ibm z/os communications server ipv6 support€¦ · ibm z/os communications server ipv6 support ......

1

IBM z/OS Communications Server

IPv6 Support

Linda [email protected]

2

04/13/14 www.ibm.com/support/techdocs Document © 2014 IBM Corporation

Agenda

● IPv6 History, Address, Protocol● IPv6 Support in z/OS and Dual-Mode Stack (BPXPRMxx)● PROFILE.TCPIP● Routing● Resolver● FTP● Enterprise Extender● inetd● SMF● More Information

3


IPv6 History, Address, and Protocol

4


Total IP Addresses

● IPv4 Address example 100.114.165.211• Started to be used in 1970s and 80s

➔ United States has the bulk of the IPv4 Addresses• 32-bit address means around 4,200,000,000 nodes• Network Address Translation (NAT) increases total nodes• Huge routing tables on Internet Routers (backbone)

● IPv6 Address example 2001:0DB8:0000:000:0206:2AFF:FE71:4400• Started to be used in 1990s• 128-bit address means around 340 (billion)4 addresses• Routing Tables Manageable through CIDR

➔ Classless InterDomain Routing (CIDR) manages the routing, reducing the size of the routing tables on the backbone. CIDR aggregates sets of routes into a single route by using the common, highest-level denominator for the sets of routes. CIDR is also referred to as "supernetting."

5


IPv4 vs. IPv6IPv4 IPv6

Addressing 32 bits (4 bytes) 4,200,000,000 addresses

128 bits (16 bytes) 340 (billion4) addresses

Communicating to all on subnet Broadcast Addresses Scoped Multicast Addresses

Fragmentation Supported at originating and intermediate nodes

Supported only at originating nodes

Checksum Included in IP Header Not included in IP Header

IPSec Optional Included as part of IPV6

Discovery of best default gateway Optional (with ICMP Route Discovery) Included – ICMPv6 Router Solicitation and Router Advertisement

Resolving IP layer address to link layer address

ARP (Address Resolution Protocol) Multicast Neighbor Solicitation Messages

Local Subnet Group Membership Internet Group Management Protocol (IGMP)

Multicast Listener Discovery (MLD)

Address Configuration Manually or through DHCP Automatically assigned via stateless address configuration or DHCPv6 or manually

DNS Configuration “A” records for host name/address mapping, “PTR” records in IN-ADDR.ARPA domain address/name mapping

“AAAA” or “A6” records for name/address mapping, “PTR” records in IP6.ARPA or IP6.INT domain for address/name mapping

QoS Support Differentiated and Integrated Services Differentiated and Integrated Services, also Flow Label for more granularity

Payload Identification for QoS Not included in IP Header Included in Flow Label

This chart represents a summary of the information present in Table 1 of the IPv6 Network and Application Design Guide (SC27-3663).DHCP and DHCPv6 are not supported on z/OS.Additional differences...IP Header Format IPv4 -- Variable: Min of 20 Bytes + Options IPv6 -- 40 BytesIP Options IPv4 -- Part of IP Header IPv6 -- Inserted as Extensions between IP Header and PayloadQoS, DHCPv6, and Mobility are not part of the Implementation of IPv6.The Internet Assigned Numbers Authority (IANA) website includes the pointers to the most up-to-date information on IPv6: www.iana.orgSome IPv6 RFCs from the IANA website: RFC 3330 - Special-Use IPv4 Addresses RFC 3177 - IAB/IESG Recommendations on IPv6 Address Allocations to Sites RFC 2928 - Initial IPv6 Sub-TLA ID Assignments RFC 2450 - Proposed TLA and NLA Assignment Rules RFC 2373 - IP Version 6 Addressing Architecture RFC 2050 - Internet Registry IP Allocation Guidelines RFC 1918 - Address Allocation for Private Internets RFC 1518 - An Architecture for IP Address Allocation with CIDRIPv6 provides for both stateless and stateful autoconfiguration. Stateless autoconfiguration allows a node to be configured in the absence

of any configuration server. Stateless autoconfiguration further makes it possible for a node to configure its own globally routable addresses in cooperation with a local IPv6 router by combining the 64-bit Interface ID (48-bit MAC address plus random number) of the adapter with network prefixes that are learned from the neighboring router.

IPv6 allows the use of DHCPv6 for stateful autoconfiguration. DHCPv6 relies on a configuration server that maintains static tables to determine the addresses that are assigned to newly connected nodes. z/OS CS does not support DHCPv6.

Manual configuration of addresses may be used in environments where complete local control is required (ie. VIPA or LOOPBACK).

6


IP Address Structure

● IPv4 Dotted Decimal• Documented in RFC 1166• 9.67.122.66

● IPv6 Colon-Hexadecimal• Documented in RFC 3513

➔ Supersedes RFC 2373• Can eliminate leading zeroes:

➔ 0000:0000:0000:0000:0000:0000:0000:0001=::1• Can skip one sequence of zero words leaving two colons:

➔ 2001:0DB8:0000:000:0206:2AFF:FE71:4400=2001:DB8::206:2AFF:FE71:4400• Can specify a prefix by "/length"

● 2001:0DB8::/64

IPv4 Address:9.67.122.66

IPv6 Address:2001:0DB8:0000:0000:0206:2AFF:FE71:4400

IPv6 Address/Prefix-Length:2001:0DB8:0000:0000:0206:2AFF:FE71:4400/64

IPv4 Address/Subnet Mask:9.67.122.66/8

IPv4 addresses are represented in dotted-decimal format. The 32-bit address is divided along 8-bit boundaries. Each set of 8 bits is converted to its decimal equivalent and separated by periods. Each IP address consist of an IP network id and an IP host id on that IP network.

In contrast, IPv6 addresses are 128 bits divided along 16-bit boundaries. Therefore, IPv6 notation is eight 16 bit integers separated by colons. Each 16-bit block is converted to a 4-digit hexadecimal number -- still separated by colons. One group of multiple zeroes can be represented with a double colon. Leading zeroes within each individual field can be omitted. The resulting representation is called colon-hexadecimal.

7


Types of IPv6 Addresses● FF00::/8

• Multicast addresses all begin with "FF"● FE80::/16

• Link-Local Scope unicast addresses all begin with "FE80"• Will not be passed by any router (local to the LAN that it is attached to)

● Anything else• Global Scope unicast addresses are everything else• Will be passed by any router; can be routed anywhere

● Unspecified address (similar to IPv4 inaddr_any)• Represented by :: (0000:0000:0000:0000:0000:0000:0000:0000)• Cannot be used as destination address• Must never be assigned to any node

● Loopback address • Represented by ::1 (0000:0000:0000:0000:0000:0000:0000:0001)• Used by a node to send an IPv6 packet to itself• Must never be assigned to any physical interface

● IPv4-mapped IPv6 address: • Represented by ::FFFF:a.b.c.d (9.67.115.69 = ::FFFF:9.67.115.69)• or ::FFFF:<hex>:<hex> (9.67.115.69 = ::FFFF:0943:7345)• IPv6 address with IPv4 address embedded• Not sent onto the network by z/OS

● IPv4-compatible IPv6 address: represented by ::a.b.c.d• Not supported in z/OS• Such addresses typically used for tunneling IPv4 across IPv6 network

FF02::1

FE80::99:1AC6:77:9/16

::

::1

::FFFF:9.67.115.69

::FFFF:0943:7345

::9.67.115.69

2001:0DB8::0206:2AFF:FE71:4400/64

IPv4 addresses are represented in dotted-decimal format. The 32-bit address is divided along 8-bit boundaries. Each set of 8 bits is converted to its decimal equivalent and separated by periods. Each IP address consist of an IP network id and an IP host id.

In contrast, IPv6 addresses are 128 bits divided along 16-bit boundaries. Therefore, IPv6 notation is eight 16 bit integers separated by colons. Each 16-bit block is converted to a 4-digit hexadecimal number. One group of multiple zeroes can be represented with a double colon. Leading zeroes within each individual field can be omitted. The resulting representation is called colon-hexadecimal.

Unicast addresses identify a single interface. A packet sent to a unicast address is delivered to the interface identified by that address. This is the same concept with which you are already familiar in IPv4.

Anycast addresses identify a set of interfaces (typically different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the "nearest" one). Concept not used in IPv4. Not part of z/OS IPv6 support either.

Multicast addresses identify a set of interfaces (typically different nodes). A packet sent to a multicast address is delivered to all interfaces identified by that address. This is the same concept as in IPv4. Routing protocols like RIP and OSPF use multicast addresses, but so can other applications. All Multicast control information flows using ICMPv6 instead of IPv4 Internet Group Management Protocol (IGMP).

There are no broadcast addresses in IPv6, their function is replaced by multicast addresses.CS allows the customer to assign other LOOPBACK addresses for IPv6.For IPv6, one interface can have multiple IP addresses. For IPv4 this is only supported for Loopback.IPv4-mapped IPv6 addresses - Only implementations that support Stateless IP/ICMP Translation Algorithm (SIIT), RFC 2765, should send outbound packets with IPv4-

mapped IPv6 addresses in the IP header. z/OS Communications Server does not support SIIT.- That is, z/OS does not support sending IPv4-Mapped IPv6 addresses out onto an attached network.- This address type is used to represent the addresses of IPv4 nodes as IPv6 addresses.- It is used when an IPv6 application needs to communicate with an IPv4 peer- Resolver can return IPv4-mapped IPv6 addresses.IPv4-mapped addresses can be written in two ways. IPv4 address 9.67.115.69 can be written as an IPv4-mapped IPv6 address: ::FFFF:0943:7345 (this is the hexadecimal notation) ::FFFF:9.67.115.69 (this is the dotted-decimal notation)IPv4-compatible IPv6 address (::<IPv4_address>) - Used when IPv6 traffic is tunneled across existing IPv4 networks.- Formed by placing 96 bits of zero in front of a valid 32-bit IPv4 address, such that address 1.2.3.4 becomes ::1.2.3.4- IPv4-compatible IPv6 addresses are not included in the z/OS implementation.Link-local address: - Only used on the physical network that a host's interface is attached to. In IPv6 an interface can have multiple addresses.Aggregatable Global Unicast Address- Assigned to ISPs by International "Internet Registry Services" (IRS)ARIN Registry Services (American Registry for Internet Numbers) www.arin.net/library/guidelines/ipv6_initial.html (North America and Sub-Sahara Africa)RIPE-NCC Network Coordination Center in Europe (Reseau IP Europeans) www.ripe.net/ripencc/mem-services/reistration/ipv6.html (Europe, Middle East, Central Asia, and African north of the equator)APNIC Asia Pacific Network Information Center www.apnic.nbet/faq/IPv6-FAQ.html (LACNIC Regional Latin-American and Caribbean Address Registry)How to request Internet addresses in general? www.iana.org/ipaddress/ip-addresses.htmHow to discover what has already been allocated? : www.iana.org/ipaddress/ip-addresses.htmHow does a company or an end-user obtain an address? Consult with your ISP: AT&T, Verizon, etc.

8


Required Addresses for a Host

● Addresses identifying an IPv6 host:• Its Link-Local Address for each interface

➔ z/OS CS only allows a single link-local address per interface.• Assigned Unicast Addresses (autoconfigured OR manually defined)• Loopback Address (::1)• The All-Nodes Multicast Address (FF02::1)(Routers FF02::2)• Solicited Node Multicast Addresses for each of its assigned unicast and

anycast addresses (FF02::1:FF00:0 - FF02::1:FFFF:FFFF)• Multicast Addresses of all other groups to which the host belongs.

● Addresses identifying an IPv4 host: • Assigned Unicast Addresses• Loopback Address• Broadcast Address for each of its assigned unicast addresses• The All hosts Multicast Address• Multicast Addresses of all other groups to which the host belongs

FE80::99:1AC6:77:9/16

2001:0DB8::99:1AC6:77:9/64

::1

FF02::1

9.67.122.66

127.0.0.1

255.255.255.255

An IPv6 host is required to recognize a certain set of addresses as identifying itself. An IPv4 host is required to recognize a different list of addresses as identifying itself. There is no broadcast support in IPv6. It has been replaced with multicast for specific scopes.The Global Unicast Address must be requested from the ISP that services your company or your site; the ISP itself must request IPv6

addresses from an Internet Registry Services.Solicited Node Multicast Address- This address is formed by taking the low-order 24 bits of the address (unicast or anycast) and appending those bits to the prefix

FF02:0:0:0:0:1:FF00::/104. - Range of addresses is FF02:0:0:0:0:1:FF00:0000 to FF02:0:0:0:0:1:FFFF:FFFF- A node is required to compute and join the associated Solicited Node multicast address for every unicast and anycast address it is

assigned. The solicited-node multicast address facilitates the efficient querying of network nodes during address resolution.The following well-known multicast addresses are pre-defined. Use of these group IDs for any other scope values, with the T flag equal

to 0, is not allowed: FF01::, FF02::, FF03::, FF04::, FF05::, FF06::, FF07::, FF08::, FF09::, FF0A::, FF0B::, FF0C::, FF0D::, FF0E::, and FF0F::.

Unicast:- Assigned to one interface. Packets destined for a unicast address are sent to only one node.- Can be link-local scope, or global scopeMulticast:- Provides a means for a source to communicate with a group Anycast - Special Type of Unicast - not used in CS for z/OS: - Allows the source to communicate with the closest member of a groupEvery IPv6 interface except VIPA and LOOPBACK will have an automatically generated link-local address. A packet with a link-local source or destination address will not leave a LAN. A router receiving the packet will not forward it. Link-local

addresses are used for any kind of temporary network: Autoconfiguration, Neighbor discovery, Networks without routers.VIPAs and LOOPBACKs use global addresses. Global addresses can either be manually configured or autoconfigured dynamically.If a packet cannot be forwarded due to reaching a scope boundary, an ICMPv6 BEYOND SCOPE is returned.

9


ICMPv6 Neighbor Discovery (NeD)

● Router Discovery● Prefix Discovery● Parameter Discovery● Address Autoconfiguration● Address Resolution● Next-Hop Determination● Neighbor Reachability / Unreachability Detection● Duplicate Address Detection (DAD)● Redirect

IPv6 Host

Neighbor AdvertisementLink-Local address

Link-Layer (MAC) address

IPv6 Host

Router AdvertisementLink-Local address

Link-Layer (MAC) addressDefault Router Yes/No

MTU SizeHop Limit

Prefix Information for Routing andAutoconfiguration

Neighbor Discovery replaces several IPv4 protocols: ARP, ICMP Router Discovery and ICMP Redirect.Neighbor Discovery uses ICMPv6 rather than ARP. It enables a node to identify other hosts and routers on its links. It maintains routes,

MTU, retransmit times, reachability time, and prefix information based on information received from the routers. NeD uses Duplicate Address Detection (DAD) to verify the host's home addresses are unique on the LAN. NeD uses Address Resolution to determine the link-layer addresses for neighbors on the LAN and Reachability Detection to determine neighbor reachability.

Maintains information about neighbors in a local 'Neighbor Cache'.Router Discovery defines how hosts can automatically locate routers that reside on an attached link. ICMPv6 Router Solicitations /

Advertisements are used to determine the best default gateway.Router Advertisements are sent by routers to announce their availability. z/OS receives Router Advertisements but does not originate

them. Router Advertisements are the mechanism for plug and play.Prefix Discovery specifies how hosts discover the set of prefixes that are defined as being on-link (IPv6 address prefixes that reside on

the shared link (ie.ethernet)), as well as those which are to be used when implementing Stateless Address Autoconfiguration.Parameter Discovery allows a host to learn link parameters, such as the link MTU, and IP parameters, such as the hop limit to place in

outgoing packets.IPv6 provides for both stateless and stateful autoconfiguration.Stateless autoconfiguration allows a node to be configured in the absence of any configuration server. Stateless autoconfiguration further

makes it possible for a node to configure its own globally routable addresses in cooperation with a local IPv6 router, by combining the 48- or 64-bit MAC address of the adapter with network prefixes that are learned from the neighboring router.

IPv6 allows the use of DHCPv6 for stateful autoconfiguration. DHCPv6 relies on a configuration server that maintains static tables to determine the addresses that are assigned to newly connected nodes. z/OS does not support DHCPv6.

Address resolution in IPv6 is similar to ARP processing in IPv4, except ICMP neighbor solicitations, neighbor advertisements, router redirects, and router advertisements are used to obtain the link-layer (MAC) address.

Next-hop determination specifies the algorithm for mapping the IP destination address into the IP address of the neighbor to which traffic should be sent.

Architected neighbor reachability/unreachability replaces old dead gateway logic. Neighbor unreachability detection is used to verify that two-way communication with a neighbor node exists. The host sends a neighbor solicitation to a node and waits for a solicited neighbor advertisement.

Duplicate Address Detection (DAD) is used to verify that an IPv6 home address is unique on the LAN before assigning the address to a physical interface. z/OS responds to other nodes doing DAD for IP addresses assigned to the interface. DAD is not done for VIPAs or loopback addresses.

A node may receive a Redirect message from an on-link router if the router determines that the destination is on-link or if there is a better first-hop router for the given destination. z/OS can be configured to ignore the IPv6 Redirects sent by routers by defining the IGNOREREDIRECT keyword on the IPCONFIG6 statement. If processing of Redirect messages is enabled, z/OS will begin using the new destination which is identified in the Redirect message.

10


IPv6 Support in z/OS andDual-Mode Stack (BPXPRMxx)

11


z/OS IPv6 Enablement

● OS/390 V2R10• BPXPRMxx Network AF_INET6• Socket calls support IPv4-mapped addrs

● z/OS V1R4• IP Stack is IPv6-enabled• Resolver• DLC – QDIO• Static Routing• Static VIPA Support• New IPv6 Socket APIs• TCP/IP Utility Applications

➔ FTP (ftpd), inetd, ftp, telnetd, USS rshd, USS rexec, USS rexecd, ping, tracert, netstat

• Service Tools➔ Netstat long format, Packet Trace, Dump Formatters,

CTRACE, Data Trace● z/OS V1R5

• Network Management• CICS Sockets• Enterprise Extender (hostname)• DLC - XCF, Samehost, Ficon (MPCPTP)• OMPRoute RIPng• Applications

➔ TN3270, syslogd, sntp, tftpd, rexecd/rshd, sendmail• Policy Agent

➔ QoS (Differentiated Services)• NetAccess• SNMP MIBs• SMF records

● z/OS V1R6• Dynamic VIPA including Sysplex Distributor• OMPROUTE OSPFv3• SNMP MIB enhancements

● z/OS V1R7• SNMP UDP MIBs• Advanced Socket APIs (RFC3542)• IPv6 Two Default Routers support• DLC – HiperSockets

● z/OS V1R8• Integrated filtering and IPSec• RPCBIND server

● z/OS V1R9• Scoped Address support

● z/OS V1R10• FRCA• Resolver Enhancements

● z/OS V1R11• Stateless Addr auto-configuration enhancements

● z/OS V1R12• Configurable default address selection algorithm

➔ Prefer a temporary or public source addr• Router advertisement enhancements• IPv6 address support for DNS address

● z/OS V1R13• Intrusion Detection Services (IDS) IPV6 Attacks support

● z/OS V2R1• Enterprise Extender (IPv6 address)

With z/OS the only configuration statement required to enable IPv6 is the AF_INET6 NETWORK statement in BPXPRMxx. IPv6 applications communicating with IPv4 partners is functionally equivalent to IPv4 applications communicating with IPv4 partners.

12


z/OS IPv6 Enablement

● IP Address translation IPv6 to IPv4 and vice versa occurs at the Transport Layer

● AF_INET6 Applications• Common TCP or UDP Transport

Layer selects IPv6 or IPv4 Layer 3 (Network Layer) to match partner.

● Raw Applications• Application itself selects Layer 3

● Both IPv6 and IPv4 remote partners may connect to z/OS IPv6 application.

● Only IPv4 remote partner may connect to z/OS IPv4 only application.

Applications

AF_INET6 PFS

Common DLC Functions

OSA QDIO

IPv6 RawTransport

AF_INET PFS

Common TCP and UDP TransportIPv4 RawTransport

NeDMLDStateless autoconfig

ICMPv6

IPv6

QoSTRMIDS

Firewall Functions

IPv4

ARP IGMP ICMP

IPv6 DLCs (QDIO) IPv4 DLCs

IPv6 and IPv4 packets on the same LAN

z/OS Comm Server can be an IPv4-only stack or a dual-mode stack. There is no support for an IPv6 only stack.The dual-mode stack is also called the "dual stack." However, to avoid any ambiguity, it is probably best to call it a "dual-mode" stack,

since, in the past we have often talked about "dual stacks" when discussing the coexistence of multiple stacks in a single MVS image.

Physical File System (PFS) "AF_INET6." It can coexist with the AF_INET PFS that is available for IPv4. Both file systems are defined in BPXPRMxx.

A dual-mode (or dual-stack) TCP/IP implementation supports both IPv4 and IPv6 interfaces; both old AF_INET and new AF_INET6 applications.

If address translation is necessary because the network is IPv6 when the connection partners are IPv4, or because the network is IPv4 when the connection partners are IPv6, the transport layer provides the mapping services.

For AF_INET6 applications, the common TCP or UDP transport layer determines per communication partner if the partner is an IPv4 or an IPv6 partner - and chooses IPv4 or IPv6 networking layer component based on that.

Raw applications make the determination themselves when they choose IPv4 or IPv6 raw transport.IPv4 and IPv6 applications can coexist on a single dual stack.Unmodified applications continue to send data over the IPv4 network.A single application can communicate using IPv4 and IPv6; requires application modification.By default, IPv6 applications can communicate with both IPv4 and IPv6 peers. The socket option IPv6_V6ONLY makes an IPv6

application require all peers to be IPv6.

13


z/OS IPv6 EnablementIPv6 Enabled Applications

AF_INET6 PFS

Common DLC Functions

OSA QDIO

AF_INET PFS

Transport Layer

IPv6 IPv4


IPv4 Only Applications

2001:0DB8::9:67:115:17

9.67.115.5

2001:0DB8::9:67:115:5

9.67.115.69

Application IPv6

Source Address 2001:0DB8::9:67:115:17

Dest Address 2001:0DB8::9:67:115:5

Transport IPv6


Dest Address 2001:0DB8::9:67:115:5

IPv6 Packet IPv6


Dest Address 2001:0DB8::9:67:115:5

Application IPv4

Source Address ::FFFF:9.67.115.69

Dest Address ::FFFF:9.67.115.5

Transport IPv4

Source Address 9.67.115.69 --- ::FFFF:9.67.115.69

Dest Address 9.67.115.5 --- ::FFFF:9.67.115.5

IPV6 Packet IPv4

Source Address 9.67.115.69

Dest Address 9.67.115.5

An application that has bound to an IPv6 native address has to use some transition mechanism to be able to communicate with an IPv4 partner.

IPv4-mapping is defined as the function of mapping an IPv4 address into the IPv6 address field of an AF_INET6 addressing structure. It is done at the transport protocol layer when the remote partner is an IPv4 partner.

An IPv6 application on a dual-mode stack can communicate with IPv4 and IPv6 partners as long as it doesn't bind to a native IPv6 address. If it bound to a native IPv6 address, then it cannot communicate with an IPv4 partner, since the native IPv6 address cannot be converted to an IPv4 address.

A 32-bit AF_INET address can always fit into an AF_INET6 address field. An IPV6 address cannot fit into an AF_INET address field. If the partner is IPv6, all communication will use IPv6 packets. If partner is IPv4 then both source/destination will be IPv4-mapped IPv6 addresses. On inbound the transport protocol layer will map the IPv4 address to its corresponding IPv4-mapped IPv6 address before returning to

the application with AF_INET6 addresses. On outbound the transport protocol layer will convert the IPv4-mapped addresses to native IPv4 addresses and send IPv4 packets.

14


Application / Transport Layer Mapping

AF_INETSocket

IPv4 SpecificAddress orinaddr_any

AF_INET6Socket

IPv4 MappedAddress

AF_INET6Socket

IPv6 SpecificAddress

AF_INET6Socket

in6addr_any

IPv4 PacketIPv6 Packet

IPv6 Routing IPv4 Routing

IPv6partner

IPv6partner

IPv4Mappedpartner

IPv4Mappedpartner

IPv4partner

AF_INETSocket

??????

IPv6partner

IPv6 Packet

IPv6 Routing

An AF_INET (IPv4) Server program on a Dual-Mode stack cannot communicate with an IPv6-only partner because AF_INET cannot fit an IPv6 address into 32 bits.

AF_INET Sockets Only send using IPv4 packetsAF_INET6 Sockets Bound to IPv4 mapped address Send IPv4 packets only Partner specified using an IPv4 mapped address Bound to IPv6 native address Send IPv6 packets only Partner specified using IPv6 address Bound to in6addr_any - (UDP - implicit Bind is done at send/connect time) Send IPv4 or IPv6 packet depending on how partner address is specified (IPv4 mapped or IPv6 native) Can receive IPv4 or IPv6 packets A listening TCP socket can receive both IPv4 and IPv6 SYNs. Note that when sending/receiving IPv4 packets, all existing V4 functions are supported - firewall, policy, sysplex etc.

15


BIND-Specific and PORTPORT 2001 TCP MYSERVER 20 TCP * NOAUTOLOG 21 TCP NM1AFTP1 BIND 12AB::2 21 TCP FTPD3 BIND 9.67.2.1 2020 TCP CICS1 SHAREPORT 2020 TCP CICS2 3001 TCP MYIP6AP1 SHAREPORT 3001 TCP MYIP6AP2 3001 TCP MYIP4AP1 3001 TCP MYIP4AP2

PROFILE.TCPIP PORT Statement

NETSTAT PORTLISTMVS TCP/IP NETSTAT CS...Port# Prot User Flags Range----- ---- ------- ----- -----00020 TCP NM1AFTP1 D00021 TCP NM1AFTP1 DABBindSpecific: 12AB::200021 TCP FTPD3 DABBindSpecific: 9.67.2.102001 TCP MYSERVER DA02020 TCP CICS1 DAU02020 TCP CICS2 DAU03001 TCP MYIP6AP1 DAU03001 TCP MYIP6AP2 DAU03001 TCP MYIP4AP1 DAU03001 TCP MYIP4AP2 DAU

1

2

3

4

1.Port reserved without regard to IPv4 and IPv6.2.BIND forces server to listen only on a particular

IPv4 or IPv6 address.● One job for IPv4 clients● One job for IPv6 clients

3.Shareport provides load balancing by the stack.

4. IPv4 clients are load-balanced to all IPv4 and IPv6 servers.

IPv4 Clients

port 21

9.67.2.1

port 2020

port 3001

port 21

12AB::2

port 3001

FTPD3CICS1CICS2MYIP4AP1MYIP4AP2

NM1AFTP1MYIP6AP1MYIP6AP2

IPv6 Clients

The PORT statement reserves a port for the use of a particular server. It normally does not distinguish between IPv4 and IPv6; the port is reserved regardless of which flavor of address the application uses.

The BIND keyword on the port statement allows you to force an INADDR_ANY listener to listen on a particular IP address. You may now specify an IPv6 address on this keyword. INADDR_ANY listeners will be converted to an IPv4 address, but will ignore an IPv6 address on the BIND keyword. IN6ADDR_ANY listeners will be converted to either an IPv4 address (the v4-mapped form of that address) or an IPv6 address, depending on what is specified with the BIND keyword.

By using the BIND keyword, a server listens on a particular IP address; i.e., it will be either IPv4 or IPv6. To have the same service serve both IPv4 and IPv6 clients, you may need to start up two instances of it, one bound to an IPv4 address and one to an IPv6 address. The example here illustrates two different FTP servers: one for IPv4 and one for IPv6.

FTP always opens AF_INET6 (if you are on a dual-mode stack).SHAREPORT allows multiple listeners to bind to the same port. It causes incoming connections to be load-balanced between the

listeners. All IPv4 connection requests will be load-balanced between the set of IPv4 listeners (including AF_INET6 IN6ADDR_ANY listeners), while all IPv6 connection requests will be load-balanced between the set of IPv6 listeners.

16


INET BPXPRMxx Definitions

● IPv4-only BPXPRMxx Example for INETFILESYSTYPE TYPE(INET) ENTRYPOINT(EZBPFINI) NETWORK DOMAIN(AF_INET) DOMAINNUMBER(2) MAXSOCKETS(2000) TYPE(INET)

● IPv4/IPv6 BPXPRMxx Example for INET (Dual-Mode)FILESYSTYPE TYPE(INET) ENTRYPOINT(EZBPFINI) NETWORK DOMAINNAME(AF_INET) DOMAINNUMBER(2) MAXSOCKETS(2000) TYPE(INET) NETWORK DOMAINNAME(AF_INET6) DOMAINNUMBER(19) MAXSOCKETS(3000) TYPE(INET)

Socket Applications

AF_INET6 PFS

IPv6 RawTransport

AF_INET PFS

TCP and UDP TransportIPv4 RawTransport


ICMPv6

QoSTRMIDS

ARP IGMP ICMP


LFS

Socket Applications

AF_INET PFS

TCP and UDPTransport

IPv4 RawTransport

QoSTRMIDS

ARP IGMP ICMP

IPV4 DLCs

LFS

Dual stack (IPv4/IPv6) is defined by using two NETWORK statements (AF_INET & AF_INET6) in BPXPRMxx.When the INET is defined, only a single TCP/IP stack can be started. The single stack is IPv4/IPv6 capable.With dual-mode stack IPv6 functions and protocols ICMPv6, NeD, MLD, and Autoconfig are automatically enabled. ICMPv6 - The IP protocol concerns itself with moving data from one node to another. However, in order for IP to perform this task

successfully, there are many other functions that need to be carried out: error reporting, route discovery, and diagnostics, among others. In IPv6 , all these tasks are carried out by the Internet Control Message Protocol (ICMPv6). In addition, ICMPv6 provides a framework for Multicast Listener Discovery (MLD) and Neighbor Discovery (NeD), which carry out the tasks of conveying multicast group membership information ( the equivalent of the IGMP protocol in IPv4) and address resolution (performed by ARP in IPv4).

Neighbor discovery is an ICMPv6 function that enables a node to identify other hosts and routers on its links. It corresponds to a combination of IPv4 protocols (ARP, ICMP Router Discovery, and ICMP Redirect). It maintains routes, MTU, retransmit times, reachability time, and prefix information based on information received from the routers. NeD uses Duplicate Address Detection (DAD) to verify the host's home addresses are unique on the LAN. NeD uses Address Resolution to determine the link-layer addresses for neighbors on the LAN and Reachability Detection to determine neighbor reachability.

Multicast Listener Discovery (MLD) is the protocol used by an IPv6 router to discover the presence of multicast listeners (that is, nodes wishing to receive multicast packets) on its directly attached links, and to discover specifically which multicast addresses are of interest to those listeners. This information is then provided to whichever multicast routing protocol is being used by the router, in order to ensure that multicast packets are delivered to all links where there are interested receivers. MLD is derived from IGMPv2. One important difference to note is that MLD uses ICMPv6 message types, rather than IGMP message types.

IPv6 provides for both stateless and stateful autoconfiguration. Stateless autoconfiguration allows a node to be configured in the absence of any configuration server. Stateless autoconfiguration makes it possible for a node to configure its own globally routable addresses in cooperation with a local IPv6 router, by combining the 48- or 64-bit MAC address of the adapter with network prefixes that are learned from the neighboring router. IPv6 allows the use of DHCPv6 for stateful autoconfiguration. DHCPv6 relies on a configuration server that maintains static tables to determine the addresses that are assigned to newly connected nodes. z/OS CS does not support DHCPv6.

D OMVS,PFS OMVS 000E ACTIVE OMVS=(N3) PFS CONFIGURATION INFORMATION PFS TYPE DESCRIPTION ENTRY MAXSOCK OPNSOCK HIGHUSED UDS SOCKETS AF_UNIX BPXTUINT 64 2 2 INET SOCKETS AF_INET6 EZBPFINI 3000 1 1 SOCKETS AF_INET 2000 7 7

17


Multiple Stacks IPv4 CINET

IPv4-only BPXPRMxx Example for CINETFILESYSTYPE TYPE(CINET) ENTRYPOINT(BPXTCINT) NETWORK DOMAINNAME(AF_INET) DOMAINNUMBER(2) MAXSOCKETS(2000) TYPE(CINET) INADDRANYPORT(20000) INADDRANYCOUNT(100)SUBFILESYSTYPE NAME(NM1ATCP)TYPE(CINET) ENTRYPOINT(EZBPFINI)SUBFILESYSTYPE NAME(NM1BTCP)TYPE(CINET) ENTRYPOINT(EZBPFINI)SUBFILESYSTYPE NAME(NM1CTCP)TYPE(CINET) ENTRYPOINT(EZBPFINI)


IPv4 RawTransport

QoSTRMIDS ARP IGMP ICMP

IPv4 DLCs

NM1CTCP


IPv4 RawTransport


IPv4 DLCs

NM1BTCP

Socket Applications

AF_INET PFS


IPv4 RawTransport


IPv4 DLCs

NM1ATCP

A single MVS image can contain up to 8 TCP/IP stacks. Depicted here are three stacks running in MVS. This type of configuration is called Common INET and is defined in the BPXPRMxx member of hlq.PARMLIB.

Multi-stack support is not new, but CINET support for IPv6 is. Up to 8 CS TCP/IP stacks can be active at one time whether they are running single-mode or dual-mode.

Three IPv4 AF_INET stacks are depicted. These definitions are identical to what was used prior to IPv6 support.Multiple TCP/IP stacks in one MVS image or LPAR are only supported by using Common INET (CINET).Each TCP/IP stack is defined in the BPXPRMxx parmlib member using a SUBFILESYSTYPE statement.D OMVS,PFS BPXO046I 16.18.01 DISPLAY OMVS 023 OMVS 000D ACTIVE OMVS=(Z4) PFS CONFIGURATION INFORMATION PFS TYPE DESCRIPTION ENTRY MAXSOCK OPNSOCK HIGHUSED AUTOMNT LOCAL FILE SYSTEM BPXTAMD TFS LOCAL FILE SYSTEM BPXTFS CINET SOCKETS AF_INET BPXTCINT 10000 34 38 UDS SOCKETS AF_UNIX BPXTUINT 64 5 6 HFS LOCAL FILE SYSTEM GFUAINIT BPXFTCLN CLEANUP DAEMON BPXFTCLN BPXFTSYN SYNC DAEMON BPXFTSYN BPXFPINT PIPES BPXFPINT BPXFCSIN CHARACTER SPECIAL BPXFCSIN PFS NAME DESCRIPTION ENTRY STATUS FLAGS NM1ATCP SOCKETS EZBPFINI ACT SC NM1BTCP SOCKETS EZBPFINI ACT NM1CTCP SOCKETS EZBPFINI ACT PFS TYPE PARAMETER INFORMATION HFS CURRENT VALUES: FIXED(0) VIRTUAL(249)This command displays the Physical File Systems available to UNIX System Services.This is a CINET (multi-stack) configuration for IPv4 only (Sockets AF_INET) with Entry type of BPXTCINT.Each individual stack has an entrypoint of EZBPFINI.

18


Multipe Stacks IPv4/IPv6 CINET

● IPv4/IPv6 BPXPRMxx Example for CINET (Dual-Mode)FILESYSTYPE TYPE(CINET) ENTRYPOINT(BPXTCINT) NETWORK DOMAINNAME(AF_INET)

DOMAINNUMBER(2) MAXSOCKETS(2000) TYPE(CINET) INADDRANYPORT(20000) INADDRANYCOUNT(100)

NETWORK DOMAINNAME(AF_INET6) DOMAINNUMBER(19) MAXSOCKETS(3000) TYPE(CINET)

SUBFILESYSTYPE NAME(NM1ATCP) TYPE(CINET) ENTRYPOINT(EZBPFINI) SUBFILESYSTYPE NAME(NM1BTCP) TYPE(CINET) ENTRYPOINT(EZBPFINI)SUBFILESYSTYPE NAME(NM1CTCP) TYPE(CINET) ENTRYPOINT(EZBPFINI)

Socket Applications

AF_INET6 PFS

IPv6 RawTransport

AF_INET PFS


IPv4 RawTransport


ICMPv6

QoSTRMIDS

ARP

IGMP

ICMP

IPv6 DLCs IPv4 DLCs

AF_INET6 PFS

IPv6 RawTransport

AF_INET PFS


IPv4 RawTransport


ICMPv6

QoSTRMIDS

ARP

IGMP

ICMP

IPv6 DLCs IPv4 DLCs

AF_INET6 PFS

IPv6 RawTransport

AF_INET PFS


IPv4 RawTransport


ICMPv6

QoSTRMIDS

ARP

IGMP

ICMP

IPv6 DLCs IPv4 DLCs

MAXSOCKETS is enforced independently for AF_INET and AF_INET6 sockets.INADDRANYPORT, INADDRANYCOUNT values for NETWORK AF_INET6 from values specified on NETWORK AF_INET.INADDRANYPORT, INADDRANYCOUNT values are ignored if specified on the NETWORK statement for AF_INET6.

Dual stack (IPv4/IPv6) is defined by using two NETWORK statements in BPXPRMxx: one for IPv4 and one for IPv6.Each TCP/IP stack is defined in the BPXPRMxx parmlib member with SUBFILESYSTYPE. All CS TCP/IP stacks defined under the two

NETWORK statements will be IPv4/IPv6 stacks. Stacks that are not IPv6-aware (like AnyNet Sockets over SNA) will continue to operate as IPv4-only stacks.If MAXSOCKETS on AF_INET6 NETWORK is specified as 0, any TCP/IP stacks started will be v4-only stacks. MAXSOCKETS is enforced independently for AF_INET and AF_INET6 sockets. For TCP/IP Socket APIs (Macro, CALL, REXX, C and CICS) the maximum number of sockets allowed is 2000 regardless of socket type

and subject to the MAXSOCKETS limit. See z/OS Communication Server: IP Application Programming Interface Guide, SC31-8788, for details or how to set the maximum socket limit for the TCP/IP Socket APIs.

For Unix sockets apps Maxsockets determines number of each type of socket that may be open at one time.D OMVS,PFSOMVS 000E ACTIVE OMVS=(N3)PFS CONFIGURATION INFORMATION PFS TYPE DESCRIPTION ENTRY MAXSOCK OPNSOCK HIGHUSED UDS SOCKETS AF_UNIX BPXTUINT 64 2 2 INET SOCKETS AF_INET6 EZBPFINI 3000 1 1 SOCKETS AF_INET 2000 7 7The information about whether the stack is IPv6 enabled or not is added to the Netstat UP/-u report.Example from an IPv4 only stackMVS TCP/IP NETSTAT CS V1R4 TCPIP Name: NM1ATCP 14:34:37Tcpip started at 14:27:29 on 05/21/2003 with IPv6 disabledExample from an IPv6 enabled stackMVS TCP/IP NETSTAT CS V1R4 TCPIP Name: NM1ATCP 23:01:27Tcpip started at 22:40:32 on 05/21/2003 with IPv6 enabledNetstat HOME in an IPv6-enabled stack displays the LOOPBACK6 Interface -- whether or not you have made any changes whatsoever to

the current TCP/IP Profile.INTFNAME: LOOPBACK6 ADDRESS: ::1 TYPE: LOOPBACK FLAGS:The LOOPBACK6 interface appears at the bottom of the HOMELIST, beneath the IPv4 LOOPBACK device.

19


PROFILE.TCPIP

20


Format Long● IPCONFIG FORMAT SHORT and NETSTAT FORMAT SHORT

• IPCONFIG default when stack not in Dual-Mode (not IPv6 enabled)• IPv4 only output

● IPCONFIG FORMAT LONG and NETSTAT FORMAT LONG• Only option when stack in Dual-Mode (IPv6 enabled)• IPv6 and IPv4 output

NETSTAT HOMEMVS TCP/IP NETSTAT CS V1R4 TCPIP Name:...Home address list:Address Link Flg------- ---- ---9.82.5.120 VLINK19.82.5.121 VLINK210.1.1.1 LOOPBACK9.82.4.168 OSATRB10 P172.18.2.168 CTCC128192.168.11.168 TRLSM92A192.168.31.168 TRLSM93A192.168.51.168 TRLSM94A192.168.5.168 EZASAMEMVS192.168.5.168 EZAXCFM29.82.5.122 VIPL0952057A127.0.0.1 LOOPBACK

NETSTAT HOME FORMAT LONGMVS TCP/IP NETSTAT CS V1R4...Home address list:LinkName: VLINK1 Address: 9.82.5.120 Flags:...LinkName: LOOPBACK Address: 10.1.1.1 Flags:LinkName: OSATRB10 Address: 9.82.4.168 Flags: Primary...

FORMATSHORT FORMAT

LONG

FORMAT - The FORMAT keyword is optional.The FORMAT keyword is only meaningful for stacks that are not enabled for IPv6. It controls the format of the command output. If

FORMAT SHORT is specified and the stack is enabled for IPv6, then an error message will be displayed. If the stack is not enabled for IPv6 and the user specified LONG format, the command output is displayed as if it could contain IPv6 addresses. If the stack is not enabled for IPv6 and the user specified SHORT format or did not specify the FORMAT keyword, then the command output is displayed as if it could contain only IPv4 addresses and not the longer IPv6 addresses.

If the stack is enabled for IPv6, then specifying the FORMAT keyword does not make any difference to the command output format.The FORMAT LONG display above is done on a stack that does not have IPv6 enabled.Most Netstat Output Format output keyword LONG or SHORT FORMAT LONG to support longer IPv6 addresses LONG FORMAT always used when IPv6 is enabled No message identifiers in FORMAT LONG output FORMAT SHORT same as pre-V1R4 FORMAT defaults to SHORT when IPv6 is not enabled FORMAT SHORT is not supported when IPv6 is enabledFORMAT can be defined in IPCONFIGNo Message Identifiers in the Output when FORMAT LONG is used.If you have developed REXX programs that issue Netstat commands under TSO and parse the output lines based on message

identifiers, you may need to change those REXX programs to use some other token in the output lines to decide the format of the line you are trying to parse.

Implement IPCONFIG FORMAT LONG now to prepare for an eventual IPV6 implementation. Since messages routinely change when the z/OS release changes it is recommended to implement IPCONFIG FORMAT LONG when

z/OS is upgraded. Automation that relies on the message output will be checked after upgrade anyway and a separate check for FORMAT LONG will be avoided.

21


IPv6 Interface Statement● Combines the definitions of DEVICE, LINK and HOME

• LOOPBACK6 defines loopback addresses• IPAQENET6 configures OSA-Express adapter (Ethernet QDIO)• MPCPTP6 defines IUTSAMEH, XCF, or ESCON/FICON link• VIRTUAL6 defines IPv6 VIPA• IPAQIDIO6 defines HiperSockets LAN

● Some of the Keywords• DEFINE/DELETE (not for LOOPBACK6)

➔ defines or deletes the IPv6 device• ADDADDR/DEPRADDR/DELADDR

➔ adds, deletes, or deprecates IPv6 home address(es)• PORTNAME (IPAQENET6)/TRLENAME (MPCPTP6)

➔ equals TRLE portname or cpname (XCF) or IUTSAMEH➔ equals device name for physical device to support both IPv4 and IPv6

• INTFID (IPAQENET6 and MPCPTP6)➔ optionally statically defines 64-bit interface ID (predictable link-local address)

• IPADDR (not for LOOPBACK6)➔ statically defines IPv6 address➔ without IPADDR indicates autoconfiguration

• SOURCEVIPAINTERFACE (IPAQENET6 and MPCPTP6)➔ indicates the static VIPA to be used

• DUPADDRDET (IPAQENET6)➔ indicates number of times to attempt duplicate address detection

INTERFACE and IPCONFIG6 are statements in z/OS CS to support IPv6. The stack must be enabled for IPv6 to use these statements.Multiple IPv6 addresses may be configured on an INTERFACE statement.Start or Stop an interface via: START or STOP statement in profile VARY TCPIP,,START or VARY TCPIP,,STOP commandThe Interface statement allows the definition or deletion of IPv6 interfaces as well as the addition, deletion or deprecation of IPv6

addresses for these interfaces.IPv6 provides the capability of autoconfiguring addresses for an interface by using information provided by IPv6 routers. Descriptions of

this function can be found in RFC 2461 and RFC 2462. The term autoconfigured IP address is used to mean an IP address that is created as a result of information received from a router advertisement. z/OS TCP/IP allows autoconfiguration if no IP addresses are defined on the profile INTERFACE statement using the IPADDR keyword. If the INTERFACE statement contains IPADDR definitions, this indicates that the installation is defining its own IP addresses and autoconfiguration is not desired. Manually configured addresses describes the addresses that are defined using the IPADDR keyword.

TCP creates an autoconfigured IP address for an interface if all three of the following conditions are met: The interface is active. A valid router advertisement containing prefix info with the autonomous flag on is received over the interface. No manually configured home addrs are defined for the interface at the time the router advert is received. The IP address that is created by autoconfiguration is formed by appending the interface ID to the prefix supplied by the router

advertisement. Autoconfigured addresses can be identified in the netstat home report by the 'Autoconfigured' flag.PRI/SEC/NONROUTER function works the same way for IPv6 as for IPv4. There are separate primary router attributes for IPv4 and IPv6

packets, so one stack sharing the OSA may be primary router for IPv4 while a different stack may be primary router for IPv6. Configure IPv4 PRIROUTER/SECROUTER attribute on DEVICE statement Configure IPv6 PRIROUTER/SECROUTER attribute on INTERFACE statementNETSTAT DEVLINKS/-d displays the PRI/SEC/NONROUTER attributes.Virtual MAC is preferred over PRIROUTER parameter.Each stack registers each non-loopback IP address in its home list to OSA.To add/delete an IPv4 home addr you need to use Obeyfile with a new HOME which replaces the IPv4 home.For IPv6 you can use ADDADDR and DELADDR on the INTERFACE statement to add/delete individual IP addrs.To delete the last or only IPv6 address for a VIRTUAL6, use INTERFACE DELETE similar to IPv4 DELETE LINK and DELETE DEVICE.

22


Loopback Interface Statement

● INTERFACE LOOPBACK6 Statement for IPv6:

INTERFACE LOOPBACK6 ADDADDR 2001:0DB8::14:0

• There is only one LOOPBACK6 interface generated automatically.➔ Default address ::1➔ Cannot be deleted

• Additional IP addresses may be defined/deleted/deprecated.

::1

There is only one LOOPBACK6 interface.The default LOOPBACK6 address ::1 is generated automatically and cannot be deleted. Therefore, you cannot DEFINE or DELETE the

LOOPBACK6 interface.You can add additional IP addresses for LOOPBACK6 in the initial profile or in an obeyfile. Additionally, you can delete and deprecate one

or more of these additional IP addresses in a vary obeyfile.

23


OSA QDIO Interface Statement

● Single OSA adapter can support both IPv4 and IPv6 concurrently.● TRLE Required:OSAQDIO TRLE LNCTL=MPC,READ=(0E28),WRITE=(0E29),DATAPATH=(0E2A,0E2B),MPCLEVEL=QDIO,PORTNAME=(OSAQDIO2,0)

● INTERFACE IPAQENET6 Statement for IPv6:INTERFACE OSAQDIO26 DEFINE IPAQENET6 PORTNAME OSAQDIO2IPADDR 2001:0DB8:1:0:50C9:C2D4:0:1

● INTERFACE IPAQENET Statement for IPv4:INTERFACE OSAD2INT DEFINE IPAQENET PORTNAME OSAQDIO2IPADDR 10.15.43.38/24

● DEVICE MPCIPA and LINK IPAQENET Statement for IPv4:DEVICE OSAQDIO2 MPCIPALINK LINK2 IPAQENET OSAQDIO2

TCP/IP can be configured to use the OSA for IPv4-only, for IPv6-only, or both.To use an OSA for both specify the same PORTNAME on both IPV6 and IPV4 INTERFACEs or the IPV6 Interface and the devicename

on the IPV4 DEVICE.IPv6 OSA QDIO - Configured using INTERFACE IPAQENET6. Requires TRLE definition, same as IPv4. Optional IPADDR to manually

configure IP address(es) - Full IPv6 address or 64 bit prefix (TCP/IP appends interface ID).Separate start and stop statements and separate Netstat Devlinks interface counters for IPv4 and IPv6.For IPv4, ARP is offloaded to and performed by OSA. For IPv6, TCP/IP Neighbor Discovery performs Address resolution for OSA.Two device addresses defined in Datapath in the Example on this page:Required for two stacks in same LPAR sharing OSA.Optional Backup - If two device addrs are defined for only one stack and the first path fails the second is used.

24


Interface ID and MTU from OSA

● OSA returns MAC address and unique instance value during START interface.

● TCP/IP uses the lower of the configured MTU and the MTU value returned by the OSA• 8992 for Gigabit Ethernet• 1492 for Fast Ethernet

INTERFACE OSAQDIO26 DEFINE IPAQENET6 PORTNAME OSAQDIO2 PRIROUTER MTU 4000

INTERFACE ID (64 BITS)24 bits 16 bits 24 bitsMAC ADDR (BYTES 1-3) INSTANCE VALUE MAC ADDR (BYTES 4-6)

LINK_LOCAL ADDRESS (128 BITS)64 bits 64 bitsLINK_LOCAL PREFIX INTERFACE ID

Multiple stacks which share an OSA get unique interface IDsTCP/IP constructs interface ID and link-local addressInterface ID remains the same across restart of interface (with rare exceptions)Interface ID will change after recycle of TCP/IPRFC2373 describes an algorithm to build an EUI-64 interface ID from a MAC address by inserting xFFFE into the middle of MAC

address. However this algorithm does not consider the case where an adapter is shared by multiple stacks as each would derive the same interface ID and therefore get the same link-local address. To allow an OSA to be shared by multiple stacks, OSA returns a unique instance value during activation.

TCP/IP ensures that universal/local bit is off in the interface ID (seventh bit of interface ID).To help provide fault tolerance, TCP/IP requests that OSA return the same interface ID when an interface is restarted.One reason the interface ID could change on a restart of interface is if the customer changes the MAC address of the OSA.MTU Configure MTU on INTERFACE statement (<= size supported by router)The minimum MTU for IPv6 is 1280.The stack sends certain IPv6 packets to the link local address of a router using the interface MTU. For OSA Gigabit Ethernet jumbo

frame is supported, this MTU is 8992.NETSTAT DEV/-d displays both the configured MTU (if configured) and the actual MTU (if interface is active).

25


MPC Interface Statement● Single MPC adapter can support both IPv4 and IPv6 concurrently.● TRLE Required:

OSAQDIO TRLE LNCTL=MPC,READ=(0C28),WRITE=(0C29),DATAPATH=(0C2A,0C2B),MPCLEVEL=HPDT,PORTNAME=(ESCONP1,0)

● INTERFACE MPCPTP6 Statement for IPv6:

INTERFACE ESCONI1 DEFINE MPCPTP6 PORTNAME ESCONP1IPADDR 2001:44:5:4:1000:C200:0:1

● DEVICE MPCPTP and LINK MPCPTP Statement for IPv4:

DEVICE ESCONP1 MPCPTPLINK ESCONL1 MPCPTP ESCONP1

● Static XCF• TRLENAME is VTAM CPname

● Same Host• TRLENAME is reserved name IUTSAMEH

TCP/IP can be configured to use the OSA for IPv4-only, for IPv6-only, or both.To use an OSA for both by specifing the same PORTNAME on the INTERFACE and the devicename on the DEVICE.IPv6 OSA QDIO - Configured using INTERFACE IPAQENET6. Requires TRLE definition, same as IPv4. Optional IPADDR to manually

configure IP address(es) - Full IPv6 address or 64 bit prefix (TCP/IP appends interface ID).Separate start and stop statements and separate Netstat Devlinks interface counters for IPv4 and IPv6.For IPv4, ARP is offloaded to and performed by OSA. For IPv6, TCP/IP Neighbor Discovery performs Address resolution for OSA.Two device addresses defined in Datapath in the Example on this page: Required for two stacks in same LPAR sharing OSA.Optional Backup - If two device addrs are defined for only one stack and the first path fails the second is used.

26


VIPA Interface Statement

● IPv6 VIPA and SourceVIPA• IPv6 Source VIPA is enabled in IPCONFIG6 Statement:

IPCONFIG6 SOURCEVIPA

• INTERFACE VIRTUAL6 Statement for IPv6:INTERFACE VIPAV61 DEFINE VIRTUAL6IPADDR 2001:0DB8:0:A:9:67:115:5INTERFACE VIPAV62 DEFINE VIRTUAL6IPADDR 2001:0DB8:0:A:9:67:115:6

• IPv6 Source VIPA is specified on OSA interface Statement:INTERFACE OSAQDIO16 DEFINE IPAQENET6 PORTNAME OSAQDIO1SOURCEVIPAINTerface VIPAV61INTERFACE OSAQDIO26 DEFINE IPAQENET6 PORTNAME OSAQDIO2SOURCEVIPAINTerface VIPAV62

All static VIPA must be manually configured. IPv6 Static VIPA are configured using INTERFACE VIRTUAL6.Link-local VIPAs are disallowed since link-local are for use only on the associated LAN and there is no VIPA LAN.SourceVIPA for IPv6 is controlled via the IPCONFIG6 SOURCEVIPA and INTERFACE SOURCEVIPAINTERFACE.When multiple addresses are configured for a SOURCEVIPA interface, the default source address selection algorithm will select the

correct source address for each outbound packet based upon its destination address.Use different prefixes for IPv6 static VIPAs and for the IPv6 addresses assigned to real interfaces. To allow other hosts that share a LAN with the z/OS TCP/IP stack to access the IPv6 VIPAs without the need for manual route

configuration, a router on each LAN should include the VIPA prefix in its router advertisements. The router advertisements should define the prefix as being on-link and should indicate that the prefix not be used for autoconfiguration. No duplicate address check is done for VIPA addresses.

When the application or upper-layer protocol has not selected a source address for an outbound IPv6 packet (using bind or ipv6_pktinfo), the default source address selection algorithm will select one:

The goal of default source address selection is to select the address that is most likely to allow the packet to reach its destination and to support site renumbering. The group of candidate addresses consists of the addresses assigned to the outbound interface (both configured and/or dynamically generated) or the addresses configured for the outbound interface's SOURCEVIPA interface.

The default source address selection algorithm is explained in detail in the IPv6 Network and Application Design Guide, SC31-8885.Transparent fault tolerance - redundant IPv6 connectivity onto a LAN Define and start multiple IPAQENET6 interfaces onto the same LAN If one interface becomes inactive for any reason then another interface performs Interface Takeover Gratuitous Neighbor Advertisements with new MAC address are sent IPv6 traffic targeting original IP address(es) will continue to flow over another interface Similar to existing IPv4 ARP takeover function for LCS and MPCIPA QDIO except: IPv6 support only sends gratuitous advertisements

for VIPAs the stack previously received a Neighbor Solicitation for on that LAN.

27


Dynamic VIPA (DVIPA)

● IPv6 Dynamic VIPA Support (VIPADYNAMIC)

VIPADYNAMIC VIPADEFINE dvipav612001:0DB8:0:A:9:67:115:7 ENDVIPADYNAMIC

VIPADYNAMIC VIPABACKUP dvipav622001:0DB8:0:A:9:67:115:8 ENDVIPADYNAMIC

VIPADYNAMIC VIPADELETE dvipav63 ENDVIPADYNAMIC

VIPADYNAMIC VIPARANGE dvipav642001:0DB8:0:A/64 ENDVIPADYNAMIC

VIPADYNAMIC VIPADISTRIBUTE DEFINE dvipav61 PORT 23DESTIP ALL ENDVIPADYNAMIC

See the detailed VIPA presentation out on the TecDocs web site:http://www.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS789

28


IPCONFIG6 Statement● IPCONFIG6 options similar to IPCONFIG

• DATAGRAMFWD/NODATAGRAMFWD enables/disables the transfer of data between networks interfaces.

• FWDMULTIPATH PERPACKET/NOFWDMULTIPATH enables/disables interface to interface packet routing on an approximate round-robin basis.

• IGNOREREDIRECT causes TCP/IP to ignore ICMP Redirect packets.• SOURCEVIPA/NOSOURCEVIPA enables/disables use of a VIPA assigned to

the SOURCEVIPAINT interface as the source address for outbound datagrams that do not have an explicit source address.

• MULTIPATH/NOMULTIPATH enables/disables multipath routing.• DYNAMICXCF configures IPv6 Dynamic XCF (and IUTSAMEH).

➔ INTFID optionally statically defines 64-bit interface ID➔ XCF interface name is EZ6XCFnn where nn is the sysclone value➔ IUTSAMEH interface name is EZ6SAMEMVS

● IPCONFIG6 options with no IPCONFIG equivalent• HOPLIMIT limits number of hops a packet can travel enroute.• IGNOREROUTERHOPLIMIT/NOIGNOREROUTERHOPLIMIT

enables/disables the configured global hop limit value being overridden by a router advertisement value.

• ICMPERRORLIMIT controls the rate at which ICMP error messages can be sent to a particular IPv6 destination address.

If the stack is not configured for IPv6 and IPCONFIG6 is specified TCP/IP starts up with EZZ0695I IPCONFIG6 NOT VALID -IPv6 SUPPORT IS NOT ENABLED.

NODATAGRAMFWD -Stops transfer of data between networks by disabling IP routing between different network interfaces.DATAGRAMFWD - Enables the routing of data between interfaces. NOFWDMULTIPATH - If multiple equal-cost paths to a destination the first active route is used. The default. FWDMULTIPATH PERPACKET - A route on a round-robin basis is selected.IGNOREREDIRECT - Causes TCP/IP to ignore ICMP Redirect packets.NOSOURCEVIPA - Specifies TCP/IP does not request to use VIPA address as source IP address for outbound datagrams. The default.SOURCEVIPA - TCP/IP uses VIPA assigned to SOURCEVIPAINT interface as the source addr for outbound datagrams that do not have

an explicit source addr. If multiple addrs are assigned to SOURCEVIPAINT interface, the source addr will be selected from the addrs according to default source address selection algorithm.

NOMULTIPATH - Disables multipath routing selection algorithm for outbound traffic. If there are multiple equal-cost routes to a destination and NOMULTIPATH is specified, TCP/IP uses the first active route. The default.

MULTIPATH - Enables the multipath routing selection algorithm for outbound IP traffic. If MULTIPATH is specified without any subparameters, the default is PERCONNECTION.

PERCONNECTION - A route on a round-robin basis is selected for each destination. Connection or connectionless oriented IP packets using the same association always use the same route.

PERPACKET - A route on an approximate round-robin basis is selected for each packet. All IP packets for a given association with a destination host are spread across the multiple equal-cost routes.

HOPLIMIT - Number of hops a packet can travel enroute to the destination. If the destination is more hops away, the packet will never reach the destination. The valid range is between 1 and 255. The default is 255.

IGNOREROUTERHOPLIMIT - Your configuredHOPLIMIT value is always used. Any router advertisement from a router with a different hop limit value is ignored.

NOIGNOREROUTERHOPLIMIT - Causes TCP/IP to Not ignore a Router Advertisement from a router with a different hop limit value. This results in the configured global hop limit value being overridden by the router advertisement value for all routes using the interface the router advertisement was received on. This is the default.

ICMPERRORLIMIT - This parameter controls rate at which ICMP error messages can be sent to an IPv6 destination address. The number specified is messages per second. The default is 3 messages per second, and the valid range is 1-20 messages per second.

DYNAMICXCF - creates XCF and IUTSAMEH link. Dynamic XCF must be either static or dynamic; either static IPv4 XCF and static IPv6 XCF, or dynamic IPv4 XCF and dynamic IPv6

XCF. Once the IPv6 dynamic XCF address has been established/enabled, it cannot be changed without recycling the TCP stack.

29


IPv6 Source IP Address● IPCONFIG and IPCONFIG6 SOURCEVIPA

• Allows outbound connections and datagrams to use a static VIPA as source IP address• Independence from physical adapter failure• SOURCEVIPA is different for each stack

● IPCONFIG and IPCONFIG6 TCPSTACKSOURCEVIPA• Provides Sysplex source VIPA when used with Sysplex Distributor• Supports DVIPAs• Ephemeral Port assignment coordinated among stacks when SYSPLEXPORTS is

specified● SRCIP/ENDSRCIP

• TCPSTACKSOURCEVIPA applies to all outbound TCP connections• SRCIP allows each job to have its own IP address• TCPSTACKSOURCEVIPA only works if no bind() is issued before connect()• SRCIP works for applications that issue an explicit bind() to inaddr_any (unspecified

address)• ExampleSRCIP JOBNAME USER15 9.43.242.5 JOBNAME USER* 9.43.242.4 JOBNAME USER15 2EC0::092B:F203 JOBNAME JOB* ETHER1 JOBNAME * 9.43.242.3 ENDSRCIP

SRCIP is the preferred method for Source IP Address Specification.

Problem Statement: Sysplex as a Single System1) TCPSTACKSOURCEVIPA applies to all outbound TCP connections Same address for all connections if enabled2) TCPSTACKSOURCEVIPA only works if no bind() is issued before the connect() Even if the bind() is to inaddr_any3) SHARE Requirement Single Sysplex IP address, inbound and outbound TCPSTACKSOURCEVIPA Single IP address for an application Job-Specific Source IP Address

30


Routing

31


Static Routing● IPv6 BEGINROUTES; BEGINRoutes Defines static routes to the IP route tableBEGINRoutes; Direct Routes; Destination Subnet Mask First Hop Link/Int Packet SizeROUTE 130.50.75.0 255.255.255.0 = TR1 MTU 2000ROUTE 193.5.2.0/24 = ETH1 MTU 1500ROUTE 9.67.43.0 255.255.255.0 = FDDI1 MTU 4000ROUTE 193.7.2.2 HOST = SNA1 MTU 2000ROUTE 2001:0CD8:1/128 = OSAQDIO26 MTU 2000

ROUTE 2001:0CD8:1/128 = OSAQDIO28 MTU 2000

; Indirect Routes; Destination Subnet Mask First Hop Link/Int Packet SizeROUTE 193.12.2.0 255.255.255.0 130.50.75.10 TR1 MTU 2000ROUTE 10.5.6.4 HOST 193.5.2.10 ETH1 MTU 1500; Default Route; Destination First Hop Link/Int Packet SizeROUTE DEFAULT 9.67.43.99 FDDI1 MTU DEFAULTSIZEROUTE DEFAULT6 2001:0CD8:1::5160 OSAQDIO26 MTU DEFAULTSIZE

ROUTE DEFAULT6 2001:0CD8:1::5180 OSAQDIO28 MTU DEFAULTSIZE

ENDRoutes

Use the BEGINROUTES statement to add static routes to the IP route table. The GATEWAY statement is not enhanced to support IPv6 routes.

The IP address can be an IPv4 or IPv6 address and does not need to be a fully qualified address. The first hop gateway IP address can also support either IPv4 or IPv6 addresses, but must be a fully qualified address.

dest_ipaddr/dest_ipv6addr - The destination IPv4 or IPv6 address. An IPv4 address must be fully qualified.prefixLength: Valid range 1-128.First hop portion of the ROUTE statement may contain either an IPv4 first hop address. It must be either a fully qualified address or an

equal sign (=).link_name or interface name is the link or interface through which packets are sent to the specified destination.MTU mtu_size - The maximum transmission unit (MTU) in bytes for the destination. This value can be up to 65535. The keyword

DEFAULTSIZE in this field requests that TCP/IP supply a default value of 576 for IPv4 routes and 1280 for IPv6 routes. You cannot specify an MTU smaller than the default MTU size. For IPv4 the default MTU is 576 and for IPv6 it is 1280.

Opts - Options are unchanged: NOREPLaceable | REPLaceable, MAXImumretransmittime 120.00 | MAXImumretransmittime seconds, MINImumretransmittime 0.50 | MINImumretransmittime seconds, ROUNDTRIPGain 0.125 | ROUNDTRIPGain value, VARIANCEGain 0.25 | VARIANCEGain value, VARIANCEMultiplier 2.00 |VARIANCEMultiplier value, DELAYAcks | NODELAYAcks

IPv6 Standards require a minimum of 2 default routers so when the last default route is deleted a default route is added back into the routing table.

32


Dynamic Routing● IPv6 Learns some Routing

• Some routes can be dynamically learned without OMPROUTE➔ Default routes➔ Direct prefix routes➔ ICMP redirects

● OMPROUTE• IPv6 RIPng (RIP next generation)

➔ Like IPv4 RIP➔ Based upon the Distance Vector Algorithm➔ Max metric is 15➔ Advertise full routing table every 30 seconds➔ Routes time out if not refreshed in 3 minutes➔ Extensive filters➔ Changes primarily to accommodate IPv6 addressing - bigger addresses, address

prefixes, and link local addresses.• IPv6 OSPF (OSPFv3)

➔ Like IPv4 OSPF (OSPFv2)➔ Default hello interval is 10, dead router is 40, database exchange is 40➔ Default interface cost is 1, designated router priority is 1➔ etc.➔ Router ID defaults to IPv4 OSPF Router ID if running or it must be specified

Unlike IPv4, IPv6 dynamically learns some routing information without dynamic routing protocols OSPF or RIP.

33


Resolver

34


Resolver

● HOSTS.SITEINFO, HOSTS.ADDRINFO files and /etc/hosts file• IPv4 only

● COMMONSEARCH/NOCOMMONSEARCH• Whether the common local host file search order is to be used for:

➔ MVS and UNIX environments➔ IPv4 and IPv6 queries

• COMMONSEARCH is the recommended setting● ETC.IPNODES is a local host file with IPv4 and/or IPv6 addresses

• Setup statements to identify the first and final search location for the ETC.IPNODES local host file.

• GLOBALIPNODES• DEFAULTIPNODES

● Resolver retrieves IPv4 and/or IPv6 addresses from DNS• Resolver communication with DNS supports IPv6 DNS address starting z/OS

V2R1

VTAM

TCP/IP

OMVS

Resolver

z/OS

BPXPRMxx

PROCLIB

Resolver Setup FileCOMMONSEARCH

GlobalTCPIPDATA

DefaultTCPIPDATA

GlobalIPNODESDefault

IPNODES

HOSTS.SITEINFO and .ADDRINFO files continue to be generated from HOSTS.LOCAL file via MAKESITE utility. ETC.IPNODES may contain both IPv4 and IPv6 addresses. IPv6 addresses can only be defined in ETC.IPNODES.For GLOBALIPNODES and DEFAULTIPNODES, the syntax and format of the specified file names is the following: Fully qualified MVS dataset name. The beginning and end quotes are required. The dataset name is not case sensitive. The dataset

characteristics must be Fixed (F) or Fixed Block (FB), with LRECL between 56 and 256, inclusive. Sequential file or PDS member are both allowed. HFS file absolute pathname. Beginning slash is required. The HFS pathname is case sensitive. The maximum line length is 256 characters.

IPv6 ETC.IPNODES search order: GLOBALIPNODES RESOLVER_IPNODES environment variable (Unix only) userid/jobname.ETC.IPNODES hlq.ETC.IPNODES DEFAULTIPNODES /etc/ipnodesIPv4 HOSTS.LOCAL search order: MVS Environment userid/jobname.HOSTS.xxxxINFO hlq.HOSTS.xxxxINFO Unix Environment X_SITE and X_ADDR environment variables /etc/hosts userid.HOSTS.xxxxINFO hlq.HOSTS.xxxxINFOSpecifying the new Resolver COMMONSEARCH setup statement is recommended as the way to simplify the search order choices: IPv6 search order will be used for IPv4 searches as well MVS and UNIX environments would utilize the same search order for IPv4 searches as well as IPv6 searches All local resources can be defined in a single local host file (ETC.IPNODES) rather than spread across multiple files (ETC.IPNODES

and HOSTS.LOCAL) Applicable to both new and old Resolver APIs

35


FTP

36


IPv4 FTP● IPv4 FTP Client Active Mode

• FTP.DATA FWFRIENDLY FALSE (default)• ftp ipv4_addr1• put file_name

● IPv4 FTP Client Passive Mode• FTP.DATA FWFRIENDLY TRUE• ftp ipv4_addr1• put file_name

● IPv4 FTP Client Proxy Mode• FTP.DATA FWFRIENDLY TRUE• ftp ipv4_addr1• proxy open ipv4_addr2• proxy put file_name

z/OSFTP

Client

z/OSFTP

Client

z/OSFTP

Clientipv4_addr2port_num2

z/OSFTP

Serveripv4_addr1

Controlport_num1

Data port usedto send connect

z/OSFTP

Serveripv4_addr1

Controlport_num1

Dataport_num2

z/OSFTP

Serveripv4_addr1

Controlport_num1

Dataport_num3

z/OSFTP

Serveripv4_addr2

Controlport_num2

These packets do notactually pass throughthe left FTP Server

connect ipv4_addr1 port_num3

STOR file_name

Control Connectionconnect ipv4_addr1 port_num1

Data ConnectionPORT ipv4_addr2 at port_num2

200 Port Request OK

connect ipv4_addr2 at port_num2

STOR file_name


Data ConnectionPASV

227 Entering Passive Mode ipv4_addr1 port_num2


STOR file_name



Data ConnectionPASV

227 Entering Passive Modeipv4_addr1 port_num3

PORT ipv4_addr1 port_num3

200 PORT request OK

For the client you may specify an IPv4 address, a hostname, an IPv4-mapped IPv6 address, or an IPv6 address. userid.NETRC support: The NETRC data set provides you with an alternative to specifying the user_id and password as REXEC values or FTP batch client

values. An IPv6 address may be specified in the NETRC data set. DNS names that resolve to IPv6 addresses can be specified.FTP.DATA statements supported for IPv4 Addresses / Connections Only: SECURE_MECHANISM GSSAPI (KERBEROS) SOCKSCONFIGFILE For IPv4 SOCKS Servers only. If SOCKS server defined as a DNS name, the FTP client resolves name to IPv4 addresses only. FWFRIENDLY Irrelevant / Ignored with IPv6 partner RFC 2428 specification: EPSV is used for data transfer to/from IPv6 FTP partner EPRT reserved for proxy transfer.There are no FTP.DATA statements for IPv6 enablement.GSSAPI authentication (KERBEROS) is supported only for IPv4 connections. The client will fail the negotiation when the connection is

IPv6. Kerberos channel-bindings have not yet been defined for IPv6 connections SSL/TLS security is fully supported for IPv6 connections. GSSAPI authentication (KERBEROS) is supported only for IPv4 connections. The client will fail the negotiation when the connection is

IPv6.The SOCKSCONFIGFILE is referenced only for IPv4 connections. in the SOCKSCONFIGFILE itself, only IPv4 addresses are supported.

If you define a SOCKS server as a DNS name, the FTP client will resolve that name to IPv4 addresses only. The FWFRIENDLY FTP.DATA statement applies to IPv4 connections only. As specified by RFC 2428, when connected to an IPv6 FTP

server, EPSV is used to start a data transfer. EPRT is reserved for proxy transfer.FWFRIENDLY statement applies to IPv4 connections only.

37


IPv6 FTP● IPv6 FTP Server enabled automatically when stack is Dual-Mode● All IPv6 FTP Client connections are in Passive Mode (no Active Mode

Support)● IPv6 FTP Client

• IPFWFRIENDLY Ignored• ftp ipv6_addr1• put file_name

● IPv6 FTP Client Proxy Mode• ftp ipv6_address1• proxy open ipv6_address2• proxy put file_name

z/OSFTP

Client

z/OSFTP

Client

z/OSFTP

Serveripv6_addr1

Controlport_num1

Dataport_num2

z/OSFTP

Serveripv6_addr1

Controlport_num1

Dataport_num3

z/OSFTP

Serveripv6_addr2

Controlport_num2

These packets do notactually pass throughthe left FTP Server


STOR file_name


Data ConnectionEPSV

229 Entering Extended Passive Mode port_num2


STOR file_name



Data ConnectionEPSV

229 Entering Passive Modeport_num3

EPRT ipv6_addr1 port_num3

200 EPRT request OK

FTP client and daemon test the LPAR as soon as they are started to determine whether it is IPv4 only or dual-mode. It does this by opening an AF_INET6 socket. If the socket() call fails with errno EINVAL and errnoJr = EAFNOTSUPPORTED, FTP knows it must be executing on an IPv4-only LPAR (one or more IPv4-only stacks). FTP records the result to avoid issuing extended socket API calls (IPv6 socket calls) on the IPv4-only LPAR

A sockaddr is an API programming structure that includes port number and IP address of the endpoint.FTP daemon (server) On the IPv4 only stack, the sockaddrs are always AF_INET. On the dual stack, the sockaddrs are always AF_INET6.FTP client On the IPv4 only stack, the sockaddrs are always AF_INET. On the dual-mode LPAR, the FTP Client opens an AF_INET socket to connect to servers with IPv4 addresses; it opens an AF_INET6

socket to connect to servers with IPv6 addresses.The server needs to know whether its session is IPv4 or IPv6 when it is establishing a data connection. The z/OS server has always

used the same local interface (IP address) for the data connection that is used for the control connection. It ensures the stack will use the same interface by binding the data socket to the server's control connection local IP address. If the client logs in with an IPv4 address, that server local control connection IP address will be IPv4. On the dual stack, the control connection local sockaddr will be AF_INET6, but the IP address may be in the mapped format (::ffff:a.b.c.d). If the client logs in with an IPv6 address, the server's local control connection IP address will be IPv6. Once a socket is bound to an IP address, it can only be connected to IP addresses of the same protocol. The z/OS FTP server forces the data connection to be the same protocol as the control connection.

This is more restrictive than the RFCs 959 and 2428 state. In theory, an OEM server could have one protocol for the control connection and the other for the data connection. But the z/OS server cannot allow mixing.

z/OS FTP implements RFC 2428, which amounts to simply using other FTP commands in place of PORT and PASV commands when exchanging IP addresses. The z/OS FTP implements IPv6 via the commands EPRT (extended PORT) and EPSV (extended PASV) defined in this RFC.

EPRT and EPSV can be used with either IPv4 addresses or IPv6 addresses. In theory, RFC 2428 allows any address family whose address family number is defined in RFC 1700, but the RFC is explicit (and therefore implementable) only for IPv4 and IPv6 addressing.

There is an oddity surrounding EPRT in RFC 2428: EPRT is used only for proxy data transfers -- not for standard data transfers between client and server. For all data transfers, RFC 2428 specifies that EPSV will be used.

38


Enterprise Extender

39


Enterprise Extender (EE)

● HOSTNAME and IPv6 address Support for IPv6 and Connection Network/NAT• IPv4 non-Connection Network EE already worked with NAT• HOSTNAME keyword (1R5) (start option, GROUP, path definition) or IPv6 addr (V2R1)

(start option, path def in sw major node) to represent local and remote IPV6 VIPA➔ Recommended for IPv4 also since it provides solution for Connection Network/NAT➔ HOSTNAME overrides IPADDR

• PORT IPRESOLV on PATH statement➔ Specifies the number of seconds VTAM waits for IP address resolution

EBN

ENx

NNxIPNodes

hostx=10.2.1.1EBNx=10.1.1.1

EBNx.x.com

dest=2.2.2.2,src=10.2.1.1

dest=10.2.1.1,src=2.2.2.2

hostx.x.com

Company x.com intranet

hostx=1.1.1.2EBNx=1.1.1.1

FW

x.compublicDNS

intranet Public

10.1.1.1 1.1.1.1

10.2.1.1 1.1.1.2

EBN

ENy

NNyIPNodes

Hosty=192.168.2.1EBNy=192.168.1.1

EBNy.y.com

dest=192.168.2.1,src=1.1.1.2

dest=1.1.1.2,src=192.168.2.1

hosty.y.com

Company y.com intranet

Hosty=2.2.2.2EBNy=2.2.2.1

FW

y.compublicDNS

Public intranet

2.2.2.1 192.168.1.1

2.2.2.2 192.168.2.1

dest=2.2.2.2,src=1.1.1.2

dest=1.1.1.2,src=2.2.2.2

EE architecture has been updated to allow the EE connection network control vectors to carry the ip address and hostname corresponding to the EE VIPA.

Administrative requirement of coordinating NAT tables and public DNS entries is a known administrative procedure to installations that use NAT.

40


inetd

41


inetd

● inetd (internet daemon server)• remote execution (orexec) client and remote execution (orexecd) server• remote shell (orshd) server• telnet server (otelnetd)

/etc/inetd.conf file:#=============================================================================== # service | socket | proto-| wait/ | user | server | server program # name | type | col | nowait| | program | arguments ...shell stream tcp nowait OMVSKERN /usr/sbin/orshd orshd -k KRB5exec stream tcp nowait OMVSKERN /usr/sbin/orexecd orexecd -dLV otelnet stream tcp6 nowait bpxroot /usr/sbin/otelnetd otelnetd

Protocol Field: tcp, udp, tcp6, udp6

The inetd server applications have been updated with IPv6 support.

42


SMF

43


SMF

● SMF Record Types• SMF118 - IPv4 addresses only.• SMF119 - Records have room for IPv6 addresses.

● Three Different Places to Request SMF Records• PROFILE.TCPIP SMFCONFIG parameters

➔ TCP/IP Statistics records➔ TCP Connection Initiation and Termination records➔ FTP Client Transfer Complete records➔ TN3270 Client Initiation and Termination records➔ Interface Link Utilization Statistics records➔ Reserved Port Utilization Statistics records➔ TCP/IP Stack Start and Stop records➔ UDP Socket Termination records

• PROFILE.TCPIP TELNETPARMS parameters➔ TN3270 Server SNA Session Initiation and Termination records

• FTP.DATA statements for FTP Server records➔ FTP Transfer Complete records➔ APPEND➔ DELETE➔ JES➔ Login Failure

➔ RENAME➔ RETRIEVE➔ SQ➔ STORE➔ UNIQUE STORE

Type 118 FTP client and server transfer completion records are generated for IPv6 connections, but leave the IP address field empty. All other type 118 SMF records are not generated for IPv6 connections.

SMF Recording must be enabled: SYS1.PARMLIB(SMFPRMxx) SYS(TYPE(119)) INTVAL(x) SYNCVAL(x)NETSTAT CONFIG/-f output shows SMF specifications in SMFCONFIG statement.IPCS Command TCPIPCS displays all PROFILE.TCPIP configuration settings.Display TCPIP,,Telnet,PROFile displays telnet initialization and termination settings.SNMP applications can communicate over an IPv6 connection: osnmp command SNMP agent (OSNMPD) Trap Forwarder daemon MVS TCPIP subagentsDPI 2.0 enabled for AF_INET6pwtokey and pwchange commands Accept IPv6 addresses

44


More Information

45


Web Sites and Documents

● IBM Technical Documentshttp://www.ibm.com/support/techdocs

● IBM Redbookshttp://www.redbooks.ibm.com

● z/OS Home Pagehttp://www.ibm.com/systems/z/os/zos/

● IPv6 Information Pageshttp://www.ipv6forum.comhttp://arin.nethttp://www.internet2.eduhttp://www.ipv6.org

● z/OS Manuals• IP Configuration Guide, SC273650• IP Configuration Reference, SC273651• IPv6 Network and Application Design Guide, SC273663

46


The End