NOVELL TECHNICAL INFORMATION DOCUMENT TITLE: NIP318.EXE; NetWare/IP 1.1 Maintenance README FOR: NIP318.EXE NOVELL PRODUCTS and VERSIONS: NetWare/IP 1.1 ABSTRACT: NIP318.EXE contains a patch for NetWare/IP 1.1 (for NetWare 3.12 and 4.02 servers ONLY). Includes both fixes and enhancements including support for new parameters. NIP318 is strongly recommended for all NetWare/IP 1.1 sites with NetWare 3.12 and NetWare 4.02, and supersedes all previous patches to NetWare/IP 1.1 for NetWare 3.12 and NetWare 4.02, including special compiled versions. ----------------------------------------------------------------- DISCLAIMER THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO NOVELL. NOVELL MAKES EVERY EFFORT WITHIN ITS MEANS TO VERIFY THIS INFORMATION. HOWEVER, THE INFORMATION PROVIDED IN THIS DOCUMENT IS FOR YOUR INFORMATION ONLY. NOVELL MAKES NO EXPLICIT OR IMPLIED CLAIMS TO THE VALIDITY OF THIS INFORMATION. ----------------------------------------------------------------- SYMPTOM: 1. Server crash due to memory corruption. 2. Badly formatted output for "stat", etc., when running on NetWare 3.12. 3. Hanging with NetWare 3.12 on a NetFrame machine. 4. Not showing all RIPs and SAPs. 5. Client received network errors and was unable to login to servers. 6. On a heavily loaded machine, NWIP/IPX gateway could not resolve SAP/RIP information for NWIP client. 7. Server abends resulting from truncated DNS packets. 8. NWIP client unable to get a NWIP parameter over a slow link. 9. Cache timeouts. 10. Server hangs while unloading NAMED.NLM. 11. Failure to create an accurate replica database (a local copy of the zone database imported from the master/primary DNS server), an invalid response to Start of Authority (SOA) and Name Server (NS) queries. 12. If SAPs were received at too fast a rate, some where dropped. 13. When NetWare DNS was a DNS replica, unexpected responses from the master, resulted in repeated queries leading to a timeout. SOLUTION: - Apply NIP318.EXE as described below. - In addition, for symptom number 11, update the Domain Name Server. To Update the Domain Name Server -------------------------------- The NAMED.NLM included in NIP318.EXE contains a fix for servers that use the old NAMED.NLM that came with NFS Gateway 1.1/1.2 and NetWare/IP 1.1. Therefore, Domain Name only requires updating on servers that use the NAMED.NLM replica function. 1. After installing NIP318.EXE according to the directions below, do ONE of the following: -- A. Manually delete the zone database file on the DNS replica servers. To locate the zone database file on the servers, search for the entry that begins with the keyword "secondary" in SYS:ETC/NAMED.CFG. After you delete the zone database file, load the new NAMED.NLM. For example, in the entry: SECONDARY FOO.COM 1.2.3.SYS:ETC/DNS/ZONE.DB the zone database file is ZONE.DB. Then go to the SYS:ETC/DNS/ directory and delete ZONE.DB. -- B. Manually edit the serial number field in the SOA record for the zone at the master name server to increment the number by one digit. To locate the file to edit, search for the entry that begins with the keyword "primary" in the SYS:ETC/NAMED.CFG file. Self-Extracting File Name: nip318.exe Files Included Size Date Time ..\ NIP318.TXT (This file) ..\NWIP1\ PCONFIG.DAT 950 4-21-95 11:00:42 am PCONFIG.HLP 2183 7-29-92 1:27:20 pm PCONFIG.NLM 15934 9-17-93 6:03:06 pm PFILES.DAT 2589 5-26-95 1:56:52 pm PINSTALL.HLP 6798 6-21-93 2:53:24 pm PINSTALL.NLM 132824 3-21-94 11:45:58 am P_UNINST.HLP 892 7-27-92 12:02:08 pm P_UNINST.NLM 72042 11-8-93 6:40:06 pm SPACE.DAT 10 2-1-93 3:58:28 pm ..\NWIP1\PUBLIC\ NWIPMAP.E11 140433 9-28-93 2:30:42 pm NWIPMAP.EXE 288277 3-21-95 8:07:18 pm ..\NWIP1\PUBLIC\NLS\ 1252_UNI.001 727 5-31-94 11:39:46 am 437_UNI.001 727 4-4-94 11:22:20 am 850_UNI.001 727 4-4-94 11:22:24 am UNI_1252.001 2264 5-31-94 11:39:48 am UNI_437.001 2904 4-4-94 11:22:24 am UNI_850.001 2776 4-4-94 11:22:28 am UNI_COL.001 1752 4-4-94 11:22:18 am UNI_MON.001 4312 4-4-94 11:22:18 am ..\NWIP1\PUBLIC\NLS\ENGLISH\ NWIPMAP.M11 3401 8-24-93 3:58:18 pm NWIPMAP.MSG 7821 8-24-93 3:58:18 pm ..\NWIP1\PUBLIC\NLS\NWIP11\ 1252_UNI.001 745 1-26-93 5:10:24 pm 437_UNI.001 818 1-26-93 4:57:46 pm 850_UNI.001 837 1-26-93 4:57:56 pm UNI_1252.001 733 1-26-93 5:10:32 pm UNI_437.001 977 1-26-93 4:57:56 pm UNI_850.001 906 1-26-93 4:58:06 pm UNI_COL.001 1063 1-23-93 2:24:24 pm UNI_MON.001 1406 1-23-93 2:23:46 pm ..\NWIP1\SYSTEM\ DSS.NLM 92553 3-25-95 11:01:22 am NAMED.NLM 52092 5-26-95 3:43:02 pm NETDB.NLM 57940 3-8-94 2:25:02 pm NWIP.NLM 124044 5-12-95 6:35:38 pm NWIPADM.HLP 10796 4-19-95 4:12:48 pm NWIPADM.NLM 53338 4-27-95 12:04:20 pm NWIPAGT.NLM 10625 4-20-95 6:44:28 pm Installation Instructions: CAUTION: Do not delete all of the original NWIP 1.1 software from the server. NIP318 replaces only some of the NWIP1.1 files. 1. Backup your current NetWare/IP files. 2. At a the console of a server that already has NetWare/IP 1.1 installed, create a new directory named NIP318 on any valid NetWare volume. MD NIP318 3. Copy NIP318.EXE into the new directory. 4. Type NIP318 to extract the files. 5. From the server console, activate the installation program by typing: LOAD INSTALL 6. Select PRODUCT OPTIONS. The Currently Installed Products Menu appears and lists the following products: NWIP 1.1 NetWare/IP NWUPD 1.1B PTF-F191 NetWare/IP Patch The NWUPD entry will only appear in the list if you have previously applied the NIP191 patch. 7. If the NWUPD entry appears, highlight it, and hit DELETE to remove it. 8. Press 9. Press to install the files in NIP318. The "SPECIFY DIRECTORY PATH" dialogue box will appear. 10. Type in the path to the directory where the NIP318 files were extracted. Example: SYS:\NIP318\NWIP1 11. If previous patches remain, the NIP318 install will prompt you to remove them before proceeding. After the installation program installs the files, the "Currently Installed Products" menu will appear listing: NWIP 1.1 NetWare/IP NWUPD 1.1C PTF-F318 NetWare/IP Patch 12. Exit the Installation program or press +. The system console prompt will appear. 13. Although your current NetWare/IP client will continue to work after you apply NIP318, we strongly recommend that you also update your NetWare/IP client by downloading NIPW21.EXE (it will be in the same Library as NIP318.EXE). The IP Client in NIPW21.EXE provides: --- better IPX compatibility. --- support for the NMS NET Explorer Automatic Discovery function. --- support for the NWIPMAP.EXE included in NIP318. --- support for other new features included in NIP318. 14. If a NWIP server is a non - forwarding gateway, it does not send information learned from the IPX side to the DSS. We encourage you to designate one or two NWIP/IPX servers as forwarding gateways and avoid having other servers as gateways (forwarding or non-forwarding), with no gateways configured as non - forwarding. A NetWare/IP client, connected to a non-forwarding gateway, may be able to see a server using "SLIST" and yet not be able to connect to that server. NIP318 gives you the ability to set up "Forwarding NWIP/IPX Gateways" but, the default is non-forwarding. To configure the "Forward IPX to DSS" parameter on a NetWare/IP server, use the UNICON utility. Start at the UNICON utility's Main Menu and select the following: -> Manage Services ----> NetWare/IP -------> Configure NetWare/IP The NetWare/IP Server Configuration screen will appear: EXAMPLE |NetWare/IP Domain: nwip.novell.com| |Preferred DSSes: | |Initial DSS Contact Retries: 3 | |Retry Interval: 4 seconds | |Slow Link Customization: | |Forward IPX Information to DSS? No | Select the "Forward IPX Information to DSS?" field, and specify your selection. If you changed a parameter, return to the console prompt and type: UNISTOP to unload the NetWare/IP modules from memory. Then Type: UNISTART to start the modules again. NOTE: a) Forwarding cannot be changed dynamically. The command-line option /forward=yes (or /forward=no) can be used only at load time (not at run-time). AND b) Forwarding specification on the command line always overrides the forwarding specification in the NWPARAMS file. c) When NWIP is loaded with the option "/forward=no" for the first time, it can be loaded again with the option "forward=yes", and it will dynamically change to a forwarding gateway, but not vise versa. If you want to change the forwarding gateway to a non-forwarding gateway, you have to unload and reload the NWIP again. The forwarding feature can be enabled(disabled) either by specifying a command line switch at load time or through UNICON under the configure NetWare/IP server option. 15. NetWare/IP Server Configuration ----------------------------------- If you download NIPW21.EXE for your clients, and wish to configure the server to utilize the new parameters which will be available if you do, start the UNICON utility. AFTER you finish changing parameters, return to the console prompt and type: UNISTOP to unload the NetWare/IP modules from memory. Then Type: UNISTART to start the modules again. 15A. To Configure the "Initial DSS Contact Retries" Parameter At the main UNICON screen select: -> Manage Services ----> NetWare/IP -------> Configure NetWare/IP The NetWare/IP Server Configuration screen will appear: EXAMPLE |NetWare/IP Domain: NWIP.NOVELL.COM| |Preferred DSSes: | |Initial DSS Contact Retries: 3 | |Retry Interval: 4 seconds | |Slow Link Customization: | |Forward IPX Information to DSS? No | Change the "Initial DSS Contact Retries" field to the desired number of retries. 15B. To configure the "Retry Interval" parameter: At the main UNICON screen select: -> Manage Services ----> NetWare/IP -------> Configure NetWare/IP The NetWare/IP Server Configuration screen will appear: EXAMPLE |NetWare/IP Domain: NWIP.NOVELL.COM| |Preferred DSSes: | |Initial DSS Contact Retries: 3 | |Retry Interval: 4 seconds | |Slow Link Customization: | |Forward IPX Information to DSS? No | 15C. To configure the "Preferred DSS" Parameter At UNICON's Main Menu, select the following: -> Manage Services ----> NetWare/IP -------> Configure NetWare/IP Server ----------> Preferred DSSes: The Preferred DSSes (Host/IP Address/Network) screen appears. Hit ENTER and a form screen will appear for you to fill in. EXAMPLE Preferred DSS #1: 20.19.0.0 Preferred DSS #2: 120.5.1.1 Preferred DSS #3: 127.39.1.0 Preferred DSS #4: 128.0.0.0 Preferred DSS #5: sanjose 15D. For a NetWare/IP domain configured to span WAN links, you can configure the "Tunable Parameters": --- For a NetWare IPX client that occasionally times out or disconnects while accessing remote servers --- To control the network traffic between DSS servers and NetWare/IP servers, and between the primary DSS server and secondary DSS servers --- To optimize an IPX client that occasionally times out or disconnects while accessing remote servers, you can configure the Ticks Between Nodes Tunable parameters. These parameters specify the approximate one-way time for a packet to travel, in ticks, between two NetWare/IP nodes on the same IP subnetwork, same IP network, and different IP networks. A tick equals 1/18th second. You can estimate the time for a packet to travel between nodes on the same subnetwork, same network, and different networks, by using the NetWare PING utility. To access the Ping utility, enter: LOAD PING ip_address at your system prompt. To change the "Tuneable Parameters", at UNICON's Main Menu, select: -> Manage Services ----> NetWare/IP -------> Configure Primary DDS ----------> Tunable Parameters The "Tunable Parameters" will screen. EXAMPLE |UDP Port Number for NetWare/IP Service: 43981 | |DSS-NetWare/IP Server Synchronization Interval: 5 | |Primary-Secondary DSS Synchronization Interval: 5 | |Maximum UDP Retransmissions: 3 | |UDP Checksum? No | |Ticks between Nodes on the Same IP Subnet: 2 | |Ticks between Nodes on the Same IP Net: 4 | |Ticks between Nodes on Different IP Nets: 6 | Configure the last three parameters on the list: - Ticks between Nodes on the Same IP Subnet: - Ticks between Nodes on the Same IP Net: - Ticks between Nodes on Different IP Nets: The example shows the defaults, which in most cases are sufficient. If modifying the Ticks Between Nodes Tunable parameters does not completely solve your timeout problems, you can configure the NetWare/IP servers for host/networks across slow WAN links from which they send and receive packets. Specifically modify the tick values on the NetWare/IP servers that act as IPX/IP gateways and/or send and receive packets over slow WAN links. Specify a remote IP network/host address and the approximate one-way time (in ticks) to ping a remote host on the other side of the slow link using UNICON. You can specify up to five network/host-tick pairs. Use the NetWare Ping utility to estimate the time for a packet to travel the slow links. To access the Ping utility, enter: LOAD PING ip_address at your system prompt. Use the average the PING utility calculates. At UNICON's Main Menu, select the following: -> Manage Services --> NetWare/IP -----> Configure Primary DDS --------> Slow Link Customizations: A Remote Access Via Slow Links screen will appear. EXAMPLE |Network/Host IP Address Tick Value | |atlanta 2 | |127.39.0.0 20 | | | | | | | To optimize the network traffic between DSS servers and NetWare/IP servers, and between the primary DSS server and secondary DSS servers, you can modify the following Tunable parameters on the primary DSS server. Using UNICON, access the "Tunable Parameters" screen, as previously described, and modify the following: - "DSS-NetWare/IP Server Synchronization Interval", which specifies how often a NetWare/IP server queries a DSS server for updated information. The default is five minutes. If you want the latency between the servers and their DSS servers to be small at the expense of extra local traffic, specify a smaller value for this parameter (particularly if your configuration gives each site its own DSS server). - "Primary-Secondary DSS Synchronization Interval", which specifies how often a secondary DSS server queries the primary DSS server for update information. The default is five minutes. If you reduce the traffic between the primary and the secondary DSS servers at the expense of higher DSS-DSS latency (if your configuration spreads DSS servers across WANs), specify a larger value for this parameter. 16. Administrators will not ordinarily need to increase the maximum size of the packet queues maintained by DSS for storing SAP and RIP packets or, increase the maximum number of TCP connections. However, the DSS.NLM in NIP318 allows you to configure those values by adding the following lines to the DSS section of the SYS:ETC\NWPARAMS file of any DSS server you wish to modify. - To increase the maximum size of UDP packets to be greater than the default of 64, add the line: MAX_UDP_PKTS where is a decimal integer greater than 64. - To increase the maximum size of the packet queues to be greater than the default of 16, add the line: MAX_TCP_CONNS where is a decimal integer greater than 16. 17. Registered/Unregistered DSS Servers After you have applied both NIP318 and NIPW21 you have the option of either registering DSS servers (entering them in the DNS database) or not registering them. DSS Server Registered with DNS A registered DSS server is visible to all NetWare/IP nodes through DNS. Each registered DSS server has corresponding NS records in the DNS database, which identify it as a name server for the NetWare/IP domain. When a NetWare/IP host queries DNS for the location of the nearest DSS server, DNS will only return a listing of registered DSS servers, because they are the only DSS servers it knows about. DSS Server Unregistered with DNS A NetWare/IP node cannot locate an unregistered DSS server by issuing a DNS query. Instead, the NetWare/IP node must be provided the name or address of the unregistered DSS server as part of its preferred DSS server listing. For example, you may want to designate a DSS server that is isolated from the rest of the NetWare/IP internetwork by a WAN link as an unregistered DSS server to prevent NetWare/IP servers from redirecting their queries to this DSS server when other closer DSS servers are busy or down. Using unregistered DSS servers can help in overcoming a deficiency of most DNS implementations -- a reply to a DNS query can not exceed 1.5K bytes. If there are more nameservers than a DNS packet can accommodate, all nameserver entries may not be returned in response to an NS query. This deficiency of DNS implementations can be bypassed by using unregistered DSS servers. An administrator can use an unregistered DSS to designate exactly which DSS server a NetWare/IP node should use. This gives the administrator better control of DSS server utilization and load balancing. 18. Using NetWare/IP with the NetWare Management System -------------------------------------------------------- NIPW21 provides better IPX compatibility and support for the NMS NET Explorer Automatic Discovery function. The default value for NWIP1_1 COMPATIBILITY is set to "OFF" to enable the automatic discovery function with NIP318 client installation. NWIP1_1 COMPATIBILITY OFF If you have a mixed NetWare/IP environment in which the servers have either NetWare/IP v1.1 or this update installed, set the value to ON and then no automatic discovery. ----------------------------------------------------------------- Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information. -----------------------------------------------------------------