A RoutingRule statement
consists of a set of conditions that are compared against the traffic
that is being sent. When a match is found, policy lookup stops and
the traffic is assigned the actions that are associated with the rule.
The rule conditions are as follows:
- IPSourceAddr
- Source IP address or addresses. The source IP address for a TCP
outbound connection, or for a UDP outbound packet, can be influenced
by a number of configuration and application options. For the hierarchy
of ways that the source IP address of an outbound packet is determined,
see Source IP address selection.
For the following source IP address selection methods, a route lookup
is needed to determine the source IP address.
- SOURCEVIPA: Static VIPA address from the HOME list (IPv4 interface
defined with the LINK statement) or from the SOURCEVIPAINTERFACE parameter
(IPv4 or IPv6 interface defined with the INTERFACE statement)
- HOME IP address of the interface over which the packet is sent
Do not use the IpSourceAddr condition as a selector for traffic
that relies on these methods to select its source IP address. At the
time that the route lookup is performed, the source IP address is
not yet selected.
- IPDestAddr
- Destination IP address or addresses.
- SourcePortRange
- Source port or ports.
- DestinationPortRange
- Destination port or ports.
- Protocol
- TCP or UDP.
- Jobname
- Job name of the sending application or wildcard job name.
- SecurityZone
- NetAccess security zone that outbound traffic must match. The
outbound traffic destination IP address is used to determine the NetAccess
security zone in the NetAccess table that is defined in the TCP/IP
profile. For more information about network access control and the NETACCESS TCP/IP profile statement, see z/OS Communications Server: IP Configuration
Reference.
- SecurityLabel
- Multilevel secure networking security label of the NetAccess security
zone that outbound traffic must match. The outbound traffic destination
IP address is used to determine the NetAccess security zone of the
packet in the NetAccess table that is defined in the TCP/IP profile.
The security label is the label that is associated with the NetAccess
zone. For more information, see Preparing for IP networking in a multilevel secure environment.
If a condition is not specified, that condition is not considered
when the rule and the traffic are compared for a match. You can specify
multiple values for the conditions, either directly in the condition
or as a referenced group.
Each RoutingRule statement can also have a priority. Priority values
can be integers in the range 1 – 2000000000; 2000000000 is the
highest priority. When assigning priorities, skip some values to accommodate
future rule insertion between existing rules.
If traffic does not map to any of the active routing rules, the
IP layer routes traffic by searching the main route table.
Tip: If traffic can map to more than one rule, always
use priority and leave priority space between rules.
A RoutingRule statement must reference an action by using the RoutingActionRef
parameter. The RoutingActionRef parameter includes the name of a globally
defined RoutingAction statement.