a000 system z networking

yourdotcomibm.comInternational Technical Support Organization and Authoring Services

2009 IBM Corporation

www.ibm.com/redbooks

System z and z/OS Networking 2009

Enterprise Networking Solutions, RTP, Raleigh, NC, USA

yourdotcomibm.com


International Technical Support Organization and Authoring Services

IBM ITSO - International Technical Support OrganizationPage 1

Notices

This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A.The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.

COPYRIGHT LICENSE:This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programminginterface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs.

Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

yourdotcomibm.com




Trademarks, notices, and disclaimers

The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States or other countries or both:

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both.UNIX is a registered trademark of The Open Group in the United States and other countries.Linux is a trademark of Linus Torvalds in the United States, other countries, or both.Red Hat is a trademark of Red Hat, Inc. SUSE LINUX Professional 9.2 from Novell Other company, product, or service names may be trademarks or service marks of others.This information is for planning purposes only. The information herein is subject to change before the products described become generally available.Disclaimer: All statements regarding IBM future direction or intent, including current product plans, are subject to change or withdrawal without notice and represent goals and objectives only. All information is provided for informational purposes only, on an as is basis, without warranty of any kind.

Advanced Peer-to-Peer NetworkingAIXalphaWorksAnyNetAS/400BladeCenterCandleCICSDB2 ConnectDB2DRDAe-business on demande-business (logo)e business(logo)ESCONFICON

GDDMHiperSocketsHPR Channel ConnectivityHyperSwapi5/OS (logo)i5/OSIBM (logo)IBMIMSIP PrintWayIPDSiSeriesLANDPLanguage EnvironmentMQSeriesMVSNetView

OMEGAMONOpen PowerOpenPowerOperating System/2Operating System/400OS/2OS/390OS/400Parallel SysplexPR/SMpSeriesRACFRational SuiteRationalRedbooksRedbooks (logo)Sysplex Timer

System i5System p5System xSystem zSystem z9Tivoli (logo)TivoliVTAMWebSpherexSeriesz9zSeriesz/Architecturez/OSz/VMz/VSE

Refer to www.ibm.com/legal/us for further legal information.

All performance data contained in this publication was obtained in the specific operating environment and under the conditions described and is presented as an illustration. Performance obtained in other operating environments may vary and customers should conduct their own testing.

yourdotcomibm.com




TrademarksThe following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both:

The following terms are trademarks of other companies:Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries.Linux is a trademark of Linus Torvalds in the United States, other countries, or both.Other company, product, or service names may be trademarks or service marks of others.

IBM has two registered trademarks for the branding of ITSO publications. These registered marks are for the text word "IBM Redbooks" and the Redbooks logo. In a nutshell,the term Redbooks must always be used in the plural form (for both text and logo) since IBM only owns the registered mark for the plural form. Usage must follow the guidelines below:

Using the term Redbooks in written textRedbooks are only to be referred to in the plural form, NEVER in the singular.For the initial reference (first occurrence), you must use "IBM Redbooks" and include "IBM" as well as the . For instances thereafter you may use "Redbooks" without "IBM" preceding the word or following it.

Correct usage for written text :In this IBM Redbooks publication we will explore..( symbol required for 1st usage) This Redbooks publication will show you..(2nd usage or later - no or "IBM" needed)

Using the logo:

OTHER ITSO PUBLICATIONS - Marks not yet registeredTrademark registration is a lengthy process and until we are officially registered, we cannot use the symbol. For those terms/logos in process, we will be using the symbol. In contrast to the symbol (placed in the lower right hand corner), the symbol is placed in the upper right hand corner. Please see examples below:

Redpaper Redpapers Redwiki Redwikis

Redbooks (logo)

TM

yourdotcomibm.com




Agenda

Workshop introduction z/OS V1R11 Communications Server

Application integration, data consolidation, and standards

Availability and business resilience Scalability, performance, constraint relief, and

accelerators Networking security Simplification and ease-of-use SNA and Enterprise Extender Virtualization Systems management and monitoring

What does Web services mean to your z/OS networking environment

Next generation Internet: IPv6 Roadmap for SNA modernization Trends and direction

Disclaimer: All statements regarding IBM future direction or intent, including current product plans, are subject to change or withdrawal without notice and represent goals and objectives only. All information is provided for informational purposes only, on an as is basis, without warranty of any kind.

yourdotcomibm.com




Some practical information before we start

Questions are welcome all the time.

Please put phones into buzzer, vibrate, or whatever non-noisy mode they support.

We will take frequent

breaks for coffee, tea,

lunch, or other personal needs.

Anything that says BEEP, BOINK, DING-DONG, or plays Beethoven's Ninth

A certain level of familiarity with both SNA and TCP/IP networking technologies in general and on z/OS specifically is assumed.

This is a technical update workshop.

However the content has been designed so both the experienced and not so experienced participant is expected to acquire useful new

knowledge and skills.

yourdotcomibm.com




z/OS networking what are the current focus areas?

WAS

IMSCICS

DB2

MQ

TSO

SNA and TCP/IP

TN3270FTP

OSA

"The services are in the cloud"

Traditional workload coexisting peacefully with SOA workload

IPv4

IPv6

SNA

IPv6+IPv4 API

IPv4-only API SNA API

Full end-to-end

security

Simplification and consumabilityGUI-based z/OS CS configurationBroaden scope of CS Config AssistantImprovements in time to value of Policy Agent

Availability and business resilienceSysplex-wide IP workload managementSysplex-wide single system image for both SNA and IP workload

Scalability, Performance, Constraint relief and Accelerators

Release to release price/performance improvementsReduce latency and increase throughput for network IO (OSA using Queued Direct IO)DataPower System z integration improvementsExploit newest System z network adapters (OSA)

Application integration, data consolidation, and standardsIPv6 compliance (DoD, NIST, IPv6-forum)Extend support for SOA workload on z/OS: WAS, IMS, CICS, DB2Continue to support traditional workload on z/OS: TN3270, SNA, IMS, CICS, DB2, MQ, TSO, NetView, etc.

SecurityContinue to provide transparent networking security technologies (IPSec, SSL/TLS, Intrusion Detection, IP filtering, etc.)Continue to focus on true end-to-end securityEnable customers to meet security compliance requirements (FIPS,PCI, DoD, NIST, etc.)Enable z/OS to be the enterprise-wide network security services hub

Virtualization, dynamic infrastructure, and Cloud computingExtend Virtual LAN support and OSA adapter sharing capabilitiesVirtual server clusters through the Dynamic Virtual IP Address (DVIPA) technologies

Systems management and monitoringEnable network management products by providing open interfaces to pertinent z/OS CS functions and data

SNA and Enterprise ExtenderKeep SNA operational for as long as our customers need itContinue to support both an APPN/EE and a CCL/NCP based SNA infrastructure modernization strategy

Multi-network protocol support

yourdotcomibm.com




z/OS Communications Server Redbooks

IBM Communications Server for z/OS V1R10 TCP/IP Implementation Volume 1: Base Functions, Connectivity, and Routing - SG24-7696

http://www.redbooks.ibm.com/redpieces/abstracts/sg247696.html?Open

IBM Communications Server for z/OS V1R10 TCP/IP Implementation: Volume 2: Standard Applications - SG24-7697


IBM Communications Server for z/OS V1R10 TCP/IP Implementation Volume 3: High Availability, Scalability, and Performance - SG24-7698


IBM Communications Server for z/OS V1R10 TCP/IP Implementation Volume 4: Security and Policy-Based Networking - SG24-7699


z/OS V1R11 versions of these three Redbooks will be made available later this year or early 2010:

Volume 1: SG24-7798, Volume 2: SG24-7799, Volume 3: SG24-7800, and Volume 4: SG24-7801.

Search on http://www.ibm.com/redbooks

yourdotcomibm.com




z/OS Communications Server homepage: http://www.ibm.com/software/network/commserver/zos

yourdotcomibm.com




For more information

URL Content

http://www.twitter.com/IBM_Commserver IBM Communications Server Twitter Feed

http://www.facebook.com/IBMCommserver IBM Communications Server Facebook Fan Page

http://www.ibm.com/systems/z/ IBM System z in general

http://www.ibm.com/systems/z/hardware/networking/ IBM Mainframe System z networking

http://www.ibm.com/software/network/commserver/ IBM Software Communications Server products

http://www.ibm.com/software/network/commserver/zos/ IBM z/OS Communications Server

http://www.ibm.com/software/network/commserver/z_lin/ IBM Communications Server for Linux on System z

http://www.ibm.com/software/network/ccl/ IBM Communication Controller for Linux on System z

http://www.ibm.com/software/network/commserver/library/ IBM Communications Server library

http://www.redbooks.ibm.com ITSO Redbooks

http://www.ibm.com/software/network/commserver/zos/support/ IBM z/OS Communications Server technical Support including TechNotes from service

http://www.ibm.com/support/techdocs/atsmastr.nsf/Web/TechDocs Technical support documentation from Washington Systems Center (techdocs, flashes, presentations, white papers, etc.)

http://www.rfc-editor.org/rfcsearch.html Request For Comments (RFC)

http://www.ibm.com/systems/z/os/zos/bkserv/ IBM z/OS Internet library PDF files of all z/OS manuals including Communications Server

For pleasant reading .

yourdotcomibm.com




Agenda

9 Workshop introduction z/OS V1R11 Communications Server







yourdotcomibm.com




z/OS Communications Server architectural overview

SNA API layerAF_INET

PFS

UNIX LFS Layer

SNA Subarea

SNA APPN w. ISR and

HPR

APPN/HPR over IP (EE)

AF_INET6 PFS

SNA TCP/UDP/RAW

IPv4 IPv6

System z channel

protocolsOSA QDIO protocols

OSA LSA protocols

OSA OSN protocols

OSA LCS protocols

Hiper- Sockets iQDIO

protocols

XCF protocols

OSA-E2 and OSA-E3 (to CCL in same-CEC System z)

ESCON and Fiber Channel

All levels of OSA

Coupling Facility (CF) links

OSA-E, OSA-E2, and OSA-E3 incl. VLAN support (up to 10 Gb)

Hiper Sockets

All levels of OSA

SNA SNA SNA, IPv4, IPv6 SNA, IPv4, IPv6 IPv4, IPv6 IPv4, IPv6 IPv4

Communications Storage Manager

TN3270 Services (Sysplex-enabled)

Customer-written SNA and TCP/IP applications + IBM and OEM middleware using SNA and/or TCP/IP for network communications

Record API, APPC, CPI-C BSD Sockets, Callable Sockets, ONC RPC, X-Windows, XTI, SNMP DPI, etc.

Policy-based networking technologies (QoS, PBR, IDS, ATTLS, IPSec)

zMF-based GUI configuration of policies

Network workload management technologies

Sysplex Distributor, Load Balancing Advisor, SNA generic resources

Dual TCP/IP stack in support of both IPv4 and IPv6

Transparent network security services (ATTLS, IPSec VPNs, IDS)Standard TCP/IP application suite (TN3270, FTP, SMTP, SNTP, etc.)IP system services (SNMPv3, OSPFv3, DNS, etc.)z/OS Sysplex-specific support for HA (Dynamic VIPA technologies)

Legacy SNA supportSNA subarea and SNA APPNSNA over TCP/IP (Enterprise Extender)

Hardware device drivers for network interfaces (OSA QDIO, HiperSockets, XCF, MPC+, etc.)

SNA and TCP/IP programming interfacesGeneric APIsSystems management APIs

yourdotcomibm.com




Where does the z/OS Communications Server content come from?

Direct Customer and Vendor

FITS requirements

Customer Advocate Program (CAP)

SHARE

GuideShare Europe (GSE)

System z Expo

zBLC

z/OS Communications Server Beta programs

ISV Technical Disclosure Meeting

Standards Bodies Demands

Approx 50 of the 100 IETF working groups alter Internet protocols

TCP/IP, APIs, TN3270, FTP, DNS, SNMP, IPSec,

System z Platform Compatibility issues (Certifications)

IBM STG Hardware and z/OS Demands

Mandatory changes due to z/OS changes

Currently 10 network technologies on six generations of hardware

External Network ConnectivityOSA iQDIO, QDIO, XCF, MPC, LSA, CDLC

Internal Network ConnectivityHiperSockets, VSWITCH, z/VM Guest LAN (2 modes)

IBM SWG

Platform Competitiveness Items Business Resiliency, Security,

Price/Performance Enhancements

Subsystem Demands

Architecture Boards

SOA Enablement

Common Components/Share Services

z/OS Communications Server does not

control the priorities here

z/OS CS

yourdotcomibm.com




z/OS V1R11 Communications Server release themes

DB2 CICS

IMS WAS

Tvoli

z/OS CS

Simplification and Consumability

Availability and Business Resilience

Difficult-to-use systems and limited skills

High cost of outages

Scalability, Performance, Constraint Relief and Accelerators

Application Integration, Data Consolidation, and Standards

SecurityVirtualization

System Management and Monitoring

SNA and EE

Increased interoperability and standards

compliance Increased security requirements

Pressure of price/performance

on distributed platforms

Ability to respond to workload growth

and spikes

Ability to respond to workload

growth and spikes

Difficult-to-use systems and limited skills

Adapt to new workloads

while maintaining

legacy workload

Business Scenario:

z/OS customers need a secure, resilient system that is easy to use, is able to adapt to growing workloads, and supports existing and new applications.

These needs lead to issues (pain, problems, and so on) that are addressed through the release themes

yourdotcomibm.com




Agenda

9 Workshop introduction9 z/OS V1R11 Communications Server







yourdotcomibm.com





9New SMTP client for sending Internet mail 9 FTP access to z/OS UNIX named pipes9 FTP large-volume access9 FTP passive mode enhancements9 CICS sockets enhancements9 Customizable pre-logon banner for otelnetd9 Remote execution server enhancements9 TN3270 support of TSO logon reconnect 9 IPv6 stateless address auto-configuration enhancements2 New API to obtain IPv4 network interface MTU9 RFC 5095 deprecation of IPv6 type 0 route header

yourdotcomibm.com




Existing SMTPD (SMTP/NJE gateway)

The SMTP server (SMTPD) mail gateway provides important mail services for business applications on z/OS

Heavily used for sending mail from MVS batch and TSO to internet destinations

SMTPD reads JES spool data sets created from batch jobs and TSO users locally and from NJE network

Acts as SMTP MTA, does not use the system resolver and can resolve individual recipient addresses to deliver mail to their destinations

Acts as listening MTA server, accepting mail and sending to the next hop or delivers to local or NJE users

yourdotcomibm.com




SMTPD is showing its age

Many requirements from customers need to be addressed Uses older RFC 821 and RFC 822, when newer RFCs are

available

AT-TLS for TLS/SSL is not supported IPv6 is not supported Performance and DASD problems:

Single threaded Fully capable MTA role

Resolves recipient with an attempt to deliver each note (with required retry attempts with a minimum of 1 day) causes heavy I/O use

Stores each mail read from spool to DASD

Sendmail has not been very popular among z/OS installations

Perceived as being too complex for the purpose of just mailing from z/OS

SMTPD continues to be supported on z/OS For those customers who may have a need to continue to receive mail into TSO

yourdotcomibm.com




CSSMTP - New SMTP client for sending Internet mail

Allows existing users of SMTPD that use forwarder feature to migrate easily Uses newer mail standards and additional message size

and security RFCs Improves performance and storage management issues

with SMTPD when forwarding mail Improved usability features

Allows multiple JES spool processing threads and concurrent IP connection threads

Supports both IPv4 and IPv6 addresses

Logging

Displays, Configuration

changes

yourdotcomibm.com




JES Node3

spool

JES network

CSSMTP

1.Read 2. process 3. Forward

Target Server Destination 3 (Sendmail daemon 8.12.1)

Target Server Destination 1

Target ServerDestination 2

Final Destination

(Not Required)

JES Node1

JES Node2z/OS

Internet

CSSMTP: Read and forward mail messages from JES spool data set

yourdotcomibm.com




z/OS Application

TSO user IMAP, POP, (E)SMTP protocols

CSSMTP (an SMTP client)

SMTPD (an MTA)

MTA

JES spool

Write to SYSOUT

z/OS UNIX shell user

z/OS Sendmail(an MTA)

non-z/OS user using z/OS Sendmail as the target server

z/OS

(E)SMTP protocols

(E)SMTP protocol

SMTP protocol

(E)SMTP protocol

MTA

SMTP network

NJE network

z/OSz/VSE

z/VM

TIP: All z/OS mailers can be run concurrently

MTA

CSSMTP, SMTPD and Sendmail can all run on z/OS simultaneously

yourdotcomibm.com




Configuring CSSMTP configuration file

CONFIG DD in started procedure is name of PDS(E), an MVS sequential data set or z/OS UNIX file

Sample configuration file is located in SEZAINST(CSSMTPCF)

CSSMTP will fail initialization if no configuration file is found

TargetServer statement is the only required configuration statement

yourdotcomibm.com




Configuring TargetServer statement

Use to configure target servers and their connection attributes

Target servers are used for sending mail messages

Use either parameters 1) or 2) to define target servers

TargetIP, TargetName (or both)

TargetMx

Multiple TargetServer statements can be used for TargetIP, TargetName or both

TargetIP defines a single configured IP address, TargetName or TargetMx resolves to one or more IP addresses each representing a target server

Up to fourtarget serverswill be used

yourdotcomibm.com




Configuring mail error handling

RetryLimit statement Retry count and interval time when attempting to

resend mail messages that are not immediately deliverable

Undeliverable statement Method to use for handling undeliverable mail

messages and whether to create an undeliverable mail notification

Report statement Use to set the action required for error reporting on

JES spool files

MailAdministrator Statement Defines an e-mail address to receive error reports

yourdotcomibm.com




Starting and stopping CSSMTP

Start CSSMTP as a z/OS started procedure Sample in SEZAINST(CSSMTP) - you should start and stop

from operator console start jobname or stop jobname

Start options: -p or P tcpipJobName

Use in common INET environment to choose a specific TCPIP stack -f or F

Use to perform a cold start and flush any checkpoint records from previous execution

Must run under a SAF user ID with an associated OMVS segment

UID zero is not required

Must reside in an APF-authorized library

yourdotcomibm.com




Display CSSMTP targets

How to follow mail progress using the display targets command:

F CSSMTP,D,TARGET EZD1831I CSSMTP TARGETS:GLOBAL INFORMATION: MAIL SENT : 1562 TOTAL RETRY : 15 DEADLETTER: 0 CURRENT RETRY: 0 UNDELIVER : 0

TARGET SERVER 2000:197:2:107::1 STATE : ACTIVE ESMTP : YES MESSAGE SIZE : 0 STARTTLS : NO MAIL ATTEMPTS: 493 MAIL SENT : 438 CONNECT FAIL : 0

TARGET SERVER 197.11.108.1 STATE : ACTIVE ESMTP : NO MESSAGE SIZE : 524288 STARTTLS : NO MAIL ATTEMPTS: 350 MAIL SENT : 350 CONNECT FAIL : 0

yourdotcomibm.com




The logic of trying to send a mail message

MSG1

MSG2

JES IO Try

Initial send

Yes

Long retry

Try to send

OK?

Yes

Retry exceeded?

Yes

No

No

NoNo

MSG1 Done

Try to send undeliverable mail

notification

Yes

OK?

Write to dead letter queue

Perma-nent

error?

Yes

No

Governed by RetryLimit stmt options

Governed by Undeliverable stmt options

Returnto-mailFrom?

Yes

No

MSG1 Done

MSG1 Done

MSG1 Done

Yes

MSG1 Done

JES Spool

OK?

The normal

loop!

yourdotcomibm.com




Migrating an SMTP/NJE setup to CSSMTP - example

Is your current SMTP/NJE server configured as a simple mail forwarder?

IPMAILERADDRESS a.b.c.d

RESOLVERUSAGE NO

Then create a CSSMTP configuration file with the same mail server address:

TargetIP a.b.c.d or

TargetName host.xyz.com

Set the ExtWrtName to what you used for your old SMTP/NJE server

ExtWrtName writername

RetryLimit{

Count 5 # number of times the CSSMTP # application will attempt to esend

Interval 1 # amount of time in minutes, the # CSSMTP application will wait each # time before attempting to resend

} TargetServer{

TargetName d03nm118.boulder.ibm.com ConnectPort 25 # port to connect to target server ConnectLimit 5 # limit the number of concurrent

# connections to the target server MaxMsgSent 0 # when to take down a connection to

# a target server and reconnectMessageSize 524288 # size for non-ESMTP target servers Secure No # no Transport Layer Security

} Timeout { AnyCmd 300 # waits for response on any other SMTP command ConnectRetry 120 # waits before trying again to connect DataBlock 180 # waits for the TCP send call to complete

# while transferring a block of data DATACmd 120 # waits for response on DATA command DataTerm 600 # waits for response from the final period

# terminating the message data InitialMsg 300 # waits for initial resposne after the

# connection is established MAILCmd 300 # waits for response on MAIL command RCPTCmd 300 # waits for response on RCPT command

} Translate ibm-1047 Undeliverable { DeadLetterAction Store # Store or Delete DeadLetterDirectory /var/dl # z/OS UNIX file system fully

# qualified directory name to reate# the dead letter mail messages

ReturnToMailFrom Yes # Yes or No } UserExit None # None, Version2 or Version3

BadSpoolDisp Hold # Hold or Delete ChkPointSizeLimit 64000 # number of concurrent mail that

# will have checkpoint information ExtWrtName SMTPCS2 # the external writer name JESJobSize 0 # Thousands (no max specified) JESMsgSize 0 # Thousands (no max specified) LogLevel 32 # Error and various events MailAdministrator [email protected] Sysout # Admin, None, Sysout

yourdotcomibm.com




FTP access to UNIX named pipes (also known as FIFOs)

z/OS FTP Server

DB2 batch load utilities

Distributed FTP Client

Distributed data

Temporary intermediate file on z/OS(store and forward)

DB2

Distributed data

DB2

z/OS FTP Server

DB2 batch load utilities

Distributed FTP Client

z/OS UNIX pipe between z/OS FTP server and DB2 batch load utilities

An un-broken pipe from the distributed data to DB2

Example based on DB2 batch load utility

Helps save total processing time when pre/post processing is needed for files transferred from/into z/OS

Support available in both the z/OS FTP client and server

FTP can be either the reading end or the writing end of the pipe

PTFs for prior releases APAR PK71213 provides z/OS FTP

server support z/OS V1R8, V1R9, and V1R10

The SAP on DB2 for z/OS Unicode FASTLOAD conversion utility exploits named pipes

yourdotcomibm.com




Overview of z/OS FTP UNIX pipe support

The sample commands will allow all components up to 60 seconds to open the FIFO end points for read or write.

You can extend that if need be

When all three pipes (/var/appafifo, the FTP data TCP connection, and /var/appbfifo) have been successfully opened, transfer can begin

When Application A writes a byte onto /var/appafifo, it will within a very short period of time (milliseconds) arrive at Application B as data to be read over the /var/appbfifo

An unbroken pipe between Application A and Application B with no store-and-forward in between

LOCSITE UNIXFILETYPE=FIFOLOCSITE FIFOOPENTIME=60LOCSITE FIFOIOTIME=20SITE UNIXFILETYPE=FIFOSITE FIFOOPENTIME=60SITE FIFOIOTIME=20PUT /VAR/APPAFIFO /VAR/APPBFIFO

/VAR/APPAFIFO

FTP ServerFTP Client Application BApplication A

/VAR/APPBFIFOFTP DATA Connection

Write

Read

WriteWrite

Read Read

New client and server FTP.DATA options, LOCSITE, and SITE commands.

yourdotcomibm.com




z/OS FTPs journey to extended address volumes

z/OS V1R10 DFSMS added support for VSAM data sets in Extended Addressing Space (EAS)

FTP doesnt support VSAM data set, so no impact

z/OS V1R11 DFSMS adds support for extended format sequential data sets eligible to reside in the

EAS

FTP adds support for reading/writing to/from existing EAS data sets, but not creating them (toleration mode)

FTP to understand Format-8 DSCBs FTP to use TRKADDR for track calculations FTP qdisk option for SITE/LOCSITE output format will change to (sample)

ftp> quote site qdisk200- Percent Free Free Largest Free200- Volume Free Cyls Trks Cyls-Trks Exts Use Attr200- CPDLB3 45 1507 108 1440 2 22 Storage200- CPDLB0 44 80486 156 461 0 25 Storage200- CPDLB1 99 66619 5 65362 5 3 Storage200 SITE command was acceptedftp>

3390-9 3390-9

3GB3,339 cyl

9GB10,017 cyl

27GB32,760 cyl

54GB65,520 cyl

3390-3 3390-9

29 MB~300 cyl

2314-1

101MB404 cyl

317MB555 cyl

33503330-1

3390-AEAV

CCHHRCatalogs

PagespaceKEYRANGE or

IMBED

All Data Set Types

VSAM Data Sets 21-cylinder

allocation units Extended Format

Data Sets etc.

E

A

S

Architectural Limit:100s of TB*

223GB*262,668 cyl

yourdotcomibm.com




FTP extended passive mode (even when servers dont know what it is)

Extended passive mode FTP transfer solves a set of problems with FTP through NAT firewalls

But not all FTP servers support extended passive mode

New z/OS FTP client support emulates extended passive mode behavior even when remote FTP server does not support EPSV

Private IP address 10.1.1.1

Private IP address 192.168.1.1

Translate private address 10.1.1.1 to external address

1.1.1.1

Translate private address 192.168.1.1 to

external address 2.2.2.2

Company A intranet

Company B intranet

Internet / public net

src=10.1.1.1 dest=2.2.2.2 src=1.1.1.1 dest=2.2.2.2 src=1.1.1.1 dest=192.168.1.1ftp 2.2.2.2

src=2.2.2.2 dest=10.1.1.1 src=2.2.2.2 dest=1.1.1.1 src=192.168.1.1 dest=1.1.1.1

PASV

227 Entering Passive Mode (192.168.1.1, 60001)Ignore 192.168.1.1 in 227

reply - connect back to 2.2.2.2 port 60001 src=10.1.1.1 dest=2.2.2.2 src=1.1.1.1 dest=2.2.2.2 src=1.1.1.1 dest=192.168.1.1

z/OS FTP

client

non-z/OS FTP server that does

not support EPSV

yourdotcomibm.com




CICS Sockets enhancements in z/OS V1R11

About 75% of z/OS customers use CICS Sockets Of those, around 40% have enabled CICS Sockets in an Open Transaction Environment (OTE)

Most run heavy workloads over 300 transactions per second

Rebased CICS Sockets on latest CICS TS release CICS TS 4.1 Compatible with earlier CICS TS releases

Except when Open Transaction Environment (OTE) is used with TCBLIM > zero Various internal structural changes to use relative branching technologies

CICS TS 4.1 OTE support for CICS Sockets with TCBLIM > zero OTE uses CICS open TCBs (L8 TCBs)

TCBLIM is a CICS Sockets configuration option Allows to limit the number of L8 TCBs

CICS Sockets may use (out of CICSsMAXOPENTCBS total limit on L8 TCBs)

If TCBLIM is defined with a value greater thanzero on a CICS TS 4.1 system, then one of thefollowing requirements must be met:

z/OS V1R11 is OK as-is z/OS V1R10 + APAR PK85446 z/OS V1R9 + APAR PK85446

LST1

LST2

TRNA

EZAO

EZAC

PLTx

Pool of reusable socket subtasks or OTE threads

TCP/IPStack

TRUE

Conf.file

CICS TS Region

yourdotcomibm.com




OtelnetD support for both pre-login and post-login banners

Post login banner has been supported all the time /etc/banner

Pre login banner added in this release: /etc/otelnetd.banner

Display of both banners can be suppressed via a -h OtelnetD start option in the inetd configuration file

#======================================================================# service | socket | protocol | wait/ | user | server | server program# name | type | | nowait| | program | arguments #======================================================================# otelnet stream tcp nowait bpxroot /usr/sbin/otelnetd otelnetd m

/etc/banner* * Welcome to the UNIX telnet server on* mvs098o.tcp.raleigh.ibm.com. * You are now logged in. *

/etc/otelnetd.banner* * This system is to be used for * management approved purposes only. *

You would add a h flag here if you wanted to suppress display of the banners.

yourdotcomibm.com




Sample logon to OtelnetD using both banners

yourdotcomibm.com




Improved REXECD remote job management

REXECD more aggressively cleans up internal job table entries for purged or stalled jobs

Helps when REXECD is started with PURGE=N

Maximum of 9999 jobs can be active

New messages written to console when REXECD detects there are too many jobs

EZA4434I rexecd: Number of available jobnumbers is being depleted

EZA4435E rexecd: Number of available jobs is depleted

Issued when 85% of

available jobs used

No jobs can be started

yourdotcomibm.com




Improved TSO LOGON reconnect processing through TN3270

TN3270 Server

USERxxxx TSO ASSLU LUX

PLU TSOA001

TCP connection SNA session

LOSTERM exit

TSO Reconnect Possible Single session

Multiple sessions

NATedconnecti-vity

TKOGENLU[RECON] 3CheckClientConn 3 3TKOSPECLU[RECON] 3 3 3TSO LOGONHERE 3 3 3TIMEMARK/SCANINTERVAL 3 3 3

Combined effort by TSO and CS development

New LOGONHERE option in IKJTSOxx member to enable new support LOGONHERE(ON) - default LOGONHERE(OFF)

Enables reconnecting TSO user from a new SNA session

Helps further reduce number of USERID already in use errors

Make sure you dont have a RECONLIM=0 in your TSOKEY00 member

If old SNA session exists, when user attempts reconnect, disconnect old SNA session and proceed with TSO logon reconnect.

yourdotcomibm.com




TSO reconnect example

15

4

32

yourdotcomibm.com




IPv6 development status on z/OS Communications Server status per z/OS V1R11 z/OS V1R4

Stack support for IPv6 base functions - (APIs, Protocol layers)

Resolver High speed attach (OSA Express QDIO)) Service tools (Trace, Dump, and so on.) Configuration and netstat, ping, traceroute, SMF Static Routing FTP, otelnetd,unix rexec, unix rshd/rexecd

z/OS V1R5 Network Management Applications and DPI Version-neutral Tcp/Ip Standard MIBs Additional SMF records Applications/Clients/APIs TN3270 server, CICS sockets, sendmail,ntp,dcas,

rxserve,rsh client Enterprise Extender Point to Point - type DLCS Dynamic Routing Protocol w/ OMPROUTE (RIPng)

z/OS V1R6 Sysplex Exploitation (Dynamic VIPA, Sysplex

Distributor functions) Dynamic Routing Protocol w/ OMPROUTE (OSPFv3) Additional Network Management MIBs

z/OS V1R7 SNMP UDP standard MIB (RFC2013) and

IBM MVS TCP/IP Enterprise-specific MIB for UDP

Advanced Socket API support - RFC3542 IPv6 Two Default Routers - required for IPv6

compliance IPv6 over HiperSockets

z/OS V1R8 Integrated filtering and IPSec

for IPv6 RPCBIND Server

z/OS V1R9 RFC currency Scoped IPv6 architecture APIs After z/OS V1R9 Extended Stats MIB, OSPFv3 MIB

V1R10 FRCA Resolver enhancements

V1R11 SMTP client IPv6 enabled from start Privacy extensions and stateless

address auto-configuration enhancements

Type 0 Routing Header deprecation

IPv6 Phase 1 Ready

IPv6 Phase 2 Ready

yourdotcomibm.com




Security concern with stateless address auto-configuration

RFC 4941 Privacy Extensions for Stateless Address Auto-configuration in IPv6 RFC 4941 addresses a potential security concern that can arise with the use of stateless address auto-

configuration. An auto-configured address contains an embedded static interface identifier. The static interface ID makes it possible to correlate independent transactions even if the overall IPv6

address changes. RFC 4941 also defines solutions:

A mechanism to generate a random interface ID that changes over time A mechanism to generate an IPv6 temporary auto-configured address using the random interface ID

Temporary auto-configured addresses have same characteristics as public auto-configured addresses.

generated when router advertisement processed

deprecated at the end of the preferred lifetime

deleted at the end of the valid lifetime.

A short-lived client application can use temporary addresses to make it more difficult to correlate activity.

a server needs a known IP address so that it can be reached by clients

a long-lived client connection can become unusable if the source IP address is deleted while the connection is active

yourdotcomibm.com




Agenda


9 Application integration, data consolidation, and standards






yourdotcomibm.com




Availability and business resilience

9OMPROUTE detection of duplicate router ID9Improved responsiveness to storage shortage conditions2 Disable moving DVIPA as source IP address9Support for enhanced WLM

routing algorithms

yourdotcomibm.com




OMPROUTE to aid in detecting duplicate router IDs

If multiple OSPF routers use the same router ID, routing problems will occur Routes are continuously added and deleted by

neighboring routers

Increased OSPF traffic as designated router floods new LSAs

Packet loss or connectivity loss depending upon routing environment

Problem can be difficult to diagnose due to varied symptoms

OMPROUTE will detect when another adjacent OSPF router is using the same router ID as this OMPROUTE instance

Message EZZ8165I is issued to the console once every 10 minutes per OSPF version (IPv4 or IPv6)

My router ID:10.1.1.1

10.1.1.254

My router ID:10.1.1.1

???

yourdotcomibm.com




Improved responsiveness to storage shortage conditions

Improved OMPROUTE tolerance for storage shortage situations

Improved handling of situations where slow applications use excessive amounts of storage buffers at the transport protocol layer

Throttle amount of parallel QDIO operations

Data-link control (DLC) level discard of QDIO input buffers to relieve inbound overrun

OSA

Memory

Page spaceApplication

Application

RECV

SENDQDIO

When storage shortage occurs:9Stay up!9Throttle workload at the source9Prevent network spikes from monopolizing common z/OS storage9Report which connections use excessive amounts of storage

yourdotcomibm.com




Communications Server virtual storage overview

Both TCP/IP and VTAM use various forms of common storage The shared

Communications Storage Manager component also uses common storage in addition to data spaces Common storage is a

limited resource for which many components on z/OS contend During abnormal

scenarios, network spikes can cause transient demands for significant amounts of common storage

Both VTAM, TCP/IP, and CSM storage

System Resolver TCP/IP VTAM

High resolver private

High TCP/IP private

High VTAM private

64-bit shared(TCP/IP for SCBs)

Low resolver private (cache)

Low TCP/IP private

Low VTAM private

Extended resolver private

Extended TCP/IP private

Extended VTAM private

ECSA TCP/IP use

ECSA VTAM use

ECSA CSM use

Extended nucleus, ESAQ

LPA,SQA, Nucleus

CSA (both VTAM and TCP/IP use a little)

Resolver private TCP/IP private VTAM private

PSA

CSMData

Space 31(backed by 31-bit

real storage frames)

CSMData

Space 64 (backed by 64-bit


0

16 MB

2 GB

16 EBKilo 2**10Mega 2**20Giga 2**30Tera 2**40Peta 2**50Exa 2**60

yourdotcomibm.com




Storage shortages and OMPROUTE

OMPROUTE and the TCP/IP stack work together to make OMPROUTE more tolerant of storage shortage conditions:

TCP/IP stack informs OMPROUTE of stack storage shortage conditions During a storage shortage, OMPROUTE temporarily suspends requirement for periodic routing

updates from neighbor routers TCP/IP stack ensures that dispatch-able units for OMPROUTE can always obtain the control blocks

that they require TCP/IP stack satisfies storage requests for OMPROUTE as long as storage remains available

Temporarily keeps OMPROUTE from timing out routes due to lack of routing updates from neighbor routers during a storage shortage

Decreases likelihood of OMPROUTE exiting or failing to send routing updates to neighbor routers

TCP/IP Stack

OMPROUTE

buffer

Router

Router

Storage shortage!!!

Get me one of those outbound buffers youve reserved for me!!!

Hello, I am still here!!!

Hello, we are here too!!!

OK Ill tolerate for a period not hearing from those guys as fast as I normally want to hear from them !!!!

yourdotcomibm.com




Storage shortages and slow or stalled applications Data in a send buffer is page fixed awaiting

IO operations to be initiated When application is not making progress or fixed storage

is constrained All new data added to TCP send queue is marked as

page-able When storage becomes constrained, all unsent data on

send queues for all non-local TCP connections is marked as page-able

Before data is sent to remote stack it is changed back to fixed, as required by the DLC

It was very difficult to identify which local applications caused excessive amounts of space to be used on the send or receive queues

Alerts issued to indicate TCP queue in constrained state Indicate old data on send or receive queue Identify connection (connection id, job name,

addresses, ports) Constrained state entry and exit indicated Issued to syslogd using TRMD

Local receiving

application

Local TCP/IP stack on z/OS

Full receive buffer

Full receive buffer

Remote TCP/IP stack

Remote sending

application

Send buffer

Local sending application

Local TCP/IP stack on z/OS

Full send buffer

Full send buffer

Remote TCP/IP stack

Remote receiving

application

Receive buffer

Stalled application

Stalled application

yourdotcomibm.com




Storage shortages and QDIO device driver actions

Number of parallel SRBs is now limited to: For 1 Gigabit Ethernet:

Maximum execution threads per QDIO data device = 4 For 10 Gigabit Ethernet and HiperSockets:

Maximum execution threads per QDIO data device = Min(LPAR CPUs + 1, 4) * 2

Use of CSM storage for containers on the staging queue is also being limited:

Gigabit speed OSA-Express Two Meg if CSM critical/constrained Four Meg if CSM not critical/constrained

Ten-Gigabit speed OSA-Express or HiperSockets Four Meg if CSM critical/constrained Six Meg if CSM not critical/constrained

If more data arrives than the current limit allows, packets are discardedOSA QDIO

Container of inbound acketsContainer of

inbound packetsContainer of

inbound packets

Staging queue

PCI Exit routine

SRB

Schedule SRBs

SRBSRB

ECSA CSM storage

Before z/OS V1R11, there was no limits on1.Number of SRBs2.Number of containers on the staging queue

IST2273E PACKETS DISCARDED FOR jobname - READ QUEUE CONGESTION

Up through the TCP/IP stack

yourdotcomibm.com




Sysplex Distributor with ServerWLM and specialty processors

When using WLM server-specific weights, WLM returns three sets of weights1. Raw CP, zAAP, and zIIP system weights.

2. Proportional weights raw weight modified by actual server usage

3. Composite weight

Raw weights: CP 30 ZAAP 60 ZIIP 60 Usage Pattern: CP 11% ZAAP 89% ZIIP 0%

Proportional weights: CP 3 ZAAP 54 ZIIP 0

Composite weight: 57 TCP/IP Target Server Responsiveness: 90%

Health-adjusted weight: 51 Normalized weight: 13

1

3

2

yourdotcomibm.com




Workload distribution algorithm enhancements by Sysplex Distributor and Workload Manager in z/OS V1R11

IL SUs

0 0

1 0

2 0

3 500

4 0

5 0

6 0

7 0

IL SUs

0 0

1 0

2 0

3 0

4 0

5 500

6 0

7 0

New workload at IL=2 (can displace IL=3 to IL=7 workload)

LPAR1 LPAR2IL CP SUs zAAP

SUs

0 0 0

1 0 0

2 0 0

3 900 100

4 0 0

5 0 0

6 0 0

7 0 0

IL CP SUs zAAPSUs

0 0 0

1 0 0

2 0 0

3 100 900

4 0 0

5 0 0

6 0 0

7 0 0

New workload at IL=2(can displace IL=3 to IL=7 workload)

New workload designed to use 90% zAAP and 10% CP

LPAR1 LPAR2

IL 0: HighIL 7: Low

New workload at Importance level 2 Which LPAR is best?

They both have 500 service units of displaceable workload

Before R11, they would be equal

z/OS V1R11 takes importance level of displaceable workload into consideration LPAR2 will be preferred

New workload at Importance level 2 Which LPAR is best?

They both have equal amount of displaceable service units

Before R11, they would be equal

z/OS V1R11 takes amount of crossover to CP of displaceable workload into consideration LPAR2 will be preferred since it has the least

amount of crossover

yourdotcomibm.com




Importance level example

Importance level weighting factor of zero (IL0) means no change as compared to pre-R11 behavior

Importance level weighting factors of one through 3 (IL1 through IL3), gradually shifts new workloads towards LPARs with the lowest importance level work to displace

In this example, LPAR2

02000400060008000

RawService

Units

IL0 IL1 IL2 IL3

IL factor

Adjusted displaceable service units

LPAR1 LPAR2

0100200300400500

0 1 2 3 4 5 6 7

Importance Levels

Displaceable service units per importance level

LPAR1 LPAR2

New workload to run at Importance Level 2

yourdotcomibm.com




Cross-over cost example

Application designed to use 10% CP and 90% zAAP LPAR1 and LPAR2 are targets LPAR1:

Has 900 CP SUs and 100 zAAP SUsthat can be displaced

LPAR2: Has 100 CP SUs and 900 zAAP SUs

that can be displaced Without a cross-over cost, the

two targets are equally good to receive new workload As a cross-over cost is applied,

LPAR1 is less attractive than LPAR2 Cross-over cost can be set to a

value between 1 and 100 1: as before R11

100: maximum penalty for cross-over

Application Workload Design

CP

zAAP

0100200300400500600700800900

LPAR1 LPAR2

Displaceable Service Units

Relative weights of LPAR1 and LPAR2

0

10

20

30

40

5060

70

80

90

100

0 10 20 30 40 50 60 70 80 90

Cross-over Cost

W

e

i

g

h

t

LPAR1

LPAR2

yourdotcomibm.com




Configuring and displaying the new SERVERWLM options

The new configuration parameters are Only valid when server-specific recommendations are being used Only used by WLM when all systems in the sysplex are V1R11 or later

These parameters can affect performance Importance Level values range from 0 (no impact) to 3 (aggressive weighting).

Guideline use Moderate (IL 1) value initially. Crossover cost values range from 1 (no impact) to 100 (crossover cost very expensive).

Guideline Use a low cost initially.

NETSTAT VIPADCFG DETAILVIPA Distribute:

Dest: 201.2.10.11..8000 DestXCF: ALLSysPt: No TimAff: No Flg: ServerWLMOptLoc: No ProcXCost:zAAP: 020 zIIP: 005

ILWeighting: 1

VIPADISTRIBUTE DISTMETHOD SERVERWLM PROCXCOST ZIIP 5 ZAAP 20 ILWEIGHTING 1201.2.10.11 PORT 8000 DESTIP ALL

yourdotcomibm.com




Agenda


9 Application integration, data consolidation, and standards

9 Availability and business resilience Scalability, performance, constraint relief, and





yourdotcomibm.com




Scalability, performance, constraint relief, and accelerators

9 Accept_and_receive API enhancements2 TCP/IP support for system z10 hardware instrumentation9 TCP/IP path length improvements9 Virtual storage constraint relief9 TCP throughput improvements for high-latency networks9 Resolver DNS cache9 NSS private key and certificate services for XML appliances9 Sysplex autonomics improvements for FRCA9 QDIO accelerator9 Sysplex Distributor connection routing accelerator9 Sysplex Distributor optimization for multi-tier

z/OS workload

9 Sysplex Distributor support for DataPower

yourdotcomibm.com




General TCP/IP path length improvement objectives

*ITR = ETR/CPU busy percentage where ETR is transaction rate (or throughput)

Internal Throughput Rate; a statement of how much work the system can do at 100% busy Generally ETR is very difficult to impact; so our focus is usually on reducing the denominator (CPU

consumption)

For years, z/OS products goal was no release-to-release ITR degradation Goal for last few years has become provide release-to-release ITR improvement

Continual process to improve overall System z price/performance Communications Server ITR goal in z/OS V1R11:

Reduce Communication Servers CPU Consumption for Request/Response workloads, while not elongating network latency, and while also providing 31-bit Common Storage (ECSA) Constraint Relief

The challenge: Our z/OS V1R11 ECSA constraint relief item (using 64-bit Common Storage for Socket Control Block)

introduces new, cycle-intensive addressing mode-switching coupled with save/restore of high-order general purpose register (GPR) halves

Well need to overcome path-length growth due to 64-bit memory access, before we can show any path-length improvement in V1R11.

z/OS V1R10 path-length is quite good; much effort went into providing significant ITR gains comparison against V1R10 will be tough

The PERFORMANCE Team

yourdotcomibm.com




Asynchronous accept_and_receive sockets call

The accept_and_receive call has existed for a few releases BPX1ANR

It combines three sockets API crossings into a single API crossing Reduced latency and CPU time for

server applications that receive connections

z/OS V1R11 adds the following capabilities to the accept_and_receive call: 64-bit support

BPX4ANR Asynchronous support

BPX1AIO BPX4AIO (64-bit)

Is available to be exploited by all server implementations on z/OS

Accept()

GetSockName()

Recv()

Process the transaction

Application PFS layer TCP/IP Stack

Accept_and_receive()

Process the transaction

Application PFS layer TCP/IP Stack

yourdotcomibm.com




General TCP/IP path length improvements in z/OS V1R11

Use z/Architecture 64-bit arithmetic instructions to maintain double-word SNMP and diagnostic counters

As opposed to using earlier (System 390) 31-bit instructions which need to load up and store a pair of registers

Exploit asynchronous Cache Line pre-fetching when we know well soon need to access +256, +512, .. bytes beyond current location

Minimize TCP/IP data-path references to the new 64-bit Socket Control Block, to avoid address-mode switching

Code scrubbing certain critical paths; new fast-paths for normal cases.

yourdotcomibm.com




TCP/IP path-length improvements: helping application programmers avoid common Sockets pitfalls

Nagle (on send side) Data from a small send()

cannot be put on the wire if there is outstanding un-acknowledged data

Applications can disable Nagle by setting the TCP_NODELAY sockets options

Delayed ACK (on receive side)

TCP generally ACKs every 2nd segment

TCP generally waits 200 msec before sending a stand-alone ACK if no 2nd segment arrives

200 msecdelay

ACK

Two small sends and then a receive

Need data from both sends before reply

TCP ServerClient TCP

New transactional applications often encounter severe performance problems due to this behavior Most application programmers dont know

about Nagle Very often seen with CICS Sockets

applications Sample test run: transaction rate jumped

from 3 transactions per second to 2650 transactions per second

Note: The performance measurements discussed in this presentation are preliminary z/OS V1R11 Communications Server numbers and were collected using a dedicated system environment. The results obtained in other configurations or operating system environments may vary.

yourdotcomibm.com




Relaxed Nagle algorithm to avoid traffic stalls

For transactional workload, such as CICS Sockets, the client often calls send() to send a transaction header (transaction code), and then calls send() a second time to send the input data

If client calls send() more than twice with small amounts of data, the z/OS V1R11 solution will not prevent the Nagle algorithm to wait for an ACK before sending the third small segment

Server needs both before it can start processing and produce a reply

200 msecdelay

ACK






ServerClientShort transaction header

Transaction input data

ACK




How it worked before z/OS V1R11 How it works in z/OS V1R11

The application view of the exchange

yourdotcomibm.com




Use of 64-bit common virtual storage for Sockets Control Blocks

64-bit shared memory objects are allocated in one MB chunks above the bar

Sockets Control Blocks (SCBs) are in z/OS V1R11 moved from ECSA to 64-bit shared memory objects

Each SCB is 384 bytes long freeing up (384 * number of open sockets) in your ECSA storage

System Resolver TCP/IP VTAM

High resolver private

High TCP/IP private

High VTAM private

64-bit shared(TCP/IP for SCBs)

Low resolver private (cache)

Low TCP/IP private

Low VTAM private

Extended resolver private

Extended TCP/IP private

Extended VTAM private

ECSA TCP/IP use

ECSA VTAM use

ECSA CSM use

Extended nucleus, ESAQ

LPA,SQA, Nucleus

CSA (both VTAM and TCP/IP use a little)

Resolver private TCP/IP private VTAM private

PSA

CSMData

Space 31(backed by 31-bit


CSMData

Space 64 (backed by 64-bit


0

16 MB

2 GB

16 EB

yourdotcomibm.com




Monitoring use of 64-bit memory objects You can monitor the systems use of 64-bit memory objects through the RMF

monitor III STORM (option 7A) report:RMF V1R11 Storage Memory Objects Line 1 of 8 Command ===> Scroll ===> CSR Samples: 60 System: 3090 Date: 06/12/09 Time: 10.01.00 Range: 60 Sec------------------------------- System Summary ---------------------------------- Memory Objects -- --------- Frames ---------- --- Area Used % ----Common Shared Large Common Fixed Shared 1 MB Common Shared 1 MB

6 0 800 0 0 0.0 0.0-------------------------------------------------------------------------------

Service ---- Memory Objects --- Frames ----- Bytes -----Jobname C Class ASID Total Comm Shr Large 1 MB Total Comm ShrSMSPDSE S SYSTEM 0008 12 0 0 76.0M 0 0TRACE S SYSTEM 0004 8 0 0 8192K 0 0GRS S SYSTEM 0007 4 0 0 140G 0 0ABCRESO S SYSSTC 0040 4 0 0 4096K 0 0JESEAUX S SYSSTC 0027 3 3 0 3072K 3072K 0ZFS S SYSSTC 0049 2 0 0 22.0M 0 0*MASTER* S SYSTEM 0001 1 1 0 1024K 1024K 0TCPCS S SYSSTC 0058 1 1 0 1024K 1024K 0

System resolver uses 64-bit private memory objects for name server cache

TCP/IP uses 64-bit common memory objects for SCBs

10.22.08 d tcpip,tcpcs,stor10.22.09 EZZ8453I TCPIP STORAGE EZZ8454I TCPCS STORAGE CURRENT MAXIMUM LIMIT EZZ8455I TCPCS ECSA 9645K 10074K NOLIMIT EZZ8455I TCPCS POOL 13949K 14047K NOLIMIT EZZ8455I TCPCS 64-BIT COMMON 1M 1M NOLIMIT EZZ8459I DISPLAY TCPIP STOR COMPLETED SUCCESSFULLY

You can also monitor TCP/IPs use via the D TCPIP,,STOR command

yourdotcomibm.com




TN3270 server ECSA usage improvement up to and including z/OS V1R11 Communications Server

Release ECSA for 256K TN3270 sessions

V1R7 798MV1R8 708MV1R9 480MV1R10 440MV1R11 (1) 352M

The numbers are configuration dependent, but they should give you an idea of the magnitude of the savings achieved in the recent releases.

V1R7 V1R8 V1R9 V1R10 V1R11Release

300

400

500

600

700

800

900

M

e

g

a

b

y

t

e

s

ECSA for 256K TN3270 sessions

Note (1): The V1R11 number is a preliminary number - it may change before general availability of z/OS V1R11 Communications ServerNote (2): APAR II13442 and II13951 are worth revisiting in general for storage

yourdotcomibm.com




Reduction in CSA requirements for Rapid Transport Protocol (RTP)pipes

Before V1R11, each RTP pipe is represented by a control block in ECSA In V1R11, a large portion of the RTP control block was moved to an extension

control block in VTAM private storage. This resulted in a significant ECSA savings for installations with a large number of RTP pipes

Preliminary estimates of the reduction in required RTP pipe ECSA storage for various RTP counts:

RTP pipes ECSA reduction4000 11.5%12000 23.5%20000 29.5%

yourdotcomibm.com




High latency network and window size

Window size

Round trip time (RTT)

Sender Receiver

data

data

data

data

ACK

ACK

ACKACK

Time

Window size

Round trip time (RTT)

Sender Receiver

data

Time

ACK

Inefficient window size Efficient window size

In this example, the window size is too small for the high-latency network (large RTT). Both sender and receiver spend time waiting for data or ACKs to arrive

In this example, the window size is large enough for the high-latency network. The sender has not yet sent the last bit of the window size before it receives an ACK for the first bit of the current window. However, a window size of 512K may not always be enough to achieve this behavior.

yourdotcomibm.com




TCP throughput improvements for high-latency networks

FTP FTP

64K

I can't ACK till I have some data to ACK!

I can't send more than the window size till I have an ACK that advances the window!

TCP/IP in z/OS V1R11 implements and enhancement known as dynamic right sizing. Helps improve performance

for streaming TCP connections over networks with large bandwidth and high latency When z/OS is the receiver By automatically tuning the ideal

window size beyond the current maximum window size of 512K for such TCP connections.

The window size may grow up to 2MB

This function does not take effect for applications which use a TCP receive buffer size smaller than 64K.

Time (10 sec increments)---->

13579

11

M

B

/

S

e

c

T

h

r

u

p

u

t

z10 Fast EthRTT = 51ms

FTP Throughput AIX -> z/OSSingle FTP Session

B a s e c o d e

D y n a m ic R ig h t S iz in g


yourdotcomibm.com




Existing resolver logic always contacts a name server

No memory in resolver of output from previous requests

Specified DNS name servers contacted on each request

Resolver

2,6

Name Server(10.1.1.2)


query forhost.raleigh.ibm.com

Query

3,7

NSINTERADDR 10.1.1.1NSINTERADDR 10.1.1.2

TCPIP.DATA

z/OS LPAR

1,5Answer

4,8

yourdotcomibm.com




Caching-only name server provided some relief

Each request directed to local caching-only name server, which retains the information

Still requires building a DNS request for each resolution attempt

Resolver

2,8




Query

3

NSINTERADDR 127.0.0.1

TCPIP.DATA

z/OS LPAR

1,7

Answer

6,10Caching-onlyname server

Query

Answer

45,9

yourdotcomibm.com




z/OS V1R11 introduces resolver caching

Resolver cache queried for each request

Communication with name server only if cache information not available

Resolver

2




Query

3

NSINTERADDR 10.1.1.1NSINTERADDR 10.1.1.2

TCPIP.DATA

z/OS LPAR

1,5Answer

4,6

Cache

yourdotcomibm.com




Configuring resolver caching its all optional!!

Resolver caching started automatically Can be turned off using NOCACHE statement

Use CACHESIZE to adjust maximum storage limits If modifying limit, select value that is 50% larger than anticipated needs

Use MAXTTL to adjust maximum entry retention time value

F RESOLVER,DISPLAY

EZZ9298I DEFAULTTCPIPDATA - None EZZ9298I GLOBALTCPIPDATA - SYS1.TCPPARMS(TCPDATA) EZZ9298I DEFAULTIPNODES - USER1.ETC.IPNODES EZZ9298I GLOBALIPNODES - None EZZ9304I COMMONSEARCHEZZ9304I CACHEEZZ9298I CACHESIZE - 200M EZZ9298I MAXTTL 214748364EZZ9293I DISPLAY COMMAND PROCESSED

CACHESIZEdefaults to

200M of storage,about 80K entries

MAXTTL defaults to use name server

supplied value

yourdotcomibm.com




Setup Topology overview Throughput CPU

1 100

4.1 81

7.7 58

Resolver DNS cache benefits

The performance benefits of local name caching depend on Amount of calls to the resolver in general

Client application workload, Web Services workload, some services that do reverse resolution of client IP address, etc.

Amount of repetitive resolutions of the same host names or addresses The more repetitive resolutions, the more cache hits

The time-to-live (TTL) values that are returned by the name server TTL values of zero cannot be cached

Application Resolver Authoritative DNS

Application Resolver Authoritative DNSLocal caching DNS

Application Resolver Authoritative DNS

Cache

Cache

No caching

Caching-only DNS

Resolver caching


yourdotcomibm.com




What is and is not cached?

Resolver

(1) DNS A, AAAA, and PTR records(2) Negative Cache information

(1) Low-level API invocation data(2) Name Server timeouts(3) Local host data

No more than 20% of cache is ever used for negative entries

Organized by DNSname server that supplied the response data

Storage obtained as needed

yourdotcomibm.com




Example of different entries cached on a name server basis

TCPIP.DATA Dataset specifies:NSINTERADDR 10.6.6.6

Test Application Production Application

Resolver

Test TCPStack

ProductionTCP Stack

Getaddrinfo(af_inet, host.ibm.com)

TCPIP.DATA Dataset specifies:NSINTERADDR 10.3.3.3

DNS @10.3.3.3 DNS @10.6.6.6

host.ibm.com A 10.45.5.5

Test DNS returnsIP address=10.45.5.5


host.ibm.com A 10.145.5.5

Production DNS returnsIP address=10.145.5.5

z/OS Communications Server

Result: Two cache records are created by resolver!!

yourdotcomibm.com




Re-use of cache entries, different data for same hostname

TCPIP.DATA Dataset specifies:NSINTERADDR 10.7.7.7NSINTERADDR 10.6.6.6

Test Application Production Application

Resolver

ResolverCache Data


TCPIP.DATA Dataset specifies:NSINTERADDR 10.6.6.6NSINTERADDR 10.3.3.3


z/OS Communications Server

Result: Resolver returns 10.145.5.5 to both applications!!

DNS IP address=10.6.6.6host.ibm.com=10.145.5.5

DNS IP address=10.3.3.3host.ibm.com=10.45.5.5

yourdotcomibm.com




Using the cached information

No change to the resolver APIs Data saved independent of API used to acquire

cache entry Data cached by Getaddrinfo can be retrieved

using Gethostbyname, and vice versa

Data cached by Getnameinfo can be retrieved using Gethostbyaddr, and vice versa

Usable by both EBCDIC and ASCII applications

No round robin algorithm applied to cached data before delivery to application Sorted by Getaddrinfo automatically SORTLIST directive applies to IPv4

addresses

yourdotcomibm.com




Displaying cache entry data (Netstat RESCache/-q report)

Display information about the resolver cache Statistical information (use the SUMMARY modifier) Detailed entry information (use the DETAIL modifier)

Options to influence amount of information displayed

Display statistical information on name server basis using DNS modifier

Display all entry information provided by a specific DNS name server using the DNSAddr/-Q filter

Display all DNS A or AAAA entries associated with a specific host name using the HOSTName/-H filter

Display all DNS PTR entries associated with a IP address using the IPAddr/-I filter

Display some or all negative cache entries using the NEGative modifier

MVS OperatorCommand, TSO, and z/OS UNIX

RACF Controlsava

a000 system z networking

Documents

nonibm product

nonibm web sites

local ibm representative

ibm director of licensing

noticesthis information

products andor

equivalent product

technical inaccuracies