Thursday, April 22, 2010

Solaris 10: Digging Into TCP/IP Problems


Solaris 10: Digging Into TCP/IP Problems

Abstract:
Transmission Control Protocol / Internet Protocol (TCP/IP) has been embedded into most UNIX platforms since the beginning days of the Internet. With the enhancement of TCP/IP protocols over the decades, configuration & debugging has become increasingly more sophisticated. In the process of converting to a 100% open source system, Solaris 10 has acquired newer tools to work through issues.

Key Files:
Some key files needed to validate a configuration:
/etc/inet/hosts
/etc/inet/ipnodes
/etc/inet/netmasks
/etc/inet/services
/etc/defaultrouter
/etc/hostname.{interface}
/etc/nsswitch.conf
/etc/resolv.conf
Key Commands:
Some key commands used to validate the configuration:
/usr/sbin/ifconfig
/usr/bin/netstat
/usr/sbin/dladm
/usr/sbin/inetadm
/usr/sbin/ping

Key Tasks:
Issues with debugging connectivity of a device or a service includes various steps.

Validate the machine host name is tied to an IP address:
sunt2000/root# grep `uname -n` /etc/inet/hosts /etc/inet/ipnodes
/etc/inet/hosts:192.168.254.7
sunt2000 loghost
/etc/inet/ipnodes:192.168.254.7 sunt2000 loghost
Validate the machine host name and ip address is tied to a network interface:
sunt2000/root# grep `uname -n` /etc/hostname.*
/etc/hostname.ipge2:
sunt2000
Validate a default gateway for traffic to pass off of the network:
sunt2000/root# grep -v ^# /etc/defaultrouter
192.168.254.2 1
Validate the configuration of the interface by the OS during the past reboot:
sunt2000/root# ifconfig ipge2
ipge2: flags=1000843 mtu 1500 index 4

inet 192.168.254.7 netmask ffffff00 broadcast 192.168.254.255

ether 0:14:4f:2:6a:5e
Validate the interface parameters for duplex and speed
sunt2000/root# dladm show-dev ipge2
ipge2 link: unknown speed: 100 Mbps duplex: full

Validate routing is set up from last reboot:
sunt2000/root# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------- ------------- ----- ----- ---------- ---------
default 192.168.254.2 UG 1 6719031
192.127.254.0 192.168.254.7 U 1 23399 ipge2
224.0.0.0 192.168.254.7 U 1 0 ipge2
127.0.0.1 127.0.0.1 UH 1 26319 lo0
Validate traffic is passing without errors or collisions on the interface.
sunt2000/root# netstat -ni -I ipge2
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
ipge2 1500 192.168.254.0 192.168.254.7 419830401 0 538731765 0 0 0
Check to see what kind of name resolution is used on devices and services.
sunt2000/root# egrep '(^hosts|^services)' /etc/nsswitch.conf
hosts: dns files
services: files
When dns is being used, ensure the name services are running correctly.
sunt2000/root# nawk '/^nameserver/ { Cmd="nslookup www.oracle.com " $2 ; system(Cmd) }' /etc/resolv.conf
Server: 192.168.1.19

Address: 192.168.1.19#53

Non-authoritative answer:
www.oracle.com canonical name = www.oracle.com.edgesuite.net. www.oracle.com.edgesuite.net canonical name = a398.g.akamai.net.
Name: a398.g.akamai.net
Address: 63.216.54.107
Name: a398.g.akamai.net

Address: 63.216.54.106


Server: 192.168.24.231

Address: 192.168.24.231#53


Non-authoritative answer:

www.oracle.com canonical name = www.oracle.com.edgesuite.net. www.oracle.com.edgesuite.net canonical name = a398.g.akamai.net.
Name: a398.g.akamai.net

Address: 63.216.54.106
Name: a398.g.akamai.net
Address: 63.216.54.107
Check inet services which are not disabled.
sunt2000/root# inetadm | grep -v disabled
ENABLED STATE FMRI enabled online svc:/application/x11/xfs:default enabled online svc:/application/font/stfsloader:default enabled offline svc:/application/print/rfc1179:default enabled online svc:/network/rpc/smserver:default enabled online svc:/network/rpc/gss:default enabled online svc:/network/rpc/rstat:default enabled online svc:/network/security/ktkt_warn:default enabled online svc:/network/telnet:default enabled online svc:/network/nfs/rquota:default enabled online svc:/network/ftp:default enabled online svc:/network/login:rlogin enabled online svc:/network/shell:default enabled online svc:/network/rpc-100235_1/rpc_ticotsord:default enabled online svc:/network/bpcd/tcp:default enabled online svc:/network/vnetd/tcp:default enabled online svc:/network/vopied/tcp:default enabled online svc:/network/bpjava-msvc/tcp:default enabled online svc:/network/bootps/udp:default enabled online svc:/network/tftp/udp6:default enabled online svc:/network/rpc/cde-calendar-manager:default enabled online svc:/network/rpc/cde-ttdbserver:tcp
Check global properties for all inet services.
sunt2000/root# inetadm -p
NAME=VALUE
bind_addr=""
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=FALSE
tcp_wrappers=FALSE
connection_backlog=10
List inet properties for any service which is suspect of not running correctly.
sunt2000/root# inetadm -l telnet
SCOPE NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
default connection_backlog=10
Conclusion:
For setting up and maintaining basic Network Management infrastructure under Solaris, these basic commands will take someone a long way.

No comments:

Post a Comment