Let's say you want to know what process is tying up port 25000:

# netstat -aAn | grep 25000
f100060020cf1398  tcp4  0  0  *.25000  *.*  LISTEN
f10006000d490c08  stream  0  0  f1df487f8  0  0  0  /tmp/.sapicm25000

# rmsock f100060020cf1398 tcpcb
The socket 0x20cf1008 is being held by proccess 1806748 (icman).

# lsof -i :[PORT]

# lsof -i :5710
COMMAND     PID   USER   FD   TYPE     DEVICE  SIZE/OFF NODE NAME
oracle  2638066 oracle   18u  IPv4 0xf1b3f398 0t1716253  TCP host:5710

The "Integrated Virtual Ethernet" or IVE adapter is an adapter directly on the GX+ bus, and thus up to 3 times faster dan a regular PCI card. You can order Power6 frames with different kinds of IVE adapters, up to 10GB ports.

The IVE adapter acts as a layer-2 switch. You can create port groups. In each port group up to 16 logical ports can be defined. Every port group requires at least 1 physical port (but 2 is also possible). Each logical port can have a MAC address assigned. These MAC addresses are located in the VPD chip of the IVE. When you replace an IVE adapters, LPARS will get new new MAC addresses.

Each LPAR can only use 1 logical port per physical port. Different LPARs that use logical ports from the same port group can communicate without any external hardware needed, and thus communicate very fast.

The IVE is not hot-swappable. It can and may only be replaced by certified IBM service personnel.

First you need to configure an HAE adapter; not in promiscues mode, because that is meant to be used if you wish to assign a physical port dedicated to an LPAR. After that, you need to assign a LHAE (logical host ethernet adapter) to an LPAR. The HAE needs to be configured, and the frame needs to be restarted, in order to function correctly (because of the setting of multi-core scaling on the HAE itself).

So, to conclude: You can assign physical ports of the IVE adapter to separate LPARS (promiscues mode). If you have an IVE with two ports, up to two LPARS can use these ports. But you can also configure it as an HAE and have up to 16 LPARS per physical port in a port group using the same interface (10Gb ports are recommended). There are different kinds of IVE adapters; some allow to create more port groups and thus more network connectivity. The IVE is a method of virtualizing ethernet without the need for VIOS.

When you encounter an issue where ssh through a firewall works perfectly, but when doing scp of large files (for example mksysb images) the scp connection stalls, then there's a solution to this problem: Add "-l 8192" to the scp command.

The reason for scp to stall, is because scp greedily grabs as much bandwith of the network as possible when it transfers files, any delay caused by the network switch of the firewall can easily make the TCP connection stalled.

Adding the option "-l 8192" limits the scp session bandwith up to 8192 Kbit/second, which seems to work safe and fast enough (up to 1 MB/second):

# scp -l 8192 SOURCE DESTINATION

HACMP is capable of using an alternative MAC address in combination with its service address. So, how do you set this MAC address without HACMP, just using the command line? (Could come in handy, in case you wish to configure the service address on a system, without having to start HACMP).

# ifconfig enX down
# ifconfig enX detach
# chdev -l entX -a use_alt_addr=yes
# chdev -l entX -a alt_addr=0x00xxxxxxxxxx
# ifconfig enX xxx.xxx.xxx.xxx
# ifconfig enX up

# ifconfig enX down
# ifconfig enX detach
# chdev -l entX -a use_alt_addr=no
# chdev -l entX -a alt_addr=0x00000000000

An AIX system should have a single default gateway defined. However, sometimes, it does occur that a system has multiple default gateways. Here's information to detect multiple default gateways and how to get rid of them:

First, obtain how many gateways there are:

# odmget -q "attribute=route" CuAt

CuAt:
        name = "inet0"
        attribute = "route"
        value = "net,-hopcount,0,,0,192.168.0.1"
        type = "R"
        generic = "DU"
        rep = "s"
        nls_index = 0

CuAt:
        name = "inet0"
        attribute = "route"
        value = "net,-hopcount,0,,0,192.168.0.2"
        type = "R"
        generic = "DU"
        rep = "s"
        nls_index = 0

# chdev -l inet0 -a delroute="net,-hopcount,0,,0,192.168.0.2"
Method error (/usr/lib/methods/chginet):
        0514-068 Cause not known.
0821-279 writing to routing socket: The process does not exist.
route: not in table or multiple matches
0821-207 chginet: Cannot add route record to CuAt.

# odmget -q "attribute=route" CuAt

CuAt:
        name = "inet0"
        attribute = "route"
        value = "net,-hopcount,0,,0,192.168.0.1"
        type = "R"
        generic = "DU"
        rep = "s"
        nls_index = 0

Where did all these routes come from & why is my system sending ICMP packets every 10 minutes? This is caused by path MTU discovery. If your AIX system is sending ICMP packets, you can disable it:

AIX has a feature called path MTU discovery which is based on ICMP packets in order to learn MTU sizes on the LAN. Path MTU discovery is a way of finding out the maximum packet size that can be sent along a network using ICMP packets and is enabled on AIX by default. This is done to avoid IP fragmentation on heterogenous networks (ie, an ATM network connected to an ethernet network) and is described in RFC 1191.

# no -a | grep discover

# no -p -o tcp_pmtu_discover=0
# no -p -o udp_pmtu_discover=0

To measure network throughput independantly from disk I/O:

Set up an FTP connection from machine A to machine B.

bin
put "|dd if=/dev/zero bs=32k count=1024" /dev/null

If you wish to disable a network interface permanently, avoiding NETWORK DOWN errors in the error report:

# chdev -l en0 -a state=down -P

When you're using HACMP, you usually have multiple network adapters installed and thus multiple network interface to handle with. If AIX configured the default gateway on a wrong interface (like on your management interface instead of the boot interface), you might want to change this, so network traffic isn't sent over the management interface. Here's how you can do this:

First, stop HACMP or do a take-over of the resource groups to another node; this will avoid any problems with applications when you start fiddling with the network configuration.

Then open up a virtual terminal window to the host on your HMC. Otherwise you would loose the connection, as soon as you drop the current default gateway.

Now you need to determine where your current default gateway is configured. You can do this by typing:

# lsattr -El inet0
# netstat -nr

# odmget -q"attribute=route" CuAt

# lsattr -El inet0 | awk '$2 ~ /hopcount/ { print $2 }' | read GW
# chdev -l inet0 -a delroute=${GW}

# route add 0 [ip address of default gateway: xxx.xxx.xxx.254] -if enX

# chdev -l inet0 -a addroute=net,-hopcount,0,,0,[ip address of default gateway]

# chdev -l inet0 -a addroute=net,-hopcount,0,if,enX,,0,[ip address of default gateway]

# lsattr -El inet0
# odmget -q"attribute=route" CuAt

To enable "etherchannel" or "bonding" in Linux nomenclature:

• Add these two lines to /etc/modprobe.conf:

  alias bond0 bonding
  options bond0 miimon=100 mode=1 primary=eth0

  Entry "mode=1" simply means active/standby. Entry "miimon" is the number in milliseconds to wait before determining a link dead (Change eth0 to match your primary device, if it is different. Blades sometimes have eth4 as the primary device).
• In /etc/sysconfig/network-scripts create ifcfg-bond0 with the following (of course, change the network info to match your own):

  DEVICE=bond0
  BROADCAST=10.250.19.255
  IPADDR=10.250.19.194
  NETMASK=255.255.255.0
  GATEWAY=10.250.19.1
  ONBOOT=yes
  BOOTPROTO=none

• Change ifcfg-eth0 and ifcfg-eth1 (or whatever they are) to resemble this:

  DEVICE=eth0
  HWADDR=00:22:64:9B:54:9C
  USERCTL=no
  ONBOOT=yes
  MASTER=bond0
  SLAVE=yes
  BOOTPPROTO=none

  Leave the value of HWADDR to whatever it is in your file. This is important. It is this devices MAC Address.
• Run /etc/init.d/network restart. You will want to do at least this part from the console, in case something goes wrong.
• Once you get your "OK" and the prompt comes back, do an ifconfig -a. You should see bond0.
• Make sure you can ping your default gateway. After that, all should be good.

# cp ifcfg-eth0 ifcfg-eth0.bak

# cp ifcfg-eth0 bak.$(date +%Y%m%d).ifcfg-eth0