神马文学网[Nemeth10] 14.15. AIX networking
来源:百度文库 编辑:神马文学网 时间:2024/04/29 22:34:12
14.15. AIX networking
Rather than keeping network configuration information in text files or scripts, AIX squirrels it away in the Object Data Manager (ODM)attribute/value database. Another layer of glue associates theseproperty lists with specific devices (driver instances, really) andbinds the drivers to the configuration information.
The Object Data Manager on page 432 describes the ODM system in general. The overall scheme is rather complex, and it allows access to the network configuration at multiple layers. Table 14.13shows a variety of AIX commands for setting an interface’s networkaddress. They vary chiefly in whether they affect the runningconfiguration, the boot-time configuration, or both.
Table 14.13. Eight ways to set an interface’s IP address in AIX
[a] odmchange requires an attribute/value list as input. You cannot specify attribute values on the command line.
To be fair, mktcpip does more than just set device configuration parameters—it also runs the rc.tcpip script to start relevant network daemons.
SMIT’s network configurationfacilities are relatively complete, so you can, and should, rely onSMIT for most basic configuration. Look under the “CommunicationsApplications and Services” topic for TCP/IP configuration options.
Most sysadmins will never need to operate below the level of chdev/lsattret al. However, this layer can be useful for seeing the authoritativelist of configuration options for a device. For example, the followingquery shows the configurable parameters for the network interface en3:
Code View:Scroll/Show Allaix$ lsattr -H -E -l en3
attribute value description settable
alias4 IPv4 Alias including Subnet Mask True
alias6 IPv6 Alias including Prefix Length True
arp on Address Resolution Protocol (ARP) True
authority Authorized Users True
broadcast 192.168.10.255 Broadcast Address True
mtu 1500 Maximum IP Packet Size True
netaddr 192.168.10.11 Internet Address True
netaddr6 IPv6 Internet Address True
netmask 255.255.255.0 Subnet Mask True
prefixlen Prefix Length for IPv6 Address True
remmtu 576 Max. Packet Size for REMOTE Nets True
security none Security Level True
state up Current Interface Status True
tcp_mssdflt Set TCP Maximum Segment Size True
tcp_nodelay Enable/Disable TCP_NODELAY Option True
tcp_recvspace Set Socket Buffer Space for Receiving True
tcp_sendspace Set Socket Buffer Space for Sending True
The -H option asks for the output columns to be labeled, the -E option requests current (“effective,” as opposed to default) values, and the -l option identifies the device to probe. Many of the devices that chdev et al. can operate on have no entries in /dev. You can run lsdev -C to see a complete list of the available devices.
To set a value, use chdev. For example, to set the MTU for en3 above to 1450, you could use the command
aix$ sudo chdev -l en3 -a mtu=1450
no: manage AIX network tuning parameters
AIX breaks out itssystem-wide TCP/IP options into a separate, parallel world ofpersistent attribute/value pairs that are accessed through the no command rather than through chdev. (The difference is that no is for system-wide configuration, whereas chdev configures instances of specific drivers or devices.)
You can run no -a to see a list of all the available variables—there are currently more than 125. Table 14.14 lists some of the ones with security implications.
Table 14.14. Security-related TCP/IP tuning variables for AIX
[a] Probably advisable to change
To set a variable, use
no -p -o variable=value
For example, to prevent the TCP/IP stack from forwarding source-routed packets, you would use the command
aix$ sudo no -p -o ipsrcrouteforward=0
The -p option makes the change effective both immediately and after a reboot.