Managing Serviceguard Nineteenth Edition, Reprinted June 2011
Using a Relocatable Address as the Source Address for an Application
that is Bound to INADDR_ANY
CAUTION: The procedure in this section depends on setting the HP-UX kernel parameter
ip_strong_es_model. HP supports setting this parameter for use with Serviceguard only if you
are not using a cross-subnet configuration (page 29). Otherwise, leave the parameter at its default
setting (zero, meaning disabled) and do not attempt to use the procedure that follows.
In an application for which INADDR_ANY is set, the procedure that follows enables HP-UX to use
a relocatable package IP address on the same subnet as the source address of outgoing IP data
packets, instead of automatically selecting the physical network IP address of the interface.
The procedure uses the HP-UX parameter ip_strong_es_model to enable per-interface default
gateways. These default gateways are created for secondary network interfaces when you add a
relocatable package IP address to the system. When the ip_strong_es_model is set to 1 and
the sending socket (or communication endpoint) is bound to INADDR_ANY, IP will send the packet
using the interface on which the inbound packet was received.
For more information about this parameter, see:
• The help menu for ndd –h ip_strong_es_model.
• The HP-UX IPSec Version A.03.00 Administrator's Guide which you can find at http://
www.hp.com/go/hpux-security-docs —> HP-UX IPSec Software.
Perform the following steps on each node before configuring the cluster:
1. Enable strong end-system model permanently by editing /etc/rc.config.d/nddconf as
follows:
TRANSPORT_NAME[1]=ip
NDD_NAME[1]=ip_strong_es_model
NDD_VALUE[1]=1
2. If you have not already done so, disable dead gateway probing permanently by editing
/etc/rc.config.d/nddconf as follows:
TRANSPORT_NAME[2]=ip
NDD_NAME[2]=ip_ire_gw_probe
NDD_VALUE[2]=0
Once this has been done, use the HP-UX command route (1m) from within the package to add
or delete a default route for each relocatable IP address, to allow it to communicate with all remote
subnets. See the examples that follow.
IMPORTANT: You need to add and delete default routes only in a configuration in which the
clients reside on a subnet different from that of the server's relocatable address. If all the client
applications are on the same subnet as the relocatable IP address, you do not need to add or
delete any routes for the relocatable addresses; they are added automatically when you add the
relocatable addresses to the server.
For example, put a command such as the following in the customer_defined_run_commands
function of a legacy package, or the start_command function in the external_script
(page 239) for a modular package:
/usr/sbin/route add net default 128.17.17.1 1 source 128.17.17.17
In this example, 128.17.17.17 is the relocatable IP address of the package, and 128.17.17.1
is the gateway address of this network. So clients on any remote subnets coming into the
128.17.17.17 address will get 128.17.17.17 returned as the source IP address if the
application in the package is bound to INADDR_ANY. This allows the IP packets to go through the
firewall to reach other organizations on the network.
When the package halts, the route must be removed.
Put a command such as the following in the customer_defined_halt_commands function of
a legacy package, or the stop_command function in the external_script (page 239) for a
modular package:
Using a Relocatable Address as the Source Address for an Application that is Bound to INADDR_ANY 335