When the connection is set up and data transferred without any errors, you can see the following entries in the log file:
Operation Without SNC
Thu Jun 14 16:08:04 2007 CONNECT FROM C9/ host 10.66.66.90/19114 (host1.company.corp) Thu Jun 14 16:08:04 2007 CONNECT TO S9/17 host 10.21.83.41/3299 (host2) Thu Jun 14 16:08:06 2007 ESTABLISHED S9/17 Thu Jun 14 16:21:06 2007 DISCONNECT C9/17 host 10.66.66.90/19114 (host1.company.corp) Thu Jun 14 14:28:40 2007 CONNECT FROM C19/ host 10.66.66.90/12127 (host1.company.corp) Thu Jun 14 14:28:40 2007 CONNECT TO S19/11 host 10.21.72.60/3299 (host3), *** NATIVE ROUTING *** Thu Jun 14 14:28:41 2007 ESTABLISHED S19/11 , *** NATIVE ROUTING *** Thu Jun 14 14:58:43 2007 DISCONNECT S19/11 host 10.21.72.60/3299 (host3), *** NATIVE ROUTING *** |
Operation with SNC
When using SNC for data communication between two SAProuters there are two different mechanisms for setting up the connection.
SNC Forwards Setup
With this mechanism, client-side SAProuter initiates the SNC connection/encryption. The SAProuter on the client-side has an entry of the type KT in the router permission table for the server-side SAProuter and therefore establishes the SNC connection. The SNC name is written to the 'CONNECT TO' log when the connection to the server-side SAProuter is established. The 'ESTABLISHED' log displays the recipient side of the SNC communication once the connection has been set up successfully.
Client Side
Thu Jun 14 17:13:22 2007 CONNECT FROM C9/ host 10.66.66.90/30888 (host1.company.corp) Thu Jun 14 17:13:25 2007 CONNECT TO S9/17 host 10.18.211.3/3299 (10.18.211.3) (p:CN=D039768, O=SAP-AG, C=DE) Thu Jun 14 17:13:25 2007 ESTABLISHED S9/17 (-/SNC) Thu Jun 14 17:19:12 2007 DISCONNECT C9/17 host 10.66.66.90/30888 (host1.company.corp) |
Server Side
Thu Jun 14 17:13:22 2007 CONNECT FROM C9/- host 10.18.211.3/1150 (host2) Thu Jun 14 17:13:25 2007 CONNECT TO S9/17 host 10.66.66.91/3253 (binmain) Thu Jun 14 17:13:25 2007 ESTABLISHED S9/17 (SNC/-) Thu Jun 14 17:19:12 2007 DISCONNECT C9/17 host 10.18.211.3/1150 (host2) |
SNC Backwards Setup
The server-side SAProuter can also initiate SNC. This is what happens if the incoming connection from the client-side SAProuter does not use SNC (see above) but the server-side SAProuter requires it due to the relevant entries in the route permission table. In this scenario, the SNC handshake is triggered by the server-side SAProuter later on. This means that there is no SNC name in the 'CONNECT TO' entry in the log on the client side.
Client Side
Thu Jun 14 16:55:21 2007 CONNECT FROM C9/- host 10.18.211.3/1065 (host2) Thu Jun 14 16:55:21 2007 CONNECT TO S9/17 host 10.18.211.3/3299 (10.18.211.3) Thu Jun 14 16:55:21 2007 ESTABLISHED S9/17 (-/SNC) Thu Jun 14 16:56:42 2007 DISCONNECT S9/17 host 10.18.211.3/3299 (10.18.211.3) |
Server Side
Thu Jun 14 16:55:21 2007 CONNECT FROM C9/- host 10.18.211.3/1066 (host2)
Thu Jun 14 16:55:21 2007 CONNECT TO S9/17 host 10.66.66.91/sapdp53 (host4.company.corp)
Thu Jun 14 16:55:21 2007 ESTABLISHED S9/17 (SNC/-)
Thu Jun 14 16:56:42 2007 DISCONNECT S9/17 host 10.66.66.91/3253 (host4.company.corp)