Manualshelf

HP-UX HB v13.00 Ch-09 - Networking Basics

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
18192021222324252627
HP-UX Handbook Rev 13.00 Page 22 (of 27)
Chapter 09 Network Basics
October 29, 2013
NDD_NAME[0]=<parameter name>
NDD_VALUE[0]=<value>
Set a unique ordinal (sequential number) in brackets. Starting with “0”, you have to increase this
number by one, for each new entry. If you run:
# ndd c
the ndd program will re-read the configuration file and activate the changes within the running
kernel. During startup, the system runs this script in /sbin/rc2.d/S340net (and in some other
scripts).
Common changes done with ndd
Disable router ability of the system IP forwarding
If there is more than one network interface in your HP-UX system, it will work as a router. To
disable this feature, run
# ndd set /dev/ip ip_forwarding 0
Disable the gateway probe mechanism
If you have to use a gateway/router in your network, which does not answer to ICMP ECHO
requests (e.g. a firewall), you will see that your HP-UX system automatically disables the routing
definitions using this gateway after a short period of time. The system usually checks the
existence of gateways with these ICMP requests and if it does not answer, the system “assumes”
that the gateway is not available. The routing entry to this gateway is then marked as “dead”. To
disable this mechanism use:
# ndd set /dev/ip ip_ire_gw_probe 0
Disable the test for compliance with RFC 1122
The HP-UX kernel will automatically check a subnet mask for its RFC 1122 compliance.
Because newer RFCs are less restrictive, you can turn off this test with:
# ndd -set /dev/ip ip_check_subnet_addr 0
Define a FIN_WAIT_2 timer
The TCP protocol specification explains that we have to wait for the last ACK in communication
before closing a TCP session. That is why there is no timeout definition per default for the
FIN_WAIT_2 status of a port which was used for TCP communication.
Unfortunately, some systems do not send such a last ACK package, or sometimes it gets lost in
the network. If you see lots of ports with status FIN_WAIT_2 in the output of the netstat -an
command, it makes sense to define a timeout (e.g. waiting 10 minutes and then closing the port
without receiving the last ACK):
# ndd set /dev/tcp tcp_fin_wait_2_timeout 600000
There is a very nice web page with additional information at:
http://teams3.sharepoint.hp.com/teams/esssupport/InsideESSSupport/InsideWTEC/NETUX-