Admin Alert: Setting Up IBM i TCP/IP Host Routes
March 5, 2014 Joe Hertvik
On an IBM i partition, you may need to route IP traffic for a particular server over a specific IP address. You could be doing this to segment network traffic or because you can only reach a host server through a specific interface (say an interface that has access to a firewall). Here’s the drill for modifying your IBM i TCP/IP routing entries to set up host routing. The Situation The best way to demonstrate how to set up IBM i host routing is by showing you an example. So let’s start with a single IBM i partition with a simple IP interface and routing setup. This partition is configured with the following setup.
Here’s how you could reconfigure your TCP/IP routes to accomplish these tasks. Once you see how easy it is to set up host routing, you should be able to use this example as a template for adding other host routing setups to an IBM i partition. The Setup You can view your IP interfaces and the routes these interfaces use through green-screen options under the Configure TCP/IP menu. You can bring up this menu by running the Configure TCP/IP (CFGTCP) command. You can view your configured and active TCP/IP interfaces by taking option 1, Work with TCP/IP interfaces. For this example, let’s assume both our 10.200.1.75 and 10.200.1.80 interfaces are activated. Here’s how we can approach changing the routing configuration to put in new host routing for accessing the 10.201.1.1 server. 1. Take option 2=Work with TCP/IP routes to view your current routes. If no other host routing has been configured, you’d see a routing screen that looks something like this. Work with TCP/IP Routes Type options, press Enter. 1=Add 2=Change 4=Remove 5=Display Route Subnet Next Preferred Opt Destination Mask Hop Interface *DFTROUTE *NONE 10.200.1.1 *NONE TCP/IP routes tell the operating system how to direct TCP/IP traffic in your system. In this case, our partition only has one TCP/IP route, which is referred to as the default route (*DFTROUTE). Most IBM i partitions have a *DFTROUTE entry to handle routing any IP traffic that doesn’t have specific host routing entries. For this machine, the default route above specifies that all TCP/IP traffic should be routed according to the following criteria.
2. According to our *DFTROUTE entry, traffic will automatically be routed over both the 10.200.1.75 interface AND the 10.200.1.80 interface (because the Preferred Interface value on the *DFTROUTE is equal to *NONE, both interfaces can be selected). But the reason we added the 10.200.1.80 interface is that we are implementing a high availability solution and we want to do the following:
The new configuration will allow us to segment IP traffic on this machine to meet these goals. The next steps show how to do this, and what the routing entries will look like after the configuration is complete. 3. Before changing the configuration, always be sure to take a print screen of your current routing entries and keep it handy. This will help you restore your routing configuration in case there’s a problem. 4. Make your changes when your system is restricted or TCP/IP is turned off. This will ensure that no traffic is affected while you are changing your routing entries. While routing changes can be implemented and become active while TCP/IP is running, I recommend performing changes on a quiet system if you’re going to overhaul your routing entries or make changes to your *DFTROUTE entry. 5. On the Work with TCP/IP Routes screen, enter a 4=Remove in front of your current *DFTROUTE TCP/IP entry. We have to delete the *DFTROUTE entry because you have to remove and re-enter the Preferred Interface information in order to make the changes outlined in point 2. 6. Again on the Work with TCP/IP Routes screen, enter a 1=Add on the input line on the screen. You’ll see an Add TCP/IP Route (ADDTCPRTE) screen appear. You would fill in the following fields as shown below to add a new routing entry that uses the 10.200.1.80 interface for transmitting traffic intended for the 10.210.1.1 HA server. Add TCP/IP Route (ADDTCPRTE) Type choices, press Enter. Route destination . . . . . . . > '10.210.1.1' Subnet mask . . . . . . . . . . > *HOST Type of service . . . . . . . . *NORMAL *MINDELAY… Next hop . . . . . . . . . . . . > '10.210.1.1' Preferred binding interface . . 10.200.1.80 Maximum transmission unit . . . *IFC 576-16388, *IFC Route metric . . . . . . . . . . 1 1-16 Route redistribution . . . . . . *NO *NO, *YES Duplicate route priority . . . . *MEDIUM 1-10, *MEDIUM… Text 'description' . . . . . . . *BLANK Once added, your routing table will now look like this. Work with TCP/IP Routes Type options, press Enter. 1=Add 2=Change 4=Remove 5=Display Route Subnet Next Preferred Opt Destination Mask Hop Interface 10.210.1.1 *HOST 10.210.1.1 10.200.1.80 What happened is we’ve just added a host routing entry (*HOST) that tells TCP/IP how to handle packets intended for the 10.210.1.1 server (the Route Destination). This *HOST entry tells TCP/IP to always use the 10.200.1.80 interface to send packets (the Preferred Interface) to the 10.210.1.1 server (the Next Hop). This entry is only used for sending packets to 10.210.1.1. It supersedes any *DFTROUTE routing entries on the system, and it will only be used to transmit data to 10.210.1.1. 7. Once again, go back to the Work with TCP/IP Routes screen and enter 1=Add on the input line to add your new *DFTROUTE entry. In this example, we would fill in the entry fields like this. Add TCP/IP Route (ADDTCPRTE) Type choices, press Enter. Route destination . . . . . . . > *DFTROUTE Subnet mask . . . . . . . . . . > *NONE Type of service . . . . . . . . *NORMAL *MINDELAY… Next hop . . . . . . . . . . . . > '10.200.1.1' Preferred binding interface . . 10.200.1.75 Maximum transmission unit . . . *IFC 576-16388, *IFC Route metric . . . . . . . . . . 1 1-16 Route redistribution . . . . . . *NO *NO, *YES Duplicate route priority . . . . *MEDIUM 1-10, *MEDIUM… Text 'description' . . . . . . . *BLANK Because this is the new default route for TCP/IP traffic, all traffic that is not specifically routed by another TCP/IP route (such as the 10.210.1.1 *HOST route we entered in the previous step) will be routed via the 10.200.1.75 IP interface. 8. Once the two new routes have been added, the TCP/IP routing table will now look like this. Work with TCP/IP Routes Type options, press Enter. 1=Add 2=Change 4=Remove 5=Display Route Subnet Next Preferred Opt Destination Mask Hop Interface *DFTROUTE *NONE 10.200.1.1 10.200.1.75 10.210.1.1 *HOST 10.210.1.1 10.200.1.80 In IBM i TCP/IP routing, specific *HOST routing entries always trump *DFTROUTE entries. So with these entries, we would achieve our goals of: 1) always sending traffic to 10.210.1.1 through the 10.200.1.80 interface, while 2) sending all other traffic through the 10.200.1.75 interface. Other Things You Can Do And that’s all there is to setting up dedicated host routing entries on an IBM i partition. You set up individual host routing entries to send traffic through specific IP interfaces, and then you set up a *DFTROUTE entry to handle any traffic that is not specifically covered by the host routes. And it’s easy to expand host routing on this system. Here are some other things you can do with *DFTROUTE and *HOST entries.
Once you get the feel of working with routing entries, many opportunities will present themselves. The key is to get started with the first routing entries, as shown in this article. Joe Hertvik is an IBM i subject matter expert (SME) and the owner of Hertvik Business Services, a service company that provides written marketing content and presentation services for the computer industry, including white papers, case studies, and other marketing material. Email Joe for a free quote for any upcoming projects. He also runs a data center for two companies outside Chicago, featuring multiple IBM i ERP systems. Joe is a contributing editor for IT Jungle and has written the Admin Alert column since 2002. Check out his blog where he features practical information for tech users at joehertvik.com.
|