|Looking at a tcpdump showing a FTP transfer between two RedHat Linux machines on z196 over Hipersockets shows a quite impressive throughput of 600MB/s.|
mreede 120000AB3P 110 Visits
In today's world of Information Technology, companies want to make use of this technology to add
The search for modern technology has, as its major points, the speed and security of information and
One of the features that allow us to implement security through the definition of rules to control routed
Figure 1 - Implementation of IP Filter through filter policies
Another technology that is available with the purpose to accelerate forwarding packets at the DLC layer
The QDIO Accelerator improve latency and decrease CPU consumption for all accelerated traffic when
Figure 2 – QDIO Accelerator
In previous versions of z/OS Communication Server, both features cannot be implemented simultaneously
Now with the new version of z/OS Communication Server, customers that have planned to implement both
Figure 3 – QDIO Accelerator and IP Security Filter
Author: Gilson Cesar de Oliveira
He is an IT Technical Specialist in the Network area in Brasil working as a System Programmer.
Gilson Oliveira 100000DJ84 246 Visits
In today's world of Information Technology, companies want to make use of this technology
to add new solutions without compromising the use of new hardware and software features
on servers and data applications.
The search for modern technology has, as its major points, the speed and security of
information and the mainframe has some technologies available which allow us to make use of
these two important points through the coexistence of features that in previous versions were
incompatible, or it could not be enabled concurrently.
One of the features that allow us to implement security through the definition of rules to
control routed and local traffic is IP Security Filter that is enabled through the configuration of
policies implemented with the use of Policy Agent. It is configured at the IP layer so we have
the control over TCP, as well as, UDP traffic.
Another technology that is available with the purpose to accelerate forwarding at the DLC
layer for the following types of packets is the QDIO Accelerator:
Inbound packets over OSA‐Express QDIO that are forwarded outbound over OSA‐Express
Inbound packets over Hipersocket that are forwarded outbound over OSA‐Express QDIO.
Sysplex Distributor packets that are forwarded to a target stack.
The QDIO Accelerator improve latency and decrease CPU consumption for all accelerated
traffic when routing forwarded traffic early during inbound processing, however this feature is
available only for IPv4.
In previous versions of z/OS Communication Server, both features cannot be implemented
simultaneously due to restrictions imposed by policies configured for routed traffic.
Now with the new version of z/OS Communication Server, customers that have planned to
implement both features and faced limitations, can start at the Version 2 Release 1 to explore
the concurrency of both functions reading the details on z/OS Communication Server V2R1
TCP/IP Implementation: Volume 4 Security and Policy Based Networking , SG24‐7999 that
can be downloaded at IBM Redbooks web site.
Author: Gilson Cesar de Oliveira
He is an IT Technical Specialist in the Network area in Brasil working as a System Programmer. He held a degree in Computer Science
and specialization in Data Network. He has more than 23 years of experience in mainframe Network with expertise in
VTAM/SUBAREA/APPN, TCP/IP, OSA - Express, JES/2 – NJE, RACF/RRSF, Printing Management and Network Management. He is also
co-author of z/OS Communication Server TCP/IP Redbooks.
Georg Senfleben 110000R887 Tags:  syntax obey obeyfile server vary tcpip profile check v2r1 syntaxcheck communications 570 Visits
When you start a TCP/IP stack or issue the “VARY TCPIP,,OBEYFILE,profile”
With z/OS V2R1 Communications Server you can use a new console command to check a
The command is called “VARY TCPIP,,SYNTAXCHECK” and it reports errors using the same messages
Here is an example of a SYNTAXCHECK with errors:
In this case the SYNTAXCHECK has found an error on line 50. The value, xxxx, for the TCPSENDBFRSIZE
Before starting a TCPIP stack or activating a new TCPIP profile with the “VARY TCPIP,,OBEYFILE”
Following filter can be used to filter on fragmented packets.
ip.flags.mf == 1 or ip.frag_offset > 0
When PATH MTU discovery (PMTUD) is enabled, the DONT FRAGMENT bit in the IP header is set and a router that would have to fragment will discard the packet instead and send back an ICMP message indicating what the next hop's MTU size is.
Following filter can be used to find the icmp fragmentation needed packets.
You see, combining these filters can result in a lengthy string of expressions.