Use the PolicyAction statement to specify the type of service a flow of IP packets (for example, from a TCP connection, or UDP data) should receive end-to-end as they traverse the network. PolicyAction can be repeated with each having a different name so that they can be referenced later.
This statement defines a Version 2 policy action.
>>-PolicyAction--name--| Place Braces and Parameters on Separate Lines |->< Place Braces and Parameters on Separate Lines |--+-{---------------------------+------------------------------| +-| PolicyAction Parameters |-+ '-}---------------------------' PolicyAction Parameters .-PolicyScope --Both-----------. |--+------------------------------+-----------------------------> '-PolicyScope--+-DataTraffic-+-' +-RSVP--------+ '-Both--------' >--+---------------------------------+--+----------------+------> | .-----------------------------. | '-MaxRate --Kbps-' | V | | '---OutboundInterface --address-+-' .-OutgoingTOS --0-. >--+----------------+--+-----------------+----------------------> '-MinRate --Kbps-' '-OutgoingTOS --n-' >--+-------------------------+--+------------------------+------> '-MaxDelay --milliseconds-' '-MaxConnections --value-' .-FlowServiceType --ControlledLoad----. >--+-------------------------------------+----------------------> '-FlowServiceType--+-ControlledLoad-+-' '-Guaranteed-----' >--+-----------------------+------------------------------------> '-MaxRatePerFlow --Kbps-' >--+------------------------------+--+--------------+-----------> '-MaxTokenBucketPerFlow --Kbps-' '-MaxFlows --n-' .-Permission --Allowed----. >--+-------------------------+----------------------------------> '-Permission--+-Allowed-+-' '-Blocked-' >--+------------------------------+-----------------------------> '-DiffServInProfileRate --Kbps-' >--+----------------------------------+-------------------------> '-DiffServInProfilePeakRate --Kbps-' .-DiffServInProfileTokenBucket --100-. >--+------------------------------------+-----------------------> '-DiffServInProfileTokenBucket --Kb--' >--+---------------------------------------+--------------------> '-DiffServInProfileMaxPacketSize --Kbps-' .-DiffServExcessTrafficTreatment --BestEffort----. >--+------------------------------------------------+-----------> '-DiffServExcessTrafficTreatment--+-Drop-------+-' '-BestEffort-' .-DiffServOutProfileTransmittedTOSByte --0-. >--+------------------------------------------+-----------------| '-DiffServOutProfileTransmittedTOSByte --n-'
When the scope value is specified as Both, both RSVP and DataTraffic attributes can be specified, but the attributes are only applied to the appropriate scope.
This attribute selects the DXCF interfaces that are available for the incoming connection request that maps to this policy. You can specify IPv4 and IPv6 addresses. You can specify up to 32 instances of this attribute. The value 0 for IPv4 or :: for IPv6 can be specified for the interface, which indicates to the sysplex distributor distributing stack that if it cannot distribute the request to a target stack on one of the other specified interfaces, then the request can be distributed to any of the other eligible target stacks.
For example, suppose 5 target stacks are defined by VIPADIST statements (1.1.1.1 - 5.5.5.5), and 3 interfaces are defined using the OutboundInterface attribute (1.1.1.1, 2.2.2.2, and 0.0.0.0). If an incoming request cannot be distributed to either 1.1.1.1 or 2.2.2.2, then the specification of the 0 interface indicates that the request should be distributed to any of the remaining stacks (3.3.3.3 - 5.5.5.5) that are eligible to service the request. The PolicyScope attribute must specify either DataTraffic or Both to define interfaces using this attribute.
Result: If OutboundInterface specifies only one type of address (IPv4 or IPv6), then inbound connections of the other type is distributed to all available targets. For example, if only IPv6 addresses are specified for OutboundInterface, then incoming connections to IPv4 DVIPAs are not restricted by OutboundInterface; instead, they are distributed to all available IPv4 targets.
Tip: An outbound packet with a ToS or Traffic Class value that consists of zeros enables prioritizing outbound OSA-Express data using the WorkLoad Manager service class importance level. This function is enabled with the WLMPriorityQ parameter. For more information about Workload Manager provided-priorities, see prioritizing outbound OSA-Express data using the WorkLoad Manager service class importance level in z/OS Communications Server: IP Configuration Guide. When WLMPriorityQ is enabled, specify an OutgoingTOS value other than 0 if you want to prevent the assignment of QDIO priority based on the WorkLoad Manager service class importance level.
Result: This parameter is no longer supported and is ignored.
Restriction: This attribute only affects new connection requests, not already active connections. For example, if a policy is activated that limits the maximum number of connections to 10, but 15 connections already existed for traffic that maps to the policy rule, then only 10 of the existing connections are mapped to the policy and no new connections are accepted. However, the five other existing connections over the limit remain active and unmapped by the policy.
Guideline: This parameter is specified in kilobits per second, while the Tspec and Rspec use bytes per second. To arrive at a compatible specification, multiply the desired Tspec or Rspec value by 8, then divide by 1000. For example, to specify a Tspec r value of 500000 bytes per second, specify a MaxRatePerFlow value of 4000 (500000 * 8 / 1000 = 4000).
The default for this parameter is a system defined maximum.
Guideline: This parameter is specified in kilobits, while the Tspec uses bytes. To arrive at a compatible specification, multiply the desired Tspec value by 8, then divide by 1000. For example, to specify a Tspec b value of 75000 bytes, specify a MaxTokenBucketPerFlow value of 600 (75000 * 8 / 1000 = 600).
The default for this parameter is a system defined maximum.
Unlike MaxRate/MinRate, which applies on a per TCP connection basis, these DiffServ parameters apply to aggregated flows (multiple TCP connections can be mapped to a single policy action). Also, it is important to note that when DiffServ parameters are enforced against TCP traffic, the TCP minimum rate determines whether the DiffServ parameters are enforceable, as described in the attribute MaxRate. This is due to an optimization provision where TCP is forced to slow down when it attempts to send beyond the committed bandwidth specified with DiffServ parameters in the policy action with DiffServExcessTrafficTreatment specified as Drop. TCP cannot slow down beyond the TCP minimum rate, even if a violation occurs.
This rate that is used to generate tokens in the token bucket traffic policing mechanism, but it is not necessarily the user/application generated traffic rate.
If this attribute is a nonzero value, the DiffServInProfileTokenBucket value must also be nonzero.Guideline: This parameter is used by a token bucket mechanism to control the outbound traffic.
A token bucket mechanism used this parameter to control the outbound traffic.
A token bucket mechanism used this parameter to control the outbound traffic.
Guideline: Due to blocking in z/OS® Communications Server, multiple packets tend to be sent back to back. If the maximum packet size is set to the size of one packet, traffic exceeds the peak rate, and those packets are sent as out of profile packets (either with a different ToS or Traffic Class value or dropped) if peak rate enforcement is in effect. To prevent this, the attribute must be set in multiples of the maximum packet size or equal to the token bucket size.
When the DiffServExcessTrafficTreatment is Drop and the corresponding policy is defined for TCP traffic, z/OS Communications Server optimizes performance by simulating the TCP packet drop and reducing the TCP transmit rate in order to force the outbound traffic to conform to the policy defined bandwidth. This means that the TCP packets that result in excess traffic are transmitted, but the corresponding TCP connections are forced to slow down immediately (by half, which is the TCP behavior under packet loss). This helps avoid retransmissions and prevents further excess traffic. If the policy is defined for UDP, because there is no slowdown mechanism in UDP as in TCP, excess traffic is discarded as specified in the policy definition.
When the DiffServExcessTrafficTreatment is BestEffort, the excess packets are still sent; however, they are sent with the ToS or Traffic Class value specified on DiffServOutProfileTransmittedTOSByte.
The normal in profile ToS or Traffic Class value comes from the current OutgoingTOS attribute. This value is specified as a string of eight 1s and 0s. The default is 00000000.
Tip: An outbound packet with a ToS or Traffic Class value that consists of zeros enables prioritizing outbound OSA-Express data using the WorkLoad Manager service class importance level. This function is enabled with the WLMPriorityQ parameter. For more information about Workload Manager provided-priorities, see prioritizing outbound OSA-Express data using the WorkLoad Manager service class importance level in z/OS Communications Server: IP Configuration Guide. When WLMPriorityQ is enabled, specify a DiffServOutProfileTransmittedTOSByte value othle er than 0 if you want to prevent the assignment of QDIO priority based on the WorkLoad Manager service class importance level.
Table 1 provides a mapping of PolicyAction statement parameters to LDAP object classes and attributes.
PolicyAction statement parameter | Object class | LDAP attribute |
---|---|---|
DiffServExcessTraffic Treatment | ibm-serviceCategoriesAuxClass | ibm-diffServExcessTrafficTreatment |
DiffServInProfile MaxPacketSize | ibm-serviceCategoriesAuxClass | ibm-diffServInProfileMaxPacketSize |
DiffServInProfile PeakRate | ibm-serviceCategoriesAuxClass | ibm-diffServInProfilePeakRate |
DiffServInProfile TokenBucket | ibm-serviceCategoriesAuxClass | ibm-diffServInProfileTokenBucket |
DiffServInProfileRate | ibm-serviceCategoriesAuxClass | ibm-diffServInProfileRate |
DiffServOutProfile TransmittedTOSByte | ibm-serviceCategoriesAuxClass | ibm-diffServOutProfileTransmittedTOSByte |
FlowServiceType | ibm-serviceCategoriesAuxClass | ibm-flowServiceType |
MaxConnections | ibm-serviceCategoriesAuxClass | ibm-maxConnections |
MaxDelay | ibm-serviceCategoriesAuxClass | ibm-maxDelay |
MaxFlows | ibm-serviceCategoriesAuxClass | ibm-maxFlows |
MaxRate | ibm-serviceCategoriesAuxClass | ibm-maxRate |
MaxRatePerFlow | ibm-serviceCategoriesAuxClass | ibm-maxRatePerFlow |
MaxTokenBucketPerFlow | ibm-serviceCategoriesAuxClass | ibm-maxTokenBucketPerFlow |
MinRate | ibm-serviceCategoriesAuxClass | ibm-minRate |
OutboundInterface | ibm-serviceCategoriesAuxClass | ibm-interface |
OutgoingTOS | ibm-serviceCategoriesAuxClass | ibm-outgoingTOS |
Permission | ibm-serviceCategoriesAuxClass | ibm-Permission |
PolicyScope | ibm-serviceCategoriesAuxClass | ibm-policyScope |
For an example of the PolicyAction statement, see /usr/lpp/tcpip/samples/pagent.conf.