Manualshelf

SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
141142143144145146147148149150
The same IP address may be configured in more than one IP process. If that IP address is configured in INTERFACE,
then a listen on such an IP address is issued against each of the configured IP processes.
There may be the requirement to listen on specific IP addresses of some IP processes but to listen on the ANY address
for other IP processes. This can be achieved by specifying the ANY address in INTERFACE, in addition to the specific
IP addresses.
Example: A listen is required on IP address 1.2.3.4, which is configured in process $ZTC1. Additionally a listen needs to
be issued for the ANY address against $ZTC0. Then the parameter INTERFACE would be set to 1.2.3.4,0.0.0.0 and
SUBNET value would be $ZTC0,$ZTC1.
Multiple Allowed Bind IP Address Configuration
A specific bind address could be specified from a local SSH[OSS]/SFTP[OSS] client via runtime
option -oBindAddress=<bind-address> when INTERFACEOUT was not set (configured with the ANY address). If such
option did not exist on the client command line in this case, the actual bind address was determined by the TCP/IP
process. An administrator could only select one specific local IP address as local bind address by configuring
INTERFACEOUT
to that specific IP address. With such a configuration any -oBindAddress options specified on the
client command line is ignored and the bind address configured via INTERFACEOUT is used.
With the support of multiple IP addresses for INTERFACEOUT, it is possible to allow a set of IP addresses as bind
addresses. If the -oBindAddress option of a client selects one of the IP addresses configured in INTERFACEOUT, then
the address supplied from the client will be used as local bind address for the connection.
If the client does not specify a bind address, then the SSH2 process selects one of the configured IP addresses in
INTERFACEOUT according to a round-robin algorithm that selects an IP address by first selecting an IP process
(should there be more than one IP processes configured in SUBNET) taking the CPU the IP process is running in for the
round-robin selection. Then one of the IP addresses of that IP process, which is also listed in INTERFACEOUT is
selected. In this way the outgoing connections are distributed over all CPUs the configured IP processes are running in.
Multiple Target IP Address Selection
With DNSMODE set to FIRST or if an IP address is specified for the target host, multiple target IP addresses do not
occur. But if parameter DNSMODE is set to ALL and a name is specified as target host, then the host name may get
resolved to multiple IP addresses. If that is the case one IP address must be selected for the actual connection. This is
done in a round-robin fashion over all target IP addresses a specific SSH2 process has seen in the recent past. This means
that the target IP address is selected from the list of resolved IP addresses by checking how often an outgoing connection
has been established in the last time interval and picking the IP address with the smallest number of outgoing
connections happened during the past interval. Information about connections established before the start of that interval
will be dropped.
In this way the outgoing connections are distributed over all IP addresses a specific host name is resolved to.
HP NonStop SSH Reference Manual Configuring and Running SSH2 143