HP OpenVMS Systems Documentation
Compaq TCP/IP Services for OpenVMS
Each service should have the following items defined in the services database:
If these items are not defined correctly, or if the service account privileges and file protections are not assigned correctly, the service will fail to respond to an incoming request. This failure may be logged in the service-specific log file.
To display information about a service, enter the TCPIP command SHOW SERVICE /FULL and specify the service name. For example:
$ TCPIP TCPIP> SHOW SERVICE /FULL TELNET Service: TELNET (1) State: Enabled Port: 23 Protocol: TCP Address: 0.0.0.0 Inactivity: 1 User_name: not defined Process: not defined Limit: 57 Active: 12 Peak: 14 File: not defined Flags: Listen Rtty Socket Opts: Keepalive Rcheck Scheck (2) Receive: 3000 Send: 3000 Log Opts: Actv Dactv Conn Error Logi Logo Mdfy Rjct (3) File: not defined Security (4) Reject msg: not defined Accept host: 0.0.0.0 Accept netw: 0.0.0.0 TCPIP>
To check the privileges associated with a service's process, enter a command for the process, as follows:
$ INSTALL LIST/FULL TCPIP$SMTP_RECEIVER DISK$VMS721:<SYS0.SYSCOMMON.SYSEXE>.EXE TCPIP$SMTP_RECEIVER;1 Open Hdr Shared Prv Entry access count = 20 Current / Maximum shared = 1 / 1 Global section count = 1 Privileges = SYSPRV Authorized = SYSPRV $ INSTALL LIST/FULL TCPIP$FTP_CHILD DISK$VMS721:<SYS0.SYSCOMMON.SYSEXE>.EXE TCPIP$FTP_CHILD;1 Open Hdr Shared Prv Entry access count = 42 Current / Maximum shared = 1 / 3 Global section count = 1 Privileges = PSWAPM OPER Authorized = PSWAPM OPER
To determine the privileges associated with the service's account, run the OpenVMS Authorize utility and then use the SHOW command with the process name of the service, as follows:
A72KT: SET DEFAULT SYS$SYSTEM A72KT: RUN AUTHORIZE UAF> SHOW TCPIP$SNMP Username: TCPIP$SNMP Owner: TCPIP$SNMP Account: TCPIP UIC: [3655,13] ([TCPIP$AUX,TCPIP$S NMP]) CLI: DCL Tables: DCLTABLES Default: SYS$SYSDEVICE:[TCPIP$SNMP] LGICMD: LOGIN Flags: Restricted Primary days: Mon Tue Wed Thu Fri Secondary days: Sat Sun Primary 000000000011111111112222 Secondary 000000000011111111112222 Day Hours 012345678901234567890123 Day Hours 012345678901234567890123 Network: ##### Full access ###### ##### Full access ###### Batch: ----- No access ------ ----- No access ------ Local: ----- No access ------ ----- No access ------ Dialup: ----- No access ------ ----- No access ------ Remote: ----- No access ------ ----- No access ------ Expiration: (none) Pwdminimum: 6 Login Fails: 0 Pwdlifetime: 90 00:00 Pwdchange: (pre-expired) Last Login: (none) (interactive), 7-AUG-2000 12:45 (non-interactive) Maxjobs: 0 Fillm: 50 Bytlm: 52200 Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0 Maxdetach: 0 BIOlm: 18 JTquota: 4096 Prclm: 8 DIOlm: 18 WSdef: 350 Prio: 8 ASTlm: 100 WSquo: 512 Queprio: 4 TQElm: 15 WSextent: 512 CPU: (none) Enqlm: 100 Pgflquo: 10240 Authorized Privileges: NETMBX TMPMBX Default Privileges: NETMBX TMPMBX
The following is another method of detecting failure of the auxiliary server to start a service:
This chapter describes how to adjust TCP/IP variables to improve
2.1 Kernel Subsystems
The TCP/IP Services kernel contains the following subsystems:
Each subsystem has attributes that you can change to affect the performance of the network. You can display and modify these attributes values by using the sysconfig command.
The following sections describe how to perform these tasks:
To display kernel subsystems, enter the following command:
$ TCPIP TCPIP> sysconfig -s inet: loaded and configured net: loaded and configured socket: loaded and configured iptunnel: loaded and configured ipv6: loaded and configured snmpinfo: loaded and configured TCPIP>
To display the attributes of a particular subsystem, enter a command similar to the following:
TCPIP> sysconfig -q socket socket: sbcompress_threshold = 0 sobacklog_drops = 0 sobacklog_hiwat = 3 somaxconn = 1024 somaxconn_drops = 0 sominconn = 0 TCPIP>
To determine support for an attribute, use the sysconfig -q subsystem [attribute] command.
If you do not specify an attribute, the system displays all the subsystem attributes that can be modified with the sysconfig command. If the subsystem is not configured, sysconfig displays a message similar to the following:
framework error: subsystem 'inet' not found
If you specify an attribute, the sysconfig command displays only information about that attribute. For example:
# sysconfig -q inet tcbhashsize inet: tcbhashsize = 32
If the attribute is not supported or if it cannot be accessed by using sysconfig , sysconfig displays a message similar to the following message:
inet: tcbhashsize = unknown attribute
Use the following methods to display attribute values:
TCPIP> sysconfig -q inet tcp_rexmtmax inet: tcp_rexmtmax = 128 TCPIP>
TCPIP> sysconfig -Q inet tcp_rexmtmax inet: tcp_rexmtmax - type=INT op=CRQ min_val=1 max_val=2147483647 TCPIP>
The /etc/sysconfigtab subsystem attribute database file contains modifications to the default attribute values. Various methods are available to modify attribute values.
Use the sysconfig -r command to modify attribute values in the sysconfigtab file. Do not modify the file manually.
You may be able to modify an attribute temporarily by changing only its current value. This allows you to determine whether modifying an attribute will improve your system performance. Not all attributes can be changed dynamically.
Temporary modifications are lost when you reboot the system.
To modify an attribute's current value, use the following method:
sysconfig -r subsystem attribute=value
TCPIP> sysconfig -r inet tcp_keepinit=30 tcp_keepinit: reconfigured TCPIP>
Most resources used by the network subsystem are allocated and adjusted dynamically. However, you can make some adjustments to improve performance.
Table 2-1 summarizes the adjustments you can make, lists performance benefits and the adjustments that will achieve them, along with the tradeoffs (where applicable) associated with each adjustment.
|Performance Benefit||Tuning Adjustment||Tradeoff|
|Reduce the number of dropped incoming connection requests.||Increase the maximum number of pending TCP connections (Section 18.104.22.168).||Consumes memory resources.|
|Allow each server socket to handle more SYN packets simultaneously.||Increase the minimum number of pending TCP connections (Section 22.214.171.124).||Consumes memory resources.|
|Allow for a larger socket buffer.||Increase the maximum socket buffer size (Section 126.96.36.199).||Consumes memory. If you have a large number of sockets, memory consumption could be of concern.|
|Improve the TCP control block lookup rate and increase the raw connection rate.||Increase the size of the hash table that the kernel uses to look up TCP control blocks (Section 188.8.131.52).||Slightly increases the amount of pooled memory.|
|Reduce hash table lock contention for SMP systems.||Increase the number of TCP hash tables (Section 184.108.40.206).||Slightly increases the amount of pooled memory.|
|Improve performance on systems that use large numbers of interface alias.||Increase the size of the kernel interface alias table (Section 220.127.116.11).||None.|
|Allow partial connections to time out sooner, preventing the socket listen queue from filling up with SYN packets.||Increase the TCP partial connection timeout rate (Section 18.104.22.168).||Setting the tcp_keepinit value too low can cause connections to be broken prematurely.|
|Prevent premature retransmissions and decrease congestion.||Reduce the TCP retransmission rate (Section 22.214.171.124).||A long retransmit time is not appropriate for all configurations.|
|Clean up sockets that do not exit cleanly when the keepalive interval expires.||Enable TCP keepalive functionality (Section 126.96.36.199).||None.|
|Free connection resources sooner.||Make the TCP connection context time out more quickly at the end of the connection (Section 188.8.131.52).||Reducing the timeout limit increases the potential for data corruption; use caution if you make this adjustment.|
|Provide TCP and UDP applications with a specific range of ports.||Modify the range of outgoing connection ports (Section 184.108.40.206).||None.|
|Improve the efficiency of servers that handle remote traffic from many clients.||Disable the use of a PMTU (Section 220.127.116.11).||May reduce server efficiency for LAN traffic.|
|Allow large socket buffer sizes.||Increase the maximum size of a socket buffer (Section 18.104.22.168).||Consumes memory resources.|
The following sections describe in detail how to modify socket subsystem attributes and internet subsystem attributes.
2.2.1 Modifying Socket Subsystem Attributes
subsystem attributes control the maximum number of pending connection
attempts per server socket (that is, the maximum depth of the listen or
SYN queue) and other behavior. You may be able to improve server
performance by modifying the
subsystem attributes described in Table 2-2.
|somaxconn||Controls the maximum number of pending TCP connections.|
|sominconn||Controls the minimum number of pending TCP connections.|
|sb_max||Controls the maximum size of a socket buffer.|
In addition, the
track events related to socket listen queues. By monitoring these
attributes, you can determine whether the queues are overflowing.
22.214.171.124 Increasing the Maximum Number of Pending TCP Connections
The socket subsystem attribute somaxconn specifies the maximum number of pending TCP connections (the socket listen queue limit) for each server socket (for example, for the HTTP server socket). Busy servers often experience large numbers of pending connections. If the listen queue connection limit is too small, incoming connection requests may be dropped. Pending TCP connections can be caused by lost packets in the internet or denial of service attacks.
The default value for somaxconn is 1024.
Compaq recommends increasing the
attribute to the maximum value, except on low-memory systems. The
maximum value is 65535. Specifying a value that is higher than the
maximum value can cause unpredictable behavior.
126.96.36.199 Increasing the Minimum Number of Pending TCP Connections
The socket subsystem attribute sominconn specifies the minimum number of pending TCP connections (backlog) for each server socket. This attribute controls how many SYN packets can be handled simultaneously before additional requests are discarded. Network performance can degrade if a client saturates a socket listen queue with erroneous TCP SYN packets, effectively blocking other users from the queue.
The value of the sominconn attribute overrides the application-specific backlog value, which may be set too low for some server software. If you do not have your application source code, you can use the sominconn attribute to set a sufficient pending-connection quota.
The default value is 0.
Compaq recommends increasing the value of the
attribute to the maximum value of 65535. The value of the
attribute should be the same as the value of the
attribute (see Section 188.8.131.52).
184.108.40.206 Increasing the Maximum Size of a Socket Buffer
The socket subsystem attribute sb_max specifies the maximum size of a socket buffer.
Performance Benefits and Tradeoffs
Increasing the maximum size of a socket buffer may improve performance if your applications can benefit from a large buffer size.
You can modify the sb_max attribute without rebooting the system.
When to Tune
If you require a large socket buffer, increase the maximum socket buffer size.
The default value of the
attribute is 128 KB. Increase this value before you increase the size
of the transmit and receive socket buffers (see Section 10.2.16).
2.2.2 Modifying Internet Subsystem Attributes
You may be able to improve inet subsystem performance by modifying the attributes described in Table 2-3.
|tcbhashsize||Controls the size of a TCP hash table.|
|tcbhashnum||Specifies the number of TCP hash tables.|
|inifaddr_hsize||Controls the size of the kernel interface alias table.|
|tcp_keepinit||Specifies the TCP partial connection timeout rate.|
|tcp_rexmit_interval_min||Specifies the rate of TCP retransmissions.|
|tcp_keepalive_default||Enables or disables the TCP keepalive function.|
|tcp_msl||Specifies the TCP connection context timeout rate.|
|ipport_userreserved||Specifies the maximum value for the range of outgoing connection ports.|
|ipport_userreserved_min||Specifies the minimum value for the range of outgoing connection ports.|
|pmtu_enabled||Enables or disables use of the PMTU protocol.|
|ipqs||Specifies the number of IP input queues.|
|ipqmaxlen||Prevents dropped input packets.|