On 2016-08-21 19:59:03 +0000, Captain Harlock said:
> Stephen Hoffman <seao...@hoffmanlabs.invalid> wrote:
>> On 2016-08-21 18:10:25 +0000, Captain Harlock said:
>>
>>> I have openvms running on simh with all license paks installed.
Okay, PAKs are not involved.
>>> Everything works great, I can telnet in locally and externally.
>>>
>>> I'm having a problem where after a short time of the vax server being
>>> online, it stops accepting external telnet connections
Which usually means a network issue.
>>> From the console, if I log in, I can TELNET 0 and it connects fine, but
>>> trying from the host or from an external computer stops working after
>>> 15 minutes or so, even though I can connect just fine earlier
Which usually means an issue between the OpenVMS VAX box and the
emulator and the rest of the Internet and your local connection.
Check the keepalive. If not enabled, enable it.
>>> If I shut down simh and restart, I can connect externally for a short
>>> time again
Which means it's not the PAKs, not the general OpenVMS VAX or simh
network configuration or related bits, and either a failure after
running for a while — check the telnet daemin logs on OpenVMS, use
AUTHORIZE to see where the default directory for the telnet daemon /
telnet server directory is located, go look for and read log files
there — or a problem with security appliances or other widgets or
connectivity between the telnet client and the telnet server. The
default directory for the telnet daemon on OpenVMS can vary, but it's
often SYS$SYSDEVICE:[TCPIP$TELNET] and the commands to view the users
from a privileged username are:
$ SET PROCESS /PRIV=ALL ! all is more than needed, but...
$ SET DEFAULT SYS$SYSTEM
$ RUN AUTHORIZE
UAF> SHOW TCPIP* /BRIEF
UAF> ^Z
Etc,
The telnet client keepalive setting varies by telnet client.
>> You might want to mention a few more details...
>> ...
>
> the following are the openvms commands you asked about:
Yes, and a bunch of stuff that I did not ask about. The simh device
configuration is not related to networking, at least not once you have
a connection established such as is the case here with telnet, for
instance.
> $ UCX SHOW VERSION
>
> Compaq TCP/IP Services for OpenVMS VAX Version V5.1
> on a VAXserver 3900 Series running OpenVMS V7.3
> $ SHOW SYSTEM /NOPROC
> OpenVMS V7.3 on node AEVAX 21-AUG-2016 19:20:01.58 Uptime 0 03:29:29
> $ SHOW INTRUSION
> %SHOW-F-NOINTRUDERS, no intrusion records match specification
So fairly typical config, and nobody is poking at the telnet daemon.
I'll assume whatever is the current simh, acquired from and built from
github simh project. But again, since this all mostly works, it's
probably the keepalive.
> openvms tcpip configuration *is* dhcp, because i have no clue what the
> proper settings are for "routing" and "bind"
DHCP not an approach I'd rely on, on OpenVMS, or on any server-oriented
operating system. DHCP is for clients. Some servers might or do work
with DHCP, but more than a few — including OpenVMS — do not.
Dynamic Routing depends on what AWS networking requires. Of GATED and
ROUTED, you'll probably want GATED, though it's been a very long time
since I've used something as old as TCP/IP Services V5.1. Based on
some of the other bits posted, it looks like GATED is selected and it
certainly appears that it is working.
These are not factors here, as you have a telnet connection, and it's dropping.
> i know that the eth1 external ip is 1.1.1.1 (obviously ive blanked it out)
You are aware that 1.1.1.1 is a real IP address in a real IP block
these days, and that there are IP blocks reserved for this purpose?
Many folks will use the private blocks for this, but... "From RFC 5737:
The blocks
192.0.2.0/24 (TEST-NET-1),
198.51.100.0/24 (TEST-NET-2), and
203.0.113.0/24 (TEST-NET-3) are provided for use in documentation."
> i know that the eth1 internal ip is 172.31.106.69
Private class C behind NAT. Fairly typical and expected config.
Given that telnet connections are getting established, the
configuration is mostly working and IP routing and the rest are working.
> just for information sake, here is 'SHOW ROUTE' from openvms
>
> TCPIP> show route
> ...
> does any of this help you help me? :)
No, unfortunately the added details did not help. One of the things I
did ask about was the keepalive, and that seems to have been omitted
from the reply. Check the keepalive setting in your telnet client.
If you don't know how to check the keepalive, identify the client
involved and ask. When connections drop like this, the disconnection
can be somethiing in the intervening network connection path that's
timing out the connection, and dropping. Setting a keepalive can
suppress those timeouts. I don't know what client you're using, but
most (all?) have keepalive settings.
The other approach is to try this configuration locally, and see if
this is something weird out in AWS and AWS networking.