Compaq TCP/IP Services for OpenVMS Management Order Number: AA–LU50L–TE January 2001 This manual describes how to configure and manage the TCP/IP Services product. Revision/Update Information: This manual supersedes Compaq TCP/IP Services for OpenVMS Management, Version 5.0. Software Version: Compaq TCP/IP Services for OpenVMS Version 5.1 Operating System: OpenVMS Alpha Versions 7.1, 7.2-1 OpenVMS VAX Versions 7.1, 7.
© 2001 Compaq Computer Corporation COMPAQ, VAX, VMS, and the Compaq logo Registered in U.S. Patent and Trademark Office. DECnet, OpenVMS, PATHWORKS, and Tru64 are trademarks of Compaq Information Technologies Group, L.P. in the United States and other countries. UNIX is a trademark of The Open Group in the United States and other countries. All other product names mentioned herein may be trademarks of their respective companies. Confidential computer software.
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Part 1 Connecting to the Network 1 Managing TCP/IP Services Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Logical Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modifying Your Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . Saving Changes . . . . . . . . . . . . . .
3.2.1 Setting Up Your Host for PPP Connections . . . . . . . 3.2.1.1 Installing the Terminal Driver . . . . . . . . . . . . . . 3.2.1.2 Configuring the Modem . . . . . . . . . . . . . . . . . . . 3.2.1.3 Setting Up an Asynchronous Port . . . . . . . . . . . 3.2.1.4 Configuring a PPP Interface . . . . . . . . . . . . . . . 3.2.1.5 Enabling IP Forwarding (Dialup Provider Only) 3.2.1.6 Initiating a PPP Connection . . . . . . . . . . . . . . . 3.2.2 Removing the PPP Configuration . . . . . . . . . . . . . . .
.3.1 BIND Configuration Logging Statement . . . . . . . . . . . . . . . . 5.3.1.1 Channel Phrase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.1.2 Category Phrase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.2 BIND Configuration Options Statement . . . . . . . . . . . . . . . . 5.3.2.1 Path Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.2.2 Boolean Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.2.
5.8.5 Query Types . . . . . . . . . . . . . 5.8.5.1 A Query Type . . . . . . . . . 5.8.5.2 PTR Query Type . . . . . . 5.8.5.3 MX Query Type . . . . . . . 5.8.5.4 SOA Query Type . . . . . . 5.8.5.5 NS Query Type . . . . . . . 5.8.6 Changing the Default Server 5.8.7 Listing Domain Information . 5.9 Solving Bind Server Problems . . 5.9.1 Server Not Responding . . . . 5.9.2 Serial Number Mismatch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.4.1 Enabling the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4.2 Configuring DHCP and DNS/BIND to Assign Host Names . . . . . . . . . 7.4.2.1 Dynamically Assigning Host Names . . . . . . . . . . . . . . . . . . . . . . . 7.4.2.2 Statically Assigning Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4.3 Signaling the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4.4 Returning to the BOOTP-Only Configuration . . . . . . . .
7.8 7.8.1 7.8.2 7.8.3 7.9 Supporting Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the DHCPDBDUMP, DHCPSHOWDBS, and Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the DHCPDBMOD Utility . . . . . . . . . . . . . . Using the DHCPDBREG Utility . . . . . . . . . . . . . . Solving DHCP Server Problems . . . . . . . . . . . . . . . . . . .............. DHCPDBSHOW .............. .............. .............. .............. . 7–61 . . . .
.5.4 9.6 Modifying and Deleting Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Solving BOOTP Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9–8 9–8 10 Configuring TFTP 10.1 10.2 10.2.1 10.2.2 10.2.3 10.2.4 10.2.5 10.3 10.4 Key Concepts . . . . . . . . . . . . . . . . . . . . . Setting up the TFTP Service . . . . . . . . . Transferring Data to the TFTP Host TFTP Management Commands . . . . TFTP Logical Names . . . . . . . . . . . .
13 Configuring SNMP 13.1 Key Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.1 Understanding How SNMP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.2 Ensuring Access to Mounted Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.2 Managing the SNMP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.3 Verifying the SNMP Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15 Configuring and Managing FTP 15.1 Managing FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.1.1 Enabling and Disabling FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.1.2 Configuring Anonymous FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.1.2.1 Concealed File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.1.2.2 Setting Up Anonymous FTP . . . . . . . . . . . . . . . . . . . . . .
17.6.2 Preventing the System from Routing SPAM . . . . . . . . . . . . . . . . . . . . 17.6.3 Controlling Relay Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17.6.3.1 Specifying the Good-Clients List . . . . . . . . . . . . . . . . . . . . . . . . . . 17.6.3.2 Processing DNS Entries in the Good-Clients List . . . . . . . . . . . . . 17.6.3.3 Mail Relay to MX Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17.6.3.4 Specifying the Relay-Zones List . . . . . .
19 Configuring XDMCP-Compatible X Displays . . . . . . . . . . . . . 19–1 19–2 19–2 19–2 19–3 19–5 19–5 19–6 19–7 19–7 19–7 19–8 19–8 20.1 Key Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20.1.1 Clients and Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20.1.2 NFS File Systems on OpenVMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20.1.2.1 Selecting a File System . . . . . . . . . . . . . . . .
20.14.1 File Locking Service Startup and Shutdown . . . . . . . . . . . . 20.15 Improving NFS Server Performance . . . . . . . . . . . . . . . . . . . . . 20.15.1 Displaying NFS Server Performance Information . . . . . . . . 20.15.2 Displaying File System Information . . . . . . . . . . . . . . . . . . . 20.15.3 Increasing the Number of Active Threads . . . . . . . . . . . . . . 20.15.4 OpenVMS SYSGEN Parameters That Impact Performance . ..... ..... ..... ..... ..... ..... . . . . . . . . . . . . . . .
23 Setting Up and Managing TELNETSYM 23.1 Key Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23.1.1 TELNETSYM Modifications to the Output Stream . . . . . . . . . . . . . . . 23.2 TELNETSYM Service Startup and Shutdown . . . . . . . . . . . . . . . . . . . . . . 23.3 Setting Up Print Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23.4 Setting Up Relay Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A.11.4 Sample Definition Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.12 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.12.1 Interior Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.12.2 Exterior Routing Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.12.3 Router Discovery Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
B EBCDIC/DMCS Translation Tables B.1 B.2 B.3 Macros for Modifying the Translation Tables . . . . . . . . . . . . . . . . . . . . . . Building Translation Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Modifying Translation Tables . . . . . . . . . . . . . . . . . . . . . . . . .
Tables 1 1–1 3–1 3–2 3–3 4–1 5–1 5–2 5–3 5–4 5–5 5–6 5–7 5–8 5–9 5–10 5–11 5–12 5–13 5–14 5–15 6–1 6–2 6–3 7–1 7–2 7–3 7–4 7–5 7–6 7–7 7–8 7–9 7–10 7–11 7–12 8–1 8–2 8–3 8–4 8–5 9–1 9–2 xviii TCP/IP Services Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring PPP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10–1 10–2 12–1 12–2 12–3 12–4 12–5 12–6 13–1 13–2 13–3 13–4 13–5 13–6 13–7 14–1 15–1 16–1 16–2 17–1 17–2 17–3 17–4 18–1 18–2 18–3 19–1 20–1 20–2 20–3 20–4 21–1 22–1 22–2 22–3 A–1 A–2 A–3 A–4 A–5 B–1 C–1 C–2 D–1 TFTP Management Commands . . . . . . . . . . . . . . . . . . . . . . . . TFTP Logical Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NTP Log File Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Authentication Commands . . . . . . . . . . . . . . . . . . .
Preface The Compaq TCP/IP Services for OpenVMS product is the Compaq implementation of the TCP/IP networking protocol suite and internet services for OpenVMS Alpha and OpenVMS VAX systems. A layered software product, TCP/IP Services provides a comprehensive suite of functions and applications that support industry-standard protocols for heterogeneous network communications and resource sharing.
Part 4 Describes how to configure network applications that let users send and receive electronic mail from the internet, establish login sessions with a remote host, and transfer files. These network applications are: TELNET FTP Remote (R) commands SMTP and POP XDM-compatible X displays Part 5 Describes how to configure, use, and manage the components that enable transparent network file sharing, including the NFS server and NFS client.
Table 1 (Cont.) TCP/IP Services Documentation Manual Contents DIGITAL TCP/IP Services for OpenVMS User’s Guide This manual describes how to use the applications available with TCP/IP Services such as remote file operations, email, TELNET, TN3270, and network printing. This manual explains how to use these services to communicate with systems on private internets or on the worldwide Internet.
Reader’s Comments Compaq welcomes your comments on this manual. Please send comments to either of the following addresses: Internet openvmsdoc@compaq.com Mail Compaq Computer Corporation OSSG Documentation Group, ZKO3-4/U08 110 Spit Brook Rd. Nashua, NH 03062-2698 How to Order Additional Documentation Visit the following World Wide Web address for information about how to order additional documentation: http://www.openvms.compaq.
() In command format descriptions, parentheses indicate that you must enclose choices in parentheses if you specify more than one. [] In command format descriptions, brackets indicate optional choices. You can choose one or more items or no items. Do not type the brackets on the command line. However, you must include the brackets in the syntax for OpenVMS directory specifications and for a substring specification in an assignment statement.
Part 1 Connecting to the Network Part 1 provides the information on how to get started after installing and configuring the TCP/IP Services software. Part 1 includes the following chapters: • Chapter 1, Managing TCP/IP Services, describes the management control interfaces that allow you to configure and manage TCP/IP Services. • Chapter 2, Configuring Interfaces, describes how to set up network interfaces. • Chapter 3, Configuring Serial Lines, explains how to set up serial lines.
1 Managing TCP/IP Services This chapter reviews information you need to get started with the TCP/IP Services software. Topics include: • Reviewing pertinent databases, logical names, and configuration guidelines (Section 1.1). • Enabling support for DECnet over TCP/IP, and PATHWORKS (Advanced Server) (Section 1.2). • Creating user accounts and proxy identities (Section 1.3). • Configuring TCP/IP Services on an OpenVMS cluster (Section 1.4). • Starting services with the auxiliary server (Section 1.
Managing TCP/IP Services 1.1 Getting Started 1.1.1 Logical Names Logical names allow you to customize or modify component behavior. Logical names also point to directories, database files, and log files.
Managing TCP/IP Services 1.1 Getting Started 1.1.3 Saving Changes The configuration procedure TCPIP$CONFIG saves configuration and initialization information in the file TCPIP$CONFIGURATION.DAT. You can modify the configuration dynamically or permanently, as follows: • SET commands modify the software dynamically, as it is running. Changes made in this manner are not saved permanently and are overwritten if they differ from settings in the permanent configuration database.
Managing TCP/IP Services 1.1 Getting Started 2. Disables active services 3. Deletes the network interface definitions 4. Deassigns defined logical names 5. Deletes installed images To start TCP/IP Services automatically, add the following command to the system startup file: $ @SYS$STARTUP:TCPIP$STARTUP.COM To maintain site-specific startup and shutdown commands and settings, create the following files: • SYS$STARTUP:TCPIP$SYSTARTUP.COM • SYS$STARTUP:TCPIP$SYSHUTDOWN.
Managing TCP/IP Services 1.2 Enabling PATHWORKS/Advanced Server and DECnet-over-TCP/IP Support 1.2 Enabling PATHWORKS/Advanced Server and DECnet-over-TCP/IP Support TCP/IP Services software includes the PATHWORKS Internet Protocol (PWIP) driver and the PWIP ancillary control process (PWIP_ACP). The PWIP driver allows OpenVMS systems that are running both the Compaq PATHWORKS/Advanced Server and the TCP/IP Services software to communicate with personal computers running PATHWORKS client software.
Managing TCP/IP Services 1.3 Setting Up User Accounts and Proxy Identities The configuration procedure TCPIP$CONFIG creates a proxy database file called TCPIP$PROXY. You add proxies to this database with the ADD PROXY command. The TCP/IP Services product allows two types of proxies: • Communication proxy A communication proxy provides an identity for remote users of RSH, RLOGIN, RMT/RCD, and LPD. For each host, be sure to define the host name and any aliases. Proxy entries are case sensitive.
Managing TCP/IP Services 1.4 Configuring a TCP/IP Cluster host. For more information about configuring a specific service for cluster failover, refer to the chapter in this manual that discusses the particular service. 1.4.1 Setting Up an ARP-Based Cluster Compaq strongly recommends using the configuration procedure TCPIP$CONFIG to configure a TCP/IP cluster. If you cannot run TCPIP$CONFIG, configure a TCP/IP cluster by completing the following steps: 1. Create the interfaces for all cluster members. 2.
Managing TCP/IP Services 1.5 Auxiliary Server When it receives a request, the auxiliary server dynamically creates a network process, obtaining user account information from one or all of the following sources: • TCP/IP Services proxy account • Services database • Remote client • Local OpenVMS user authorization file (UAF) In addition, users requesting services at the client can include their user account information as part of the command line.
Managing TCP/IP Services 1.5 Auxiliary Server The auxiliary server builds the network process name from the character string in the services database. Enter this string with the SET SERVICE command: TCPIP> SET SERVICE service /PROCESS_NAME=process Note For TELNET and RLOGIN, the process name is set by either the system or users. 4. Set the maximum number of server processes that can run simultaneously. This number should not exceed the maximum number of sockets allowed on the system.
Managing TCP/IP Services 1.6 Enabling Services 1.6.1 Setting Up Event Logging Event logging can help you manage the software. By default, user-defined services do not log events, but you can enable event logging for all or selected configured services. You can configure the product to log events to the operator’s console, a log file, or both.
2 Configuring Interfaces OpenVMS systems running TCP/IP Services communicate with other internet hosts over a variety of physical media. Because TCP/IP is independent of the underlying physical network, IP addresses are implemented in the network software, not the network hardware. (See the Compaq TCP/IP Services for OpenVMS Software Product Description for a complete list of supported media.) This chapter reviews key concepts and describes: • How to configure network controllers (Section 2.
Configuring Interfaces 2.3 Configuring Network Interfaces 2.3 Configuring Network Interfaces The TCP/IP Services product supports one local software interface for loopbacks and one or more physical network interfaces for each physical network controller. The configuration procedure initially configures your network interfaces. Use the following commands if you need to redefine an interface or configure serial lines. See Chapter 3 for more information about configuring serial lines.
Configuring Interfaces 2.3 Configuring Network Interfaces • For this controller Use this interface class X25 X Local (loopback) O An integer indicating the controller number. Controller numbers are decimal numbers in the range of 0 through 25, corresponding to OpenVMS hardware controller letters A through Z. The default is 0. Primary interfaces for Ethernet controllers have names in the range SE, SE0, SE1, SE2, . . . SE24, SE25. Interfaces for PPP controllers have names in the range PP, PP0, PP1, .
Configuring Interfaces 2.3 Configuring Network Interfaces For example, assume interface WF0 exists with a network address of 10.10.1.100 and a 24-bit subnet mask. To add an alias with an address of 10.10.2.100 with a 24-bit subnet mask, follow these steps: 1. Define foreign commands: $ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM 2. Display the current interfaces. Use quotation marks to preserve case. For example: $ netstat -n "-I" wf0 Name Mtu Network WF0 4470 WF0 4470 10.10.1 Address 0:0:f8:bd:bc:22 10.
3 Configuring Serial Lines A serial connection is made between two systems using modems and telephone lines or other serial lines. TCP/IP Services supports serial connections using the PPP (Point-to-Point Protocol) and SLIP (Serial Line IP) protocols. SLIP includes CSLIP (compressed SLIP). You can use any standard OpenVMS terminal device as a PPP or SLIP line. (PPP is available for OpenVMS Alpha systems only.) This chapter reviews key concepts and describes: • How to set up a PPP interface (Section 3.
Configuring Serial Lines 3.1 Key Concepts 3.1.2 Assigning an IP Address to Your PPP or SLIP Interface Every network interface must have its own unique IP address. Interfaces cannot share IP addresses. If you configure PPP interfaces for multiple remote hosts, the remote hosts can obtain their individual IP addresses from your host when they connect. Similarly, you can configure a PPP interface on your system without knowing your own IP address and obtain it when you connect to a remote system.
Configuring Serial Lines 3.1 Key Concepts 3.1.4 Point-to-Point Protocol PPP uses a frame format that includes a protocol field. The protocol field identifies the protocol (for example, IP, DECnet, or OSI) to be used for communication between the two hosts. The PPP defines the network frame in a 5-byte header and 3-byte trailer. A PPP frame starts and ends with the control byte 7E hex (126 decimal). The address and control bytes are constant. The 2-byte protocol field indicates the contents of the PPP frame.
Configuring Serial Lines 3.2 Setting Up a PPP Interface (Alpha Only) 3.2.1 Setting Up Your Host for PPP Connections In the client/server model for PPP connections, a host can function as a server, or dialup provider, to respond to incoming PPP connection requests. A host can also function as a client dialing in to a dialup provider. • A PPP dialup provider answers modem calls from PPP clients, assigns IP addresses, and establishes PPP connections initiated by client hosts.
Configuring Serial Lines 3.2 Setting Up a PPP Interface (Alpha Only) After you run SYSMAN, confirm that the VTA0 device was created. For more information about SYSMAN and its parameters, see the OpenVMS System Management Utilities Reference Manual: M-Z. For OpenVMS Alpha Version 7.1, you must also install the ASNDRIVER remedial kit to prevent the system from crashing. To obtain the driver and associated corrections, access a remedial kit and accompanying cover letter from: http://ftp.service.digital.
Configuring Serial Lines 3.2 Setting Up a PPP Interface (Alpha Only) 3.2.1.3 Setting Up an Asynchronous Port Use the DCL command SET TERMINAL and applicable qualifiers to set up an asynchronous port for use with the modem. • Setting up the PPP dialup provider Enter the SET TERMINAL command and qualifiers appropriate for your modem connection. (Note that some qualifiers require LOG_IO or PHY_IO privilege, or both.
Configuring Serial Lines 3.2 Setting Up a PPP Interface (Alpha Only) 3.2.1.
Configuring Serial Lines 3.2 Setting Up a PPP Interface (Alpha Only) Alternatively, use the sysconfig utility. First, define the TCP/IP Services foreign commands: $ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM Enter the following SYSCONFIG commands: $ SYSCONFIG -r inet ipforwarding=1 $ SYSCONFIG -r inet ipgateway=1 $ SYSCONFIG -q inet To send notifications automatically on all connected LANs when new hosts or networks become reachable, use dynamic routing with the /SUPPLY option.
Configuring Serial Lines 3.2 Setting Up a PPP Interface (Alpha Only) For example: $ PPPD PPPD> DIAL_OUT TTA0 Type control-~ to send a break control-\ to disconnect control-@ to switch to a Point-to-Point connection. atdt 8671234 3. If you are connecting to another OpenVMS system, log in to the system after you dial up, and enter the following commands to establish the connection: $ PPPD PPPD> CONNECT To end the connection, enter the DISCONNECT TTn command at the PPPD> prompt and log out. 4.
Configuring Serial Lines 3.3 Setting Up a SLIP Interface Use the following commands to set up the SLIP interface: • SET INTERFACE SLn, where n is the number of the interface. If you omit the interface number, SL0 is assumed. This command takes effect immediately and stays in effect until the next TCP/IP Services shutdown. • SET CONFIGURATION INTERFACE SLn, where n is the number of the interface. If you omit the interface number, SL0 is assumed.
Configuring Serial Lines 3.3 Setting Up a SLIP Interface 3.3.1 Setting Up Hard-Wired SLIP Lines To configure SLIP with hard-wired lines, follow these steps: 1. Establish a physical connection. Plug in a serial cable between the two host systems or ensure that they are both cabled to opposite ends of a leased line. 2. Obtain an IP address if necessary. 3. Configure the SLIP interface. Enter the SET INTERFACE command with the /HOST and /SERIAL_DEVICE qualifiers, which are required. 3.3.
Configuring Serial Lines 3.3 Setting Up a SLIP Interface • With a U.S. Robotics Sportster modem, set the following values: AT&B0 — Variable, follows connection rate (optional) AT&H0 — Flow control disabled AT&I0 — Software flow control disabled 4. Obtain IP addresses if necessary. 5. To dial in, follow these steps: a. Enter the SET HOST /DTE command: $ SET HOST /DTE TTnx b. Type the telephone number. For example: atdt telephone_number c. The connected system displays its interactive (command mode) prompt.
Configuring Serial Lines 3.3 Setting Up a SLIP Interface 3.3.3 Setting Up Your Host as a SLIP Dialup Provider You can configure your host to answer calls and establish connections initiated by users on remote hosts. To set up your host as a SLIP provider: 1. Over the line you will define as a SLIP line, dial in to the host. 2. Log in to the remote host. 3. Enter an appropriate SET INTERFACE command with the /SERIAL_DEVICE qualifier to turn the line into a SLIP line.
Configuring Serial Lines 3.3 Setting Up a SLIP Interface To use proxy ARP with a DECserver terminal server, assign an IP address in the same subnetwork as the terminal server. At the terminal server, enter the TCP/IP management command SHOW PORT SLIP. Verify that: • An IP address has not already been associated with your port. • Header compression is available, if you plan to use it. 3.3.5 Setting Up a SLIP Gateway with Proxy ARP It is also possible to set up your host as a SLIP gateway with proxy ARP.
Configuring Serial Lines 3.4 Solving Serial Line Problems • Are the modems configured properly? • Are the DIP switches on the modems set correctly? • Are the modem software settings correct? Make sure that flow control is disabled. • Are all clients and dialup providers using unique addresses? After a software upgrade, be sure to reboot and restart TCP/IP Services. 2. Make sure the SET HOST attempts have not exceeded the OpenVMS security level.
Configuring Serial Lines 3.4 Solving Serial Line Problems Watch the modem’s LED display as you attempt to communicate using the PING command. You might not be able to ping the system if the serial line is tied up with a large FTP operation. 9. Use the TCPTRACE command to see packets going in and out of the local system. For information about using TCPTRACE, enter: $ HELP TCPTRACE 10. Display a count of the packets being sent and received on the problem interface, in full screen format, updated every second.
4 Configuring Routing Routing allows traffic from your local network to reach its destination elsewhere on the internet. Hosts and gateways on a network use routing protocols to exchange and store routing information. Routing is the act of forwarding datagrams based on information stored in a routing table. The TCP/IP Services product provides two types of routing: static and dynamic. This chapter reviews key routing concepts and describes: • How to configure static routes (Section 4.
Configuring Routing 4.1 Key Concepts TCP/IP Services implements two routing daemons: the Routing Daemon (ROUTED) and the Gateway Routing Daemon (GATED). The following sections provide more information. 4.1.2.1 Routing Daemon (ROUTED) This daemon (pronounced route-dee) supports the Routing Information Protocol (RIP). When ROUTED starts, it issues routing update requests then listens for responses. A system configured to supply RIP information responds to the request with an update packet.
Configuring Routing 4.2 Configuring Static Routes 4.2 Configuring Static Routes The first time you run the configuration procedure, TCPIP$CONFIG.COM, static routing is configured automatically. To manually configure static routing, use the CREATE ROUTE command to create an empty routes database file. The default file name is SYS$COMMON:[SYSEXE]TCPIP$ROUTE.DAT. To specify a different name, define the systemwide logical name TCPIP$ROUTE.
Configuring Routing 4.2 Configuring Static Routes • The IP address or host name of a gateway that can reach the destination host Compaq strongly recommends that you do not specify alias names with the destination parameter or the /GATEWAY=host qualifier. To define a route to any host on a specific network, enter: TCPIP> SET ROUTE network_IP_address /GATEWAY="gateway" /NETWORK To define a route to a specific host on a specific network, enter: TCPIP> SET ROUTE remote_host /GATEWAY="gateway" 4.2.2.
Configuring Routing 4.2 Configuring Static Routes 4.2.3 Displaying Manually Defined Routes To display static routes, use the SHOW ROUTE command. To see the permanent database, specify the /PERMANENT qualifier. The display shows the following types of routes: • A — Active route (A route that was created manually or associated with an interface.) • D — Dynamic route. (A route that was dynamically created by the ROUTED or GATED routing daemon.) • H — Host route (A route to a host.
Configuring Routing 4.2 Configuring Static Routes This example shows a multihomed host with two interface adapters. For more information about the netstat utility, enter the following command: TCPIP> HELP NETSTAT 4.3 Enabling and Disabling Dynamic Routing Use the configuration procedure TCPIP$CONFIG to enable dynamic routing and configure your host to receive routing protocol messages as follows: 1. Select the Routing option from the Core Environment menu. 2.
Configuring Routing 4.4 Configuring GATED 5. Start GATED by entering the command START ROUTING/GATED. See the Compaq TCP/IP Services for OpenVMS Management Command Reference manual for detailed descriptions of the SET GATED and START ROUTING/GATED commands. If you do not format the configuration file correctly, GATED terminates. For specific information about how to edit the GATED configuration file, see Appendix A. 4.4.
Configuring Routing 4.4 Configuring GATED Or use the sysconfig utility to enable forwarding. First, define foreign commands: $ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM Enter the following sysconfig command: $ sysconfig -r inet ipforwarding=1 ipgateway=1 To make sure forwarding is enabled after restarting TCP/IP Services, add the command to TCPIP$SYSTARTUP.COM.
Configuring Routing 4.4 Configuring GATED • Internet pseudointerfaces, each with its own IP address, network mask, and broadcast mask: SEA SEA0 SEA1 . . . SEA254 SEB255 To extend routing, follow these steps: 1.
Configuring Routing 4.4 Configuring GATED For example, network 99.0.0.0 is on the same cable as network 192.199.199.0. On host 99.1.2.3, specify network 192.199.199.0 as directly reachable: TCPIP> SET ROUTE 192.199.199.0 /NETWORK /GATEWAY=99.1.2.3 On the hosts in network 192.199.199.0, enter: TCPIP> SET ROUTE 99.0.0.0 /NETWORK /GATEWAY=192.199.199.255 4.4.
Part 2 BIND Part 2 provides information on configuring and managing the TCP/IP Services name server and includes the following chapters: • Chapter 5, Configuring and Managing BIND, describes how to configure and manage the TCP/IP Services implementation of the Berkeley Internet Name Domain (BIND) software. • Chapter 6, Using DNS to Balance Work Load, describes how to use BIND’s round-robin scheduling or the load broker for cluster load balancing.
5 Configuring and Managing BIND The Domain Name System (DNS) is a system that maintains and distributes information about Internet hosts. DNS consists of several databases that store host names and host IP addresses. With DNS, there is no central storage of data — no one server knows everything about all the Internet domains. In UNIX environments, DNS is implemented by the Berkeley Internet Name Domain (BIND) software.
Configuring and Managing BIND 5.1 Key Concepts 5.1 Key Concepts This section serves as a review only and assumes you are acquainted with the InterNIC, that you applied for an IP address, and that you registered your domain name. You should also be familiar with BIND terminology, and you should have completed your preconfiguration planning before using this chapter to configure and manage the BIND software.
Configuring and Managing BIND 5.1 Key Concepts 5.1.2.1 Master Servers A master server is the server from which all data about a domain is derived. Master servers are authoritative, meaning they have complete information about their domain and their responses are always accurate. To provide central control of host name information, the master server loads the domain’s information directly from a disk file created by the domain administrator.
Configuring and Managing BIND 5.1 Key Concepts If you configure a forwarder server, you must provide the name of the host to which requests outside your zones of authority are forwarded. 5.2 Migrating to BIND 8.1 If you set up your BIND environment using a previous version of the TCP/IP Services product, you must convert the UCX databases and configuration information to the new BIND 8.1 format.
Configuring and Managing BIND 5.2 Migrating to BIND 8.1 Important You must be consistent when making changes to your BIND environment. If you make changes by editing the configuration file, you should continue to make changes in that manner. If you revert to the UCX BIND configuration method (SET CONFIGURATION BIND and CONVERT/CONFIGURATION BIND commands), any changes you made to the configuration file (TCPIP$BIND.CONF) are lost.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) Table 5–2 (Cont.) BIND Name Server Configuration Statements Statement Description logging Configures logging options for the name server. Options include output methods, format options, and severity levels that you associate with a name that can then be used with the category phrase to select how various classes of messages are logged. Use one logging statement to define as many channels and categories as you want. See Section 5.3.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) • C++ style comments that start with // and continue to the end of the physical line • Shell or Perl-style comments that start with # and continue to the end of the physical line Important In a zone file, comments start with a semicolon (;). Do not use the semicolon as a comment character in your configuration file.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) 5.3.1.1 Channel Phrase All log output goes to one or more channels. You can create as many channels as you want. Every channel definition must include a clause that says whether messages selected for the channel go to a file or to a particular syslog facility, or are discarded.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) channel default_syslog { syslog daemon; # send to syslog’s daemon facility severity info; # only send priority info and higher }; channel default_debug { file "TCPIP$BIND_RUN.LOG"; # write to TCPIP$BIND_RUN.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) lame-servers statistics panic Messages like ‘‘Lame server on ...’’ . Statistics. If the server has to shut itself down because of an internal problem, it logs the problem in this category as well as in the problem’s native category. If you do not define the panic category, the following definition is used: category panic { default_syslog; default_stderr; }; update ncache xfer-in xfer-out db eventlib Dynamic updates.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) options { [ directory path_name; ] [ named-xfer path_name; ] [ dump-file path_name; ] [ pid-file path_name; ] [ statistics-file path_name; ] [ auth-nxdomain yes_or_no; ] [ fake-iquery yes_or_no; ] [ fetch-glue yes_or_no; ] [ multiple-cnames yes_or_no; ] [ notify yes_or_no; ] [ recursion yes_or_no; ] [ forward ( only | first ); ] [ forwarders { [ in_addr ; [ in_addr ; ...
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) Table 5–3 (Cont.) Path Name Options Option Description pid-file The path name of the file in which the server writes its process ID. If not specified, the default is TCPIP$BIND_SERVER.PID. The pid-file is used by programs like TCPIP$BIND_ SERVER_CONTROL.EXE that want to send signals to the running name server.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) Table 5–4 (Cont.) Boolean Options Option Description multiple-cnames If yes, then multiple CNAME resource records allow for a domain name. The default is no. Allowing multiple CNAME records is against standards and is not recommended. Multiple CNAME support is available because previous versions of BIND allowed multiple CNAME records, and these records have been used for load balancing by a number of sites.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) Table 5–5 Forwarding Options Option Description forward This option is meaningful only if the empty. forwarders forwarders list is not first Causes the server to query the forwarders first. If that does not answer the question, the server looks for the answer itself. A ROOT.HINT file must be present. This is the default. only The server queries only the forwarders. A ROOT.HINT file is not necessary.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) Example 5–4 shows how to specify an options statement for name checking. The statement specifies that nonconforming names coming from a slave are ignored. Example 5–4 Name Checking Options options { check-names slave ignore; }; 5.3.2.5 Access Control Access to the server can be restricted based on the IP address of the requesting system. Table 5–7 describes the access control options.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) 5.3.2.7 Query Address If the server does not know the answer to a question, it queries other name servers. The query-source option specifies the source address and source port used for such queries. If the address is an asterisk (*) or is omitted, the server uses a wildcard IP address (INADDR_ANY). If the port is an asterisk (*) or is omitted, the server uses a random unprivileged port.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) Example 5–6 shows how to specify an options statement to control zone transfers. Example 5–6 Zone Transfer Options options { max-transfer-time-in 120; transfer-format one-answer; transfers-in 10; transfers-per-ns 2; }; 5.3.2.9 Periodic Task Intervals Table 5–9 describes the periodic task options.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) The default topology is as follows: topology { localhost; localnets; }; 5.3.3 BIND Configuration Server Statement Zone transfers can put a heavy load on network traffic and on a BIND server. If you have a large network with many BIND servers, keeping each server up-todate can put a strain on the master server and its memory requirements.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) 5.3.4 BIND Configuration Zone Statement The zone statement defines zones maintained by the name server.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) When used with the topology clause, a non-negated match returns a distance based on its position on the list. (The closer the match is to the start of the list, the shorter the distance is between the match and the server.) A negated match is assigned the maximum distance from the server. If there is no match, the address gets a distance that is further than any non-negated list element and closer than any negated element.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) • Scans the transaction log file once per hour and updates the domain_name.DB file with any transactions it finds by writing a new version of the domain_ name.DB file to disk. This action does not preserve the formatting or comments that existed in the original domain_name.DB file. (See Section 5.3.6.1 for solutions for preserving the formatting or comments in the original domain_name.DB file.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) Table 5–10 shows the valid update commands for NSUPDATE. Table 5–10 NSUPDATE Commands Command Description prereq yxrset domain_name type [rdata] Makes the presence of an RR set of type owned by domain_name a prerequisite to performing the update. prereq nxrrset Makes the nonexistence of an RR set of type owned by domain_name a prerequisite to performing the update specified in successive update commands.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) $ NSUPDATE > UPDATE ADD WWW.NADS.ZN 60 IN CNAME IVY18.NADS.ZN > res_mkupdate: packet size = 49 ;; res_send() ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 53349 ;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 1, ADDITIONAL: 0 ;; nads.zn, type = SOA, class = IN www.nads.zn. 1M IN CNAME ivy18.nads.zn. ;; Querying server (# 1) address = 192.168.1.
Configuring and Managing BIND 5.3 Configuring the BIND Server (BIND 8.1) 3. Run the SYS$COMMON:[SYSMGR]TCPIP$BIND_CLUSTER_SETUP.COM command procedure. This procedure creates two other command procedures that manage the startup and shutdown processes of the BIND component in a cluster environment: • SYS$COMMON:[SYSMGR]TCPIP$BIND_COMMON_STARTUP.COM • SYS$COMMON:[SYSMGR]TCPIP$BIND_COMMON_SHUTDOWN.COM These files define the BIND system logicals and accounting information.
Configuring and Managing BIND 5.4 Populating the BIND Server Databases 5.4 Populating the BIND Server Databases To populate the BIND server database files, use one of the following methods: • Convert an existing host database with the CONVERT/UNIX BIND command. • Manually edit the ZONE.DB files. 5.4.1 Using Existing Databases To populate the BIND server database by copying information from the hosts database and other database files, enter the CONVERT/UNIX BIND command.
Configuring and Managing BIND 5.4 Populating the BIND Server Databases Compaq suggests that you do not change the default directory name. If you do, the file is created in your current directory. On the command line, specify the full OpenVMS file specification. Do not specify a version number, and do not use wildcards. The following example uses the domain ucx.ern.sea.com, creates a UCX_ERN_SEA_COM.DB file, creates a 208_20_9_IN-ADDR_ARPA.
Configuring and Managing BIND 5.4 Populating the BIND Server Databases IN Identifies the record as an Internet DNS resource record. type Identifies what kind of resource record this is. (See Table 5–11 for the record types you can specify.) data Information specific to this type of resource record. For example, in an A record, this is the field that contains the actual IP address. 5.4.3 Saving Backup Copies of Zone Data The name server saves backup copies of the zone data in SYS$SPECIFIC:[TCPIP$BIND].
Configuring and Managing BIND 5.4 Populating the BIND Server Databases These local host databases provide forward and inverse translation for the widely used LOCALHOST name. The LOCALHOST name is always associated with the IP address 127.0.0.1 and is used for local loopback traffic. 5.4.4.2 Hint File This file contains root name server hints. Any name server running on a host without direct Internet connectivity should list the internal roots in its hint file. The following sample shows a ROOT.HINT file.
Configuring and Managing BIND 5.4 Populating the BIND Server Databases To create a ROOT.HINT file: 1. Run TCPIP$CONFIG. 2. Select the Server Components menu. 3. Select the BIND server. This procedure creates the ROOT.HINT file and places the file in the SYS$SPECIFIC:[TCPIP$BIND] directory. 5.4.4.3 Forward Translation File The forward translation file, domain_name.DB, stores host-name-to-address mapping. For example, for the domain ROBIN.BIRD.COM, the following database file is created: ROBIN_BIRD_COM.DB.
Configuring and Managing BIND 5.4 Populating the BIND Server Databases This file is created only for the master server. All other servers obtain this information from the master server. This file contains most of the domain information and has the following characteristics: • Begins with an SOA record and a few NS records that define the domain and its servers. • Maps host names to IP addresses. • Contains A, MX, CNAME, and other records.
Configuring and Managing BIND 5.5 Examining Name Server Statistics ++ Name Server Statistics ++ (Legend) RR RNXD RFwdR RDupR RFail RFErr RErr RAXFR RLame ROpts SSysQ SAns SFwdQ SDupQ SErr RQ RIQ RFwdQ RDupQ RTCP SFwdR SFail SFErr SNaAns SNXD (Global) 2 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 5 0 0 0 0 0 -- Name Server Statistics -++ Memory Statistics ++ 3: 9 gets, 2 rem 4: 7 gets, 0 rem (1 bl, 1022 5: 16 gets, 1 rem 6: 7 gets, 5 rem 7: 10 gets, 5 rem 8: 97 gets, 16 rem (1 bl, 485 ff) 13: 6 gets, 4 rem . . .
Configuring and Managing BIND 5.6 Configuring BIND with SET CONFIGURATION Commands 5.6.1 Setting Up a Master Name Server To instruct the master name server to read the appropriate database files using the information in TCPIP$CONFIGURATION.DAT, use the SET CONFIGURATION BIND command. Use the SHOW CONFIGURATION BIND command to display BIND information from the configuration database (TCPIP$CONFIGURATION.DAT).
Configuring and Managing BIND 5.6 Configuring BIND with SET CONFIGURATION Commands In this command, host specifies the forwarding server. Note You cannot set up a server to be both a forwarder and a caching server. 5.7 Configuring the BIND Resolver Your host uses the BIND resolver to obtain information from a name server. When a request for name translation arrives, the resolver first searches the local host database for the host information.
Configuring and Managing BIND 5.7 Configuring the BIND Resolver This command modifies the volatile database. To make changes permanent, also enter a SET CONFIGURATION NAME_SERVICE command to add the change to the permanent database. Enter a SHOW CONFIGURATION NAME_SERVICE command to view the results. 5.7.
Configuring and Managing BIND 5.7 Configuring the BIND Resolver Assuming that the default domain is ucx.ern.sea.com, the resolver performs lookups as follows: 1. On the host name and domain owl.ucx.ern.sea.com. 2. If that lookup was unsuccessful, the resolver searches for host owl. This behavior is different than the resolver lookup behavior in previous releases (UCX BIND Version 4.x.). The following section provides more information. 5.7.
Configuring and Managing BIND 5.7 Configuring the BIND Resolver 2. If the previous lookup was unsuccessful, the resolver searches for canary.dux.sea.com. 3. If that lookup was unsuccessful, the resolver searches for canary.mux.ern.sea.com. 4. If that lookup was unsuccessful, the resolver searches for canary. In the following output of the SHOW NAME_SERVICE command, the PATH: label shows the search list information entered with the SET NAME_SERVICE /PATH command.
Configuring and Managing BIND 5.7 Configuring the BIND Resolver Note When you execute TCPIP$CONFIG.COM after upgrading from UCX to TCP/IP Services for OpenVMS, the system creates a domain search list that is consistent with the UCX default lookup behavior. TCPIP$CONFIG.COM uses the default domain to create a search list consisting of each parent domain. For example, if the default domain is ucx.ern.sea.com, the resulting search list is ucx.ern.sea.com,ern.sea.com,sea.com.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server 5.8.2 Obtaining Help You can obtain help by: • Entering the following DCL command: $ HELP TCPIP_SERVICES NSLOOKUP • Entering one of the following NSLOOKUP commands: > ? or > help The following example shows the information available with the NSLOOKUP help (?) command: $ NSLOOKUP Default Server: condor.lgk.dec.com Address: 16.99.208.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server Table 5–13 NSLOOKUP Commands Command Function host [server] Looks up information using the current default server or the server you specify. Enter the name of the host for which you need an IP address. For example, the following command searches for www.whitehouse.gov using the default server: > www.whitehouse.gov Server: condor.lgk.dec.com Address: 16.99.208.53 Name: www.whitehouse.gov Addresses: 198.137.240.92, 198.137.240.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server You obtain a list of the options and their default values by entering the set all command immediately after starting an interactive NSLOOKUP session, as shown in the following example: $ NSLOOKUP Default Server: condor.lgk.dec.com Address: 16.99.208.53 > set all Default Server: condor.lgk.dec.com Address: 16.99.208.53 Set options: nodebug defname nod2 novc querytype=A 5 class=IN root=a.root-servers.net. domain=xyz.prq.dec.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server Table 5–14 (Cont.) Options to the NSLOOKUP set Command Option Function class=value Changes the query class to one of the following: • IN — The Internet class (default) • CHAOS — The Chaos class • ANY — Wildcard The class specifies the protocol group of the information. You can use the abbreviated form of the keyword cl.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server Table 5–14 (Cont.) Options to the NSLOOKUP set Command Option Function timeout Length of time (in seconds) to wait for a reply from each attempt. For example: > set timeout=9 root=value Changes the root server. For example, the following command changes the root server to ns.nasa.gov. > set root=ns.nasa.gov ignoretc Tells NSLOOKUP to ignore packet truncation errors.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server 5.8.5 Query Types You can change the type of information you receive from a query. The default query type is A. Table 5–14 lists the different types of query information. 5.8.5.1 A Query Type This is the default NSLOOKUP query type. It returns the name and IP address of a host. The following NSLOOKUP session shows a query for the host apple. The query to the server condor.lgk.dec.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server 5.8.5.3 MX Query Type To obtain information about mail exchange records, set the query type to MX and enter a domain. The output tells you which hosts handle mail for the specified domain, as shown in the following example. > set type=mx > lgk.dec.com Server: condor.lgk.dec.com Address: 16.99.208.53 lgk.sea.com preference = 200, mail exchanger = crl.sea.com lgk.sea.com preference = 50, mail exchanger = collie.lgk.sea.com lgk.sea.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server Non-authoritative answer: microsoft.com nameserver microsoft.com nameserver microsoft.com nameserver microsoft.com nameserver microsoft.com nameserver microsoft.com nameserver = = = = = = dns2.microsoft.com dns1.moswest.msn.net dns2.moswest.msn.net dns3.nwnet.net dns4.nwnet.net dns1.microsoft.com Authoritative answers can be found from: dns2.microsoft.com internet address = 131.107.1.240 dns3.nwnet.net internet address = 192.220.250.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server Table 5–15 Options to the NSLOOKUP ls Command Option Function -a -d -h Lists aliases of hosts in the domain (CNAME entries). -m -s -t Lists mail exchange (MX) entries in the domain. Lists all the entries in the domain. Lists CPU and operating system information for the domain (HINFO entries). Lists well-known services (WKS) in the domain. Lists a specified entry type.
Configuring and Managing BIND 5.8 Using NSLOOKUP to Query a Name Server > ls -m lgk.sea.com brigit piglet tieta sherry 12H 12H 12H 12H 12H 12H 12H 12H 12H 12H 12H 12H 12H 12H 12H 12H IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN MX MX MX MX MX MX MX MX MX MX MX MX MX MX MX MX 10 brigit 100 mail1.digital.com. 100 mail2.digital.com. 200 crl.SEA.com. 10 piglet 100 mail1.digital.com. 100 mail2.digital.com. 200 crl.SEA.com. 10 tieta 100 mail1.digital.com. 100 mail2.digital.com. 200 crl.SEA.com.
Configuring and Managing BIND 5.9 Solving Bind Server Problems 5.9.1 Server Not Responding A missing client name in the BIND server’s database files results in lack of service to that client. If records that point to the name servers (NS records) in a domain are missing from your server’s database files, you might see the following messages: %TCPIP-W-BIND_NOSERVNAM, Server with address 199.85.8.
6 Using DNS to Balance Work Load This chapter describes how to use DNS to balance the network traffic on a multihomed host or on network servers when you have multiple systems providing the same network service. TCP/IP Services provides two methods for balancing work load using DNS: • Load sharing using the default DNS method of round-robin scheduling. • Load balancing using the TCP/IP Services load broker.
Using DNS to Balance Work Load 6.2 Round-Robin Scheduling In the example, the DNS cluster alias is defined as robin. When the DNS server receives queries for robin, it shuffles the A resource records in a round-robin manner. ; ; TCP/IP DNS cluster load sharing - round robin method ; DNS cluster alias: "robin" robin IN A 9.20.208.47 IN A 9.20.208.30 IN A 9.20.208.72 ; birdy IN A 9.20.208.47 seagull IN A 9.20.208.30 owl IN A 9.20.208.
Using DNS to Balance Work Load 6.2 Round-Robin Scheduling TCPIP> SHOW HOST ROBIN BIND database Server: 9.20.208.72 owl.ucx.ern.sea.com Host address Host name 9.20.208.47 robin.ucx.ern.sea.com 9.20.208.30 robin.ucx.ern.sea.com 9.20.208.72 robin.ucx.ern.sea.com TCPIP> SHOW HOST ROBIN BIND database Server: 9.20.208.72 owl.ucx.ern.sea.com Host address Host name 9.20.208.30 robin.ucx.ern.sea.com 9.20.208.72 robin.ucx.ern.sea.com 9.20.208.47 robin.ucx.ern.sea.
Using DNS to Balance Work Load 6.3 Load Broker Concepts 6.3.1 How the Load Broker Works When the load broker starts, it reads its configuration file and starts polling DNS cluster members. The load broker exchanges messages with DNS cluster members that run the metric server. The metric server (Section 6.3.2) calculates the current rating and reports it when polled by the load broker.
Using DNS to Balance Work Load 6.3 Load Broker Concepts Availability is calculated using the IJOBLIM system parameters and the SDA global reference variable IJOBCNT in the following equation: availablity = (20*(IJOBLIM-IJOBCNT))/IJOBLIM • Workload One consideration in the work load calculation is the system manager’s estimate of the host’s relative CPU power specified by the system logical TCPIP$METRIC_CPU_RATING.
Using DNS to Balance Work Load 6.5 Configuring the Load Broker 6.5 Configuring the Load Broker To configure the load broker, edit the file TCPIP$LBROKER_CONF.TEMPLATE located in SYS$SYSDEVICE:[TCPIP$LD_BKR], then rename the file to TCPIP$LBROKER.CONF. After making changes to TCPIP$LBROKER.CONF, restart the load broker by running TCPIP$CONFIG, or by using the shutdown and startup procedures.
Using DNS to Balance Work Load 6.5 Configuring the Load Broker cluster "www.tcpip.ern.sea.com" { dns-ttl 45; dns-refresh 30; masters { 9.20.208.53; }; polling-interval 9; max-members 3; members { 9.20.208.100; 9.20.208.53; 9.20.208.54; 9.20.208.80; 9.20.208.129; 9.20.208.130; }; failover 16.20.208.200; }; To retain your UCX Version 4.x DNS cluster load-balancing configuration: 1.
Using DNS to Balance Work Load 6.5 Configuring the Load Broker • The number of DNS cluster member hosts is limited to 32. • A BIND name server can also be a DNS cluster member host. • The authoritative name server can run any BIND name server that supports BIND 8.1.1 or later or that supports dynamic updates. 6.5.2 Load Broker Logical Names Table 6–2 describes the load broker’s logical names.
Using DNS to Balance Work Load 6.6 Metric Server Startup and Shutdown • SYS$STARTUP:TCPIP$METRIC_SHUTDOWN.COM allows you to shut down the metric service. To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services: • SYS$STARTUP:TCPIP$METRIC_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when the metric service is started.
Part 3 Configuring Services Part 3 describes how to set up and manage the Dynamic Host Configuration Protocol (DHCP), the Bootstrap Protocol (BOOTP), the Trivial File Transport Protocol (TFTP), the Portmapper service, the Network Time Protocol (NTP), and the Simple Network Management Protocol (SNMP).
7 Configuring the DHCP Server Dynamic Host Configuration Protocol (DHCP), a superset of the Bootstrap Protocol (BOOTP), provides a centralized approach to the configuration and maintenance of IP address space. It allows the system manager to configure various clients on a network from a single location. DHCP allocates temporary or permanent IP addresses from an address pool to client hosts on the network.
Configuring the DHCP Server 7.1 Key Concepts Based on the BOOTP functionality, DHCP is built on the client/server model: • The DHCP server is a host that provides initialization parameters. • The DHCP client is a host that requests initialization parameters from a DHCP server. A router cannot be a DHCP client. 7.1.
Configuring the DHCP Server 7.1 Key Concepts Table 7–1 DHCP IP Address Allocation Methods Method Dynamic Applicable Client DHCP and BOOTP Description The DHCP server assigns an IP address from an address pool to a client for a specified amount of time (or until the client explicitly relinquishes the address). Addresses no longer needed by clients can be reused. Use dynamic allocation when: • Clients plan to be connected to the network only temporarily.
Configuring the DHCP Server 7.1 Key Concepts Messages that include a DHCP message-type option are assumed to have been sent by a DHCP client. Messages without the DHCP message-type option are assumed to have been sent by a BOOTP client. However, DHCP improves the BOOTP-only functionality in the following ways: • DHCP allows the serial reassignment of network addresses to different clients by assigning a network address for a finite lease period.
Configuring the DHCP Server 7.2 DHCP Server Components Table 7–2 DHCP Executable Files Program Name Description BPASCIITODBMOD.EXE Used in rollover of old-style UCX BOOTP entries to DHCP. BPISAMTOASCII.EXE Used in rollover of old-style UCX BOOTP entries to DHCP. DBDUMP.EXE Dumps lease database in single line ASCII format. See Section 7.8.1. DBMODIFY.EXE Modifies lease database. See Section 7.8.2. DBREGISTER.EXE Registers known MAC addresses. See Section 7.8.3. DBSHOW.
Configuring the DHCP Server 7.2 DHCP Server Components The DHCP configuration files (except for log files) are located in SYS$SYSDEVICE:[TCPIP$DHCP] or in the directory pointed to by the logical name TCPIP$DHCP_CONFIG. Log files are always located in the SYS$SYSDEVICE:[TCPIP$DHCP] directory. Template copies of the DHCP configuration files are located in text library file SYS$LIBRARY:TCPIP$TEMPLATES.TLB. The template copies provide instructions on how to edit the text files manually. 7.2.2.
Configuring the DHCP Server 7.2 DHCP Server Components Example 7–1 (Cont.) Sample SERVER.PCY File name_service dns # # # # # # # # # # Specify whether the name service is dynamically updateable. NIS and NIS+ are dynamically updateable, but the system administrator may choose to disable this capability. In both cases the server must be in the same domain as the name server, and the JOIN server’s key must be in the public database.
Configuring the DHCP Server 7.2 DHCP Server Components Example 7–1 (Cont.) Sample SERVER.PCY File support_bootp #This boolean is only valid if Bootp clients are supported #(support_bootp option is enabled). When present it permits #the server to permanently assign an IP address from its #free pool to a BOOTP client in the event that no permanent #binding exists in dhcpcap. Normally the JOIN server can #only service BOOTP clients for which such a binding pre-exists.
Configuring the DHCP Server 7.2 DHCP Server Components Example 7–1 (Cont.) Sample SERVER.PCY File # # # # # # # # # # # # Set this true if you want to automatically delete leases when the client changes its net. I.e. if the server has leases for the client on several nets, and the client boots on a specific net, say X, the all the leases on all the nets except X, whether expired or not will be deleted.
Configuring the DHCP Server 7.2 DHCP Server Components Example 7–2 (Cont.) Sample DHCPCAP. File # Using the tc= capability to factor out identical data # from several entries. Multiple tc’s permit as many # levels of indirection as desired. # Be careful about including backslashes where they’re needed. # Strange things can happen otherwise. # The data which follows is for example only. You should delete # and add entries appropriate to configuration of your own # networks.
Configuring the DHCP Server 7.2 DHCP Server Components Example 7–2 (Cont.) Sample DHCPCAP. File subnet_2:\ :nw=10.10.2.0:\ :gw=10.10.2.66:\ :ba=10.10.2.255:\ :lt=1200:t1=600:t2=1050: subnet_4:\ :nw=10.10.4.0:\ :ba=10.10.4.255:\ :lt=1200:t1=600:t2=1050: 7.2.2.3 Network Addresses The NETS. file describes the ranges of IP addresses available to the server for the clients. Both BOOTP and DHCP use this pool of addresses whenever dynamic IP assignment is needed.
Configuring the DHCP Server 7.2 DHCP Server Components Example 7–3 (Cont.) Sample NETS. File # # # # # # # # # # # # # # # If there are fewer than three fields then the subnet and owner are implied by previous entries. The address range is specified as one or two IP addresses. If two then they must be separated by a dash "-", with no whitespace intervening. Multiple ranges may be specified for any owner.
Configuring the DHCP Server 7.2 DHCP Server Components Example 7–5 Sample NETMASKS. File $ TYPE PINE$DKB0:[DHCP_CONFIG]NETMASKS. # Network masks. This file is only needed on those platforms # which don’t provide a netmasks database, either as a text # file or as a map (NIS, NIS+, .. whatever). # # This file should contain an entry for each network for which # the netmasks is other than the standard A,B or C mask. Each # entry has two fields: the network and the mask.
Configuring the DHCP Server 7.2 DHCP Server Components Example 7–6 Sample NAMEPOOL. File $ # # # # # # # # # # # # # # # # # # # # # # # # # # # TYPE PINE$DKB0:[DHCP_CONFIG]NAMEPOOL. namepool: pool of names available for dynamic allocation. $Id: namepool,v 1.7 1996/01/15 17:53:11 hyung Exp $ DESCRIPTION This file contains names to be allocated to new machines coming onto the network.
Configuring the DHCP Server 7.2 DHCP Server Components 7.2.2.6 .DDNSKEYS The .DDNSKEYS file describes each DNS domain and the DNS name server that is to receive Host/IP address update information when DHCP distributes an address to a DHCP client in the domain. The information in this file consists of the domain to be updated and the IP address of the DNS server to which DHCP sends the updates. A third field for secure dynamic updates is reserved for future use.
Configuring the DHCP Server 7.2 DHCP Server Components Table 7–5 DHCP Server Logical Names Logical Name Description TCPIP$DHCP_CONFIG directory If defined, places the following DHCP files (during TCPIP$CONFIG) in the directory you specify: • DHCP configuration files in ASCII format (for example, SERVER.PCY) • DHCP database files in binary format (for example, DBA.
Configuring the DHCP Server 7.2 DHCP Server Components 7.2.5 Log Files The DHCP server creates a log file named TCPIP$DHCP_RUN.LOG in the directory SYS$SYSDEVICE:[TCPIP$DHCP]. 7.3 DHCP Server Startup and Shutdown The DHCP server can be shut down and started independently of TCP/IP Services. This is useful when you change parameters or logical names that require the service to be restarted. The following files are provided: • SYS$STARTUP:TCPIP$DHCP_STARTUP.COM allows you to start up the DHCP service.
Configuring the DHCP Server 7.4 Configuring the DHCP Server 7.4 Configuring the DHCP Server To configure the DHCP server, perform the following tasks: Task Described in... Enable DHCP on your system and set up DHCP files and databases. Section 7.4.1 Set up DNS/BIND. Section 7.4.2 Set up the cluster failover environment. Section 7.4.5 Stop the DHCP process. Section 7.3.1 Shut down and start up the DHCP process. Section 7.3 Configure client information (use the DHCP GUI or make changes manually).
Configuring the DHCP Server 7.4 Configuring the DHCP Server Important Compaq recommends calling the TCPIP$DHCP_ SETUPCOMMANDS.COM procedure as part of the login process for all users who are authorized to manage the DHCP server. 7.4.2 Configuring DHCP and DNS/BIND to Assign Host Names DHCP uses the following methods to assign a host name: • By hardware address When you specify this method, DHCP uses the host name suggested by a client when the client sends out its initial boot request.
Configuring the DHCP Server 7.4 Configuring the DHCP Server 4. Create a .DDNSKEYS file with an entries for the DNS/BIND server that is to receive dynamic updates. You will most likely want to create an entry for A and PTR records by defining a forward and reverse translation entry. 5. Create a NAMEPOOL. file to supply a pool of names to use for nodes on the particular network. DHCP uses this pool of names to generate a host name only when other methods are unsuccessful. 7.4.2.
Configuring the DHCP Server 7.4 Configuring the DHCP Server 7.4.4 Returning to the BOOTP-Only Configuration You can return to a BOOTP-only configuration at any time. Further, you can use the previous TCPIP$BOOTP.DAT database file and the client entries it contains. If you deleted the TCPIP$BOOTP.DAT file, you can create a new one and populate it with entries (see Section 9.5).
Configuring the DHCP Server 7.4 Configuring the DHCP Server b. Delete the DHCP data files from the DHCP directory by renaming them to a temporary subdirectory. (You can delete the files after you are sure that the failover environment is set up correctly.) For example, enter the following commands: $ CREATE/DIR SYS$SYSDEVICE:[TCPIP$DHCP.SAVE] $ PURGE SYS$SYSDEVICE:[TCPIP$DHCP] $ RENAME SYS$SYSDEVICE:[TCPIP$DHCP]DHCPCAP.;* SYS$SYSDEVICE:[TCPIP$DHCP.SAVE] $ RENAME SYS$SYSDEVICE:[TCPIP$DHCP]DHCPTAGS.
Configuring the DHCP Server 7.4 Configuring the DHCP Server With the DHCP cluster failover configured, you need to indicate that an address range is owned by other hosts. Therefore, you specify the null IP address of 0.0.0.0 in the second field of the NETS. file in each IP address range to be shared among the DHCP servers. For example, the following entry in the NETS. file is owned by IP address 17.18.208.100: 17.18.0.0 17.18.208.100 17.18.208.10-17.18.208.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP 7.5.1 General Information To use the DHCP GUI to configure DHCP: • You need the following system privileges: BYPASS SYSNAM PRMMBX • If you have not already done so, execute the TCPIP$DHCP_ SETUPCOMMANDS.COM command procedure to establish DHCP foreign commands . • Invoke the GUI by entering the following utility program command: $ DHCPGUI The system displays the configuration window with four tabs across the top of the window.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP 7.5.1.1 Saving Information in a Record If you add or revise information in a field, you need to save the information using one of the following methods: 1. Choose Update from the File menu. 2. Choose Exit from the File menu, then choose Save and Exit. This updates the database when you exit the program. 7.5.1.2 Adding New Records For some subjects, you can add more than one record. To add a new record: 1.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Assign Name by Hardware Addr Specifies whether you can assign host names by the hardware address. If you choose True, the client computer always has the same name, even if its IP address changes; however, to do so, the client must remain in the same domain. This option is appropriate for sites supporting dynamic updating of the name service.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Auto Synchronize Database Choose True to flush the server database to disk after each update. This makes the server more reliable if there is a failure such as a system crash or unintentional power shutdown. Setting this parameter to True can slow down the server. The default is False. BOOTP Addr From Pool Specifies whether the DHCP server does not require a preestablished binding for BOOTP clients.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Canonical Name Overrides the value normally returned by a gethostname routine call (default). Primarily used for multihomed hosts with a canonical name corresponding to an interface that is not recognized by DHCP (for example, ATM interfaces) and for high-availability servers that have per-service IP addresses that differ from a physical IP host address. The following are valid values: gethostname routine call. Default.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Free List Size Specifies the size of the internal array specifying the number of address blocks held on the free list. If this number is too high, the server will lose previous allocations of expired leases quickly. If this number is too low, performance can suffer. The default setting is 8.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP The following are valid values: False: Do not send an ICMP echo request to a BOOTP client before assigning an IP address. Default. True: Send an ICMP echo request to a BOOTP client before assigning an IP address. Ping Timeout Specifies the duration (in milliseconds) of the ping timeout. Enter the amount of time the server is to wait before concluding no other host is using the IP address. After the timeout, the ping command stops checking.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Support Microsoft RAS Server Specifies support for the Microsoft Proxy Remote Access Server (RAS). The RAS server generates a BOOTP packet with a MAC address of 16 octets. The following are valid values: False: Ignore a BOOTP packet with a MAC address of 16 octets. Default. True: Recognize a BOOTP packet with a MAC address of 16 octets.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP 3. If your network has more than one subnet, enter the remaining subnet IP numbers. Note A subnet address can have more than one corresponding IP Address Range. The server can configure clients on more than one subnet when the routers between the server and the client forward BOOTP packets. 7.5.2.3 Configuring Host Names Use the Host Names Lists Parameters to configure a host name.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP • Host name prefix is magic. Then, the DHCP server gives the host names magic1 and magic2 to the next two computers that request host names. Enter a specific host name prefix. Host names Specifies the list of host names. Enter as many host names as needed. Different DHCP servers can own the same host names. 7.5.2.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP 2. Choose Active IP Snapshot from the drop-down list. 3. On the left side of the window, select the record you want to remove. 4. Click Delete. Changes to the database take effect immediately. Refreshing the Active IP Snapshot Window To refresh the Active IP Snapshot window so that it reflects the current status of the database, click Refresh. This parameter will refresh data on leases that are active or expired, or both. 7.5.2.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Searching for a MAC or IP Address To search for a MAC or IP address: 1. Click the Server/Security tab. 2. Choose Preload MAC Addresses from the drop-down list. 3. Click Find. 4. Enter the MAC or IP address you want to locate. 5. Click OK. Refreshing the MAC Addresses Window To refresh the MAC address window so that it reflects the current status of the database, click Refresh. 7.5.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP 7.5.3.1.1 Configuring a subnet parameters in the Subnets tab. You do not have to change every value for the To configure a subnet group using the Subnets tab, use the following procedure. For a description of the subnet parameters, see Section 7.5.3.4. 1. Click the Subnets tab. 2. Choose [New Record]. 3. Choose the Name parameter from the Name/ID Parameters menu. 4. Enter the name of the subnet configuration in the Value field.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP 7.5.3.2 The Nodes Tab A node is a workstation, computer, or other device on the network. Use the Nodes tab to configure parameters to be passed to specific client nodes. 7.5.3.2.1 Configuring a node You need not change every value for the parameters in the Nodes tab. A node group can be a member of an include group although the settings for a node group override those from a subnet or include group.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Table 7–6 Network Type Symbol and Number Symbol Number Network Type ethernet or ether 1 10 MB Ethernet ethernet3 or ether3 2 3 MB experimental ax.25 3 AX.25 Amateur Radio protnet 4 Protnet proNET Token Ring chaos 5 Chaos token-ring,tr,ieee802 6 IEEE802 arcnet 7 ARCnet 7.5.3.2.2 Removing a node record To remove a node record: 1. Click the Nodes tab. 2. Choose DHCP Parameters from the drop-down list. 3.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Enter the names of subnets, nodes, or other groups that are to be members of the group, that will pull in this group’s parameters. If you have already created a node or subnet group or groups that are members of the include group you are entering the DHCP GUI will display the names of these groups in the Group Members field.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP • X Window Parameters For any parameter, list the values in order of preference. 7.5.3.4.1 Name/ID parameters Name and identification parameters determine the name of the configuration and information that identifies which client or clients are being configured by this record. Name Specifies the name for this subnet, node, or include group configuration. The names used here are tags for the internal use of the DHCP server.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP 7.5.3.4.3 BOOTP Parameters The server version of DHCP fully supports the following BOOTP parameters. If a BOOTP client makes a request of the server, it acts as a BOOTP server. Boot File Specifies the fully qualified path name of the client’s default boot image. Boot File Server Address Specifies the server address of the boot file. Boot File Server Name Specifies the host name of the server with the boot file.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP IEN-116 Name Servers Specifies a list of IEN-116 name servers available to the client. Enter the servers in order of preference. Use this format: ddd.ddd.ddd.ddd. Impress Servers Specifies a list of Imagen Impress servers available to the client. Enter the servers in order of preference. Use this format: ddd.ddd.ddd.ddd. Log Servers Specifies a list of MIT-LCS UDP log servers available to the client. Enter the servers in order of preference.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Send Client’s Host Name Specifies whether the server should send the client’s host name to the client in the reply. The following are valid values: False: Do not send the client’s host name. Default. True: Send the client’s host name. Swap Server Specifies the IP address of the client’s swap server. Use this format: ddd.ddd.ddd.ddd. TFTP Root Directory Specifies the root directory for Trivial File Transfer Protocol (TFTP).
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Interface MTU Specifies the maximum transmit unit (MTU) to use on this interface. Specify the MTU as a 16-bit unsigned integer. Minimum legal value is 68. Maximum Reassembly Size Specifies the maximum size datagram that the client should be prepared to reassemble. Specify the size as a 16-bit unsigned integer. Minimum legal value is 576.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Static Routes Specifies a list of static routes that should be installed in the client’s routing table. If you specify multiple routes to the same destination, list them in descending order of priority. The routes consist of a list of IP address pairs. The first address is the destination address, and the second address is the router for the destination. Note The default route (0.0.0.0) is an illegal destination for a static route.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP 7.5.3.4.6 Link Parameters Link Layer parameters affect the operation of the Link layer on a per-host basis. ARP Cache Timeout Specifies the timeout in seconds for ARP cache entries. The time is specified as a 32-bit unsigned integer. Ethernet Encapsulation If it is an Ethernet interface, use this option to specify whether the client should use Ethernet Version 2 (RFC 894) or IEEE 802.3 (RFC 1042) encapsulation.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP NetBIOS Scope The NetBIOS scope option specifies the NetBIOS scope text parameter for the client as specified in RFC 1001/1002. There can be character-set restrictions. 7.5.3.4.8 Network Parameters Network parameters allow you to change basic network configuration information. Finger Servers Specifies a list of finger servers available to the client. List the servers in the order of preference.
Configuring the DHCP Server 7.5 Using DHCP GUI to Configure DHCP Specify the time in seconds as a 32-bit unsigned integer. Keep Alive Octet This parameter specifies whether the client is to send TCP keepalive messages with a garbage octet for compatibility with older implementations. The following are valid values: False: Do not send a garbage octet. True: Send a garbage octet. (Sets the compatibility mode.
Configuring the DHCP Server 7.6 Configuring DHCP/BOOTP IP Addressing 7.6.1 Static IP Addressing for BOOTP Clients To define static IP addressing, specify a specific IP address for a specific MAC address as follows: 1. Start the GUI by entering the following command: $ DHCPGUI 2. Click the Nodes tab. 3. Choose [New Record]. 4. Enter the host name (Name). 5. Enter the MAC/hardware address. For example, 08:00:20:3f:12:4b. 6. Choose Hardware Type from Key Parameters.
Configuring the DHCP Server 7.6 Configuring DHCP/BOOTP IP Addressing If you set the Use MAC addr as Client ID parameter to True, the server uses the MAC address to uniquely identify the clients. The MAC address field might not be the actual MAC address of the client’s network adapter. Clients that modify the structure of the MAC address before sending it to the server include: • Windows 95, Windows NT, and Windows for Workgroups 3.
Configuring the DHCP Server 7.7 Configuring DHCP Manually 7.7.2 Modifying the Client Configuration Parameters File The DHCPCAP. file describes the various configuration parameters for the clients. This file is similar to the standard bootptab file used by most BOOTP servers. Each entry in the file can describe a single machine (per-node basis) or all the machines within a subnet (per-subnet basis) or a group of machines (per-group basis). 7.7.2.1 DHCPCAP Configuration Syntax The DHCPCAP.
Configuring the DHCP Server 7.7 Configuring DHCP Manually • A blank line 7.7.2.3 DHCPCAP Configuration Examples Example 7–9 shows a sample single-host DHCPCAP. file entry. This entry, mypc, describes the configuration for a BOOTP client. It describes the client itself, its IP address, the default gateway, and the domain name. Example 7–9 Sample Single Host DHCPCAP Entry mypc:\ :ht=ether:\ :ha=112233445566:\ :ip=143.32.3.10:\ :gw=143.32.3.1:\ :dn=acme.com: Example 7–10 shows a subnet DHCPCAP. file entry.
Configuring the DHCP Server 7.7 Configuring DHCP Manually The ASCII string must have the correct number of digits for the specified hardware type; for example, twelve digits for a 48-bit Ethernet address. To improve readability, you can: Separate the two-digit sequences (bytes) with hyphens (-). Separate the two-digit sequences (bytes) with periods (.). Add a 0x prefix to each byte (or only some bytes) of the address. Add a hyphen between some bytes and 0x prefixes before others.
Configuring the DHCP Server 7.7 Configuring DHCP Manually Table 7–8 (Cont.) BOOTP/DHCP Configuration File Symbols Symbol Function Value Format Description bw NetBIOS name servers IP address list Specifies a list of RFC 1001/1002 NBNS name servers listed in order of preference. bx NetBIOS over TCP/IP datagram distribution server IP address list Specifies a list of RFC 1001/1002 NBDD servers listed in order of preference.
Configuring the DHCP Server 7.7 Configuring DHCP Manually Table 7–8 (Cont.) BOOTP/DHCP Configuration File Symbols Symbol Function Value Format Description ds DNS servers IP address list Specifies a list of Domain Name System (RFC 1035) name servers available to the client. Enter servers in order of preference. ec Ethernet encapsulation 0 or 1 Specifies whether the client should use Ethernet Version 2 (RFC 894) or IEEE 802.3 (RFC 1042) encapsulation if the interface is an Ethernet.
Configuring the DHCP Server 7.7 Configuring DHCP Manually Table 7–8 (Cont.) BOOTP/DHCP Configuration File Symbols Symbol Function Value Format Description hr Forwarding enable/disable 0 or 1 Specifies whether the client should configure its IP layer for packet forwarding. The values are: • 0 - Disable • 1 - Enable im Impress server address list IP address list Specifies a list of Imagen Impress servers available to the client. Enter servers in order of preference.
Configuring the DHCP Server 7.7 Configuring DHCP Manually Table 7–8 (Cont.) BOOTP/DHCP Configuration File Symbols Symbol Function Value Format Description Specifies the NNTP server. nn NNTP IP address list no NetWare options Opaque ns IEN-116 name server address list IP address list Specifies a list of IEN 116 name servers available to the client. Enter servers in order of preference. nt NTP servers IP address list Specifies a list of NNTP (Network Time Protocol) servers.
Configuring the DHCP Server 7.7 Configuring DHCP Manually Table 7–8 (Cont.) BOOTP/DHCP Configuration File Symbols Symbol Function Value Format Description sl All subnets are local 0 or 1 Specifies whether the client can assume that all subnets of the IP network to which the client is connected use the same MTU as the subnet of that network to which the client is directly connected. sn Boot file server name ASCII string Specifies the host name of the bootfile server.
Configuring the DHCP Server 7.7 Configuring DHCP Manually Table 7–8 (Cont.) BOOTP/DHCP Configuration File Symbols Symbol Function Value Format Description t1 DHCP renewal time Integer Specifies the time interval (in seconds) from address assignment until the client transitions to the RENEWING state. The value is specified as a 32-bit unsigned integer.
Configuring the DHCP Server 7.7 Configuring DHCP Manually Table 7–8 (Cont.) BOOTP/DHCP Configuration File Symbols Symbol Function Value Format Description vm Vendor’s magic cookie selector ASCII string Specifies a vendor magic cookie for the client. xd X Window System display manager IP address list Specifies a list of IP addresses of systems that are running the X Window System display manager that are available to the client. Enter addresses in order of preference.
Configuring the DHCP Server 7.7 Configuring DHCP Manually Table 7–9 (Cont.) Vendor Specific Options Symbol Function Value Format Description For OpenVMS DHCP clients: sd SMTP substitute domain ASCII string sg SMTP gateway ASCII string sn SMTP substitute domain not local Boolean sz SMTP zone ASCII string For SUN DHCP clients: aa Sun Vendor Option #2 IP address list Refer to the JOIN documentation at the following URL: http://www.join.com/doc/ 7.7.
Configuring the DHCP Server 7.8 Supporting Utilities Table 7–10 DHCP Utility Commands Associated with Databases OpenVMS Command UNIX Command Active IP Snapshot Add/Delete DHCPDBMOD jdbmod Modifies lease and naming information in the database. Allows you to preassign static IP addresses to clients. Also allows you to create, delete, or modify existing entries. Preload MAC Addresses DHCPDBREG jdbreg Populates the database with MAC addresses of known clients.
Configuring the DHCP Server 7.8 Supporting Utilities Each line of output describes the lease information for one client. The output is in a format that is used by the DHCPDBMOD utility to modify the lease database. Note The DHCPBDUMP, DHCPSHOWDBS, and DHCPDBSHOW commands perform read operations on the database, while DHCPDBMOD performs write operations. The DHCPDBDUMP, DHCPSHOWDBS, and DHCPDBSHOW commands accept a number of different flags and arguments. Table 7–11 lists some of the more important flags.
Configuring the DHCP Server 7.8 Supporting Utilities $ DHCPDBDUMP 01:08:00:2b:e5:2c:44|0|7|10.10.2.100|949084208|949085408|949084808|949084208| 10.10.2.6|sarek12|compaq.com| 01:08:00:2b:bf:7d:bb|0|7|10.10.2.101|949084349|949085549|949084949|949084349| 10.10.2.6|gody|compaq.com| 01:08:00:2b:e5:2c:44|0|7|10.10.4.100|948463 7.8.2 Using the DHCPDBMOD Utility The DHCPDBMOD command modifies the lease and naming information in the database files.
Configuring the DHCP Server 7.8 Supporting Utilities 10 Host name (without domain) 11 Domain name The DHCPDBMOD command accepts a number of different flags and arguments. Table 7–12 shows some of the more important flags. Table 7–12 DHCPDBMOD Command Flags Flag Description -d -e -l -n -w Deletes the record. Stores the record even if the lease has expired. Stores the lease information only. Does not store name information. Stores the name information only. Does not store lease information.
8 Configuring the DHCP Client DHCP client is the TCP/IP Services component which allows a system to request network configuration information from a DHCP server and then use that information to configure one or more of its network interfaces. TCP/IP Services DHCP client is an OpenVMS implementation of the Compaq Tru64 UNIX client. This chapter reviews key concepts and describes the following topics: • DHCP client components (Section 8.2) • DHCP client startup and shutdown (Section 8.
Configuring the DHCP Client 8.1 Key Concepts 8.1.1 Designating the Primary Interface Some of the parameters that are configurable by DHCP are interface specific. Examples of interface-specific parameters are the IP address and subnet mask. Most DHCP configurable parameters, however, are systemwide configurable parameters. Examples of systemwide parameters are the host name and DNS domain name.
Configuring the DHCP Client 8.1 Key Concepts 8.1.2 Requesting a Lease A DHCP server allocates IP addresses to clients on a temporary or permanent basis. This time period is called a lease. A client can request a lease for some period of time, which the DHCP server can either honor or assign a different time period depending on the policy in force. A client may request a lease for an infinite period of time, but the server may choose to give out a lengthy but not infinite lease.
Configuring the DHCP Client 8.1 Key Concepts 3. DHCPCONF creates the DHCP client process. If this is the first interface to be configured during the startup procedure, DHCPCONF creates a detached process and runs the TCPIP$DHCP_ CLIENT_RUN.COM command procedure. TCPIP$DHCP_CLIENT_RUN invokes the DHCP client image, TCPIP$DHCP_CLIENT.EXE. TCPIP$DHCP_ CLIENT continues to run until it is manually shutdown or the system is shutdown.
Configuring the DHCP Client 8.2 DHCP Client Components There is one DHCP client process per system, even for multihomed hosts. The DHCP client process is always running on a system that has an interface designated under DHCP control. The DHCP client uses the OpenVMS lock manager to prevent multiple DHCP client processes from executing concurrently on a system. The resource name used to control the number of client processes is TCPIP$DHCP_CLIENT_scsnode.
Configuring the DHCP Client 8.2 DHCP Client Components Example 8–1 shows the contents of a typical CLIENT.PCY file. Example 8–1 Client Startup File $ TYPE CLIENT.PCY class_id TCPVMS lease_desired 86400 request routers request host_name request dns_servers request dns_domain_name # 24 hour lease The format of the configuration file must adhere to the following rules: • Blank lines are ignored. • The pound (#) character introduces a comment that continues to the next newline character.
Configuring the DHCP Client 8.2 DHCP Client Components Table 8–1 (Cont.) Configuration Keywords Keyword Description start_delay seconds Specifies the maximum time (in seconds) the client delays before broadcasting DHCP packets. When the DHCP client is invoked to configure an interface it will delay for a short time before broadcasting the first DHCP packet. The delay time is randomized from a value of 0 up to the value specified by seconds.
Configuring the DHCP Client 8.2 DHCP Client Components Table 8–1 (Cont.) Configuration Keywords Keyword Description request parameter_name Specifies the parameter to request from the DHCP server. There may be many instances of the request keyword, each with a different parameter_name. Each parameter which is configurable through DHCP is identified by a unique parameter. Limited size of DHCP packets dictates that a client should not request data which it cannot use.
Configuring the DHCP Client 8.2 DHCP Client Components Table 8–2 Supported Request Parameters Parameter Name DHCP Option Code This parameter requests... Interface-specific parameters broadcast_address 28 The broadcast address in use on the client’s subnet. interface_mtu 26 The MTU size to use when performing Path MTU discovery. subnet_mask 1 The client’s subnet mask. dns_domain_name 15 The domain name that the client should use when resolving host names using the Domain Name System (DNS).
Configuring the DHCP Client 8.2 DHCP Client Components 8.2.2.3 The Host Name File You can configure the DHCP client to suggest a host name of your choice to the DHCP server by entering the name into a file named HOSTNAME.ifname. This file contains one line of text that contains the unqualified host name to suggest. You store the file in directory specified by the system logical TCPIP$DHCP_ CONFIG, if defined, or in the SYS$SYSDEVICE:[TCPIP$DHCP] directory.
Configuring the DHCP Client 8.2 DHCP Client Components options are super encapsulated into the vendor field (#43); within a specific DHCP packet there may be several instances of option #43. • Pseudotags These are fields of the BOOTP packet and are not defined in RFC2131. Do not change these fields. In general, the DHCP server knows little about the semantics of the first three options. Its only duty is to deliver those values to clients that need them.
Configuring the DHCP Client 8.3 DHCP Client Startup and Shutdown 8.3 DHCP Client Startup and Shutdown The DHCP client can be shut down and started independently of TCP/IP Services. This is useful when you change parameters or logical names that require the service to be restarted. The following files are provided: • SYS$STARTUP:TCPIP$DHCP_CLIENT_STARTUP.COM allows you to start up the DHCP client service. • SYS$STARTUP:TCPIP$DHCP_CLIENT_SHUTDOWN.COM allows you to shut down the DHCP client service.
Configuring the DHCP Client 8.4 Configuring the DHCP Client If you want more than the set of services configured by this option, you can configure your host with the subset of TCP/IP Services and at a later time run TCPIP$CONFIG to configure other services. DHCP client autoconfigure puts each unconfigured IP interface under DHCP control. It employs the following rules to decide which, if any, interface should be marked as the primary interface. (See Section 8.1.
Configuring the DHCP Client 8.4 Configuring the DHCP Client 4. The next phase in the configuration process allows you to designate an interface as the primary DHCP interface. Primary DHCP Interface Configuration DHCP Client configures system-wide parameters and interface-specific parameters. Only one interface, the DHCP "primary" interface, can receive system-wide parameters. Which interface? (SE0,NONE,HELP) [NONE]:SE0 5.
Configuring the DHCP Client 8.4 Configuring the DHCP Client HOSTNAME.[ifname] This file contains a host name that you want to suggest that the DHCP server use as the system’s host name. TCPIP$CONFIG puts the value of the cluster system parameter SCSNODE from the client system into this file. For more information about this file, see Section 8.2.2.3. After extracting the files, TCPIP$CONFIG places the files into the directory pointed to by the TCPIP$DHCP_CONFIG logical, if it is defined.
Configuring the DHCP Client 8.4 Configuring the DHCP Client Table 8–5 DHCP Signal Commands Command Description DHCPSIGHUP Causes the ASCII configuration files to be read again and then translates the TCPIP$DHCP_DEBUG and TCPIP$DHCP_LOG_LEVEL logicals. DHCPSIGTERM Causes an orderly shutdown of DHCP client. Use this command cautiously, as active lease and timer information is lost when you signal the DHCP client to shutdown.
Configuring the DHCP Client 8.5 TCP/IP Management Commands Note that this command does not change the current run-time configuration of the interface. For any changes to the TCPIP$CONFIGURATION database to take effect, you must run $TCPIP$STARTUP or enter a TCP/IP command START COMMUNICATION/INITIALIZE. The format of the command is: SET CONFIGURATION INTERFACE ifname/DHCP [/[NO]PRIMARY] In this format, ifname is the name of the interface; for example, SE0.
9 Configuring BOOTP The Bootstrap Protocol (BOOTP) server answers network bootstrap requests from diskless workstations and other network devices such as routers, terminal servers, and network switching equipment. When it receives such a request, the BOOTP server looks up the client’s address in the BOOTP database file. The Trivial File Transfer Protocol (TFTP) handles the file transfer from a TFTP server to a diskless client or other remote system. The client initiates the file transfer.
Configuring BOOTP 9.1 Key Concepts • Name and size of the client’s system load file • IP address of the TFTP server storing this file • IP addresses of the hosts offering common network services, such as a log server or a print (LPD) server. 5. When the client receives the configuration information in the BOOTP response, it sends a request to the TFTP server host named in the response. This request is necessary only if the client must retrieve the load file. 6.
Configuring BOOTP 9.2 BOOTP Planning and Preconfiguration Tasks If you configure multiple servers, each server competes to provide the requested configuration information. For efficient use of each server, partition the database with a subset of the overall client population designated to each server.
Configuring BOOTP 9.3 Configuring the BOOTP Service • Empty TCPIP$BOOTP database file 9.4 Managing the BOOTP Service The following sections describe how to manage the BOOTP service. 9.4.
Configuring BOOTP 9.4 Managing the BOOTP Service 9.4.2 BOOTP Management Commands Table 9–1 summarizes the BOOTP management commands. Table 9–1 BOOTP Management Commands Command Function CONVERT/VMS BOOTP Populates an existing BOOTP database with entries from a UNIX /etc/bootptab file. CREATE BOOTP Creates an empty BOOTP database. SET BOOTP Adds or modifies client entries to the BOOTP database. SHOW BOOTP Displays client information from the BOOTP database.
Configuring BOOTP 9.4 Managing the BOOTP Service To preserve site-specific parameter settings and commands, you can create the following files. These files are not overwritten when you reinstall TCP/IP Services: • SYS$STARTUP:TCPIP$BOOTP_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when BOOTP is started. • SYS$STARTUP:TCPIP$BOOTP_SYSHUTDOWN.
Configuring BOOTP 9.5 Creating a BOOTP Database To populate the BOOTP database with client entries, use these commands: • CONVERT/VMS BOOTP (adds UNIX client records) • SET BOOTP (adds individual client records) 9.5.2 Converting UNIX Records You can use the BOOTP client information in an existing UNIX boot file. The CONVERT/VMS BOOTP command populates the existing BOOTP database with entries from a BIND formatted UNIX /etc/bootptab file.
Configuring BOOTP 9.5 Creating a BOOTP Database 9.5.3 Creating Individual Entries To add individual entries to the BOOTP database, enter: TCPIP> SET BOOTP host /FILE=download_file/HARDWARE=ADDRESS=hex_address In the following example, the SET BOOTP command adds host PLOVER, with hardware address 08-00-2D-20-23-21, to the BOOTP database. Note that the SET BOOTP command accepts as a parameter either the host name or the host’s IP address.
Configuring BOOTP 9.6 Solving BOOTP Problems request. To turn on logging, define the following logical name. To activate the logical, shut down and restart the BOOTP service. For example: $ DEFINE /SYSTEM TCPIP$BOOTP_TRACE 1 $ @SYS$STARTUP:TCPIP$BOOTP_SHUTDOWN.COM $ @SYS$STARTUP:TCPIP$BOOTP_STARTUP.COM Remove the logical names and restart BOOTP as soon as the problem is fixed. On a busy network with frequent BOOTP requests, the log file can rapidly consume large amounts of space on your system disk.
10 Configuring TFTP The Trivial File Transfer Protocol (TFTP) handles the file transfer from a TFTP server to a diskless client or other remote system. The client initiates the file transfer. The Bootstrap Protocol (BOOTP) server answers network bootstrap requests from diskless workstations and other network devices such as routers, terminal servers, and network switching equipment. For more information about setting up the BOOTP service, see Chapter 9.
Configuring TFTP 10.2 Setting up the TFTP Service 10.2.1 Transferring Data to the TFTP Host The TFTP server allows clients to transfer data and program images to the TFTP server host. However, before the data transfer, a file must be created on the TFTP server host to which the data is transferred. This process controls the creation of files on the host, preventing unwanted files from being created on the TFTP host. Each incoming transfer of data to a file creates a new version of the target file.
Configuring TFTP 10.2 Setting up the TFTP Service • SYS$STARTUP:TCPIP$TFTP_SHUTDOWN.COM allows you to shut down TFTP separately. To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services: • SYS$STARTUP:TCPIP$TFTP_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when TFPT is started. • SYS$STARTUP:TCPIP$TFTP_SYSHUTDOWN.
Configuring TFTP 10.3 TFTP Security 10.3 TFTP Security For security purposes, the server runs as an unprivileged image that can access only the directories and files for which it has read access. Compaq recommends that you safeguard your system’s normal file protection mechanisms from unauthorized TFTP access. In particular, ensure the security of system files.
Configuring TFTP 10.4 Solving TFTP Problems The log file, SYS$SYSDEVICE:[TCPIP$TFTP]TCPIP$TFTP_RUN.LOG, can be useful for troubleshooting TFTP transfer failures.
11 Configuring the Portmapper The Portmapper service eliminates the need to preconfigure all client and server remote procedure call (RPC) applications with the port numbers they use. The Portmapper ‘‘listens’’ at port 111 and maintains a database of registered server programs, their unique program numbers, and assigned port numbers. This chapter describes: • How to configure the services that use RPC with information that the Portmapper needs (Section 11.
Configuring the Portmapper 11.1 Configuring Services to Use the Portmapper Service Default Program Number Default Lowest Version Default Highest Version PC-NFS 150001 1 2 PORTMAPPER 100000 1 1 11.2 Portmapper Startup and Shutdown The Portmapper service can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted. The following files are provided: • SYS$STARTUP:TCPIP$PORTMAPPER_STARTUP.
Configuring the Portmapper 11.3 Displaying Portmapper Information File: Flags: TCPIP$SYSTEM:TCPIP$NFS_RUN.COM TCPIP Socket Opts: Rcheck Scheck Receive: 64000 Send: Log Opts: File: 64000 Acpt Actv Dactv Conn Error Exit Logi Logo Mdfy Rjct TimO Addr SYS$SYSDEVICE:[TCPIP$NFS]TCPIP$NFS_RUN.LOG RPC Opts Program number: 100003 Low version: 2 High version: 3 Security Reject msg: not defined Accept host: 0.0.0.0 Accept netw: 0.0.0.0 TCPIP> 3.
12 Configuring and Managing NTP The Network Time Protocol (NTP) synchronizes time and coordinates time distribution throughout a TCP/IP network. NTP provides accurate and dependable timekeeping for hosts on TCP/IP networks. TCP/IP Services NTP software is an implementation of the NTP Version 3 specification and maintains compatibility with NTP versions 1 and 2. NTP provides synchronization traceable to clocks of high absolute accuracy and avoids synchronization to clocks keeping incorrect time.
Configuring and Managing NTP 12.1 Key Concepts 12.1.1 Time Distributed Through a Hierarchy of Servers In the NTP environment, time is distributed through a hierarchy of NTP time servers. Each server adopts a stratum that indicates how far away it is operating from an external source of UTC. NTP times are an offset of UTC. Stratum 1 servers have access to an external time source, usually a radio clock.
Configuring and Managing NTP 12.1 Key Concepts 12.1.3 How the OpenVMS System Maintains the System Clock The OpenVMS system clock is maintained as a software timer with a resolution of 100 nanoseconds, updated at 10-millisecond intervals. A clock update is triggered when a register, loaded with a predefined value, has decremented to zero. Upon reaching zero, an interrupt is triggered that reloads the register, thus repeating the process.
Configuring and Managing NTP 12.1 Key Concepts Indicate client mode with the server declaration in the configuration file. For example: server 18.72.0.3 • Broadcast mode This mode indicates that the local server will send periodic broadcast messages to a client population at the broadcast/multicast address specified. This specification normally applies to the local server operating as a sender. Indicate this mode with a broadcast declaration in the configuration file. For example: broadcast 18.72.0.
Configuring and Managing NTP 12.3 Configuring Your NTP Host 12.3.1 Creating the Configuration File To create a configuration file for your local host, edit a copy of the file TCPIP$NTP.TEMPLATE (located in SYS$SPECIFIC:[TCPIP$NTP]) to add the names of participating hosts, then save the file as SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.CONF. This file is not overwritten when you install subsequent versions of TCP/IP Services. Note If you had a previous version of NTP configured on your system, your TCPIP$NTP.
Configuring and Managing NTP 12.3 Configuring Your NTP Host this mode, both the local and remote servers should use authentication and the same trusted key and key identifier. • multicastclient address This statement directs the local server to listen for multicast messages at the group address of the global network. This command operates like the broadcastclient command but uses IP multicasting.
Configuring and Managing NTP 12.3 Configuring Your NTP Host Enables recording of loop filter statistics information. Each update of the local clock outputs a line of the following form to the file generation set named loopstats: 48773 10847.650 0.0001307 17.3478 2 The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). (A Julian Day [JD] begins at noon and runs until the next noon.
Configuring and Managing NTP 12.3 Configuring Your NTP Host * The transmitted timestamp (the last one sent to the same peer) * The timestamp of the packet’s arrival on the server statsdir directory-path Indicates the full path of a directory where statistics files should be created. 12.3.2.
Configuring and Managing NTP 12.3 Configuring Your NTP Host # # # # # The following commands allow this node to act as a backup NTP server (or as the sole NTP server on an isolated network), using its own system clock as the reference source. If enabled (by removing #), this NTP server will become active only when all other normal synchronization sources are unavailable. # server 127.127.1.0 # fudge 127.127.1.0 stratum 8 12.3.
Configuring and Managing NTP 12.5 Operating with Time Zone Offsets 2. Run the command procedure SYS$COMMON:[SYSMGR]UTC$CONFIGURE_TDF. 3. Select an option to set the time differential factor. The procedure prompts you for the time differential factor (TDF) (the difference between your system time and Universal Coordinated Time (UTC)). Specify the difference in hh:mm format. North and South America have negative offsets from UTC. Europe, Africa, Asia, and Australia all have positive offsets.
Configuring and Managing NTP 12.6 NTP Event Logging Table 12–1 describes the messages most frequently included in the NTP log file. Table 12–1 NTP Log File Messages Message Description Synchronized to IP-address Announces that a peer candidate has passed validity and accuracy tests (as performed by the clock selection algorithms) and has been selected as the new synchronization source. For example: synchronized to 16.20.208.
Configuring and Managing NTP 12.6 NTP Event Logging Table 12–1 (Cont.) NTP Log File Messages Message No clock adjustments will be made, DTSS is active Description • freq is the computed error in the intrinsic frequency of the local clock (also known as ‘‘drift’’) (in parts per million). • poll indicates the minimum interval (in seconds) between transmitted messages (that is, messages sent between NTP peers, as in a client to a server). Indicates that the DTSS time service is running on the system.
Configuring and Managing NTP 12.6 NTP Event Logging 12.6.
Configuring and Managing NTP 12.7 NTP Authentication Support 12.7.1 NTP Authentication Commands Table 12–2 describes additional configuration statements and options used to support authentication. Table 12–2 Authentication Commands Command Description keys keys-file Specifies the file name for the keys file, which contains the encryption keys and key identifiers used by NTP, NTPQ, and NTPDC when operating in authenticated mode. trustedkey key-ID [...
Configuring and Managing NTP 12.7 NTP Authentication Support The fields are: • key-ID, which is an arbitrary, unsigned 32-bit number (in decimal). The range of possible values is 1 to 15. Key IDs are specified by the requestkey and controlkey statements in the configuration file. The key ID number 0 (56 zero bits) is reserved; it is used to indicate an invalid key ID or key value. • key-type, which identifies the type of key value. Only one key format, ‘‘M,’’ is currently supported.
Configuring and Managing NTP 12.8 NTP Utilities 12.8.1 Setting the Date and Time with NTPDATE The NTPDATE program sets the local date and time by polling a specified server or servers to determine the correct time. A number of samples are obtained from each of the servers specified, and a subset of the NTP clock filter and selection algorithms are applied to select the best samples.
Configuring and Managing NTP 12.8 NTP Utilities Use the following syntax when entering commands: NTPTRACE [option...] The following example shows output from an NTPTRACE. In this example, the chain of servers from the local host to the stratum 1 server FRED, which is synchronizing to a GPS reference clock. $ NTPTRACE LOCALHOST: stratum 3, offset -0.000000, synch distance1.50948 parrot.birds.com: stratum 2, offset -0.126774, synch distance 0.00909 fred.birds.com: stratum 1, offset -0.
Configuring and Managing NTP 12.8 NTP Utilities • It makes it more difficult for topologically remote hosts to request configuration changes to your server. To run NTPDC, enter the following command: $ RUN SYS$SYSTEM:TCPIP$NTPDC.EXE At the NTPDC> prompt, enter the appropriate type of command from the following list: • Interactive commands • Control commands • Run-time configuration request commands 12.8.3.
Configuring and Managing NTP 12.8 NTP Utilities 12.8.3.2 NTPDC Control Message Commands Control message commands request information about the server. These are read-only commands in that they make no modification of the server configuration state. The NTPDC control message commands are: • listpeers Displays a brief list of the peers for which the server is maintaining state.
Configuring and Managing NTP 12.8 NTP Utilities Asterisk (*) denotes the peer to which the server is currently synchronizing. • showpeer peer_address [...] Shows a detailed display of the current peer variables for one or more peers. • pstats peer_address [...] Shows per-peer statistics counters associated with the specified peers. • loopinfo [ oneline multiline ] Displays the values of selected loop-filter variables. The loop filter is the part of NTP that adjusts the local system clock.
Configuring and Managing NTP 12.8 NTP Utilities • monlist [ version ] Displays traffic counts collected. This is maintained by the monitor facility. Normally, you should not need to specify the version number. 12.8.3.3 NTPDC Request Commands The following commands make authenticated requests: • addpeer peer-address key-ID [version] [prefer] Adds a configured peer association at the given address and operates in symmetric active mode.
Configuring and Managing NTP 12.8 NTP Utilities Table 12–5 describes the NTPDC options. Table 12–5 NTPDC Options Option Description -c command The command argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified hosts. Multiple -c options may be given. -i -l -n Forces NTPDC to operate in interactive mode. -p Displays a list of the peers known to the server as well as a summary of their state.
Configuring and Managing NTP 12.8 NTP Utilities In requests to the server to read variables, the =value portion is ignored and can be omitted. The NTPQ program maintains an internal list in which data to be included in control messages can be assembled and sent using the readlist and writelist commands. The addvars command allows variables and their optional values to be added to the list. If more than one variable is to be added, the list should be separated by commas and should not contain blank spaces.
Configuring and Managing NTP 12.8 NTP Utilities • passwd Prompts you to enter a password (not echoed) that is used to authenticate configuration requests. The password must correspond to the key value configured for use by the NTP server for this purpose if such requests are to be successful (see Section 12.7.2). • quit Exits NTPQ. • raw Displays all output from query commands as received from the remote server. The only data formatting performed is to translate non-ASCII data into a printable form.
Configuring and Managing NTP 12.8 NTP Utilities • lopeers Obtains and displays a list of all peers and clients having the destination address. • lpassociations Displays data for all associations, including unrecognized client associations, from the internally cached list of associations. • lpeers Similar to peers except that a summary of all associations for which the server is maintaining state is displayed. This command can produce a much longer list of peers.
Configuring and Managing NTP 12.8 NTP Utilities Since the peers command depends on the ability to parse the values in the responses it gets, it might fail to work with servers that poorly control the data formats. The contents of the host field may in be one of four forms: a host name, an IP address, a reference clock implementation name with its parameter, or REFCLK (implementation number parameter). If you specified hostnames no, the IP addresses will be displayed.
Configuring and Managing NTP 12.8 NTP Utilities Table 12–6 NTPQ Options Option Description -c command Adds the specified interactive command to the list of commands to be executed on the specified host. You can enter multiple -c options on the command line. -i Forces NTPQ to operate in interactive mode. This is the default mode of operation. -n Displays host addresses numeric format rather than converting them to host names.
13 Configuring SNMP The Simple Network Management Protocol (SNMP) is network management technology that facilitates the management of a TCP/IP network or internet in a vendor-independent manner. SNMP enables a network administrator to manage the various network components using a set of well-known procedures understood by all components, regardless of the vendor that manufactured them.
Configuring SNMP 13.1 Key Concepts TCP/IP Services provides an SNMP master agent, two subagents (MIB II and Host Resources MIB), a MIB converter and compiler, a simple MIB browser, and MIB utility programs. Each subagent contains routines that perform read and write operations on its MIB data items. Table 13–1 describes the SNMP components and the sample code supplied for custom subagent development.
Configuring SNMP 13.1 Key Concepts To ensure compatibility with previous versions of TCP/IP Services, TCPIP$SNMP_SYSTARTUP.COM in turn runs SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$EXTENSION_MIB_STARTUP.COM, which installs and adjusts privileges for any additional, user-written subagents. On startup, the TCP/IP Services kernel runs the TCPIP$SYSTEM:TCPIP$SNMP_ RUN.COM procedure, which does the following: • Purges log files in the SYS$SYSDEVICE:[TCPIP$SNMP] directory.
Configuring SNMP 13.2 Managing the SNMP Service 13.2 Managing the SNMP Service The following command procedures are supplied to allow you to start up and shut down the SNMP service independently of TCP/IP Services: • SYS$STARTUP:TCPIP$SNMP_STARTUP.COM allows you to start up the SNMP service. • SYS$STARTUP:TCPIP$SNMP_SHUTDOWN.COM allows you to shut down the SNMP service. Both the startup and shutdown procedures invoke the appropriate TCPIP$EXTENSION_MIB_*.
Configuring SNMP 13.3 Verifying the SNMP Installation Note that, like the Internet IVP, the SNMP IVP requires that TCP/IP Services be running. (It does not require that SNMP be running.) 4. To run the SNMP IVP any time after exiting the configuration procedure, enter the following command: $ RUN SYS$COMMON:[SYSTEST.TCPIP]TCPIP$SNMPIVP.EXE 13.3.1 SNMP Executable and Command Files Table 13–2 lists the names of the primary SNMP executable and command files and their locations.
Configuring SNMP 13.3 Verifying the SNMP Installation Table 13–2 (Cont.) SNMP Executable, Command, and Data Files File Location Function TCPIP$SNMP_CONF.DAT SYS$SYSDEVICE:[TCPIP$SNMP] Configuration data file used in the startup of the master agent and standard subagents. 13.4 Configuring SNMP You can configure SNMP in three ways, which may be used in combination: • Using the standard TCPIP$CONFIG.COM procedure and the SET CONFIGURATION SNMP command.
Configuring SNMP 13.4 Configuring SNMP Note You cannot use TCPIP$CONFIG to modify your existing SNMP configuration; TCPIP$CONFIG is intended only to set up a new SNMP configuration. To modify the current SNMP configuration (for example, to specify an additional community name and address), you must enter the SET CONFIGURATION SNMP command with applicable qualifiers. When you run TCPIP$CONFIG after a TCP/IP Services upgrade, be sure to disable and then reenable the SNMP service.
Configuring SNMP 13.4 Configuring SNMP – Community address The address associated with the community. One community name can have multiple addresses in its entry. For example: TCPIP> SET CONFIGURATION SNMP /ADDRESS=(6.10.1.2,100.2.2.1) Specifying address 0.0.0.0 for READ and WRITE allows any host the type of access specified. To allow any network manager to monitor your system remotely, specify the standard community name (public, in lowercase letters) with address 0.0.0.0.
Configuring SNMP 13.4 Configuring SNMP writeit Read Write 9.20.208.53 trapit Read Trap 9.20.208.53, 9.20.208.100 In this example, the configuration allows read access to any client on any host through the "public" community and read/write access to the client on host 9.20.208.53 through the "writeit" community. In addition, trap messages are sent to UDP port 162 on hosts 9.20.208.53 and 9.20.208.100.
Configuring SNMP 13.4 Configuring SNMP 13.4.3.3 Modifying the Configuration File The master agent and the subagents convert lines in the configuration file that begin with the OpenVMS-specific config command to user-mode process logicals by adding the prefix TCPIP$. For example, SNMP_GEN_LOGFILE becomes TCPIP$SNMP_GEN_LOGFILE. (This mechanism does not apply to options with other keywords, such as trap.
Configuring SNMP 13.4 Configuring SNMP Table 13–3 SNMP Logging Options SNMP_GEN_LOGFILE Logical name: TCPIP$SNMP_GEN_LOGFILE Format: config SNMP_GEN_LOGFILE 1 Description: Redirects messages to SYS$OUTPUT and records them in the following files: Type: • TCPIP$ESNMP_SERVERprocess-id.LOG, where process-id is the eight-digit hexadecimal process identifier of the master agent. • TCPIP$ESNMP_RESIDENT_SUBAGENTprocess-id.
Configuring SNMP 13.4 Configuring SNMP Table 13–4 SNMP Operation Options COMMUNITY Logical name: Not available Format: COMMUNITY name address type Description: Specifies the community name. See Section 13.4 for more information about specifying a community name.
Configuring SNMP 13.4 Configuring SNMP Table 13–4 (Cont.) SNMP Operation Options SNMP_SIGNAL Logical name: TCPIP$SNMP_SIGNAL Format: DEFINE TCPIP$SNMP_SIGNAL value Description: Simulates a UNIX-style signal that affects the way agents operate. Following is a list of values: SIGUSR1—causes a dump of MIB registration area with contexts to the following log file: SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$SNMP_DUMP.LOG SIGHUP—rereads the configuration file. SIGINT—causes the process to exit. SIGTERM—same as SIGINT.
Configuring SNMP 13.4 Configuring SNMP Table 13–4 (Cont.) SNMP Operation Options SYSLOCATION Logical name: Not available Format: SYSLOCATION host-location Description: Specifies the host or contact location information. Do not modify this option. Use TCPIP$CONFIG or the SET CONFIGURATION SNMP command to change the information associated with this option.
Configuring SNMP 13.4 Configuring SNMP Table 13–5 (Cont.) Timing and Timeout Handling Options AGENTX_SESSION_TIMEOUT Description: Specifies the default timeout for a session between a subagent and the master agent. Subagents can supersede this value when they register their MIBs. The value of this option is used by both the master agent and the subagent. Normally, all subagents running on the same host have the same timeout value, which is specified by this option.
Configuring SNMP 13.4 Configuring SNMP Table 13–5 (Cont.) Timing and Timeout Handling Options SNMP_ARE_YOU_THERE_TIME Logical name: TCPIP$SNMP_ARE_YOU_THERE_TIME Format: config SNMP_ARE_YOU_THERE_TIME seconds Description: Specifies the time subagents wait between sending the esnmp_are_you_there( ) message to the master agent. For the OS_MIBS and the HR_MIB, the default is 5400 seconds (90 minutes).
Configuring SNMP 13.4 Configuring SNMP On startup, each subagent first sets up a default session timeout (see the AGENTX_SESSION_TIMEOUT option). It then registers its MIB regions. The subagent can register each of its MIB regions with a different timeout. A value of 0 causes the session timeout for the entire subagent to be used. The master agent listens for SNMP requests. The timeout value is 10 seconds, unless the SNMP_MASTER_TIMEOUT option has been defined.
Configuring SNMP 13.4 Configuring SNMP Table 13–6 Testing and Troubleshooting Options ACCEPT Logical name: Not available Format: accept IP-address Description: If nonlocal subagents are allowed (using the SNMP_ALLOW_INET_ TRANSPORT, AGENT_INET_ADDR, or AGENTX_INET_PORT option), the ACCEPT option specifies the IP address of the host from which a connection will be accepted. If these options are not set, connections from nonlocal subagents are rejected.
Configuring SNMP 13.4 Configuring SNMP Table 13–6 (Cont.) Testing and Troubleshooting Options SNMP_TRACE Logical name: TCPIP$SNMP_TRACE Format: config TCPIP$SNMP_TRACE n Description: Allows you to direct trace log messages to standard log files when agents are running in normal production mode. (Alternatively, you can get trace logs while running the subagent in interactive mode, as described in Section 13.6.4.) Running with tracing produces a great deal of output and may slow down the system.
Configuring SNMP 13.5 SNMP Log Files 13.5 SNMP Log Files Unless the SNMP_TRACE option is set, output from the SNMP master agent and subagent processes to SYS$OUTPUT is redirected to the following files: • TCPIP$SNMP_RUN.LOG • TCPIP$OS_MIBS.LOG • TCPIP$HR_MIB.LOG The output is written to these files continuously while SNMP processes are running. Buffering may cause a delay in writing to disk; therefore, if a process is terminated abnormally, some data may be lost.
Configuring SNMP 13.5 SNMP Log Files Agent Process SYS$OUTPUT SYS$ERROR Master agent TCPIP$SNMP TCPIP$SNMP_ RUN.LOG TCPIP$SNMP_RUN.LOG Resident subagent TCPIP$SNMP TCPIP$SNMP_ RUN.LOG TCPIP$SNMP_RUN.LOG OS_MIBS1 TCPIP$OS_MIBS TCPIP$OS_MIBS.LOG TCPIP$OS_MIBS.ERR TCPIP$HR_MIB.LOG TCPIP$HR_MIB.ERR HR_MIB 1 If TCPIP$HR_MIB 1 no output has been generated, a .LOG or .ERR file might not exist.
Configuring SNMP 13.6 Solving SNMP Problems 13.6.2 Problems Starting and Stopping SNMP Processes If there are startup errors noted in the SNMP log files, or if SNMP startup seems normal but one or more of the SNMP processes disappears, follow these steps: 1. Check the log files for any errors indicating timeouts, protection problems, or configuration errors. 2. Start up the master agent and subagents by running the images interactively and enabling tracing (see Section 13.6.4).
Configuring SNMP 13.6 Solving SNMP Problems To obtain trace log messages interactively, follow these steps: 1. Shut down SNMP. Enter: $ @SYS$STARTUP:TCPIP$SNMP_SHUTDOWN 2. From separate windows, run the master agent and subagents interactively.
Configuring SNMP 13.6 Solving SNMP Problems 13.6.5.
Configuring SNMP 13.6 Solving SNMP Problems Alternatively, you can display configuration information in the SNMP configuration file (SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$VMS_SNMP_ CONF.DAT). The configuration file displays more information than the SHOW CONFIGURATION SNMP command when multiple types of traps or addresses for them have been defined. For example: $ TYPE SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$VMS_SNMP_CONF.DAT trap V1 elmginkgo 15.9.0.200 community alternate 15.4.3.2 read community public 0.0.0.
Configuring SNMP 13.6 Solving SNMP Problems 13.6.5.2.2 Verifying Community Information To display the community strings for the OpenVMS host, enter the following command: TCPIP> SHOW CONFIGURATION SNMP /FULL Also, check the community configuration in the TCPIP$VMS_SNMP_CONF.DAT file, as described in Table 13–4. Make sure that the community string used in the messages matches a valid community of the appropriate type on the server.
Configuring SNMP 13.6 Solving SNMP Problems Regardless of the default trap type, you can control the trap type for each trap destination using the appropriate tag (v1 or v2c). For example, the following entries in the TCPIP$VMS_SNMP_CONF.DAT file will cause a Version 1 trap to go to the host with the IP address 120.2.1.2 (community name v1type), and a Version 2 trap to go to the host with the IP address 120.2.2.2 (community name v2type). Both traps will go to the well-known port 162: trap v1 v1type 120.1.2.
Configuring SNMP 13.6 Solving SNMP Problems 6. Check the log files for any problems associated with SNMP startup. For detailed information, start the SNMP components separately with tracing enabled, as described in Section 13.6.4. 7. Use a protocol analyzer to intercept messages going to the target. The TCPTRACE utility is available on OpenVMS hosts. Enter the DCL command HELP TCPTRACE for information about how to use this utility.
Configuring SNMP 13.6 Solving SNMP Problems Additional problems occur if file protections or installation privileges were changed on SYS$SYSTEM:TCPIP$HR_MIB.EXE. 13.6.6.1 Solving Timeout Problems with SNMP Subagents If queries from a client to an OpenVMS SNMP server are consistently timing out, consider solutions on either the client or server side. For information about checking the client side, refer to the Compaq TCP/IP Services for OpenVMS SNMP Programming and Reference guide.
Part 4 Configuring Network Applications Part 4 describes how to set up popular networking end-user applications and includes the following chapters: • Chapter 14, Configuring and Managing TELNET, describes how to set your host as a TELNET server, allowing users on remote hosts to establish login sessions. • Chapter 15, Configuring and Managing FTP, describes how to set up your host as a FTP server, allowing users on remote hosts to transfer files.
14 Configuring and Managing TELNET The TCP/IP Services product includes and implementation of the TELNET end-user application. This chapter describes how to set up your host as a TELNET server. For information about using TELNET, see the DIGITAL TCP/IP Services for OpenVMS User’s Guide guide. For information about using the TELNET print symbiont, see Chapter 23. This chapter describes: • How to manage the TELNET service (Section 14.1) • How to solve TELNET problems (Section 14.2) 14.
Configuring and Managing TELNET 14.1 Managing TELNET 14.1.2 Managing TELNET with Logical Names Table 14–1 lists the logical names you can use in managing the TELNET service. Table 14–1 TELNET Logical Names Logical Name Description TCPIP$TELNET_VTA Enables TELNET virtual terminals. 14.1.3 Setting Up User Accounts Hosts typically run a TELNET server with TELNET client software. Users on client hosts need valid accounts on server hosts before using TELNET to establish a remote session.
Configuring and Managing TELNET 14.1 Managing TELNET Qualifier Description /TIMEOUT Creates a TELNET device that has the following connection attributes: /NOTIMEOUT • NOIDLE—The connection is broken when the device is finally deassigned. The device will automatically reconnect when data is written to it. • IDLE—Specifies the idle time for the device (in the format hh:mm:ss). Note that the time has a granularity of 1 second.
Configuring and Managing TELNET 14.2 Solving TELNET Problems 14.2.1 TELNET Characteristics That Affect Performance The settings for the TELNET systemwide characteristics might affect TCP/IP Services and TELNET performance. To display the TELNET systemwide characteristics, enter: TCPIP> SHOW SERVICE TELNET /FULL The command generates a display similar to the following: Service: TELNET State: Enabled Port: 23 Protocol: TCP Address: 0.0.0.
Configuring and Managing TELNET 14.2 Solving TELNET Problems Verify that the CHANNELCNT parameter (in SYSGEN) is larger than the number of simultaneous TELNET and RLOGIN sessions that you plan to support.
15 Configuring and Managing FTP The File Transfer Protocol (FTP) software transfers files between ‘‘nontrusted’’ hosts. Nontrusted hosts require user name and password information for remote logins. The TCP/IP Services product includes an implementation of the FTP end-user applications. This chapter describes: • How to manage the FTP service (Section 15.1) • How to solve FTP problems (Section 15.2) For information on using FTP, see the DIGITAL TCP/IP Services for OpenVMS User’s Guide. 15.
Configuring and Managing FTP 15.
Configuring and Managing FTP 15.1 Managing FTP 220 opening data connection for USER8$:[HIDEME.PROJECT.TASK]PLAN.PS 220 opening data connection for SYS$LOGIN:[PROJECT.TASK]PLAN.PS 15.1.2.2 Setting Up Anonymous FTP Complete the following steps to set up anonymous FTP access on your system: 1. Use the TCPIP$CONFIG procedure to create an account named ANONYMOUS with the password GUEST.
Configuring and Managing FTP 15.1 Managing FTP Table 15–1 FTP Logical Names Logical Name Description TCPIP$FTP_ANONYMOUS_ALIAS Defines an equivalence list (up to 10 entries) of the login names of users with access to the ANONYMOUS account. These users share the same access rights and restrictions. If you do not define this logical name, the default is ANONYMOUS as the only login name. The following command shows how to create an equivalence list with the names THOMAS, JONES, and SMITH.
Configuring and Managing FTP 15.1 Managing FTP Table 15–1 (Cont.) FTP Logical Names Logical Name Description TCPIP$FTP_NO_VERSION If defined, FTP does not send file version numbers when you enter the mget and the ls commands to a host that is not an OpenVMS host.
Configuring and Managing FTP 15.1 Managing FTP • SYS$LOGIN:FTP_SERVER_RUN.LOG This log is created in the user’s default login directory. The number of log files (one per FTP session) might become large. To limit the number of versions, enter: $ SET FILE file /VERSION=n 15.1.3.2 FTP Startup and Shutdown The FTP service can be shut down and started independently from TCP/IP Services. This is useful when you change parameters or logical names that require the service to be restarted.
Configuring and Managing FTP 15.2 Solving FTP Problems • Increase the inactivity timer These logical names are described in the following sections. 15.2.1.1 Buffer Sizes Changing the window size of the send and receive buffers can improve network performance. To set or modify the window size, define or redefine the logical name TCPIP$FTP_WNDSIZ. • For a systemwide change, redefine this logical name in the system table.
16 Remote (R) Commands The TCP/IP Services software includes client and server implementations of the Berkeley Remote (R) command applications: RCP, RLOGIN, RSH, REXEC, and RMT/RCD. These applications provide end users with the following capabilities: RCP Allows files to be copied between remote hosts. RLOGIN Provides interactive access to remote hosts. RSH Passes a command to a remote host for execution. REXEC Authenticates and executes RCP and other commands.
Remote (R) Commands 16.2 Managing the R Command Servers 16.2 Managing the R Command Servers The following sections describe the command procedures and logical names used in managing the R command servers. 16.2.1 R Command Server Startup and Shutdown Each R command server can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted.
Remote (R) Commands 16.2 Managing the R Command Servers Table 16–1 RLOGIN Logical Names Logical Name Description TCPIP$RLOGIN_VTA Enables RLOGIN virtual terminals. For more information, see Section 16.3. TCPIP$RLOGIN_MESSAGE Specifies the welcome message displayed by the RLOGIN server. For more information, see Section 16.4. 16.
Remote (R) Commands 16.3 Security Considerations 16.3.2 Case-Sensitivity Flag The proxy database is case sensitive for remote user names. The case you use for communications entries affects the way users access your host, so use case in a consistent fashion. In the proxy database, if the user name is in: • Uppercase, the user must use the /NOLOWERCASE qualifier. • Lowercase, RSH and RLOGIN default to /LOWERCASE.
Remote (R) Commands 16.5 Remote Magnetic Tape and Remote CD-ROM (RMT/RCD) • Create a communication proxy that associates the remote RMT client user with the OpenVMS account ROOT on the RMT server host. For example: TCPIP> add proxy root /HOST=host /REMOTE=user See Section 16.3 for more information about communication proxies. 4. Make sure the rsh command works from the user’s account on the remote UNIX host. 5. For the OpenVMS account ROOT, suppress SYS$LOGIN and LOGIN.
Remote (R) Commands 16.5 Remote Magnetic Tape and Remote CD-ROM (RMT/RCD) Table 16–2 (Cont.) RMT Magtape Qualifiers Qualifier Description /DENSITY=n Specifies the density (in bits per inch) at which to write a foreign or unlabeled magnetic tape. The default is the current density. /[NO]MOUNT Specifis whether to use the OpenVMS MOUNT service to mount the tape. /NOMOUNT gains access to the tape directly without mounting it.
17 Configuring and Managing SMTP The Simple Mail Transfer Protocol (SMTP) is a standard protocol that provides a reliable and efficient mail delivery system between systems communicating in a TCP/IP network. SMTP specifies the format of control messages sent between two machines to exchange electronic mail, but it does not specify the mail interface. The TCP/IP Services product implements SMTP as an OpenVMS symbiont that works with the OpenVMS Mail utility.
Configuring and Managing SMTP 17.1 Key Concepts The SMTP symbiont processes all mail on the host. It receives jobs one at a time from the generic SMTP queue and delivers them either locally by means of OpenVMS Mail, or remotely by means of SMTP. The configuration procedure TCPIP$CONFIG sets up the SMTP queues for you. See Section 17.2 for more information on configuring SMTP. After receiving a client request, the SMTP server responds, indicating its status (available or not available).
Configuring and Managing SMTP 17.1 Key Concepts yymmddmmshh_user-name.TCPIP_scnode where: yymmddmmshh is the timestamp taken when the file is created. user-name is the user name of the process in which the control file was created. Values for this name include: scnode • TCPIP$SMTP — The mail arrived through SMTP. The file was created by the SMTP receiver process running in the TCPIP$SMTP account. • MAIL$SERVER — The mail arrived over DECnet and was destined for an SMTP address.
Configuring and Managing SMTP 17.1 Key Concepts 17.1.5 How SMTP Routes Mail To find a destination address, SMTP routing looks up addresses in this order: 1. Local MX database 2. BIND MX records 3. BIND A records 4. Local hosts database Most messages are routed using the BIND records. Local MX records are useful if you want to customize your system’s mail routing. DNS-based records are networkwide. If you have local MX records, remember that they are case sensitive and are available on the local node only.
Configuring and Managing SMTP 17.1 Key Concepts 17.1.5.2 Using SMTP Zones and Alternate Gateways When configuring SMTP, you supply the name of the domain for your environment with the /ZONE qualifier to the SET CONFIGURATION SMTP command. If you do not supply a domain name, the zone defaults to one level higher than your local domain. For example, if the fully qualified domain name is a.b.com, the default value of /ZONE is b.com (assuming that, because TCPIP has been started, the domain is known).
Configuring and Managing SMTP 17.1 Key Concepts In this example, when SMTP receives a mail message destined for a domain outside of the abc.com domain, it uses the list of MX records to send the mail to the entity called relay.abc.com. Even when mail is routed through the alternate gateway, the MX lookup list is used. This type of configuration provides redundancy. Even if one or more of the systems pointed to by the MX records is down, mail can be routed through one of the systems that is running.
Configuring and Managing SMTP 17.2 Configuring SMTP 17.2.2 Creating a Postmaster Account The postmaster account is a required account that receives all undeliverable mail. The SMTP process runs under user account TCPIP$SMTP. Compaq recommends that you do not change this account. SMTP requires that the system be able to receive mail addressed to the user name POSTMASTER. Set OpenVMS Mail to forward the mail addressed to POSTMASTER to the SYSTEM account.
Configuring and Managing SMTP 17.3 Creating a Local Alias File ! ! This is the local alias file. ! ourdomain.edu ourdomain1.edu ourdomain2.edu ourdomain3.edu 3. Copy the TCPIP$SMTP_LOCAL_ALIASES.TXT file to one of the following locations: • TCPIP$SMTP_COMMON, where each host listed in the TCPIP$SMTP_LOCAL_ALIASES.TXT file receives clusterwide messages • SYS$SPECIFIC:[TCPIP$SMTP] (local system use) 4. Stop and then restart SMTP for the change to take effect.
Configuring and Managing SMTP 17.4 Managing SMTP Table 17–3 (Cont.) SMTP Management Commands Command Function Required Privilege SHOW MAIL Displays information about mail for the specified user. SYSPRV or BYPASS. SHOW SERVICE SMTP Displays statistical information about the SMTP server. Follows OpenVMS file protection rules. START MAIL Starts the SMTP queuing mechanism. SYSPRV or BYPASS. STOP MAIL Stops the SMTP queuing mechanism. SYSPRV or BYPASS. 17.4.
Configuring and Managing SMTP 17.4 Managing SMTP to overwrite the old data already there. This functionality provides a snapshot of the last lines of diagnostic text. Logical names are available to modify the way SMTP logs information and the type of information it reports. These are described in Section 17.5. 17.4.5 Starting and Stopping SMTP SMTP consists of two components: the sender (the queuing mechanism) and the receiver. You must start the sender before enabling the receiver.
Configuring and Managing SMTP 17.5 Modifying the SMTP Configuration For example, to enable message logging for messages received from SMTP clients, define the TCPIP$SMTP_RECV_TRACE as follows: $ DEFINE/SYSTEM TCPIP$SMTP_RECV_TRACE 1 Other logical names require that you supply a value. For example, to enable logging that provides information about symbiont activity during control file processing, define the logical name TCPIP$SMTP_LOG_LEVEL with a value of 3.
Configuring and Managing SMTP 17.5 Modifying the SMTP Configuration In this message, \d\a is the . • TCPIP$SMTP_RECV_TRACE Logs all messages received from and transmitted to remote SMTP clients. Used to trace the SMTP application layer protocol. The same conventions for logging nonprinting characters or control characters are used. The logical name UCX$SMTP_PROTO_TRACE is obsolete. • TCPIP$SMTP_RECV_DEBUG Logs full diagnostics, similar to the TCPIP$SMTP_LOG_LEVEL 5 logical name.
Configuring and Managing SMTP 17.5 Modifying the SMTP Configuration 2. Stop and start the SMTP mail queue using the STOP MAIL and START MAIL commands. • TCPIP$SMTP_COMMON common-directory Specifies the default cluster common directory. By default, SMTP looks for distribution list (.DIS) and local alias (TCPIP$SMTP_LOCAL_ALIASES.TXT) files in the SYS$SPECIFIC:[TCPIP$SMTP]. You must: Define this logical name before SMTP startup. Create the directory with read (R) and write (W) access.
Configuring and Managing SMTP 17.5 Modifying the SMTP Configuration • TCPIP$SMTP_MTS_ALLIN1 Used in older versions of TCP/IP Services. When relaying mail from the SMTP environment to MTS (the message router), the symbiont puts TCPIP$SMTP into the From: field. Otherwise, older versions of MR/MRGATE send the mail back with a Return path too complicated error. No longer needed if you are running MR and MRGATE Versions 3.3A.
Configuring and Managing SMTP 17.5 Modifying the SMTP Configuration • TCPIP$SMTP_MIME_HACK When set, SMTP accepts 8BITMIME requests from SMTP clients, preventing the clients from converting the message into a 7-bit format. For more information, see Section 17.9.2. 17.6 Configuring SMTP AntiSPAM SPAM is the Internet equivalent of junk mail and is a growing source of annoyance to Internet users. TCP/IP Services SMTP contains antiSPAM, which is designed to inhibit the transmission of SPAM.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM The maximum number of characters in a value is 500 characters. Unless otherwise noted, a field’s value is not case sensitive. Fields described as Boolean have the following legal values: To turn the feature on: To turn the feature off: ON OFF TRUE FALSE 1 0 YES NO To comment out a line, enter an exclamation point (!) in column 1. The file SMTP_CONFIG.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM Table 17–4 (Cont.) AntiSPAM Configuration Options Field Name Value Default Reject-Unbacktranslatable-IP TRUE or FALSE. FALSE If TRUE, the SMTP server rejects any mail from an SMTP client whose IP address cannot be backtranslated to a hostname. Accept-Unqualified-Senders TRUE or FALSE. FALSE If TRUE, the SMTP server accepts mail for which the sender address (the address from the MAIL FROM command) has no domain or an unqualified domain.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM Table 17–4 (Cont.) AntiSPAM Configuration Options Field Name Value Default Security FRIENDLY or SECURE. SECURE This value specifies the type of error text sent to the SMTP client when disconnecting a link because of a SPAM event. A value of SECURE means to send purposely unhelpful error text. A value of FRIENDLY means to send helpful error text.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM against the Good-Clients list occurs, the client is considered ‘‘unknown’’ and the process goes to step 2. 2. When the client is unknown, the domain of the address in each RCPT TO command is checked against the Relay-Zones list. If a match occurs, the RCPT TO command is accepted, because it is a relay from the unknown world to the known world (for example, e-mail from the Internet).
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM 17.6.3.2 Processing DNS Entries in the Good-Clients List The SMTP server uses the Good-Clients list to match the IP addresses of SMTP clients. Therefore, entries are stored internally as IP addresses. DNS hostname and MX domain entries are stored as IP addresses, determined by the following process: 1. An entry that is not apparently an IP address or IP network is assumed to be a DNS host name, and the matching IP address is stored in the list. 2.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM This example specifies the relay of mail from unknown SMTP clients to any host within the def.com, abc.com, or company.com domain. Because of implied wildcarding, domains like VMShost.abc.com match against this list. 17.6.3.5 Rejecting Route-Through Attempts If the SMTP server does not resolve the a route-through attempt using the Good-Clients list and the Relay-Zones list, it rejects the RCPT TO command.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM 17.6.4 Blocking Mail from Specified Clients You can configure the SMTP server to automatically reject any mail transactions with specified SMTP clients. To enable this feature, configure the Bad-Clients list in SMTP.CONFIG. The syntax of the Bad-Clients list is the same as the Good-Clients list. For example: Bad-Clients: 1.2.3.5, 100.101.102.103 If Bad-Clients is configured, the SMTP server checks the IP address of the client against the list.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM If a client IP address matches one in the Good-Clients list, the message is accepted; the SMTP server does not check the RBLs. 17.6.5.1 Using Other RBL Lists Other lists serve similar functions to the RBL list. For example: • MAPS Dial-up User List — A list of IP addresses that participating ISPs have allocated to them. If you want to include a check against this list, add dul.maps.vix.com to the RBL list.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM 17.6.7 Blocking Mail from Specified Senders You configure SMTP to reject mail based on the address of the sender. The sender’s address is specified in the MAIL FROM command. (The terms ‘‘sender address’’ and ‘‘MAIL FROM address’’ are synonymous.) To specify sender addresses from whom mail will always be rejected, include the Reject-Mail-From list in the SMTP.CONFIG file.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM By default, if the SMTP server fails to find a MX record for the sender address, it rejects the MAIL FROM command and disconnects the link. You can specify that messages with unresolvable domains be accepted by setting the Accept-Unresolvable-Domains configuration option to TRUE in SMTP.CONFIG, as follows: Accept-Unresolvable-Domains: TRUE When Accept-Unresolvable-Domains is set, the SMTP server will not perform an MX lookup on the sender address.
Configuring and Managing SMTP 17.6 Configuring SMTP AntiSPAM 17.6.8.3 Specifying the SPAM Rejection Text You can specify the rejection text message to be sent to the client. The field names for these options end in ‘‘-Text’’, and the values for them must be a single line of text. These fields override the default text associated with the specific SPAM event. The following are the fields and default messages for the SECURE option: • Unbacktranslatable-IP-Text: Closing transmission channel.
Configuring and Managing SMTP 17.7 Managing SMTP Send-From-File (SFF) 17.7.1 SFF Security Measures The ability to create messages with arbitrary headers could be used to spoof message headers. To limit this, the SFF mechanism includes the following security measures: • Allows you to define the TCPIP$SMTP_SFF_REQUIRES_PRIV logical. If the logical is defined as 1, the process must have either BYPASS, SYSPRV, or OPER privilege set in order to use SFF.
Configuring and Managing SMTP 17.7 Managing SMTP Send-From-File (SFF) • log_level Specifies the debug log level: either 1 (on) or 0 (off). The default is 0 (no logging). This parameter is optional. 17.8 Disabling SMTP Outbound Alias Users can specify an outbound alias that is applied to mail as it is sent and specifies the network address to which a reply will be sent. The outbound alias is defined using the TCPIP$SMTP_FROM logical, as described in Section 17.5.
Configuring and Managing SMTP 17.9 Solving SMTP Problems • The /REPAIR qualifier fixes these errors: Resubmits for delivery each valid control file in the SMTP directory with no entry in an SMTP queue. Deletes each invalid control file (fails the internal consistency check) and the corresponding queue entry. Either requeues or deletes messages placed on hold. The following examples show how to use the ANALYZE MAIL command: 1.
18 Configuring and Managing the POP Server The Post Office Protocol (POP) server and the Simple Mail Transfer Protocol (SMTP) server software work together to provide reliable mail management in a client/server environment. The POP server acts as an interface to the mail repository. It accepts and stores mail messages for you, even when your client system is not connected, and forwards those messages to you at your request.
Configuring and Managing the POP Server 18.1 Key Concepts 18.1.1 POP Server Process The POP server is installed with SYSPRV and BYPASS privileges and runs in the TCPIP$POP account, which receives the correct quotas from the TCPIP$CONFIG procedure. The POP server is invoked by the auxiliary server. The POP server uses security features provided in the protocol and in the OpenVMS operating system, as well as additional security measures.
Configuring and Managing the POP Server 18.1 Key Concepts 18.1.4 How the POP Server Handles Foreign Message Formats POP contains minimal support for mail messages that contain foreign formats. Such messages are usually binary and therefore are not transferred to the POP client. Instead, the POP server transfers the message headers, along with a brief message instructing the user to log in and extract the foreign message into a file.
Configuring and Managing the POP Server 18.1 Key Concepts 18.1.6 Understanding POP Message Headers Mail message headers sent by the POP server must conform to the standard specified for SMTP in RFC 822. Because many of the messages received on an OpenVMS system are not in the SMTP format (for example, DECnet mail or mail from another message transport system), the POP server builds a new set of headers for each message based on the OpenVMS message headers.
Configuring and Managing the POP Server 18.
Configuring and Managing the POP Server 18.1 Key Concepts • TRANSFORM The POP server attempts to translate the DECnet node name to a TCP/IP host name. If the name can be translated, the POP server checks to see whether the translated host name is local. If so, the From: header becomes an address in the form user@substitute-domain. If not, the From: header becomes an address in the form user@hostname. Note that the POP and SMTP servers call the same routine to determine if a host name is local.
Configuring and Managing the POP Server 18.1 Key Concepts You cannot reply to this type of mail message because the SMTP server does not accept an address of this form. • TRANSFORM The POP server uses the text inside the quotation marks. For example, the message header From: ORDERS::"j.smith@acme.com" becomes: From: j.smith@acme.com 18.1.6.1.5 Cluster-Forwarding SMTP Address With a clusterforwarding SMTP address, the POP server uses the SMTP address within the quotation marks.
Configuring and Managing the POP Server 18.2 POP Server Startup and Shutdown • SYS$STARTUP:TCPIP$POP_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters to be invoked when the POP server is shut down. 18.3 Modifying POP Server Characteristics To modify the default POP server settings and configure additional characteristics, define TCPIP$POP logical names in the POP_SYSTARTUP.COM file.
Configuring and Managing the POP Server 18.3 Modifying POP Server Characteristics Table 18–2 POP Logical Names Logical Name Description TCPIP$POP_SECURITY value Defines a level of security for the POP server. Determines the timing and text of error messages sent from the POP server to the POP client when authorization errors occur (for example, when an invalid user name or password is sent): • FRIENDLY (default) The error messages provide information about a particular error.
Configuring and Managing the POP Server 18.3 Modifying POP Server Characteristics Table 18–2 (Cont.) POP Logical Names Logical Name Description TCPIP$POP_MESSAGE_MAXIMUM n Defines the maximum number of mail messages that a single client can download per connection, where n is a number from 0 to 65,535. If not defined, the POP server uses the default value of 0 (no maximum).
Configuring and Managing the POP Server 18.3 Modifying POP Server Characteristics Table 18–2 (Cont.) POP Logical Names Logical Name Description TCPIP$POP_DECNET_REWRITE value Determines how the POP server rebuilds a simple DECnet address (of the form node::user) in the OpenVMS message From: field when it sends the mail to the POP client; value is one of the following: • GENERIC Simple DECnet addresses are changed to the SMTP address format.
Configuring and Managing the POP Server 18.4 Enabling MIME Mail 18.4 Enabling MIME Mail The MIME (Multipurpose Internet Mail Extensions) specification provides a set of additional headers you can use so users can send mail messages composed of more than simple ASCII text. MIME is an enhancement to RFC 822.
Configuring and Managing the POP Server 18.5 Solving POP Problems 18.5.2 Using POP Extension Commands For troubleshooting purposes, you can simulate a POP client and enter the XTND commands listed in Table 18–3 to obtain information. Table 18–3 POP Extension (XTND) Commands Command Action XTND CLIENT Logs POP client information (if the client supplies it). Helpful for troubleshooting if you use POP with a variety of POP clients that identify themselves.
Configuring and Managing the POP Server 18.5 Solving POP Problems XTND LOGLEVEL DEBUG +OK logging level changed to debug QUIT +OK TCPIP POP server at ucxsys.acme.com signing off.
19 Configuring XDMCP-Compatible X Displays The X Window System, developed by the Massachusetts Institute of Technology, is a network-based graphics window system based on the client/server application model. The X protocol, through which the client and server communicate, runs on UNIX domain sockets, TCP/IP, or DECnet. This means that an X display on one system can display information output from an application running on another system in the network.
Configuring XDMCP-Compatible X Displays 19.1 Key Concepts To reinitialize the X terminal, the XDM process had to be restarted. This problem was solved through the development of the XDM Control Protocol. Now, because of XDMCP, XDM can listen for management requests from X terminals as well as use the XSERVERS file for the X terminals that were not XDMCP compatible. Most X terminals today are XDMCP compatible. The TCP/IP Services implementation of XDM is based on the X11R6.1 release from X Consortium. 19.
Configuring XDMCP-Compatible X Displays 19.3 XDM Configuration Files Example 19–1 XDM_CONFIG.TEMPLATE File ! ! Default SYS$SPECIFIC:[TCPIP$XDM]XDM_CONFIG.CONF file ! DisplayManager.keyFile: SYS$SPECIFIC:[TCPIP$XDM]XDM_KEYS.TXT DisplayManager.servers: SYS$SPECIFIC:[TCPIP$XDM]XSERVERS.TXT DisplayManager.accessFile: SYS$SPECIFIC:[TCPIP$XDM]XACCESS.TXT DisplayManager*RemoveDomainname: true Each noncomment line in the file must consist of a keyword and value pair.
Configuring XDMCP-Compatible X Displays 19.3 XDM Configuration Files Example 19–2 XACCESS.TXT File # # # # # # # # # # # # # # # # # # # # # # # # # $XConsortium: Xaccess,v 1.5 91/08/26 11:52:51 rws Exp $ Access control file for XDMCP connections To control Direct and Broadcast access: pattern To control Indirect queries: pattern list of hostnames and/or macros ... To define macros: %name list of hosts ... The first form tells xdm which displays to respond to itself.
Configuring XDMCP-Compatible X Displays 19.3 XDM Configuration Files 19.3.3 XSERVERS.TXT File The XSERVERS.TXT file was originally used to specify all X servers to be managed by XDM. However, since the introduction of XDMCP, there is no need to specify X servers that are XDMCP compatible in this file. This file now specifies the X servers that do not support XDMCP. Unlike other XDM implementations, this file is not used to specify XDM support for the local display server.
Configuring XDMCP-Compatible X Displays 19.3 XDM Configuration Files Example 19–4 shows a sample XDM_KEYS.TXT configuration file: Example 19–4 XDM_KEYS.TXT # # Security Key File # # Excursion Display ID # test123456 # # Exceed Display ID: # HCLpcXserver:629409365 # Excursion Cookie: 123457 Exceed Key: 1234568 19.3.5 XDM_XSESSION.COM File The XDM_XSESSION.COM file is an optional command procedure file that specifies the type of X window that XDM displays after a user has successfully logged in.
Configuring XDMCP-Compatible X Displays 19.4 XDM Log Files 19.4 XDM Log Files XDM maintains three log files to record XDM server and client activity: • XDM server log file • X terminal process log file • User process log file Table 19–1 lists the XDM log files and their OpenVMS directory locations. Table 19–1 XDM Log Files Process File Name Location XDM server TCPIP$XDM_RUN.LOG SYS$SPECIFIC:[TCPIP$XDM] X terminal xterm_name_domain.COM SYS$SPECIFIC:[TCPIP$XDM.WORK] xterm_name_domain.
Configuring XDMCP-Compatible X Displays 19.6 Configuring the XDM Server If the DECwindows components are not found, TCPIP$CONFIG notifies you and gives you the option of configuring XDM, with the assumption that before you attempt to activate XDM you will install the DECwindows components. TCPIP$CONFIG notifies you of this situation with the following prompt: XDM requires DECwindows components that are not installed. Attempts to activate XDM will fail.
Part 5 Network File Services Part 5 describes how to configure, use, and manage the components that enable transparent network file sharing: NFS server, PC-NFS, and NFS client. It includes the following chapters: • Chapter 20, NFS Server, describes how to set up the NFS server and make file systems available to users on NFS client hosts.
20 NFS Server The Network File System (NFS) server software lets you set up file systems on your OpenVMS host for export to users on remote NFS client hosts. These files and directories appear to the remote user to be on the remote host even though they physically reside on the local system. After the NFS server is installed on your computer, you must configure the server to allow network file access.
NFS Server 20.1 Key Concepts to select the correct file system for the application, and to ensure that your file systems are adequately protected while granting access to users on remote hosts. The following sections serve as a review only. If you are not familiar with NFS, see the DIGITAL TCP/IP Services for OpenVMS Concepts and Planning manual for more information. 20.1.
NFS Server 20.1 Key Concepts You might use a container file system if: • You do not require extensive file sharing between your OpenVMS system and a UNIX client. • Client applications require symbolic or hard links or special files. 20.1.2.2 Understanding the Container File System The NFS software lets you create a logical UNIX style file system on your OpenVMS host that conforms to UNIX file system rules.
NFS Server 20.1 Key Concepts Each entry specifies a directory on the local system and one or more remote hosts allowed to mount that directory. A user on a client host can mount any directory at or below the export point, as long as OpenVMS allows access to the directory. Exporting specific directories to specific hosts provides more control than exporting the root of a file system (or the MFD in an OpenVMS system) to all hosts. • The proxy database, TCPIP$PROXY.
NFS Server 20.1 Key Concepts 20.1.5 Mapping the Default User In a trusted environment, you may want the server to grant restricted access even if the incoming UID does not map to an OpenVMS account. This is accomplished by adding a proxy entry for the default user. The NFS server defines the default user at startup with the following attributes: • noproxy_uid • noproxy_gid You can initialize these attributes using the SYSCONFIG command, which is defined by the SYS$MANAGER:TCPIP$DEFINE_COMMANDS.
NFS Server 20.1 Key Concepts 20.1.7 How OpenVMS and the NFS Server Grant File Access To protect your exported file systems, you must take care when granting account and system privileges for remote users. You must also understand how OpenVMS grants access to files. The NFS server uses the proxy database to map the incoming user identity to an OpenVMS account. The server uses the account’s UIC to evaluate the protection code, along with other security components, before granting or denying access to files.
NFS Server 20.1 Key Concepts With this variable set, the TCP/IP Services startup procedure creates the TCPIP$NFS_REMOTE identifier. For example, you can use this identifier in the ACL to reject access to some (or all) files available through NFS. (See Section 20.12 for more information about logical names.) 20.1.9 Granting Access to PC-NFS Clients TCP/IP Services provides authentication services to PC-NFS clients by means of PC-NFS.
NFS Server 20.2 NFS Server Startup and Shutdown Because the NFS protocol is stateless, clients with file systems mounted on the server do not need to remount when the server is restarted. To ensure this uninterrupted service, you must be sure all file systems are mapped before restarting the NFS server. The simplest way to do this is to use the SET CONFIGURATION MAP command. To preserve site-specific parameter settings and commands, create the following files.
NFS Server 20.5 Managing the MOUNT Service You can customize the operation of the MOUNT service by using SYSCONFIG to modify the attributes listed in Table 20–1. Table 20–1 MOUNT Attributes Attribute Description mountd_option_a Verifies the Internet addresses of hosts that make mount and unmount requests.
NFS Server 20.6 Registering Users and Hosts After setting up appropriate accounts, you must register users in the proxy database and set mount points in the export database. 20.6.1 Adding Proxy Entries Each user accessing your local server must be registered in the proxy database. See Section 20.1.3 if you are not familar with how the server uses this database to grant access to remote users. You should create the proxy database before the NFS server starts.
NFS Server 20.7 Backing Up a File System 20.7 Backing Up a File System You can back up NFS-mounted files using standard OpenVMS backup procedures. For more information, see the OpenVMS documentation. If you back up an OpenVMS file system or a container file system while remote users are accessing the files, the resulting save set may contain files that are in an inconsistent state. For a container file system, there is the additional danger that the container file itself may be in an inconsistent state.
NFS Server 20.8 Setting Up and Exporting an OpenVMS File System With the NAME_CONVERSION option set, users can create files and directories in an OpenVMS file system using names that do not conform to OpenVMS file-naming rules. Note If any client hosts had the file system mounted before the name conversion was enabled, they must dismount and remount for this feature to take effect. For more information about file name conversion, see Appendix C. 20.
NFS Server 20.9 Setting Up and Exporting a Container File System 3. Map the OpenVMS volume on which the container file has been created. TCPIP> MAP "/test_dsk" DSA101: Note that it is important to map the underlying volume before mapping the container file system to make it available to the NFS server and the management control program. It is possible to use a volume both as an OpenVMS style file system and a container file system.
NFS Server 20.10 Maintaining a Container File System 20.10.1 Displaying Directory Listings Use the DIRECTORY command to display the contents of a directory. For example, TCPIP> DIRECTORY "/path/name" In this example, /path/name is a valid UNIX directory specification that begins with a slash (/) and is enclosed in quotation marks. The DIRECTORY command has the following qualifiers: • /FULL specifies that a comprehensive list of information is displayed for each file displayed by the DIRECTORY command.
NFS Server 20.10 Maintaining a Container File System 20.10.5 Deleting a Container File System You can delete a container file system with all its directories and files by issuing the DELETE CONTAINER command. For example, to delete the UNIX container created on WORK1$:[GROUP_A], enter the following command: TCPIP> DELETE CONTAINER WORK1$:[GROUP_A] Use the UNMAP command to unmap the container file system before you delete it. 20.10.
NFS Server 20.10 Maintaining a Container File System Table 20–2 Container File System Components Analyzed UNIX Item OpenVMS Conceptual Equivalent Super block Home block Contains the basic information on the internal structuring of the container file. Inode File header Each file or directory has an inode that contains information describing the file. The inode is a central definition of the file. Directory Directory Contains the file names and directory hierarchy information.
NFS Server 20.12 Modifying NFS Server Attributes 20.12 Modifying NFS Server Attributes You can modify the way the NFS server works by specifying NFS server attributes using the SYSCONFIG command. The characteristics of the NFS server that you can modify include: • Proxy security • Default proxy UID • Default proxy GID • Maximum concurrent TCP threads • Maximum concurrent UDP threads To make permanent modifications: 1.
NFS Server 20.12 Modifying NFS Server Attributes Table 20–3 (Cont.) Modifying NFS Server Attributes Attribute Description vnode_age Specifies the number of seconds in the time interval since the last file access request. The server keeps an activity timestamp for each opened file to help manage the open file cache. You can also modify this value with the /INACTIVITY qualifier to the SET NFS_ SERVER command. The default setting for this variable is 120, or 2 minutes.
NFS Server 20.13 Modifying File System Characteristics Table 20–4 (Cont.) File System Logical Names Logical Name Description TCPIP$CFS_FATAL_MESSAGES Defines the terminal device to which the important error messages are directed, in addition to the normal error messages that are sent to the operator’s console. The default is _OPA0:. 20.14 File Locking TCP/IP Services supports a partial implementation of NFS network locking, which allows users to lock files.
NFS Server 20.14 File Locking 20.14.1 File Locking Service Startup and Shutdown The file locking services can be shut down and started independently of TCP/IP Services. This is useful when you change parameters or logical names that require the service to be restarted. The following files are provided: • SYS$STARTUP:TCPIP$LOCKD_STARTUP.COM allows you to start up the LOCKD component independently. • SYS$STARTUP:TCPIP$STATD_STARTUP.COM allows you to start up the STATD component independently.
NFS Server 20.15 Improving NFS Server Performance 20.15.3 Increasing the Number of Active Threads The NFS server is an asynchronous, multithreaded process. This means that multiple NFS requests can be processed concurrently. Each NFS request is referred to as a thread. With increased server activity, client users may experience timeout conditions. Assuming the server host has the available resources (CPU, memory, and disk speed), you can improve server response by increasing the number of active threads.
NFS Server 20.15 Improving NFS Server Performance • VIRTUALPAGECNT Maximum virtual size of a process in pages. The NFS server requires largerthan-normal amounts of virtual address space to accommodate structures and buffer space. • WSMAX Maximum physical size of a process in pages. The larger the working set, the more pages of virtual memory that can remain resident. Larger values reduce page faults and increase the server’s performance.
21 NFS Client The Network File System (NFS) client software enables client users to access file systems made available by an NFS server. These files and directories physically reside on the remote (server) host but appear to the client as if they were on the local system. For example, any files accessed by an OpenVMS client — even a UNIX file — appear to be OpenVMS files and have typical OpenVMS file names.
NFS Client 21.1 Key Concepts All files below the mount point are available to client users as if they reside on the local system. The NFS client requests file operations by contacting a remote NFS server. The server then performs the requested operation. The NFS client automatically converts all mounted directories and file structures, contents, and names to the format required by OpenVMS. For example, a UNIX file named /usr/webster/.login would appear to an OpenVMS client as DNFS1:[USR.WEBSTER].
NFS Client 21.1 Key Concepts 21.1.2.3 Creating Customized Default ADFs You can create customized default ADFs for special applications. To do so: 1. On the client, create a special application file that results in creating an ADF on the server. Suppose that application file is called TEST.GAF. 2. On the server, check the listing for the newly created file. For example: > ls -a . .. .$ADF$test.gaf;1 test.gaf Note that the ADF (.$ADF$test.gaf;1) was created with the data file (TEST.GAF). 3.
NFS Client 21.1 Key Concepts 21.1.4 How the Client Maps User Identities Both OpenVMS and UNIX based systems use identification codes as a general method of resource protection and access control. Just as OpenVMS employs user names and UICs for identification, UNIX identifies users with a user name and a user identifier (UID) and group identifier (GID) pair. Both UIDs and GIDs are used to identify a user on a system. The proxy database contains entries for each user wanting to access files on a server host.
NFS Client 21.1 Key Concepts Since a UNIX file system does not have a SYSTEM protection mask (the superuser has all permissions for all files) the NFS client displays the SYSTEM as identical to the OWNER mask. 21.1.6 Guidelines for Working with DNFS Devices The following list summarizes the guidelines and restrictions associated with DNFS devices: • BACKUP and RESTORE operations The OpenVMS NFS client does not emulate the on-disk structure of actual OpenVMS disks.
NFS Client 21.2 NFS Client Startup and Shutdown • SYS$STARTUP:TCPIP$NFS_CLIENT_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters to be invoked immediately before the NFS client is shut down. 21.3 Registering Users in the Proxy Database Users on your client host must have corresponding accounts on the NFS server host. After making sure client users have appropriate accounts, you must register them with the proxy database.
NFS Client 21.3 Registering Users in the Proxy Database Table 21–1 (Cont.) Required Fields for NFS Proxy Entries Field Meaning UID/GID pair Remote identity of the user. Required even if both client and server are OpenVMS hosts. Remote host name Name of the remote host, which is one of the following: • Remote client of the local NFS server • Remote server for the local NFS client • Both • Wildcard ( *) for all hosts To add a user name to the proxy database, take the following steps: 1.
NFS Client 21.4 Mounting Files and Directories For example: TCPIP> MOUNT mount_point /HOST="host" /PATH="/path/name" Note By default, a mount is considered a system mount and privileges are required unless the /SHARE qualifier is used. See Section 21.4.1 for information on user-level mounting. When you issue a MOUNT command, the NFS client creates a new DNFS device and mounts the remote file system onto it.
NFS Client 21.4 Mounting Files and Directories This mount request increments the mount count by 1. You must specify the /SHARE qualifier with the same host name and path as used in the initial mount to ensure that the mount is seen as a shared mount instead of as a new mount request. With a shared mount, the mount requests increment the mount count by 1 under the following circumstances: • With an initial /SYSTEM or /GROUP mount.
NFS Client 21.4 Mounting Files and Directories 4. TCPIP> MOUNT DNFS1:[B] /HOST=MARGE /PATH="DKA0/TEST" Mount count: 3 (system mount, not incremented) 5. TCPIP> DISMOUNT DNFS1:[A] Mount count: 2 6. $ DISMOUNT DNFS1: Mount count: 1 (removed mount in example 3, decremented) 7. $ DISMOUNT DNFS1: Mount count: 0 (removed mount in example 4, decremented) The original mount for BART "/ENG" on DNFS1:[A], along with its shared mount, is dismounted.
NFS Client 21.4 Mounting Files and Directories If you specify background mounting, you should also use the /RETRIES qualifier with a small nonzero number. This qualifier sets the number of times the transaction itself should be retried. Specify background mounting, along with the desired delay time and retry count parameters, with the qualifier /BACKGROUND=[DELAY:OpenVMS_delta_time,RETRY:n].
NFS Client 21.4 Mounting Files and Directories TCPIP> MOUNT DNFS2:[USERS.SPARROW.MNT] /HOST="birdy" /PATH="/usr" %DNFS-S-MOUNTED, /usr mounted on _DNFS2:[USERS.SPARROW.MNT] TCPIP> MOUNT DNFS2:[USERS.SPARROW] /HOST="birdy" /PATH="/usr" /FORCE %DNFS-S-MOUNTED, /usr mounted on _DNFS2:[USERS.SPARROW] -TCPIP-I-OCCLUDED, previous contents of _DNFS2:[USERS.SPARROW] occluded The following example shows a mount of UNIX directory /usr to the OpenVMS device and directory DNFS3:[0,0].
Part 6 Configuring Printing Services Part 6 describes how to set up and manage the printing services available with TCP/IP Services, and includes the following chapters: • Chapter 22, Setting Up and Managing the LPR/LPD Print Service, describes how to set up LPR/LPD, providing access to local and remote print queues. • Chapter 23, Setting Up and Managing TELNETSYM, describes how to set up and manage the TELNET print symbiont (TELNETSYM).
22 Setting Up and Managing the LPR/LPD Print Service The LPR/LPD service allows other network hosts to access printers on the server system and provides local access to printers on remote hosts. Remote print server and the client hosts must run Version 4.2 or later of the Berkeley Software Distribution line printer spooler software (lpd) to interoperate with TCP/IP Services LPR/LPD. This chapter reviews key concepts and describes: • How to configure the LPR/LPD print service (Section 22.
Setting Up and Managing the LPR/LPD Print Service 22.1 Key Concepts The same LPD symbiont image is used for both client and server. It acts as the client on queues set up for remote printers, and it acts as the server on the local LPD queue. The LPD uses the printcap database to process print requests. The printcap database, located in SYS$SPECIFIC:[TCPIP$LPD]:TCPIP$PRINTCAP.DAT, is an ASCII file that defines the print queues.
Setting Up and Managing the LPR/LPD Print Service 22.2 Configuring LPR/LPD Table 22–1 (Cont.) LPD Logical Names Logical Name Description TCPIP$LPD_KEEPALIVE The KEEPALIVE timer is used to periodically check the other end of a link that appears to be idle. The purpose of the time is to detect when a remote host has failed or has been brought down, or when the logical connection has been broken.
Setting Up and Managing the LPR/LPD Print Service 22.2 Configuring LPR/LPD Table 22–1 (Cont.) LPD Logical Names Logical Name Description TCPIP$LPD_DROPTIME The DROP timer indicates how long (in seconds) that a connection should be maintained (after repeated timeouts) before closing the connection. The DROP timer is in effect only after the link has been established, and it takes effect only if the TCPIP$KEEPALIVE logical is set.
Setting Up and Managing the LPR/LPD Print Service 22.2 Configuring LPR/LPD Table 22–1 (Cont.) LPD Logical Names Logical Name Description TCPIP$LPD_RCV Writes diagnostics to the receiver log file TCPIP$LPD_RCV_LOGFILE.LOG. Applies to inbound jobs (LPD server) from the time they are received from the remote host over the network to the time they are queued to the local print queue for processing by the LPD print symbiont. TCPIP$LPD_DEBUG and TCPIP$LPD_RCV are bit-mapped values.
Setting Up and Managing the LPR/LPD Print Service 22.2 Configuring LPR/LPD To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services: • SYS$STARTUP:TCPIP$LPD_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when the LPD server is started. • SYS$STARTUP:TCPIP$LPD_SYSHUTDOWN.
Setting Up and Managing the LPR/LPD Print Service 22.3 Configuring Printers The following example shows how to use the printer setup program to configure a printer named LOCAL1: $ RUN SYS$SYSTEM:TCPIP$LPRSETUP TCPIP Printer Setup Program Command < add delete view help exit >: add Adding printer entry, type ’?’ for help.
Setting Up and Managing the LPR/LPD Print Service 22.3 Configuring Printers $ RUN SYS$SYSTEM:TCPIP$LPRSETUP Command < add delete view help exit >: delete Deleting a printer entry, type ’?’ for help. Enter printer name to delete (or view to view printcap file): LOCAL1 Error log file Printer Queue Spool Directory Symbol -----: lf : lp : sd type ---STR STR STR value ----/SYS$SPECIFIC/TCPIP$LPD/LOCAL1.
Setting Up and Managing the LPR/LPD Print Service 22.3 Configuring Printers Table 22–3 (Cont.) Printcap Symbols Symbol Description nd /NODELETE flag. Specifies that the temporary file created in TCPIP$LPD for an inbound print job will not be deleted after printing. By default, these temporary files are deleted after printing. cr Not supported by TCP/IP Services. p1-p8 Equivalent to the PRINT/PARAMETER qualifier on the DCL command line.
Setting Up and Managing the LPR/LPD Print Service 22.3 Configuring Printers To specify a log file that can be shared by all printers, specify the same file for each printer entry. For example: :lp=LOCAL1:\ :lf=/SYS$SPECIFIC/TCPIP$LPD/TCPIP$LPD_LOGFILE.LOG:\ . . . :lp=LOCAL2"\ :lf=/SYS$SPECIFIC/TCPIP$LPD/TCPIP$LPD_LOGFILE.LOG: 22.3.1.3 Support for PrintServer Extensions You can configure LPD to support remote printing on a system that does not implement the PrintServer extensions.
Setting Up and Managing the LPR/LPD Print Service 22.5 Controlling Access to Local Queues To add a proxy entry, enter: TCPIP> ADD PROXY user_name /HOST=host_name /REMOTE_USER=user_name For each host, define both its host name and alias name. If you need to use lowercase letters to specify a remote user name, enclose it in quotation marks. For example: /REMOTE_USER="unixuser" You use wildcard characters when adding proxy entries for users on remote systems.
Setting Up and Managing the LPR/LPD Print Service 22.7 Using OpenVMS Flag Page Options • Renders meaningless the /PARAMETERS=NOFLAG qualifer to the DCL command PRINT. 22.8 Solving LPD Problems In addition to the log files specified in the printcap database, which is used by the LPR and LPD symbionts, the LPD receiver logs diagnostic messages to the log file TCPIP$LPD_RCV_STARTUP.LOG. Use the TCPIP$LPD_RCV and TCPIP$LPD_DEBUG logical names to control LPR/LPD diagnostic information in these logs.
23 Setting Up and Managing TELNETSYM The TELNET print symbiont (TELNETSYM) provides remote printing services that enable the use of standard OpenVMS printing features not available with the LPR/LPD print service. With TELNETSYM configured on your system, you can set up and manage a remote printer attached to a remote terminal server as if it were directly connected to your system. The TELNET symbiont functions in a manner that is similar to that of LATSYM for Compaq’s local area transport (LAT) software.
Setting Up and Managing TELNETSYM 23.1 Key Concepts If the print job is queued with the /PASSALL qualifier, TELNETSYM sets up a binary TELNET channel by inserting IAC-DO-BINARY and IAC-WILL-BINARY escape sequences. You can turn off this behavior by defining the logical name TCPIP$TELNETSYM_RAW_TCP for the queue. If you set this logical name, none of this processing is done.
Setting Up and Managing TELNETSYM 23.3 Setting Up Print Queues 2. Specify the host name and port number to which the queue sends the print data with the /ON qualifier, as follows: /ON="hostname:portnumber" For example, to set up a TELNETSYM queue named xyz_q to print using TELNETSYM to host printserver.xyz.com at TCP port 4242, enter: $ INITIALIZE /QUEUE /PROCESSOR=TCPIP$TELNETSYM _$ /ON="printserver.xyz.com:4242" xyz_q 23.
Setting Up and Managing TELNETSYM 23.5 Managing and Customizing Your Print Queues • TCPIP$TELNETSYM_SUPPRESS_FORMFEEDS Suppresses form feeds between jobs. This includes the form feed that is normally sent before the first job printed to a print queue and the form feed sent at the end of every job. For more information, see Section 23.6.4.1. 23.5.2 Setting Up Error Logging OPCOM messages sent by TELNETSYM include the name of the execution queue.
Setting Up and Managing TELNETSYM 23.5 Managing and Customizing Your Print Queues Bit 2 is useful in unassisted problem solving. Be aware, however, that the log file can become large because all the data sent over the link to the printer is logged. Bits 0 and 1 are primarily for use by Compaq. However, with knowledge of PSM$ symbionts, you might find all the options useful. • TCPIP$TELNETSYM_LOG_KEEP By default, TELNETSYSM saves all log files.
Setting Up and Managing TELNETSYM 23.5 Managing and Customizing Your Print Queues This logical name is not used by the server; it is used by the TELNET client. If you are changing this logical name, then there is no need to restart TCP/IP Services. If this logical is defined, the KEEPALIVE function is enabled. By default, the KEEPALIVE timer is disabled. Broken connections will be detected only when the relevant application sends data.
Setting Up and Managing TELNETSYM 23.5 Managing and Customizing Your Print Queues If this logical name is not defined, TELNETSYM defaults to a wait period of 3 minutes between retries. For example, to define a retry interval of 30 seconds, enter: $ DEFINE /SYSTEM TCPIP$TELNETSYM_RETRY_INTERVAL "0 00:00:30.00" 23.5.5 Releasing a TELNETSYM Link By default, TELNETSYM releases an established link at the end of a print job. This behavior is useful when multiple systems contend for the same printer.
Setting Up and Managing TELNETSYM 23.6 Solving TELNETSYM Problems to: /PROCESSOR=TCPIP$TELNETSYM 23.6.2 Printing to Terminal Servers When you print to a terminal server system, ensure that: • Input flow control is disabled for the port to which you are printing. Enter: > CHANGE PORT port INPUT FLOW DISABLED • The TELNET server for the terminal server port is set to recognize a new line as a carriage-return character followed by a line feed character.
Setting Up and Managing TELNETSYM 23.6 Solving TELNETSYM Problems 4. Identify the problem. Either fix it or report it to your Compaq support representative. Keep in mind that the OpenVMS print symbiont may be the cause of the problem. TELNETSYM only modifies the output as described in Section 23.1.1. 5. Turn off debug mode. 6. Start the TELNETSYM queue. 23.6.4.1 Controlling Form Feed Suppression Use the TCPIP$TELNETSYM_SUPPRESS_FORMFEEDS logical to control the suppression of form feeds.
Setting Up and Managing TELNETSYM 23.6 Solving TELNETSYM Problems 2. This example shows how to determine the value of the TCPIP$TELNETSYM_ SUPPRESS_FORM FEEDS logical if you want level 1 form feed suppression at job completion time only.
24 Setting Up PC-NFS The PC-NFS server provides authentication and print services for personal computers running PC-NFS. Users on a PC client can associate the name of the PC printer with an OpenVMS print queue and print files to the associated queue. To access the PC-NFS server, PC users must have an entry in the proxy database and have corresponding OpenVMS accounts on the server. This chapter describes: • How to start up and shut down the PC-NFS server (Section 24.
Setting Up PC-NFS 24.2 Providing PC-NFS Print Services 24.2 Providing PC-NFS Print Services To configure PC-NFS print services, you must create and export a spool directory and define two system logical names. Follow these steps when configuring your print server for printing by PC-NFS clients: 1. If one does not already exist, create a spool directory. 2. Map the OpenVMS device to the spool directory path name. For example: TCPIP> MAP "/PC_PRINT/WORK" DSA31: 3.
Part 7 Appendixes Part 7 contains the following appendixes: • Appendix A, Gateway Routing Daemon (GATED) Configuration Reference, describes how to configure GATED protocols for use with the Gateway Routing Daemon (GATED). • Appendix B, EBCDIC/DMCS Translation Tables, provides EBCDIC/DMCS translation tables. • Appendix C, How NFS Converts File Names, describes how NFS converts UNIX file names to OpenVMS file names. • Appendix D, Acronyms, contains a list of acronyms for OpenVMS and networking.
A Gateway Routing Daemon (GATED) Configuration Reference This appendix describes how to configure the Gateway Routing Daemon (GATED). A.1 The GATED Configuration File You must configure the GATED protocols before starting GATED routing by editing the configuration file TCPIP$GATED.CONF, located in SYS$SYSDEVICE:[TCPIP$GATED]. A template file TCPIP$GATED.TEMPLATE is also available in this directory. The file TCPIP$GATED.
Gateway Routing Daemon (GATED) Configuration Reference A.2 Configuration File Statement Syntax • The C-style comments that start with /* and end with */ Note In a GATED configuration file, statements end with a semicolon (;). Do not use a semicolon as a comment character in your configuration file. Anything following a semicolon is interpreted as the start of the next statement. A.3 Statement Grouping The configuration file consists of statements grouped in the following order: 1. Options statements 2.
Gateway Routing Daemon (GATED) Configuration Reference A.4 Configuration Statements Table A–1 (Cont.) GATED Configuration Statements Command Type Description options interfaces autonomoussystem definition Defines GATED options. definition Defines GATED interfaces. definition Defines the autonomous system (AS) number. routerid definition Defines the originating router (BGP, OSPF). martians definition Defines invalid destination addresses.
Gateway Routing Daemon (GATED) Configuration Reference A.5 Creating the GATED Configuration File #-----------------------------------------------------------------------------# # TCPIP$GATED.CONF - Sample config file, preconfigured for RIP v1.
Gateway Routing Daemon (GATED) Configuration Reference A.6 Defining Preferences and Routing • May select routes from the same exterior gateway protocol (EGP) learned from different peers or autonomous systems. The GATED daemon selects a route based on the following preference criteria: • The route with the best (numerically smallest) preference is selected. • If the two routes have the same preference, the route with the best (numerically smallest) preference2 is selected.
Gateway Routing Daemon (GATED) Configuration Reference A.6 Defining Preferences and Routing Table A–2 (Cont.) Default Preference Values Preference Defined by Statement RIP routes rip Point-to-point interface Default 100 110 Routes to interfaces that are down interfaces 120 Aggregate/generate routes aggregate/generate 130 OSPF AS external routes ospf 150 BGP routes bgp 170 EGP egp 200 A.6.
Gateway Routing Daemon (GATED) Configuration Reference A.7 Tracing Options Table A–3 Trace Options Option Definition trace_file Specifies the file to receive tracing information. If this file name does not begin with a slash (/), the directory in which GATED was started is prepended to the name. replace Replaces an existing trace file. The default is to append to an existing file. size size[k|m] files files Limits the maximum size of the trace file to the specified size (minimum 10 kilobytes).
Gateway Routing Daemon (GATED) Configuration Reference A.7 Tracing Options Table A–5 (Cont.) Protocol Significance Options Option Description normal Traces normal protocol occurrences. Abnormal protocol occurrences are always traced. policy Traces the application of protocol and user-specified policy to routes being imported and exported. task Traces system interface and processing associated with this protocol or peer. timer route Traces timer usage by this protocol or peer.
Gateway Routing Daemon (GATED) Configuration Reference A.7 Tracing Options recv Limits the tracing to packets received. If neither the send nor the recv option is specified, both sent and received packets are traced. Note If a protocol allows several different types of packet tracing, modifiers can be applied to each individual type. Be aware, however, that within one tracing specification the trace flags are summed up, so specifying detail packets turns on full tracing for all packets. A.
Gateway Routing Daemon (GATED) Configuration Reference A.9 Options Statements The options list can contain one or more of the following options: gendefault [preference preference] [gateway gateway] When gendefault is enabled and a BGP or EGP neighbor is up, a default route with the special protocol default is created. This can be disabled per BGP/EGP group with the nogendefault option. By default, this route has a preference of 20.
Gateway Routing Daemon (GATED) Configuration Reference A.
Gateway Routing Daemon (GATED) Configuration Reference A.10 Interface Statements preference preference Sets the preference for routes to this interface when it is up and appears to be functioning properly. The default preference is 0. down preference preference Sets the preference for routes to this interface when GATED does not believe it to be functioning properly, but the kernel does not indicate it is down. The default value is 120.
Gateway Routing Daemon (GATED) Configuration Reference A.10 Interface Statements A.10.1 Interface Lists An interface list is a list of references to interfaces or groups of interfaces. The following four methods, from most general to most specific, are available for referring to interfaces: ALL Refers to all available interfaces. Interface name wildcard Refers to all the interfaces of the same type. Interfaces consist of the device driver name and a unit number, for example, LE0.
Gateway Routing Daemon (GATED) Configuration Reference A.10 Interface Statements A.10.2 IP Interface Addresses and Routes The BSD 4.3 and later networking implementations allow the following four types of interfaces. Some implementations allow multiple protocol addresses per physical interface, but these are mostly based on BSD 4.3 RENO or later. Loopback This interface must have the address of 127.0.0.1. Packets sent to this interface are sent back to the originator.
Gateway Routing Daemon (GATED) Configuration Reference A.11 Definition Statements A.11 Definition Statements Definition statements are general configuration statements that relate to all of GATED, or at least to more than one protocol. The three definition statements are autonomoussystem, routerid, and martians. If used, autonomoussystem, routerid, and martians, must appear before any other type of configuration statement in TCPIP$GATED.CONF file. A.11.
Gateway Routing Daemon (GATED) Configuration Reference A.11 Definition Statements The following list describes each statement in the example: • The options statement tells the system to generate a default route when it peers with an EGP or BGP neighbor. • The autonomoussystem statement tells GATED to use AS number 249 for EGP and BGP. • The interface statement tells GATED not to mark interface 128.66.12.2 as down even if it sees no traffic. • The martians statement prevents routes to 0.0.0.
Gateway Routing Daemon (GATED) Configuration Reference A.12 Protocol Overview • EGP Exterior Gateway Protocol: Originally EGP reachability information was passed into ARPANET/MILNET ‘‘core’’ gateways where the best routes were chosen and passed back out to all connected autonomous systems. As the Internet moved toward a less hierarchical architecture, EGP, an exterior routing protocol which assumes a hierarchical structure, became less effective. The EGP protocol is described in RFC 827 and RFC 904.
Gateway Routing Daemon (GATED) Configuration Reference A.12 Protocol Overview A.12.6 Kernel Interface Although the kernel interface is not technically a routing protocol, it has many characteristics of one, and GATED handles it similarly. The routes GATED chooses to install in the kernel forwarding table are those that will actually be used by the kernel to forward packets.
Gateway Routing Daemon (GATED) Configuration Reference A.14 Redirect Processing A.14 Redirect Processing The redirect code is passed ICMP or ISO redirects learned by monitoring ICMP messages, or via the routing socket on systems that support it. It processes the redirect request and decides whether to accept the redirect. If the redirect is accepted, a route is installed in the GATED routing table with the protocol redirect. Redirects are deleted from the routing table after 3 minutes.
Gateway Routing Daemon (GATED) Configuration Reference A.14 Redirect Processing • interface is the interface statement, which allows the enabling and disabling of redirects on an interface-by-interface basis. See Section A.10.1 for the description of the interface_list. The parameters are: noredirects—Specifies that redirects received from the specified interface will be ignored. The default is to accept redirects on all interfaces. redirects— This is the default.
Gateway Routing Daemon (GATED) Configuration Reference A.
Gateway Routing Daemon (GATED) Configuration Reference A.15 The Router Discovery Protocol multicast, which specifies that the given addresses should only be included in a multicast Router Advertisement. If the system does not support IP multicasting the addresses will not be included.
Gateway Routing Daemon (GATED) Configuration Reference A.15 The Router Discovery Protocol • preference specifies the preference of all Router Discovery default routes. The default is 55. • interface specifies the parameters that apply to physical interfaces. Note a slight difference in convention from the rest of GATED, interface specifies just physical interfaces (such as LE0, EF0 and EN1). The Router Discovery Client has no parameters that apply only to interface addresses.
Gateway Routing Daemon (GATED) Configuration Reference A.16 The Kernel Statement During normal shutdown processing, GATED normally deletes all the routes it has installed in the kernel forwarding table, except for those marked with retain. Optionally, GATED can leave all routes in the kernel forwarding table by not deleting any routes. In this case changes will be made to insure that routes with a retain indication are installed in the table.
Gateway Routing Daemon (GATED) Configuration Reference A.16 The Kernel Statement A.16.2.2 Updating the Forwarding Table with the Routing Socket Interface The routing socket interface to the kernel forwarding table was introduced in BSD 4.3 Reno, widely distributed in BSD 4.3 Net/2 and improved in BSD 4.4. This interface is simply a socket, similar to a UDP socket, on which the kernel and GATED exchange messages.
Gateway Routing Daemon (GATED) Configuration Reference A.16 The Kernel Statement Due to an oversight, some systems (such as OSF/1) that are based on BSD 4.3 Reno or later, do not have the getkerninfo( ) system call described below, which allows GATED to read routes from the kernel without knowing about kernel internal structures. On these systems it is necessary to read the kernel radix tree from kernel memory. This is even more error-prone than reading the hash based forwding table.
Gateway Routing Daemon (GATED) Configuration Reference A.16 The Kernel Statement A.16.5 Reading Interface Physical Addresses Later version of the getkerninfo( ) and sysctl( ) interfaces return the interface physical addresses as part of the interface information. On most systems where this information is not returned, GATED scans the kernel physical interface list for this information for interfaces with IFFBROADCAST set, assuming that their drivers are handled the same as Ethernet drivers.
Gateway Routing Daemon (GATED) Configuration Reference A.16 The Kernel Statement A.16.8 Kernel Configuration Syntax The kernel configuration syntax is as follows: kernel { options [ nochange ] [ noflushatexit ] ; routes number ; flash [ limit number ] [ type interface | interior | all ] ; background [ limit number ] [ priority flash | higher | lower ] ; traceoptions trace_options ; } ; In the kernel configuration syntax: • options specifies kernel options.
Gateway Routing Daemon (GATED) Configuration Reference A.16 The Kernel Statement will cause all pending route changes of the specified type to be processed during the flash update. type, which specifies the type of routes that will be processed during a flash update. Interior specifies that interior routes will also be installed (see Section A.12.1). all specifies the inclusion of exterior routes as well (see Section A.12.2).
Gateway Routing Daemon (GATED) Configuration Reference A.16 The Kernel Statement • redirect Redirect messages received from the kernel. • interface Interface status messages received from the kernel. These are only supported on systems with networking code derived from BSD 4.4. • other Other messages received from the kernel, including those mentioned in the info type above. A.17 Static Routes Statements Static statements define the static routes used by GATED.
Gateway Routing Daemon (GATED) Configuration Reference A.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements A.18 Control Statements The control statements are used to define: • Route filtering, described in Section A.18.1 • Matching AS paths, as described in Section A.18.2 • Importing routes, as described in Section A.18.3 • Exporting routes, as described in Section A.18.4 • The source of exported routes, as described in Section A.18.5 • Route aggregation, as described in Section A.18.6 A.18.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements exact Specifies that the mask of the destination must match the supplied mask exactly. This is used to match a network, but no subnets or hosts of that network. refines Specifies that the mask of the destination must be more specified (for example, longer) than the filter mask. This is used to match subnets or hosts of a network, but not the network.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements An origin of igp indicates the route was learned from an intradomain routing protocol and is most likely complete. An origin of egp indicates the route was learned from an interdomain routing protocol that does not support AS paths (EGP, for example), and the path is most likely not complete. When the path information is definitely not complete, an origin of incomplete is used. An origin of any can be used for any origin. A.18.2.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements • aspath_term | aspath_term Matches the AS term on the left, or the AS term on the right. A.18.3 The Import Statement Importation of routes from routing protocols and installation of the routes in GATED’S routing database is controlled by import statements. The format of an import statement varies depending on the source protocol. A.18.3.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements import proto bgp aspath aspath_regexp origin any | ( [ igp ] [egp ] [ incomplete ] ) [ aspath-opt ] restrict ; import proto bgp aspath aspath_regexp origin any | ( [ igp ] [egp ] [ incomplete ] ) [ aspath-opt ] [ preference preference ] { route_filter [ restrict | ( preference preference ) ] ; } ; EGP importation may be controlled by autonomous system.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements A.18.3.5 Importing Routes from OSPF Use the following syntax to define importing routes from OSPF: import proto ospfase [ tag ospf_tag ] restrict ; import proto ospfase [ tag ospf_tag ] [ preference preference ] { route_filter [ restrict | ( preference preference ) ] ; } ; Due to the nature of OSPF, only the importation of ASE routes may be controlled.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements A.18.4.2 Route Filters All the formats allow route filters as shown in the following example. See the section on route filters for a detailed explaination of how they work. When no route filtering is specified (that is, when restrict is specified on the first line of a statement), all routes from the specfied source will match that statement.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements Exporting to RIP export proto rip [ ( interface interface_list ) | (gateway gateway_list ) ] restrict ; export proto rip [ ( interface interface_list ) | (gateway gateway_list ) ] [ metric metric ] { export_list ; } ; Exportation to RIP is controlled by any of protocol, interface or gateway. If more than one is specified, they are processed from most general (protocol) to most specific (gateway).
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements A.18.5 Specifying the Source The export list specifies export based on the origin of a route and the syntax varies depending on the source. Exporting BGP and EGP Routes proto bgp | egp autonomoussystem autonomous_system restrict ; proto bgp | egp autonomoussystem autonomous_system [ metric metric ] { route_filter [ restrict | ( metric metric ) ] ; } ; BGP and EGP routes may be specified as the source autonomous system.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements Nonrouting by Protocol proto default | aggregate restrict ; proto default | aggregate [ metric metric ] { route_filter [ restrict | ( metric metric ) ] ; } ; These protocols can only be referenced by protocol. • default refers to routes created by the gendefault option. It is recommended that route generation be used instead.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements Route aggregation is also used by regional and national networks to reduce the amount of routing information passed around. With careful allocation of network addresses to clients, regional networks can just announce one route to regional networks instead of hundreds. Aggregate routes are not actually used for packet forwarding by the originator of the aggregate route; they are used only by the receiver, if it wishes.
Gateway Routing Daemon (GATED) Configuration Reference A.18 Control Statements Routes that match the route filters are called contributing routes. They are ordered according to the aggregation preference that applies to them. If there are more than one contributing routes with the same aggregating preference, the route’s own preferences are used to order the routes. The preference of the aggregate route will be that of contributing route with the lowest aggregate preference.
Gateway Routing Daemon (GATED) Configuration Reference A.19 Sample Host Configurations Note that RIP will not run if UDP checksums are disabled in the kernel. • The following sample runs RIP in quiet mode; it only listens to packets, no matter how many interfaces are configured: # rip yes ; { nobroadcast ; } ; # • The following sample is suitable for any system that runs RIP and has only one network interface: # # do not time-out the network interface # interface 136.66.12.
Gateway Routing Daemon (GATED) Configuration Reference A.19 Sample Host Configurations # generate a default route if an EGP neighbor is acquired # options gendefault ; # # define the autonomous system number for EGP # autonomoussystem 303 ; # # enable RIP # rip yes ; # # enable EGP with hello interval 1 1/2 minute, poll # interval 10 minutes, neighbors 26.6.0.103 and 26.20.0.72 # egp yes { packetsize 24488 ; group minhello 1:30 minpoll 10:00 { neighbor 26.6.0.103 ; neighbor 26.20.0.
Gateway Routing Daemon (GATED) Configuration Reference A.19 Sample Host Configurations A.19.2 Sample BGP and OSPF Configuration The following sample implements the transformation of distance metrics between the internal (OSPF) and external (BGP) protocols. Autonomous system 1019, of which GATED is a member, contains network 19.0.0.0. The GATED machine has several interfaces into this autonomous system. The GATED daemon is using BGP to peer with AS 2021, neighbor 21.5.1.21.
Gateway Routing Daemon (GATED) Configuration Reference A.19 Sample Host Configurations backbone { authype none; interface 19.1.1.
B EBCDIC/DMCS Translation Tables The TCP/IP Services TELNET implementation supports IBM 3270 terminal emulation. The default translation tables satisfy most users’ needs. B.1 Macros for Modifying the Translation Tables If the standard translation table does not suit your needs, you can modify it by specifying macros in the file TN3270DEF.MAR. You should copy TN3270DEF.MAR from TCPIP$EXAMPLES into your current default directory and edit it with any editor supported by your system.
EBCDIC/DMCS Translation Tables B.1 Macros for Modifying the Translation Tables In this example, the macro changes the EBCDIC-to-DMCS translation table so that the EBCDIC character represented by the hexadecimal code 4A translates to a DMCS cent sign (hexadecimal code A2.) The DMCSto-EBCDIC translation table is also changed so that a DMCS cent sign translates to the EBCDIC character represented by the hexadecimal code 4A.
EBCDIC/DMCS Translation Tables B.3 Examples of Modifying Translation Tables REVTRA 4A,A2 ; Map the EBCDIC cent character (4A) ; to/from the ASCII cent character (A2). AS2EB ; Map the ASCII "[" (5B) to the EBCDIC ; SUB character (3F). 5B,3F The preceding macro could also be written in the following way: AS2EB ’[,3F 2. The following example shows the macros used to modify the standard translation tables to the translation tables used by IBM 3270TE. DMFILL = 26.
C How NFS Converts File Names The NFS to OpenVMS file name translation rules in Table C–1 are based on the character mapping scheme in Table C–2. The OpenVMS to NFS mapping rules are the converse of these rules. Table C–1 NFS Server to OpenVMS Client File Name Conversion Rules Rule 1 What Happens to File Names from NFS to OpenVMS Lowercase characters become uppercase (unless Rule 2 applies). For example, file becomes FILE.
How NFS Converts File Names Table C–2 NFS Client Name Conversion OpenVMS Character Sequence Server Character Octal Value $6A 000 $4A 001 $4B 002 $4C 003 $4D 004 $4E 005 $4F 006 $4G 007 $4H 010 $4I 011 $4J 012 $4K 013 $4L 014 $4M 015 $4N 016 $4O 017 $4P 020 $4Q 021 $4R 022 $4S
How NFS Converts File Names Table C–2 (Cont.) NFS Client Name Conversion OpenVMS Character Sequence Server Character Octal Value $5F & 046 $5G ’ 047 $5H ( 050 $5I ) 051 $5J * 052 $5K + 053 $5L , 054 $5N .
D Acronyms Table D–1 shows DIGITAL TCP/IP Services for OpenVMS acronyms and other acronyms related to TCP/IP networking.
Acronyms Table D–1 (Cont.
Acronyms Table D–1 (Cont.
Index A Access control, 1–5 and the NFS client, 20–6 superuser privileges and NFS, 20–5 using the proxy database and system privileges, 20–6 Accounts setting up for local and remote users, 1–5 Acronyms, D–1 to D–3 ADDRESS.
BIND server databases (cont’d) populating, 5–25 displaying statistics, 5–30 dynamic updates, 5–20, 5–21 manually creating, 5–21 load balancing load broker, 6–3 load balancing, see Cluster load balancing, 6–6 lookups, 5–29 manually creating dynamic updates, 5–21 NSLOOKUP utility, 5–37 NSUPDATE utility, 5–21 reverse lookups, 5–30 root name servers, 5–28 sample databases, 5–27 zone transfer, 5–32 BIND server databases ADDRESS.DB, 5–30 cache file, 5–28 DOMAIN_NAME.DB, 5–29 ROOT.
Configuring TCP/IP Services configuration databases, 1–1 modifying initial configuration, 1–2 OpenVMS clusters, 1–7 out-of-the-box defaults, 1–1 permanent changes with SET CONFIGURATION commands, 1–3 run-time changes with SET commands, 1–3 using logical names, 1–2 Connecting to the network, 2–1 Container file system analyzing, 20–15 backups, 20–11 commands for managing, 20–13 to 20–16 copying files into, 20–14 creating, 20–12 deleting, 20–15 for NFS, 20–2 logical names, 20–18 restoring, 20–16 when to use wi
DHCP GUI using the configuration window (cont’d) adding records, 7–25 saving records, 7–25 DHCP server, 7–1 to 7–65 allocating IP addresses, 7–2 leased, 7–3 manual assignment, 7–3 reusable address pool, 7–3 and BOOTP, 7–3 BOOTP parameters, 7–41 to 7–43 configuration file (DHCPAP) syntax, 7–51 configuration file (DHCPCAP) examples, 7–52 configuration file DHCPCAP rules, 7–51 configuration files, 7–5 configuration file symbols, 7–53 to 7–61 configuration tasks, 7–18 configuring, 7–23 host names, 7–32 IP range
ENABLE SERVICE SMTP command, 17–9 Enabling dynamic routing, 4–6 IP forwarding, 3–7 MIME mail, 18–12 PWIP driver, 1–5 SMTP antiSPAM, 17–15 SNMP authentication, 13–23 SNMP sets and traps, 13–24 Enabling services, 1–9 BOOTP, 9–4 DHCP, 7–18 FTP, 15–1 SMTP, 17–8 TFTP, 10–3 End-user services RCP, 16–1 REXEC, 16–1 RLOGIN, 16–1 RSH, 16–1 Error logging DHCP log file, 7–16 FTP, 15–5 LPD, 22–9 TELNETSYM, 23–4 eSNMP See SNMP Ethernet controller identifying with SET INTERFACE command, 2–2 Event logging, 1–10 and NTP, 12
GATED (cont’d) sample BGP and OSPF configuration, A–46 sample host configurations, A–43 sample preference specifications, A–6 sample RIP and EGP configuration, A–44 Gateway configuring, 4–10 mail relay, 17–20 SLIP, 3–14 GID, 20–4 group identifier, finding, 20–11 NFS proxy information, 1–6 H Hint file BIND Server databases, 5–28 Host address defined, 2–2 HOSTNAME.
LPD configuration (cont’d) tasks, 22–2 configuring printers printcap symbols, 22–8 remote printer entry, 22–9 specifying log files, 22–9 specifying spool directories, 22–9 displaying status of remote queues, 22–10 error logging, 22–9 event logging OPCOM messages, 22–11 options, 22–11 printer setup program, 22–6 print options flag page, 22–11 registering clients, 22–10 removing print jobs, 22–10 review of key concepts, 22–1 starting and stopping, 22–10 TELNETSYM relay queues, 23–3 M MAC address, 7–4 Managem
Name server configuration types (cont’d) secondary (slave) servers, 5–3 statistics, 5–30 Negotiating time synchronization exchanging UDP datagrams, 12–2 NETMASKS file modifying DHCP network masks, 7–12 Network device defining new, 2–1 Network File System (NFS) see NFS, NFS server Network interfaces, 2–1 configuring for PPP, 3–3 defining pseudointerfaces, 4–9 defining with SET INTERFACE command, 2–2 displaying, 2–2, 4–9 specifying network mask, 2–3 supported number per device, 2–2 Network masks DHCP NETMASKS
NSLOOKUP utility (cont’d) listing domain information, 5–45 listing MX records, 5–44 listing name servers, 5–44 obtaining host names, 5–43 obtaining IP addresses, 5–43 online help, 5–38 query types, 5–43 redirecting command output, 5–47 running as a foreign command, 5–37 set all command, 5–39 set commands, 5–40 starting and stopping, 5–37 using an initialization file, 5–37 viewing file contents, 5–47 NSUPDATE utility, 5–21 NSUPDATE utility commands, 5–22 NTP, 12–1 to 12–27 accepting and rejecting peers, 12–2
Printing configuring a TELNETSYM queue, 23–2 customizing TELNETSYM queues, 23–3 defining queues, 23–7 displaying status of a remote queue, 22–10 establishing TELNETSYM links, 23–6 granting acccess to local printers, 22–10 redirecting output to another queue, 23–3 relay queues, 23–3 releasing TELNETSYM links, 23–7 removing print jobs, 22–10 setting up relay queues, 23–3 starting and stopping LPD, 22–10 TELNET print symbiont, 23–1 Print queues managing PC-NFS, 24–2 redirecting output to LPD queue, 23–3 PrintS
Routing protocols (cont’d) Routing Information Protocol (RIP), 4–2 reassembly of datagrams, 4–7 testing, 4–4 valid trace options, A–6 Routing Information Protocol (RIP) see RIP Routing preferences sample specifications, A–6 Routing selection criteria, A–5 Routing table preserving GATED routes, 4–6 removing GATED routes, 4–6 RSH, 16–1 S Sample definition statements, A–15 Security and NFS proxies, 20–6 anonymous FTP, 15–2 BOOTP, 9–3 controlling access local print queues, 22–10 controls for NFS server, 20–16
SMTP (cont’d) reconfiguring queues, 17–9 requeing messages, 17–8 restart, 17–9 routing mail, 17–4 Send-from-file (SFF), 17–26 SET CONFIGURATION command, 17–6 SET CONFIGURATION SMTP command, 17–9 starting and stopping, 17–10 START MAIL command, 17–9 TCPIP$SMTP_LOGFILE.LOG, 17–6 TCPIP$SMTP_RECV_RUN.
TELNETSYM error logging (cont’d) TCPIP$TELNETSYM_VERBOSE, 23–4 establishing links, 23–6 functions, 23–1 initializing print queues, 23–2 managing print queues, 23–3 releasing links, 23–7 setting execution queues, 23–7 setting up relay queues, 23–3 Templates building translation tables, B–2 DHCP configuration files, 7–6 TCPIP$BIND.CONF, 5–5 TCPIP$GATED.CONF, A–1 TCPIP$LBROKER.CONF, 6–6 TCPIP$NTP.