Controlling automatic port scanning

Red Hat Enterprise Linux 9.2 LPAR mode z/VM guest

Automatic port scanning includes two zfcp parameters that improve the behaviour of Linux instances in SANs. These zfcp parameters are set to default values that work well for most installations.

If needed, you can fine-tune the frequency and timing of automatic port scans with the zfcp parameters port_scan_backoff and port_scan_ratelimit.

You can enable automatic port scanning with the zfcp parameter no_auto_port_rescan=0. This value is the default.

About this task

In a large installation, where many Linux instances receive the same notifications of SAN changes, multiple instances might trigger scans simultaneously and too frequently. See Figure 1
Figure 1. Numerous port scans in a Linux installation
These scans might put unnecessary load on the name server function of fabric switches and potentially result in late or inconclusive results.
You can avoid excessive scanning, yet still ensure that a port scan is eventually conducted. You can control port scanning with the zfcp parameters:
port_scan_ratelimit
sets the minimum delay, in milliseconds, between automatic port scans of your Linux instance. The default value is 60000 milliseconds. To turn off the rate limit, specify 0.
port_scan_backoff
sets an additional random delay, in milliseconds, in which the port scans of your Linux instance are spread. In an installation with multiple Linux instances, use this zfcp parameter for every Linux instance to spread scans to avoid potential multiple simultaneous scans. The default value is 500 milliseconds. To turn off the random delay, specify 0.
Use module parameters. On a running Linux system, you can also query or set these values by using the sysfs attributes with the same names.
Using port_scan_ratelimit reduces the number of scans, as shown in Figure 2
Figure 2. Port scan behavior with scan rate limit.
However, if the rate limit is set to the same value, the scans can still occur almost simultaneously, as for FCP device A and B in Linux 1.

Using port_scan_backoff and port_scan_ratelimit together delays port scans even further and avoids simultaneous scans, as shown in Figure 3. In the figure, FCP devices A and B in Linux 1 have the same rate limit and the same backoff values. The random element in the backoff value causes the scans to occur at slightly different times.

Figure 3. Port scan behavior with backoff and scan rate limit.

Procedure

Use port_scan_backoff and port_scan_ratelimit together or separately to tune the behavior of port scanning:

  • To avoid too frequent scanning, set a minimum wait time between two consecutive scans for the same Linux instance. Use the port_scan_ratelimit sysfs attribute.
    By default, port_scan_ratelimit is turned on and has a value of 60000 milliseconds.
    For example, to specify an attribute value of 12 seconds, issue:
    # echo 12000 > /sys/module/zfcp/parameters/port_scan_ratelimit
  • To further spread scans over a certain time and thus avoid multiple simultaneous scans, set the port_scan_backoff sysfs attribute.
    By default, port_scan_backoff is turned on and has a value of 500 milliseconds.
    For example, to query the setting, issue a command of this form:
    # cat /sys/module/zfcp/parameters/port_scan_backoff
    500
    To set the attribute to 1 second, issue:
    # echo 1000 > /sys/module/zfcp/parameters/port_scan_backoff

Results

The automatic port scans are delayed by the values specified. If a SAN notification is received during the rate limit time, a port scan is conducted immediately after the delay time passed.

Setting the attributes in sysfs is a useful method on a running system where you want to make dynamic changes. If you want to make the changes persistent across IPLs, use the kernel or module parameter.

Depending on the port event, one or more of the three zfcp parameters are evaluated to schedule a port scan. For example, port scans that are triggered manually through sysfs are not delayed. Table 1 shows which events evaluate which zfcp parameters.
Table 1. Port events and their use of port scanning zfcp parameters
zfcp parameter no_auto_port_rescan port_scan_backoff port_scan_ratelimit
Event
FCP device resume Yes Yes No
User sets FCP device online No Yes No
User initiates a port scan No No No
User starts FCP device recovery Yes Yes Yes
Automatic FCP device recovery Yes Yes Yes
SAN change notification Yes Yes Yes