z/VMVersion 7 Release 1

TCP/IP Planning and Customization

IBM

SC24-6331-02

Note:

Before you use this information and the product it supports, read the information in “Notices” on page719.

This edition applies to version 7, release 1, modification 0 of IBM z/VM (product number 5741-A09) and to allsubsequent releases and modifications until otherwise indicated in new editions.

Last updated: 2019-04-11© Copyright International Business Machines Corporation 1987, 2019.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract withIBM Corp.

Contents

List of Figures...................................................................................................... xvList of Tables......................................................................................................xvii

About This Document..........................................................................................xixIntended Audience.................................................................................................................................... xixConventions and Terminology...................................................................................................................xix

How the Term “internet” Is Used in This Document...........................................................................xixSyntax, Message, and Response Conventions.................................................................................... xix

Where to Find More Information..............................................................................................................xxiiLinks to Other Documents and Websites........................................................................................... xxii

How to Send Your Comments to IBM.................................................................. xxiiiSummary of Changes for z/VM TCP/IP Planning and Customization.................... xxiv

SC24-6331-02, z/VM Version 7 Release 1 (April 2019)........................................................................ xxivSC24-6331-01, z/VM Version 7 Release 1 (December 2018)............................................................... xxivSC24-6331-00, z/VM Version 7 Release 1.............................................................................................. xxvSC24-6238-11, z/VM Version 6 Release 4 (December 2017)............................................................... xxviSC24-6238-10, z/VM Version 6 Release 4 (August 2017).....................................................................xxviSC24-6238-09, z/VM Version 6 Release 4 (March 2017)...................................................................... xxvi

Crypto Express APVIRT Support for z/VM TLS/SSL Server and LDAP/VM........................................xxviSC24-6238-08, z/VM Version 6 Release 4............................................................................................. xxvi

z/VM LDAP Server and Client Utilities z/OS V2.2 Equivalency..........................................................xxviz/VM MPROUTE Server z/OS V2.2 Equivalency................................................................................xxviizManager Support Removed............................................................................................................. xxviiDomain Name System (DNS) IPv6 Support......................................................................................xxvii

Chapter 1. Planning Considerations....................................................................... 1Introducing TCP/IP...................................................................................................................................... 1

Connectivity and Gateway Functions.....................................................................................................1Server Functions.....................................................................................................................................1Client Functions......................................................................................................................................3Network Status and Management Functions.........................................................................................3Application Programming Interfaces.....................................................................................................3

Migration Information and Resources.........................................................................................................4User ID Privilege Class Considerations....................................................................................................... 4User ID Minidisk Considerations................................................................................................................. 5Shared File System (SFS) Considerations................................................................................................... 6Implications of Assigning Different Server Virtual Machine Names...........................................................6

Accommodating Changed Server Names.............................................................................................. 6Multiple Server Instance Restrictions....................................................................................................9Mutually Exclusive Servers.....................................................................................................................9

Publication References................................................................................................................................ 9

Chapter 2. System Requirements for TCP/IP.........................................................11z/VM Device Definition Considerations..................................................................................................... 11Hardware Environment..............................................................................................................................11Network Attachments................................................................................................................................11

Open System Adapter-Express (OSA-Express)................................................................................... 11HiperSockets........................................................................................................................................ 11Channel-to-Channel Support...............................................................................................................11IUCV......................................................................................................................................................12

iii

z/VM Virtual Network Adapters........................................................................................................... 12Software Environment............................................................................................................................... 12

Chapter 3. Defining the TCP/IP System Parameters.............................................. 13Configuring the TCPIP DATA File............................................................................................................... 13Statement Syntax.......................................................................................................................................13

ATSIGN statement................................................................................................................................14DOMAINLOOKUP statement................................................................................................................ 14DOMAINORIGIN statement................................................................................................................. 15DOMAINSEARCH statement ............................................................................................................... 16HOSTNAME statement......................................................................................................................... 18NSINTERADDR statement................................................................................................................... 18NSPORTADDR statement..................................................................................................................... 19RESOLVERTIMEOUT statement........................................................................................................... 19RESOLVERUDPRETRIES statement..................................................................................................... 20RESOLVEVIA statement....................................................................................................................... 20SECURETELNETCLIENT statement......................................................................................................20SMTPSERVERID statement..................................................................................................................21TCPIPUSERID statement..................................................................................................................... 21TRACE RESOLVER statement...............................................................................................................22UFTSERVERID statement.....................................................................................................................22USERDATA statement...........................................................................................................................22VMFILETYPE statement....................................................................................................................... 23VMFILETYPEDEFAULT statement........................................................................................................ 24

Testing the TCP/IP System Configuration................................................................................................. 25HOMETEST Command..........................................................................................................................25

Chapter 4. Configuring the Local Host Files...........................................................27ETC HOSTS File Syntax.............................................................................................................................. 27HOSTS LOCAL File Syntax..........................................................................................................................28

HOST Statement...................................................................................................................................28NET Statement..................................................................................................................................... 29Building the HOSTS LOCAL Site Table................................................................................................. 30

Chapter 5. General TCP/IP Server Configuration................................................... 33Virtual Machine Definitions........................................................................................................................33

Required Virtual Machines................................................................................................................... 33Optional Virtual Machines.................................................................................................................... 33

Methods of Server Configuration...............................................................................................................35The DTCPARMS File..............................................................................................................................35Configuring the DTCPARMS File...........................................................................................................36Customizing Servers.............................................................................................................................43Automatic Generation of Selected Startup Parameters......................................................................44Adding New Servers and Server Classes............................................................................................. 44Duplicating and Running Existing Servers........................................................................................... 44Server Profile Exits............................................................................................................................... 46Global Profile Exit................................................................................................................................. 48IBM Diagnostic Profile Exit...................................................................................................................48Customizing Server-specific Exits........................................................................................................49GCS Servers.......................................................................................................................................... 50

TCP/IP Configuration File Overview.......................................................................................................... 50Server Administrative Command Interface Summary..............................................................................51

Stopping TCP/IP Servers...................................................................................................................... 51Starting TCP/IP Servers........................................................................................................................52TCP/IP and SSL Server Logon Restrictions.......................................................................................... 52

Chapter 6. Configuring the FTP Server..................................................................55

iv

Step 1: Update PROFILE TCPIP.................................................................................................................55Step 2: Update the DTCPARMS File...........................................................................................................55

SRVRFTP Command............................................................................................................................. 56Step 3: Establish FTP Server Machine Authorizations..............................................................................56Step 4: Customize the SRVRFTP CONFIG File.......................................................................................... 57FTP Server Configuration File Statements................................................................................................ 57

ANONYMOU Statement........................................................................................................................57AUTOTRANS Statement....................................................................................................................... 58DONTREDIRECT Statement................................................................................................................. 58FTAUDIT Statement............................................................................................................................. 59FTCHKCMD Statement......................................................................................................................... 59FTCHKDIR Statement...........................................................................................................................59FTPKEEPALIVE Statement................................................................................................................... 60INACTIVE Statement............................................................................................................................60LISTFORMAT Statement.......................................................................................................................60LOADDBCSTABLE Statement............................................................................................................... 61PASSIVEPORTRANGE Statement........................................................................................................ 62PORT Statement................................................................................................................................... 62RACF Statement................................................................................................................................... 63RDR Statement..................................................................................................................................... 63SECURECONTROL Statement.............................................................................................................. 64SECUREDATA Statement......................................................................................................................65SYSTEMGREETING Statement.............................................................................................................65TIMESTAMP Statement........................................................................................................................ 66TLSLABEL Statement........................................................................................................................... 66TRACE Statement................................................................................................................................. 67

Step 5: Configure Automatic File Translation (Optional).......................................................................... 67Step 6: Configure Secure FTP Connections (Optional)............................................................................. 68Step 7: Customize FTP Server Exits (Optional).........................................................................................68

Using the FTP Welcome Banner...........................................................................................................68Using the FTP Server Exit..................................................................................................................... 69Using the CHKIPADR Exit..................................................................................................................... 69CHKIPADR Input.................................................................................................................................. 71CHKIPADR Output................................................................................................................................ 71Example................................................................................................................................................ 71

Dynamic Server Operation.........................................................................................................................72SMSG Interface to the FTP Server.............................................................................................................73Providing Web Browser FTP Support........................................................................................................ 76

Chapter 7. Configuring the LDAP Server................................................................77Configuration Steps for the LDAP Server.................................................................................................. 77

Step 1: Update the TCP/IP Server Configuration File (PROFILE TCPIP).............................................77Step 2: Update the DTCPARMS File for the LDAP Server.................................................................... 78Step 3. Determine the LDAP Server BFS Directory Default.................................................................79Step 4. Set Up the User ID and Security for the LDAP Server.............................................................80Step 5. Copy the Configuration Files....................................................................................................81Step 6. Create and Customize the LDAP Configuration File (DS CONF)............................................. 81Step 7. Set the Time Zone..................................................................................................................103Step 8. Set Environment Variables (DS ENVVARS)........................................................................... 103Step 9. Verify the LDAP Server...........................................................................................................107Step 10. Finalize Setup of LDAP Backends....................................................................................... 108

Setting up for SDBM.................................................................................................................................109Setting up for GDBM................................................................................................................................ 110Setting up for CDBM................................................................................................................................ 111Configuring remote services support......................................................................................................112Setting up for SSL/TLS.............................................................................................................................112

Using SSL/TLS Protected Communications.......................................................................................112

v

Enabling the LDAP Server to Use IBM Z Cryptographic Hardware................................................... 113Creating and Using a Key Database...................................................................................................114Obtaining a Certificate....................................................................................................................... 114Enabling SSL/TLS Support................................................................................................................. 114Setting up the Security Options for the LDAP Server........................................................................ 114Setting up an LDAP Client.................................................................................................................. 119Support of Certificate Bind................................................................................................................ 119

Configuring for Encryption or Hashing.................................................................................................... 119One-way Hashing Formats.................................................................................................................120Two-way Encryption Formats............................................................................................................ 121Symmetric Encryption Keys............................................................................................................... 121Configuring for user and administrator password encryption or hashing........................................ 121Configuring for Secret Encryption......................................................................................................123

Configuring Plug-in Extensions............................................................................................................... 123Example Configuration Scenarios........................................................................................................... 123

Configuring SDBM and LDBM Backends............................................................................................124Configuring LDBM with Native Authentication and GDBM Backends...............................................124Configuring RACF/VM Change Logging with SDBM and GDBM Backends........................................125

Configuration File (DS CONF) Format and Configuration Options..........................................................125Specifying a Value for Filename.........................................................................................................127Specifying a Value for a Distinguished Name....................................................................................127Configuration File Checklist .............................................................................................................. 128Configuration File Options ................................................................................................................ 130

Dynamic Server Operation...................................................................................................................... 160SMSG Interface to the LDAP Server.................................................................................................. 160Dynamic Debugging........................................................................................................................... 161Activity logging................................................................................................................................... 161LDAP SMF Auditing.............................................................................................................................167Monitoring LDAP Server Resources................................................................................................... 169

Running and Using the LDAP Backend Utilities...................................................................................... 170Running the Backend Utilities in CMS............................................................................................... 170SSL/TLS Information for LDAP Utilities............................................................................................. 170DB2PWDEN (db2pwden utility)......................................................................................................... 171DS2LDIF (ds2ldif utility).....................................................................................................................173LDAPEXOP (ldapexop utility)............................................................................................................. 180

Internationalization Support .................................................................................................................. 189Translated Messages......................................................................................................................... 189UTF-8 Support....................................................................................................................................189

Chapter 8. Configuring the MPRoute Server........................................................ 191Understanding MPRoute..........................................................................................................................191Dynamic routing.......................................................................................................................................192

IPv4 dynamic routing using MPRoute............................................................................................... 192IPv6 dynamic routing using MPRoute............................................................................................... 194Using RIP, IPv6 RIP, OSPF, and IPv6 OSPF with MPRoute............................................................... 195Preventing futile neighbor state loops during adjacency formation.................................................196Special considerations....................................................................................................................... 197Dynamic Server Operation................................................................................................................. 198

Configuration Steps for the MPRoute Server.......................................................................................... 198Step 1. Update the TCP/IP server configuration file......................................................................... 198Step 2. Update the ETC SERVICES file.............................................................................................. 199Step 3. Create the MPRoute Configuration File.................................................................................199Step 4. Optional: Update the DTCPARMS File................................................................................... 199Step 5. Optional: Create static routes............................................................................................... 200Step 6. Optional: Configure OSPF authentication if using the IPv4 OSPF protocol......................... 200

MPROUTE Command............................................................................................................................... 201MPRoute configuration file...................................................................................................................... 201

vi

INCLUDE.............................................................................................................................................202Creating the MPRoute configuration file............................................................................................202OSPF configuration statements.........................................................................................................215RIP configuration statements............................................................................................................230IPv6 OSPF configuration statements................................................................................................ 240IPv6 RIP configuration statements................................................................................................... 249Common configuration statements for RIP and OSPF......................................................................257

Dynamic Server Operation...................................................................................................................... 262SMSG Interface to the MPRoute Server............................................................................................ 263

Chapter 9. Configuring the NFS Server................................................................327Step 1: Update PROFILE TCPIP.............................................................................................................. 327Step 2: Update the DTCPARMS File........................................................................................................ 327

VMNFS Command.............................................................................................................................. 328Using an External Security Manager..................................................................................................329

Step 3: Establish NFS Server Machine Authorizations........................................................................... 329Step 4: Customize the VMNFS CONFIG File........................................................................................... 329NFS Configuration File Statements......................................................................................................... 330

Syntax Rules.......................................................................................................................................330DUMPMOUNT Statement.........................................................................................................................330EXPORT Statement..................................................................................................................................331EXPORTONLY Statement......................................................................................................................... 332MAXTCPUSERS Statement...................................................................................................................... 332PCNFSD Statement..................................................................................................................................333VMFILETYPE Statement.......................................................................................................................... 334Step 5: Configure NFS Server File Translation Support (Optional)........................................................ 334Step 6: Verify NFS Server Operations..................................................................................................... 335Step 7: Advanced Configuration Considerations.................................................................................... 336

NFS Server Exits.................................................................................................................................336Managing Translation Tables............................................................................................................. 340Allowing Access to Migrated SFS and BFS Files................................................................................341Managing Data Transfer Operations.................................................................................................. 341Managing File Handle Operations......................................................................................................342Using Additional Security Capabilities...............................................................................................343

Dynamic Server Operation...................................................................................................................... 344SMSG Interface to the NFS Server.......................................................................................................... 344

SMSG CMS Command........................................................................................................................ 344SMSG REFRESH CONFIG Command................................................................................................. 345SMSG TWRITE Command.................................................................................................................. 346

Chapter 10. Configuring the Portmapper Server..................................................349Step 1: Update PROFILE TCPIP.............................................................................................................. 349Step 2: Update the DTCPARMS File........................................................................................................ 349

PORTMAP Command..........................................................................................................................350Step 3: Verify Portmapper Services........................................................................................................ 350

Chapter 11. Configuring the REXEC Server......................................................... 351Step 1: Update PROFILE TCPIP.............................................................................................................. 351Step 2: Update the DTCPARMS File........................................................................................................ 351Step 3: Define Additional Anonymous REXEC Agent Virtual Machines (Optional) ............................... 352Step 4: Establish REXEC Server Machine Authorizations.......................................................................352Using an External Security Manager....................................................................................................... 352REXECD Command.................................................................................................................................. 352Additional REXEC Considerations........................................................................................................... 353

How the REXEC Server Uses Secondary Virtual Machines............................................................... 353Anonymous REXEC Client Processing............................................................................................... 353User's Own Virtual Machines............................................................................................................. 354

vii

Usage Notes.............................................................................................................................................354

Chapter 12. Configuring the RSCS Print Server................................................... 355Configuring a TN3270E Printer............................................................................................................... 355Configuring an RSCS LPR Link................................................................................................................. 355

RSCSTCP CONFIG Configuration File................................................................................................ 355Configuring a Non-PostScript Printer................................................................................................ 356Available EPARMs for Non-PostScript Printers................................................................................. 357Configuring a PostScript Printer.........................................................................................................358Available EPARMs for PostScript Printers......................................................................................... 359

Configuring an RSCS LPD Link................................................................................................................. 363Available EPARMs for LPD Links........................................................................................................ 365

Configuring an RSCS TN3270E Printer Link............................................................................................367TAG Command for a TN3270E printer.................................................................................................... 373

Chapter 13. Configuring the SMTP Server........................................................... 377Step 1: Update PROFILE TCPIP.............................................................................................................. 377Step 2: Update the System (CP) Directory for the SMTP Server............................................................ 377Step 3: Update the DTCPARMS File........................................................................................................ 378

SMTP Command.................................................................................................................................378Step 4: Update the TCPIP DATA File for Domain Name Resolution....................................................... 378Step 5: Customize the SMTP CONFIG File.............................................................................................. 379Step 6: Additional SMTP Server Considerations.....................................................................................379

Use of MX Records............................................................................................................................. 379Local versus Non-local Mail Recipients.............................................................................................380

SMTP Server Configuration File Statements...........................................................................................380ALTRSCSDOMAIN Statement.............................................................................................................383ALTTCPHOSTNAME Statement..........................................................................................................383BADSPOOLFILEID Statement............................................................................................................383DBCS Statement.................................................................................................................................384FILESPERCONN Statement................................................................................................................385FINISHOPEN Statement.................................................................................................................... 385FORWARDMAIL Statement................................................................................................................ 385GATEWAY Statement......................................................................................................................... 387INACTIVE Statement......................................................................................................................... 387IPMAILERADDRESS Statement......................................................................................................... 387LOCALFORMAT Statement................................................................................................................. 388LOG Statement................................................................................................................................... 389MAILER Statement.............................................................................................................................389MAILHOPCOUNT Statement..............................................................................................................390MAXCONNPERSITE Statement..........................................................................................................391MAXMAILBYTES Statement...............................................................................................................391NOLOG Statement..............................................................................................................................391ONDISKFULL Statement.................................................................................................................... 392OUTBOUNDOPENLIMIT Statement...................................................................................................393PORT Statement.................................................................................................................................393POSTMASTER Statement...................................................................................................................393RCPTRESPONSEDELAY Statement....................................................................................................394RESOLVERRETRYINT Statement....................................................................................................... 394RESTRICT Statement......................................................................................................................... 395RETRYAGE Statement........................................................................................................................ 395RETRYINT Statement.........................................................................................................................396REWRITE822HEADER Statement..................................................................................................... 396RSCSDOMAIN Statement...................................................................................................................397RSCSFORMAT Statement...................................................................................................................397SECURE Statement............................................................................................................................ 398SMSGAUTHLIST Statement............................................................................................................... 398

viii

SMTPCMDS Statement.......................................................................................................................398SOURCEROUTES Statement.............................................................................................................. 400SUPPRESSNOTIFICATION Statement...............................................................................................402TEMPERRORRETRIES Statement...................................................................................................... 402TLS Statement....................................................................................................................................403TLSLABEL Statement......................................................................................................................... 403TRACE Statement...............................................................................................................................404VERIFYBATCHSMTPSENDER Statement...........................................................................................404VERIFYCLIENT Statement................................................................................................................. 405VERIFYCLIENTDELAY Statement...................................................................................................... 406WARNINGAGE Statement..................................................................................................................4068BITMIME Statement........................................................................................................................ 407

Configuring the Server for Secure SMTP.................................................................................................407SMTP Server Exits....................................................................................................................................408Configuring a TCP/IP-to-RSCS Mail Gateway......................................................................................... 408

SMTPRSCS Command........................................................................................................................ 409Configuring a TCP/IP-to-RSCS Secure Mail Gateway............................................................................. 410

Creating an SMTP Security Table.......................................................................................................410Operands............................................................................................................................................ 410

Defining Nicknames and Mailing Lists Using the SMTP NAMES File...................................................... 412Customizing SMTP Mail Headers.............................................................................................................413

The SMTP RULES File......................................................................................................................... 414Format of the Field Definition Section...............................................................................................414Format of the Rule Definition Section................................................................................................416Syntax Convention of the SMTP Rules...............................................................................................416

Predefined Keywords within the SMTP Rules.........................................................................................418Default SMTP Rules................................................................................................................................. 419

SMTP Non-Secure Gateway Configuration Defaults......................................................................... 419SMTP Secure Gateway Configuration Defaults................................................................................. 420

Examples of Header Rewrite Rules.........................................................................................................420Dynamic Server Operation-SMSG Interface to the SMTP Server...........................................................421

General User SMSG Commands........................................................................................................ 422Privileged User SMSG Commands..................................................................................................... 423

Chapter 14. Configuring the SNMP Servers......................................................... 441SNMP Overview....................................................................................................................................... 441Configuring the SNMP Daemon............................................................................................................... 441Step 1: Update PROFILE TCPIP.............................................................................................................. 442Step 2: Update the DTCPARMS File for SNMPD and SNMPSUBA.......................................................... 442Step 3: Create the MIB Data File.............................................................................................................443Step 4: Configure the SNMP Daemon..................................................................................................... 443

SNMPD Command..............................................................................................................................443TRAP Destination file...............................................................................................................................444PW SRC File..............................................................................................................................................444SNMP Daemon Installation Steps........................................................................................................... 446

SNMP Daemon................................................................................................................................... 446Setting up an SNMP Subagent........................................................................................................... 446Adding User-defined MIBs to an SNMP Subagent............................................................................ 447

Configuring the SNMP Client................................................................................................................... 447SNMP Client Overview............................................................................................................................. 448Step 1: Update PROFILE TCPIP.............................................................................................................. 449Step 2: Update the DTCPARMS File for SNMPQE................................................................................... 449SQESERV Command................................................................................................................................ 449Step 3: Create the MIB Data File.............................................................................................................450Step 4: Configure the SNMP/NetView Interface.....................................................................................451

SNMPIUCV..........................................................................................................................................451SNMP Command Processor............................................................................................................... 452

ix

SNMP Messages................................................................................................................................. 452SNMPIUCV Initialization Parameters................................................................................................ 452

SNMP Client Installation Steps............................................................................................................... 453SNMP Command Processor and SNMPIUCV on NetView................................................................. 453

Chapter 15. Configuring the SSL Server.............................................................. 455Overview of an SSL Session.....................................................................................................................456Understanding Certification Validation................................................................................................... 457

Certification Authorities and Self-Signed Certificates...................................................................... 458Step 1: Determine the SSL Server Configuration For Your Installation..................................................459

Single Versus Multiple SSL Server Configurations............................................................................ 459Step 1a: Enabling the SSL Server to Use IBM Z Cryptographic Hardware.............................................462Step 2: Update the TCP/IP Server Configuration File (PROFILE TCPIP)................................................462Step 3: Update the DTCPARMS File for the TCP/IP Server.....................................................................463Step 4: Update the DTCPARMS File for the SSL DCSS Management Agent Server............................... 463

SSLIDCSS Command..........................................................................................................................464Step 5: Update the DTCPARMS File for the SSL Server Pool.................................................................. 465

VMSSL Command............................................................................................................................... 467Step 6: Set Up the Certificate (Key) Database........................................................................................ 477Step 7: Implement Customization for Protected Communications....................................................... 481

Step 7A. Designate the Secure Ports (Static SSL Connections)....................................................... 481Step 7B. Configure TLS Services (Dynamic SSL/TLS Connections)..................................................482

Dynamic Server Operation...................................................................................................................... 482SSL Server Administration................................................................................................................. 482

SSL Server Administration Commands................................................................................................... 484General SSLADMIN Command................................................................................................................ 485SSLADMIN CLEAR Command.................................................................................................................. 487SSLADMIN CLOSECON Command...........................................................................................................487SSLADMIN HELP Command.................................................................................................................... 487SSLADMIN LOG Command...................................................................................................................... 487SSLADMIN QUERY Command................................................................................................................. 488SSLADMIN REFRESH Command............................................................................................................. 494SSLADMIN RESTART Command..............................................................................................................494SSLADMIN SET Command.......................................................................................................................494SSLADMIN START Command.................................................................................................................. 495SSLADMIN STOP Command.................................................................................................................... 495SSLADMIN SYSTEM Command............................................................................................................... 495SSLADMIN TRACE/NOTRACE Command................................................................................................ 497SSLPOOL Command................................................................................................................................ 499Migrating Certificates From a Prior-Level SSL Server Certificate Database...........................................501

Chapter 16. Configuring the TCP/IP Server......................................................... 503TCPIP Virtual Machine Configuration Process........................................................................................ 503

Step 1: Create a Multiprocessor Configuration................................................................................. 503Step 2: Update the DTCPARMS File................................................................................................... 504Step 3: Create an Initial Configuration File....................................................................................... 505TCP/IP Configuration Statements......................................................................................................519Summary of TCP/IP Configuration Statements.................................................................................520

ACBPOOLSIZE Statement....................................................................................................................... 523ADDRESSTRANSLATIONPOOLSIZE Statement...................................................................................... 524ARPAGE Statement..................................................................................................................................524ASSORTEDPARMS Statement................................................................................................................. 525AUTOLOG Statement............................................................................................................................... 529BLOCK Statement.................................................................................................................................... 530CCBPOOLSIZE Statement....................................................................................................................... 532DATABUFFERLIMITS Statement............................................................................................................. 532DATABUFFERPOOLSIZE Statement........................................................................................................ 533

x

DEVICE and LINK Statements.................................................................................................................534Intelligent default MTU Values Based on the Device and Link Type................................................ 534DEVICE and LINK statements for CTC Devices................................................................................. 534DEVICE and LINK Statements for HiperSockets Connections..........................................................537DEVICE and LINK Statements for Local IUCV Connections..............................................................540DEVICE and LINK Statements for Remote IUCV Connections......................................................... 543DEVICE and LINK Statements for LCS Devices................................................................................. 546DEVICE and LINK Statements for OSD Devices................................................................................ 549DEVICE and LINK Statements for Virtual Devices (VIPA).................................................................554

ENVELOPEPOOLSIZE Statement............................................................................................................ 555FILE Statement........................................................................................................................................ 556FIXEDPAGESTORAGEPOOL.....................................................................................................................557FOREIGNIPCONLIMIT Statement...........................................................................................................558FOREIGNIPPOOLSIZE Statement...........................................................................................................559GATEWAY Statement............................................................................................................................... 560HOME Statement..................................................................................................................................... 571ICMPERRORLIMIT Statement.................................................................................................................575INFORM Statement................................................................................................................................. 576INTERNALCLIENTPARMS Statement......................................................................................................576IPROUTEPOOLSIZE Statement............................................................................................................... 581KEEPALIVEOPTIONS Statement............................................................................................................. 582LARGEENVELOPEPOOLSIZE Statement................................................................................................. 583LESSTRACE Statement............................................................................................................................ 584MAXRESTART Statement.........................................................................................................................585MONITORRECORDS Statement...............................................................................................................585MORETRACE Statement.......................................................................................................................... 587NCBPOOLSIZE Statement....................................................................................................................... 587NOSCREEN Statement.............................................................................................................................588NOTRACE Statement............................................................................................................................... 588OBEY Statement...................................................................................................................................... 589PACKETTRACESIZE Statement............................................................................................................... 590PATHMTUAGE Statement........................................................................................................................ 591PENDINGCONNECTIONLIMIT Statement.............................................................................................. 592PERMIT Statement.................................................................................................................................. 593PERSISTCONNECTIONLIMIT Statement................................................................................................ 594PORT Statement...................................................................................................................................... 594PRIMARYINTERFACE Statement............................................................................................................ 598RCBPOOLSIZE Statement....................................................................................................................... 599RESTRICT Statement...............................................................................................................................600ROUTERADV Statement.......................................................................................................................... 601ROUTERADVPREFIX Statement.............................................................................................................. 603SCBPOOLSIZE Statement....................................................................................................................... 604SCREEN Statement..................................................................................................................................605SKCBPOOLSIZE Statement..................................................................................................................... 605SMALLDATABUFFERPOOLSIZE Statement.............................................................................................606SOMAXCONN Statement......................................................................................................................... 607SSLLIMITS Statement............................................................................................................................. 607SSLSERVERID Statement........................................................................................................................ 608START Statement.....................................................................................................................................609STOP Statement.......................................................................................................................................609SYSCONTACT Statement......................................................................................................................... 610SYSLOCATION Statement........................................................................................................................610TCBPOOLSIZE Statement........................................................................................................................611TIMESTAMP Statement........................................................................................................................... 612TINYDATABUFFERPOOLSIZE Statement................................................................................................612TN3270E Statement................................................................................................................................613TRACE Statement.................................................................................................................................... 614TRACEONLY Statement........................................................................................................................... 616

xi

TRANSLATE Statement............................................................................................................................617UCBPOOLSIZE Statement....................................................................................................................... 618VSWITCH CONTROLLER Statement........................................................................................................ 618Changing the TCP/IP Configuration with the IFCONFIG Command.......................................................622IFCONFIG Command...............................................................................................................................622Changing the TCP/IP Configuration with the OBEYFILE Command....................................................... 636OBEYFILE Command............................................................................................................................... 636Starting and Stopping TCP/IP Services...................................................................................................638

Chapter 17. Configuring the UFT Server..............................................................641Step 1: Update PROFILE TCPIP.............................................................................................................. 641Step 2: Update the DTCPARMS File........................................................................................................ 641UFTD Command.......................................................................................................................................641Step 3: Update the TCPIP DATA File....................................................................................................... 642Step 4: Customize the UFTD CONFIG File.............................................................................................. 642UFT Configuration File Statements......................................................................................................... 642IDENTIFY Statement............................................................................................................................... 642MAXFILEBYTES Statement..................................................................................................................... 643NSLOOKUP Statement.............................................................................................................................643PORT Statement...................................................................................................................................... 644TRACE Statement.................................................................................................................................... 644TRANSLATE Statement............................................................................................................................645UFTCMDS EXIT Statement...................................................................................................................... 646Step 5: Advanced Configuration Considerations.................................................................................... 647

DNS Lookup Exit.................................................................................................................................647Protocol Commands Exit....................................................................................................................648

Dynamic Server Operation...................................................................................................................... 649UFTD Subcommands............................................................................................................................... 649IDENTIFY Subcommand......................................................................................................................... 649NSLOOKUP Subcommand....................................................................................................................... 650QUERY Subcommand.............................................................................................................................. 651QUIT Subcommand................................................................................................................................. 651STOP Subcommand................................................................................................................................. 651TRACE Subcommand...............................................................................................................................652UFTCMDS EXIT Subcommand.................................................................................................................653UFT Clients and Servers for Other Platforms..........................................................................................654

Chapter 18. Configuring the RSCS UFT Client......................................................655Step 1: Update the RSCSTCP CONFIG Configuration File...................................................................... 655

UFT Client LINKDEFINE and PARM Statements............................................................................... 655Operands............................................................................................................................................ 656

Step 2: Update the RSCSUFT CONFIG Configuration File...................................................................... 656Step 3: Update the TCPIP DATA File....................................................................................................... 656

Chapter 19. Using Translation Tables..................................................................659Character Sets and Code Pages.............................................................................................................. 659TCP/IP Translation Table Files................................................................................................................ 659Translation Table Search Order...............................................................................................................660

Special Telnet Requirements.............................................................................................................661IBM-Supplied Translation Tables............................................................................................................661Customizing SBCS Translation Tables.....................................................................................................664

Syntax Rules for SBCS Translation Tables.........................................................................................665Customizing DBCS Translation Tables.................................................................................................... 665

DBCS Translation Table......................................................................................................................665Syntax Rules for DBCS Translation Tables........................................................................................ 665Sample DBCS Translation Tables.......................................................................................................666

Converting Translation Tables to Binary................................................................................................. 667

xii

CONVXLAT Command........................................................................................................................ 668

Chapter 20. Testing and Verification................................................................... 669Loopback Testing..................................................................................................................................... 669TCP/IP Checksum Testing....................................................................................................................... 669

CHECKSUM Statement.......................................................................................................................669NOCHECKSUM Statement..................................................................................................................669

Chapter 21. Using Source Code Libraries............................................................ 671VMFASM EXEC, VMFHASM EXEC, and VMFHLASM EXEC.......................................................................671VMFPAS EXEC.......................................................................................................................................... 672VMFC EXEC.............................................................................................................................................. 672TCPTXT EXEC........................................................................................................................................... 673TCPLOAD EXEC........................................................................................................................................ 674TCPCOMP EXEC....................................................................................................................................... 675Special Considerations............................................................................................................................ 675

Appendix A. Using TCP/IP with an External Security Manager.............................677Server Validation Methods...................................................................................................................... 677Security Interfaces.................................................................................................................................. 677

Server Initialization............................................................................................................................ 678Client Authentication......................................................................................................................... 678Resource Access................................................................................................................................ 679The DTCPARMS File............................................................................................................................679

Minidisk Security......................................................................................................................................680Using TCP/IP with RACF.......................................................................................................................... 680

Steps for using TCP/IP with RACF..................................................................................................... 680

Appendix B. SMF records................................................................................... 683SMF Record Type 83, subtype 3 records................................................................................................ 683RACF SMF unload utility output.............................................................................................................. 686

Appendix C. Activity Log Records....................................................................... 699Activity Log Start and End Field Descriptions......................................................................................... 699

Activity Log mergedRecord Field Descriptions..................................................................................703

Appendix D. Related Protocol Specifications.......................................................709

Appendix E. Abbreviations and Acronyms...........................................................715Notices..............................................................................................................719

Programming Interface Information.......................................................................................................720Trademarks.............................................................................................................................................. 720Terms and Conditions for Product Documentation................................................................................ 721IBM Online Privacy Statement................................................................................................................ 721

Bibliography...................................................................................................... 723Where to Get z/VM Information.............................................................................................................. 723z/VM Base Library....................................................................................................................................723z/VM Facilities and Features................................................................................................................... 725Prerequisite Products.............................................................................................................................. 726Other TCP/IP Related Publications......................................................................................................... 726

Index................................................................................................................ 729

xiii

xiv

List of Figures

1. Native authentication example...................................................................................................................942. General format of DS CONF...................................................................................................................... 1263. The SMTP Virtual Machine Configured as a Mail Gateway.......................................................................4094. Overview of NetView SNMP Support........................................................................................................ 4485. Sample MIB_DESC DATA Line...................................................................................................................4516. Host routing under single subnet............................................................................................................. 5067. Subnet assignment for destinations beyond a single hop....................................................................... 5068. Basic host routing configuration...............................................................................................................5079. Adding hosts to subnetted interfaces...................................................................................................... 50710. Single VIPA Configuration.......................................................................................................................51111. Point-to-Point Link.................................................................................................................................. 51612. Example of route types...........................................................................................................................56313. Example of Network Connectivity Using Variable Subnetting...............................................................56414. Example of Network Using equal-cost multipath routes.......................................................................56615. Intranet with Two Guest LANs................................................................................................................56716. An IPv6 multicast default route on the GATEWAY statement............................................................... 571

xv

xvi

List of Tables

1. Examples of Syntax Diagram Conventions..................................................................................................xx2. TCP/IP Server and User ID Assigned Privilege Classes................................................................................43. Required TCP/IP Server Minidisk Links...................................................................................................... 334. Required Virtual Machines.......................................................................................................................... 335. Optional Virtual Machines........................................................................................................................... 346. DTCPARMS File Search................................................................................................................................357. DTCPARMS Tags for Configuring Servers....................................................................................................378. Server Parameters Generated at Initialization...........................................................................................449. TCP/IP Server-specific Exits....................................................................................................................... 4910. Configuration Files and Minidisk Location Summary............................................................................... 5011. Operating modes for native authentication binding................................................................................ 8712. The errno values returned by __passwd() when binding.........................................................................8813. Operating modes for updating native password or password phrases................................................... 8914. The errno values returned by __passwd() when updating password or password phrase.................... 9115. Behavior of native authentication in example 1.......................................................................................9416. Behavior of native authentication in example 2.......................................................................................9517. cn=configuration entry attribute descriptions......................................................................................... 9818. cn=Replication,cn=configuration entry attribute descriptions..............................................................10019. cn=Replication,cn=Log Management,cn=Configuration entry attribute descriptions..........................10220. cn=safadmingroup,cn=configuration entry attribute descriptions....................................................... 10221. Debug levels............................................................................................................................................10622. SSL ciphers supported by the sslCipherSpecs configuration option.....................................................11723. Sample checklist and DS CONF (using SDBM and LDBM)..................................................................... 12424. Sample checklist and DS CONF (using GDBM and LDBM).....................................................................12425. Sample checklist and DS CONF (using SDBM and GDBM).....................................................................12526. Configuration file options checklist........................................................................................................ 12827. Mapping between Unicode and UTF-8...................................................................................................18928. Multipath route limitations..................................................................................................................... 19729. Route precedence...................................................................................................................................21530. MPROUTE IPv4 Route Type and COST Value mapping..........................................................................29531. MPROUTE IPv6 Route Type and COST Value mapping..........................................................................32232. Correct Combinations for TRANS and FEATURE Settings......................................................................37333. SMTP CONFIG Configuration Statements.............................................................................................. 38034. Privileged SMTP SMSG Commands........................................................................................................ 42435. Mail Forwarding Exit - Sample Queries.................................................................................................. 42636. SMTP Command Exit - Sample Queries................................................................................................. 43437. Client Verification Exit - Sample Queries............................................................................................... 44038. SSLV2 Cipher Suite Values......................................................................................................................47139. SSLV3 and TLS Cipher Suite