Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

AIX networking

News

See also

Redbooks IBM Links Recommended Links Reference Open Source packages for AIX
AIX run levels Patching Log administration Hardening Security Performance tuning profile and kshrc
smit Useful AIX commands   Tips History Humor Etc

The text below is adapted from IBM AIX Certification Guide

At IPL time, the /init process will run /etc/rc.tcpip after starting the SRC. The /etc/rc.tcpip file is a shell script that, when executed, uses SRC commands to initialize selected daemons. It can also be executed at any time from the command line.

Most of the daemons that can be initialized by the rc.tcpip file are specific to TCP/IP. These daemons are:

inetd (started by default)

gated
routed
named
timed
rwhod

Note: Running the gated and routed daemons at the same time on a host may cause unpredictable results.

There are also daemons specific to the base operating system or to other applications that can be started through the rc.tcpip file. These daemons are:

lpd
portmap
sendmail
syslogd (started by default)

In  daemons started from rc.tcpip can be stopped using the stopsrc command and restarted using the startsrc command.

startsrc -g group_of_daemons
startsrc -s subsystem_daemon

Eg. startsrc -g spooler
startsrc -s lpd

SEE man startsrc
Also see stopsrc

Stopping TCP/IP daemons using the /etc/tcp.clean command

The script /etc/tcp.clean can be used to stop TCP/IP daemons. It will stop the following daemons and remove the /etc/locks/lpd TCP/IP lock files:

ndpd-host
lpd
routed
gated
sendmail
inetd
named
timed
rwhod
iptrace
snmpd
rshd
rlogind
telnetd
syslogd

Restarting TCP/IP daemons

The /etc/rc.tcpip script can be used to restart TCP/IP daemons. Alternatively, you can use the startsrc -s command to start individual TCP/IP daemons.

Note: Do not restart TCP/IP daemons using the command:

startsrc -g tcpip

It will start all subsystems defined in the ODM for the tcpip group, which includes both routed and gated.

System boot without starting rc.tcpip

Connections using TCP/IP are often peer-to-peer. There are no master/slave relations. The applications, however, use a client/server model for communications.

Removing the rc.tcpip entry in /etc/inittab means that you are not starting any server applications during IPL.

Note: If you have a graphic console, make sure you also remove the rc.dt and rc.tcpip entries in the /etc/inittab file. Otherwise, your console will hang when you login. Unless you have an ASCII terminal connected to the serial port, there is no way you can recover since you will not be able to communicate with the machine through the telnet or rlogin commands with no TCP/IP server application started.

Without the server applications started, you will not be able to telnet or ftp to this machine from another host.

However, as long as you have not brought down the network interface, you can still utilize the client network services. You can still ping other hosts, you can still telnet to other hosts, and you can still ftp to other hosts.

The ping command sends an Internet Control Message Protocol (ICMP) ECHO_REQUEST to obtain an ICMP ECHO_RESPONSE from a host and does not need a server application. Therefore, even without starting any server application, the machine will still respond to a ping request from other hosts.

The inetd daemon

The /usr/sbin/inetd daemon provides Internet service management for a network. This daemon reduces system load by invoking other daemons only when they are needed and by providing several simple Internet services internally without invoking other daemons.

Starting and refreshing inetd

When the daemon starts, it reads its configuration information from the file specified in the Configuration File parameter. If the parameter is not specified, the inetd daemon reads its configuration information from the /etc/inetd.conf file. Once started, the inetd daemon listens for connections on certain Internet sockets in the /etc/inetd.conf and either handles the service request itself or invokes the appropriate server once a request on one of these sockets is received.

The /etc/inetd.conf file can be updated by using the System Management Interface Tool (SMIT), the System Resource Controller (SRC), or by editing the /etc/inetd.conf.

If you change the /etc/inetd.conf using SMIT, then the inetd daemon will be refreshed automatically and will read the new /etc/inetd.conf file. If you change the file using an editor, run the refresh -s inetd or kill -1 InetdPID commands to inform the inetd daemon of the changes to its configuration file. You will not receive a message if you use the kill -1 command as shown in

Subservers controlled by inetd

The inetd daemon is a subsystem that controls the following daemons (subservers):

comsat daemon
ftpd daemon
fingerd daemon
rlogind daemon
rexecd daemon
rshd daemon
talkd daemon
telnetd daemon
tftpd daemon
uucpd daemon

The ftpd, rlogind, rexecd, rshd, talkd, telnetd, and uucpd daemons are started by default. The tftpd, fingerd, and comsat daemons are not started by default.

To start any one of them, remove the pound (#) sign in column one of the respective entry in the /etc/inetd.conf file. You can check the details of subservers started in inetd by using the lssrc -ls command, as shown

The /etc/services file

The /etc/services file contains information about the known services used in the network by inetd. Each service listed in /etc/services runs on a specific port number for communications, in a specific format, such as TCP or UDP.

Each service is listed on a single line corresponding to the form:

ServiceName PortNumber/ProtocolName Aliases

A sample section from /etc/services may look like the following:

echo          7/tcp
echo          7/udp
discard       9/tcp      sink null
discard       9/udp      sink null
daytime      13/tcp
daytime      13/udp
chargen      19/tcp      ttytst source
chargen      19/udp      ttytst source
ftp          21/tcp
time         37/tcp      timeServer
time         37/udp      timeServer

If you edit the /etc/services file, run the refresh -s inetd command, in order for your changes to be used.

The portmap daemon

The portmap daemon converts remote procedure call (RPC) program numbers into Internet port numbers.

When an RPC server starts up, it registers with the portmap daemon. The server tells the daemon which port number it is listening to and which RPC program numbers it serves. Thus, the portmap daemon knows the location of every registered port on the host and which programs are available on each of these ports.

A client consults the portmap daemon only once for each program the client tries to call. The portmap daemon tells the client which port to send the call to. The client stores this information for future reference.

Since standard RPC servers are normally started by the inetd daemon, the portmap daemon must be started before the inetd daemon is invoked.

Note: If the portmap daemon is stopped or comes to an abnormal end, all RPC servers on the host must be restarted.

The nfsd is a common RPC server.

Host name resolution

TCP/IP provides a naming system that supports both flat and hierarchical network organizations so that users can use meaningful, easily remembered names instead of Internet addresses.

In flat TCP/IP networks, each machine on the network has a file (/etc/hosts) containing the name-to-Internet-address mapping information for every host on the network.

When TCP/IP networks become very large, as on the Internet, naming is divided hierarchically. Typically, the divisions follow the network's organization. In TCP/IP, hierarchical naming is known as the domain name system (DNS) and uses the DOMAIN protocol. The DOMAIN protocol is implemented by the named daemon in TCP/IP.

The default order in resolving host names is:

1. BIND/DNS (named)
2. Network Information Service (NIS)
3. Local /etc/hosts file

The default order can be overwritten by creating the configuration file, /etc/netsvc.conf and specifying the desired order. Both the default and /etc/netsvc.conf can be overwritten with the environment variable NSORDER.

You can override the default order by creating the /etc/netsvc.conf file with an entry. If /etc/netsvc.conf does not exist, the default will be as though you made the following entry:

hosts = bind,nis,local

You can override the default or the configuration file order by changing the NSORDER environment variable. If it is not set, the default will be as though you issued the command:

export NSORDER=bind,nis,local

The /etc/resolv.conf file

The /etc/resolv.conf file defines Domain Name Protocol (DOMAIN) name-server information for local resolver routines. If the /etc/resolv.conf file does not exist, then BIND/DNS is considered to be not set up or running and, therefore, not available. The system will attempt name resolution using the default paths, the /etc/netsvc.conf file, or the NSORDER environment variable.

Related problems with /etc/resolv.conf

When you have problems resolving a host name, and you are using a name server, you should:

1. Verify that you have a /etc/resolv.conf file specifying the correct domain name and Internet address of a name server. If you try to access a host by name with an incorrect entry in /etc/resolv.conf, and if the host is also not defined in /etc/hosts, you will get an error message, as shown in the following example:
# ping olympus
0821-062 ping: host name olympus NOT FOUND

2. If /etc/resolv.conf contains the correct data, verify that the host acting as the local name server is up by issuing the ping command with the IP address of the name server found in the /etc/resolv.conf file.

3. If the local name server is up, verify that the named daemon on that local system is active by issuing the lssrc -s named command on that host.

4. If you are running the syslogd daemon, there could be error messages logged. The output for these messages is defined in the /etc/syslog.conf file.

The nslookup command

The nslookup command queries domain name servers for information about various hosts and domains. The nslookup command is useful for determining host names of servers of systems on the Internet by IP address, host name, or domain. The nslookup command can be run as follows:

# nslookup [IPAddress | HostName]

For example, to determine the host name of the system with the IP address of 207.25.253.26, you would enter:

# nslookup 207.25.253.26 
Server:  dhcp001.itsc.austin.ibm.com
Address:  9.3.240.2 

Name:    service.boulder.ibm.com 
Address:  207.25.253.26 

In this example, the host name of the system with the IP address of 207.25.253.26 is service.boulder.ibm.com.

The nslookup command can also determine IP addresses of systems by host name. For example, to display the IP address of service.software.ibm.com, you would enter:

# nslookup service.software.ibm.com 
Server:  dhcp001.itsc.austin.ibm.com 
Address:  9.3.240.2 

New adapter considerations

Changing network adapters in a machine may require additional configuration steps after the basic hardware installation. Consider the following tasks as the additional steps required to configure a new adapter.

1. If you missed the informational messages from the cfgmgr command invoked during system boot, you should invoke the command again to check if the required device-dependent software is missing.
2. Install the required device software, if needed using the smitty devices command.
3. Invoke the diag -a command to confirm that the new adapter resource is added in the hardware configuration.
4. Rerun cfgmgr.
5. Ensure that the adapter is available on the system by invoking the lsdev -Cl command on the adapter. For example:
# lsdev -Cl ent0
6. Obtain the IP address and netmask from your network architect.
7. Configure the network interface using the SMIT fast path smit inet. Do not use smit mktcpip. It is only used for configuring TCP/IP for the first time.
8. Enable IP forwarding if the machine is connected to two networks.
9. Add a route to those systems that need access from any private networks.
 

Non-authoritative answer: 
Name:    service.boulder.ibm.com 
Address:  207.25.253.26 
Aliases:  service.software.ibm.com 

In this example, the IP address of service.software.ibm.com is 207.25.253.26. The nslookup output also shows that service.software.ibm.com is an alias for service.boulder.ibm.com.

Configuring a network adapter using SMIT

To change advanced features of network adapters, including ring speed, duplex settings, and queue sizes for transmitting and receiving information, use the SMIT fast path smit chgenet for Ethernet adapters, and smit chgtok for token ring adapters

The SMIT fast path command used to configure TCP/IP is smit tcpip. You can configure a network interface using the fast path smit inet. For these examples, we will be using an Ethernet interface, en0.

1. Check whether the en0 interface exists by selecting List All Network Interfaces. If en0 does not exist, select Add a Network Interface, and then select Add a Standard Ethernet Network Interface.

Press Enter to select en0 and fill in the following dialog screen.

Choose the interface that you need to configure and fill in the necessary information

Press Enter to select en0 and fill in the following dialog screen.

Choose the interface that you need to configure and fill in the necessary information

On completion of changing the standard Ethernet interface, you should see a message that the en0 interface has been changed.

Enabling IP forwarding

To allow other systems to access a different network through a machine containing two network adapters, you must enable IP forwarding on that machine. The system will now act as a gateway between network A and network B.

IP forwarding is a runtime attribute. The default value of 0 (zero) prevents forwarding of IP packets when they are not for the local system. A value of 1 (one) enables forwarding. Enable IP forwarding using the command:

no -o ipforwarding=1

This setting will be lost following a system reboot.

Adding network routes

For those systems that need to access a private network, use the SMIT fast path smit route or smit mkroute to add a route to the private network through the gateway between two networks

Changing IP addresses using SMIT

If you are moving your machine from one network segment to another, and need to change IP addresses, use smit mktcpip the same way as the first time you configured TCP/IP. You may need to change the host name, IP address, and the default gateway address.

The ifconfig command

The ifconfig command can allow you to configure and modify properties of network interfaces directly, without the use of SMIT. Often, administrators find this easier than using the SMIT panels for network administration.

The syntax of the ifconfig command for configuring and modifying network interfaces is as follows:

ifconfig Interface [ AddressFamily [ Address [ DestinationAddress ] ] [Parameters... ] ] 

There are three address families that can be used with the ifconfig command:

Identifying network interfaces

Before you use the ifconfig command to perform administration on network interfaces, it is helpful to identify all interfaces on your server. There are two ways to identify network interfaces on your server. The first command that you can run is:

# lsdev -Cc if

This will produce a simple list of all interfaces on the system, whether they are being actively used by the system or not. For example:

# lsdev -Cc if                                           
en0 Defined   10-80 Standard Ethernet Network Interface  
en1 Defined   20-60 Standard Ethernet Network Interface  
et0 Defined   10-80 IEEE 802.3 Ethernet Network Interface
et1 Defined   20-60 IEEE 802.3 Ethernet Network Interface
lo0 Available       Loopback Network Interface           
tr0 Available 10-68 Token Ring Network Interface 

The second command that you can run is:

# ifconfig -a

This will produce a list of all network interfaces on the system that have IP addresses assigned and are actively being used by the system. For example:

# ifconfig -a                                                                   
tr0: flags=e0a0043<UP,BROADCAST,RUNNING,ALLCAST,MULTICAST,GROUPRT,64BIT>        
        inet 10.1.2.2 netmask 0xffffff00 broadcast 10.1.2.255                
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT
>                                                                               
        inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255             
        inet6 ::1/0

To get information about one specific network interface, including state, IP address, and netmask, run the command:

# ifconfig Interface

To get information about tr0, for example, run the command:

# ifconfig tr0                                                            
tr0: flags=e0a0043<UP,BROADCAST,RUNNING,ALLCAST,MULTICAST,GROUPRT,64BIT>  
        inet 10.1.2.2 netmask 0xffffff00 broadcast 10.1.2.255 

Activating a network interface

Before messages can be transmitted through a network interface, the interface must be placed in the up or active state. To activate an interface using ifconfig, run the command:

# ifconfig Interface [Address] [netmask Netmask] up

To activate a network interface using ifconfig, such as tr0, run the command:

# ifconfig tr0 up

To activate a network interface, such as the loopback interface (lo0) and assign it an IP address, run the command:

# ifconfig lo0 127.0.0.1 up

To activate a network interface, such as a token ring interface (tr0), and assign it an IP address and netmask, run the command:

# ifconfig tr0 10.1.2.3 netmask 255.255.255.0 up

Deactivating a network interface

To stop messages from being transmitted through an interface, the interface must be placed in the down or inactive state. To deactivate an interface using ifconfig, run the command:

# ifconfig Interface down

For example, to deactivate the network interface tr0, run the command:

# ifconfig tr0 down

Deleting an address from a network interface

To remove a network address from an interface, the address must be deleted from the interface definition. To delete a network address from an interface using ifconfig, run the command:

# ifconfig Interface [Address] [netmask Netmask] delete

For example, to delete the network address from tr0, run the command:

# ifconfig tr0 delete

Detaching a network interface

To remove an interface from the network interface list, the interface must be detached from the system. This command can be used when a network interface card has physically been removed from a system or when an interface no longer needs to be defined within the system. To detach a network interface from the system using ifconfig, run the command:

# ifconfig Interface detach

For example, to remove the interface tr0 from the network interface list, run the command:

# ifconfig tr0 detach

Note: This command removes all network addresses assigned to the interface and removes the interface from the output of the ifconfig -a command. To add an interface back to the system, or to add a new interface to the network interface list, run the command:

# ifconfig Interface

where Interface is the network interface you want to add.

Creating an IP alias for a network interface

Through the ifconfig command, you can bind multiple network addresses to a single network interface by defining an alias. This is a useful tool for such activities as providing two different initial home pages through a Web server application. To bind an alias to a network interface, run the command:

# ifconfig Interface Address [netmask Netmask] alias

For example, to bind the IP address of 10.1.2.3 to tr0 with a netmask of 255.255.255.0, run the command:

# ifconfig tr0 10.1.2.3 netmask 255.255.255.0 alias

Note: There will be no ODM record created of the alias by this command. You will need to invoke the same command every time you reboot your system to preserve the alias. If your system configuration has a local startup script defined in the /etc/inittab file, this command should be included in that local startup script.

When this alias is no longer required, you can remove it using the command:

ifconfig tr0 10.1.2.3 netmask 255.255.255.0 delete

Note: If you do not specify which alias is to be removed from a network interface, the system will default and remove the primary network address from the interface. After this occurs, the first alias in the list of network addresses for the interface will become the primary network address for the interface. To remove all aliases from an interface, you must delete each alias individually.

Changing the MTU size of a network interface

When messages are transmitted through a network interface, they travel in bundles of information called packets. These packets can vary in length from 60 bytes to 65535 bytes per packet. By default, a 16 Mb token-ring interface will transmit packets that are 1492 bytes long, and Ethernet interfaces will transmit packets that are 1500 bytes long. For AIX systems, these packets are governed by the maximum transmission unit (MTU) size variable.

Note: The minimum and maximum MTU sizes for specific interfaces may vary. See "Automatic Configuration of Network Interfaces" in the AIX 5L Version 5.1 System Management Guide: Communications and Networks as part of the AIX product documentation for more information.

The MTU size is critical for proper network communications. Packets that are too small in length may be lost during transmission. Packets that are too long in length may collide with other packets that are being transmitted. These factors can lead to slower transmission rates and other network problems as packets must then be retransmitted.

To determine the MTU size for a network interface, run the command:

# lsattr -El Interface

The output will look similar to the following:

# lsattr -El tr1
mtu           1492          Maximum IP Packet Size for This Device         True
mtu_4         1492          Maximum IP Packet Size for 4 Mbit ring speed   True
mtu_16        1492          Maximum IP Packet Size for 16 Mbit ring speed  True
mtu_100       1492          Maximum IP Packet Size for 100 Mbit ring speed True
...

The ifconfig command can adjust the MTU size for a network interface. To change the MTU size, run the command:

# ifconfig Interface mtu Value

For example, to change the MTU size of tr1 to 12000 bytes in length, run the command:

# ifconfig tr1 mtu 12000

Note: The MTU size cannot be changed while the interface is in use. All systems that are on the same local area network (LAN) must have the same MTU size, so all systems must change MTU size simultaneously to prevent problems.

FTP logging

By default, FTP does not log connections or file transfers from users accessing the system. This can be a security risk when users use anonymous FTP to transfer files to or from your system. To enable FTP logging, do the following:

1. Edit the /etc/syslog.conf file and add the line:
daemon.info FileName

where FileName is the name of the log file that will track FTP activity, both by the anonymous and other user IDs. FileName must exist before you perform the next step of this process.

2. Run the command refresh -s syslogd to refresh the syslogd daemon.
3. Edit the /etc/inetd.conf file, and modify the line containing ftpd as follows:
ftp     stream  tcp6    nowait  root    /usr/sbin/ftpd         ftpd -l
4. Run the command refresh -s inetd to refresh the inetd daemon.

When users use the ftp command to access your system, their login and file transfer activity will be logged in FileName. This log will look similar to the following:

Sep  5 13:56:47 localhost ftpd[17958]: connection from server2.example.ibm.com at Wed Sep  5 13:56:47 2001
Sep  5 13:56:52 localhost ftpd[17958]: ANONYMOUS FTP LOGIN FROM server2.example.ibm.com, [email protected]
Sep  5 13:57:17 localhost ftpd[17958]: FTPD: IMPORT file local testfile, remote

In this sample, a user established an anonymous FTP connection from server1.example.ibm.com. As a password, the user provided the e-mail address of [email protected]. The user used the FTP command put to upload the file testfile to server2.

FTP logging does not record when a user quits an FTP session. To determine if someone is still logged onto your system, run a ps -fp on the PID provided within the brackets ([17958]).

FTP log files will grow in proportion to how many users access your system and how many file transfers take place. We recommend that you monitor the growth of your FTP log to prevent potential system problems.

The uname command

Apart from the hostname command, you can also use the uname -n command to display the host name of your system. Without any flags, the uname command will display the operating system that your are using.

You can also use the uname -x command to display:

The operating system that your are using
The host name
The machine ID number of the hardware running the system
The release number of the operating system
The operating system version
The system model name

Basic network problem determination

When a user informs you that a certain system cannot be accessed, check for various network problems. Typically, you will go through these TCP/IP problem determination topics using whichever is applicable to your environment:

Communication problems
Name resolution problems
Routing problems
Problems with System Resource Controller (SRC) support
Telnet or rlogin problems
Configuration problems
Common problems with network interfaces
Problems with packet delivery
Problems with Dynamic Host Configuration Protocol (DHCP)

However, there are other considerations outside the network area that you should check also:

The server system may be down.

This will usually reveal itself when you check for communication problems. The ping command will lead you to the problem system. The whole system may be down or the network interface may be down.

The paging space may be full.

If a user has logged in, this will be fairly obvious as there is usually a system message stating not enough paging space or not enough memory. However, if a user is trying to telnet or ftp to the system, there will be time outs as the system cannot create additional processes, or the system may be busy killing processes.

A file system may be full.

If the user can access the system, but there are problems with certain functions, you should check all areas in the system. If the user cannot start the Web Based System Manager (WSM), the /tmp filesystem may be full.

A file system may not have been mounted.

Usually, the user will mention losing all his files.

Not all problems are caused by the network and the network function. Make sure you understand your user's problem before concluding that it is a network problem.

Quiz

The following are additional questions created by the authors to further test your understanding of the topics.

1. Which of the following actions allow a System Administrator to configure anonymous FTP?
A. smit ftp
B. /usr/samples/tcpip/anon.ftp
C. startsrc -s ftp -a anonymous
D. add the FTP anonymous user using smit
2. A System Administrator is given only one Ethernet network card (en0) in a system, with an IP address of 192.168.1.3. A user wants to host two different initial home pages on the Web server. The System Administrator has verified that the Web server does support multiple IP Addresses. To add another IP address to the already configured interface, which of the following choices should be selected?
A. smitty chgenet
B. smitty add_interface
C. ifconfig en0 newipaddress netmask netmask alias
D. This task cannot be accomplished without adding a new Ethernet interface.
3. When a RPC (remote procedural call) server starts up, it registers itself with which of the following daemons?
A. yp daemons
B. nfs daemons
C. inetd daemons
D. portmap daemon

The following are additional questions created by the authors to further test your understanding of the topics.

1. Which of the following actions will allow the system administrator to stop and restart the TCP/IP daemons manually?
A. Use the netstat command.
B. Use the SRC utility to stop and restart.
C. Use the netconfig utility menu.
D. Issue the rmdev command on the appropriate network adapter.
2. Two Web servers need to be configured on a single machine that has only one network interface. Each Web server needs to have its own unique IP address. How should an administrator accomplish this?
A. Use the smitty alias command
B. Add it in /etc/defaults
C. Use the newaliases 192.127.10.10 command
D Use the ifconfig en0 192.127.10.10 alias command

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[May 12, 2010] startsrc

startsrc [ -a Argument] [ -e Environment] [ -h Host] { -s Subsystem | -g Group}

To Start a Subserver

startsrc [ -h Host] -t Type [ -o Object] [ -p SubsystemPID]

Description

The startsrc command sends the System Resource Controller (SRC) a request to start a subsystem or a group of subsystems, or to pass on a packet to the subsystem that starts a subserver.

If a start subserver request is passed to the SRC and the subsystem to which the subserver belongs is not currently active, the SRC starts the subsystem and transmits the start subserver request to the subsystem.

Flags

-a Argument Specifies an argument string that is passed to the subsystem when the subsystem is executed. This string is passed from the command line and appended to the command line arguments from the subsystem object class. The Argument string specified is a maximum of 1200 characters or the command is unsuccessful. The command argument is passed by the SRC to the subsystem, according to the same rules used by the shell. Quoted strings are passed as a single argument, and blanks outside a quoted string delimit an argument. Single and double quotes can be used.
-e Environment Specifies an environment string that is placed in the subsystem environment when the subsystem is executed. The Environment string specified is a maximum of 1200 characters, or the command is unsuccessful. Using the same rules that are used by the shell, the SRC sets up the environment for the subsystem.

Quoted strings are assigned to a single environment variable and blanks outside quoted strings delimit each environment variable to be set. For example: -e "HOME=/tmp TERM=dumb MESSAGE=\"Multiple word message\""would set HOME=/tmp as the first, TERM=dumb as the second, and MESSAGE="Multiple word message" as the third environment variable for the subsystem.

-g Group Specifies a group of subsystems to be started. The command is unsuccessful if the Group name is not contained in the subsystem object class.
-h Host Specifies the foreign host on which this start action is requested. The local user must be running as "root". The remote system must be configured to accept remote System Resource Controller requests. That is, the srcmstr daemon (see /etc/inittab) must be started with the -r flag and the /etc/hosts.equiv or .rhosts file must be configured to allow remote requests.
-o Object Specifies that a subserver object is to be passed to the subsystem as a character string. It is the subsystems responsibility to determine the validity of the Object string.
-p SubsystemPID Specifies a particular instance of the subsystem to which the start subserver request is to be passed.
-s Subsystem Specifies a subsystem to be started. The Subsystem can be the actual subsystem name or the synonym name for the subsystem. The command is unsuccessful if the Subsystem is not contained in the subsystem object class.
-t Type Specifies that a subserver is to be started. The command is unsuccessful if Type is not contained in the subserver object class.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To start a subsystem with arguments and environment variables, enter:

    startsrc -s srctest -a "-D DEBUG" -e "TERM=dumb HOME=/tmp"

    This starts the srctest subsystem with "TERM=dumb", "HOME=/tmp" in its environment and "-D DEBUG" as two arguments to the subsystem.
  2. To start a subsystem group on a foreign host, enter:

    startsrc -g tcpip -h zork

    This starts all the subsystems in the subsystem tcpip group on the zork machine.
  3. To start a subserver, enter:

    startsrc -t tester

    This sends a start subserver request to the subsystem that owns the tester subsystem.
  4. To start a subsystem with command arguments, enter:

    startsrc -s srctest -a "-a 123 -b \"4 5 6\""

    This places "-a" as the first argument, "123" as the second, "-b" as the third, and"456" as the fourth argument to the srctest subsystem.

Files

/etc/objrepos/SRCsubsys Specifies the SRC Subsystem Configuration Object Class.
/etc/objrepos/SRCsubsvr Specifies the SRC Subserver Configuration Object Class.
/etc/services Defines the sockets and protocols used for Internet services.
/dev/SRC Specifies the AF_UNIX socket file.
/dev/.SRC-unix Specifies the location for temporary socket files.

Related Information

The stopsrc command, the refresh command.

The System resource controller in Operating system and device management gives an explanation of subsystems, subservers, and the System Resource Controller.

The Trusted AIX in Security

[May 12, 2010] lssrc - Gets the status of a subsystem, a group of subsystems, or a subserver.

lssrc [ -h Host ] -a

To Get Group Status

lssrc [ -h Host ] -g GroupName

To Get Subsystem Status

lssrc [ -h Host ] [ -l ] -s Subsystem

To Get Status by PID

lssrc [ -h Host ] [ -l ] -p SubsystemPID

To Get Subserver Status

lssrc [ -h Host ] [ -l ] -t Type [ -p SubsystemPID ] [ -o Object ] [ -P
SubserverPID ]

To Get Subsystem Status in SMIT Format

lssrc -S [ -s Subsystem | -d ]

aix-networking

1.TCP/IP related daemon startup script
/etc/rc.tcpip

2.To view the route table
netstat -r

3.To view the route table from the ODM DB
lsattr -EHl inet0 -a route

4.Temporarily add a default route
route add default 192.168.1.1

5.Temporarily add an address to an interface
ifconfig en0 192.168.1.2 netmask 255.255.255.0

6.Temporarily add an alias to an interface
ifconfig en0 192.168.1.3 netmask 255.255.255.0 alias

7.To permanently add an IP address to the en1 interface
chdev -l en1 -a netaddr=192.168.1.1 -a netmask=0xffffff00

8.Permanently add an alias to an interface
chdev -l en0 -a alias4=192.168.1.3,255.255.255.0

9.Remove a permanently added alias from an interface
chdev -l en0 -a delalias4=192.168.1.3,255.255.255.0

10.List ODM (next boot) IP con guration for interface
lsattr -El en0

11.Permanently set the hostname
chdev -l inet0 -a hostname=www.tablesace.net

12.Turn on routing by putting this in rc.net
no -o ipforwarding=1

13.List networking devices
lsdev -Cc tcpip

14.List Network Interfaces
lsdev -Cc if

15.List attributes of inet0
lsattr -Ehl inet0

16.List (physical layer) attributes of ent0
lsattr -El ent0

17.List (networking layer) attributes of en0
lsattr -El en0

18.Speed is found through the entX device
lsattr -El ent0 -a media speed

19.Set the ent0 link to Gig full duplex
(Auto Negotiation is another option)
chdev -l ent0 -a media speed=1000 Full Duplex -P

20.Turn off Interface Speci c Network Options
no -p -o use isno=0

21.Get (long) statistics for the ent0 device (no -d is shorter)
entstat -d ent0javascript:void(0)
Save Now

22.List all open, and in use TCP and UDP ports
netstat -anf inet

23.List all LISTENing TCP ports
netstat -na | grep LISTEN

redp0103

  1. [PDF]

    HOW TO: Easily Configure TCP/IP on Your AIX System

developerWorks AIX and UNIX AIX Networking

AIX Network Administration

Overview

This course provides instruction on IBM AIX network administration and security. Students will be introduced to networking termonology and will learn how to administer the AIX TCP/IP network through lectures and hands-on exercises. Topics include an overview of network protocols, how to use the network commands, how to install and configure network hardware, and how to configure standard network services, including the network filesystem (NFS), Network Information System (NIS), Dynamic Host Configuration Protocol (DHCP), Domain Name Services (DNS), IP Version 6 (IPv6), and sendmail. Attendes will also learn how to set up and manage network security through the use of network scanner detection programs and other tools.

Audience

System and Network Administrators.

Prerequisites

Attendees of this course should have completed the AIX System Administration course.

Learning Objectives

Upon completion of this course you will be able to:

  • Describe and state the purpose of various network protocols.
  • Configure network hardware and software.
  • Configure routing and routing tables.
  • Configure subnet masks.
  • Set up and manage standard network services including telnet, ftp, NFS, NIS, DHCP, DNS, and Sendmail.
  • Examine and improve the network security of AIX systems using network security tools and programs.
  • Troubleshoot common network problems.
Course duration

5 Days

Course outline

Network Hardware and Software

1) Network Hardware


Routers
CSU/DSU
Modems/Portmaster
Hubs
Switches
Network Interface Cards

2) Types of Networks
3) The Internet
4) Top Level Domains
5) Domain and Host Names
6) Gateways
7) Network Protocols

Network Protocol Overview
The TCP/IP Protocol Stack
Internet Protocol (IP)
Transmission Control Protocol (TCP)
File Transfer Protocol (FTP)
Telnet
Network News Transfer Protocol (NNTP)
Hyper Text Transport Protocol (HTTP)
Simple Mail Transport Protocol (SMTP)
Simple Network Management Protocol (SNMP)
Address Resolution Protocol & Reverse Address Resolution Protocol

8) IP Addressing
9) IP Address Format
10) Network and Host Addresses

Reserved Host Addresses
Reserved Network Addresses
Class A Address
Class B Address
Class C Address

11) Subnets

Netmasks
Calculating Subnet Sizes

12) Setting up A Network

IPv6
IPv6 over IPv4

Network Configuration and Administration

1) How the AIX Network Software Works


The inetd Internet Daemon
The /etc/inetd.conf File
Connection Requests
Sockets

2) Network Control Files

The /etc/hosts File
The /etc/hosts.equiv File
The /etc/hosts.lpd File
The /etc/protocols File
The /etc/services File

3) Using SMIT To Configure the Network

Configuring Required Services
Configuring Optional Services

4) Network Startup
5) Checking the Network Configuration
6) Obtaining Networking Information

The ifconfig Command
The hostname Command
The netstat Command
The traceroute Command
Managing Network Interfaces
Testing Network Connectivity

7) Managing Routes

The routing table
Configuring static routes
Configuring dynamic routes
Configure boot time routing
Troubleshooting routing

8) Configuring Ipv6
9) Network Shutdown
10) Diagnosing and Correcting Network Problems

Network File Systems

1) Network File System Overview

2) NFS Terminology

3) NFS Commands and Files


The /usr/sbin/exportfs Command
The /etc/exports File
The /bin/mount command

4) Configuring NFS

Setting Up the NFS Server
Setting Up A NFS Client

5) Removing NFS Resources

Server System Procedures
Client System Procedures

Network Information Service

1) Overview of NIS

2) How the Network Information Service Works

3) The NIS Client-Server Model

4) NIS Information Management

5) NIS Services

6) NIS Tables

7) Setting Up a NIS Server

8) Setting Up a NIS Client

9) Verifying NIS Operation

DHCP

1) Introduction to DHCP

2) The DHCP Protocol

3) Allocation of network addresses

4) Dynamic Allocation

5) Description of the communication steps

6) Variations on the timeline diagram

7) Message Types Summary

8) Installing and Configuring the DHCP Server and/or Client Software

9) Installing the DHCP Software


The /etc/dhcpd.conf File
The /etc/dhcpd.leases File

10) Controlling the dhcpd Server

11) DHCP Client Configuration

12) Testing the Client/Server Connection and completing the Installation

Domain Name Service

1) The DNS Database

2) DNS Overview

3) Installing DNS

4) DNS Terminology

5) DNS Daemons and Programs

6) DNS Configuration Files

7) DNS Control and Log Files

8) The named Daemon

9) Controlling the named Daemon

10) DNS Configuration Files


The /etc/resolv.conf File
The /etc/host.conf File
The /etc/named.conf File
The /var/named/named.ca File
The /var/named/named.[zone] Files
Format and Contents of the /var/named/named.[zone] Files

11) Reverse DNS

12) Slave DNS Servers

13) The nslookup Command

14) Setting up a DNS Client

15) Configuring a DNS Server

16) DNS Trouble Shooting

SendMail

1) What is sendmail?

2) Sendmail Programs

3) Configuring sendmail


The /etc/sendmail.cf File
The /etc/aliases File

4) Sendmail Directories and Log Files

5) Configuring sendmail

6) Starting and Stopping sendmail

7) Testing sendmail

8) Forwarding Email

9) Setting Up A Mail Server

10) The Post-Office-Protocol Daemon

11) Using a Mail Client to Retreive Email

12) Setting Up Microsoft Windows Email Clients

13) Unix Email Clients

14) Sendmail Security

AIX Network Security

1) Why is a System Hacked?

2) How are Systems Hacked?

3) How Network Hacking Is Detected and Prevented

4) Controlling Access - Network Users

5) Controlling Access - Remote Hosts

6) Network Services

7) Network Daemons

8) Scanners


System Scanners
Network Scanners

9) TCP/IP Wrappers?

What are TCP/IP Wrappers?
Installing TCP/IP Wrappers
Configuring TCP/IP Wrappers
Testing TCP/IP Wrappers

10) ftp Security

11) Network Security Tools

portsentry
satan
Other tools



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019