Network

 

 

---

Contents

1. Preinstall checklist
2. F5 BIG-IP
3. Network Interfaces
4. IP
5. TCP
6. UDP
7. Ports
8. URL
9. http
10. sftp
11. ftp

Preinstall checklist

Some common commands to verify network functionality before installing applications. This example is for an AIX OS.

Verify networking

1. Check network interfaces

2. Verify the system has a resolvable fully qualified host name

   # nslookup hyhost1.mydomain.com
   Server:         166.140.45.135
   Address:        166.140.45.135#53
   
   Name:   myost2.mydomain.com
   Address: 166.20.72.127
   

   Ping the system

   ping hostname

   If either command fails, correct the /etc/hosts file.

   /etc/hosts

3. Hosts file
   • Entry for each appserver in the cluster (live appservers should have other live appservers; staging appservers should have other staging appservers) should be added
   • Entry for NDM (live or staging)
   • Entry for database server
   • Entry for each webserver, (DMZ for live and shared for staging)

   Verify the system is DNS enabled so that there is a host name and domain present. Pure IP address environments are not supported by WebSphere Commerce.

   nslookup IP_address

   ...or...

   uname -n

   The result should be a reply with the correct fully qualified host name of the system.

   You must have both a name server and a search domain defined in...

   /etc/resolv.conf

4. Verify DVD-ROM drive.

5. Verify Graphics capable monitor.

6. Verify LAN adapter that supports the TCP/IP protocol.




Ports

Verify there are no port conflicts in the planned configuration.

To see in-use port numbers...

netstat -an

Look for: 80, 443, 5432, 5433, 8000, 8001, 8002, 8004, 8006, or 8007




Verify host name

Verify the host name of the Web server machine does not contain an underscore ( _ ).




Verify nmon is configured

Verify nmon is configured




Verify unzip

Verify unzip 5.42 installed to /opt/freeware with appropriate symlinks in /usr/bin

# unzip -v 
UnZip 5.51 of 22 May 2004, by Info-ZIP.  

Latest sources and executables are at ftp://ftp.info-zip.org/pub/infozip/ ;
see ftp://ftp.info-zip.org/pub/infozip/UnZip.html for other sites.

Compiled with cc for Unix (IBM AIX) on Sep 27 2004.

UnZip special compilation options:
        COPYRIGHT_CLEAN (PKZIP 0.9x unreducing method not supported)
        LZW_CLEAN (PKZIP/Zip 1.x unshrinking method not supported)
        SET_DIR_ATTRIB
        TIMESTAMP
        USE_EF_UT_TIME
        USE_DEFLATE64 (PKZIP 4.x Deflate64(tm) supported)
        VMS_TEXT_CONV
        [decryption, version 2.9 of 05 May 2000]

UnZip and ZipInfo environment options:
           UNZIP:  [none]
        UNZIPOPT:  [none]
         ZIPINFO:  [none]
      ZIPINFOOPT:  [none]




1. GNU wget

   Verify GNU Wget 1.8.2 is installed

   Installed to /usr/local/bin

   To check...

   $ wget -V

   
   

   lsof

   Verify lsof 4.61 is installed to /usr/sbin with appropriate symlink in /usr/local/sbin

   To check:

   $ lsof -v

   
   

   Set ulimits

   ulimit -a
   time(seconds)        unlimited
   file(blocks)         2097151
   data(kbytes)         unlimited<
   stack(kbytes)        32768
   memory(kbytes)       32768
   coredump(blocks)     2097151
   nofiles(descriptors) 10000
   threads(per process) unlimited
   processes(per user)  unlimited
   

   
   

   Full core dumps

   On Live app servers only, sys0 needs to be changed to allow full core dumps:

   chdev -a fullcore=true -lsys0

   How to check:

   lsattr -El sys0 | grep full
   
   fullcore        true               Enable full CORE dump                  True
   

   
   

   Operating System

   On AIX, as user root, run slibclean

   On all nodes (appserver, DB, and web server), verify appropriate fixes have been applied...

   myhost1:/tmp # oslevel -s
   7100-00-02-1041

   
   

   fileset xlC.rte

   Install latest fileset:

   To verify...

   lslpp -l xlC.rte

   Example:

   myhost3:/tmp # lslpp -l xlC.rte
     Fileset                      Level  State      Description
     ----------------------------------------------------------------------------
   Path: /usr/lib/objrepos
     xlC.rte                   10.1.0.3  COMMITTED  XL C/C++ Runtime
   

   
   

   Verify LPAR configuration

   Verify machine from the IBM POWER processor family.

   prtconf | egrep "Processor Type|Processor Clock|Number Of Processors|Good Memory"
   Processor Type: PowerPC_POWER7
   Number Of Processors: 4
   Processor Clock Speed: 3000 MHz
   Good Memory Size: 6144 MB

   
   

   Verify time and RAM

   Verify time stamps for database server and appserver nodes are the same (ntp).

   Verify minimum of 2 GB of free RAM for the first appserver instance. Each additional instance requires an additional free 1.5 GB of RAM.

   Verify minimum of 1 GB of paging space per processor.

   Set virtual memory optimizations (vmo)

   
   

   Build files

   The following JARs are required for any environment that is connected with MQ for Order processing.

   Unlimited strength encryption jars...

   • US_export_policy.jar
   • local_policy.jar

   ...should be copied to...

   JAVA_HOME/jre/lib/security

   Copies of the files can be found in lower life cycle environments.

   
   

   Verify Asynchronous I/O

    lslpp -l bos.iocp.rte
     Fileset                      Level  State      Description
     ----------------------------------------------------------------------------
   Path: /usr/lib/objrepos
     bos.iocp.rte               7.1.0.0  COMMITTED  I/O Completion Ports API
   
   Path: /etc/objrepos
     bos.iocp.rte               7.1.0.0  COMMITTED  I/O Completion Ports API
   

   
   

   Required JARs

   The following JAR files are required for any application server environment that is connected with MQ for Order processing.

   /opt/isv/WAS70/AppServer/java/jre/lib/security/US_export_policy.jar
   /opt/isv/WAS70/AppServer/java/jre/lib/security/local_policy.jar

   
   

   Celerra NFS Filesystems

   Is this web server only?

   NFS share is always called "wsvr_dctm" and for non-production servers it is hosted on cpemis15.

   For production servers, it can be cpemis96/97/98/99 (for high availability).

   The filesystem should be mounted on...

   /opt/hd/wsvr/dctm_nas

   To verify...

   df | grep dctm_nas
   cpemis97:/wsvr_dctm   82606048  74953424   10%   136110     3% /opt/hd/wsvr/dctm_nas
   

   The NFS mount should be configured to automount. This can be verified in /etc/filesystems:

   /opt/hd/wsvr/dctm_nas:
           dev             = "/wsvr_dctm"
           vfs             = nfs
           nodename        = cpemis97
           mount           = true
           options         = bg,soft,intr,sec=sys
           account         = false
   

   
   

   Paging space

   1GB page space per processor (4GB total for production)

   How to check:

   myhost3:/tmp # lsps -a
   Page Space      Physical Volume   Volume Group Size %Used Active  Auto  Type Chksum
   paging02        hdisk18           vg01          1024MB     1   yes   yes    lv     0
   paging01        hdisk18           vg01          1024MB     1   yes   yes    lv     0
   paging00        hdisk18           vg01          1024MB     1   yes   yes    lv     0
   hd6             hdisk0            rootvg        1024MB     1   yes   yes    lv     0
   

   
   

   Configure backups

   For example, Tivoli Storage Manager (TSM) backups should scheduled sometime between midnight and 0400.

 

TCP

The Transmission Control Protocol (TCP) protocol provides a connection-based channel of data between two computers. TCP guarantees that data sent from one end of the connection actually gets to the other end and in the same order it was sent. Otherwise, an error is reported.

The order of the data packets is important for reconstructing at the receving computer, and is tracked carefully.

 

UDP

The User Datagram Protocol (UDP) is not connection-based like TCP. Rather, UDP sends independent packets of data, called datagrams, from one application to another, with no guarantee that the data actually is received.

The order of the data packets is not important. Each message is independent of any other.

Clock servers are typical examples of apps that will use UDP. If the client misses a packet, it doesn't really make sense to resend it because the time will be incorrect when the client receives it on the second try. The reliability of TCP is unnecessary in this instance because it causes performance degradation and may hinder the usefulness of the service.

Another example of a service that doesn't need the guarantee of a reliable channel is the ping command. Ping needs to know about dropped or out-of-order packets to determine how good or bad the connection is. A reliable channel would invalidate this service altogether.

Note that many firewalls and routers have been configured not to allow UDP packets.

 

Ports

ports are used by computers to route traffic to different applications. A web server will run on port 80, Oracle will run on port 1521, WebLogic Server will run on port 7000, etc...

Data transmitted over the Internet is accompanied by addressing information that identifies the computer and the port for which it is destined. The computer is identified by its 32-bit IP address, which IP uses to deliver data to the right computer on the network. Ports are identified by a 16-bit number, which TCP and UDP use to deliver the data to the right application.

Port numbers range from 0 to 65,535. Ports numbered 0 - 1023 are known as well-known ports and are reserved for use by common applications such as HTTP and FTP.

 

URLs

Uniform Resource Locators (URLs) are used to located internet resources. URLs can refer to Internet addresses or to URL objects

URLs can be absolute, such as http://www.setgetweb.com/filename.html, or relative, such as ../directory/filename.html.

A URL has two main components:

1. Protocol identifier

   Name of the protocol to be used to fetch the resource. For examaple, the following uses the HTTP protocol.

   http://www.setgetweb.com

2. Resource name

   Complete address to the resource. The format depends on the protocol used, but in general includes one or more of the following components:

   Hostname	Name of the machine on which the resource lives.
   Port	The port number to which to connect. Typically optional.
   Filename	The pathname to the file on the machine.
   Reference	Reference to a named anchor within a resource that usually identifies a specific location within a file. Typically optional.

   For example:

   http://www.setgetweb.com:80/network/index.html#TCP

See also

• Adaptive Security Algorithm (ASA)
• DNS
• ESP
• FDDI
• Firewall: FTP
• GRE
• HSRP
• Firewall commands - http
• IANA
• ICMP
• Syslog Messages
• IGMP
• Internet Key Exchange
• Assigning Dynamic Addresses with IKE Mode Config
• IP Addresses
• IP Addresses
• Configuring the Microsoft Exchange Servers
• MS Exchange: Configuring the firewall
• MS Exchange: Configuring the Inside Server
• MS Exchange: Configuring the Outside Server
• MS Exchange: Configuring After Rebooting
• NTP
• PAT
• PIX
• PPTP
• RADIUS
• RIP
• RPC
• SMTP
• SNMP
• SQL*NET
• SYN
• TACACS+
• TFTP
• Determining the IP Address of a TFTP Server
• Installing a TFTP Server
• VPN Client
• XDMCP
• Extended Authentication (Xauth)
• Firewall commands - aaa-server
• Firewall commands - aaa
• Firewall commands - access-group
• Firewall commands - access-list
• Firewall commands - acctg_service
• Using an Encrypted Tunnel to Obtain Certificates
• Assigning a Fixed Address to a Server
• Acronyms and Abbreviations

 

---