Figure 1 shows a portion of the sample configuration file for the TCP/IP address space, PROFILE.TCPIP. This sample can be copied from SEZAINST(SAMPPROF). Figure 1 includes the portion of the sample that shows how to set up TCP/IP operating characteristics. Descriptions for the statements follow Figure 1.
; ======================================================================
; ======================================================================
; General TCP/IP address space configuration
; ======================================================================
;
; ARPAGE: Specifies the number of minutes between creation or
; revalidation of an LCS ARP table entry and the deletion of the
; entry.
;
ARPAGE 20
;
; ----------------------------------------------------------------------
;
; GLOBALCONFIG: Provides settings for the entire TCP/IP stack
;
; Example GLOBALCONFIG to offload TCP segmentation to OSA-Express
; features
;
; GLOBALCONFIG SEGMENTATIONOFFLOAD
;
; Example GLOBALCONFIG to exploit HiperSockets multiple write
; support
;
; GLOBALCONFIG IQDMULTIWRITE
;
; Example GLOBALCONFIG to displace TCP/IP CPU cycles onto a zIIP
; for certain workloads
;
; GLOBALCONFIG ZIIP IPSECURITY IQDIOMULTIWRITE
;
; Example GLOBALCONFIG to assign OSA-Express QDIO write priority
; values to packets associated with WorkLoad Manager service classes,
; and to forwarded packets
;
; GLOBALCONFIG WLMPRIORITYQ
; IOPRI1 0
; IOPRI2 1
; IOPRI3 2 3
; IOPRI4 4 5 6 FWD
;
; ----------------------------------------------------------------------
;
; IPCONFIG: Provides settings for the IPv4 IP layer of TCP/IP.
;
; Example IPCONFIG for single stack/single system:
;
IPCONFIG DATAGRAMFWD SYSPLEXROUTING
;
; Example IPCONFIG for automatic activation of inter-stack dynamic XCF
; and Same Host (IUTSAMEH) interfaces
;
; IPCONFIG DYNAMICXCF 201.1.10.10 255.255.255.0 2
;
; Example IPCONFIG for IPSECURITY support:
;
; IPCONFIG IPSECURITY
;
; Example IPCONFIG to provide accelerated forwarding at the DLC layer
; for OSA-Express QDIO and HiperSockets packets
;
; IPCONFIG QDIOACCELERATOR
;
; ----------------------------------------------------------------------
;
; IPCONFIG6: Provides settings for the IPv6 IP layer of TCP/IP.
;
; Example IPCONFIG6 to enable IPv6 packet forwarding and the use of
; virtual IP addresses as source addresses in outbound datagrams:
;
; IPCONFIG6 DATAGRAMFWD SOURCEVIPA
;
; Example IPCONFIG6 for automatic activation of inter-stack dynamic XCF
; and Same Host (IUTSAMEH) interfaces
;
; IPCONFIG6 DYNAMICXCF 2001::151:0000
;
; ----------------------------------------------------------------------
;
; SOMAXCONN: Specifies maximum length for the connection request queue
; created by the socket call listen().
;
SOMAXCONN 10
;
; ----------------------------------------------------------------------
;
; TCPCONFIG: Provides settings for the TCP layer of TCP/IP.
; RESTRICTLOWPORTS limits access to ports below 1024
; to authorized applications. Applications can be
; authorized to low ports in three ways:
; - via PORT or PORTRANGE with the appropriate jobname
; or wildcard jobname
; - APF authorized
; - superuser
;
TCPCONFIG TCPSENDBFRSIZE 32K TCPRCVBUFRSIZE 32K SENDGARBAGE FALSE
RESTRICTLOWPORTS
;
; Example TCPCONFIG to change the KEEPALIVE interval for applications
; that enable the SO_KEEPALIVE socket option but do not override
; the interval using the TCP_KEEPALIVE socket option.
;
; TCPCONFIG INTERVAL 30
;
; Example TCPCONFIG for AT-TLS support:
;
; TCPCONFIG TTLS
;
; ----------------------------------------------------------------------
;
; UDPCONFIG: Provides settings for the UDP layer of TCP/IP
; RESTRICTLOWPORTS limits access to ports below 1024
; to authorized applications. Applications can be
; authorized to low ports in three ways:
; - via PORT or PORTRANGE with the appropriate jobname
; or wildcard jobname
; - APF authorized
; - superuser
;
UDPCONFIG RESTRICTLOWPORTS
;
; ----------------------------------------------------------------------
;
; SRCIP: Provides the following functionality:
; - Provides for the substitution of a source IP address on a
; jobname-specific or destination-specific basis, for applications
; which specify either the IPv4 INADDR_ANY address, or the IPv6
; unspecified address (in6addr_any) for the source IP address.
; This may be done when an application issues an explicit bind()
; call with either of these addresses, or when it bypasses issuing
; an explicit bind() call and issues a connect().
; - Provides the ability to designate if default source address
; selection should prefer a public or a temporary IPv6 address
; for the specified jobs.
;
;
; Example SRCIP to substitute a source IP address
;
;SRCIP
; JOBNAME USER15 9.43.242.5
; JOBNAME USER* 9.43.242.4
; JOBNAME USER15 2001::092B:F203
; JOBNAME JOB* ETHER1
; DESTINATION 9.67.114.02 9.43.240.7
; DESTINATION 2003::090C:F246 INTF1
; JOBNAME * 9.43.242.3
; JOBNAME * 9.43.242.3
; JOBNAME PAYROLL* 9.42.242.5 BOTH
; JOBNAME SERVER1 9.42.242.4 SERVER
; JOBNAME CLIENT* 2001:0DB8::9:43:242:6 CLIENT
;ENDSRCIP
;
; Example SRCIP to cause default source address selection to prefer
; public or temporary IPv6 addresses
;
;SRCIP
; JOBNAME IPV6PUB PUBLICADDRS
; JOBNAME IPV6TEMP TEMPADDRS
;ENDSRCIP
;
; ----------------------------------------------------------------------
;
; DEFADDRTABLE: Can be used to configure the policy table for IPv6
; default address selection.
;
;DEFADDRTABLE
; Prefix Precedence Label
; ::1/128 50 0
; ::/0 40 1
; 2002::/16 30 2
; ::/96 20 3
; ::ffff:0.0.0.0/96 10 4
;ENDDEFADDRTABLE
The following information describes the statements that are shown in Figure 1. For more information about any of these statements, see z/OS Communications Server: IP Configuration Reference. For information specific to IPv6 support, see z/OS Communications Server: IPv6 Network and Application Design Guide.
Use the ECSALIMIT parameter on the GLOBALCONFIG statement to limit TCP/IP use of common storage. The POOLLIMIT parameter can be used to limit TCP/IP use of private storage pools.
Use CLAWUSEDOUBLENOP on vendor devices that document the need for double NOPs on each CCW.
Use DATAGRAMFWD if this TCP/IP is to be a router and must forward datagrams to other routers. Use IGNOREREDIRECT when a dynamic routing program is used and ICMP redirect packets are to be ignored by the TCP/IP address space. MULTIPATH is used to inform TCP/IP how to distribute traffic across equal cost routes.
Use IPSECURITY to restrict this host to be a network firewall.
SOURCEVIPA enables interface fault tolerance for z/OS® clients that establish outbound connections. When SOURCEVIPA is set, outbound datagrams use the corresponding virtual IP address (VIPA) in the HOME list instead of the physical interfaces IP address. SOURCEVIPA has no effect on RIP servers such as NCPROUTE or OMPROUTE.
TCPSTACKSOURCEVIPA allows z/OS clients to specify a sysplex-wide source IP address for TCP connections. When TCPSTACKSOURCEVIPA is set, outbound TCP datagrams use the IP address that is specified in the TCPSTACKSOURCEVIPA statement instead of static VIPA addresses or physical interface addresses.
Use SYSPLEXROUTING to communicate interface changes within a sysplex domain to the workload manager (WLM). DYNAMICXCF allows the cross communication facility within a sysplex to dynamically generate connections within a sysplex domain. If DYNAMICXCF is used with a dynamic routing program like OMPROUTE, the BSDROUTINGPARMS and the OMPROUTE configuration files must be updated with subnet mask and cost information. For more information about other configuration parameters that are required, see the usage notes related to the DYNAMICXCF parameter under the IPCONFIG statement in z/OS Communications Server: IP Configuration Reference.
Use REASSEMBLYTIMEOUT to specify the TCP/IP reassemble timeout value in seconds, and the TTL specifies the TCP/IP time to live or hop count value.
Use PATHMTUDISCOVERY to indicate to TCP/IP that it is to dynamically discover the path MTU, which is the minimum of MTUs of each hop in the path.
Use STOPONCLAWERROR to indicate to the TCP/IP stack to stop channel programs (HALTIO and HALTSIO) when a device error is detected.
Use QDIOACCELERATOR to request accelerated packet forwarding for OSA-Express QDIO Ethernet and HiperSockets™ interfaces.
Use DATAGRAMFWD to enable the transfer of data between networks.
Use DYNAMICXCF to enable Dynamic XCF support for IPv6.
For outbound TCP connections, when a source IP address was designated for a specified job name or destination address and the source IP address exists at the time the outbound TCP connection is initiated, this source IP address is used, overriding other source IP address selection methods as described in Source IP address selection. This source address selection occurs for applications that issue a connect() call and that did not previously bind the socket to an IP address, or for those applications that bind to the IPv4 INADDR_ANY address or to the IPv6 unspecified address (in6addr_any) before they issue the connect() call.
For TCP server applications, when the application issues a bind to INADDR_ANY or in6addr_any and a matching JOBNAME rule for SERVER or BOTH is specified, the designated IP address is used on the listening socket. This situation makes the server application bind specific, where client applications can connect to the server by using only the designated IP address. This capability can be useful when the applications do not provide a method for the user to specify a specific IP address for their listening sockets, or in situations when the server application creates listening sockets by using an ephemeral port that is assigned dynamically by TCP/IP. For scenarios when the application binds to specific, well-known ports, the BIND keyword on the PORT reservation statement in the TCP/IP profile can be used instead and has precedence over the SRCIP block specifications.
If you use distributed DVIPAs as a designated source within the SRCIP block, you might also be required to specify the EXPLICITBINDPORTRANGE parameter on the GLOBALCONFIG statement. For more information about the GLOBALCONFIG statement and its parameters, see z/OS Communications Server: IP Configuration Reference.
If an installation wants to control UDP buffering (to limit storage usage or to manage large bandwidth devices), use the UDPSENDBFRSIZE and UDPRCVBUFRSIZE parameters. UDPQUEUELIMIT can be used to set a queue limit for UDP. UDPQUEUELIMIT is useful for installations that want to limit the size of the queue of UDP datagrams that an application can have waiting before the TCP/IP address space starts discarding them.
Use EPHEMERALPORTS to limit the ephemeral port range that the TCP/IP stack uses to assign a port to a socket in the following situations: