As the CiscoWorks Blue product family approaches end of life, Cisco Systems® will no longer market Systems Network Architecture (SNA)-specific network management applications. Customers that already license these products may continue to use them and receive support under the terms of the end-of-life announcements. This document addresses the various alternatives available for managing Cisco® routers in an IBM/SNA network, focusing on Data-Link Switching Plus (DLSw+), SNA Switching Services (SNASw), Cisco TN3270 Server, and Channel Interface Processor/Channel Port Adapter (CIP/CPA). These alternatives include using built-in Cisco IOS® Software commands, SNA management applications from IBM, and IP management applications from Cisco and other vendors.
CiscoWorks Blue Maps was a UNIX-based product that presented a logical view of the Advanced Peer-to-Peer Networking (APPN)/SNASw, Data-Link Switching (DLSw), and remote source-route bridging (RSRB). RSRB is obsolete, so no RSRB management replacement strategy will be discussed. An alternative for APPN is to use the IBM Tivoli NetView SNA Topology Manager feature for APPN networks. Another alternative is to use Cisco IOS Software show commands such as show snasw topology and show dlsw peers or to use the APPN and DLSw MIBs to retrieve this information. See "Cisco IOS Software Management Features," later in this document, for more details.
SNA View correlated SNA resources with the Cisco routers providing DLSw, APPN/SNASw, RSRB, and Cisco TN3270 Server routing for SNA sessions. It had a mainframe component to collect Virtual Telecommunications Access Method (VTAM) SNA information and send it to the UNIX program for correlation with router MIB data and display. In some cases this arrangement will not be difficult to replicate. To find out which SNASw router is providing physical unit (PU) and logical unit (LU) services via dependant LU requestor (DLUR), find the DLUR name on a VTAM PU display. A reasonable naming convention will provide the router name from that SNASw DLUR control point (CP) name.
The case of DLSw correlation is far more complicated. SNA View used a VTAM ISTEXCCS exit to catch Media Access Control (MAC) and Service Access Point (SAP) addresses of PUs connecting into VTAM and correlated them to DLSw circuits on the routers. VTAM has no user interface to display the MAC/SAP addresses, so a naming convention that associates PU names to their branch routers is most helpful. If such a naming convention is not in place, rely on a custom network diagram or table for network operations staff to use, along with a process to isolate the failure, such as checking the following:
• VTAM PU state-Reactivate PU or switched major node if needed.
• DLSw peer state between the host and PU side routers-If not active, try ping and traceroute between routers or other IP network management tools to help resolve IP network issues.
• DLSw circuit state and statistics-See the DLSw troubleshooting guide (referred to in the "DLSw" section) for help with circuit issues.
ISM is basically a router management application, operating on a mainframe under NetView, or until the final version, NetMaster. Many of its features are duplicates of CiscoWorks features on UNIX and Windows systems, so CiscoWorks is a viable replacement for most of ISM's features. See "CiscoWorks Solutions" later in this document for more details.
Customers that prefer to manage Cisco routers from the mainframe can still use the same native RUNCMDs that ISM uses to extract information from Cisco IOS Software. See "NetView" under "Products From IBM and Other Vendors" in this document for more details on configuring a service point on a router. The following is a sample NetView RUNCMD:
The CiscoWorks Routed WAN Management Solution includes access list management; performance measuring (with CiscoWorks Internetwork Performance Monitor); interface status (with CiscoWorks CiscoView); and inventory, configuration, SYSLOG message display, and software update management with Resource Management Essentials (RME). The CiscoWorks LAN Management Solution is another bundle to consider. It includes discovery of the Cisco network, topology views, and VLAN management, along with RME and CiscoWorks CiscoView.
IBM Tivoli NetView for Z/OS remains the ultimate network management product for SNA networks, for issuing VTAM commands to display SNA resources and view alerts, and so on. This document does not cover all of the NetView functions. Some components pertinent to this discussion include SNA Topology Manager, Tivoli Monitoring for Network Performance, and OMEGAMON.
Cisco devices can be managed by NetView with a service point configured on the router. It is a good idea to limit service points to core or data center routers because each service point is required to be a VTAM PU.
The basic format of the command is RUNCMD SP=routerpu,APPL=CONSOLE,show interface channel 1/0.
Substitute routerpu with the service point PU name known to VTAM and any valid SNASw command at the end. Note that the system services control points (SSCP)-PU session is a single pipe. When enable mode is entered on the router, any operator can use enable mode, not just the operator who entered the enable password.
Cisco IOS Software sends SNA alerts to NetView. There are two different mechanisms for getting the alerts to NetView: as Multiple Domain Support-Message Units (MDS-MUs) sent over an LU 6.2 session, or as Network Management Vector Transports (NMVTs) sent over an SSCP-PU session. Inside the MDS-MU or NMVT are the same alert major vector and appropriate alert subvectors.
SNASw uses MDS-MUs for the alerts it generates. NetView must be set up as the focal point (receiver) of alerts. The best and most common way is for NetView to acquire SNASw's network node (NN) server (VTAM) in its "sphere of control." NetView will automatically acquire its local VTAM. To acquire other VTAM NNs, issue the following NetView command:
FOCALPT CHANGE,FPCAT=ALERT,TARGET=vtamcpname
To verify that this command has been accepted, issue this NetView command:
FOCALPT DISPSOC,FPCAT=ALERT
When SNASw establishes CP-CP sessions with the VTAM NN server, VTAM will inform SNASw of the NetView alert focal point. SNASw will send its alerts over the CP-CP session, and VTAM will forward them on to NetView. This can be verified with the following Cisco IOS Software command and expected output:
#show snasw node | incl Alert
Alert focal point NETA.VTAM
If the output line has no name after Alert focal point, SNASw will not send its alerts. As an alternative to the above command, name the SNASw CP as the target of the FOCALPT CHANGE command to set up a direct session to NetView. Because this command creates an additional session, the first method, which names VTAM as the target, is recommended.
SNASw will in turn inform any of its own downstream end nodes (ENs) of the existence of the NetView focal point, so that those ENs may route their alerts through SNASw to be delivered to NetView.
Alerts generated by any other Cisco IOS Software component besides SNASw will send alerts as NMVTs over an SSCP-PU session. A service point must be configured on the router (see the "RUNCMD" section, earlier in this document). No configuration is needed on NetView; the alert will always be delivered on the SSCP-PU session. Verify the router configuration and status with the show sna command, verifying that the PU_STATUS is active.
SNA Topology Manager
The SNA Topology Manager (SNATAM) displays APPN and subarea networks graphically by retrieving data from VTAM and other supported agents (SNASw is not one) and storing data in its Resource Object Data Model (RODM) database. As a served end node to VTAM, SNASw will appear in SNATAM views, but devices downstream for SNASw will not unless they are directly managed. For more documentation on SNATAM, please see: http://publib.boulder.ibm.com/tividd/td/TNZOS/SC31-8868-00/en_US/PDF/envl5000.pdf
IBM Tivoli Monitoring for Network Performance and OMEGAMON
IBM Tivoli Monitoring for Network Performance (ITMNP) has new features for high performance routing (HPR) and HPR-IP protocol management, primarily by managing VTAM. Use SNASw show commands to see equivalent information on the router. See http://www-306.ibm.com/software/tivoli/products/monitor-net-performance for more information on ITMNP.
Because of the recent acquisition of the OMEGAMON products, IBM will be putting together a roadmap to position it with ITMNP. Check with IBM for the most current information on this roadmap.
As SNA networks evolve to IP, keep in mind the numerous management tools available to manage IP networks. Although very few of them are aware of SNA resources, many network problems may be viewed as pure IP problems. See "CiscoWorks Solutions," earlier in this document, for Cisco network management products. Other UNIX-based and Windows-based IP management products include Tivoli NetView and OpenView from Hewlett-Packard.
CISCO IOS SOFTWARE MANAGEMENT FEATURES
Rather than use the CiscoWorks Blue products, some customers use built-in Cisco IOS Software functions to monitor their router-based IBM/SNA networks. Most of these customers probably rely on show commands, but others use Simple Network Management Protocol (SNMP) MIBs for management. The show commands can be viewed via a Web interface by configuring ip http server on Cisco IOS Software to make the router Web accessible. The Cisco IOS Software capabilities will be grouped by protocol.
DLSw
The command show dlsw peers displays the peer connections to other DLSw routers. An active peer connection has state "CONNECT."
The command show dlsw circuits displays the DLSw circuits for this router. Usually there is one circuit per SNA session.
Use the detail keyword to list details about each peer or circuit, and optionally the output list can be qualified to get details about selected items. A complete list of dlsw show commands follows:
router#show dlsw ? capabilities Display DLSw capabilities information circuits Display DLSw circuit information fastcache Display DLSw fast cache for Fast-Sequenced Transport (FST) and direct local-circuit Display DLSw local circuits peers Display DLSw peer information reachability Display DLSw reachability information statistics Display DLSw statistical information transparent Display MAC address mappings
Cisco IOS Software supports DLSW-MIB (RFC 2024), which is located at http://www.ietf.org/rfc/rfc2024.txt. Also supported are peer and circuit up/down traps in a Cisco proprietary MIB CISCO-DLSW-EXT-MIB. Use the RFC standard MIB for queries, but listen for the cdeTrapTConnUpDown and cdeTrapCircuitUpDown traps from the Cisco extension. Note that Cisco IOS Software does not support any of the traps in the RFC standard. Configure snmp-server enable trap dlsw on the router to enable traps. It is optional to enable just circuit or tconn (peer connection) traps. Unless there is a real need to monitor all DLSw circuits, it is probably best to configure snmp-server enable trap dlsw tconn for peer connection traps only.
To keep track of DLSw peer connections via the MIB, a baseline of configured peers and their current status must be established first. Query dlswTConnOperState at any router with configured peers. Normally these will be at remote routers; data center (core) routers are often set up for peers to connect in freely, so any inactive connections will not show up in their dlswTConnOperTable. Listening for cdeTrapTConnUpDown traps will provide information about any peer state changes. Poll core routers are necessary as a backup in case any traps are lost, because that is not a guaranteed mechanism. Absence of a dlswTConnOperTable entry indicates that a remote peer connection has gone down. Poll remote routers only as needed to catch newly configured peers or to monitor remote-to-remote peer connections.
While DLSw circuits can also be tracked, it is probably more feasible to use NetView tools to monitor the SNA sessions carried over them.
For statistical and performance measuring, consider monitoring these MIB variables:
SNASw has many show commands, with the more commonly helpful ones in italics.
router#show snasw ?
class-of-service Show class of service information connection-network Show connection network information directory Show directory information dlctrace Show information from the dlctrace buffer dlus Show DLUS information ipstrace Show information from the ipstrace buffer link Show link information lu Show DLUR LU information mode Show mode information node Show local node information pdlog Show information from the pdlog buffer port Show port information pu Show DLUR PU information rtp Show HPR RTP connection information session Show session information statistics Show statistics summary-ipstrace Show information from the summary-ipstrace buffer topology Show topology database information
Note: The HPR and HPR-IP MIBs are not implemented.
The recommended configuration to enable the most useful APPN traps is snmp-server enable trap snasw cp-cp dlus link port.
The status of links, ports, connection networks, intermediate sessions, and DLUR-dependant LU server (DLUS) sessions in a SNASw router can be monitored. Pus can also be monitored, but those are more easily monitored from NetView, as are dependent LU sessions.
Begin by querying the APPN and DLUR MIBs for information. The following list is a reasonable start, though all variables may not be necessary, so look through the MIBs for other important variables.
Note: Identifiers such as link names and port names are retrieved from the index part of the returned MIB value and are not directly accessible objects.
As a branch network node, SNASw does not have a full copy of the APPN network topology database, and thus it does not implement the appnNnTopo tables.
After an initial collection of this MIB data, listen for the following APPN traps to detect resource state changes:
The Cisco TN3270 Server show commands start with show extended channel x/y tn3270, where x is the channel interface and y is the subinterface. The following table shows useful Cisco TN3270 Server router commands. In these examples, the Cisco TN3270 Server is running on the CIP or CPA card associated with channel interface 1/2.
Table 1. Cisco TN3270 Server Router Commands
Router Configuration Command Line
Description
show extended channel 1/2 tn3270-server
Display the Cisco TN3270 Server configuration parameters for the specified channel and the status of the PUs defined in the server.
show extended channel 1/2 tn3270-server pu PU-NAME
Display the specified channel's Cisco TN3270 Server PU configuration parameters and statistics and all the LUs currently attached to the specified PU-NAME.
show extended channel 1/2 tn3270-server nailed-ip IP-ADDRESS
For the specified channel and IP-ADDRESS, display mappings between a nailed client IP address and nailed LUs.
show extended channel 1/2 tn3270-server pu PU-NAME lu LU-NUMBER [history]
Display the status of the specified LU-NUMBER for the PU-NAME. For DLUR, this shows the link and logical form session identifier (LFSID). If the optional history command parameter is included, the last few transaction types and sizes are listed.
show extended channel 1/2 tn3270-server client-ip-address CLIENT-IP-ADDRESS
For the specified client IP address, display recent LUs used by that IP address.
show extended channel 1/2 tn3270-server dlur
Display information about the DLUR components. List all DLUR links.
To correlate Cisco TN3270 Server client IP addresses to PU and LU names, you must first retrieve the tn3270sIpPuIndex and tn3270sIpLuIndex from the CISCO-TN3270SERVER-MIBtn3270sIpTable using the client IP address as an index. (Finding the client IP address is platform specific; on Windows clients, run the command winipcfg or ipconfig.) Then go to the SNA-NAU-MIB to get the snaNodeOperName (PU name) using the tn3270sIpPuIndex as the index to the snaNodeOperTable. Likewise, get the snaLuOperName from the snaLuOperTable using tn3270sIpLuIndex as the index. Now the PU and LU information can be viewed on the NetView.
Although the Cisco TN3270 Server Design Guide refers to some products soon to be unavailable or no longer available, such as ISM and the
long-defunct TN3270 Monitor, it still has some excellent troubleshooting concepts in the Network Management chapter at http://www.cisco.com/univercd/cc/td/doc/cisintwk/dsgngde/tn3270/tndg_c4.htm. Substitute MIB queries or show commands to collect some of the information mentioned in that guide.
The most common command is show extended channel. It has the following options:
backup Backup groups cmgr Displays CMPC+ Connection Manager information cmpc CMPC device connection-map Connection map between protocol and CSNA csna CSNA device hsma Displays the HSMA information for the specified interface icmp-stack Internet Control Message Protocol (ICMP) statistics ip-stack IP statistics lan Internal LANs llc2 Show channel interface Logical Link Control (LLC) information max-llc2-sessions Maximum Logical Link Control, type 2 (LLC2) session statistics packing Common Link Access for Workstations (CLAW) packing device statistics Channel statistics subchannel Subchannel information tcp-connections TCP connection statistics tcp-stack TCP stack statistics tg CMPC transmission group tn3270-server Cisco TN3270 Server status udp-listeners User Datagram Protocol (UDP) listener statistics udp-stack UDP statistics
To check CIP CPU, direct memory access (DMA), channel, and memory usage, use the show controller cbus command. The corresponding command for the extended channel port adapter (XCPA) is show controller channel x/0. The command also displays hardware and software levels.
This information is also available from the cipCardTable and cipCardDaughterBoardTable tables in the CISCO-CHANNEL-MIB. ISM specifically queried the following variables: