Verify a route to a particular destination IP address when you are using policy-based routing (PBR).

Perform the following steps to diagnose problems with IP routing to a destination when you are using policy-based routing:

1. While the application is active and attempting to connect to the destination, use the Netstat ALL/-A report to determine the policy rule that is assigned to the connection and the route table being used to perform a route lookup. For information about the Netstat command, see z/OS Communications Server: IP System Administrator's Commands.
   • If no policy rule is listed and the connection is not expected to use policy-based routing, see Steps for verifying IP routing to a destination when not using policy-based routing.
   • Continue to the following step if one of the following is true:
     • A policy rule is not listed and the connection is expected to use policy-based routing
     • A policy rule is listed and the connection is not expected to use policy-based routing
     • A policy rule is listed, but it is not the expected policy rule
   • Otherwise, continue with step3.
2. For information about how to map a connection to the correct policy rule, see the 'Policy-based routing' section in z/OS Communications Server: IP Configuration Guide.
3. Use pasearch to find the policy rule and the corresponding action. For information about the pasearch command, see "Displaying policy-based networking information" section of z/OS Communications Server: IP System Administrator's Commands. The policy action will list all the possible route tables that can be used for the connection. Perform steps 4 through 6 on each of the route tables listed in the action.
4. Use the Netstat ROUTE/-r PR command to display routes in the route table. Verify whether TCP/IP has a route to the destination/network in the route table. For information about the Netstat ROUTE/-r command, see z/OS Communications Server: IP System Administrator's Commands.
   • If there is no route to the destination/network and no route is expected to be found in the route table, repeat step 4 using the next route table in the policy action.
   • If there is no route to the destination/network and a route was expected in the route table, see z/OS Communications Server: IP Configuration Guide for information about setting up static and dynamic routing for policy-based routing tables.
   • If a route was found, verify that the route is marked active (has the U flag). If the route is not active, see z/OS Communications Server: IP Configuration Guide for information about route states.
   • If an active route is found, verify that the route table name matches the route table name displayed on the Netstat ALL/-A report for the connection. If it does not, continue to step 9. Otherwise, continue to step 5.
5. Determine whether there is a gateway identified for the route to the destination. If there is no gateway, then the destination address is presumed to be directly connected. In this case, proceed to step 6. If a gateway is identified for the route, use the Ping command to confirm connectivity to the gateway.
   • If the gateway responds to a Ping, then there is a network problem at the gateway or beyond.
   • If the gateway does not respond to a Ping, proceed to step 6.
6. Determine which network interface is associated with the route to the destination. If the network interface operation has not been verified for this interface, verify it now. See Steps for verifying network interface operation for more information.
7. Use the DISPLAY TCPIP,,NETSTAT,ACCESS,NETWORK command to determine whether network access control is enabled. If it is enabled, see Steps for verifying network access for more information.
8. Use the Netstat CONFIG/-f command to determine whether IP security is enabled. If the output report field IpSecurity contains the value Yes, then IP security is enabled. If it is enabled, see Steps for verifying IP security and defensive filter operation for information about how to verify that IP security is correctly configured.
9. See Documentation for the IBM Support Center to determine what problem documentation you need, and then call the IBM® Support Center.