z/OS® V2R1 Communications
Server provides the support for IPv6 in a sysplex-wide security association
(SWSA) environment. Sysplex distribution provides better workload
balancing because it performs the following actions:
- Optimally routes new work to the target system and the server
application, based on WLM advice
- Increases the availability of workloads by routing traffic around
failed components
- Increases flexibility by adding additional workload in a nondisruptive
manner
SWSA adds to the sysplex function, distributing the IPSec cryptographic
processing for an IPSec security association (SA) among systems in
a sysplex environment. SWSA also allows workloads with IPSec-protected
traffic to use the dynamic virtual IP address (DVIPA) takeover function.
You can associate IPSec-protected workloads with DVIPAs that can be
recovered by other systems in the case of a failure or planned takeover.
IPSec SAs are automatically reactivated on another system in the sysplex
when a DVIPA takeover occurs.
Restrictions: - All target systems must be at V2R1 or later to distribute workload
for IPv6 traffic that is protected by an SA.
- The backup TCP/IP stack must be on a system that is V2R1 or later
to take over IPSec-protected workloads with IPv6 DVIPAs.
Using the support for IPv6 in a sysplex-wide security
association (SWSA) environment
To use the support for IPv6
in a SWSA environment, perform the appropriate tasks in
Table 1.