HP OpenVMS Systems Documentation
Compaq TCP/IP Services for OpenVMS
In addition to tuning TCP/IP Services kernel attributes, performance improvements can be made to server applications by:
Each connection to an server requires enough memory resources for the following:
These memory resources total 1 KB for each connection endpoint (not including the socket buffer space), which means 10 MB of memory is required in order to accommodate 10,000 connections.
Your server must have enough memory to handle demanding peak loads. As a rule of thumb, if you configure ten times more memory than the server requires on a busy day, you will have sufficient memory to handle occasional spikes of activity.
There are no limitations on a server's ability to handle millions of
TCP connections if memory resources are available to service the
connections. If memory is insufficient, the server will reject new
connection requests until memory is available. Use the
command to monitor the memory that is currently being used by the
network subsystem. See Section 2.3.1 for information about displaying
2.4.2 Logging IP Addresses
If your server application logs client host names, the application software may force the system to perform a reverse DNS lookup to obtain the client's host name. Reverse DNS lookups are time-intensive and can cause performance problems on servers with many clients.
Many applications can be modified to log client IP addresses instead of client host names. Logging IP addresses instead of host names may significantly improve the efficiency of the server. Consult the documentation provided by the server software vendor to determine how to disable the logging of client host names.
For example, you can obtain information about modifying Apache HTTP
Server software from the Apache HTTP Server documentation site.
2.5 Increasing the Auxiliary Server Connection Limit
The auxiliary server handles a limited number of service invocations in a one-minute period of time. The default is a maximum of 500 connection requests. If the number of requests exceeds this limit, the auxiliary server will not accept additional requests for that service.
If your server receives more than eight requests per second for a service that is spawned by the auxiliary server (for example, POP-3, FTP, and SMTP servers), increase the default connection request limit. You can check the service's log file to determine if a service has been shut down. For example, the file SYS$SYSDEVICE:[TCPIP$POP]TCPIP$POP_RUN.LOG will contain information about the POP service.
Because the auxiliary server does not spawn any known HTTP server, the
connection request limit does not affect HTTP service.
2.6 Solving Performance Problems
This section contains information that you can use to identify and solve server performance problems.
The following tasks can help you to solve performance problems:
This section provides recommendations for tuning a server for optimal performance. These recommendations are applicable to most configurations. The recommendations include the attribute value and a reference to additional information.
The primary recommendations for servers, (including web servers, proxy servers, gateway systems, and firewall systems) are as follows:
somaxconn = 65535 sominconn = 65535
pmtu_enabled = 0
For proxy servers, gateway systems, and firewall systems, also apply these additional recommendations:
sbcompress_threshold = 600
ipport_userreserved = 65000
This appendix provides more information about the troubleshooting tools described in this manual. It also describes the tools used for isolating and resolving problems with your network and network software.
To invoke a tool as a command at the system prompt, execute the SYS$STARTUP:TCPIP$DEFINE_COMMANDS.COM file. Execution of this file defines each tool as a foreign command.
Displays and controls Address Resolution Protocol (ARP) tables.
arp [-u] [-n] hostname
arp -a [-u] [-n] [-i] hostname
arp -d hostname
arp -g hostname
arp -s [-u] hostname hardware_addr [temp] [pub] [trail]
arp -f filename
The arp command displays or modifies the current ARP entry for the host specified by hostname. The hostname value can be specified by name or IP address, using dotted-decimal notation.
With no flags, the program displays the current ARP entry for hostname .
The ARP tables can be displayed by any user, but only privileged users can modify them.
-aDisplays all current ARP entries.
-d hostnameDeletes the entry for hostname if the user entering the command is a privileged user.
-f filenameReads entries from filename and adds those entries to the ARP tables. Use of this flag requires system privileges. Entries in the file have the following format:
hostname hardware_addr [temp] [pub] [trail]
Fields in this format are:
Option Description hostname Specifies the remote host identified by the entry. hardware_addr Specifies the hardware address of the remote host. The address is given as 6 hexadecimal bytes separated by colons. temp Specifies that this ARP table entry is temporary. When this argument is not used, the table entry is permanent. pub Indicates that the table entry will be published and that the current system will act as an ARP server, responding to requests for hostname even though the host address is not its own. trail Indicates that the trailer encapsulation can be sent to this host.
-g hostnameSends a gratuitous ARP packet. The value for hostname can be a local host name, alias, or IP address.
-i hostnameDisplays the interface with which the ARP entry is associated.
-n hostnameDisplays numeric IP addresses and hardware addresses only. When this flag is not specified, arp displays hostnames, numeric IP addresses, and hardware addresses.
-s hostname hardware_addr [temp] [pub]Creates a single ARP entry for hostname. Use of this flag requires privileges. Fields in the format are:
hostname Specifies the remote host identified by the entry. hardware_addr Specifies the hardware address of the remote given as 6 hexadecimal bytes separated by colons. temp Specifies that this ARP table entry is temporary. When this argument is not used, the table entry is permanent. pub Indicates that the table entry will be published and the current system will act as an ARP server, responding to requests for hostname even though the host address is not its own.
-uDisplays the MAC address in noncanonical form, with address bytes reversed and separated by a colon character (:). By default, all addresses are displayed in canonical form with address bytes separated by the hyphen character (-).
When used with the -s flag, this indicates the hardware_addr is specified in noncanonical form.
The following examples show how to use the arp command.
TCPIP> arp -a a71kt.lkg.dec.com (10.10.2.1) at aa-00-04-00-71-f8 stale v71kt.lkg.dec.com (10.10.2.3) at aa-00-04-00-70-f8 stale v72kt.lkg.dec.com (10.10.2.4) at aa-00-04-00-6d-f8 tlab9.lkg.dec.com (10.10.2.11) at aa-00-04-00-42-11 timber.lkg.dec.com (10.10.2.14) at aa-00-04-00-c9-f8
This example shows how to display the ARP address-mapping tables for the local host.
TCPIP> arp -a -i a71kt.lkg.dec.com (10.10.2.1) at aa-00-04-00-71-f8 stale (WE0) v71kt.lkg.dec.com (10.10.2.3) at aa-00-04-00-70-f8 (WE0) v72kt.lkg.dec.com (10.10.2.4) at aa-00-04-00-6d-f8 stale (WE0) tlab9.lkg.dec.com (10.10.2.11) at aa-00-04-00-42-11 (WE0) timber.lkg.dec.com (10.10.2.14) at aa-00-04-00-c9-f8 (WE0)
This example shows how to display the ARP address-mapping tables for the local host and the interface.
TCPIP> arp -s laszlo 08:00:2b:0f:44:23 temp
This example shows how to add a single entry for the remote host laszlo to the ARP mapping tables temporarily. The address is considered canonical even though the bytes are separated by colons. For input, the arp command does not use the colon (:) and hyphen (-) characters to indicate whether the address is canonical or noncanonical. You must have system privileges to execute this command.
TCPIP> arp -u -s laszlo 10:00:d4:f0:22:c4 temp
This example shows how to add a single entry for the remote host laszlo to the arp mapping tables temporarily. The -u flag indicates the address is noncanonical. You must have system privileges to execute this command.
TCPIP> arp -f newentries
This example shows how to add multiple entries to the ARP mapping tables from a file named newentries . You must have system privileges to execute this command.
Sends domain name query packets to name servers.
dig [@server] domain [query-type] [query-class] [+query-option] [-dig-option] [%comment]
Domain Information Groper ( dig ) is a flexible command line tool you can use to gather information from Domain Name System servers. The dig tool has two modes: simple interactive mode, which makes a single query; and batch mode, which executes a query for each query in a list of several query lines. All query options are accessible from the command line.
serverEither a domain name or an IP address expressed in dotted-decimal notation. If this optional field is omitted, dig attempts to use the default name server for your machine.
If you specify a domain name, dig resolves the query using the domain name resolver (BIND). If your system does not support DNS, you may have to specify an network address in dotted-decimal notation. Alternatively, if a DNS server is available, that server must be listed in the local hosts database.
domainThe domain name for which you are requesting information. See the -x option for a convenient way to specify a reverse translation address query.
query-typeThe type of information (DNS query type) that you are requesting. If you omit this parameter, the default value for query-type is a (network address). BIND recognizes the following query types:
Query Type Query Class Description a T_A Network address any T_ANY All information about the specified domain mx T_MX Mail exchanger for the domain ns T_NS Name servers soa T_SOA Zone of authority record hinfo T_HINFO Host information axfr T_AXFR Zone transfer (must ask an authoritative server) txt T_TXT Arbitrary number of strings (see RFC 1035 for the complete list)
query-classThe network class requested in the query. If you moit this parameter, the default is in (C_IN, Internet class domain). BIND recognizes the following classes:
Query Type Query Class Description in C_IN Internet class domain any C_ANY All class information
See RFC 1035 for a complete list of query classes.
You can use the query-class any statement to specify a class or a type of query. dig parses the first occurrence of any to mean query-type = T_ANY . To specify query-class = C_ANY , you must either specify any twice or set query-class using the -c option.
%ignored-commentUse the percent (%) character to include an argument that is not parsed. This can be useful if you are running dig in batch mode. Instead of resolving every @server-domain-name in a list of queries, you can avoid the overhead of doing so, and still have the domain name on the command line as a reference. For example:
dig @22.214.171.124 %venera.isi.edu mx isi.edu
-<dig-option>Use the hyphen (-) character to specify an option that affects the operation of dig . The options described in the Table A-1 are currently available (although not guaranteed to be useful). Options that are uppercase characters must be specified in quotes. For example, dig -"P"
Table A-1 dig Options Option Description -x dot-notation-address Convenient form for specifing reverse translation of IP address. Instead of:dig 126.96.36.199.in-addr.arpa
you can use:dig -x 188.8.131.52
-f file File for dig batch mode. The file contains a list of query specifications ( dig command lines) that are to be executed successively. Lines beginning with ;, #, or \n are ignored. Other options can still appear on the command line and will be in effect for each batch query. -T time Time (in seconds) between start of successive queries when running in batch mode. Can be used to keep two or more batch dig commands running synchronously. The default is 0. -p port Port number. Queries a name server listening to a nonstandard port number. The default is 53. -P After query returns, executes a ping command to compare response times. This option issues the following command:$ MCR TCPIP$PING -C 3 server_name
-t query-type Type of query. Specifies either an integer value to be included in the type field, or uses the abbreviated mnemonic (such as mx ). -c query-class Class of query. Specifies either an integer value to be included in the class field, or use the abbreviated mnemonic (such as in ).
+<query-option>Use the plus (+) character to specify an option to be changed in the query packet or to change dig output specifics. Many of these options are the same options accepted by nslookup . If an option requires a parameter, use the following format:
+ keyword [=value]
Most keywords can be abbreviated. Parsing of the "+" options is very simplistic---a value must not be separated from its keyword by any spaces. The following keywords are currently available:
Keyword Abbreviation Default Description [no] debug deb deb Turn on/off debugging mode. [ no ] d2 nod2 Turn on or off extra debugging mode. [ no ] recurse rec rec Use or do not use recursive lookup. retry=# ret 4 Set number of retries to #. time=# ti 4 Set timeout length to # seconds. [ no ] ko noko Keep open option (implies vc ). [ no ] vc novc Use or do not use virtual circuit. no defname def def Use or do not use default domain name. [ no ] search sea sea Use or do not use domain search list. domain=NAME do Set default domain name to NAME. [ no ] ignore i noi Ignore or do not ignore truncation errors. [ no ] primary pr nopr Use or do not use primary server. no aaonly aa noaa Authoritative query only flag. [ no ] cmd cmd Echo parsed arguments. [ no ] stats st st Display query statistics. [ no ] Header H H Display basic header. [ no ] header he he Display header flags. [ no ] ttlid tt tt Display TTLs. [ no ] cl nocl Display class information. [ no ] qr noqr Display outgoing query [ no ] reply rep rep Display reply. [ no ] ques qu qu Display question section. [ no ] answer an an Display answer section. [ no ] author au au Display authoritative section. [ no ] addit ad ad Display additional section. pfdef Set to default display flags. pfmin Set to minimal default display flags. pfset=# Set display flags to # (# can be hexadecimal, octal, or decimal). pfand=# Bitwise and display flags with #. pfor=# Bitwise or display flags with #.
The following examples show how to use the dig command.
$ dig ; <<>> DiG 8.1 <<>> ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUERY SECTION: ;; ., type = NS, class = IN ;; ANSWER SECTION: . 1d20h1m11s IN NS E.ROOT-SERVERS.NET. . 1d20h1m11s IN NS D.ROOT-SERVERS.NET. . 1d20h1m11s IN NS A.ROOT-SERVERS.NET. . 1d20h1m11s IN NS H.ROOT-SERVERS.NET. . 1d20h1m11s IN NS C.ROOT-SERVERS.NET. . 1d20h1m11s IN NS G.ROOT-SERVERS.NET. . 1d20h1m11s IN NS F.ROOT-SERVERS.NET. . 1d20h1m11s IN NS B.ROOT-SERVERS.NET. . 1d20h1m11s IN NS J.ROOT-SERVERS.NET. . 1d20h1m11s IN NS K.ROOT-SERVERS.NET. . 1d20h1m11s IN NS L.ROOT-SERVERS.NET. . 1d20h1m11s IN NS M.ROOT-SERVERS.NET. . 1d20h1m11s IN NS I.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: E.ROOT-SERVERS.NET. 2d20h1m11s IN A 184.108.40.206 D.ROOT-SERVERS.NET. 2d20h1m11s IN A 220.127.116.11 A.ROOT-SERVERS.NET. 2d20h1m11s IN A 18.104.22.168 H.ROOT-SERVERS.NET. 2d20h1m11s IN A 22.214.171.124 C.ROOT-SERVERS.NET. 2d20h1m11s IN A 126.96.36.199 G.ROOT-SERVERS.NET. 2d20h1m11s IN A 188.8.131.52 F.ROOT-SERVERS.NET. 2d20h1m11s IN A 184.108.40.206 B.ROOT-SERVERS.NET. 2d20h1m11s IN A 220.127.116.11 J.ROOT-SERVERS.NET. 2d20h1m11s IN A 18.104.22.168 K.ROOT-SERVERS.NET. 2d20h1m11s IN A 22.214.171.124 L.ROOT-SERVERS.NET. 2d20h1m11s IN A 126.96.36.199 M.ROOT-SERVERS.NET. 2d20h1m11s IN A 188.8.131.52 I.ROOT-SERVERS.NET. 2d20h1m11s IN A 184.108.40.206 ;; Total query time: 4013 msec ;; FROM: lassie.ucx.lkg.dec.com to SERVER: default -- 220.127.116.11 ;; WHEN: Wed Aug 9 16:42:08 2000 ;; MSG SIZE sent: 17 rcvd: 436