Yes this issue occurs in most of the cases when you are upgrading ISAM VA.
Unfortunately most of the interfaces does not communicate or get unresponsive.
Sometimes there are even cases where ISAM users are deleted after applying fixpack but that is a different issue
It is recommended to LDAP and DB2 data backup before applying a update or a fix pack.
On ISAM it is better to take a VM Level Snapshot.
The ISAM VA provides an option for taking snapshot from the ISAM console but it only takes a snapshot of the ISAM configurations and if by any chance your users are deleted it is very hard to restore them back.
When configuring interfaces on an ISAM 8.0.0.x appliance, it is advisable to not
configure IP addresses which reside in the same subnet across multiple interfaces.
Request packets might arrive over a particular interface/IP address, but possibly be returned over a different interface/IP address. In certain environments this proves to be a problem because switches can reject response packets which are returned over a different IP address.
Configuring the same subnet on multiple interfaces will result in the routing table
containing duplicate routes, one for each interface.
This may be the problem if some interfaces seem to become unresponsive or when the packet trace seems to capture traffic only on one side.
There are a couple of ways to address this problem:
Recommended method:
The recommended way to rectify this problem is to configure different interfaces to
be in different subnets. For example, changing the P.1 interface to a different subnet such as 192.168.20.250 / 24 will create distinct routing table entries:
192.168.20.170 - 0.0.0.0 - 255.255.255.0 - P1
192.168.30.170 - 0.0.0.0 - 255.255.255.0 - M1
Alternate method:
Starting with ISAM 8.0.0.5, reverse proxy instances have the capability of listening
on all interfaces and need not be tied to a specific application interface. This means
it is no longer mandatory to configure application interfaces on the appliance.
Note:
This approach is not advisable if the ISAM appliance is being installed in the DMZ.
Since the management interface and any reverse proxy instances would be sharing
the same IP address, management services could possibly end up being exposed to
the public.
a. During configuration of a new reverse proxy instance, specifying 0.0.0.0 for
the IP address of the primary interface ensures that the new instance listens
on all the interfaces including the management interface M.1
b. For existing reverse proxy instances, the primary interface can be changed by
selecting the instance -> Edit and modifying the values on the first tab
'Server'.
Note:
When changing the network interface on which an existing reverse proxy
instance is listening, ensure that no other services are listening on the ports
specified under 'HTTPS Port' and 'HTTP Port'. Otherwise the reverse proxy
instance will fail to start.
By default, ports 80 ad 443 on the management interface are used by the
LMI. If a reverse proxy instance needs to listen on those ports you can
change the default port values used by the LMI using these advanced tuning
parameters:
For Reference:
http://www-01.ibm.com/support/docview.wss?uid=swg21691208
Unfortunately most of the interfaces does not communicate or get unresponsive.
Sometimes there are even cases where ISAM users are deleted after applying fixpack but that is a different issue
It is recommended to LDAP and DB2 data backup before applying a update or a fix pack.
On ISAM it is better to take a VM Level Snapshot.
The ISAM VA provides an option for taking snapshot from the ISAM console but it only takes a snapshot of the ISAM configurations and if by any chance your users are deleted it is very hard to restore them back.
When configuring interfaces on an ISAM 8.0.0.x appliance, it is advisable to not
configure IP addresses which reside in the same subnet across multiple interfaces.
Request packets might arrive over a particular interface/IP address, but possibly be returned over a different interface/IP address. In certain environments this proves to be a problem because switches can reject response packets which are returned over a different IP address.
Configuring the same subnet on multiple interfaces will result in the routing table
containing duplicate routes, one for each interface.
This may be the problem if some interfaces seem to become unresponsive or when the packet trace seems to capture traffic only on one side.
There are a couple of ways to address this problem:
Recommended method:
The recommended way to rectify this problem is to configure different interfaces to
be in different subnets. For example, changing the P.1 interface to a different subnet such as 192.168.20.250 / 24 will create distinct routing table entries:
192.168.20.170 - 0.0.0.0 - 255.255.255.0 - P1
192.168.30.170 - 0.0.0.0 - 255.255.255.0 - M1
Alternate method:
Starting with ISAM 8.0.0.5, reverse proxy instances have the capability of listening
on all interfaces and need not be tied to a specific application interface. This means
it is no longer mandatory to configure application interfaces on the appliance.
Note:
This approach is not advisable if the ISAM appliance is being installed in the DMZ.
Since the management interface and any reverse proxy instances would be sharing
the same IP address, management services could possibly end up being exposed to
the public.
a. During configuration of a new reverse proxy instance, specifying 0.0.0.0 for
the IP address of the primary interface ensures that the new instance listens
on all the interfaces including the management interface M.1
b. For existing reverse proxy instances, the primary interface can be changed by
selecting the instance -> Edit and modifying the values on the first tab
'Server'.
Note:
When changing the network interface on which an existing reverse proxy
instance is listening, ensure that no other services are listening on the ports
specified under 'HTTPS Port' and 'HTTP Port'. Otherwise the reverse proxy
instance will fail to start.
By default, ports 80 ad 443 on the management interface are used by the
LMI. If a reverse proxy instance needs to listen on those ports you can
change the default port values used by the LMI using these advanced tuning
parameters:
For Reference:
http://www-01.ibm.com/support/docview.wss?uid=swg21691208
