A fix is available
APAR status
Closed as program error.
Error description
In some cases, the base IKED throttling logic is over-eager in committing to work.If IKED is flooded with SA requests this can result in excessive retransmissions and replays and increase SA establishment times. The IKED throttling logic is improved to better estimate IKED capacity and avoid over-committing to SA requests.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release 13 IP: IPSec * * * **************************************************************** * PROBLEM DESCRIPTION: IKED overcommitted to doing work which * * it could not handle during a peak CPU * * situation and did not recover well * * once the CPU usage abated. * **************************************************************** * RECOMMENDATION: * **************************************************************** The problem may be summarized as follows: 1. The customer is running with IPSec in their system 2. There is a CPU spike in the system. 3. IKED overcommits to the amount of work that it can do. 4. Even when the CPU usage abates, IKED is still wait behind in its work and RSN=108 is seen in the message log along with excessive replays and retransmissions. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
The following change was made to the IKED code: IKED's throttling code was adjusted to better estimate the ability to complete SAs, and better apply this estimate when deciding to throttle new SA requests. * Cross Reference between External and Internal Names EZAIKA@M (ANCHOR@M) EZAIKA@U (ANCHOR@U) EZAIKABL (ADDRBLOC) EZAIKALF (AH@LF ) EZAIKAMF (AH@MF ) EZAIKANC (ANCHOR ) EZAIKATA (ADDRTABL) EZAIKCON (CONFIG@A) EZAIKDOI (DOI ) EZAIKE@L (ESP@LF ) EZAIKE@M (ESP@MF ) EZAIKENV (ENV ) EZAIKFIN (FW@INITT) EZAIKFWU (FWUTIL2 ) EZAIKGEN (GEN ) EZAIKGNK (GENKEP ) EZAIKICO (IKE@CONF) EZAIKIDO (INET@DOI) EZAIKIKL (IPSECKLE) EZAIKIMA (IPSEC@MA) EZAIKINF (INFOXCHG) EZAIKISB (ISAKMP@B) EZAIKISM (ISAKMP@M) EZAIKISU (ISAKMP@U) EZAIKLAY (LAYOUT ) EZAIKLF (LF ) EZAIKMAT (MATCH ) EZAIKMES (MESSAGE@) EZAIKMSG (MSG ) EZAIKOKC (OAKLEY@C) EZAIKOKI (OAKLEY@I) EZAIKOKK (OAKLEY@K) EZAIKOKL (OAKLEY@L) EZAIKOKM (OAKLEY@M) EZAIKOKP (OAKLEY@P) EZAIKPAR (PARSEATT) EZAIKPII (PHASEII ) EZAIKPKR (PKSIG@RS) EZAIKPKS (PKSIG ) EZAIKPMG (POLICYMG) EZAIKPOL (POLICY ) EZAIKPRE (POLICYRE) EZAIKPRK (PREKEY ) EZAIKPUB (PUBKEY ) EZAIKP1 (PHASE1 ) EZAIKP1@ (P1@DATA@) EZAIKRAD (RADDRBLO) EZAIKREG (REGISTER) EZAIKRET (RETRANS ) EZAIKSA (SA ) EZAIKSAA (SA@ADDR ) EZAIKSMC (SIMPLE@C) EZAIKSMD (SIMPLE@D) EZAIKSMH (SIMPLE@H) EZAIKSMU (SIMPLE@U) EZANSSCT (NSSCORRT)
Temporary fix
Comments
APAR Information
APAR number
PM83079
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1C0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-02-18
Closed date
2013-03-04
Last modified date
2013-08-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK92186
Modules/Macros
ANCHOR EZAICKDM EZAIKA@M EZAIKA@U EZAIKABL EZAIKALF EZAIKAMF EZAIKANC EZAIKATA EZAIKBLK EZAIKCON EZAIKCRG EZAIKCTB EZAIKDOI EZAIKE@L EZAIKE@M EZAIKENV EZAIKFIN EZAIKFWU EZAIKGEN EZAIKGNK EZAIKICO EZAIKIDO EZAIKIKL EZAIKIMA EZAIKINF EZAIKISB EZAIKISM EZAIKISU EZAIKLAY EZAIKLF EZAIKMAT EZAIKMES EZAIKMSG EZAIKOKC EZAIKOKI EZAIKOKK EZAIKOKL EZAIKOKM EZAIKOKP EZAIKPAR EZAIKPII EZAIKPKR EZAIKPKS EZAIKPMG EZAIKPOL EZAIKPRE EZAIKPRK EZAIKPTB EZAIKPUB EZAIKP1 EZAIKP1@ EZAIKRAD EZAIKREG EZAIKRET EZAIKSA EZAIKSAA EZAIKSMC EZAIKSMD EZAIKSMH EZAIKSMU EZAIKTBL EZAI2ARQ EZAI2ARS EZAI2AUX EZAI2CCQ EZAI2CCR EZAI2CCX EZAI2CDI EZAI2CIS EZAI2CSA EZAI2CSE EZAI2CSK EZAI2DOI EZAI2DSA EZAI2ECP EZAI2EXC EZAI2HDR EZAI2IND EZAI2INX EZAI2IRQ EZAI2IRS EZAI2ISA EZAI2IXL EZAI2KEP EZAI2KEQ EZAI2KES EZAI2KRQ EZAI2KRS EZAI2MES EZAI2NRQ EZAI2NRS EZAI2NTP EZAI2PSK EZAI2REQ EZAI2RES EZAI2RXL EZAI2SA EZAI2SAA EZAI2SAK EZAI2SAP EZAI2SAQ EZAI2SAR EZAI2SEC EZAI2SIQ EZAI2SIS EZAI2SIX EZAI2SPR EZAI2STR EZAI2TSQ EZAI2TSS EZAI2XLI EZANSSCT FWUTIL2 IKE@CONF IKESMF I2COMIKH MESSAGE@ SECURASH
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R1D0 PSY UK92186
UP13/04/30 P F304
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1C0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
22 August 2013