fhg
Volume 14, Number 5 -- March 5, 2014

Admin Alert: Setting Up IBM i TCP/IP Host Routes

Published: March 5, 2014

by Joe Hertvik

On an IBM i partition, you may need to route IP traffic for a particular server over a specific IP address. You could be doing this to segment network traffic or because you can only reach a host server through a specific interface (say an interface that has access to a firewall). Here's the drill for modifying your IBM i TCP/IP routing entries to set up host routing.

The Situation

The best way to demonstrate how to set up IBM i host routing is by showing you an example. So let's start with a single IBM i partition with a simple IP interface and routing setup. This partition is configured with the following setup.

  • It was originally set up with only one IP interface on the machine. For this example, I'll call the original interface 10.200.1.75.
  • All the IP traffic is routed to the partition's network gateway through the default address. Let's also say the network's gateway resides at 10.200.1.1 and the machine is initially configured so that no matter what, all traffic will be sent to the gateway for processing.
  • The organization is activating another interface, 10.200.1.80, and they want to route all the traffic to a high availability server at 10.201.1.1 over the new interface.

Here's how you could reconfigure your TCP/IP routes to accomplish these tasks. Once you see how easy it is to set up host routing, you should be able to use this example as a template for adding other host routing setups to an IBM i partition.

The Setup

You can view your IP interfaces and the routes these interfaces use through green-screen options under the Configure TCP/IP menu. You can bring up this menu by running the Configure TCP/IP (CFGTCP) command.



You can view your configured and active TCP/IP interfaces by taking option 1, Work with TCP/IP interfaces. For this example, let's assume both our 10.200.1.75 and 10.200.1.80 interfaces are activated. Here's how we can approach changing the routing configuration to put in new host routing for accessing the 10.201.1.1 server.

1. Take option 2=Work with TCP/IP routes to view your current routes. If no other host routing has been configured, you'd see a routing screen that looks something like this.

Work with TCP/IP Routes
Type options, press Enter.
  1=Add   2=Change   4=Remove   5=Display
     Route            Subnet           Next             Preferred
Opt  Destination      Mask             Hop              Interface
     *DFTROUTE        *NONE            10.200.1.1       *NONE

TCP/IP routes tell the operating system how to direct TCP/IP traffic in your system. In this case, our partition only has one TCP/IP route, which is referred to as the default route (*DFTROUTE). Most IBM i partitions have a *DFTROUTE entry to handle routing any IP traffic that doesn't have specific host routing entries. For this machine, the default route above specifies that all TCP/IP traffic should be routed according to the following criteria.

  • Any traffic that does not have a host routing entry will use this *DFTROUTE entry for routing instructions (as defined by the *DFTROUTE routing entry name and Subnet mask = *NONE parameter).
  • Traffic using this routing entry will use any available interface on the system (Preferred interface = *NONE) to send the traffic out to the network.
  • Traffic using this entry will be sent to the 10.200.1.1 gateway, because the Next Hop parameter is defined as 10.200.1.1. The next hop parameter tells TCP/IP where to send traffic for further routing.

2. According to our *DFTROUTE entry, traffic will automatically be routed over both the 10.200.1.75 interface AND the 10.200.1.80 interface (because the Preferred Interface value on the *DFTROUTE is equal to *NONE, both interfaces can be selected). But the reason we added the 10.200.1.80 interface is that we are implementing a high availability solution and we want to do the following:

  • Route all traffic to the new High Availability server (10.210.1.1) over the 10.200.1.80 interface. This will allow us to segment HA traffic over that interface so that it doesn't compete with production traffic going out over the 10.200.1.75 interface.
  • Modify the *DFTROUTE entry to only use the 10.200.1.75 interface for transmitting any network traffic that is not intended for the 10.210.1.1 HA server. We need to stop using the 10.200.1.80 interface for default traffic.

The new configuration will allow us to segment IP traffic on this machine to meet these goals. The next steps show how to do this, and what the routing entries will look like after the configuration is complete.

3. Before changing the configuration, always be sure to take a print screen of your current routing entries and keep it handy. This will help you restore your routing configuration in case there's a problem.

4. Make your changes when your system is restricted or TCP/IP is turned off. This will ensure that no traffic is affected while you are changing your routing entries. While routing changes can be implemented and become active while TCP/IP is running, I recommend performing changes on a quiet system if you're going to overhaul your routing entries or make changes to your *DFTROUTE entry.

5. On the Work with TCP/IP Routes screen, enter a 4=Remove in front of your current *DFTROUTE TCP/IP entry. We have to delete the *DFTROUTE entry because you have to remove and re-enter the Preferred Interface information in order to make the changes outlined in point 2.

6. Again on the Work with TCP/IP Routes screen, enter a 1=Add on the input line on the screen. You'll see an Add TCP/IP Route (ADDTCPRTE) screen appear. You would fill in the following fields as shown below to add a new routing entry that uses the 10.200.1.80 interface for transmitting traffic intended for the 10.210.1.1 HA server.

                          Add TCP/IP Route (ADDTCPRTE)

Type choices, press Enter.

Route destination  . . . . . . . > '10.210.1.1'

Subnet mask  . . . . . . . . . . > *HOST
Type of service  . . . . . . . .   *NORMAL       *MINDELAY…
Next hop . . . . . . . . . . . . > '10.210.1.1'
Preferred binding interface  . .   10.200.1.80
Maximum transmission unit  . . .   *IFC          576-16388, *IFC
Route metric . . . . . . . . . .   1             1-16
Route redistribution . . . . . .   *NO           *NO, *YES
Duplicate route priority . . . .   *MEDIUM       1-10, *MEDIUM…
Text 'description' . . . . . . .   *BLANK

Once added, your routing table will now look like this.

Work with TCP/IP Routes
Type options, press Enter.
  1=Add   2=Change   4=Remove   5=Display
     Route            Subnet           Next             Preferred
Opt  Destination      Mask             Hop              Interface
     10.210.1.1       *HOST	           10.210.1.1       10.200.1.80

What happened is we've just added a host routing entry (*HOST) that tells TCP/IP how to handle packets intended for the 10.210.1.1 server (the Route Destination). This *HOST entry tells TCP/IP to always use the 10.200.1.80 interface to send packets (the Preferred Interface) to the 10.210.1.1 server (the Next Hop). This entry is only used for sending packets to 10.210.1.1. It supersedes any *DFTROUTE routing entries on the system, and it will only be used to transmit data to 10.210.1.1.

7. Once again, go back to the Work with TCP/IP Routes screen and enter 1=Add on the input line to add your new *DFTROUTE entry. In this example, we would fill in the entry fields like this.

                          Add TCP/IP Route (ADDTCPRTE)

Type choices, press Enter.

Route destination  . . . . . . . > *DFTROUTE

Subnet mask  . . . . . . . . . . > *NONE
Type of service  . . . . . . . .   *NORMAL       *MINDELAY…
Next hop . . . . . . . . . . . . > '10.200.1.1'
Preferred binding interface  . .   10.200.1.75
Maximum transmission unit  . . .   *IFC          576-16388, *IFC
Route metric . . . . . . . . . .   1             1-16
Route redistribution . . . . . .   *NO           *NO, *YES
Duplicate route priority . . . .   *MEDIUM       1-10, *MEDIUM…
Text 'description' . . . . . . .   *BLANK

Because this is the new default route for TCP/IP traffic, all traffic that is not specifically routed by another TCP/IP route (such as the 10.210.1.1 *HOST route we entered in the previous step) will be routed via the 10.200.1.75 IP interface.

8. Once the two new routes have been added, the TCP/IP routing table will now look like this.

Work with TCP/IP Routes
Type options, press Enter.
  1=Add   2=Change   4=Remove   5=Display
     Route            Subnet           Next             Preferred
Opt  Destination      Mask             Hop              Interface
     *DFTROUTE        *NONE            10.200.1.1       10.200.1.75
     10.210.1.1       *HOST	            10.210.1.1       10.200.1.80

In IBM i TCP/IP routing, specific *HOST routing entries always trump *DFTROUTE entries. So with these entries, we would achieve our goals of: 1) always sending traffic to 10.210.1.1 through the 10.200.1.80 interface, while 2) sending all other traffic through the 10.200.1.75 interface.

Other Things You Can Do

And that's all there is to setting up dedicated host routing entries on an IBM i partition. You set up individual host routing entries to send traffic through specific IP interfaces, and then you set up a *DFTROUTE entry to handle any traffic that is not specifically covered by the host routes. And it's easy to expand host routing on this system. Here are some other things you can do with *DFTROUTE and *HOST entries.

  • Send TCP/IP traffic for an entire Class A, Class B, or Class C network through a specific interface. We could add another routing interface that sends any traffic intended for the 10.210 network through the 10.200.1.80 interface. We would do that by adding another routing interface that has a Route destination of 10.210.0.0, a Subnet mask of 255.255.0.0, and a Preferred Interface of 10.200.1.80. Because a host routing entry trumps the *DFTROUTE entry, all traffic for the 10.210.0.0 network would now be routed through the 10.200.1.80 interface.
  • Put in a backup *DFTROUTE routing entry. I could add another interface (10.200.1.90 maybe) and set up a second *DFTROUTE entry so default traffic could be routed over that interface, as well. By having a second *DFTROUTE entry, I would be free to start and stop the 10.200.1.75 interface at will, because the 10.200.1.90 would also route the default traffic. This comes in handy when you're moving network connections on your system or you're rerouting traffic so it goes through new pieces of equipment (such as a WAN optimizer like a Riverbed Steelhead device).
  • In the right situation, you could even eliminate your *DFTROUTE routing entries. For some partitions, you may only want to route IP traffic to certain sub-networks or hosts. You could limit who your partition talks to by eliminating the *DFTROUTE entirely and only putting in entries for hosts that you want your machine to talk to.

Once you get the feel of working with routing entries, many opportunities will present themselves. The key is to get started with the first routing entries, as shown in this article.


Joe Hertvik is an IBM i subject matter expert (SME) and the owner of Hertvik Business Services, a service company that provides written marketing content and presentation services for the computer industry, including white papers, case studies, and other marketing material. Email Joe for a free quote for any upcoming projects. He also runs a data center for two companies outside Chicago, featuring multiple IBM i ERP systems. Joe is a contributing editor for IT Jungle and has written the Admin Alert column since 2002. Check out his blog where he features practical information for tech users at joehertvik.com.




                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot


Sponsored By
NORTHEAST USER GROUPS CONFERENCE

24th Annual Northeast
IBM i User Groups Conference
April 7 - 9, Framingham, MA

Get Connected with i
Connect with mobile devices
Connect to DB2/400 data
Connect to LANs, SANs & the Internet
Connect with your peers

70+ sessions; NEW topics for 2014;
top industry speakers; in-depth seminars;
vendor expo

Register before March 7 and save
Only $550 WITH Monday seminar!

View Conference Brochure

www.neugc.org


Senior Technical Editor: Ted Holt
Technical Editor: Joe Hertvik
Contributing Technical Editors: Edwin Earley, Brian Kelly, Michael Sansoterra
Publisher and Advertising Director: Jenny Thomas
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Maxava:  Don't wait for a disaster. Start planning today. DR Strategy Guide for IBM i FREE eBook.
System i Developer:  Upgrade your skills at the RPG & DB2 Summit in Dallas, March 18-20.
Northeast User Groups Conference:  24th Annual Conference, April 7 - 9, Framingham, MA


 

More IT Jungle Resources:

System i PTF Guide: Weekly PTF Updates
IBM i Events Calendar: National Conferences, Local Events, and Webinars
Breaking News: News Hot Off The Press
TPM @ EnterpriseTech: High Performance Computing Industry News From ITJ EIC Timothy Prickett Morgan


 
The Four Hundred
Power Systems Coming To The SoftLayer Cloud

The Most Talked About IBM i Trends And Technology

Buy One XIV Array, Get Another For A Buck

Mad Dog 21/21: Will You Still Need Me When ARM's 64?

IBM Layoffs Begin In The U.S. And Canada

Four Hundred Stuff
SAP HANA: Just a Sidecar to IBM i, For Now

Alaska Telecom Ditches Tape for LaserVault UBD

Google's New Login Is 'Slick,' But Will It Fly in the Enterprise?

Halcyon Gives IBM i Shops an Edge in MQ Management

IBM Aims to Smooth DevOps with RTC Update

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
March 1, 2014: Volume 16, Number 09

February 22, 2014: Volume 16, Number 08

February 15, 2014: Volume 16, Number 07

February 8, 2014: Volume 16, Number 06

February 1, 2014: Volume 16, Number 05

January 25, 2014: Volume 16, Number 04

TPM at EnterpriseTech
Shared Memory Clusters Accelerate Databases

How Priceline.com Rid In-Memory Cache Of Java Jitters

X86 System Sales Grow, Everything Else Shrinks

Adaptive Computing Spans The DigitalGlobe

High Frequency Traders Hedge Bets With IBM Power

Quanta Pushes Foot Inside Enterprise Datacenter Doors

HP Will Chase IBM Accounts To Grow Datacenter Biz

Stacking Up Xeon E7 v2 Chips Against The Competition

Why Amazon Can't Catch Lucera Financial Cloud

Dell Takes A Long View On Datacenters

SAP HANA Wrings Performance From New Intel Xeons

Intel Aims Xeon E7 v2 At Big Memory Workloads

THIS ISSUE SPONSORED BY:

HelpSystems
WorksRight Software
Northeast User Groups Conference


Printer Friendly Version


TABLE OF CONTENTS
DB2 For i Scalar Function Performance Considerations

Use Wireshark To Diagnose IBM i Communications Problems

Admin Alert: Setting Up IBM i TCP/IP Host Routes

Four Hundred Guru

BACK ISSUES




 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2014 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement