IBM Support

OA57525: IWQ IPSEC HEALTH CHECKS

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible in next release.

Error description

  • New health checks for IWQ IPSec function.
    
    KEYWORDS: HCHECKER/K
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * V2R3 and V2R4 users who have TCP/IP stack(s) with IPSec      *
    * enabled and with interface(s) with Inbound Workload Queueing *
    * (IWQ) enabled.                                               *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * Two new z/OS health checks are added - one migration health  *
    * check (ZOSMIGV2R4PREV_CS_IWQSC_tcpipstackname), and one best *
    * practices health check (CSTCP_IWQ_IPSEC_tcpipstackname) - to *
    * prompt user to ensure there is sufficient storage for IWQ    *
    * IPSec support.                                               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * If either of the health checks                               *
    * (ZOSMIGV2R4PREV_CS_IWQSC_tcpipstackname and                  *
    * CSTCP_IWQ_IPSEC_tcpipstackname) triggers an exception - or   *
    * if either of the messages ISTM034E or ISTH038E are seen on   *
    * the console, ensure that there is enough fixed storage for   *
    * IWQ IPSec support. More information is at:                   *
    * https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/ *
    * com.ibm.zos.v2r3.e0zm100/COMSERV_V2R3_rhnkrakn.htm.          *
    ****************************************************************
    As of z/OS V2R3 with TCP/IP APAR PI77649, or z/OS V2R2 with
    TCP/IP APAR PI77649 and SNA APAR OA52275, the processing of
    IPAQENET and IPAQENET6 INTERFACE statements is enhanced when you
    use OSA-Express6S. If you enabled QDIO inbound workload queuing
    (WORKLOADQ) and you have IPSec traffic, an additional ancillary
    input queue (AIQ) is established for IPSec inbound traffic.
    Additional storage is allocated for this input queue.
    Each AIQ increases storage utilization in the following two
    areas:
    
        Approximately 36 KB of fixed ECSA
        64-bit CSM HVCOMMON for READSTORAGE
    
           If you are using IPSec, when the first IPSec tunnel is
    activated, then inbound traffic for protocol ESP, protocol AH,
    and protocol UDP destined for port 4500 will be placed on the
    new AIQ for IPSec. This new AIQ will be backed with 64-bit CSM
    HVCOMMON fixed storage. The amount of HVCOMMON storage that is
    used is based on the specification of the INTERFACE READSTORAGE
    parameter.
    
    If you configured QDIO inbound workload queuing (WORKLOADQ),
    ensure that sufficient fixed ECSA and fixed (real) 4 KB CSM
    HVCOMMON storage is available for the AIQ for IPSec traffic.
    
    More information is available at:
    https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.
    ibm.zos.v2r3.e0zm100/COMSERV_V2R3_rhnkrakn.htm
    

Problem conclusion

  • Two new z/OS health checks are added - one migration health
    check (ZOSMIGV2R4PREV_CS_IWQSC_tcpipstackname), and one best
    practices health check (CSTCP_IWQ_IPSEC_tcpipstackname) - to
    prompt user to ensure there is sufficient storage for IWQ IPSec
    support.
    

Temporary fix

Comments

  • If either of the health checks
    ((ZOSMIGV2R4PREV_CS_IWQSC_tcpipstackname and
    CSTCP_IWQ_IPSEC_tcpipstackname) triggers an exception - or if
    either of the messages ISTM034E or ISTH038E are seen on the
    console, ensure that there is enough fixed storage for IWQ IPSec
    support. More information is at:
    https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.
    ibm.zos.v2r3.e0zm100/COMSERV_V2R3_rhnkrakn.htm.
    

APAR Information

  • APAR number

    OA57525

  • Reported component name

    VTAM MVS/ESA

  • Reported component ID

    569511701

  • Reported release

    230

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-05-08

  • Closed date

    2019-06-18

  • Last modified date

    2019-08-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    OA57560 UA99652

Modules/Macros

  • ISTHCMS2 ISTHCMSG
    

Fix information

  • Fixed component name

    VTAM MVS/ESA

  • Fixed component ID

    569511701

Applicable component levels

  • R230 PSY UA99652

       UP19/07/27 P F907

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"230","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"230","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
01 August 2019