PM91713: STORAGE GROWTH IN TCPIP PRIVATE SUBPOOL 249 KEY6

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Storage growth in TCPIP private in subpool 249 key6. The
    storage growth occurs when UDP EE traffic on demand VPN
    creation fails.
    
    Verification steps:
    
    orphaned storage looks similar to this:
    
    89C7ECB5   ADF1E062   00000270   06F91117   | iG...1\......9..
    00000000   7E5A7390   00030000   CB89C7EC   | ....=!.......iG.
    BB0D8C29   04C8F0C1   00000000   00000000   | .....H0A........
    00000000   04C8F041   00000000   00000000   | .....H0.........
    00000000   11800000   2EE02EE0   00000000   | .........\.\....
    00442429   04C8F0C1   FFFFFFFF   04C8F041   | .....H0A.....H0.
    FFFFFFFF   2EE00011   2EE00001   00E80000   | .....\...\...Y..
    00000000   00007AC9   D7E28583   6DC4A895   | ......:IPSec_Dyn
    6DC5E2D7   6DE2C8C1   6DC1C5E2   6DD7C6E2   | _ESP_SHA_AES_PFS
    7DC8D3EF. LENGTH(X'20')--All bytes contain X'00'
    00000000   00000000   02000000   7DC8D420   | ............'HM. |
    7DC8D41F. LENGTH(X'20')--All bytes contain X'00'
    C0000000   2EE42EE4   00000000   D4E3F0F0   | {....U.U....MT00 |
    60D4E9F0   F0A1F700   00000000   00000000   | -MZ00~7......... |
    7DC8D44F. LENGTH(X'10')--All bytes contain X'00'
    00000000   F1000000   00000000   00000000   | ....1........... |
    
    offset 4 is the address of the storage requestor module, which
    will be EZAFPCKT.  Offset x'1c' - 20' is the timestamp that the
    storage was obtained.
    
    SYSOMVS exception ctrace shows IOCTL issued from the IKED
    address with the following failures:
    
    FCN...w_ioctl  SYSCALL...BPX1IOC  PID...0306001E
    MT81      SYSCALL   0F080002  10:04:44.267317  STANDARD SYSCALL
    EXIT TRACE
         ASID..0257      USERID....Q100409   STACK@....31937118
         TCB...008CFD90  EUID......00000000  PID.......0306001E
    +0000  0000001D  00000000  D1C3E2E2  80000000
    +0010  04040002  00000000  FFFFFFFF  00000079
    +0020  778F00A9                                | ...z
    
    einval errno x'79 and
    ReasonCode: 778F00A9
    Module: EZBISEVT  ErrnoJr: 169 JRINVALIDPARMS
    Description: An incorrect combination of parameters was
    specified
    
    Also the following messages may be logged in syslogd related to
    Dynamic on-demand VPN creation failures:
    
    EZD0917I Could not find applicable KeyExchangeRule - LocalIp :
    EZD1794I Local activation of a dynamic tunnel failed for UDP(17)
    EZD0984I IKE function 0875 isakmp_anchor::ureq_ond_ioctl_handler
    
    Additional Symptom(s) Search Keyword(s): TCPIP Private subpool
    249 key6, IKED high CPU using EE VPNs, EE SA refresh intervals
    are occurring too often
    

Local fix

  • recycle TCPIP
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of the IBM Communications Server   *
    *                 for z/OS Version 1 Release(s) 12 and 13 IP:  *
    *                 Enterprise Extender and IP Security          *
    ****************************************************************
    * PROBLEM DESCRIPTION: Various symptoms after application of:  *
    *                      OA40347/UA66722 - R1D0                  *
    *                      OA41280/UA67884 - R1C0                  *
    *                                                              *
    *                      Incorrect IP routes were taken for      *
    *                      some EE datagrams over port 12000.      *
    *                      This may lead to unexpected connection  *
    *                      disconnects or the inability to         *
    *                      establish a connection.                 *
    *                                                              *
    *                      Storage growth in TCPIP private in      *
    *                      subpool 249 key6. The storage growth    *
    *                      occurs when a failure occurs trying to  *
    *                      establish a dynamic on-demand VPN       *
    *                      for EE traffic enabled for IPSEC.       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Enterprise Extender (EE) storge leak of TCP/IP private
    subpool 249 key 6. Occurs for IPSec on demand VPN failure
    for EE UDP traffic.
    
    
    The storage leak occurs when EE control signals are
    simultaneously being transmitted to multiple remote EE endpoints
    and a failure is detected on the creation of IPSec on demand VP
    VPN tunnel. The failure of this tunnel is due to TCP/IP not
    expecting EE control signals destined to multiple destinations
    on a single invocation and therefore not obtaining appropriate
    routing information.
    +-------------------------------------------------------------+
    + Please check our Communications Server for OS/390 homepages +
    + for common networking tips and fixes.  The URL for these    +
    + homepages can be found in Informational APAR II11334.       +
    +-------------------------------------------------------------+
    

Problem conclusion

  • EZBUDBYP has been amended to appropriately handle chained
    IUTILs that are not all associated with the same route.
    Additionally EZBISEVT was modified to free the event element
    for VPN tunnel creation failure with a reason TUNNEL_OND_FAIL.
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    * Cross Reference between External and Internal Names
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM91713

  • Reported component name

    TCP/IP V3 MVS

  • Reported component ID

    5655HAL00

  • Reported release

    1C0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-06-24

  • Closed date

    2013-08-06

  • Last modified date

    2013-10-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PM94671 UK96483 UK96484

Modules/Macros

  •    EZBISEVT EZBUDBYP
    

Fix information

  • Fixed component name

    TCP/IP V3 MVS

  • Fixed component ID

    5655HAL00

Applicable component levels

  • R1C0 PSY UK96483

       UP13/09/06 P F309

  • R1D0 PSY UK96484

       UP13/09/06 P F309

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

z/OS family

Software version:

1C0

Operating system(s):

z/OS

Reference #:

PM91713

Modified date:

2013-10-04

Translate my page

Machine Translation

Content navigation