Yesterday I described some details about the new IBM TCP/IP for z/VSE 2.1 version. With z/VSE 6.1 we will also provide a new release for IBM IPv6/VSE. Today you will get some details about this new release.
You may have noticed, that I always add "IBM" to the product name. The reason is, that the TCP/IP product you directly license from BSI or CSI may have different content and/or support more z/VSE releases than we do.
IBM IPv6/VSE 1.2 will be supported on z/VSE 6.1 only. It is not supported on z/VSE Version 5 or before.
IBM IPv6/VSE 1.1 will not be supported on z/VSE 6.1. It continue to be supported on z/VSE Version 5.
Migration to the new release should be easy. External interfaces did not change and the new release has the same code base as before.
In my z/VSE 6.1 preview blog entry I already summarized the new enhancements of IBM IPv6/VSE 1.2 briefly.
Yes, we are getting firewall support for IBM IPv6/VSE 1.2 too. It allows to secure the TCP/IP stack and thus z/VSE 6.1.
The firewall examines IPv4 and IPv6 IP packets. The source IP address, packet protocol, TCP or UDP port numbers and ICMP message type and code can be verified and processing accepted or denied. A VSE library member holds the firewall rules. The firewall will be enabled by default. The default rules allow all packets to be processed.
When an IP packet is denied processing by the stack, it is dropped. As of now only inbound rules are processed.
Further new functions are:
- Automatic OSA-Express device failover using HOTSWAP devices for high availability:
- IBM IPv6/VSE 1.2 will allow users to automatically recover from OSA Express device failures by utilizing a backup HOTSWAP device. This can dramatically reduce the duration of network interruptions.
- Improved stack CPU optimization:
- This can result in reduced CPU utilization by the stack partitions and thus may improve network throughput.
- Improved SSL support including TLS1.2 and Diffie-Hellman (DH) / Elliptic curve cryptography (ECC) sockets
- IBM IPv6/VSE V1.2 will support the latest updates in the z/VSE openSSL, including support for TLSV1.2 and DH/ECC SSL socket, and all the latest security fixes.
- The SSL Proxy and Automatic TLS facilities will be improved to support establishing up to 16 SSL sockets concurrently. This can dramatically improve performance for applications that establish multiple connections to z/VSE including TN3270(E), CICS, and web services applications.
- Virtual IP address support using virtual network interfaces:
- IBM IPv6/VSE V1.2 will support having multiple IP addresses defined for a single network interface through the use of virtual network interfaces. The virtual network interfaces share a single OSA Express device.