How does zERT aggregation determine the server port?
For most server applications, determining the server port is simple: it is the port that the server is listening on for new TCP connection requests. For FTP processing, however, there are some complications to that simple scheme.
- For IPv4 active data connections, meaning those that are not firewall-friendly, the connections are initiated outbound from the FTP server to the FTP client. In this case, even though outbound connections are typically considered to indicate a client connecting outbound to a server, the zERT aggregation function recognizes these outbound connections as server-side connections. For typical FTP servers that listen on port 21, these data connections are aggregated using server-side port 20.
- For IPv4 passive data connections, meaning those that are firewall-friendly, or for all IPv6 data connections, the connections are initiated outbound from the FTP client to the FTP server using an ephemeral server port that was previously provided to the client. The z/OS® FTP server can be
configured, using the PASSIVEDATAPORTS parameter, to limit the ephemeral server
port value to a specific range of values. When PASSIVEDATAPORTS is in use:
- At the FTP server, all inbound data connections using a port within the
configured port range are aggregated into a single aggregation record. When the aggregation record is written as an SMF record, the SMF record reports a
starting and ending server port range that matches the active PASSIVEDATAPORTS definition.Results: If multiple FTP servers (for instance, ports 21 and 621) operate at the same server IP address, and one or more FTP servers use the same PASSIVEDATAPORTS range for their data connections, the data connections to the FTP servers with the same PASSIVEDATAPORTS range are aggregated into the same zERT summary SMF record, assuming all other aggregation criteria is the same for the connections. If you want separate zERT summary records for the data connections for the different FTP servers, specify a different PASSIVEDATAPORTS range for each individual FTP server.
- At the FTP client, the use of PASSIVEDATAPORTS by the server to assign the
ephemeral port is unknown, so all FTP data connections are aggregated into a single aggregation record. When the aggregation record is written as
an SMF record, the SMF record reports a starting and ending server port range equal to the entire ephemeral port range (1024-65535). Results: If clients connect to multiple FTP servers (for instance, ports 21 and 621) at the same server IP address, all the data connections to the multiple FTP servers are aggregated into the same zERT summary SMF record, assuming all other aggregation criteria is the same for the connections.
- At the FTP server, all inbound data connections using a port within the
configured port range are aggregated into a single aggregation record. When the aggregation record is written as an SMF record, the SMF record reports a
starting and ending server port range that matches the active PASSIVEDATAPORTS definition.