Description

In the FSS environment, the UDP Multiport feature helps to improve IO performance and stability of data flow. By default, LLT uses 50000 to 50001 port range for clustering and 50002 to 50006 for I/O shipping sockets. These ports could be blocked by the firewall. netcat is a reliable back-end tool that provides network connectivity to other applications and users. The ncat networking utility replaces netcat from Red Hat Enterprise Linux 7 onwards.

We can use the netcat/nc utility to test whether the LLT UDP ports are open for communication.

1) To install the ncat package, enter as root: 

# yum install ncat -y

2) Ensure the ports are not being used on the servers that you are trying to test.

# netstat -a | grep -i

Note: The tests should be conducted on the ports not "in use" by LLT to prevent any effect on a running cluster.

3) On one of the nodes, run the netcat to listen for connections to the UDP port (This will act as client)

# nc -v -4 -u -l -p

Options :

-4                         Use IPv4 only
-v, --verbose              Set verbosity level (can be used several times)
-u, --udp                  Use UDP instead of default TCP
-l, --listen               Bind and listen for incoming connections
-p, --source-port port     Specify source port to use

Sample Output :

# nc -v -4 -u -l -p 50002
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Listening on 0.0.0.0:50002
 

4) On the other node, run the netcat to send a message with the below options, to test if the port is connected.

# nc -v -u -s -c

Options :

-v, --verbose              Set verbosity level (can be used several times)
-u, --udp                  Use UDP instead of default TCP
-s, --source addr          Specify source address to use 
-c, --sh-exec    Executes the given command via /bin/sh
 

Sample Output :

# nc -v -u -s 192.168.10.101 -c date 192.168.10.102 50002
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.10.102:50002. <<
 

5) On the Client node which is in the listening mode, the 3rd step will receive the connection and run the command requested as below.

# nc -v -4 -u -l -p 50002
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Listening on 0.0.0.0:50002
Thu Sep 14 20:39:30 PDT 2023  <<<<

6) If the command is not executed on the client node, the ports are blocked at the network firewall or OS firewall. It is recommended to open all the UDP ports bidirectionally.

To open the ports from the network end, contact the network team. 

How to enable ports in the Operating System using iptables

For incoming traffic:

iptables -A INPUT -p udp -m udp --dport -j ACCEPT

For outgoing traffic:

iptables -A OUTPUT -p udp -m udp --sport -j ACCEPT

Please refer to the article below to allow ports via firewall and use different ports for LLT.

https://www.veritas.com/content/support/en_US/doc/79630152-149458026-0/v141891207-149458026

7) Now reverse the test to make the other node a client and run steps 2-6

8) Once all the ports are tested & found to be connected. Please restart the cluster services (including LLT) to allow UDP Multiport connections. This has to be done on all the nodes of the cluster.

Note: The UDP Multiport Feature is enabled by default. If it is disabled, then stop the cluster services up to LLT, enable the UDP Multiport feature in the /etc/sysconfig/llt file and start the cluster services. This has to be done on all the nodes of the cluster.