TCPCONFIG statement

Use the TCPCONFIG statement to update the TCP layer of TCP/IP.

Syntax

Tip: Specify the parameters for this statement in any order.

Read syntax diagramSkip visual syntax diagramTCPCONFIGCONNECTInitinterval 3000CONNECTInitinterval  millisecondsCONNECTTimeout 75CONNECTTimeout secondsDELAYAcksNODELAYAcksAUTODELAYAcksEPHEMERALPORTS 1024 65535EPHEMERALPORTS  low_port high_portFINWait2time 600FINWait2time  finwait2_secondsFRRTHReshold 3FRRTHReshold acksINTerval 120INTerval default_keepalive_intervalKEEPALIVEPROBEInterval 75KEEPALIVEPROBEInterval secondsKEEPALIVEPROBES 10KEEPALIVEPROBES numberMAXImumretransmittime 120MAXImumretransmittime secondsNAGLENONAGLEQUEUEDrtt 0QUEUEDrtt millisecondsUNRESTRICTLowportsRESTRICTLowportsRETRANSMITAttempts 15RETRANSMITAttempts timesNOSELECTIVEACKSELECTIVEACKSENDGarbage FALSESENDGarbage TRUETCPMAXRCVBufrsize 256KTCPMAXRCVBufrsize tcp_max_receive_buffer_sizeTCPMAXSENDBufrsize 256KTCPMAXSENDBufrsize tcp_max_send_buffer_sizeTCPRCVBufrsize 65536TCPRCVBufrsize  tcp_receive_buffer_sizeTCPSENDBfrsize 65536TCPSENDBfrsize tcp_send_buffer_sizeTCPTIMEstampNOTCPTIMEstampTIMEWAITInterval 60TIMEWAITInterval secondsNOTTLSTTLS

Parameters

CONNECTINITINTERVAL milliseconds
The initial retransmission interval in milliseconds. The range is 100 - 3000. The default value is 3000.
CONNECTTIMEOUT seconds
The number of seconds before the initial connection times out. This connection includes TCP connections that are established over SMC-R links. The range is 5 - 190. The default value is 75.
DELAYACKS | NODELAYACKS | AUTODELAYACKS
NODELAYACKS
Specifies that an acknowledgement is returned immediately when data is received that has the PUSH bit set on in the TCP header. Specifying the NODELAYACKS parameter on the TCPCONFIG statement overrides the specification of the DELAYACKS parameter on the TCP/IP stack PORT or PORTRANGE profile statements for the port used by a TCP connection, or on any of the following statements used to configure the route used by a TCP connection:
  • The TCP/IP stack BEGINROUTES profile statement
  • The Policy Agent RouteTable statement
  • The OMPROUTE configuration statements
DELAYACKS
Delays transmission of acknowledgments when a packet is received with the PUSH bit on in the TCP header. This is the default, but the behavior can be overridden by specifying the NODELAYACKS parameter on the TCP/IP stack PORT or PORTRANGE profile statements for the port used by a TCP connection, or on any of the following statements used to configure the route used by a TCP connection:
  • The TCP/IP stack BEGINROUTES profile statement
  • The Policy Agent RouteTable statement
  • The OMPROUTE configuration statements
AUTODELAYACKS
Autonomically determines whether to delay or immediately transmit an acknowledgment when a packet is received with the PUSH bit on in the TCP header. This behavior is overridden when you specify the DELAYACKS or NODELAYACKS parameter on any of the following configuration statements for the port or the route that a TCP connection uses:
  • The TCP/IP stack PORT profile statement
  • The TCP/IP stack PORTRANGE profile statement
  • The TCP/IP stack BEGINROUTES profile statement
  • The Policy Agent RouteTable statement
  • The OMPROUTE configuration statements
Note: If you use Policy-based routing (PBR) and centralized policy services, do not exploit the AUTODELAYACKS feature until all systems that use centralized policy services are upgraded to V2R2 or later systems. Otherwise, AUTODELAYACKS processing is in effect for all TCP traffic flowing over PBR routes, even when DELAYACKS or NODELAYACKS is specified in the policy.
EPHEMERALPORTS low_port high_port
Indicates the range of ephemeral ports that are to be assigned at bind time. The default ephemeral port range is 1024 - 65535.
low_port
The starting port for the range of ports. The low_port value is in the range 1024 - 65535.
high_port
The ending port for the range of ports. The high_port value is in the range 1024 – 65535, and must be greater than or equal to the low_port value.
Guidelines:
  • The TCP/IP stack selects an ephemeral port from the range of ports that are defined on the EPHEMERALPORTS parameter only if an ephemeral port was not assigned by EXPLICITBINDPORTRANGE, SYSPLEXPORTS or PASSIVEDATAPORTS processing.
  • The SYSPLEXPORTS processing uses only ports that are within the range of ports that the EPHEMERALPORTS parameter defines.
  • For the ports within the EPHEMERALPORTS range, if they are reserved by using port reservation definitions or the EXPLICITBINDPORTRANGE parameter, they are excluded from the EPHEMERALPORTS port pool. Such exclusion effectively makes the pool smaller.
Restriction: Ports that are defined by BPXPARMS INADDRANYPORT and INADDRANYCOUNT must be restricted by the PORT or PORTRANGE statement to the job name OMVS. The stack does not assign these ports unless the user has the job name of OMVS.
FINWAIT2TIME finwait2_seconds
The number of seconds a TCP connection should remain in the FINWAIT2 state. The range is 1 - 3600. The default value is 600 seconds.
FRRTHRESHOLD acks
The threshold of duplicate ACKs for the fast retransmit and fast recovery function (FRR) to engage. The range is 1 - 2048. The default value is 3. Do not change this parameter from the default value unless a specific FRR-related problem occurs or you are under the direction of IBM® service personnel.
INTERVAL default_keepalive_interval
The default TCP keepalive interval for applications that enable the SO_KEEPALIVE socket option and do not override the interval using the TCP_KEEPALIVE socket option. The range is 0 - 35791 minutes, and the default is 120. A value of 0 disables the keepalive function, so that sockets for which SO_KEEPALIVE is specified do not perform TCP keepalive. In this case, sockets specifying a specific interval using TCP_KEEPALIVE continue to send keepalive probes.

TCP keepalive probes end TCP connections after a period of inactivity. TCP keepalive is disabled by default for a connection, but can be enabled by issuing the SO_KEEPALIVE or TCP_KEEPALIVE socket options. The TCP_KEEPALIVE socket option enables the application to specify the keepalive probe interval, while the SO_KEEPALIVE socket option uses default_keepalive_interval as the interval.

After the interval has expired, TCP sends a single keepalive probe to the peer. If the TCP_KEEPALIVE socket option is not used to specify the probe interval, a total of ten probes are then sent at 75-second intervals if no response is received from the peer. If no response has been received 75 seconds after the last probe, the connection is reset. If TCP_KEEPALIVE is used to specify the keepalive probe interval, the number of probes and the interval between the probes might differ depending on the interval specified.

For more information about the TCP_KeepAlive socket option, see TCP_KeepAlive socket option in z/OS Communications Server: IP Programmer's Guide and Reference.

KEEPALIVEPROBEINTERVAL seconds
The interval in seconds between keepalive probes. The range is 1 - 75. The default value is 75.

This parameter does not change the initial keepalive timeout interval. It controls only the time between the probes that are sent out after the initial keepalive interval has expired.

KEEPALIVEPROBES number
The number of keepalive probes before the connection is aborted. The range is 1 - 10. The default value is 10.

This parameter does not change the initial keepalive time out interval. It controls only the number of probes that are sent out after the initial keepalive interval has expired.

MAXIMUMRETRANSMITTIME seconds
The maximum retransmit interval in seconds. The range is 0 - 999.990. The default value is 120.
Rule: If none of the following parameters is specified, this MAXIMUMRETRANSMITTIME parameter is used and the MINIMUMRETRANSMITTIME parameters of the following statements are not used:
  • MAXIMUMRETRANSMITTIME on the BEGINROUTES statement
  • MAXIMUMRETRANSMITTIME on the ROUTETABLE statement
  • Max_Xmit_Time on the OSPF_INTERFACE statement
  • Max_Xmit_Time on the RIP_INTERFACE statement

The TCPCONFIG parameter value is used if no route parameter has been explicitly specified. If the TCPCONFIG parameter value of the maximum retransmit time is used, the MINIMUMRETRANSMITTIME value that is specified on the route parameter is not used, which means the minimum retransmit time is 0.

MAXIMUMRETRANSMITTIME of 0 indicates that the smallest retransmission interval must be used. When 0 is specified, TCP/IP uses a maximum retransmission interval of approximately 100 milliseconds. Specifying a very low maximum retransmission interval can result in additional system overhead for increased retransmission processing.

NAGLE | NONAGLE
NAGLE
Specifies that the Nagle algorithm is enabled. This is the default value.
NONAGLE
Specifies that the Nagle algorithm is disabled.
Rules:
  • If the setsockopt() with TCP_NODELAY is specified for a connection, the Nagle algorithm is disabled for the connection.
  • If NONAGLE is specified, the setsockopt() with TCP_NODELAY is ignored.
QUEUEDRTT milliseconds
The threshold at which the stack considers a connection eligible for outbound serialization. The range is 0 - 50 milliseconds. The default value is 0 millisecond. A value of 0 indicates that all TCP connections are eligible for outbound serialization. If a non-zero value is specified, the stack considers a connection eligible for outbound serialization only after the round trip time (RTT) for the connection equals or exceeds the specified value. Do not change this parameter from the default setting unless specific problems with outbound serialization occur or you are under the direction of IBM service personnel.
Result: In any of the following conditions, the stack activates outbound serialization for a connection to improve performance, regardless of the value that is specified for QUEUEDRTT:
  • IPSec is enabled for a connection.
  • The connection has been identified as operating in bulk-data way, for example, an FTP data connection. The connection has also been registered to the bulk-mode ancillary input queue (AIQ) of an OSA-Express feature that is enabled for inbound workload queueing.
For more information about outbound serialization, see Outbound serialization in z/OS Communications Server: IP Configuration Guide.
RESTRICTLOWPORTS | UNRESTRICTLOWPORTS
RESTRICTLOWPORTS
When set, ports 1- 1023 are reserved for users by the PORT and PORTRANGE statements. The RESTRICTLOWPORTS parameter is confirmed by the message: 
EZZ0338I TCP PORTS 1 THRU 1023 ARE RESERVED
Restriction: When RESTRICTLOWPORTS is specified, an application cannot obtain a port in the 1- 1023 range unless it is authorized. Applications can be authorized to low ports in the following ways:
  • Using PORT or PORTRANGE with the appropriate job name or a wildcard job name such as * or OMVS. If the SAF keyword is used on PORT or PORTRANGE, additional access restrictions can be imposed by a security product, such as RACF®.
  • APF authorized applications can access unreserved low ports.
  • OMVS superuser (UID(0)) applications can access unreserved low ports.
Applications with a dependency on being able to obtain an available port in the 1- 1023 range without having that port explicitly reserved for its use should be run as APF authorized or superuser. Use RESTRICTLOWPORTS to increase system security.
UNRESTRICTLOWPORTS
When set, ports 1 - 1023 are not reserved. This is the default value. The UNRESTRICTLOWPORTS parameter is confirmed by the message: 
EZZ0338I TCP PORTS 1 THRU 1023 ARE NOT RESERVED
RETRANSMITATTEMPTS times
A segment will be retransmitted up to, but not including, the times value specified before the connection is aborted. For example, if times is set to 6 then the segment will be retransmitted 5 times and then aborted on the 6th retransmission timeout. The range is 0 - 15. The default value is 15.
SELECTIVEACK | NOSELECTIVEACK
SELECTIVEACK
Enables the exchange of selective acknowledgements with partners that support the selective acknowledgement (SACK) option as defined by RFC 2018. For information about this RFC, see Related protocol specifications.

If TCP/IP initiates a TCP connection, then a selective acknowledgement permit option is sent. During a passive connect, if TCP/IP receives a TCP connection request with a selective acknowledgement permit option from a client and the SACK option is enabled, then TCP/IP sends a SYN-ACK with its own selective acknowledgement permit option. The SACK option must be enabled to help prevent unnecessary packets from being retransmitted when packet loss occurs in the network.

NOSELECTIVEACK
Disables the exchange of selective acknowledgements during connection setup and also during the entire connection. This is the default value.
SENDGARBAGE
Specifies whether the keepalive packets sent by TCP contain 1 byte of random data.
FALSE
Causes the packet to contain no data. This is the default value.
TRUE
Causes the packet to contain 1 byte of random data and an incorrect sequence number, assuring that the data is not accepted by the remote TCP.
TCPMAXRCVBUFRSIZE tcp_max_receive_buffer_size
The TCP maximum receive buffer size is the maximum value an application can set as its receive buffer size using SETSOCKOPT(). The minimum acceptable value is the value coded on TCPRCVBUFRSIZE, the maximum is 2 MB, and the default is 256 KB. If you do not have large bandwidth interfaces, you can use this parameter to limit the receive buffer size that an application can set.
Note: If Dynamic right sizing (DRS) is active for a connection, the TCPMAXRCVBUFRSIZE value is ignored and a maximum value of 2 MB is used. For more information about DRS, see TCP receive window in z/OS Communications Server: IP Configuration Guide.

IBM Health Checker for z/OS® can be used to check whether the TCPMAXRCVBUFRSIZE value is sufficient to provide optimal support to the z/OS Communications Server FTP server. By default, it checks that TCPMAXRCVBUFRSIZE is at least 180 K. For more details about IBM Health Checker, see z/OS Communications Server: IP Diagnosis Guide.

TCPMAXSENDBUFRSIZE tcp_max_send_buffer_size
The maximum send buffer size, which is between the value that is specified on the TCPSENDBUFRSIZE parameter and 2 MB. The default value is 256 KB.
Note: If outbound right sizing (ORS) is active for a connection, the TCPMAXSENDBUFRSIZE value is ignored and a maximum value of 2 MB is used. For more information about ORS, see TCP send window in z/OS Communications Server: IP Configuration Guide.
TCPRCVBUFRSIZE tcp_receive_buffer_size
The TCP receive buffer size, which is between 256 bytes and the TCPMAXRCVBUFRSIZE value. The default value is 65536. This value is used as the default receive buffer size for those applications that do not explicitly set the buffer when they use SETSOCKOPT().

Increasing the receive buffer size does not allocate or consume any additional storage. The receive buffer size determines the amount of data that TCP/IP can buffer for the application to receive. When the TCP/IP stack receives the data, the data is stored in CSM data space or TCP/IP private storage. Each received segment has an associated data descriptor that resides in ECSA or TCP/IP private. No external mechanism controls which storage type is selected for the received data. For more information about the receiver buffer size and the TCP receive window, see TCP receive window in z/OS Communications Server: IP Configuration Guide.

TCPSENDBFRSIZE tcp_send_buffer_size
The TCP send buffer size, which is between 256 bytes and the TCPMAXSENDBUFRSIZE value. The default value is 65536. This value is used as the default send buffer size for those applications that do not explicitly set the buffer size when they use SETSOCKOPT().

Increasing the send buffer size does not allocate or consume any additional storage. The send buffer size determines the amount of data that TCP/IP can buffer for the application to send. When the application sends the data, the TCP/IP stack stores the data in CSM data space. The sent data has one or more associated data descriptors that reside in ECSA. For more information about the send buffer size and the TCP send window, see TCP send window in z/OS Communications Server: IP Configuration Guide.

TCPTIMESTAMP | NOTCPTIMESTAMP
NOTCPTIMESTAMP
TCP Timestamp Option is disabled, and MVS does not participate in TCP timestamp negotiation during connection setup and also during the entire life of connection.
TCPTIMESTAMP
TCP Timestamp Option is enabled. If MVS initiates a TCP connection, then a TCP timestamp option is sent. During a passive connect, for example, if MVS receives a TCP connection request with TCP timestamp option from a client and this option is enabled, then MVS sends a SYN-ACK with its own TCP timestamp option. This option should be enabled to help prevent wrapping of sequence numbers or to prevent a connection from receiving a delayed segment that was originally intended for an earlier incarnation of the connection. The sequence numbers can wrap more quickly with higher bandwidth networks. This is the default value.
TIMEWAITINTERVAL seconds
The number of seconds that a connection remains in the TIMEWAIT state. The range is 0 - 120. The default value is 60.
TTLS | NOTTLS
NOTTLS
Indicates that the Application Transparent Transport Layer Security (AT-TLS) function is not activated for the TCP/IP stack. This is the default value.
TTLS
Indicates that the AT-TLS function is activated for the TCP/IP stack. The AT-TLS function provides invocation of System SSL in the TCP transport layer of the stack. When a TCPCONFIG TTLS value is specified, the AT-TLS function uses AT-TLS policy information that is configured by using Policy Agent to determine how application connections are processed. If the setting is modified by using the VARY TCPIP,,OBEYFILE command, only new connections are affected by the change.
Guideline: If AT-TLS is enabled, you must activate the SERVAUTH class, define the INITSTACK resource profile, and permit users to it.
For more information about AT-TLS data protection, see z/OS Communications Server: IP Configuration Guide.

Steps for modifying

To modify parameters for the TCPCONFIG statement, you must respecify the statement with the new parameters.

For all parameters except AUTODELAYACKS, the parameter changes do not affect existing connections. The changes affect only new connections.

Examples

This example shows a TCPCONFIG statement that reserves ports 1 - 1023 for users by the PORT and PORTRANGE statements: 
TCPCONFIG RESTRICTLOWPORTS