iCan Blog Archive

Have you ever wanted to be able to restrict the ephemeral port ranges configured on IBM i, clear the local DNS cache, or view the entries stored in the local DNS cache?

IPCONFIG is a tool that allows you to view or modify IP configuration settings that aren’t accessible through standard TCP/IP menus. This may be the first time you’ve heard of IPCONFIG because the existing settings are a mix of features that should never be changed, but a toggle was added “just in case.” Now we’ve added some actual useful and interesting features into the mix. These new features provide the capability to work with ephemeral port ranges as well as the local DNS cache.

Ephemeral Port Options
The default ephemeral port range on the IBM i is 5000 through 65535 for both TCP and UDP. This broad range may allow applications using ephemeral ports to bind to a port used by a server application causing the application to fail on startup because the server’s port is already in use. IPCONFIG’s new ephemeral port options provide a solution to this problem. The ephemeral port range for both TCP and UDP can now be uniquely configured.

These options set the lowest and highest valid ephemeral port to be used by TCP or UDP.  The value must be in the range of 5000 to 65535. The ephemeral port ranges can be modified at anytime; however, the newly configured values will not apply until after TCP has been restarted.

TCP Ephemeral Port Range Options
-tcp_ephemeral_low:
-tcp_ephemeral_high:

UDP Ephemeral Port Range Options
-udp_ephemeral_low:
-udp_ephemeral_high:

Displaying Ephemeral Port Ranges
-display

The -display option displays the current configuration values for all the IPCONFIG options. The TCP and UDP ephemeral port ranges can be viewed using this option. Shown in the green screen below, the configured (and active) TCP ephemeral port range is 20000 through 65535. The UDP ephemeral port range is configured to 25000 through 55000; however, this value will not apply until TCP/IP has been restarted.  The active UDP ephemeral port range that applies until TCP/IP is restarted is 20000 through 65535.

ICan 4.26.11 Fig 1

DNS Cache Option
IPCONFIG provides a new DNS option with two sub options: display and reset. These functions allow you to work with the DNS cache.

Display
-dnsCache:display <-t, -d>

This sub option displays a list of the DNS cache entries. The optional parameters -t and -d offer further display choices. By default, the cache entries are output in a list format. Using the -t parameter, the cache entries can be printed in a table format that’s simple to search and use to compare particular cache entries. In addition to displaying the cache entries, the –d parameter will create an informational local sockets LIC log (major code 2C00; minor code 9900) containing the command output. The LIC log can be used with both list and table formats. A LIC log can be dumped to a spooled file for further analysis.
Each cache entry contains the query sent to the DNS server and the response received. The entry will also include the original time to live and the remaining time to live in the cache as indicated by the DNS server.

List format is shown below.

ICan 4.26.11 Fig2

Table format is shown below.

ICan 4.26.11 Fig3

Reset
-dnsCache:reset
The reset sub option will clear all of the entries stored in the DNS cache. 

Using IPCONFIG
The following PTFs provide the support for these IPCONFIG enhancements:
7.1    – MF52889
6.1.1 – MF52891
6.1    – MF52869

Support for IPCONFIG is in the base operating system in all subsequent releases.

You use the System Service Tools (STRSST) Display/Alter/Dump function to invoke the IPCONFIG Advanced Analysis feature. You must be authorized to use System Service Tools and you also must be authorized to use the Display/Alter/Dump service function.

To change the settings with the STRSST command, use the following steps:

  1. Open a character-based interface.
  2. On the command line, type STRSST.
  3. Type your service tools user name and password.
  4. Select option 1 (Start a service tool).
  5. Select option 4 (Display/Alter/Dump).
  6. Select option 1 (Display/Alter storage).
  7. Select option 2 (Licensed Internal Code (LIC) data).
  8. Select option 14 (Advanced Analysis).
  9. Select option 1 (IPCONFIG).

I’d like to thank Ashley Good, Lindsay Reiser, and Tim Mullenbach for writing this blog article.  Ashley, Lindsay, and Tim all work on the TCP/IP Networking team in the IBM i development lab.

This blog post was originally published on IBMSystemsMag.com and is reproduced here by permission of IBM Systems Media.