Compaq TCP/IP Services for OpenVMS
Tuning and Troubleshooting

If you suspect one of the interfaces is down, you can test the interface by using:

• The ping command on another system to ping the IP address of the suspect interface. Because TCP/IP Services sends messages via the first matching entry in the routing table, you might not be exercising the interface if you test on the local system.
• The traceroute -s src_addr command on the local system. This command uses the IP address specified with the -s flag in outgoing probe packets. If the command fails, the error message may indicate that the problem is with the interface.

Use the ifconfig command to check the configuration of a network interface. A common problem is a misconfigured subnet mask or incorrect IP address. Be sure to check the values of these parameters.

To display configuration information for all interfaces, enter the following command:

TCPIP> ifconfig -a LO0: flags=100c89<UP,LOOPBACK,NOARP,MULTICAST,SIMPLEX,NOCHECKSUM> inet 127.0.0.1 netmask ff000000 ipmtu 4096 TN0: flags=80<NOARP> WE0: flags=c43<UP,BROADCAST,RUNNING,MULTICAST,SIMPLEX> HWaddr aa:0:4:0:71:f8 inet 10.10.2.1 netmask ffffff00 broadcast 10.10.2.255 ipmtu 1500

For example, to display the configuration for interface WF0, enter the following command:

TCPIP> ifconfig WF0

The system displays the following information:

WF0: flags=c43<UP,BROADCAST,RUNNING,MULTICAST,SIMPLEX> inet 16.20.208.100 netmask ffff0000 broadcast 16.20.255.255 ipmtu 4470 inet6 fe80::200:f8ff:febd:bc22 inet6 3ffe:1200:4120:1000:200:f8ff:febd:bc22

The first line of this display shows the interface characteristics. The interface should be UP and RUNNING (exceptions to this are the LO0 and TN0 interfaces). The pertinent fields in this display show the interface's IP address, the subnet mask, the broadcast mask, and the maximum transmit unit.

You can also obtain information using the following commands:

TCPIP> SHOW INTERFACE Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 137 137 4096 WE0 10.10.2.1 255.255.255.0 5089 4191 1500 TCPIP> SHOW CONFIGURATION INTERFACE Interface: LO0 IP_Addr: 127.0.0.1 NETWRK: 255.0.0.0 BRDCST: Interface: WE0 IP_Addr: 10.10.2.1 NETWRK: 255.255.255.0 BRDCST: 10.10.2.255

If you are not familiar with IP addressing and the concepts of subnet and broadcast masks, review the information in DIGITAL TCP/IP Services for OpenVMS Concepts and Planning before proceeding with troubleshooting tasks.

1.2.3 Displaying and Modifying the Internet-to-Ethernet Translation Tables

Use the arp utility or the SHOW ARP management command to check the IP address to Ethernet address translation entries in the Address Resolution Protocol (ARP) table. This is useful if you think incorrect entries are being added to the ARP table. For example, if you enter a command and an unexpected host responds, you may have two systems defined with the same IP address in the ARP table.

To display entries in the ARP table, enter the following command:

$ TCPIP SHOW ARP Cnt Flags Timer Host Phys Addr 1: UCS 451 160.20.0.10 08-00-2b-39-c7-ac 2: UC 0 160.20.0.100 aa-00-04-00-8d-13 3: UC 3 160.20.0.173 00-00-f8-45-a0-b4 4: UC 14 160.20.32.94 00-00-f8-00-f7-41 5: UC 50 160.20.64.69 00-d0-b7-19-78-a4 6: UCS 9 160.20.64.132 00-50-8b-72-7f-ff 7: UCS 150 160.20.80.124 00-50-8b-4d-91-b3

The following TCP/IP Services management commands allow you to configure the hardware addresses for remote IP addresses:

• SET ARP allows you to add the hardware address to the ARP table.
• SET PROTOCOL ARP allows you specify the time interval for ARP to hold information in its cache. Use the SET CONFIGURATION PROTOCOL ARP command to set this information in the permanent configuration database.

For more information about these procedures, refer to the Compaq TCP/IP Services for OpenVMS Management manual.

For information about using the arp utility, refer to Appendix A.

1.2.4 Examining Network Statistics

Use the netstat utility or the SHOW INTERFACE command to check interface and protocol statistics, per-connection status, and memory buffer use. Look for bad checksums, excessive retransmissions, dropped packets, out-of-order packets, and lost-carrier errors.

For example:

TCPIP> netstat -i Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll TN0* 1280 Link Link#2 0 0 0 0 0 WF0 4470 Link 00:00:f8:cd:1e:e4 48855499 0 2035244 0 0 WF0 4470 16.20 ucxaxp 48855499 0 2035244 0 0 LO0 4096 Link Link#1 165084 0 165084 0 0 LO0 4096 127 LOCALHOST 165084 0 165084 0 0

The netstat command displays information used to diagnose failures. Some problems to look for include:

• Network problems
  If the netstat -i command shows an excessive number of input errors (Ierrs), output errors (Oerrs), or collisions (Coll), you may be experiencing a network problem, such as improperly connected cables or a saturated Ethernet.
• Memory problems
  Use netstat -m to see whether the network is using an excessive amount of memory in proportion to the total amount of memory installed on the system.
  If several memory requests are delayed or denied, this means that your system was temporarily short of physical memory.
• Network connections
  Use netstat -an to check allocated sockets (each socket results in a network connection).

The trace utility (TCPTRACE) is a tool you can use to trace packets going in and out of the system. To run the trace utility, enter the DCL command TCPTRACE. Use the qualifiers listed in the command reference section to customize tracing for your particular problem. For example:

$ TCPTRACE HOST1 /FULL /PORT=REMOTE=21 $ TCPTRACE HOST2 /PORT=(LOCAL=23, REMOTE=1056) /FULL /PACKETS=30 /OUTPUT=TELNET_TRACE.TXT

The following sample is a TCPTRACE display:

TCPIP INTERnet trace RCV packet seq # = 1 at 23-OCT-1998 15:19:33.29 IP Version = 4, IHL = 5, TOS = 00, Total Length = 217 = ^x00D9 IP Identifier = ^x0065, Flags (0=0,DF=0,MF=0), Fragment Offset = 0 = ^x0000, Calculated Offset = 0 = ^x0000 IP TTL = 32 = ^x20, Protocol = 17 = ^x11, Header Checksum = ^x8F6C IP Source Address = 16.20.168.93 IP Destination Address = 16.20.255.255 UDP Source Port = 138, UDP Destination Port = 138 UDP Header and Datagram Length = 197 = ^x00C5, Checksum = ^x0E77 5DA81410 8F6C1120 00000065 D9000045 0000 E...awe.....l....] | 0E77C500 8A008A00 | FFFF1410 0010 ..........w.

For more information about using TCPTRACE, see Appendix A.

1.2.6 Checking Name Server Operation

After verifying that the underlying transport is working, check to see whether the remote host can be reached by its host name. If your name server resides on a remote system, make sure your resolver configuration specifies that system. To determine whether the resolver is pointing to the correct server, enter the following command:

TCPIP> SHOW NAME_SERVICE BIND Resolver Parameters Local domain: lkg.dec.com System State: Started, Enabled Transport: UDP Domain: lkg.dec.com Retry: 4 Timeout: 4 Servers: rufus.lkg.dec.com, peach.lkg.dec.com Path: lkg.dec.com Process State: Enabled Transport: Domain: Retry: Timeout: Servers: Path:

Make sure the remote servers are reachable (using ping ) and that they are valid name servers.

If your name server resides on the local system, use the SHOW NAME_SERVICE command to make sure your resolver points to localhost .

Next, verify that the TCPIP$BIND process is enabled and running. First, enter the following command to determine whether TCPIP$BIND is enabled:

TCPIP> SHOW SERVICE Service Port Proto Process Address State BIND 53 TCP,UDP TCPIP$BIND 0.0.0.0 Enabled DHCP 67 UDP TCPIP$DHCP 0.0.0.0 Enabled DIOSERVER 1451 TCP CLM 0.0.0.0 Disabled ECHO 7 TCP MULTI 0.0.0.0 Disabled ESNMP 705 UDP ESNMP 0.0.0.0 Disabled FINGER 79 TCP TCPIP$FINGER 0.0.0.0 Enabled FTP 21 TCP TCPIP$FTP 0.0.0.0 Enabled HELLO 12345 TCP HELLO_WORLD 0.0.0.0 Disabled JOHN 520 UDP UCX$ROUTER 0.0.0.0 Disabled LBROKER 6570 UDP TCPIP$LBROKER 0.0.0.0 Disabled LPD 515 TCP TCPIP$LPD 0.0.0.0 Enabled MATT 5432 TCP TCPIP$RLOGIN 0.0.0.0 Disabled METRIC 570 UDP TCPIP$METRIC 0.0.0.0 Enabled MOUNT 10 TCP,UDP TCPIP$MOUNTD 0.0.0.0 Enabled NFS 2049 UDP TCPIP$NFS 0.0.0.0 Enabled NOTES 3333 TCP NOTESRVR 0.0.0.0 Enabled NTP 123 UDP TCPIP$NTP 0.0.0.0 Enabled PCNFS 5151 TCP,UDP TCPIP$PCNFSD 0.0.0.0 Enabled POP 110 TCP TCPIP$POP 0.0.0.0 Enabled PORTMAPPER 111 TCP,UDP TCPIP$PORTM 0.0.0.0 Enabled REXEC 512 TCP TCPIP$REXEC 0.0.0.0 Enabled RLOGIN 513 TCP not defined 0.0.0.0 Enabled RSH 514 TCP TCPIP$RSH 0.0.0.0 Enabled SMTP 25 TCP TCPIP$SMTP 0.0.0.0 Enabled SNMP 161 UDP TCPIP$SNMP 0.0.0.0 Enabled TELNET 23 TCP not defined 0.0.0.0 Enabled TFTP 69 UDP TCPIP$TFTP 0.0.0.0 Enabled XDM 177 UDP TCPIP$XDM 0.0.0.0 Enabled

If the BIND process is enabled, it will appear in the display.

Then determine whether the BIND process is running by entering the following command:

$ SHOW SYSTEM /NETWORK OpenVMS V7.1-1H2 on node RUFUS 27-JUN-2000 16:45:46.84 Uptime 16 01:55:35 Pid Process Name State Pri I/O CPU Page flts Pages 2FC0021F TCPIP$NTP LEF 10 2042786 0 00:02:03.43 657 190 N 2FC00221 TCPIP$LBROKER LEF 9 3779921 0 00:06:27.51 652 271 N 2FC05046 TCPIP$POP_1 HIB 10 243688 0 00:00:48.42 955 598 N 2FC00289 TCPIP$PORTM LEF 10 13289 0 00:00:03.23 614 189 N 2FC0628F TCPIP$RE_BG1879 LEF 6 1647 0 00:00:00.96 1709 612 N 2FC0089A NFS$SERVER LEF 10 89284 0 00:00:19.28 978 580 N 2FC06C9E NOTES$00CD_2* HIB 6 208844 0 00:01:22.65 1932 152 N 2FC03EC7 TCPIP$BIND_1 LEF 10 515297 0 00:01:26.06 972 322 N 2FC01CF6 TCPIP$PCNFSD LEF 10 326 0 00:00:00.27 660 228 N $

If the TCPIP$BIND_1 process is not running, look for errors in the SYS$SPECIFIC:[TCPIP$BIND]TCPIP$BIND_RUN.LOG file.

To reduce the possibility of a name server being unavailable, you might configure more than one name server on your network. This way, if the primary name server is unreachable or unresponsive, the resolver can query the other name server.

1.2.7 Checking the Route to a Remote Host

If you receive "network unreachable" messages, you may be experiencing a routing problem. You can easily detect whether the problem is with your local routing table by doing the following:

• Enter a netstat -rn or SHOW ROUTE command.
  Display the routing table, then compare the output to the routing table of a properly running system. Make sure there is a default route defined and that the IP address listed in the gateway column for the default route and the local host are in the same subnet. The default route specifies the gateway to use when a route is not explicitly defined for the destination IP address.
  For example, enter the following command:

  TCPIP> netstat -rn Routing tables Destination Gateway Flags Refs Use Interface Route Tree for Protocol Family 2 default 16.20.0.173 UG 17 1526068 WE0 10.10/16 16.20.208.154 UGS 0 204911 WE0 10.10.39/25 10.10.39.2 U 2 17942 BE0 16.20/16 16.20.208.100 U 45 6219676 WE0 16.20/16 16.20.208.208 U 0 0 WE0 127.0.0.1 127.0.0.1 UH 1 69844 LO0 Route Tree for Protocol Family 26 ::1 Link#1 UH 0 0 LO0 ff01::/16 Link#1 U 0 0 LO0

• To display a default route using the TCP/IP Services management commands, enter one of the following commands:

  $ TCPIP SHOW ROUTE /PERMANENT /DEFAULT $ TCPIP SHOW ROUTE /DEFAULT

  
  The following example shows typical output from these two commands:

  $ TCPIP SHOW ROUTE /PERMANENT /DEFAULT PERMANENT Type Destination Gateway PN 0.0.0.0 rufus.lkg.dec.com $ TCPIP SHOW ROUTE /DEFAULT DYNAMIC Type Destination Gateway DN 0.0.0.0 10.10.2.66 $

  
  To set a default route, enter a command similar to the following:

  $ TCPIP SET ROUTE /DEFAULT /GATE=n.n.n.n

  
  You can also set a default route by running the TCPIP$CONFIG procedure and selecting option 1 for Core, and then option 3 for Routing. TCPIP$CONFIG prompts with:

  * Do you want to configure dynamic ROUTED or GATED routing [NO]:

  
  Take the default value by pressing the Enter key. TCPIP$CONFIG then displays the current configuration and asks whether you want to reconfigure a default route:

  The current configuration for the default route is: PERMANENT Type Destination Gateway PN 0.0.0.0 rufus.lkg.dec.com * Do you want to reconfigure a default route [YES]: Enter the Default Gateway host name []:

• Next, use ping to see whether you can reach the routing gateway.

The traceroute command helps you locate problems between the local host and the remote destination by tracing the route of UDP packets from the local host to a remote host. Tracing attempts to determine the name and IP address of each gateway along the route to the remote host.

The traceroute command works by sending UDP packets with small time-to-live (TTL) values and an invalid port number to the remote system. The TTL values increase in increments of one for each group of three UDP packets sent. When a gateway receives a packet, it decrements the TTL. If the TTL is zero, the packet is not forwarded, and an ICMP "time exceeded" message is returned.

Intermediate gateways are detected when they return an ICMP "time exceeded" message. When traceroute receives an "invalid port" message, it knows that it reached the remote destination. ( traceroute operates by intentionally using an invalid port.) When traceroute receives this message, it knows it has reached the destination host and terminates the trace. In this way, traceroute develops a list of gateways starting at one hop away, and increasing one hop at a time until the remote host is reached.

For more information about using traceroute , see Appendix A.

1.2.9 Determine Whether Network Services Are Available

The auxiliary server functions like the UNIX internet daemon ( inetd ) by managing access to the network services. The auxiliary server assigns standard port numbers to services such as the BOOTP, SMTP, or FTP servers, and starts the appropriate image after receiving an incoming request.

To verify correct operation of a service, you need to verify that the service:

• Has an entry in the service database
• Has the correct attributes defined
• Account has the correct privileges
• Is enabled
• Is started

To display the services database, enter the SHOW SERVICE command. For example:

TCPIP> SHOW SERVICE (1) (2) (3) (4) (5) (6) Service Port Proto Process Address State FINGER 79 TCP TCPIP$FINGER 0.0.0.0 Disabled FTP 21 TCP TCPIP$FTP 0.0.0.0 Enabled LPD 515 TCP TCPIP$LPD 0.0.0.0 Enabled MOUNT 10 UDP TCPIP$NFS_M 0.0.0.0 Enabled NFS 2049 UDP TCPIP$NFS 0.0.0.0 Enabled NTP 123 UDP TCPIP$NTP 0.0.0.0 Enabled PCNFS 5151 TCP,UDP TCPIP$PCNFSD 0.0.0.0 Enabled POP 110 TCP TCPIP$POP 0.0.0.0 Enabled PORTMAPPER 111 TCP,UDP TCPIP$PORTM 0.0.0.0 Enabled REXEC 512 TCP TCPIP$REXEC 0.0.0.0 Enabled RLOGIN 513 TCP not defined 0.0.0.0 Enabled RSH 514 TCP TCPIP$RSH 0.0.0.0 Enabled SMTP 25 TCP TCPIP$SMTP 0.0.0.0 Enabled SNMP 161 UDP TCPIP$SNMP 0.0.0.0 Enabled TELNET 23 TCP not defined 0.0.0.0 Enabled TFTP 69 UDP TCPIP$TFTP 0.0.0.0 Enabled

1. This column lists those services with entries in the TCPIP services database. If not listed in this column, the service was never enabled during the configuration procedure (using TCPIP$CONFIG.COM). To enable additional services, run the TCPIP$CONFIG procedure.
2. This column lists the port on which the service listens for connection requests. The port number is either the well-known port number for the service or an ephemeral port number assigned when the socket is assigned a protocol address.
3. This column lists the TCP/IP protocol that the service uses to communicate with the client process.
4. This column lists the process name for the service. If you use the DCL command SHOW SYSTEM /NETWORK, this is the process name you should see if the process is running.
5. This column lists the IP address of the interface on which the service accepts connection requests. IP address 0.0.0.0 indicates that the service will accept connection requests received on any of the local interfaces.
6. This column lists whether the service is enabled or disabled. The term enabled indicates that the next time TCP/IP Services starts, TCP/IP Services starts all services that are marked in the service database as enabled. In this example, of the services listed, all services except finger will start the next time TCP/IP Services restarts.

   Note In this example, the finger service was configured with TCPIP$CONFIG. However, at some point, finger was disabled either by a TCPIP management command or by an incremental shutdown of the service.