Verify a route to a particular destination IP address when
you are using policy-based routing (PBR).
Procedure
Perform the following steps to diagnose problems with
IP routing to a destination when you are using policy-based routing:
- While the application is active and attempting to connect
to the destination, use the Netstat ALL/-A report to determine the
policy rule that is assigned to the connection and the route table
being used to perform a route lookup. For information about the Netstat
command, see z/OS Communications Server: IP System Administrator's
Commands.
- If no policy rule is listed and the connection is not expected
to use policy-based routing, see Steps for verifying IP routing to a destination when not using policy-based routing.
- Continue to the following step if one of the following is true:
- A policy rule is not listed and the connection is expected to
use policy-based routing
- A policy rule is listed and the connection is not expected to
use policy-based routing
- A policy rule is listed, but it is not the expected policy rule
- Otherwise, continue with step3.
- For information about how to map a connection to the correct
policy rule, see the 'Policy-based routing' section in z/OS Communications Server: IP Configuration
Guide.
- Use pasearch to find the policy rule
and the corresponding action. For information about the pasearch command, see "Displaying policy-based networking information" section
of z/OS Communications Server: IP System Administrator's
Commands. The
policy action will list all the possible route tables that can be
used for the connection. Perform steps 4 through 6 on each of the route tables
listed in the action.
- Use the Netstat ROUTE/-r PR command
to display routes in the route table. Verify whether TCP/IP has a
route to the destination/network in the route table. For information
about the Netstat ROUTE/-r command, see z/OS Communications Server: IP System Administrator's
Commands.
- If there is no route to the destination/network and no route is
expected to be found in the route table, repeat step 4 using the next route table in
the policy action.
- If there is no route to the destination/network and a route was
expected in the route table, see z/OS Communications Server: IP Configuration
Guide for
information about setting up static and dynamic routing for policy-based
routing tables.
- If a route was found, verify that the route is marked active (has
the U flag). If the route is not active, see z/OS Communications Server: IP Configuration
Guide for
information about route states.
- If an active route is found, verify that the route table name
matches the route table name displayed on the Netstat ALL/-A report
for the connection. If it does not, continue to step 9. Otherwise, continue to step 5.
- Determine whether there is a gateway
identified for the route to the destination. If there is no gateway,
then the destination address is presumed to be directly connected.
In this case, proceed to step 6. If a gateway is identified for the route, use the Ping command
to confirm connectivity to the gateway.
- If the gateway responds to a Ping, then there is a network problem
at the gateway or beyond.
- If the gateway does not respond to a Ping, proceed to step 6.
- Determine which network interface is
associated with the route to the destination. If the network interface
operation has not been verified for this interface, verify it now.
See Steps for verifying network interface operation for more information.
- Use the DISPLAY TCPIP,,NETSTAT,ACCESS,NETWORK command to
determine whether network access control is enabled. If it is enabled,
see Steps for verifying network access for more information.
- Use the Netstat CONFIG/-f command to determine whether
IP security is enabled. If the output report field IpSecurity contains
the value Yes, then IP security is enabled. If it is enabled, see Steps for verifying IP security and defensive filter operation for information about how to verify
that IP security is correctly configured.
- See Documentation for the IBM Support Center to determine what problem documentation you need, and then
call the IBM® Support Center.