Policies for Differentiated Services (DS) are used to select and
control DS traffic for selected IP servers, such as FTP server traffic.
The policy administrator selects the IP traffic to be controlled
by defining policy rules. These policy rules include several attributes
that can be specified to identify the traffic to be managed. These
attributes fall into 2 categories, general attributes and application
specified attributes. General attributes can be used to identify
the IP traffic of most IP applications using a variety of information,
such as:
- The source or destination IPv4 or IPv6 addresses or subnets
- The source and destination ports used by the application
- The IP protocol the application is using (TCP or UDP)
- The network interface selected for the outgoing traffic
- The jobname of the application
Application specified attributes allow policy administrators to
identify outgoing application IP traffic based on information that
is provided and defined by an application. For example, the IBM® HTTP Server provides the TCP/IP
stack with the URI (Universal Resource Identifier) associated with
any outgoing data being sent to a client. This allows the policy
administrator to define rules that identify traffic related to specific
URIs and policy actions with unique DS controls for this traffic.
For example, an installation can define a policy that specifies preferential
treatment of outgoing traffic related to the servicing of any URIs
beginning with /product/placeorder. For more
information on defining policy rules for the IBM HTTP Server based on URIs, see z/OS HTTP Server Planning, Installing, and Using and the policy configuration file topic in z/OS Communications Server: IP Configuration
Reference.
Any IP application using the TCP protocol can provide application
specified attributes using extensions to the sendmsg() socket API.
For more information, see the
programming interfaces appendix in the
z/OS Communications Server: IP Programmer's Guide
and Reference. Application provided attributes can be
specified in 2 forms:
- Application defined data: This allows applications to provide
free-form text data that can be used to classify the application's
outgoing traffic in terms that should be familiar to the application's
administrator (for example, URIs are provided by the IBM HTTP server).
- Application specified priority: This allows applications to associate
an application priority on the outgoing IP traffic. This application
priority in itself does not automatically cause the application's
traffic to get preferential treatment. In order to make use of these
application specified priorities the policy administrator needs to
define policy rules that map these priorities to policy actions that
will govern the outgoing traffic of each priority level.
Applications can pass both application defined data and application
specified priorities to the TCP/IP stack. When both are specified,
the administrator is free to use either or both criteria in their
service policy rules. However, it is strongly recommended that any
policy rules defined using the application specified attributes should
also include at least one general attribute that uniquely identifies
the application instance. For example, when defining rules for the
HTTP server using URIs, you can help further identify the application
by specifying the source port for the server or the HTTP Server's
jobname. This will help ensure that unauthorized applications cannot
exploit policy actions intended for the HTTP Server.
Several aspects of connection and throughput control can be specified
with DS policies, including the following specifications:
- TCP connection limits
- Maximum and minimum TCP connection rates, TCP maximum delay
- Committed access bandwidth (mean rate and peak rate) control/enforcement,
also known as token bucket traffic shaping
- IPv4 type of service (ToS) byte or IPv6 traffic class setting,
and mapping to System z® Queued
Direct I/O (QDIO) device priorities and VLAN user priorities.
The above DS service attributes are enforced by the TCP/IP stack
in which the DS policies are installed. For additional information
on the enforcement
of these attributes, see z/OS Communications Server: IP Configuration
Reference.
Token bucket traffic shaping is defined using the following parameters:
- DiffServInProfileRate is the average or mean rate that you want
to transmit over time. For example, 256 kilobits per second.
- DiffServInProfileTokenBucket is the burst size. This
is how much data is allowed to be sent from the application to TCP/IP
and still be allowed to be transmitted at the mean rate. It is suggested,
if the application is not policing itself, that this burst size be
at least one second's worth of data. Otherwise, if the application
is sending large amounts of data at one time to TCP/IP, TCP/IP will
slow that application down via congestion windows, and the mean rate
may not be achieved.
- DiffServInProfilePeakRate is the highest rate that is allowed
to be transmitted for a shorter interval of time. For example, though
a customer might want on average only 256 Kb of data per second, they
might allow a peak of 512 Kb of data for 1/4 second. The peak rate
is used to control the spacing of outbound packets on the transmission
line. By having a smaller peak rate, there will be longer spacing
between packets, and thus less burstiness of traffic and increased
efficiency. Higher peak rates result in shorter spacing and increased
burstiness, which can result in lower link usage. However, some applications
may require it, such as real time or video data.
- DiffServInProfileMaxPacketSize is the amount of data that will
be policed at the peak cell rate. For example, if the peak rate is
512 Kb per second, and the maximum packet size is 120 Kb, TCP/IP will
allow only about 10 packets of size 1492 bytes to be transmitted every
.23 seconds. Again, if an application is sending large amounts of
data at one time to TCP/IP, TCP/IP will enforce the peak rate, and
anytime more than 10 packets are sent within .25 seconds, TCP/IP will
begin to slow this TCP connection. The peak rate can be achieved over
a longer period of time if the maximum packet size is entered in larger
multiples of packets. However, this will cause greater burstiness
as described above. For example, if the maximum packet size is entered
as 240 Kb, TCP/IP will allow 20 packets in a .23 second range before
enforcing slowdown.
Note that the peak rate cannot be enforced
without mean rate policing. However, you can enforce mean rate without
peak rate. Also, setting of these parameters depends on the type of
applications and the network that carries it.