Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP) Software
123456789
6
the line containing “nsearch /var/hpsrp” with “nread /var/hpsrp
3. As the root user, enter the following command at the HP-UX command prompt:
kctune cmpt_fs_enhs=1
setrules
Intermittent Network packet delivery issues:
o Intermittent loss of external network connections.
o Unable to establish network connections between two SRPs on the same system, or
between an SRP and the INIT compartment.
o Networking between two SRPs on the same system, or between an SRP and the
INIT compartment, may result in packet delivery to an unintended local SRP.
Solution:
Contact HP for patch information
Network route selection not optimized for INIT compartment
Intermittent loss of connectivity from the INIT compartment to a remote host after a local SRP
on an isolated network unsuccessfully attempts to connect to the same host.
Workaround:
Avoid attempting to connect to unreachable hosts from an SRP. Consider decreasing the
cache entry hold time if the problem occurs frequently, as follows:
# ndd -set /dev/ip ip_ire_flush_interval 60000
SRP IP address may be reachable from within the same server when the SRP
is stopped.
If the system reboots, or if the script /sbin/init.d/net start is run, all SRP IPv4
addresses will be placed in the down state and will be locally accessible. This may cause
problems with SRPs configured with Serviceguard packages.
Workaround:
Start then stop the SRP to make the SRP’s IP address inaccessible. If using Serviceguard,
consider configuring Serviceguard to manage the SRP’s IP address and remove the SRP IP
address and related configuration from the /etc/rc.config.d/netconf file.
SRP IP Address remains enabled after a system failure/reboot.
IP addresses for SRPs that are active at time of system failure will be active after the system is
restarted, even if the SRP is not restarted.
Workaround:
To prevent remote systems from accessing the affected IP addresses, do the following:
1. Edit the /etc/rc.config.d/netconf file and change the INTERFACE_STATE
for all the SRP IP addresses that are not in the STARTED state to down.
2. Run /sbin/init.d/net start
Restarting the secure shell server in the INIT compartment via
/sbin/init.d/secsh
will fail if the secure shell server is also running in one
or more SRPs.
Workaround:
Start the secure shell server in the INIT compartment with the /opt/ssh/sbin/sshd
command.