OMPROUTE is a multiprotocol routing daemon capable of handling both OSPF and RIP interfaces concurrently.
If policy-based routing is used on the TCP/IP stack and the routing policy is configured with dynamic routing parameters, you do not need to provide additional configuration to OMPROUTE for dynamic routing support to be provided for the policy-based route tables. The dynamic routing parameters specified in the routing policy are provided to OMPROUTE by the TCP/IP stack to control the scope of dynamic routes computed by OMPROUTE. For a description of this function, see Policy-based routing.
If policy-based routing is used on the TCP/IP stack and a route table is configured to the Policy Agent with no dynamic routing parameters, OMPROUTE has no knowledge of that route table. For example, the route table does not appear in the display of OMPROUTE route tables.
Perform the following steps to configure OMPROUTE:
A sample configuration file is provided in SEZAINST(EZAORCFG). The configuration files for TCPCS4, TCPCS6, TCPCS7, and TCPCS64 in the sample network are shown in Sample OMPROUTE configuration files. For a description of the syntax rules for the OMPROUTE configuration file and details on each of the configuration statements, see z/OS Communications Server: IP Configuration Reference.
PORT
520 UDP OMPROUTE
521 UDP OMPROUTE
PORT
520 UDP OMVS
521 UDP OMVS
If a procedure in the AUTOLOG list also has a PORT statement reserving a TCP or UDP port but does not have a listening connection on that port, TCP/IP periodically attempts to cancel that procedure and start it again.
Therefore, if OMPROUTE is being started with AUTOLOG and only the OSPF or IPv6 OSPF protocol is being used (no RIP or IPv6 RIP protocol, so no listening connection on the RIP or IPv6 RIP UDP port), it is important to take one of the following actions:
PORT
520 UDP OMPROUTE NOAUTOLOG
521 UDP OMPROUTE NOAUTOLOG
If you fail to take one of these actions, OMPROUTE will be periodically canceled and restarted by TCP/IP.
For a description of the search order used by the resolver to locate the resolver configuration file, see Resolver configuration files.
//*
//* TCP/IP for MVS
//* SMP/E Distribution Name: EZBORPRC
//*
//* 5650-ZOS Copyright IBM Corp. 1998, 2013
//* Licensed Materials - Property of IBM
//* This product contains "Restricted Materials of IBM"
//* All rights reserved.
//* US Government Users Restricted Rights -
//* Use, duplication or disclosure restricted by
//* GSA ADP Schedule Contract with IBM Corp.
//* See IBM Copyright Instructions.
//*
//OMPROUTE PROC
//OMPROUTE EXEC PGM=OMPROUTE,REGION=10M,TIME=NOLIMIT,
// PARM=('ENVAR("_CEE_ENVFILE_S=DD:STDENV")/')
//*
//* Example of start parameters to OMPROUTE:
//*
//* PARM=('ENVAR("_CEE_ENVFILE_S=DD:STDENV")/-t1 -6t1')
//*
//* Provide environment variables to run with the
//* desired stack and configuration. As an example,
//* the file specified by STDENV could have these
//* lines in it:
//*
//* RESOLVER_CONFIG=//'SYS1.TCPPARMS(TCPDATA2)'
//* OMPROUTE_FILE=/u/usernnn/config.tcpcs2
//* OMPROUTE_DEBUG_FILE=/tmp/logs/omproute.debug
//* OMPROUTE_IPV6_DEBUG_FILE=/tmp/logs/omprout6.debug
//* OMPROUTE_DEBUG_FILE_CONTROL=1000,5
//*
//* For information on the above environment variables,
//* refer to the IP CONFIGURATION GUIDE.
//*
//* If you want to include comments in the data set or
//* z/OS UNIX file, specify the _CEE_ENVFILE_COMMENT
//* environment variable as the first environment variable
//* in the data set or file. The value specified for
//* the _CEE_ENVFILE_COMMENT variable is the comment character.
//* For example, if you want to use the semicolon sign, ;, as
//* the comment character, specify this as the first
//* statement:
//* _CEE_ENVFILE_COMMENT=;
//*
//STDENV DD PATH='/u/usernnn/envcs2',
// PATHOPTS=(ORDONLY)
//*
//* The stdout stream may be redirected to a HFS file as
//* shown below.
//* The PATHOPTS OTRUNC option will clear the stdout file
//* every time OMPROUTE is started. If you want to retain
//* previous stdout information, change it to OAPPEND.
//*
//SYSPRINT DD SYSOUT=*
//*SYSPRINT DD PATH='/tmp/omproute.stdout',
//* PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//* PATHMODE=(SIRUSR,SIWUSR,SIRGRP,SIWGRP)
//*
//* The stderr stream may be redirected to a HFS file as
//* shown below.
//* The PATHOPTS OTRUNC option will clear the stderr file
//* every time OMPROUTE is started. If you want to retain
//* previous stderr information, change it to OAPPEND.
//*
//SYSOUT DD SYSOUT=*
//*SYSOUT DD PATH='/tmp/omproute.stderr',
//* PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//* PATHMODE=(SIRUSR,SIWUSR,SIRGRP,SIWGRP)
//*
//CEEDUMP DD SYSOUT=*,DCB=(RECFM=FB,LRECL=132,BLKSIZE=132)
route 520/udp router omproute
route 521/udp ipv6rip ripng
The file must exist for the RIP and IPv6 RIP protocols of OMPROUTE to operate.
For a description of the search order used to locate the services file, see Configuration files for TCP/IP applications.
RDEFINE OPERCMDS (MVS.ROUTEMGR.OMPROUTE) UACC(NONE)
PERMIT MVS.ROUTEMGR.OMPROUTE ACCESS(CONTROL) CLASS(OPERCMDS) ID(userid)
SETROPTS RACLIST(OPERCMDS) REFRESH
For more information on using this environment variable, see OMPROUTE parameters.
OMPROUTE_DEBUG_FILE_CONTROL=<size of file>,<num of files>
The default values for <size of file> and <num of files> are 200 (KB) and 5 respectively. In general, these values are sufficient for most installations.
If OMPROUTE_DEBUG_FILE and OMPROUTE_IPV6_DEBUG_FILE are both specified with different output destinations, the values specified on the OMPROUTE_DEBUG_FILE_CONTROL variable will apply to both the IPv4 debug files and the IPv6 debug files. The total number of files created in this environment would be <num of files> multiplied by 2.
For more information on using this environment variable, see OMPROUTE parameters.
During initialization, OMPROUTE learns of static routes by reading the internal routing table set up by TCP/IP. If static routes are changed during execution by VARY TCPIP,,OBEYFILE command processing, OMPROUTE is dynamically notified of the changes by TCP/IP. OMPROUTE will advertise active static routes to other routers if allowed by configuration (for example, the IMPORT_STATIC_ROUTES parameter of the AS_BOUNDARY_ROUTING or IPV6_AS_BOUNDARY_ROUTING configuration statements).
Static routes can be defined as replaceable or nonreplaceable, with nonreplaceable being the default.
A nonreplaceable static route cannot be replaced or modified by OMPROUTE, even if a better dynamic route can be learned and even if the static route is not actually available (but a static route that is not available will not be advertised by OMPROUTE). Because of this, the use of nonreplaceable static routes with OMPROUTE is not recommended unless it is to provide routing over an interface over which no routing protocol is being communicated.
A replaceable static route will be replaced by OMPROUTE if it dynamically learns a route to the destination. Any dynamically learned route will be considered more desirable than a replaceable static route. A replaceable static route should be considered as a last resort route, to be used by TCP/IP when no dynamic route to a destination can be found.
For detailed information, see Use of static routing with OMPROUTE.
Virtual links behave similarly to interfaces for authentication purposes. By default, a virtual link uses the same type of authentication that is specified for the backbone area unless overridden on the VIRTUAL_LINK configuration statement. When the authentication type is not NONE, the value of the authentication key must be specified on the VIRTUAL_LINK configuration statement. There is no requirement for a virtual link to have the same authentication key value as its underlying real interface.
OSPF authentication does not protect the contents of an OSPF packet. These packets are not encrypted. However, it does provide verification that the packet is genuine.
There are two methods of IPv4 OSPF authentication, password and MD5 cryptographic.
Password authentication is very basic: an 8-byte password is appended to all OSPF packets and sent in the clear with the rest of the packet. If the sent password matches that defined by the packet receiver, the packet is accepted.
MD5 authentication is more sophisticated. The combination of the OSPF packet and the MD5 key is summarized into a 16-byte message digest, which is appended to the packet and sent. The keys are never sent, only the message digests. The receiver then attempts to re-create the message digest from the combination of its defined key and the OSPF packet. If the digest is successfully re-created, the packet is accepted; otherwise it is rejected. MD5 authentication also contains a monotonic increasing counter to protect against replay attacks.
If MD5 cryptographic authentication is being used, a 16-byte MD5 key must be defined on the OSPF_INTERFACE configuration statement. This key is defined as a hexadecimal string and may be obtained in several ways. One method for obtaining MD5 keys is provided in the pwtokey utility, which converts a password into an MD5 key. This UNIX System Services utility implements the algorithm defined in RFC 3414, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3). Because OSPF does not support localization of keys, it is necessary only to provide a password to this utility to generate a single, 16-byte key. If multiple sites have this utility, MD5 keys can easily be generated from passwords, which are easier to remember and communicate than 16-byte hexadecimal strings.