In today's world of Information Technology, companies want to make use of this technology to add
new solutions without compromising the use of new hardware and software features on servers and
The search for modern technology has, as its major points, the speed and security of information and
the mainframe has some technologies available which allow us to make use of these two important
points through the coexistence of features that in previous versions were incompatible, or it could not
be enabled concurrently.
One of the features that allow us to implement security through the definition of rules to control routed
and local traffic is IP Security Filter that is enabled through the configuration of policies implemented
with the use of Policy Agent. It is configured at the IP layer so we have the control over TCP, as well
as, UDP traffic. The figure 1 shows how IP Filter is defined.
Figure 1 - Implementation of IP Filter through filter policies
Another technology that is available with the purpose to accelerate forwarding packets at the DLC layer
is QDIO Accelerator, which treats the following types of packets:
- Inbound packets over OSA-Express QDIO that are forwarded outbound over OSA-Express QDIO.
- Inbound packets over Hipersocket that are forwarded outbound over OSA-Express QDIO.
- Sysplex Distributor packets that are forwarded to a target stack.
The QDIO Accelerator improve latency and decrease CPU consumption for all accelerated traffic when
routing forwarded packets early during inbound processing, however this feature is available only for
IPv4. The figure 2 shows how QDIO Accelerator feature works.
Figure 2 – QDIO Accelerator
In previous versions of z/OS Communication Server, both features cannot be implemented simultaneously
due to restrictions imposed by policies configured for routed traffic are not eligible to be accelerated.
Now with the new version of z/OS Communication Server, customers that have planned to implement both
features and faced limitations, can start at the Version 2 Release 1 to explore the concurrency of both
functions reading the details on z/OS Communication Server V2R1 TCP/IP Implementation: Volume 4
Security and Policy Based Networking, SG24-7999 as shown on figure 3.
Figure 3 – QDIO Accelerator and IP Security Filter
Author: Gilson Cesar de Oliveira
He is an IT Technical Specialist in the Network area in Brasil working as a System Programmer.
He held a degree in Computer Science and specialization in Data Network. He has more than
23 years of experience in mainframe Network with expertise in VTAM/SUBAREA/APPN, TCP/IP,
OSA - Express, JES/2 – NJE, RACF/RRSF, Printing Management and Network Management.
He is also co-author of z/OS Communication Server TCP/IP Redbooks