Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Possible problem with IP clustering and FTP.

The Brit
Honored Contributor

Possible problem with IP clustering and FTP.

On OpenVMS 8.4, when configured for IP clustering, a route appears in the routing table which causes the FTP Data connection (Port 20) to try to use the IP interface when connecting to servers which are on the same sub-net.

See attachment for example.

The ftp attempt will fail with an "Unable to build data connection" error.

It can be fixed by removing the offending route from the routing table, however the route reappears after a system reboot.

I dont know if this is a bug, or if the route is required for IP clustering.

Am I going to have to place the "set noroute" command in the system startup to get FTP to work under normal usage??

Is this removing the route going to screw up the IP clustering?? (I have not yet got around to adding the second node to the cluster.)

Dave.
11 REPLIES
Andy Bustamante
Honored Contributor

Re: Possible problem with IP clustering and FTP.

Based on the behavior, I'll assume that LLB0 does not have gateway or access to other systems in the xxx.yyy.zzz.0 subnet. If this assumption is correct, you have two options for resolving this. You don't need TCP/IP for cluster communications. Turn it off. SET NOINTERFACE LLB0 and SET CONTFIG NOINTERFACE LLB0

If you need TCPIP available, for example to manage a dedicated switch on that subnet, modify the address on LLB0 to use a private address in an alternate subnet. For example, xxx.yyy.zza.193.

If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
The Brit
Honored Contributor

Re: Possible problem with IP clustering and FTP.

Andy,
I tried your suggestion of "TCPIP set config nointer LE1"

---------------------------------
TABV84$SYSTEM>> tcpip show config inter

Interface: LO0
IP_Addr: 127.0.0.1 NETWRK: 255.0.0.0 BRDCST:

Interface: LE0
IP_Addr: xxx.yyy.zzz.192 NETWRK: 255.255.255.0 BRDCST: xxx.yyy.zzz.255

Interface: LE1
IP_Addr: xxx.yyy.zzz.193 NETWRK: 255.255.255.0 BRDCST: xxx.yyy.zzz.255
TABV84$SYSTEM>> tcpip set config nointer le1
TABV84$SYSTEM>> tcpip show config inter

Interface: LO0
IP_Addr: 127.0.0.1 NETWRK: 255.0.0.0 BRDCST:

Interface: LE0
IP_Addr: xxx.yyy.zzz.192 NETWRK: 255.255.255.0 BRDCST: xxx.yyy.zzz.255
TABV84$SYSTEM>> @sys$system:shutdown

--------------------------------------
however when the system came back, the route was back;

TABV84$SYSTEM>> tcpip show route

DYNAMIC

Type Destination Gateway

AN 0.0.0.0 xxx.yyy.zzz.1
AN 0.0.0.0 xxx.yyy.zzz.1
AN xxx.yyy.zzz.0/24 xxx.yyy.zzz.193
AN xxx.yyy.zzz.0/24 xxx.yyy.zzz.192
AH xxx.yyy.zzz.192 xxx.yyy.zzz.192
AH xxx.yyy.zzz.193 xxx.yyy.zzz.193
AH 127.0.0.1 127.0.0.1
TABV84$SYSTEM>> tcpip show inter
Packets
Interface IP_Addr Network mask Receive Send MTU

LE0 xxx.yyy.zzz.192 255.255.255.0 85 17 1500
LE1 xxx.yyy.zzz.193 255.255.255.0 0 50 1500
LO0 127.0.0.1 255.0.0.0 0 0 4096
TABV84$SYSTEM>> tcpip show config inter

Interface: LO0
IP_Addr: 127.0.0.1 NETWRK: 255.0.0.0 BRDCST:

Interface: LE0
IP_Addr: xxx.yyy.zzz.192 NETWRK: 255.255.255.0 BRDCST: xxx.yyy.zzz.255

-----------------------------------------

and now when I try to ftp it just hangs at the FTP command.

TABV84$SYSTEM>> ftp xxx.yyy.zzz.191

Ctrl/Y

TABV84$SYSTEM>> tcpip set noroute zzz.yyy.zzz.0 /gateway=xxx.yyy.zzz.193
TABV84$SYSTEM>>
TABV84$SYSTEM>> ftp xxx.yyy.zzz.191
220 tab-bud.tessco.com FTP Server (Version 5.6) Ready.
Connected to TAB-BUD.
Name (TAB-BUD:system):
331 Username system requires a Password
Password:
230 User logged in.
FTP> dir sylogin.com;0
200 PORT command successful.
150 Opening data connection for sylogin.com;0 (xxx.yyy.zzz.192,49159)

Directory SYS$COMMON:[SYSMGR]

SYLOGIN.COM;91 6/16 12-JAN-2011 13:13:18 [SYSTEM] (RWED,RWED,RE,RE)

Total of 1 file, 6/16 blocks

226 LIST Directory transfer complete.
169 bytes received in 00:00:00.00 seconds (33.01 Kbytes/s)
FTP> bye
221 Goodbye.
TABV84$SYSTEM>>


Dave.
Andy Bustamante
Honored Contributor

Re: Possible problem with IP clustering and FTP.

Do you have FAILsafe IP enabled with the two interfaces? Are you using static routing?

Could you post the results from

TCPIP SHOW ROUTE /PERM
TCPIP ifconfig -a

If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
The Brit
Honored Contributor

Re: Possible problem with IP clustering and FTP.



TABV84$SYSTEM>> tcpip
TCPIP> show route /perm

PERMANENT

Type Destination Gateway

PN 0.0.0.0 10.30.5.1
TCPIP> ifconfig -a
LE0: flags=c43
*inet 10.30.5.192 netmask ffffff00 broadcast 10.30.5.255 ipmtu 1500

LE1: flags=c63
inet 10.30.5.193 netmask ffffff00 broadcast 10.30.5.255 ipmtu 1500

LO0: flags=100c89
inet 127.0.0.1 netmask ff000000 ipmtu 4096

TN0: flags=80

TN1: flags=80

TCPIP>

Dave.
Andy Bustamante
Honored Contributor

Re: Possible problem with IP clustering and FTP.

It looks like you have an alias or FAILsafe address configured on LE1. The "*" on the LE0 address indicates a home address.

Please run tcpip$config.com and reconfigure LE0, delete configuration for LE1 and ensure FAILsafe is disabled in Optional services.

Andy
If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
Steve Reece_3
Trusted Contributor

Re: Possible problem with IP clustering and FTP.

It's a while since I've viewed this area, but given earlier behaviour are you sure that what you're seeing is wrong?

Let's, for the sake of ease, apply xxx=1, yyy=2 and zzz=3.
You've got two interfaces, each with a 24 bit mask. They are 1.2.3.192 and 1.2.3.193.
The IP stack, being a dumb bit of logic, sees two connections which are apparently on the same subnet. There's nothing in the config that I can see to suggest anything else.
Is the IP stack, therefore, assuming that the two interfaces are both able to get through to the address you're trying to ftp to? The route in the routing table suggests this is the case.

The fix?

Do you need both interfaces on the same subnet? If not, try changing one to be on a different subnet. If yes, maybe putting static routes in the routing table for going out to your default gateway so that the stack only chooses one interface when going off its own subnet (I've not tried this, but assume it would work?)

Steve
The Brit
Honored Contributor

Re: Possible problem with IP clustering and FTP.

For Andy,

$ @tcpip$config

Option 1. (Core)
Option 2. (Interfaces)

HP TCP/IP Services for OpenVMS Interface & Address Configuration Menu

Hostname Details: Configured=tabv84, Active=tabv84

Configuration options:

0 - Set The Target Node (Current Node: TABV84)

1 - LE0 Menu (LLA0: Multimode 1000mbps)
2 - 10.30.5.192/24 tabv84 Configured,Active
3 - LE1 Menu (LLB0: Multimode 1000mbps)
4 - 10.30.5.193/24 *noname* IPCI,Active
5 - WE0 Menu (EWA0: Multimode 1000mbps)
6 - WE1 Menu (EWB0: Multimode 1000mbps)
7 - WE2 Menu (EWC0: Multimode 1000mbps)
8 - WE3 Menu (EWD0: Multimode 1000mbps)
I - Information about your configuration

Option E
Option E
Option 4 (Optional components)
Option 5 (Configure failSAFE IP)

FAILSAFE Configuration

Service is not defined in the SYSUAF.
Service is not defined in the TCPIP$SERVICE database.
Service is not enabled.
Service is stopped.

FAILSAFE configuration options:

1 - Enable service on all nodes
2 - Enable service on this node
3 - Enable & Start service on this node
[E] - Exit FAILSAFE configuration

Option E
Option E

In otherwords, I have not explicitly configured FailSAFE IP (I have never used it), and the configuration script confirms explicitly that FailSAFE IP HAS NOT be configured.

-------------------------------------

For Steve,

I am not claiming that tcpip is doing something wrong, (I dont know enough about Networking to say that). I am simply pointing out that my current configuration seems to break FTP, and asking if anyone can give an explanation.

Normally, I would be perfectly happy to move my cluster communication onto a private subnet, (and even under these circumstances I dont have a problem with this) however, When I read the Documentation on how to set up IP clustering, I do not recall any warnings or restrictions related to the IP addresses used for the clustering interface.

So it comes down to

a. If such a restriction exists, then it should be documented and promulgated.

and b. If this restriction does not exist, then it should not have any detrimental affect on other services (basically not true in the case of FTP), or there should be some kind of documented fix for the problem.

(or c. It could be a bug.)

Dave.
Steve Reece_3
Trusted Contributor

Re: Possible problem with IP clustering and FTP.

Are the two interfaces on the same physical LAN - i.e. although one is used for Clustering over IP, is it plugged in to the same switch or on the same VLAN as the non-IP cluster interface?
The Brit
Honored Contributor

Re: Possible problem with IP clustering and FTP.

Possibly. I'll check with our network guy when he is back in the office.

To leap forward here, are you thinking that I could solve my problems by setting up a clustering VLAN???

Dave.
Andy Bustamante
Honored Contributor

Re: Possible problem with IP clustering and FTP.

Dave,

As configured lla0: and llb0: should each be able to reach another system, either the gateway. I hadn't realized you were attempting to configure a cluster interconnect with TCPIP. Can you confirm using TCPIP for cluster traffic to a remote system, or will your other nodes be local? If local, remove tcpip from llb0, simply allow SCS cluster traffic to use the interface.

Can the FTP system ping both lla0 and llb0?

If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
Steve Reece_3
Trusted Contributor

Re: Possible problem with IP clustering and FTP.

>>>Possibly. I'll check with our network guy when he is back in the office.

To leap forward here, are you thinking that I could solve my problems by setting up a clustering VLAN???

Dave.<<<

No, the reverse of that. I'm thinking that maybe the interfaces for clustering are on a different VLAN and that they should actually be on the same instead.

If I can go out on either interface but one interface is logically unable to get where I need to go (because there's no way off that VLAN to the one I need to go to), the FTP is never going to work.

If you don't need failover from one IP interface to the other, could you set them up with different IP address ranges?

Steve