Tuesday, August 31, 2010

Port stealing between different cics processes

Whenever we bring up more than one region on the same host machine what if the first region's cics processes steals the listener port assigned to the second region's listener?
This is very much possible provided the listener ports for the second region lies in the dynamic port range of host machine's OS. This looks like an uncommon scenario but occurs surprisingly often.

Region A Steals Region B's Ports
First question which would strike anyone here is how the first region's process managed to steal the port assigned to the other region's listener. This is possible because, when first region comes up, it runs a daemon process called “SARPCD” which acts as an endpoint
between various cics processes. So the first region's cics processes needs to register with SARPCD for tcp, udp and cics_ipc transport layer protocol in order to communicate with other cics processes.
So here's the hook from Region A. Since Region B has not started yet, if its listener ports defined in /etc/services are in the dynamic port range of the host machine OS, then it is available to be used by the Region A's cics processes to register with SARPCD. Region B's ports are hence liable to be stolen by Region A!

Aftermath : Region B Fails to Start
Second question following it is about the consequences. Since
the port assigned to Region B has already been stolen by Region A's cics processes, whenever
we try to bring up Region B, it will fail with a message "cicsip failed to start"

The Solution
Now the next thing to follow is the solution. With the new IANA standard, dynamic port range has been shifted to 49152-65535. This reduces the chance of port stealing provided the assigned port range for the Region is below 49152.
Microsoft Windows operating systems from Server 2003 use the range 1025-5000 as ephemeral ports(dynamic port). Windows Vista and Server 2008 use the IANA range(49152-65535 ). So Windows versions before Vista are quite suseptible to this issue if we choose listener ports for Region B and subsequent regions in the range of 1025-5000.
To overcome this issue either choose listener port for subsequent regions above 5000 or tweak the registry to restrict the dynamic port range inside the provided range of 1024-5000 to a range for which you are not going to define a subsequent region's listener.

Information on how to tweak registry can be found here.

No comments:

Post a Comment