How to set "ndd" values at local zone ONLY in Solaris 10

[underh20]

Our sever is running Solaris 10 (09/10) with four local zones. One of
the local zone "atlantis" is for Oracle instance. We need to
implement the following ndd values for Oracle 11 installation :

# ndd -set /dev/udp udp_smallest_anon_port 9000
# ndd -set /dev/udp udp_largest_anon_port 65500
# ndd -set /dev/tcp tcp_smallest_anon_port 9000
# ndd -set /dev/tcp tcp_largest_anon_port 65500

Unfortunately, when I tried to run the command at this local zone, I
am getting the following error :

atlantis # ndd -set /dev/tcp tcp_largest_anon_port 65500
operation failed: Not owner

Do you know how we can set the above ndd values in the local zone ?
Do we issue the above commands from global zone ? If yes, how can we
just limit the "ndd" values to take in effect in local zone "atlantis"
only ?

Thanks,

Bill

[Ian Collins]

On 05/12/11 08:39 AM, underh20 wrote:
> Our sever is running Solaris 10 (09/10) with four local zones. One of
> the local zone "atlantis" is for Oracle instance. We need to
> implement the following ndd values for Oracle 11 installation :
>
> # ndd -set /dev/udp udp_smallest_anon_port 9000
> # ndd -set /dev/udp udp_largest_anon_port 65500
> # ndd -set /dev/tcp tcp_smallest_anon_port 9000
> # ndd -set /dev/tcp tcp_largest_anon_port 65500
>
> Unfortunately, when I tried to run the command at this local zone, I
> am getting the following error :
>
> atlantis # ndd -set /dev/tcp tcp_largest_anon_port 65500
> operation failed: Not owner
>
> Do you know how we can set the above ndd values in the local zone ?

This would only work for an exclusive IP zone.

> Do we issue the above commands from global zone ? If yes, how can we
> just limit the "ndd" values to take in effect in local zone "atlantis"
> only ?

I don't think so, they are system wide.

--
Ian Collins

[underh20]

> Ian Collins- Hide quoted text -
>
> - Show quoted text -

Does that mean that I have to set these NDD values in the global
zone ? Like running them in the command prompt temporary or putting
them in /etc/system permanetly. Once thd new NDD settings are done in
global zone, does local zone pick up the new NDD value right away or
do I have to reboot he local zone to see them ?

Thx Bill

[Ian Collins]

On 05/12/11 09:31 AM, underh20 wrote:
> On May 11, 2:06 pm, Ian Collins<ian-n...@hotmail.com> wrote:
>> On 05/12/11 08:39 AM, underh20 wrote:

>>> Our sever is running Solaris 10 (09/10) with four local zones. One of
>>> the local zone "atlantis" is for Oracle instance. We need to
>>> implement the following ndd values for Oracle 11 installation :
>>
>>> # ndd -set /dev/udp udp_smallest_anon_port 9000
>>> # ndd -set /dev/udp udp_largest_anon_port 65500
>>> # ndd -set /dev/tcp tcp_smallest_anon_port 9000
>>> # ndd -set /dev/tcp tcp_largest_anon_port 65500
>>
>>> Unfortunately, when I tried to run the command at this local zone, I
>>> am getting the following error :
>>
>>> atlantis # ndd -set /dev/tcp tcp_largest_anon_port 65500
>>> operation failed: Not owner
>>
>>> Do you know how we can set the above ndd values in the local zone ?
>>
>> This would only work for an exclusive IP zone.
>>
>>> Do we issue the above commands from global zone ? If yes, how can we
>>> just limit the "ndd" values to take in effect in local zone "atlantis"
>>> only ?
>>
>> I don't think so, they are system wide.

[please don't quote signatures and google nonsense]

> Does that mean that I have to set these NDD values in the global
> zone ?

Unless you have exclusive IP zones, yes. If you want to change any
TCP/IP parameters for an interface, the zone has to own it. Otherwise
the zone just uses a logical interface.

> Like running them in the command prompt temporary or putting
> them in /etc/system permanetly. Once thd new NDD settings are done in
> global zone, does local zone pick up the new NDD value right away or
> do I have to reboot he local zone to see them ?

The changes are immediate.

--
Ian Collins

[underh20]

> Ian Collins- Hide quoted text -
>
> - Show quoted text -

Thx. It's working now after I applied them directly at the command
line.
Say if I want to put them in /etc/system for persistent setting, I
would add the following lines in that file, correct ?

*
*

ndd -set /dev/udp udp_smallest_anon_port 9000

ndd -set /dev/udp udp_largest_anon_port 65500

ndd -set /dev/tcp tcp_smallest_anon_port 9000

ndd -set /dev/tcp tcp_largest_anon_port 65500

*
*

Thanks again,

Bill

[Rick Jones]

underh20 <underh20.s...@gmail.com> wrote:
> Our sever is running Solaris 10 (09/10) with four local zones. One of
> the local zone "atlantis" is for Oracle instance. We need to
> implement the following ndd values for Oracle 11 installation :

> # ndd -set /dev/udp udp_smallest_anon_port 9000
> # ndd -set /dev/udp udp_largest_anon_port 65500
> # ndd -set /dev/tcp tcp_smallest_anon_port 9000
> # ndd -set /dev/tcp tcp_largest_anon_port 65500

Just how many TCP actively established connections per second is the
Oracle 11 installation expecting to churn-through that it needs such a
large anonymous port number space (vs making explicit port number
selections on its own...).

rick jones
--
No need to believe in either side, or any side. There is no cause.
There's only yourself. The belief is in your own precision. - Joubert
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

[Gary Mills]

In <d60d751b-721c-4029...@34g2000pru.googlegroups.com> underh20 <underh20.s...@gmail.com> writes:

>On May 11, 2:54=A0pm, Ian Collins <ian-n...@hotmail.com> wrote:
>> On 05/12/11 09:31 AM, underh20 wrote:

>> > On May 11, 2:06 pm, Ian Collins<ian-n...@hotmail.com> =A0wrote:

>> >> On 05/12/11 08:39 AM, underh20 wrote:
>> >>> Our sever is running Solaris 10 (09/10) with four local zones. One of

>> >>> the local zone "atlantis" is for Oracle instance. =A0We need to

>> >>> implement the following ndd values for Oracle 11 installation :
>>

>> > Does that mean that I have to set these NDD values in the global
>> > zone ?
>>

>> Unless you have exclusive IP zones, yes. =A0If you want to change any
>> TCP/IP parameters for an interface, the zone has to own it. =A0Otherwise

>> the zone just uses a logical interface.

>Thx. It's working now after I applied them directly at the command

>line.
>Say if I want to put them in /etc/system for persistent setting, I
>would add the following lines in that file, correct ?

>ndd -set /dev/udp udp_smallest_anon_port 9000

>ndd -set /dev/udp udp_largest_anon_port 65500
>ndd -set /dev/tcp tcp_smallest_anon_port 9000
>ndd -set /dev/tcp tcp_largest_anon_port 65500

No, /etc/system is not a shell script. `man -s4 system' will tell
you how to configure it.

We use an SMF method script to issue ndd commands early in the boot
process. I don't know of a built-in way to do it.

--
-Gary Mills- -Unix Group- -Computer and Network Services-

[hume.sp...@bofh.ca]

underh20 <underh20.s...@gmail.com> wrote:
> Say if I want to put them in /etc/system for persistent setting, I
> would add the following lines in that file, correct ?

I would not recommend that you touch /etc/system, ever. With your skill
level I would expect you to destroy the system.

Do as Gary suggested, and use a shell script run out of SMF or /etc/rc2.d.

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

[Gary Mills]

In <iqh3ba$nvo$2...@Kil-nws-1.UCIS.Dal.Ca> hume.sp...@bofh.ca writes:

>underh20 <underh20.s...@gmail.com> wrote:
>> Say if I want to put them in /etc/system for persistent setting, I
>> would add the following lines in that file, correct ?

>I would not recommend that you touch /etc/system, ever. With your skill
>level I would expect you to destroy the system.

>Do as Gary suggested, and use a shell script run out of SMF or /etc/rc2.d.

Or, since you are paying Oracle for licenses and support for their
database product, ask them to to provide a way to change those
settings. They can't expect you to type them manually each time,
and start the database manually each time either.