 
| Subject: | |
| From: | |
| Reply To: | HOFMEISTER,JAMES (HP-USA,ex1) |
| Date: | Mon, 14 Aug 2000 13:41:01 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Hello Folks @ 3000-l,
Re: Telnet logon difficulties
In response to questions raised on 3000-L concerning increasing the
priority of the INETD process to the BS queue:
Here is what the system looks like today with the HP recommended
configuration of
the JINETD job with :run jinetd.net.sys;pri=cs
----------------------------------------------------------------------
:showproc ;pin=1;system;tree
QPRI CPUTIME STATE JOBNUM PIN (PROGRAM) STEP
...
B149* 0:05.153 WAIT 24 (NMFILE.PUB.SYS)
B149* 0:00.510 WAIT 25 (NMLOGMON.PUB.SYS)
B148* 0:00.048 WAIT 26 (NMLOGICS.PUB.SYS)
B149* 0:00.335 WAIT 27 (NMTRCMON.PUB.SYS)
B149* 1:55.567 WAIT 28 (NMCONSOL.PUB.SYS)
B149* 0:03.462 WAIT 34 (NETCP.NET.SYS)
C152* 0:00.038 WAIT 52 (ICMPSERV.NET.SYS)
B149* 0:00.276 WAIT 53 (SOCKREG.NET.SYS)
B149* 0:00.033 WAIT 54 (PT2PNSTN.NET.SYS)
B149* 0:00.837 WAIT 51 (TCPSIP.NET.SYS)
B149* 0:03.678 WAIT 56 (DSDAD.NET.SYS)
...
B152 0:00.456 WAIT J2 48 (JSMAIN.PUB.SYS)
D202 0:00.439 WAIT J2 57 :RUN inetd.net.sys;pri=cs
C152 0:00.965 WAIT J2 59 (INETD.NET.SYS)
...
C152* 0:52.714 WAIT 46 (SNMP.NET.SYS)
Bootpd request:
C200 3:03.110 WAIT J2 39 (BOOTPD.NET.SYS)
Telnet logon:
B152 0:00.452 WAIT S9 66 (JSMAIN.PUB.SYS)
C152 0:00.161 WAIT S9 45 :EDITOR
C152 0:00.465 WAIT S9 39 (EDITOR.PUB.SYS)
VT logon:
B152 0:00.441 WAIT S8 42 (JSMAIN.PUB.SYS)
C152 0:00.709 WAIT S8 67 :EDITOR
C152 0:00.325 WAIT S8 64 (EDITOR.PUB.SYS)
FTP logon:
C152 0:00.901 WAIT J28 64 (FTPSRVR.ARPA.SYS)
Note: As per the above bootpd request, the priority of this process
has already dropped due to incoming request being processed.
----------------------------------------------------------------------
In trouble shooting situations (not production) I have implemented a
PRI=152 to lock INETD in a linear queue at the top of the CQ with
priority = 152 and here is what that looks like:
----------------------------------------------------------------------
B152 0:00.466 WAIT J26 43 (JSMAIN.PUB.SYS)
D202 0:00.404 WAIT J26 57 :RUN inetd.net.sys;pri=152
B152 0:00.917 WAIT J26 61 (INETD.NET.SYS)
Bootpd request:
B152 0:00.634 WAIT J26 64 (BOOTPD.NET.SYS)
FTP logon:
B152 0:00.695 WAIT J26 63 (FTPSRVR.ARPA.SYS)
Telnet logon:
B152 0:00.436 WAIT S10 66 (JSMAIN.PUB.SYS)
C152 0:00.187 WAIT S10 39 :EDITOR
C152 0:00.157 WAIT S10 45 (EDITOR.PUB.SYS)
I have not checked to see what happens to SAMBA and all of the
other servers running under INETD, but I do see an undesirable result
here with FTP and BOOTPD running at linear queue B152.
----------------------------------------------------------------------
Now as per the suggested configuration of ALTPROC JOB=#J5;PRI=BS.
I did this on my system:
----------------------------------------------------------------------
:showjob job=jinetd,manager.sys
JOBNUM STATE IPRI JIN JLIST INTRODUCED JOB NAME
#J26 EXEC 10S LP MON 12:34P JINETD,MANAGER.SYS
JOBFENCE= 0; JLIMIT= 60; SLIMIT= 100
:altproc job=#j26;pri=BS
B152 0:00.466 WAIT J26 43 (JSMAIN.PUB.SYS)
B100 0:00.404 WAIT J26 57 :RUN inetd.net.sys;pri=152
B152 0:01.219 WAIT J26 61 (INETD.NET.SYS)
Telnet logon:
B152 0:00.440 WAIT S11 66 (JSMAIN.PUB.SYS)
C152 0:00.279 WAIT S11 39 :EDITOR
C152 0:00.269 WAIT S11 59 (EDITOR.PUB.SYS)
Bootpd request:
B152 0:01.340 WAIT J26 64 (BOOTPD.NET.SYS)
FTP logon:
B152 0:00.654 WAIT J26 63 (FTPSRVR.ARPA.SYS)
Again I have not checked to see what happens to SAMBA and all of the
other servers running under INETD, but I do see an undesirable result
here with FTP and BOOTPD running at linear queue B152.
----------------------------------------------------------------------
One of my colleagues (Jay Bauer) saw a different result so I tested
further and found if the JINETD job does not already have the HP
recommended ;PRI=CS on the run that the result of the ALTPROC is
different:
----------------------------------------------------------------------
B152 0:00.468 WAIT J27 48 (JSMAIN.PUB.SYS)
B100 0:00.403 WAIT J27 59 :RUN inetd.net.sys
B100 0:00.894 WAIT J27 64 (INETD.NET.SYS)
Bootpd request:
B100 0:00.643 WAIT J27 67 (BOOTPD.NET.SYS)
FTP logon:
B100 0:00.651 WAIT J27 45 (FTPSRVR.ARPA.SYS)
Telnet logon:
B152 0:00.430 WAIT S13 66 (JSMAIN.PUB.SYS)
C152 0:00.246 WAIT S13 39 :EDITOR
C152 0:00.156 WAIT S13 61 (EDITOR.PUB.SYS)
Again I have not checked to see what happens to SAMBA and all of the
other servers running under INETD, but I do see an undesirable result
here with FTP and BOOTPD running at linear queue B100.
----------------------------------------------------------------------
Concerns after looking into all of the above data...
First of all I am assuming your system queues are something close to
the defaults...
------QUANTUM-------
QUEUE BASE LIMIT MIN MAX ACTUAL BOOST TIMESLICE
----- ---- ----- --- --- ------ ----- ---------
CQ 152 200 1 2000 30 DECAY 200
DQ 202 238 2000 2000 2000 DECAY 200
EQ 240 253 2000 2000 2000 DECAY 200
Note: Actually when I was a sysmgr (In another life) I always wrapped
the DQ slightly over part of the CQ to assure my batch jobs at lease got
logged on and a chance to execute.
Concerns:
1) Telnet is the only server (due to it's proprietary implementation)
which launches correctly in this ";pri=bs" scheme. I am ok with the
JSMAIN at B152 (same as VTSERVER and DTC) and the CI and it's children
behave executing at C152 and decay to C200 as per the above noted queue
defaults.
2) FTP at B152 is a problem. Process in the BQ don't decay! They
also don't block for lower priority processes. With FTP at B152 on a
low to mid range or busy system and a client sending data from a high
end system, FTP at B152 will degrade the performance of online sessions
Telnet and NS-VT. ICMPSERV (ping and ICMP message server) and SNMP
Servers will time out request.
3) FTP at B100 is a serious problem. At the very top of this document
I perform a "showproc ;pin=1;system;tree" and I identify the network
system process's. Note that all of these process are running at B149
except for ICMPSERV and SMMP which run at C152. I could ramble on
about possible concerns with semaphore locking, hangs, looping, but
the bottom line is a System Abort is eminent.
4) SAMBA and all of the other servers running under INETD. Pretty much
the same concerns as above for FTP at both the B152 and B100 priorities.
An added concern is with INETD at a 'system process' priority and with
the child process's being created at these same levels is that INETD is
a standard (I have a definition of this I will give you later) and that
increases the likely hood that an external or internal hacker who has
the ability to launch INETD service request on your system will more
likely be successful at launching a loss of service attack which in this
case will not only take out the service, but may also hang our system.
My definition of a "standard" is mediocre "the minimal functionality
which satisfies the fewest people contracted to be built by the lowest
bidder." //:~)
The feature set we are looking for is for INETD to create process and
services at the correct priorities and assure sufficient resources.
This is a feature of "DSDAD" HP's proprietary (ops, said that bad word)
NS Services Server. INETD does not have this functionality. DSDAD as
you can see in the above "showproc ;pin=1;system;tree" executes at B149
which assures it will never be starved for resources, but it creates
the servers at appropriate priorities which are adjusted by HP Labs to
assure sufficient resources to perform the required task, but avoiding
interference with other system processes and unfair competition with
user processes.
Bottom Line:
------------
I would not recommend the PRI= be changed from the PRI=CS recommended
by HP.
I would suggest you pursue an enhancement request for INETD to increase
the functionality to support running INETD as a system process and
create the service processes at the appropriate user priority levels.
I have recommended this solution in the past SR 4701-371708 but I was
disappointed with the final ";PRI=CS" solution. I would suggest a new
SR - Enhancement Request be submitted and of course talk up this need
at HP-World.
Note: HP does not support increasing the priority of INETD or any user
applications to a priority in the BS queue.
FYI: Before you assume you are seeing a performance problem with INETD
launching services, please make sure you have the General Release FTP
and Telnet patches installed as both contain fixes for hangs of INETD.
Regards,
James Hofmeister
Hewlett Packard
Worldwide Technology Network Expert Center
P.S. My Ideals are my own, not necessarily my employers.
|
|
|
