Differentiated Services policies
- The source or destination IPv4 or IPv6 addresses or subnets
- The source and destination ports used by the application
- The IP protocol the application is using (TCP or UDP)
- The network interface selected for the outgoing traffic
- The jobname of the application
Application specified attributes allow policy administrators to
identify outgoing application IP traffic based on information that
is provided and defined by an application. For example, the 
IBM® HTTP Server
Powered by Domino®
provides
the TCP/IP stack with the URI (Universal Resource Identifier) associated
with any outgoing data being sent to a client. This allows the policy
administrator to define rules that identify traffic related to specific
URIs and policy actions with unique DS controls for this traffic.
For example, an installation can define a policy that specifies preferential
treatment of outgoing traffic related to the servicing of any URIs
beginning with /product/placeorder. For more
information on defining policy rules for the IBM HTTP Server Powered by Domino based on URIs, see z/OS HTTP Server Planning, Installing, and Using and the policy configuration file topic in z/OS Communications Server: IP Configuration Reference.
- Application defined data: This allows applications to provide free-form text data that can be used to classify the application's outgoing traffic in terms that should be familiar to the application's administrator (for example, URIs are provided by the IBM HTTP server).
- Application specified priority: This allows applications to associate an application priority on the outgoing IP traffic. This application priority in itself does not automatically cause the application's traffic to get preferential treatment. In order to make use of these application specified priorities the policy administrator needs to define policy rules that map these priorities to policy actions that will govern the outgoing traffic of each priority level.
Applications can pass both application defined data and application specified priorities to the TCP/IP stack. When both are specified, the administrator is free to use either or both criteria in their service policy rules. However, it is strongly recommended that any policy rules defined using the application specified attributes should also include at least one general attribute that uniquely identifies the application instance. For example, when defining rules for the HTTP server using URIs, you can help further identify the application by specifying the source port for the server or the HTTP Server's jobname. This will help ensure that unauthorized applications cannot exploit policy actions intended for the HTTP Server.
Several aspects of connection and throughput control can be specified with DS policies, including the following specifications:
- TCP connection limits
- Maximum and minimum TCP connection rates, TCP maximum delay
- Committed access bandwidth (mean rate and peak rate) control/enforcement, also known as token bucket traffic shaping
- IPv4 type of service (ToS) byte or IPv6 traffic class setting, and mapping to System z® Queued Direct I/O (QDIO) device priorities and VLAN user priorities.
The above DS service attributes are enforced by the TCP/IP stack in which the DS policies are installed. For additional information on the enforcement of these attributes, see z/OS Communications Server: IP Configuration Reference.
- DiffServInProfileRate is the average or mean rate that you want to transmit over time. For example, 256 kilobits per second.
- DiffServInProfileTokenBucket is the burst size. This is how much data is allowed to be sent from the application to TCP/IP and still be allowed to be transmitted at the mean rate. It is suggested, if the application is not policing itself, that this burst size be at least one second's worth of data. Otherwise, if the application is sending large amounts of data at one time to TCP/IP, TCP/IP will slow that application down via congestion windows, and the mean rate may not be achieved.
- DiffServInProfilePeakRate is the highest rate that is allowed to be transmitted for a shorter interval of time. For example, though a customer might want on average only 256 Kb of data per second, they might allow a peak of 512 Kb of data for 1/4 second. The peak rate is used to control the spacing of outbound packets on the transmission line. By having a smaller peak rate, there will be longer spacing between packets, and thus less burstiness of traffic and increased efficiency. Higher peak rates result in shorter spacing and increased burstiness, which can result in lower link usage. However, some applications may require it, such as real time or video data.
- DiffServInProfileMaxPacketSize is the amount of data that will
be policed at the peak cell rate. For example, if the peak rate is
512 Kb per second, and the maximum packet size is 120 Kb, TCP/IP will
allow only about 10 packets of size 1492 bytes to be transmitted every
.23 seconds. Again, if an application is sending large amounts of
data at one time to TCP/IP, TCP/IP will enforce the peak rate, and
anytime more than 10 packets are sent within .25 seconds, TCP/IP will
begin to slow this TCP connection. The peak rate can be achieved over
a longer period of time if the maximum packet size is entered in larger
multiples of packets. However, this will cause greater burstiness
as described above. For example, if the maximum packet size is entered
as 240 Kb, TCP/IP will allow 20 packets in a .23 second range before
enforcing slowdown.
Note that the peak rate cannot be enforced without mean rate policing. However, you can enforce mean rate without peak rate. Also, setting of these parameters depends on the type of applications and the network that carries it.