more values are inconsistent.
Effect
The SCF command is rejected.
Recovery
Re-issue the command with a correct LOCATION.
CIP 00012 (zcip-err-location-inuse)
CIP E00012 CLIM location location is in conflict with CLIM owner-name.
location
Is the specified CLIM location (group, module, slot, port, and, for some systems, fiber) in conflict
with the location already in use by an existing CLIM or has ownership of location that would
be required by the current ADD CLIM command.
owner-name
Specifies the other CLIM which has ownership of that location either explicitly for example,
has the exact same location specified in a previous ADD CLIM command) or implicitly (for
example, has an equivalent location to the location specified in a previous ADD CLIM
command).
Cause
The LOCATION attribute in an ADD CLIM command is already configured by another CLIM
object.
Effect
The SCF command is rejected.
Recovery
Re-issue the command with a different LOCATION.
CIP 00013 (zcip-err-location-incompatible)
CIP E00013 CLIM location location is invalid for this type of system.
location
Is the CLIM location (group, module, slot, port, or fiber) that is invalid.
Cause
The LOCATION attribute in an ADD CLIM command is invalid for this system.
Effect
The SCF command is rejected.
Recovery
Re-issue the command with a location that is valid for this type of system.
CIP 00015 (zcip-err-location-exclusive)
CIP E00015 CLIM clim-name is associated with an
existing maintenance Provider object.
clim-name
Is the CLIM object specified in the DELETE CLIM command.
386 SCF Error Messages
Cause
A DELETE CLIM command was issued for a CLIM object that is associated with an existing
Provider object. You cannot delete a CLIM object until there are no PROVIDER objects dependent
on the specified CLIM.
Effect
The SCF command is rejected.
Recovery
To remove the CLIM object, the PROVIDER object associated with the specified CLIM must be
removed first. Use the INFO PROVIDER command to display the names of the providers and
their associated CLIMs.
CIP 00016 (zcip-err-cpu-not-avail)
CIP E00016 The CIPMON in the specified processor to be traced is in the STOPPED state.
Cause
The user issued a TRACE command but there is no CIPMON to handle that request in the specified
processor.
Effect
The SCF command is not executed.
Recovery
Issue the START MON command, then retry the TRACE command.
CIP 00017 (zcip-err-qio-resource-short)
CIP E00017 Command failed for object object-name due
to QIO error error-number.
object-name
Is the name of the object that generated the error.
error-number
Is the QIO error number encountered.
Cause
The specified SCF command required use of QIO resources, but an error in manipulating these
QIO resources caused the command to fail.
Effect
SCF ignores the command.
Recovery
Check the condition that caused the given QIO error, resolve that condition, then retry the SCF
command.
CIP 00018 (zcip-err-climconfig-db-fail)
CIP E00018 Configuration failure due to cause on
operation operation-type for object-name.
cause
Specifies what caused the error. The causes are:
•
Record not found
•
Record already exists
•
Obsolete record version
•
Record version too new
•
Database is locked by another process
387
•
Record information is corrupted
•
ConfigDB operation fails
operation-type
Specifies the operation the object was performing when the error occurred. The operations
are:
•
Locking
•
Unlocking
•
Inserting
•
Deleting
•
Reading
•
Updating
object-name
Is the name of the object that generated the error.
Cause
The SCF command requires CIPMAN to manipulate the configuration database, but it failed as
specified by the cause information.
Effect
SCF ignores the command.
Recovery
Check the command and correct all problems, then try the command again. If failure persists,
contact your service provider with the cause and operation-type information.
CIP 00019 (zcip-err-open-sockets)
CIP E00019 Cannot stop object-name, open sockets still exist.
object-name
Is the name of the object that generated the error.
Cause
A STOP command cannot be executed because the object still has open sockets.
Effect
The SCF command is rejected.
Recovery
Close all sockets using the object and reissue the STOP command, or use the ABORT command
instead of the STOP command.
CIP 00020 (zcip-err-obj-busy)
CIP 00020 Object object-name is busy with other operations.
object-name
Is the name of the object that generated the error.
Cause
The object you issued the command to is busy performing other actions and cannot process the
SCF command.
Effect
SCF ignores the command.
Recovery
Wait, then try the command again. Contact your service provider if the problem persists.
388 SCF Error Messages
CIP 00021 (zcip-err-cip-timeout)
CIP 00021 CIP command timed out on object-name.
object-name
Is the name of the object that generated the error.
Cause
A command expired before a response from the CLIM was received.
Effect
The SCF command you entered was initiated, but successful completion cannot be guaranteed.
Recovery
If possible, check if the command completed successfully; otherwise, reissue the command.
CIP 00022 (zcip-err-inv-switch-cpu)
CIP E00022 CPU is not the backup processor.
Cause
The CPU parameter in a PRIMARY command was specified, but its value was not the backup
processor number.
Effect
The command is not executed.
Recovery
Use the correct backup processor number or omit the CPU parameter.
CIP 00023 (zcip-err-hostname-invalid)
CIP E00023 hostname is an invalid hostname.
hostname
Is the hostname specified in the ADD or ALTER PROVIDER command.
Cause
The specified hostname is not a valid hostname.
Effect
The SCF command is rejected.
Recovery
Re-issue the command with a valid hostname.
NOTE: hostname is a string from zcom-tkn-objname-01 (almost identical to
zcom-tkn-objname).
CIP 00024 (zcip-err-filesystem)
CIP E00024 Command failed for object object-name due to file system error error-number.
object-name
Is the name of the object that generated the error.
error-number
Is the NonStop host-system filesystem error number encountered.
Cause
A command failed during a file system operation on a specified file (most likely a trace filename).
This caused the command to fail.
Effect
The SCF command is rejected.
Recovery
Make sure that a valid and correct filename is specified, then retry the SCF command.
389
NOTE:
error-number is from zcip-tkn-cip-error-detail (field errcode).
CIP 00025 (zcip-err-name-reserved)
CIP E00025 Object name object-name is currently reserved and cannot be used.
Cause
You attempted to use an object name in an ADD command that is currently cannot be used
within CIP subsystem for the specified object type.
Effect
The SCF command is not executed.
Recovery
Reissue the ADD command using different object name.
NOTE: The specified object name probably already has a corresponding CIP subsystem
configuration record within the configuration database that cannot be used by the CIP subsystem
for some reason. See CIP EMS event 5206, 5306, and 5506 for more details.
CIP 00026 (zcip-err-attr-val-invalid)
CIP E00026 Attribute value invalid: text.
text
Is the text string describing the problem with the attribute value.
Cause
You issued a command, and tried to assign an invalid value to an attribute.
Effect
The SCF command is not executed.
Recovery
Reissue the command using a value for that attribute that is within the valid range.
NOTE:
This is used internally by the SCF product module.
CIP 00027 (zcip-err-attr-incompatible)
CIP E00027 Invalid attribute combination..
Cause
The specified attribute conflicted with one or more of the other attributes on the command line.
Effect
The SCF command is not executed.
Recovery
Refer to the command descriptions (in the manual or help text) for information about which
attributes can be combined.
NOTE:
This is used internally by the SCF product module.
CIP 00028 (zcip-err-cpu-attr-invalid)
CIP E00028 CPU attribute not supported.
Cause
You issued a TRACE MON or TRACE PROCESS command with the CPU attribute specified. Only
TRACE CLIM and TRACE PROVIDER commands support the CPU attribute.
Effect
The SCF command is not executed.
390 SCF Error Messages
Recovery
Reissue SCF command without the CPU attribute.
NOTE:
This is used internally by the SCF product module.
CIP 00029 (zcip-err-locksize-invalid)
CIP E00029 LOCKSIZE must be less than or equal to PAGES.
Cause
You issued a TRACE command with a LOCKSIZE value that was greater than the PAGES value.
Effect
The SCF command is not executed.
Recovery
Retry the command with a LOCKSIZE value that is less than or equal to the PAGES value. If
PAGES is not specified, LOCKSIZE must be less than or equal to 64 pages.
NOTE:
This is used internally by the SCF product module.
CIP 00030 (zcip-err-cpu-attr-required)
CIP E00030 CPU attribute is required.
Cause
You issued a TRACE CLIM or TRACE PROVIDER command and specified the TO attribute but
not the CPU attribute.
Effect
The SCF command is not executed.
Recovery
Reissue the SCF command with the CPU attribute.
NOTE:
This is used internally by the SCF product module.
CIP 00031 (zcip-err-context-invalid)
CIP E00031 Request contains invalid or obsolete context information.
Cause
Continuation of an SCF command happens with invalid or obsolete context information. This
can happen if too much time has elapsed between the initial request and command continuation.
Effect
The SCF command is not executed.
Recovery
Reissue the SCF command.
CIP 00032 (zcip-err-unsynch-mon)
CIP E00032 One or more CIPMON processes are out of synch.
Cause
An SCF request for configuration change (ADD, DELETE, or ALTER command) or state change
(START, STOP, or ABORT command) cannot be executed because the CIPMAN process cannot
communicate with one or more CIPMON processes to ensure consistency of CIP subsystem
configuration.
Effect
The SCF configuration or state change command is not executed.
391
Recovery
Reissue the SCF command. If the problem persists for more than a short duration, locate the
problematic CIPMON process and fix the cause for that CIPMON process' inability to process
the request from the CIPMAN process.
CIP 00033 (zcip-err-sub-not-stopped)
CIP E00033 One or more subordinate objects cannot be stopped.
Cause
A STOP or ABORT PROCESS SCF request with the SUB ALL option specified failed to stop the
CIPMAN process because the CIPMAN process cannot stop one or more subordinated CLIM
and PROVIDER objects.
Effect
The CIPMAN process is not stopped.
Recovery
If you only want to stop the CIPMAN process, reissue the STOP or ABORT PROCESS SCF request
without the SUB option or with the SUB NONE option. If you want to stop all subordinate CLIM
and PROVIDER objects as well as the CIPMAN process itself, use the ABORT PROCESS SCF
request with the SUB ALL option. If the problem persists, investigate why the subordinate objects
cannot be stopped.
CIP 00034 (zcip-err-sub-not-supported)
CIP E00034 Specified SUB option is not supported by command/object.
Cause
The SUB option is specified and it is not compatible with the specified command or the SUB
option is omitted for a command that requires the SUB option.
Effect
The SCF command is rejected.
Recovery
Make sure that a valid SUB option is specified, then retry the SCF command.
CIP 00035 (zcip-err-cpu-down)
CIP E00035 The specified processor is currently down.
Cause
You issued a TRACE command but the specified processor is currently down.
Effect
The SCF command is rejected.
Recovery
Reissue the TRACE command with a different processor.
CIP 00036 (zcip-err-wrong-prov-type)
CIP E00036 PROVIDER object-name type is not compatible with this request.
object-name
Is the PROVIDER object specified in the ADD or ALTER CLIM, ADD or ALTER PROVIDER, or
ADD ROUTE or STATUS PROVIDER, ROUTE or SWITCH CLIM, PROVIDER command.
Cause
The provider name in an ADD or ALTER CLIM, ADD or ALTER PROVIDER, or ADD ROUTE or
STATUS PROVIDER, ROUTE or SWITCH CLIM, PROVIDER command belongs to a type that is
not compatible with the command.
392 SCF Error Messages
Effect
The SCF command is rejected.
Recovery
Reissue the SCF command with different provider that has the correct type or reissue SCF
command with option that is compatible with the provider type. Use the INFO PROVIDER
command to display the type of each provider.
CIP 00037 (zcip-err-invalid-clim)
CIP E00037 CLIM object-name is invalid for this request.
object-name
Is the CLIM object specified in the ADD or ALTER PROVIDER, ALTER CLIM, or ADD ROUTE
command.
Cause
The CLIM name in an ADD or ALTER PROVIDER command has operational mode that is not
compatible with the command. Or the target CLIM in an ALTER CLIM command has an operation
mode that is not compatible with the attribute specified with the command. Or the CLIM name
in an ADD ROUTE command is not associated with the parent PROVIDER object of that Route
and the MULTIPROV attribute of that CLIM is set to OFF.
Effect
The SCF command is rejected.
Recovery
Reissue SCF ADD or ALTER PROVIDER command with different CLIM that has the correct
operational mode. Or reissue the SCF ALTER CLIM command with a different CLIM that has the
correct operational mode. Or reissue the SCF ADD ROUTE command with CLIM and IPDATA
provider names that are associated with each other or with a CLIM that has the MULTIPROV
attribute set to ON. Use the INFO CLIM command to display the MULTIPROV attribute and the
IPDATA provider associated with each CLIM.
CIP 00038 (zcip-err-route-exists)
CIP E00038 CLIM clim-name is associated with an existing Route object.
clim-name
Is the CLIM object specified in the DELETE CLIM or ALTER CLIM command.
Cause
A DELETE CLIM command was issued for a CLIM object that is associated with an existing Route
object. You cannot delete a CLIM object until there are no (Maintenance Provider or Route)
objects dependent on the specified CLIM. Or an ALTER CLIM a command was issued for a CLIM
object that is associated with an existing Route object that would not be able to associate with
that CLIM object if the ALTER CLIM command successfully completes. Although a Route object
can be associated with any CLIM with MULTIPROV ON, a Route object cannot be associated
with a CLIM with MULTIPROV OFF unless the PROVIDER attribute of that CLIM is the same as
the parent of that Route object.
Effect
The SCF command is rejected.
Recovery
To remove or alter the CLIM object, the Route object associated with the specified CLIM must be
removed first. Use the INFO ROUTE command to display the CLIM associated with each Route
object.
CIP 00039 (zcip-err-storage-inuse)
CIP E00039 CLIM clim-name is in use by Storage Subsystem.
clim-name
Is the CLIM object specified in the DELETE CLIM command.
393
Cause
A DELETE CLIM command was issued for a CLIM object (with STORAGE operation mode) that
is being used by Storage Subsystem. You cannot delete a CLIM object until there is no reference
from Storage Subsystem to the specified CLIM.
Effect
The SCF command is rejected.
Recovery
To remove the CLIM object, the dependency of Storage Subsystem on the specified CLIM must
be removed first. See Storage Subsystem for more details.
CIP 00040 (zcip-err-interface-exists)
CIP E00040 CLIM clim-name still has interfaces running on other CLIM(s).
clim-name
Is the CLIM object specified in the DELETE CLIM or ALTER CLIM command.
Cause
A DELETE CLIM or ALTER CLIM command was issued for a CLIM object that is associated with
one or more interfaces configured on that CLIM that are currently running on other CLIM(s). You
cannot delete a CLIM object or alter PROVIDER attribute of a CLIM object with MULTIPROV OFF
until there are no interfaces configured on that CLIM running on any CLIM.
Effect
The SCF command is rejected.
Recovery
To remove the CLIM object, the interfaces associated with the specified CLIM must be removed
first. Use the STATUS CLIM, DETAIL command to display the active interfaces associated with
that CLIM. Use ABORT CLIM, INTFALL command to stop usage of all interfaces configured on
that CLIM.
CIP 00041 (zcip-err-clim-exists)
CIP E00041 PROVIDER object-name is associated with an existing CLIM object.
object-name
Is the PROVIDER object specified in the DELETE PROVIDER command.
Cause
A DELETE PROVIDER command was issued for an IPDATA provider object that is associated with
an existing CLIM object. You cannot delete a PROVIDER object until there are no (CLIM or Route)
objects dependent on the specified provider.
Effect
The SCF command is rejected.
Recovery
To remove the IPDATA provider object, the CLIM object associated with the specified IPDATA
provider must be removed first. Use the INFO PROVIDER, DETAIL command to display the names
of the CLIM associated with that IPDATA provider.
CIP 00041 (zcip-err-clim-exists)
CIP E00041 PROVIDER object-name is associated with an existing CLIM object.
object-name
Is the PROVIDER object specified in the DELETE PROVIDER command.
Cause
A DELETE PROVIDER command was issued for an IPDATA provider object that is associated with
an existing CLIM object. You cannot delete a PROVIDER object until there are no (CLIM or Route)
objects dependent on the specified provider.
394 SCF Error Messages
Effect
The SCF command is rejected.
Recovery
To remove the IPDATA provider object, the CLIM object associated with the specified IPDATA
provider must be removed first. Use the INFO PROVIDER, DETAIL command to display the names
of the CLIM associated with that IPDATA provider.
CIP 00042 (zcip-err-object-unremovable)
CIP E00042 PROVIDER object-name cannot be deleted.
object-name
Is the PROVIDER object specified in the DELETE PROVIDER command.
Cause
A DELETE PROVIDER command was issued for the default PROVIDER object ($ZZCIP.ZTC0)
which can never be deleted.
Effect
The SCF command is rejected.
Recovery
Reissue SCF command with a different Provider.
CIP 00043 (zcip-err-intf-not-exist)
CIP E00043 PROVIDER interface-name does not exist.
interface-name
Is the interface name specified in the SWITCH CLIM command.
Cause
A SWITCH CLIM command was issued for an interface that does not exist.
Effect
The SCF command is rejected.
Recovery
Reissue SCF command with the correct interface name.
CIP 00044 (zcip-err-intf-invalid)
CIP E00044 Interface interface-name is invalid for specified CLIM.
interface-name
Is the interface name specified in the SWITCH CLIM command.
Cause
A SWITCH CLIM command was issued for an interface that does not belong to the specified
CLIM object.
Effect
The SCF command is rejected.
Recovery
Reissue SCF command with the correct interface or CLIM name.
CIP 00045 (zcip-err-intf-no-fover)
CIP E00045 Interface interface-name is not configured to support failover.
interface-name
Is the interface name specified in the SWITCH CLIM command.
Cause
A SWITCH CLIM command was issued for an interface that is not configured to support failover.
395
Effect
The SCF command is rejected.
Recovery
Reissue SCF command with the correct interface name.
CIP 00046 (zcip-err-intf-fover-invalid
CIP E00046 Interface interface-name failover configuration cannot currently fail over.
interface-name
Is the interface name affected by the SWITCH CLIM command.
Cause
A SWITCH CLIM command was issued, either implicitly or explicitly, that affects an interface
which is configured for failover, but the current condition makes failover to another CLIM
impossible. The possible conditions include:
•
A target CLIM or interface for failover does not exist or is invalid.
•
A target CLIM is currently not accessible.
•
An interface is brought down by an operator request.
•
The target CLIM does not have sufficient configuration information to bring up the interface.
•
The interface for failover has a visiting interface.
Effect
The SCF command is rejected for that interface.
Recovery
Use the STATUS CLIM, DETAIL command to display failover configurations for all interfaces
configured on a CLIM. Ensure that the failover configuration is correct and valid on the target
CLIM and that the target CLIM is accessible. Then reissue the SCF command.
CIP 00047 (zcip-err-intf-fover-fail
CIP E00047 Failover attempt for interface interface-name failed.
interface-name
Is the interface name affected by the SWITCH CLIM command.
Cause
An attempt to fail over an interface as part of a SWITCH CLIM command failed and the specified
interface cannot be brought up on the target CLIM.
Effect
The interface cannot be brought up on the target CLIM.
Recovery
Check CIP EMS event 5223 to find out more details about why the interface cannot be brought
up on the target CLIM. Correct the problem and reissue the SCF command.
CIP 00048 (zcip-err-clim-not-stopped
CIP E00048 CLIM(s) associated with PROVIDER object-name are not stopped.
object-name
Is the PROVIDER object specified in the ALTER PROVIDER command.
Cause
The provider name in an ALTER PROVIDER command (with SHARE-PORTS option) has one or
more associated CLIM(s) not in STOPPED state.
Effect
The SCF command is rejected.
396 SCF Error Messages
Recovery
Stop the CLIM(s) associated with the Provider by using the INFO PROVIDER, DETAIL command
to display the list of CLIMs associated with the Provider and then using the STOP or ABORT CLIM
command to stop the associated CLIM(s). Reissue the SCF ALTER PROVIDER command.
CIP 00049 (zcip-err-ipaddr-invalid
CIP E00049 ip-address is invalid.
ip-address
Is the IP address specified in the ADD CLIM command.
Cause
The specified IP address is not a valid IP address for a maintenance Provider.
Effect
The SCF command is rejected.
Recovery
Re-issue the command with a valid IP address.
CIP 00050 (zcip-err-connpts-invalid
CIP E00050 CONNPTS value connpts is invalid for specified location.
connpts
Is the CONNPTS attribute value specified in the ADD or ALTER PROVIDER command.
Cause
The specified CONNPTS value is not valid or not valid for the specified location.
Effect
The SCF command is rejected.
Recovery
Re-issue the command with a valid CONNPTS attribute value.
CIP 00051 (zcip-err-family-invalid
CIP E00051 FAMILY value family is invalid.
family
Is the FAMILY attribute value specified in the ADD ROUTE or PROVIDER or ALTER PROVIDER
command.
Cause
The specified FAMILY value is not valid for the specified object type or the specified FAMILY
value for ROUTE object is not valid for the specified parent provider object FAMILY.
Effect
The SCF command is rejected.
Recovery
Re-issue the command with a valid FAMILY attribute value.
CIP 00052 (zcip-err-priority-invalid
CIP E00052 PRIORITY value priority is invalid for specified location.
priority
Is the PRIORITY attribute value specified in the ADD ROUTE command.
Cause
The specified PRIORITY value is not valid.
Effect
The SCF command is rejected.
397
Recovery
Re-issue the command with a valid PRIORITY attribute value.
CIP 00053 (zcip-err-active-mon)
One or more CIPMON processes are still running.
Cause
A STOP PROCESS SCF request failed to stop the CIPMAN process because one or more CLIM
or PROVIDER objects are not in a STOPPED state and one or more CIPMON processes are still
running (i.e., one or more MON objects not in a STOPPED state).
Effect
The CIPMAN process is not stopped.
Recovery
If you only want to stop the CIPMAN process, issue the ABORT PROCESS SCF request without
the SUB option or with the SUB NONE option. If you want to stop all subordinate CLIM and
PROVIDER objects as well as the CIPMAN process itself, use the ABORT PROCESS SCF request
with the SUB ALL option. If the problem persists, investigate why the subordinate objects cannot
be stopped.
CIP 00054 (zcip-err-clim-config-mismatch)
CLIM clim-name has incompatible configuration.
clim-name
is the CLIM object specified in the ALTER CLIM command.
Cause
An ALTER CLIM command was issued for a CLIM object whose configuration on the CLIM is not
compatible with the new attribute value and cannot be converted to be compatible with the new
attribute value. In particular, the MULTIPROV attribute cannot be altered to OFF if there are any
network resources configured on the CLIM that are associated with a provider that is not the
same as the PROVIDER attribute of that CLIM object.
Effect
The SCF command is rejected.
Recovery
To alter the CLIM object, the configuration on the CLIM must first be updated to be compatible
with the new attribute value. Then reissue the ALTER CLIM command.
CIP 00055 (zcip-err-interface-exists-prov)
Provider prov-name still has active associated interfaces.
prov-name
is the PROVIDER name specified in the DELETE PROVIDER command.
Cause
A DELETE PROVIDER command was issued for a PROVIDER object that is associated with one
or more interfaces configured on one or more CLIMs. You cannot delete a PROVIDER object
until there are no active interfaces on any CLIMs associated with that provider. This can happen
when there are interfaces configured on a CLIM with MULTIPROV ON that are associated with
the target PROVIDER object even though the parent CLIM object is not directly associated with
the PROVIDER object (via the PROVIDER attribute of that CLIM).
Effect
The SCF command is rejected.
Recovery
To remove the PROVIDER object, the interfaces associated with the specified provider must be
removed first. Use the STATUS PROVIDER, DETAIL command to display the active interfaces
associated with that provider. On each CLIM, use “climconfig” to remove all interfaces associated
398 SCF Error Messages
with that provider. On each CLIM, use “climconfig interface –info all” to list all interfaces with
their associated provider to find all interfaces associated with that provider on that CLIM.
CIP 00056 (zcip-err-prov-not-exist)
Provider prov-name does not exist.
prov-name
is the PROVIDER name specified in the SWITCH CLIM command.
Cause
A SWITCH CLIM command was issued for a provider that does not exist.
Effect
The SCF command is rejected.
Recovery
Reissue SCF command with the correct provider name. (SCFPM Note: prov-name is from
zcip-tkn-provider-name.)
CIP 00057 (zcip-err-clim-incompatible)
CLIM clim-name software version is incompatible.
clim-name
is the CLIM object specified in the ALTER CLIM command.
Cause
An ALTER CLIM command was issued for a CLIM object whose software version on the CLIM is
not compatible with the new attribute value. In particular, the MULTIPROV attribute cannot be
altered to ON if the CLIM software does not support the MULTIPROV feature.
Effect
The SCF command is rejected.
Recovery
To alter the CLIM object, the configuration on the CLIM software must first be updated to be
compatible with the new attribute value. Then reissue the ALTER CLIM command.
CIP 00058 (zcip-err-interface-wrong-prov)
CLIM clim-name has interfaces associated with other PROVIDER(s).
clim-name
is the CLIM object specified in the ALTER CLIM command.
Cause
An ALTER CLIM, MULTIPROV OFF command was issued for a CLIM object that has one or more
interfaces configured on it which are associated with a provider other than the PROVIDER attribute
of the CLIM object even though the CLIM object is not in STARTED state. You cannot alter the
MULTIPROV attribute of a CLIM object to OFF until all known interfaces for that CLIM are
associated with the provider specified by the PROVIDER attribute of that CLIM object.
Effect
The SCF command is rejected.
Recovery
To set the ALTER MULTIPROV attribute of the CLIM object to OFF, the interfaces associated with
the specified CLIM and providers other than the PROVIDER attribute of that CLIM object must be
removed first. Use the ABORT CLIM, INTFALL command to stop usage of all interfaces configured
on that CLIM.
CIP 00059 (zcip-err-interface-wrong-prov)
CLIM clim-name has no association with Provider prov-name.
399
clim-name
is the CLIM object specified in the SWITCH CLIM command.
prov-name
is the PROVIDER name specified in the PROVIDER option of the SWITCH CLIM command.
Cause
A SWITCH CLIM, PROVIDER command was issued for a provider that does not have any
association with network resources configured on the specified CLIM.
Effect
The SCF command is rejected.
Recovery
Reissue SCF command with the correct provider name. (SCFPM Note: prov-name is from
zcip-tkn-provider-name.)
400 SCF Error Messages
B Fault Codes
This appendix documents fault codes that belong to the CIP subsystem and can appear in CIP
subsystem EMS messages.
Many fault codes suggest checking software versions. To obtain this information:
•
Use SCF VERSION PROCESS $ZZCIP to obtain the CIPMAN version.
•
Use SCF VERSION MON $ZZCIP.mon to obtain the CIPMON software version.
•
Examine the VPROC $SYSTEM.SYSnn.ZCIPDLL file to obtain the ZCIPDLL version. (This version
should be the same as the CIPMON software version.)
•
Use SCF VERSION CLIM $ZZCIP.CLIM to obtain the CLIM software version or look in the
/etc/vprocfile on the CLIM.
Origin “CIP Manager” Fault Code 1003
Cause
The size of the message CIPMAN received from CIPMON is inconsistent with what is expected.
Effect
The message is dropped without further processing.
Recovery
CIPMAN automatically retries the operation. If this problem persists over an extensive period of
time, make sure the appropriate versions of software (CIPMAN, CIPMON, ZCIPDLL, CLIM) are
running. If the problem persists, contact your HP service provider.
Origin “CIP Manager” Fault Code 1011
Cause
A configured CLIM object is now unusable due to a problem with hardware connectivity. This
can be caused by there being no CLIM connected at the configured location, different devices
connected on different fabrics corresponding to the same configured location, or other connectivity
problems. There should also be a CIP subsystem event 5211 that provides more detailed
information.
Effect
The specified CLIM object cannot be accessed.
Recovery
Make sure that the correct CLIM hardware is connected at the correct locations and that the
CLIM and the ServerNet switch are configured correctly.
Origin “CIP Manager” Fault Code 1012
Cause
There are no active CIPMON processes running in any processor on the system. This is most
likely caused by an operator request.
Effect
No access to any CLIM or provider from any processor.
Recovery
Make sure that CIPMON processes are started by the persistent manager. See “Starting CIP on
the NonStop Host System” (page 100) for information about how to start CIPMON processes.
Origin “CIP Manager” Fault Code 1015
Cause
An attempt to read or write a configuration database record by the CIPMAN process fails.
401
Effect
For reading of a non-critical configuration database record, CIPMAN continues without access
to the object corresponding to the configuration database record. For a critical configuration
database record, CIPMAN terminates and the backup CIPMAN takes over.
Recovery
None. This is an informational event. However, if an existing CIP subsystem object (such as a
CLIM or Provider) is unexpectedly missing, you may want to restart the CIPMAN process.
Origin “CIP Manager” Fault Code 1017
Cause
A configured CLIM object is now unusable due to a mismatch between configuration on the
CLIM and configuration on the NonStop System.
Effect
The specified CLIM object cannot be brought to STARTED state.
Recovery
Make sure that the configuration on the CLIM is consistent with the configuration of the CLIM
object on the NonStop system. In particular, if the CLIM is configured with MULTIPROV set to
OFF, all network resources on the CLIM must not be associated with any specific provider or all
network resources on the CLIM must be associated with the IPDATA provider specified by the
PROVIDER attribute of the CLIM object.
Origin “CIP Manager” Fault Code 1018
Cause
A configured CLIM object is now unusable because the version of software running on that CLIM
does not support one or more features (such as MULTIPROV support) that have been turned on
for that configured CLIM object.
Effect
The specified CLIM object cannot be brought to STARTED state.
Recovery
Make sure that the CLIM is running software that can support the feature sets configured for that
CLIM object or turn off features that are not supported by the software running on the CLIM using
theSCF ALTER CLIM command.
Origin “CIP Manager” Fault Code 1019
Cause
A configured CLIM object is now unusable due to CIPMAN receiving invalid CLIM-based
configuration information from the CLIM.
Effect
The message is dropped without further processing. The specified CLIM object cannot be brought
to STARTED state.
Recovery
CIPMAN will automatically retry the operation. However, if this problem persists over an extensive
period of time, the operator should make sure that an appropriate version of the software
(CIPMAN, CIPMON, ZCIPDLL, CLIM) are running and make sure that the configuration on the
CLIM is consistent with the configuration of the CLIM object on the NonStop system. If the problem
still persists, contact your HP representative.
Origin “CIPMON” Fault Code 2001
Cause
An unexpected failure condition was encountered by a CIPMON process.
402 Fault Codes
Effect
The CIPMON process terminates. In an extreme case, the CIPMON processor may be halted.
Recovery
If the CIPMON processor is not halted, no recovery action is required. The CIPMON process is
restarted automatically by the persistence manager. If the CIPMON processor is halted, perform
a dump operation and reload the processor.
Origin “CIPMON” Fault Code 2002
Cause
The CIPMON process either (a) attempts to obtain an invalid type of resource, (b) attempts to
use resources that are not sufficient for the current operation, or (c) cannot obtain necessary
resources (such as memory). Check the EMS event for more details.
Effect
The current operation by CIPMON fails.
Recovery
None. CIP subsystem should automatically recover. If this problem persists, make sure sufficient
resources are available. Check the EMS event for more details about the type of resources that
caused the problem. If this problem persists for an extended period of time, report the problem
to your HP service provider.
Origin “CIPMON” Fault Code 2003
Cause
CIPMON detects that the information within an internal control block is not consistent with what
is expected.
Effect
The CIPMON processor is halted.
Recovery
This is a serious problem. Send complete information to your HP service provider.
Origin “CIPMON” Fault Code 2011
Cause
Either (a) CIPMON detects an attempt to access an invalid state machine, or (b) a state machine
corresponding to a CIP subsystem object within CIPMON is put in an unexpected state.
Effect
For (a), the CIPMON processor is halted. For (b), the CIP subsystem object corresponding to the
affected state machine is no longer accessible through that CIPMON process.
Recovery
This is a serious problem. Send complete information to your HP service provider for analysis.
Origin “CIPMON” Fault Code 2013
Cause
The CIPMON process receives a message from either the CIPMAN process or a CLIM with
version information that does not match what the CIPMON process expects.
Effect
The message is dropped or rejected.
Recovery
Make sure the correct and matching software is running on both the NonStop host system and
on the CLIM.
403
Origin “CIPMON” Fault Code 2022
Cause
The CIPMON process receives a response message from a CLIM that has a CLIM type that was
not expected for that type of request.
Effect
The message is dropped.
Recovery
Make sure the correct and matching software is running on both the NonStop host system and
on the CLIM.
Origin “CIPMON” Fault Code 2030
Cause
A CIPMON process in either the STARTING or STARTED state is incompatible with the current
CIPMAN process. The CIPMAN protocol version is newer than that CIPMON protocol version.
Effect
The CIP subsystem does not function properly. If CIPMON is already in the STARTED state, the
current socket operations might work correctly but there are not any recovery actions. If CIPMON
is in the STARTING state, the CIP subsystem access through that processor is not available and
additional MON object transient faults (Origin “CIPMON” Fault Code 2032) are likely to be
generated.
Recovery
Install the correct, compatible versions of CIPMAN and CIPMON.
Origin “CIPMON” Fault Code 2031
Cause
A CIPMON process in either the STARTING or STARTED state is incompatible with the current
CIPMAN process. The CIPMAN protocol version is older than that CIPMON protocol version.
Effect
The CIP subsystem does not function properly. If CIPMON is already in the STARTED state, the
current socket operations might work correctly but there are not any recovery actions. If CIPMON
is in the STARTING state, the CIP subsystem access through that processor is not available and
an additional MON object transient fault (Origin “CIPMON” Fault Code 2033) is likely to be
generated.
Recovery
Install the correct, compatible version of CIPMAN and CIPMON.
Origin “CIPMON” Fault Code 2032
Cause
A CIPMON process in the STARTING state is incompatible with the current CIPMAN process.
The CIPMAN protocol version is newer than that CIPMON protocol version.
Effect
The CIP subsystem does not function properly. The CIP subsystem access through that processor
is not available
Recovery
Install the correct, compatible version of CIPMAN and CIPMON.
Origin “CIPMON” Fault Code 2033
Cause
A CIPMON process in the STARTING state is incompatible with the current CIPMAN process.
The CIPMAN protocol version is older than that CIPMON protocol version.
404 Fault Codes
Effect
The CIP subsystem does not function properly. The CIP subsystem access through that processor
is not available.
Recovery
Install the correct, compatible version of CIPMAN and CIPMON.
Origin “CIPMON” Fault Code 2034
Cause
A CIPMON process is taking unusually long time to process a set of requests. This can be caused
by insufficient QIO memory resources.
Effect
Requests that goes through that particular CIPMON (such as some sockets operations and some
SCF requests) can be slower than normal.
Recovery
None. CIP subsystem should automatically recover. If this problem persists, the operator should
make sure that sufficient QIO memory are available. If this problem persists for extended period
of time, please report the problem to your Global Customer Support Center analyst for analysis.
Origin “CIPSREQ” Fault Code 3001
Cause
The operation is invalid for the current state of the object within the CIP subsystem dynamic link
library (ZCIPDLL).
Effect
The operation fails.
Recovery
Make sure the correct and matching CIPMON and ZCIPDLL are running. If not, this is a serious
problem. Send complete information to your HP service provider for analysis.
Origin “CIPSREQ” Fault Code 3002
Cause
The operation invoked by the CIPMON process is invalid for the object type of the specified
object.
Effect
The operation fails.
Recovery
Make sure the correct and matching CIPMON and ZCIPDLL are running. If not, this is a serious
problem. Send complete information to your HP service provider for analysis.
Origin “CIPSREQ” Fault Code 3003
Cause
A DSM trace request is not consistent with the current tracing status of the specified object.
Effect
Trace operation fails.
Recovery
None. This is an informational message.
Origin “CIPSREQ” Fault Code 3004
Cause
The maintenance Provider object still has an associated interface within the CIP subsystem
dynamic link library (ZCIPDLL) and its configuration cannot be modified.
405
Effect
The ALTER PROVIDER request fails.
Recovery
If this problem persists, send complete information to your HP support provider for analysis.
Origin “CIPSREQ” Fault Code 3005
Cause
One or more parameters that CIPMON passed into the CIP subsystem dynamic link library
(ZCIPDLL) are invalid.
Effect
The operation fails.
Recovery
Make sure the correct and matching CIPMON and ZCIPDLL are running. If not, this is a serious
problem. Send complete information to your HP support provider for analysis.
Origin “CIPSREQ” Fault Code 3006
Cause
The specified object does not exist within the CIP subsystem dynamic link library (ZCIPDLL).
Effect
The operation fails. The object cannot be accessed on that processor.
Recovery
This is a serious problem. Send complete information to your HP support provider for analysis.
Origin “CIPSREQ” Fault Code 3007
Cause
Some needed resources are not available to the CIP subsystem dynamic link library (ZCIPDLL).
Effect
The operation fails.
Recovery
None. The CIP subsystem should automatically recover. If this problem persists, make sure
sufficient resources are available. Check the EMS event for more details about the type of
resources that caused the problem. If this problem persists for an extended period of time, report
the problem to your HP support provider for analysis.
Origin “CIPSREQ” Fault Code 3010
Cause
The CIP subsystem dynamic link library (ZCIPDLL) encounters too many errors in communication
with the specified CLIM object.
Effect
Access to the CLIM is lost.
Recovery
None. The CIP subsystem should automatically recover.
Origin “CIPSREQ” Fault Code 3012
Cause
An unexpected error within the state machine occurred for the specified object within the CIP
subsystem dynamic link library (ZCIPDLL).
Effect
The operation fails.
406 Fault Codes
Recovery
This is a serious problem. Send complete information to your HP support provider for analysis.
Origin “CIPSREQ” Fault Code 3017
Cause
The CIP subsystem dynamic link library (ZCIPDLL) received an updated IP address or route (add
or delete) from the CLIM that is not consistent with what is expected.
Effect
The IP address or route is not updated within the CIP subsystem dynamic link library (ZCIPDLL)
in that processor.
Recovery
If the problem persists, a CLIM reboot is recommended.
Origin “CIPSREQ” Fault Code 3018
Cause
The size of the message the CIP subsystem dynamic link library (ZCIPDLL) attempted to send to
the CLIM is too large.
Effect
The operation fails.
Recovery
Make sure the correct and matching CIPMON, ZCIPDLL, and CLIM software versions are running.
If mismatched versions are not the cause, this is a serious problem. Send complete information
to your HP support provider for analysis.
Origin “CIPSREQ” Fault Code 3020
Cause
The CIP subsystem dynamic link library (ZCIPDLL) receives a data message from the CLIM that
is too small.
Effect
Access to the CLIM is lost.
Recovery
Make sure the correct and matching software is running on both the NonStop host system and
on the CLIM. If mismatched versions are not the cause, this is a serious problem. Send complete
information to your HP support provider for analysis.
Origin “CIPSREQ” Fault Code 3021
Cause
The CIP subsystem dynamic link library (ZCIPDLL) encounters a socket operation error that requires
CLIM access to be disconnected.
Effect
Access to CLIM is lost.
Recovery
Make sure that the correct and matching software is running on both the NonStop host system
and on the CLIM. If the problem persists, send complete information to your HP service provider
for analysis.
Origin “CIPSREQ” Fault Code 3023
Cause
The CIP subsystem dynamic link library (ZCIPDLL) detects that there is no active connection with
the CLIM.
407
Effect
Access to the CLIM is lost.
Recovery
None. The CIP subsystem should automatically recover.
Origin “CIPSREQ” Fault Code 3024
Cause
The CIP subsystem dynamic link library (ZCIPDLL) detects that the specified CLIM has an invalid
operation mode or has an invalid associated PROVIDER object.
Effect
The CLIM object is not added.
Recovery
Make sure that the correct and matching NonStop host software (CIPMAN, CIPMON and
ZCIPDLL) are running. If mismatched software is not the cause, this is a serious problem. Send
complete information to your HP service provider for analysis.
Origin “CIPSREQ” Fault Code 3025
Cause
The CIP subsystem dynamic link library (ZCIPDLL) detects that the specified PROVIDER object still
has one or more associated CLIM(s) so the PROVIDER object cannot be deleted.
Effect
The PROVIDER object is not deleted.
Recovery
Make sure that the correct and matching NonStop host software (CIPMAN, CIPMON and
ZCIPDLL) are running. If the problem persists, send complete information to your HP service
provider for analysis.
Origin “CIPSREQ” Fault Code 3026
Cause
TCP/IP parameters from the specified CLIM either do not match the TCP/IP parameters from the
CLIM(s) associated with the same provider that are already started, or the ephemeral ports
information is inconsistent with the SHARE-PORTS attribute of the associated provider.
Details are given in ErrorDetails1, ErrorDetail2, and ErrorDetail3.
ErrorDetail1
Is an item defined in a sysctl parameter, displayed in hexadecimal:
Items defined in sysctl parameter net.ipv4.tcp_rmem:
0x01
mismatch for minimum tcp receive buffer size
0x02
mismatch for default tcp receive buffer size
0x04
mismatch for maximum tcp receive buffer size
Items defined in sysctl parameter net.ipv4.tcp_wmem:
0x08
mismatch for minimum tcp send buffer size
0x10
mismatch for default tcp send buffer size
0x20
mismatch for maximum tcp send buffer size
Items defined in sysctl parameter net.ipv4.ip_local_port_range:
0x40
408 Fault Codes
mismatch for starting ephemeral port number
0x80
mismatch for ending ephemeral port number
Item defined in sysctl parameter net.ipv4.ip_local_port_range and PROVIDER share-ports value:
0x100
ephemeral port range start or end exceeds 65535
Item defined in sysctl parameter net.core.wmem_default:
0x200
mismatch for default socket send buffer
Item defined in sysctl parameter net.core.wmem_max:
0x400
mismatch for maximum socket send buffer
Item defined in sysctl parameter net.core.rmem_default:
0x800
mismatch for default socket receive buffer
Item defined in sysctl parameter net.core.rmem_max:
0x1000
mismatch for maximum socket receive buffer
ErrorDetail1 can be an accumulated value. If ErrorDetail1 is equal to 9 (1 + 8),
that means there is a mismatch between the minimum TCP receive buffer size and the minimum
TCP send buffer size. ErrorDetail2 and ErrorDetail3 will show the mismatch values
of the last case, that is, the minimum TCP send buffer size.
ErrorDetail2
Is the value of the ErrorDetail1 item set for the Provider.
ErrorDetail3
Is the mismatched value for the reporting CLIM.
Effect
The CLIM is not accessible from that processor.
Recovery
Make sure that TCP/IP parameters on all CLIMs associated with the same PROVIDER object are
identical. Also, make sure the ephemeral port ranges on all CLIMs associated with the same
PROVIDER object are the same and leave enough ports between maximum ephemeral port
number and maximum valid port number for the SHARE-PORTS.
Origin “CIPSREQ” Fault Code 3029
Cause
The CIP subsystem dynamic link library (ZCIPDLL) could not obtain sufficient memory to process
the addition of a new local IP address or new route provided by the CLIM.
Effect
The IP address or route is not added within the CIP subsystem dynamic link library (ZCIPDLL) in
that processor.
Recovery
None. The CIP subsystem should automatically recover. If this problem persists, make sure
sufficient QIO memory is available. If this problem still persists, report the problem to your HP
service provider for analysis.
Origin “CIPSREQ” Fault Code 3030
Cause
The CIP subsystem dynamic link library (ZCIPDLL) encounters an error when it attempts to
communicate with MEASURE.
•
ErrorDetail1 = -1 indicates MEASURE is too old to support the CIP subsystem.
•
ErrorDetail1 = 1 indicates MEASURE is too busy to process this request.
409
Effect
The CLIM object cannot be added.
Recovery
For ErrorDetail1 = -1, check the version of MEASURE. For ErrorDetail1 = 1, retry the operation.
For all other ErrorDetail1 values, send complete information to your HP service provider for
analysis.
Origin “CIPSREQ” Fault Code 3031
Cause
The CIP subsystem dynamic link library (ZCIPDLL) receives a local IP address from the CLIM that
already exists for a different interface within the same provider.
Effect
The IP address is not associated with the interface specified in the message from the CLIM.
Recovery
Check configuration of all CLIMs associated with the same PROVIDER object to make sure the
same local IP address is not associated with more than one interface for all associated CLIMs.
Origin “CIPSREQ” Fault Code 3032
Cause
The CIP subsystem dynamic link library (ZCIPDLL) cannot support any more objects of the specified
object type.
Effect
The specified object cannot be added.
Recovery
None. This is an informational message. If a new object is needed, an existing object must be
removed first.
Origin “CIPSREQ” Fault Code 3033
Cause
The CIP subsystem dynamic link library (ZCIPDLL) encounters a check-sum error for a data message
from the specified CLIM.
Effect
Access to the CLIM is lost.
Recovery
This is most likely a hardware problem. If the problem persists for the same CLIM, have the CLIM
hardware replaced. If the problem persists for multiple CLIMs, there may be a hardware problem
associated with a NonStop host system processor. Contact your HP service provider for support.
Origin “CLIMAGT” Fault Code 5120
Cause
CLIM configuration information (most likely the CLIM name) within the current START CLIM request
from the NonStop host system does not match the CLIM configuration information of the first
successful START CLIM request received by the CLIMAGT. This indicates that different NonStop
host system processors are sending START CLIM requests to the CLIMAGT with conflicting CLIM
configuration information.
Effect
The current START CLIM request is rejected. The CLIM is not accessible from that NonStop host
system processor.
410
Fault Codes
Recovery
This is a serious problem. Send complete information (both NonStop host system and CLIM) to
your HP support provider for analysis.
Origin “CLIMAGT” Fault Code 5121
Cause
The processor number associated with the START CLIM request from the NonStop host system
is not valid (for example, not between 0 and 15).
Effect
The current START CLIM request is rejected. CLIM is not accessible from that NonStop host system
processor.
Recovery
This is a serious problem. Send complete information (both NonStop host system and CLIM) to
your HP support provider for analysis.
Origin “CLIMAGT” Fault Code 5122
Cause
The CLIM name provided within the START CLIM request from the NonStop host system does
not match the CLIM host name information.
Effect
The current START CLIM request is rejected. The CLIM is not accessible from that NonStop host
system processor.
Recovery
Make sure that CLIM hostname information matches the CLIM name on the NonStop host system
.
Origin “CLIMAGT” Fault Code 5124
Cause
CLIMAGT calls to the transport library results in an error. This is most likely caused by an inability
to obtain necessary resources.
Effect
The current CLIM request failed.
Recovery
Make sure there is sufficient memory on the CLIM. If the problem persists, reboot the CLIM.
Origin “CLIMAGT” Fault Code 5125
Cause
The CLIMAGT encounters an error when it attempts to fetch detailed information about a CLIM
for which this CLIM has backup information. This is likely caused by a stale directory entry under
/etc/clim/mirror with no files in the subdirectory associated with that CLIM name.
Effect
The CLIM configuration cannot be obtained. The CLIM cannot be brought to the STARTED state.
Recovery
If the problem persists, reboot all CLIMs associated with the IPDATA provider belonging to the
problem CLIM. If that does not work, contact your HP service provider.
Origin “CLIMAGT” Fault Code 5126
Cause
The CLIMAGT cannot allocate memory.
411
Effect
The current CLIM request failed.
Recovery
Make sure there is sufficient memory on the CLIM. If the problem persists, reboot the CLIM.
Origin “CLIMAGT” Fault Code 5127
Cause
The CLIMAGT did not receive configuration information from CLIMMON.
Effect
The current CLIM request failed.
Recovery
Check if the CLIMMON process is running. Restart the CLIMMON process if necessary. If the
problem persists, send complete information to your HP service provider for analysis.
Origin “CLIMAGT” Fault Code 5128
Cause
The NonStop host system processor that sends the current request is not in the STARTED state
with respect to that CLIM, so the current request cannot be processed.
Effect
The current CLIM request failed.
Recovery
None. The CIP subsystem should automatically recover. If the problem persists, send complete
information, especially from the NonStop host side, to your HP service provider for analysis.
Origin “CLIMAGT” Fault Code 5131
Cause
The interface specified in the current request does not seem to be a configured interface.
Effect
The current CLIM request failed.
Recovery
Check to make sure interface is configured using climconfig command.
Origin “CLIMAGT” Fault Code 5132
Cause
The interface specified in the current request has been stopped by the operator.
Effect
Current CLIM request failed. Interface cannot be brought to active state.
Recovery
Bring the specified interface to an operational state by using the ifstart command.
Origin “CLIMAGT” Fault Code 5133
Cause
The tunnel interface specified in current request has its parent interface in a non-active state.
Effect
The current CLIM request failed. This tunnel interface cannot be brought to the active state.
412
Fault Codes
Recovery
None. The CIP subsystem should automatically recover. If the problem persists, send complete
information (especially on the NonStop host system side including CIPMAN) to your HP support
provider for analysis.
Origin “CLIMAGT” Fault Code 5134
Cause
The visiting interface specified in the current request is associated with a local interface that is
currently not active. The visiting interface can be brought up on the backup CLIM only if its
backup interface is active on the backup CLIM.
Effect
The current CLIM request failed. The visiting interface cannot be brought to the active state.
Recovery
None. The CIP subsystem should automatically recover. If the problem persists, send complete
information, especially on the NonStop host system side, including CIPMAN, to your HP support
provider for analysis.
Origin “CLIMAGT” Fault Code 5135
Cause
The local interface associated with the visiting interface specified in the current request cannot
be determined.
Effect
The current CLIM request failed. The visiting interface cannot be operated upon.
Recovery
None. Use the climconfig command to make sure the CLIM has correct and valid configuration
information. If the problem persists, send complete information (including the CIPMAN on the
NonStop host system side and the failover and interface configuration information on the CLIM
side) to your HP support provider for analysis.
Origin “CLIMAGT” Fault Code 5136
Cause
The interface specified in the current request has one or more associated tunnel interfaces still
in the active state.
Effect
The current CLIM request failed. The specified interface cannot be brought to the inactive state.
Recovery
None. The CIP subsystem should automatically recover. If the problem persists, send complete
information, especially on the NonStop host system side, including CIPMAN, to your HP support
provider for analysis.
Origin “CLIMAGT” Fault Code 5137
Cause
The interface specified in the current request has one or more associated tunnel interfaces.
Effect
The current CLIM request failed. The current CLIM request failed. The specified interface cannot
be brought to the inactive state.
Recovery
None. The CIP subsystem should automatically recover. If the problem persists, send complete
information (especially on the NonStop host system side including CIPMAN) to your HP support
provider for analysis.
413
Origin “CLIMAGT” Fault Code 5152
Cause
The interface activation failed. This can be caused by an interface configuration problem, the
interface still being active on a different CLIM, or other internal problems.
Effect
The current CLIM request failed. The current CLIM request failed. The specified interface cannot
be brought to the active state.
Recovery
Make sure the CLIM has correct and valid configuration information (by using the climconfig
command). Otherwise, the CIP subsystem should automatically recover. If problem persists, send
complete information (including the CLIM’s syslog information) to your HP support provider for
analysis.
Origin “CLIMAGT” Fault Code 5184
Cause
The CLIM is running a new version of CLIM software and is configured for multiple Providers
(MULTIPROV ON) but the NonStop system is running an older version of CIP Subsystem software
that does not support MULTIPROV capability.
Effect
The current CLIM request failed. The CLIM cannot move to STARTED state.
Recovery
Make sure that the NonStop system is running a newer version of the CIP subsystem software
that supports MULTIPROV capability.
Origin “ITAPI” Fault Code 9
Cause
The underlying connection between a NonStop host processor and a CLIM breaks.
Effect
That CLIM is not accessible from that NonStop host processor.
Recovery
The CIP subsystem should automatically attempt to re-establish an iT-API connection. If the problem
persists, the CLIM may be hung. In that case, a CLIM reboot is recommended.
Origin “ITAPI” Fault Code 8195
Cause
The IT-API connection between a NonStop host system processor and a CLIM has been
disconnected. (IT-API is the transport connection between the NonStop host system and the CLIM.)
Effect
That CLIM is not accessible from that NonStop host system processor.
Recovery
The CIP subsystem should automatically attempt to re-establish the IT-API connection. If the problem
persists, make sure the CLIM is correctly configured. If the problem is related to a memory
problem, reboot the CLIM.
Origin “ITAPI” Fault Code 8196
Cause
A CLIM process has rejected an IT-API connection establishment. This can be caused by running
out of resources or a mismatch between the version of software on the NonStop host system and
on CLIM.
414
Fault Codes
Effect
That CLIM is not accessible from that NonStop host system processor.
Recovery
Make sure the version of software running on the NonStop host system and the CLIM are correct
and match with each other. Otherwise, if the problem is resources related and persists for an
extended period of time, reboot the CLIM.
Origin “ITAPI” Fault Code 8197
Cause
An attempt to establish the IT-API connection between the NonStop host system processor and
a CLIM has failed. ErrorDetail2 information within the EMS event specified the cause of failure
in communication.
•
ErrorDetail2 = 1 indicates a connectivity problem between the NonStop host processor and
the CLIM.
•
ErrorDetail2 = 5 indicates the IT-API transport library on the CLIM cannot create the necessary
data structure.
•
ErrorDetail2 not present is the same as ErrorDetail2 = 0 and indicates the CLIM process is
not running on the CLIM.
Effect
That CLIM is not accessible from that NonStop host system processor.
Recovery
•
For ErrorDetail2 = 1, make sure that the correct CLIM hardware is connected at the correct
locations. If the CLIM hardware is correctly connected, check to see if the CLIM is operational,
the CLIM driver is loaded and the CLIM processes are running (by using the climstatus
command) and start CLIM processes if necessary. If CLIM software processes are not running
due to excessive failure, make sure the original failure was attended to, then issue the clim
clearlog command followed by the clim reboot command to put the CLIM back in an
operational state.
•
For ErrorDetail2 = 5, the CIP subsystem should automatically attempt to reestablish the IT-API
connection. If the problem persists, CLIM reboot is recommended.
•
For ErrorDetail2 not present, which is the same as ErrorDetail2 = 0, make sure the CLIM
processes are running (by using the climstatus command) and start CLIM processes if
necessary. If CLIM software processes are not running due to excessive failure, make sure
the original failure was attended to and then issue the clim clearlog followed by the clim
reboot command to put the CLIM back in an operational state.
Origin “ITAPI” Fault Code 8198
Cause
The IT-API connection between the NonStop host system processor and the CLIM has been broken.
This is most likely caused by failure of the ServerNet connection or failure of the CLIM.
Effect
That CLIM is not accessible from that NonStop host system processor.
Recovery
None. The CIP subsystem should automatically try to re-establish the IT-API connection. If the
underlying problem persists, the IT-API connection establishment attempt will likely fail. In that
case, the problem is likely to show up as CLIM Transient Fault event (5201) with ITAPI fault code
of 8197. Please follow the recovery action for that fault code in that situation.
415
Index
#ZZCIP, 73
$SYSTEM.ZTCPIP, 74
$ZCLA collector, 108
$ZPM, 73
$ZZCIP, 220
$ZZSTO, 204
192.168.*.* address range restriction, 60, 322
6763 CCSA, 215
Binaryfind command, LUN manager, 170
Binding to a recently used address and port,
considerations, 190
Bonded interfaces, 43, 183
bondmode climconfig command, 306
BRECVPORT attribute
compatiblity, 189
definition, 229
example, 240
Broadcast, behavior differences, 190
A
C
Abbreviations, SCF command, 221
ABORT commands
SCF, CIPMAN, 224–226
SCF, CIPSAM, 281
ADD commands, SCF, 226–231
ADD DEFINE command
CIP^COMPAT^ERROR, 188
HOST file, 75
NODE file, 76
RESCONF file, 77
resetting, 168
suppressing errors, 188
TCI/IP process, 168, 203
ADD PROVIDER command, 228
Address resolution protocol (ARP), 81
all climconfig command, 303
ALLNETSARELOCAL, not supported, 201
ALTER commands, SCF, 231–233
Application programming differences, 188–191
Applications
and failover, 36–48
and name resolution, 50, 78
and services, 79
migration, to CIP, 174
monitoring, 94
running in both environments, 113
SQL and DP2, 57
starting, IP CIP only, 101
that need high bandwidth, 32
Approve command, LUN manager, 170
arp Linux command, 69
arp, climconfig command, 304
ARPTIMER-REFRESHED, not supported, 201
Authentication events, 108
Autoconfigured IPv6 addresses, 40
Automatic tunnels, not supported, 183
AUTORESTART attribute, 73
cat Linux command, 69
CCMI (Command Control and Monitoring Interface), 145
CCSA (Common Communication ServerNet Adapter), 215
cd Linux command, 69
certificate authorities, 50
Certificate revocation list (CRL)
how stored, 104
setting up links to, 105
Certificate signing request, 50
Certificates, X.509, 104
CIP commands, custom, 71
CIP^COMPAT^ERROR, 188
CIPMAN process
as persistent process, 100
object, 218
replacing CIPMAN and CIPMON simultaneously, 134
stopping, 118
CIPMON process
determining openers of, 117
file, 133
identifying applications using, 117
persistent, 100
replacing CIPMAN and CIPMON simultaneously, 134
stopping, 118
CIPSAM process
adding, 101
data, default, 63
determining name of, 117
listing, 224
maintenance, default, 63
new error codes, 186
object, definition, 219
operational differences, 186
persistence, 100
replacing, 135
stopping, 118
CLCI terminal emulation, 117
Clear command, LUN manager, 170
Clearlog command, 120
CLIM
adding and starting, 130
CLIM-to-CLIM failover, 37–39
configuration, backing up, 115
configuration, restoring, 115
Symbols
B
Backing up
best practice, 62, 69
CLIM configuration, 115
configuration files, 114
Best practice, backing up, 62, 69
416
Index
failover architecture, 36–48
IP CLIM overview, 52–55
multiple CLIMs per Provider, 32
object, definition, 219
overview, 27
SNMP support, 51
software installation, 137
stopping, 118
Storage CLIM overview, 58
Telco CLIM overview, 52
timezone, 121
valid locations, 227
clim command, 120, 292
CLIM firmware
upgrade with system down, 168
upgrade with system running, 150
CLIM software
upgrade with system down, 166
upgrade with system running, 136
CLIM software and firmware, upgrading, 136
CLIM-to-CLIM failover
as initiated by SWITCH CLIM, 273
compared to NONSHAREDIP, 202
configuration example, 66
how to set up, 95
migration comparison, 183
overview, 37–48
CLIMBKUP command, 114
CLIMCMD command
case sensitive, 71
clim, 120
climstatus, 87, 121
ifstart, 102
ifstop, 103
Linux subcommands, 69
lunmgr, 170
man page command, 25
syntax, 71
traceroute, 119
Climconfig commands
all command, 303
arp command, 304
bondmode command, 306
climiptables command, 308
failover command, 310
hostname command, 313
interface command, 314
ip command, 321
iptables command, 324, 336
man pages, 301
prov command, 347
psk command, 349
remote command, 351
route command, 356
sa command, 362
slaveinterface command, 368
snmp command, 370
sp command, 372
sysctl command, 376
tunnel command, 378
vpn command, 381
climiptables, climconfig command, 308
Climiptables, displaying with climstatus, 87
Climprep
displaying CLIM configuration, 92
displaying with climstatus, 87
CLIMRSTR command, 114
CLIMSCMP tool, 122
climstatus command, 87, 294
CLSFTP script, 128
CLuster I/O Module see CLIM
cmd, Linux wrapper command, 121
Coexistence
NonStop TCP/IPv6 and conventional TCP/IP, 113
with conventional TCP/IP, strategy, 116
Command Control and Monitoring Interface see CCMI
Common Communication ServerNet Adapter see CCSA
Compatibility, IP CIP
address bind limitations, 188
ALLNETSARELOCAL, not supported, 201
application programming differences, 188–193
ARPTIMER-REFRESHED, not supported, 201
automatic tunnels, 183
binding to a recently used address and port, 190
broadcast differences, 190
DELAYACKS, not supported, 201
DELAYACKSTIME, not supported, 201
deleting ARP entries, 190
failover differences, 183
fault tolerant sockets, 183
HOSTID, setting, 195
HOSTNAME, setting, 196
ICMP-FILTER-PKTS, not supported, 201
ioctl and socket_ioctl calls, 190
IPPROTO_TCP, 191
IPSec, 175
IRDP, not supported, 202
link pulse down, 184
MAX-EPHEMERAL-PORT, 196
MAX-PRIV-PORT, not supported, 201
maximum time for retransmission timeouts, 191
migrating the environment, 203
MIN-EPHEMERAL-PORT, 196
minimum time for retransmission timeouts, 191
MON/SUBNET attributes, 194
moving from G4SAs, 183
multicast bind, set or join, 189
multicast loopback, 189
multiple listeners, 34
ND6HOSTD process, 175
netmask and broadcast address, 190
network partitioning, 182
new error codes for aborted CIPSAM process, 186
new error codes for IPSec, 184
new socket option, 192
new UDP error, 189
NONSHAREDOUTDIST, not supported, 201
operational differences, 175–187
417
overview, 174–203
PORT-SHARE-ENABLE-ALL, not supported, 202
program name, 174
receiving broadcasts on specific addresses, 189
remote sockets, 184
resources, 183
retransmission timeout count, 191
RFC1323–ENABLE, 196
round-robin socket support considerations, 190
routes, deleting and adding, 190
routing differences, 183
setsockopt calls, 191–190
SLSA subsystem, 175, 182
SNMP TCPIPSA subagent, 175
socket loopback bind behavior, 186
socket migration, 183
socket option default differences, 193
socket options, 191–193
SPI subsystem ID, 174
SUBNET object, 175
subsystem name, 174
subsystem number, 174, 177
supported interface types, 174
suppressing compatibility errors, 188
system configuration database, 174
TCP selective acknowledegments, 191
TCP selective acknowledgements, 191
TCP-INIT-REXMIT-TIMEOUT, not supported, 202
TCP-MAX-REXMIT-COUNT, 197
TCP-MAX-REXMIT-TIMEOUT, not supported, 202
TCP-MIN-REXMIT-TIMEOUT, not supported, 202
TCP-TOTAL-REXMIT-DURATION, not supported, 202
TCP/IP attributes, 193–202
TCP_MAXRXMT, 191
TCP_MINRXMT, 191
TCP_TOTRXMTVAL, 192
TCPCOMPAT42, not supported, 202
TCPCWNDMULTIPLIER, not supported, 202
TCPKEEPCNT, 196
TCPKEEPIDLE, 196
TCPKEEPINTVL, 196
TCPPATHMTU, 197
TCPRECVSPACE, 197
TCPSACKON, 197
time to live, 195
total time for retransmission timeouts, 192
transport-service provider, 174
UDP sockets, 189
UDPRECVSPACE, 198
UDPSENDSPACE, 199
Compatibility, Storage CIP
Disk Process 2 (DP2), 204
IOAM operations comparison, 204
NonStop SQL/MP, 204
NonStop SQL/MX, 204
overview, 204–205
Compatibility, Telco CIP, 215
Configuration database, 72
Configuration files
418
Index
backing up, 114
CLIM interface, 47
failover, 46
HOSTS, 75
IP addresses, 46
IPNODES, 75
IPSec, 49
ipsec-tools, 50
name resolution, 74
NETWORKS, 77
PORTCONF, 80
psk.txt, 49, 50
RESCONF, 50
restoring, 114
security certificates, 49, 50
SERVICES, 79
TACLCSTM, 75
Conventional TCP/IP, coexistence with, 113
CRL see Certificate revocation list
Current UDP sockets, 255
D
date Linux command, 69
Dedicated service LAN
maintenance LISTNER process for, 63
maintenance TELSERV process for, 63
Default processes, 62
DEFINE command see ADD DEFINE command
DELAYACKS, not supported, 201
DELAYACKSTIME, not supported, 201
Delete command, LUN manager, 170
DELETE commands, SCF, 233–235
Destructive Linux commands, 69, 121
Differences, between TCP/IP products, 174
Disk Process 2 (DP2), 204
Displaying
CIPSAM process, 224
CLIM configuration, 92
CLIM status information, 87
Ethernet LAN status information, 88
failover configuration, 91
file system disk space usage see Hard disk space usage,
displaying
hard disk space usage, 91
IP routing table, 89
IPSec configuration, 91
kernel routing table, 89
MON and MAN processes, 224
ServerNet status information, 87
SNMP information, 92
dmsg Linux command, 69
DNR see Domain Name Resolver
DNS see Domain Name System
Domain Name Resolver (DNR)
and RESCONF file, 77
default behavior, 75
overview, 74
Domain Name System (DNS)
default behavior, 75, 77
overview, 50
Downgrade see Falling back
DP2 see Disk Process 2
E
EAGAIN error, 184
Echo, 117
Enclosures command, LUN manager, 171
ENOPROTOOPT, 193
Environment, home terminal, 116
Ephemeral ports, 196
Errors, suppressing, 188
ESRCH error, 184
ESS disk volume, naming convention, 63
Eth0, 29
Eth0:0, 28
Ethernet 4 ServerNet adapter, 113
Ethernet LAN status information, 88
Ethernet subagent (ETHSA), 51
ethtool Linux command, 69
ethtool, displaying link speed, 122
Event logging, 121
Event Management System (EMS)
documentation, 119
using to monitor network, 119
Event messages
authentication events, 108
SCF, 383
F
Failover
architecture, 36–48
behavior, 183
CLIM-to-CLIM, 37–39
configuration, displaying, 91
how to configure, 66
interface, configuration sequence, 94
interface-to-interface, 36
optimizing for, 95
settings, 95
failover, climconfig command, 310
Falling back
multiple providers, 169
to a previous CIP version, 168
to a previous CLIM version, 169
Fast Ethernet ServerNet adapter (FESA), 113
Fault tolerance
architecture, 36–48
configuring, 94
differences, 183
Fault tolerant sockets, not supported, 183
FESA see Fast Ethernet ServerNet adapter
File system disk space usage see Hard disk space usage
Files
$SYSTEM.ZTCPIP, 74
back up, 114
CIPMAN, replacing, 134
CIPMON, replacing, 133
CIPSAM, replacing, 135
configuration, CLIM interface, 47
configuration, failover, 48
configuration, IPv4 and failover, 46
configuration, IPv6 and failover, 46
configuration, name resolution, 74
HOSTS, 75
IPNODES, 75
IPSec, configuration, 49
ipsec-tools, configuration, 50
NETWORKS, 77
NODES, 76
PORTCONF, 80
PROTOCOL, 78
psk.txt, configuration, 49, 50
racoon, configuration, 49
RESCONF, configuring, 77
RESCONF, DNS use of, 50
restore, 114
security certificates, 49, 50
SERVICES, 79
SMPLHOST, 75
SMPLNETW, 77
SMPLPORT, 80
SMPLPROT, 78
SMPLRESC, 77
SMPLSERV, 79
TACLCSTM, 75
Find command, LUN manager, 171
Finger, determining name of opener, 117
Firmware
estimating update time, 154
upgrading, 165
upgrading from SPRs, 150
upgrading with system running, 150
with system running, 155
FORCED option, 224
FQDN see Fully qualified domain names
free Linux command, 69
FTP, determining name of opener, 117
Fully qualified domain names (FQDNs), 50
G
G4SA see Gigabit Ethernet 4-port ServerNet adapter
Generic CIP processes, 73
GESA see Gigabit Ethernet ServerNet adapter
getaddrinfo(), 76, 79
getnameinfo(), 76
getnetbyaddr(), 77
getnetbyname(), 77
getservbyname(), 79
getservbynumber(), 79
Gigabit Ethernet 4-port ServerNet adapter (G4SA), 113
Gigabit Ethernet ServerNet adapter (GESA), 113
grep Linux command, 69
H
Hard disk space usage, displaying, 91
Hash names, IPSec, 104
Help command, LUN manager, 171
419
High UDP Sockets, 255
Home terminal, 116, 117
Host name
CLIM, 81
NonStop host system, 74
HOSTID, MON attribute, 195
hostname, climconfig command, 313
HOSTNAME, MON attribute, 196
HOSTS file, 50
see also ADD DEFINE command
DNS file, 77
editing, 75
How to
activate an interface, 102
add a default route, 66
change interface configuration, 66
change Providers for a CLIM, 130
change TCP/IP environments for applications, 168
configure CIP, 72
configure eth2 through eth5 data interfaces, 65
configure failover, 66
create physical interfaces, 66
deactivate an interface, 103
define CIP management objects, 73
determine openers of the process, 117
determine your home terminal, 116
display CLIM status information, 86, 87, 93
display link speed, 122
display man commands, 93
display SNMP info, 92
display the IP routing table, 89
downgrade see Falling back
edit the HOSTS file, 75
enter CIP commands, 71
fall back to a previous version, 168
get a list of CIP processes, 224
list applications using CIP, 117
list CIPSAM processes, 117
monitor the network, 119
ping LISTNER and TELSERV processes, 68
reboot the CLIM, 120
replace CIPMON, 133
restart CIP, 134
select a CIP transport-service provider, 174
set host names, 74
stop CIP, 118
test access to the network, 119
trace a datagram's route, 119
troubleshoot, 119
upgrade, 133
verify lunmgr configuration, 122
HP Systems Insight Manager (SIM), 31
hplog Linux command, 69
I
IB CLIM, 56
ICMP TIME_EXCEEDED message, 119
ICMP-FILTER-PKTS, not supported, 201
ICMP_PORT_UNREACHABLE message, 119
420 Index
ifconfig -a Linux command, 70
ifconfig <interface-name> Linux command, 70
ifconfig Linux command, 69
ifstart command, 296
activating an interface, 102
overview, 102
ifstop command, 297
deactivating an interface, 103
overview, 102
IKE see Internet key exchange
iLO see Integrated lights out
INFO CLIM $ZZSTO, 204
INFO commands
SCF, CIPMAN, 235–243
SCF, CIPSAM, 281–286
INITIAL-TTL, MON attribute, 195
Installing
CIP, 133
CLIM software, 137
Integrated Lights Out (iLO)
changing passwords, 64
collecting logs, 211
interface to maintenance switch, 27
overview, 30
Interface
activating, 102
deactivating, 103
definition, 52
setting, on CLIM, 81
interface, climconfig command, 314
Internet protocol security see IPSec
INTFALL, 48
IOAM comparison, storage CIP, 204
Ioctl call, 190, 191
IOCTL command differences
SIOCADDRT, 190
SIOCDARP, 190
SIOCDELRT, 190
SIOCGIFBRDADDR, 190
SIOCGIFNETMASK, 190
IP addresses, duplicate, 122
IP CLIM connections
DL380 G6 , 53
DL380p Gen8, 54
DL385 G2 or G5 , 52, 53
ip Linux command, 70
IP routing table information, 89
ip, climconfig command, 321
IP_RECVDSTADDR, 191
IPNODES file, 50, 75, 76
IPPROTO_TCP, 191
IPSec
climconfig sp command, 372
compatibility, 175
configuration, 47, 48
configuration, displaying, 91
configuring, 104
configuring remote information, 106
configuring security associations, 106
configuring security policies, 105
controlling Virtual Private Network, 107
displaying information, 87
files, 49
hash names, 104
managing, 107
new error codes, 184
overview, 48–50
sa climconfig command, 362
IPSEC, climconfig script, 108
iptables, climconfig command, 324, 336
IPv6
configuring, 113
migration behavior of, 40
IT-API, 414
Joined-group multicast IP addresses, 40
Jumbo frames, 314
Ethernet interface, 174
SCF ALTER command, 177
tunnel interface, 379
Logging, 121
Logical interface (eth0:0), 28
Logical network partitioning (LNP), 182, 183
ls Linux command, 70
Lunmgr
approve command, 170
binaryfind command, 170
clear command, 170
commands, 170
delete command, 170
enclosures command, 171
find command, 171
help command, 171
led command, 171
print command, 172
renumber command, 172
scan command, 172
startover command, 172
unblock command, 172
update command, 172
wwns command, 173
lunmgr configuration, 122
K
M
Kernel routing table information, 89
Kernel subsystem
CIP commands for, 100
configuring CIP with, 73
stopping, 134
Maintenance Provider
default, 63
overview, 28
Man page instructions, 25
Management objects, 73
MAX-EPHEMERAL-PORT, 196
MAX-EPHEMERAL-PORT, MON attribute, 196
MAX-PRIV-PORT, not supported, 201
Migrating to CIP, procedures, 203
Migration, IP CIP
address bind limitations, 188
ALLNETSARELOCAL, not supported, 201
application programming differences, 188–193
ARPTIMER-REFRESHED, not supported, 201
automatic tunnels, 183
binding to a recently used address and port, 190
broadcast differences, 190
DELAYACKS, not supported, 201
DELAYACKSTIME, not supported, 201
deleting ARP entries, 190
failover differences, 183
fault-tolerant sockets, 183
getting netmask and broadcast address, 190
HOSTID, setting, 195
HOSTNAME, setting, 196
ICMP-FILTER-PKTS, not supported, 201
ioctl and socket_ioctl calls, 190
IPPROTO_TCP, 191
IPSec, 175
IRDP, not supported, 202
link pulse down, 184
MAX-EPHEMERAL-PORT, 196
MAX-PRIV-PORT, not supported, 201
maximum time for retransmission timeouts, 191
migrating the environment, 203
J
L
Led command, LUN manager, 171
less Linux command, 70
LIF, and older TCP/IP products, 113
Limitations, 183
Link speed, displaying, 122
Link-local IP addresses, 40
Linux see Linux commands
Linux commands
cmd wrapper, 121
destructive, 69, 121
logging, 121
unsupported, 27
using, 69
LISTDEV CIP and TCPIP command, 117, 168, 224
Listeners, multiple, 34
LISTNER process
checking, 68
default process, 63
maintenance, 63
PORTCONF file, use of, 80
starting, 101
stopping, 118
LISTOPENS command
MON, 125
MON, identifying applications using TCP/IP, 117
PROCESS, 117
SCF, 243–248
LNP see Logical network partitioning
421
MIN-EPHEMERAL-PORT, 196
minimum time for retransmission timeouts, 191
MON attributes, 194
moving from G4SAs, 183
multicast bind, set or join, 189
multicast loopback, 189
multiple listeners, 34
ND6HOSTD process, 175
network partitioning, 182
new error codes for aborted CIPSAM process, 186
new error codes for IPSec, 184
new socket option, 192
new UDP error, 189
NONSHAREDOUTDIST, not supported, 201
operational differences, 175–187
operational differences, CIPSAM, 186
overview, 174–175
PORT-SHARE-ENABLE-ALL, not supported, 202
program name, 174
receiving broadcasts on specific addresses, 189
remote sockets, 184
resources, 183
retransmission timeout count, 191
RFC1323–ENABLE, 196
round-robin socket support considerations, 190
routes, deleting and adding, 190
routing differences, 183
setsockopt calls, 191
SLSA subsystem, 175, 182
SNMP TCPIPSA subagent, 175
SO_ACCEPTCONN, 192
socket IOCTL differences, 190
socket loopback bind behavior, 186
socket migration, 183
socket option default differences, 193
socket options, 191–193
SPI subsystem ID, 174
SPI subsystem number, 174, 177
SUBNET object, 175
subsystem name, 174
supported interface types, 174
suppressing compatibility errors, 188
system configuration database, 174
TCP selective acknowledgements, 191
TCP-INIT-REXMIT-TIMEOUT, not supported, 202
TCP-MAX-REXMIT-COUNT, 197
TCP-MAX-REXMIT-TIMEOUT, not supported, 202
TCP-MIN-REXMIT-TIMEOUT, not supported, 202
TCP-TOTAL-REXMIT-DURATION, not supported, 202
TCP/IP attributes, 193–202
TCP_MAXRXMT, 191
TCP_MINRXMT, 191
TCP_TOTRXMTVAL, 192
TCPCOMPAT42, not supported, 202
TCPCWINDMULTIPLIER, not supported, 202
TCPKEEPCNT, 196
TCPKEEPIDLE, 196
TCPKEEPINTVL, 196
TCPPATHMTU, 197
422 Index
TCPRECVSPACE, 197
TCPSACKON, 197
total time for retransmission timeouts, 192
transport-service provider, 174
UDP sockets, 189
UDP time to live, 195
UDPRECVSPACE, 198
UDPSENDSPACE, 199
Migration, Storage CIP
Disk Process 2 (DP2), 204
IOAM operations comparison, 204
NonStop SQL/MP, 204
NonStop SQL/MX, 204
overview, 204–205
Migration, Telco CIP, overview, 215
mii-tool Linux command, 70
MIN-EPHEMERAL-PORT, 196
MIN-EPHEMERAL-PORT, MON attribute, 196
mkdir Linux command, 70
MON object, 219
Monitoring CIP, 94
more Linux command, 70
Multicast
loopback, migration considerations, 189
migration consideration, 189
Multiple listeners, with round robin sockets, 34
Multiple Providers
ADD CLIM guidelines, 228
ADD ROUTE, 230
ALTER CLIM command, 231
ALTER CLIM guidelines, 232
changing, 130
DELETE PROVIDER guidelines, 234
disabling MULTIPROV, 130
enabling MULTIPROV, 129
falling back, 169
independent remote entries, 107
independent security associations, 106
IPSec configuration files, 49
iptables/ip6tables (climiptables) support, 55
network partitioning, 182
policy based routing, 81
pre-shared key configurations, 105
routing, 35
security policies, 106
setting up, 129
using, 34
Multiple Providers per CLIM, 33
MULTIPROV attribute, 33
N
NAMES commands
SCF, CIPMAN, 248–251
SCF, CIPSAM, 286–287
Names, suggested, 221
Naming conventions, 62, 220
ND6HOSTD process, not supported, 175
Netstat command, 179, 253
netstat command, 86
netstat Linux command, 70
Network partitioning, 182, 183
Network-sensitive commands, provider specified, 69, 86,
119, 126
NETWORKS file, 77
Nonsensitive commands, 223
NONSHAREDIP failover option, alternatives in CIP, 183
NONSHAREDOUTDIST, not supported, 201
NonStop I/O Essentials, 31
NonStop SQL/MP, 204
NonStop SQL/MX, 204
NonStop TCP/IPv6, coexistence with, 113
Null object, 217
O
Object specifiers, 221
Object types
CIPMAN, 218
CIPSAM, 219
CLIM, 219
MON, 219
overview, 217
ROUTE, 220
SUBNET, 220
Object-name templates, definition, 221
One-to-one SCTP associations, 112
Online upgrades, 133
OpenCall software, 28, 112, 133, 145
Openers
of CIPMONs, 117
of TCP/IP process, 117
Operator messages, 383
P
PARAM command
adding for transport-service provider, 168, 203
DELETE, 101
for TELSERV, 101
precedence, 76
resetting, 168
RESOLVER ORDER, 76
TCPIP^PROCESS^NAME, 101
ZTNT^TRANSPORT^PROCESS^NAME, 101
passwd Linux command, 70
Passwords, changing, 64
Path MTU discovery, 197
PEM format, 104
Persistence
on the CLIM, 31
on the host, 73, 74
Persistence manager
function, 114
process, 73
Persistent processes
behavior, 100
starting, 100
stopping, 134
Physical interfaces
eth0, 29
fault tolerance, 183
Ping command, 119
ping Linux command, 70
ping6 Linux command, 70
Policy based routing
description, 81
enabling, 120
troubleshooting, 85
PORT-SHARE-ENABLE-ALL, not supported, 202
PORTCONF file, 80
Ports
IP CLIM, 52–55
Storage CLIM, 58–59
Pre-shared secret keys
configuring, 105
description, 50
file, 50
PRIMARY command
SCF, CIPMAN, 251
SCF, CIPSAM, 287
Primary CPU, 117
Print command, LUN manager, 172
PROTOCOL file, 78
Protocols
IP, supported, 32
Telco, supported, 32
prov, climconfig command, 347
prov.1p command, 298
PROVIDER object, 219
psclim command, 300
psclim script, for monitoring, 94
psk, climconfig command, 349
PuTTY, 104, 126
pwd Linux command, 70
R
Racoon, errors, 184
Rebooting the CLIM, 120, 159
Remote socket, 184
remote, climconfig command, 351
RENAME command, 133
Renumber command, LUN manager, 172
RESCONF file
DNR use of, 75, 77
DNS use of, 50
see also ADD DEFINE command
sample on SUT, 77
Reserved names
$ZZCIP, 220
ZCMnn, 220
Resolver order see PARAM command
Restarting
CIP, 102
CLIM, 102
Restoring
CLIM configuration, 115
files, 114
Retrans timer field, 95
RFC1323–ENABLE, MON attribute, 196
423
rm Linux command, 70
rmdir Linux command, 70
Round-robin
CLIM routing, 35
filtering, 112
socket support considerations, 190
ROUTE object, description, 220
route, climconfig command, 356
Routes
deleting and adding migration differences, 190
migration differences, 183
policy based, 81
routing behavior, 34
tracing, 119
RUN command, LISTNER, 101
S
SA see Security association
SAS disk volume , naming convention, 63
Scan command, LUN manager, 172
Scout, CLIM software, 137
SCTP
adding to PROTOCOLs file, 78
configuring, 112
IPSec, 104
Security association (SA)
configuring, 106
Security certificates, 50
Security policy database (SPD), 105
Sensitive commands, 223
ServerNet LAN Systems Access (SLSA), not suported, 182
ServerNet status information, displaying, 87
SERVICES file, 79
Setsockopt calls, 191, 193
SFTP
copy trace file to host, 128
entering commands with CLSFTP script, 128
Share-ports
attribute restrictions, 233
example, 240
setting, 229
SHAREDIP failover option, alternatives in CIP, 183
SIM (HP Systems Insight Manager) see HP Systems Insight
Manager
SIOCADDRT, 190
SIOCDARP, 190
SIOCDELRT, 190
SIOCGIFBRDADDR, 190
Size 3260 and larger socket statistic, 257
Size x—xxxx socket statistic, 257
slaveinterface, climconfig command, 368
SLSA subsystem, not supported, 182
SMPLHOST file, 75
SMPLNETW file, 77
SMPLPORT file, 80
SMPLPROT file, 78
SMPLRESC file, 77
SMPLSERV file, 79
SNMP
424 Index
information, displaying, 92
overview, 51
supported classes, 51
snmp, climconfig command, 370
SO_BROADCAST, 193
SO_DONTROUTE, 192
SO_PMTU
not supported for IPPROTO_TCP, 191
not supported for SQL_SOCKET, 192
socket option differences, 193
SO_RCVBUF, 193
SO_SNDBUF, 193
SO_USELOOPBACK, 192, 193
Socket
loopback bind behavior differences, 186
migration behavior, 183
option differences, 191–193
unsupported options, 191
socket_ioctl call, 190
socket_ioctl_nw call, 190
socket_set_inet_name() library call, 168
socket_transport_name_set() library call, 168
Software, upgrading, 165
Solicited-node multicast IP addresses, 40
sp, climconfig command, 372
SPI subsystem ID, 174
SPI subsystem number, 174
SQL/MP see NonStop SQL/MP
SQL/MX see NonStop SQL/MX
START commands, SCF, 251–252
Starting
CIP, 65
CIP on the CLIM, 101
CIP on the NonStop host system, 100
STARTMODE attribute, 73
Startover command, LUN manager, 172
State, summary, 222
Static routes, 66
STATS commands, SCF, 252–257
STATUS CLIM
for monitoring, 94
for storage ($ZZSTO), 204
STATUS commands
SCF, CIPMAN, 257–272
SCF, CIPSAM, 287
STOP commands
LISTNER process, 118
SCF, CIPMAN, 272–273
SCF, CIPSAM,, 288
TELSERV process, 118
Stopping
generic processes, 134
interfaces, 103
provider objects, 118
Storage CLIM configuration, 122
Storage devices, suppported, 204
Subsystem name, 174
Subsystem number, 174
Summary states, 222
Supported interface types, 174
Supported IP protocols, 32
Supported Telco protocols, 32
Suppressing compatibility errors, 188
SWAN
adapter, 64
configuring adapters on a CLIM, 187
multiple paths in a single Provider, 34
SWITCH CLIM $ZZSTO, 204
SWITCH command
definition and usage, 273
for storage subsystem, 204
migration differences, 183
Synchronization of time on CLIMs, 121
synopsis, climconfig command, 362
sysctl, climconfig command, 376
System configuration database
adding CIP processes to, 72
managing, 113
support comparison between products, 174
SYSTEM STARTMODE attribute, 73
Systems Insight Manager see HP Systems Insight Manager
(SIM)
T
TACL
process, 117
WHO command, 117
TACLCSTM file, 75
Tape, naming convention, 63
Task summary
preparing to stop CIP, 116
stopping generic process, 118
TCP
sockets, failover migration behavior, 40
time-to-live, 195
TCP-INIT-REXMIT-TIMEOUT, not supported, 202
TCP-MAX-REXMIT-COUNT, MON attribute, 197
TCP-MAX-REXMIT-TIMEOUT, not supported, 202
TCP-MIN-REXMIT-TIMEOUT, not supported, 202
TCP/IP process
avoiding stopping connection when stopping CIP, 116
backward compatibility for INFO, 216
determining openers of, 117
migrating, 203
NonStop host system management, 28
obtaining list, 224
TCP/IP subagent (TCPIPSA), 51
TCP_DROP_IDLE, 191, 193
TCP_KEEPINIT, 191, 193
TCP_MAXRXMT, 191, 193
TCP_MINRXMT, 191, 193
TCP_NODELACK, 191, 193
TCP_PAWS, 192, 193
TCP_PROBE_IDLE, 192, 193
TCP_PUSH, 192, 193
TCP_RPTR2RXT, 192, 193
TCP_RXMTCNT, 191, 192, 193
TCP_SACKENA, 191, 192, 193
TCP_TOTRXMTVAL, 192, 193
TCP_TSOPTENA, 192, 193
tcpdump command, 126
tcpdump Linux command, 70
TCPIP^HOST^FILE, 75
TCPIP^NODE^FILE, 76
TCPIP^RESOLVER^NAME, 77
TCPIP^RESOLVER^ORDER PARAM, 76
TCPKEEPCNT, MON attribute, 196
TCPKEEPIDLE, MON attribute, 196
TCPKEEPINTVL, MON attribute, 196
TCPPATHMTU, MON attribute, 197
TCPRECVSPACE, 197
TCPRECVSPACE, MON attribute, 197
TCPSACKON, MON attribute, 197
TCPSENDSPACE, MON attribute, 198
tee Linux command, 70
Telco CLIM, 28
connections, 53, 54
deactivating signal link, 146
upgrading, 145
TELNET, determining name of opener, 117
TELSERV
checking process, 68
default process, 63
starting, 101
stopping, 118
Templates for object names, 221
TFTP process, 63
Time synchronization, CLIM, 121
top Linux command, 70
touch Linux command, 70
TPNAME attribute, 73
TRACE commands
SCF, CIPMAN, 275–279
SCF, CIPSAM, 288
Tracer utility, 119
Traceroute command, 119
traceroute Linux command, 71
traceroute6 Linux command, 71
Transport-service provider
adding, 228
associating with a CLIM, 182
association with physical interfaces, 183
changing, 168
CIPSAM object, 219
coexistence with conventional TCP/IP, 116
default, 174
defining, 168
determining name of, 168
falling back to conventional TCP/IP, 168
for conventional TCP/IP, 216
getting statistics on, 179
getting status for, 180
how to select for CIP, 174
listing openers of, 178
network monitoring, 119
partitioning, 182
procedure calls for setting, 168
425
process, 175
PROVIDER object, 219
restricting access to, 182
SCF object for, 219
selecting, 174
setting, 203
stopping, 176, 181
TPNAME attribute, 229
TPName attribute, 239, 240
Trapdests
SNMP, configuring, 51
SNMP, displaying, 87, 92
Troubleshooting
CLIMCMD command, 120
duplicate IP addresses, 122
network applications, 126
routing, 85
tools, 119
with tcpdump, 126
tunnel, climconfig command, 378
U
UDP
BRECVPORT attribute, 229
connect, failover behavior, 46
defining, PROTOCOL file, 78
displaying current sockets, 255
displaying high sockets for, 255
ephemeral ports, 230, 240
errors, 189
in sample protocol file, 78
in SERVICES file, 79
MAX-PRIV-PORT, not supported, 201
ports
BRECVPORT attribute, 189
defining use of, 229
ephemeral, 196, 229
finding, 125
receiving broadcasts on specific addresses, 189
setting, 229
specifying for broadcast messages, 189
receive window size, setting, 198
send window size, setting, 199
share-ports, setting, 229
socket migration issues, 189
sockets, failover migration behavior, 40
time-to-live, 195
unreachable port, 189
UDPRECVSPACE, MON attribute, 198
UDPSENDSPACE, MON attribute, 199
Unblock command, LUN manager, 172
Update command, LUN manager, 172
Upgrades, online, 133
Upgrading CIP, 133
Upgrading CLIM software and firmware, overview, 136
V
Valid CLIM LOCATION attributes, 227
VERSION commands
426 Index
SCF, CIPMAN, 279–281
SCF, CIPSAM, 289
Virtual private network (VPN) control, 50
Visiting resources, 183
vmstat Linux command, 71
VPN see Virtual private network
vpn, climconfig command, 381
W
WANBoot process, 64
wc Linux command, 71
WHO command, 117
who Linux command, 71
Wild-card support, 221
X
X.509 certificates, 104
Z
ZCMnn, 220

 Download  Report
Community Investment Plan Newsletter

Community Investment Plan Newsletter

Board of Directors (Public) board report

Board of Directors (Public) board report

English

English

hrt-vrd. lollp)-r

hrt-vrd. lollp)-r

Market Drivers for Urban Small Cells

Market Drivers for Urban Small Cells

CSE-M53N DataSheet

CSE-M53N DataSheet

HOW TO GO TO CIP BY CIP AIRPORT PICKUP SERVICE Manila

HOW TO GO TO CIP BY CIP AIRPORT PICKUP SERVICE Manila

Datasheet

Datasheet

Project Updates - Riverside Community College District

Project Updates - Riverside Community College District

14-GEH-034_protein A flyer_v4.indd

14-GEH-034_protein A flyer_v4.indd

expydoc.com

Your ExpyDoc

© Copyright 2024 ExpyDoc