Steps for avoiding adjacency failures

When two unrestricted stacks running OMPROUTE are attached to a common subnetwork that is neither XCF or IUTSAMEHOST, adjacency errors occur. You can avoid these adjacency failures by preventing OMPROUTE from receiving multicast datagrams from partners with which it cannot communicate.

Perform the following steps to prevent OMPROUTE from receiving multicast datagrams from partners with which it cannot communicate.

1. Create a network security zone named URXCF for all interface addresses in XCF or IUTSAMEHOST networks on unrestricted stacks:
   1. Define a generic SERVAUTH NETACCESS profile for this zone with the following RACF® command:

      RDEFINE SERVAUTH EZB.NETACCESS.*.*.URXCF UACC(READ) SECLABEL(SYSMULTI)

   2. Modify the common NETACCESS profile to define the addresses in this zone:

      NETACCESS
      192.168.10.0/24 URXCF ; xcf subnet perhaps
      10.254.254.0/24 URXCF ; IUTSAMEHOST subnet perhaps
      ENDNETACCESS

2. Create a network security zone named UROTHER for all interface addresses in other network types on other unrestricted stacks:
   1. Define a generic SERVAUTH NETACCESS profile for this zone with the following RACF command:

      RDEFINE SERVAUTH EZB.NETACCESS.*.*.UROTHER UACC(READ) SECLABEL(SYSMULTI)

   2. Prevent the OMPROUTE running for each unrestricted stack from receiving datagrams from this zone with the following RACF command:

      PERMIT EZB.NETACCESS.*.*.UROTHER CLASS(SERVAUTH) ID(ompurid) ACCESS(NONE)

   3. Modify the common NETACCESS profile to define the addresses in this zone:

      NETACCESS
      10.254.1.0/24 UROTHER ; ethernet subnet perhaps
      ENDNETACCESS

3. Create a network security zone named URLOCAL for all interface addresses in other network types on each specific unrestricted stack. OMPROUTE is permitted to use this local interface to connect to adjacent OMPROUTE daemons on adjacent restricted stacks.
   1. Define a generic SERVAUTH NETACCESS profile for this zone with the following RACF command:

      RDEFINE SERVAUTH EZB.NETACCESS.*.*.URLOCAL UACC(READ) SECLABEL(SYSMULTI)

   2. Modify the local NETACCESS profile for each stack to define the local addresses in this zone:

      NETACCESS
      10.254.1.17/32 URLOCAL ; local address in ethernet subnet perhaps
      ENDNETACCESS