A fix is available
APAR status
Closed as program error.
Error description
Currently, when a request is made for an ephemeral port, TCPIP will check a small subset of available ports. If no ports are located, TCPIP increases the subset to the entire range of ports. It then begins searching from the beginning instead of from where it left off previously. This can cause a rapid reuse of low numbered ports. While this is not normally a problem, environments where a high volume of connections are being made to the same host may experience errors. This is the product of reusing a port when the remote host still has that port allocated to a connection in the timewait state. While the errors resulting from this condition may vary by application, an example of this error when using FTP is as follows: 425 Can't build data connection: Address already in use. EZA1735I Std Return Code = 27425, Error Code = 00002
Local fix
Typically, re-running the task that is using the ports will resolve the problem.
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 7, 8, 9 and 10 * * IP * **************************************************************** * PROBLEM DESCRIPTION: A connection fails because the * * ephemeral port attempting to be used * * is still in use with another * * connection in timewait state. * **************************************************************** * RECOMMENDATION: * **************************************************************** TCPIP tends to select an ephemeral port within a limited range beginning at 1025. For short lived connections this tends to cause recently freed ports to be quickly reused for a new connection. The new connection partner may still have the port associated with the previous connection in timewait. This will cause the connection to fail with an indication that the address is in use. For example FTP may indicate: 425 Can't build data connection: Address already in use. This problem is more likely to occur between a FTP client on z/OS and an FTP server, because the FTP client obtains the ephemeral port and passes it to the FTP server. The FTP server may have the clients ephemeral port in timewait for 2 times Maximum Segment Lifetime (MSL). MSL can vary by TCP platform. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
TCPIP has been modified to incrementally assign ephemeral ports throughout the full port range of 1025 to 65535. By using the full range it is less likely that a port associated with a previous session will be in timewait at the connection partner. **************************************************************** * FUNCTION AFFECTED: Communications Server TCP/IP (PK66387) * * Firewall * **************************************************************** * DESCRIPTION : Update security definition * **************************************************************** * TIMING : Pre-APPLY * **************************************************************** This APAR changes the assignment of ephemeral ports such that the full range of available port values will be used, before an available port is reused. If you have security definitions in your network that restrict valid ephemeral ports to a narrow range, they will need to be changed to allow the full range of ephemeral ports. * Cross Reference between External and Internal Names
Temporary fix
Comments
APAR Information
APAR number
PK66387
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
170
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2008-05-20
Closed date
2008-06-18
Last modified date
2008-08-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK37464 UK37465 UK37463 UK37466
Modules/Macros
EZBTCNET TOTCPDS
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R1A0 PSY UK37463
UP08/07/18 P F807
R170 PSY UK37464
UP08/07/18 P F807
R180 PSY UK37465
UP08/07/18 P F807
R190 PSY UK37466
UP08/07/18 P F807
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"170","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"170","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 August 2008