HP Serviceguard manual Help menu for ndd -h ipstrongesmodel, Etc/rc.config.d/nddconf as follows

Using a Relocatable Address as the Source Address for an Application that is Bound to INADDR_ANY

CAUTION: The procedure in this section depends on setting the HP-UX kernel parameter

ip_strong_es_model. HP supports setting this parameter for use with Serviceguard only if you are not using a cross-subnet configuration (page 30). Otherwise, leave the parameter at its default setting (zero, meaning disabled) and do not attempt to use the procedure that follows.

In an application for which INADDR_ANY is set, the procedure that follows enables HP-UX to use a relocatable package IP address on the same subnet as the source address of outgoing IP data packets, instead of automatically selecting the physical network IP address of the interface.

The procedure uses the HP-UX parameter ip_strong_es_model to enable per-interface default gateways. These default gateways are created for secondary network interfaces when you add a relocatable package IP address to the system. When the ip_strong_es_model is set to 1 and the sending socket (or communication endpoint) is bound to INADDR_ANY, IP will send the packet using the interface on which the inbound packet was received.

For more information about this parameter, see:

•The help menu for ndd –h ip_strong_es_model.

•The HP-UX IPSec Version A.03.00 Administrator's Guide which you can find at http:// www.hp.com/go/hpux-security-docs—>HP-UX IPSec Software.

Perform the following steps on each node before configuring the cluster:

1.Enable strong end-system model permanently by editing /etc/rc.config.d/nddconf as follows:

TRANSPORT_NAME[1]=ip

NDD_NAME[1]=ip_strong_es_model NDD_VALUE[1]=1

2.If you have not already done so, disable dead gateway probing permanently by editing

/etc/rc.config.d/nddconf as follows:

TRANSPORT_NAME[2]=ip

NDD_NAME[2]=ip_ire_gw_probe NDD_VALUE[2]=0

Once this has been done, use the HP-UX command route (1m) from within the package to add or delete a default route for each relocatable IP address, to allow it to communicate with all remote subnets. See the examples that follow.

IMPORTANT: You need to add and delete default routes only in a configuration in which the clients reside on a subnet different from that of the server's relocatable address. If all the client applications are on the same subnet as the relocatable IP address, you do not need to add or delete any routes for the relocatable addresses; they are added automatically when you add the relocatable addresses to the server.

For example, put a command such as the following in the customer_defined_run_commands function of a legacy package, or the start_command function in the external_script (page 252) for a modular package:

/usr/sbin/route add net default 128.17.17.1 1 source 128.17.17.17

In this example, 128.17.17.17 is the relocatable IP address of the package, and 128.17.17.1 is the gateway address of this network. So clients on any remote subnets coming into the

128.17.17.17address will get 128.17.17.17 returned as the source IP address if the application in the package is bound to INADDR_ANY. This allows the IP packets to go through the firewall to reach other organizations on the network.

When the package halts, the route must be removed.

Put a command such as the following in the customer_defined_halt_commands function of a legacy package, or the stop_command function in the external_script (page 252) for a modular package:

Using a Relocatable Address as the Source Address for an Application that is Bound to INADDR_ANY 349