Tcp/Ipv6 Migration And Backout; Start Using Tcp/Ipv6; Reverting Back To Pre-Ipv6 Ssh2 Release - HP NonStop SSH 544701-014 Reference Manual

IP Mode
Similar to the FAMILY configuration of TCP/IP monitor process and subnets, the SSH2 process supports control over
the IP mode the SSH2 process is running in. A new SSH2 parameter IPMODE has been added.
The SSH2 parameter IPMODE allows restricting communication to IPv4 or IPv6 or allowing both types. The accepted
values for parameter IPMODE are:
•
IPV4 – allows IPv4 communication only (can be used when accessing a TCP/IP process running object TCPIP
or a TCPIP process running TCP6SAM/CIPSAM with a monitor process configured with FAMILY INET or
DUAL).
•
IPV6 – allows IPv6 communication only (can be used when accessing a TCP/IP process running object
TCP6SAM/CIPSAM with a monitor process configured with FAMILY INET6 or DUAL
•
DUAL – allows both IPv4 and IPv6 communication (can be used when accessing a TCP/IP process running
object TCP6SAM/CIPSAM with a monitor process configured with FAMILY INET, INET6 or DUAL).
Generally, an SSH2 process can only support a protocol family if the underlying TCP/IP process provides support for
that protocol family. If, for example, SSH2 is configured with IPMODE IPV4 and the TCP/IP process accessed by this
SSH2 process is configured with FAMILY INET6, then no communication is possible at all.

TCP/IPv6 Migration and Backout

Start Using TCP/IPv6

After the TCP/IP processes have been prepared for IPv6 support the SSH2 processes can be enabled for IPv6 by
restarting them with parameter IPMODE set to IPv6 or DUAL. The default for this parameter is value IPv4, i.e. the
SSH2 process does not automatically switch to IPv6. This is done because errors would occur when an SSH2 process
starts in IPMODE IPv6 or DUAL against a TCP/IP process not supporting IPv6. The object the TCP/IP process is
running may not support IPv6 at all ($SYSTEM.SYSnn.TCPIP) or the object may principally support IPv6 but is not
configured for IPv6.
As listed in section "Usage of IPv6
are updated either when sessions are established (USER field LAST-IP-ADDRESS, name field of KNOWNHOST and
PASSWORD entity, ADDRESSES field of KNOWNHOST record) or when the entities are modified via SSHCOM
commands (USER field CI-PROGRAM when configured with "TELNET <ip-address> <port>") and RESTRICTION-
PROFILE attributes).
It is recommended to make a copy of each RESTRICTION-PROFILE record before adding any IPv6 addresses/patterns
to any of the RESTRICTION-PROFILE records. This can easily be done using SSHCOM command ADD
RESTRICTION-PROFILE with LIKE option, e.g.:
ADD RESTRICTION-PROFILE ABC_copy, LIKE ABC
This step allows a simple way of backing out the IPv6 related changes, in case that is needed.
When multiple SSH2 processes access the same SSH database, then all SSH2 processes should run the same SSH2
object (i.e. either one that supports IPv6 or one that doesn't).

Reverting Back to Pre-IPv6 SSH2 Release

Due to database record versioning there is no change made in the SSH2 database by an SSH2 object with IPv6 support
that would cause problems when an SSH2 object without IPv6 support accesses this database. Therefore a backout of an
SSH2 IPv6 release to a pre-IPv6 SSH2 release does not represent a problem.
HP NonStop SSH Reference Manual
Addresses", various SSH database records can contain IPv6 addresses. These fields
Configuring and Running SSH2 • 125