Troubleshooting VPN with the communications trace
IBM® i provides the capability to trace data on a communications line, such as a local area network (LAN) or wide area network (WAN) interface. The average user might not understand the entire contents of the trace data. However, you can use the trace entries to determine whether a data exchange between the local and the remote systems took place.
Starting the communications trace
Use the Start Communications Trace (STRCMNTRC) command to start the communications trace on your system. The following is an example of the STRCMNTRC command:
STRCMNTRC CFGOBJ(TRNLINE) CFGTYPE(*LIN) MAXSTG(2048) TEXT('VPN Problems')The command parameters are explained in the following list:
- CFGOBJ (Configuration object)
- The name of the configuration object to trace. The object is either a line description, a network interface description, or a network server description.
- CFGTYPE (Configuration type)
- Whether a line (*LIN), a network interface (*NWI), or a network server (*NWS) is being traced.
- MAXSTG (Buffer size)
- The buffer size for the trace. The default value is set to 128 KB. The range goes from 128 KB to 64 MB. The actual maximum system-wide buffer size is defined within the System Service Tools (SST). Therefore, you might receive an error message when using a larger buffer size on the STRCMNTRC command than defined in the SST. Keep in mind that the sum of buffer sizes specified on all started communications traces must not exceed the maximum buffer size defined in the SST.
- DTADIR (Data direction )
- The direction of data traffic to be traced. The direction can be outbound traffic only (*SND), inbound traffic only (*RCV), or both directions (*BOTH).
- TRCFULL (Trace full )
- What occurs when the trace buffer is full. This parameter has two possible
values. The default value is *WRAP, which means, when the trace buffer is
full, the trace wraps to the beginning. The oldest trace records are written
over by new ones as they are collected.
The second value *STOPTRC let the trace stop when the trace buffer, specified in the MAXSTG parameter is full of trace records. As general rule, always define the buffer size to be large enough to store all the trace records. If the trace wraps, you might lose important trace information. If you experience a highly intermittent problem, define the trace buffer to be large enough that a wrap of the buffer will not discard any important information.
- USRDTA (Number of user bytes to trace)
- Defines the number of data to be traced in the user data part of the data frames. By default only the first 100 bytes of user data are captured for LAN interfaces. For all other interfaces, all user data is captured. Make sure you specify *MAX if you suspect problems in the user data of a frame.
- TEXT (Trace description)
- Provides a meaningful description of the trace.
Stopping the communications trace
If you do not otherwise specify, the trace typically stops as soon as the condition for which you are tracing occurs. Use the End Communications Trace (ENDCMNTRC) command to stop the trace. The following command is an example of the ENDCMNTRC command:
ENDCMNTRC CFGOBJ(TRNLINE) CFGTYPE(*LIN)The command has two parameters:
- CFGOBJ (Configuration object)
- The name of the configuration object for which the trace is running. The object is either a line description, a network interface description, or a network server description.
- CFGTYPE (Configuration type )
- Whether a line (*LIN), a network interface (*NWI), or a network server (*NWS) is being traced.
Printing the trace data
After you stop the communications trace, you need to print the trace data. Use the Print Communications Trace (PRTCMNTRC) command to perform this task. Since all line traffic is captured during the trace period, you have multiple filter options for output generation. Try to keep the spooled file as small as possible. This makes the analysis faster and more efficient. In the case of a VPN problem, filter on IP traffic only and, if possible, on a specific IP address. You also have the option of filtering on a specific IP port number. The following is an example of the PRTCMNTRC command:
PRTCMNTRC CFGOBJ(TRNLINE) CFGTYPE(*LIN) FMTTCP(*YES) TCPIPADR('10.50.21.1)
SLTPORT(500) FMTBCD(*NO)In this example, the trace is formatted for IP traffic and contains only data for the IP address, where the source or destination address is 10.50.21.1 and the source or destination IP port number is 500.
Only the most important command parameters for analyzing VPN problems, are explained below:
- CFGOBJ (Configuration object)
- The name of the configuration object for which the trace is running. The object is either a line description, a network interface description, or a network server description.
- CFGTYPE (Configuration type)
- Whether a line (*LIN), a network interface (*NWI), or a network server (*NWS) is being traced.
- FMTTCP (Format TCP/IP data)
- Whether to format the trace for TCP/IP and UDP/IP data. Specify *YES to format the trace for IP data.
- TCPIPADR (Format TCP/IP data by address)
- This parameter consists of two elements. If you specify IP addresses on both elements, only IP traffic between those addresses will print.
- SLTPORT (IP port number)
- The IP port number to filter.
- FMTBCD (Format broadcast data)
- Whether all broadcast frames are printed. Yes is the default. If you do not want; for example, Address Resolution Protocol (ARP) requests, specify *NO; otherwise you might be overwhelmed with broadcast messages.