IBM Support

Avoiding Conflicts with ITM process port number usage

Question & Answer


Question

How do you control ITM process port number usage

Answer

Overview

When an ITM process allocates a TCP/IP port which another application on the same server depends on, the other application may fail to run as expected.

Many details of protocols and protocol modifiers are found in this document:


This current document explains how to use the modifiers to avoid port number conflicts. This is all done with the KDE_TRANSPORT or KDC_FAMILIES environment variable. The examples ignore IPV6 protocols.

For this example, the goal is to ensure all ports used should be equal or higher than 40000.

Introduction

ITM processes typically have one listening port and several ephemeral ports. The listening port is controlled by the base port number and a search for a free port. For example


    ip.pipe port 1918

means the ip pipe protocol is enabled and the base port is 1918, which is default. The base port number itself is reserved for a TEMS - in case it should ever be started. ITM uses some port numbers which are registered with IANA [http://www.iana.org/] and 1918 is registered along with some others. This avoids conflicts with other applications which make use of such registrations.

Controlling listening port number

The ITM process checks on port numbers base+N*4096, where N is 1 to 15. For example the first port checked in 1918+1*4096 or 6014. If all 15 are busy, then the communication process fails. One protocol modifier is SKIP and it means the check starts with N being the SKIP value and continues upward to 15. This setting


    ip.pipe port 1918 SKIP:10 use:y

means the first port checked is 1918+10*4096 or 42878.

Incidently, for Agents there is nothing magic about 1918. You could set an entirely different base port, like 2345, to use a separate range of tested port numbers.

This setting makes sure the listening port is sufficiently high.

If the EPHEMERAL:Y modifier is used there is no listening port, although other limitations are introduced.

Controlling Ephemeral ports.

Ephemeral ports are allocated by the operating system and are used by ITM to communicate between ITM components. The ITM logic asks the operating system for the next free port and then uses it. If all programs worked like that, the possibility of conflicts are very low since there are 65535 different ports. However, some programs will have a dependence on ports. After an ITM process starts, an ephemeral port could prevent the other program from running successfully,

The protocol modifier POOL is used to control ephemeral port numbers used. For example


    ip.pipe port 1918 SKIP:10 POOL:40000-40063

means that any ephemeral ports used by that ITM process on behalf of the ip.pipe protocol will be in the named range.

Each POOL is limited to 1024 numbers. If needed you can supply multiple POOL settings like this


    ip.pipe port 1918 SKIP:10 POOL:40000-41023 POOL:41024-42027 use:y

but that use is rare.

Ephemeral ports and protocols

A separate POOL specification is for each protocol. If usage is turned off with a "use:n" then you do not need to worry about listening ports or ephemeral ports.

You also do not need POOL with the IP protocol. That is the UDP protocol and does not use sockets.

Here are the protocols you may have to configure.


    ip.pipe

    ip.spipe


There are http protocols in use. Each ITM process contains an internal web service by default. The following protocols are used to access the internal web server

    ip.tcp.http port:1920

    ip.ssl.https port:3661


The POOL settings for the http/https protocols are set like this

    ip.tcp POOL:44000-44063

    ip.ssl POOL:44064-44127


Here is an example to control all IPV4 pool settings including the web server protocols

ip.pipe port 1918 SKIP:10 POOL:40000-40063 use:y ip use:n ip.spipe use:n ip.tcp POOL:41000-41031 ip.ssl POOL:41064-41027

KDE_GATEWAY

Another source of ephemeral port usage is the KDE_Gateway process. It is used to pass ITM communications past complex firewall and network address translation environments. It has a section in the XML control file to control ephemeral port usage.See the following for details:


http://publib.boulder.ibm.com/infocenter/tivihelp/v15r1/topic/com.ibm.itm.doc_6.2.2fp2/firewall_gateway.htm#firewall_gateway
[One long line]

Summary

This document explains how to control port usage in ITM to avoid conflicts with existing applications.

[{"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"ITM Tivoli Enterprise Mgmt Server V6","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"All Versions","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21456737

Page Feedback