· Contents. Figures................................................................................................................xv Tables

z/VMVersion 7 Release 1

TCP/IP Planning and Customization

IBM

SC24-6331-03

Note:

Before you use this information and the product it supports, read the information in “Notices” on page715.

This edition applies to version 7, release 1, modification 0 of IBM z/VM (product number 5741-A09) and to allsubsequent releases and modifications until otherwise indicated in new editions.

Last updated: 2020-05-13© Copyright International Business Machines Corporation 1987, 2020.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract withIBM Corp.

Contents

Figures................................................................................................................ xv

Tables............................................................................................................... xvii

About This Document..........................................................................................xxiIntended Audience.................................................................................................................................... xxiConventions and Terminology...................................................................................................................xxi

How the Term “internet” Is Used in This Document.......................................................................... xxiSyntax, Message, and Response Conventions.................................................................................... xxi

Where to Find More Information............................................................................................................. xxivLinks to Other Documents and Websites.......................................................................................... xxiv

How to Send Your Comments to IBM...................................................................xxv

Summary of Changes for z/VM TCP/IP Planning and Customization................... xxviiSC24-6331-03, z/VM Version 7 Release 1 (May 2020)........................................................................ xxviiSC24-6331-02, z/VM Version 7 Release 1 (April 2019)....................................................................... xxviiSC24-6331-01, z/VM Version 7 Release 1 (December 2018)............................................................. xxviiiSC24-6331-00, z/VM Version 7 Release 1 (September 2018)............................................................ xxviiiSC24-6238-11, z/VM Version 6 Release 4 (December 2017)............................................................... xxixSC24-6238-10, z/VM Version 6 Release 4 (August 2017).................................................................... xxixSC24-6238-09, z/VM Version 6 Release 4 (March 2017)......................................................................xxix

Crypto Express APVIRT Support for z/VM TLS/SSL Server and LDAP/VM.........................................xxxSC24-6238-08, z/VM Version 6 Release 4 (November 2016)................................................................xxx

z/VM LDAP Server and Client Utilities z/OS V2.2 Equivalency...........................................................xxxz/VM MPROUTE Server z/OS V2.2 Equivalency..................................................................................xxxzManager Support Removed...............................................................................................................xxxDomain Name System (DNS) IPv6 Support....................................................................................... xxx

Chapter 1. Planning Considerations....................................................................... 1Introducing TCP/IP...................................................................................................................................... 1

Connectivity and Gateway Functions.....................................................................................................1Server Functions.....................................................................................................................................1Client Functions......................................................................................................................................3Network Status and Management Functions.........................................................................................3Application Programming Interfaces.....................................................................................................3

Migration Information and Resources.........................................................................................................4User ID Privilege Class Considerations....................................................................................................... 4User ID Minidisk Considerations................................................................................................................. 5Shared File System (SFS) Considerations................................................................................................... 6Implications of Assigning Different Server Virtual Machine Names...........................................................6

Accommodating Changed Server Names.............................................................................................. 6Multiple Server Instance Restrictions....................................................................................................9Mutually Exclusive Servers.....................................................................................................................9

Publication References................................................................................................................................ 9

Chapter 2. System Requirements for TCP/IP........................................................ 11z/VM Device Definition Considerations..................................................................................................... 11Hardware Environment..............................................................................................................................11

iii

Network Attachments................................................................................................................................11Open System Adapter-Express (OSA-Express)...................................................................................11HiperSockets........................................................................................................................................ 11Channel-to-Channel Support...............................................................................................................11IUCV......................................................................................................................................................12z/VM Virtual Network Adapters........................................................................................................... 12

Software Environment............................................................................................................................... 12

Chapter 3. Defining the TCP/IP System Parameters.............................................. 13Configuring the TCPIP DATA File...............................................................................................................13Statement Syntax...................................................................................................................................... 13

ATSIGN statement............................................................................................................................... 14DOMAINLOOKUP statement................................................................................................................14DOMAINORIGIN statement................................................................................................................. 15DOMAINSEARCH statement ............................................................................................................... 16HOSTNAME statement......................................................................................................................... 18HOSTVERIFICATION statement..........................................................................................................18NSINTERADDR statement................................................................................................................... 19NSPORTADDR statement.....................................................................................................................20RESOLVERTIMEOUT statement...........................................................................................................20RESOLVERUDPRETRIES statement.....................................................................................................20RESOLVEVIA statement....................................................................................................................... 21SECURETELNETCLIENT statement......................................................................................................21SMTPSERVERID statement..................................................................................................................21TCPIPUSERID statement..................................................................................................................... 22TRACE RESOLVER statement...............................................................................................................22UFTSERVERID statement.....................................................................................................................22USERDATA statement.......................................................................................................................... 23VMFILETYPE statement....................................................................................................................... 23VMFILETYPEDEFAULT statement........................................................................................................24

Testing the TCP/IP System Configuration.................................................................................................25HOMETEST Command..........................................................................................................................25

Chapter 4. Configuring the Local Host Files...........................................................27ETC HOSTS File Syntax.............................................................................................................................. 27HOSTS LOCAL File Syntax..........................................................................................................................28

HOST Statement...................................................................................................................................28NET Statement..................................................................................................................................... 29Building the HOSTS LOCAL Site Table................................................................................................. 30

Chapter 5. General TCP/IP Server Configuration...................................................33Virtual Machine Definitions........................................................................................................................33

Required Virtual Machines................................................................................................................... 33Optional Virtual Machines.................................................................................................................... 33

Methods of Server Configuration...............................................................................................................35The DTCPARMS File..............................................................................................................................35Configuring the DTCPARMS File...........................................................................................................36Customizing Servers.............................................................................................................................42Automatic Generation of Selected Startup Parameters......................................................................43Adding New Servers and Server Classes............................................................................................. 44Duplicating and Running Existing Servers........................................................................................... 44Server Profile Exits............................................................................................................................... 45Global Profile Exit................................................................................................................................. 47IBM Diagnostic Profile Exit...................................................................................................................48Customizing Server-specific Exits........................................................................................................48GCS Servers.......................................................................................................................................... 49

TCP/IP Configuration File Overview.......................................................................................................... 49

iv

Server Administrative Command Interface Summary..............................................................................50Stopping TCP/IP Servers......................................................................................................................51Starting TCP/IP Servers........................................................................................................................51TCP/IP and SSL Server Logon Restrictions..........................................................................................52

Chapter 6. Configuring the FTP Server..................................................................53Step 1: Update PROFILE TCPIP................................................................................................................ 53Step 2: Update the DTCPARMS File.......................................................................................................... 53

SRVRFTP Command............................................................................................................................. 54Step 3: Establish FTP Server Machine Authorizations..............................................................................54Step 4: Customize the SRVRFTP CONFIG File.......................................................................................... 55FTP Server Configuration File Statements................................................................................................ 55

ANONYMOU Statement........................................................................................................................55AUTOTRANS Statement....................................................................................................................... 56CLIENTCERTCHECK Statement........................................................................................................... 56DONTREDIRECT Statement................................................................................................................. 57FTAUDIT Statement............................................................................................................................. 57FTCHKCMD Statement......................................................................................................................... 57FTCHKDIR Statement.......................................................................................................................... 58FTPKEEPALIVE Statement................................................................................................................... 58INACTIVE Statement........................................................................................................................... 58LISTFORMAT Statement...................................................................................................................... 59LOADDBCSTABLE Statement...............................................................................................................59PASSIVEPORTRANGE Statement........................................................................................................ 60PORT Statement...................................................................................................................................61RACF Statement................................................................................................................................... 61RDR Statement..................................................................................................................................... 62SECURECONTROL Statement.............................................................................................................. 63SECUREDATA Statement..................................................................................................................... 63SYSTEMGREETING Statement.............................................................................................................64TIMESTAMP Statement........................................................................................................................64TLSLABEL Statement........................................................................................................................... 65TRACE Statement.................................................................................................................................65

Step 5: Configure Automatic File Translation (Optional)..........................................................................66Step 6: Configure Secure FTP Connections (Optional)............................................................................. 66Step 7: Customize FTP Server Exits (Optional).........................................................................................67

Using the FTP Welcome Banner.......................................................................................................... 67Using the FTP Server Exit..................................................................................................................... 67Using the CHKIPADR Exit..................................................................................................................... 68CHKIPADR Input.................................................................................................................................. 69CHKIPADR Output................................................................................................................................ 69Example................................................................................................................................................ 70

Dynamic Server Operation.........................................................................................................................71SMSG Interface to the FTP Server.............................................................................................................72Providing Web Browser FTP Support........................................................................................................ 76

Chapter 7. Configuring the LDAP Server............................................................... 77Configuration Steps for the LDAP Server.................................................................................................. 77

Step 1: Update the TCP/IP Server Configuration File (PROFILE TCPIP)............................................ 77Step 2: Update the DTCPARMS File for the LDAP Server.................................................................... 78Step 3. Determine the LDAP Server BFS Directory Default.................................................................79Step 4. Set Up the User ID and Security for the LDAP Server.............................................................80Step 5. Copy the Configuration Files................................................................................................... 81Step 6. Create and Customize the LDAP Configuration File (DS CONF)............................................. 81Step 7. Set the Time Zone..................................................................................................................103Step 8. Set Environment Variables (DS ENVVARS)........................................................................... 103Step 9. Verify the LDAP Server...........................................................................................................107

v

Step 10. Finalize Setup of LDAP Backends....................................................................................... 108Setting up for SDBM.................................................................................................................................109Setting up for GDBM................................................................................................................................ 110Setting up for CDBM................................................................................................................................ 111Configuring remote services support......................................................................................................112Setting up for SSL/TLS.............................................................................................................................112

Using SSL/TLS Protected Communications.......................................................................................112Enabling the LDAP Server to Use IBM Z Cryptographic Hardware................................................... 113Creating and Using a Key Database...................................................................................................114Obtaining a Certificate....................................................................................................................... 114Enabling SSL/TLS Support................................................................................................................. 114Setting up the Security Options for the LDAP Server........................................................................ 114Setting up an LDAP Client.................................................................................................................. 119Support of Certificate Bind................................................................................................................ 119

Configuring for Encryption or Hashing.................................................................................................... 119One-way Hashing Formats.................................................................................................................120Two-way Encryption Formats............................................................................................................121Symmetric Encryption Keys...............................................................................................................121Configuring for user and administrator password encryption or hashing........................................ 121Configuring for Secret Encryption......................................................................................................122

Configuring Plug-in Extensions............................................................................................................... 123Example Configuration Scenarios........................................................................................................... 123

Configuring SDBM and LDBM Backends............................................................................................124Configuring LDBM with Native Authentication and GDBM Backends...............................................124Configuring RACF/VM Change Logging with SDBM and GDBM Backends........................................125

Configuration File (DS CONF) Format and Configuration Options..........................................................125Specifying a Value for Filename.........................................................................................................127Specifying a Value for a Distinguished Name....................................................................................127Configuration File Checklist .............................................................................................................. 128Configuration File Options ................................................................................................................ 130

Dynamic Server Operation...................................................................................................................... 159SMSG Interface to the LDAP Server.................................................................................................. 159Dynamic Debugging........................................................................................................................... 161Activity logging................................................................................................................................... 161LDAP SMF Auditing.............................................................................................................................166Monitoring LDAP Server Resources................................................................................................... 168

Running and Using the LDAP Backend Utilities...................................................................................... 169Running the Backend Utilities in CMS............................................................................................... 169SSL/TLS Information for LDAP Utilities............................................................................................. 169DB2PWDEN (db2pwden utility)......................................................................................................... 170DS2LDIF (ds2ldif utility).....................................................................................................................172LDAPEXOP (ldapexop utility)............................................................................................................. 179

Internationalization Support .................................................................................................................. 188Translated Messages......................................................................................................................... 188UTF-8 Support....................................................................................................................................188

Chapter 8. Configuring the MPRoute Server........................................................ 189Understanding MPRoute......................................................................................................................... 189Dynamic routing.......................................................................................................................................190

IPv4 dynamic routing using MPRoute............................................................................................... 190IPv6 dynamic routing using MPRoute............................................................................................... 192Using RIP, IPv6 RIP, OSPF, and IPv6 OSPF with MPRoute............................................................... 193Preventing futile neighbor state loops during adjacency formation.................................................194Special considerations.......................................................................................................................195Dynamic Server Operation................................................................................................................. 196

Configuration Steps for the MPRoute Server.......................................................................................... 196Step 1. Update the TCP/IP server configuration file......................................................................... 196

vi

Step 2. Update the ETC SERVICES file.............................................................................................. 197Step 3. Create the MPRoute Configuration File.................................................................................197Step 4. Optional: Update the DTCPARMS File...................................................................................197Step 5. Optional: Create static routes............................................................................................... 198Step 6. Optional: Configure OSPF authentication if using the IPv4 OSPF protocol......................... 198

MPROUTE Command...............................................................................................................................199MPRoute configuration file...................................................................................................................... 199

INCLUDE.............................................................................................................................................200Creating the MPRoute configuration file........................................................................................... 200OSPF configuration statements.........................................................................................................213RIP configuration statements............................................................................................................228IPv6 OSPF configuration statements................................................................................................ 238IPv6 RIP configuration statements................................................................................................... 248Common configuration statements for RIP and OSPF......................................................................256

Dynamic Server Operation...................................................................................................................... 262SMSG Interface to the MPRoute Server............................................................................................ 262

Chapter 9. Configuring the NFS Server............................................................... 325Step 1: Update PROFILE TCPIP.............................................................................................................. 325Step 2: Update the DTCPARMS File........................................................................................................ 325

VMNFS Command.............................................................................................................................. 326Using an External Security Manager..................................................................................................327

Step 3: Establish NFS Server Machine Authorizations........................................................................... 327Step 4: Customize the VMNFS CONFIG File........................................................................................... 327NFS Configuration File Statements......................................................................................................... 328

Syntax Rules.......................................................................................................................................328DUMPMOUNT Statement.........................................................................................................................328EXPORT Statement..................................................................................................................................329EXPORTONLY Statement.........................................................................................................................330MAXTCPUSERS Statement...................................................................................................................... 330PCNFSD Statement..................................................................................................................................331VMFILETYPE Statement.......................................................................................................................... 332Step 5: Configure NFS Server File Translation Support (Optional)........................................................ 332Step 6: Verify NFS Server Operations..................................................................................................... 333Step 7: Advanced Configuration Considerations.................................................................................... 334

NFS Server Exits.................................................................................................................................334Managing Translation Tables.............................................................................................................338Allowing Access to Migrated SFS and BFS Files............................................................................... 339Managing Data Transfer Operations..................................................................................................339Managing File Handle Operations......................................................................................................340Using Additional Security Capabilities...............................................................................................341

Dynamic Server Operation...................................................................................................................... 342SMSG Interface to the NFS Server.......................................................................................................... 342

SMSG CMS Command........................................................................................................................ 342SMSG REFRESH CONFIG Command................................................................................................. 343SMSG TWRITE Command.................................................................................................................. 344

Chapter 10. Configuring the Portmapper Server..................................................347Step 1: Update PROFILE TCPIP.............................................................................................................. 347Step 2: Update the DTCPARMS File........................................................................................................ 347

PORTMAP Command......................................................................................................................... 348Step 3: Verify Portmapper Services........................................................................................................ 348

Chapter 11. Configuring the REXEC Server......................................................... 349Step 1: Update PROFILE TCPIP.............................................................................................................. 349Step 2: Update the DTCPARMS File........................................................................................................ 349Step 3: Define Additional Anonymous REXEC Agent Virtual Machines (Optional) ............................... 350

vii

Step 4: Establish REXEC Server Machine Authorizations.......................................................................350Using an External Security Manager....................................................................................................... 350REXECD Command.................................................................................................................................. 350Additional REXEC Considerations........................................................................................................... 351

How the REXEC Server Uses Secondary Virtual Machines............................................................... 351Anonymous REXEC Client Processing............................................................................................... 351User's Own Virtual Machines............................................................................................................. 352

Usage Notes.............................................................................................................................................352

Chapter 12. Configuring the RSCS Print Server................................................... 353Configuring a TN3270E Printer............................................................................................................... 353Configuring an RSCS LPR Link................................................................................................................. 353

RSCSTCP CONFIG Configuration File................................................................................................ 353Configuring a Non-PostScript Printer................................................................................................ 354Available EPARMs for Non-PostScript Printers................................................................................. 355Configuring a PostScript Printer.........................................................................................................356Available EPARMs for PostScript Printers......................................................................................... 357

Configuring an RSCS LPD Link................................................................................................................. 362Available EPARMs for LPD Links........................................................................................................ 363

Configuring an RSCS TN3270E Printer Link............................................................................................366TAG Command for a TN3270E printer.................................................................................................... 371

Chapter 13. Configuring the SMTP Server........................................................... 375Step 1: Update PROFILE TCPIP.............................................................................................................. 375Step 2: Update the System (CP) Directory for the SMTP Server............................................................ 375Step 3: Update the DTCPARMS File........................................................................................................ 376

SMTP Command.................................................................................................................................376Step 4: Update the TCPIP DATA File for Domain Name Resolution...................................................... 376Step 5: Customize the SMTP CONFIG File..............................................................................................377Step 6: Additional SMTP Server Considerations.....................................................................................377

Use of MX Records............................................................................................................................. 377Local versus Non-local Mail Recipients.............................................................................................378

SMTP Server Configuration File Statements...........................................................................................378ALTRSCSDOMAIN Statement............................................................................................................ 381ALTTCPHOSTNAME Statement..........................................................................................................381BADSPOOLFILEID Statement............................................................................................................381DBCS Statement.................................................................................................................................382FILESPERCONN Statement............................................................................................................... 383FINISHOPEN Statement.................................................................................................................... 383FORWARDMAIL Statement................................................................................................................383GATEWAY Statement......................................................................................................................... 385INACTIVE Statement......................................................................................................................... 385IPMAILERADDRESS Statement......................................................................................................... 385LOCALFORMAT Statement.................................................................................................................386LOG Statement................................................................................................................................... 387MAILER Statement.............................................................................................................................387MAILHOPCOUNT Statement..............................................................................................................388MAXCONNPERSITE Statement..........................................................................................................389MAXMAILBYTES Statement...............................................................................................................389NOLOG Statement..............................................................................................................................389ONDISKFULL Statement.................................................................................................................... 390OUTBOUNDOPENLIMIT Statement...................................................................................................391PORT Statement.................................................................................................................................391POSTMASTER Statement...................................................................................................................391RCPTRESPONSEDELAY Statement....................................................................................................392RESOLVERRETRYINT Statement.......................................................................................................392RESTRICT Statement......................................................................................................................... 393

viii

RETRYAGE Statement........................................................................................................................393RETRYINT Statement.........................................................................................................................394REWRITE822HEADER Statement..................................................................................................... 394RSCSDOMAIN Statement...................................................................................................................395RSCSFORMAT Statement...................................................................................................................395SECURE Statement............................................................................................................................ 396SMSGAUTHLIST Statement............................................................................................................... 396SMTPCMDS Statement.......................................................................................................................396SOURCEROUTES Statement.............................................................................................................. 398SUPPRESSNOTIFICATION Statement.............................................................................................. 400TEMPERRORRETRIES Statement...................................................................................................... 400TLS Statement....................................................................................................................................401TLSLABEL Statement......................................................................................................................... 402TRACE Statement...............................................................................................................................402VERIFYBATCHSMTPSENDER Statement.......................................................................................... 403VERIFYCLIENT Statement................................................................................................................. 403VERIFYCLIENTDELAY Statement...................................................................................................... 405WARNINGAGE Statement..................................................................................................................4058BITMIME Statement........................................................................................................................ 405

Configuring the Server for Secure SMTP.................................................................................................406SMTP Server Exits....................................................................................................................................406Configuring a TCP/IP-to-RSCS Mail Gateway......................................................................................... 407

SMTPRSCS Command........................................................................................................................ 408Configuring a TCP/IP-to-RSCS Secure Mail Gateway............................................................................. 408

Creating an SMTP Security Table.......................................................................................................409Operands............................................................................................................................................ 409

Defining Nicknames and Mailing Lists Using the SMTP NAMES File......................................................411Customizing SMTP Mail Headers.............................................................................................................412

The SMTP RULES File.........................................................................................................................412Format of the Field Definition Section...............................................................................................413Format of the Rule Definition Section................................................................................................414Syntax Convention of the SMTP Rules...............................................................................................415

Predefined Keywords within the SMTP Rules.........................................................................................417Default SMTP Rules................................................................................................................................. 418

SMTP Non-Secure Gateway Configuration Defaults......................................................................... 418SMTP Secure Gateway Configuration Defaults................................................................................. 418

Examples of Header Rewrite Rules.........................................................................................................419Dynamic Server Operation-SMSG Interface to the SMTP Server...........................................................419

General User SMSG Commands........................................................................................................ 421Privileged User SMSG Commands..................................................................................................... 423

Chapter 14. Configuring the SNMP Servers......................................................... 441SNMP Overview....................................................................................................................................... 441Configuring the SNMP Daemon............................................................................................................... 441Step 1: Update PROFILE TCPIP.............................................................................................................. 441Step 2: Update the DTCPARMS File for SNMPD and SNMPSUBA.......................................................... 442Step 3: Create the MIB Data File.............................................................................................................443Step 4: Configure the SNMP Daemon..................................................................................................... 443

SNMPD Command..............................................................................................................................443TRAP Destination file...............................................................................................................................444PW SRC File..............................................................................................................................................444SNMP Daemon Installation Steps........................................................................................................... 446

SNMP Daemon................................................................................................................................... 446Setting up an SNMP Subagent........................................................................................................... 446Adding User-defined MIBs to an SNMP Subagent............................................................................ 447

Configuring the SNMP Client................................................................................................................... 447SNMP Client Overview............................................................................................................................. 447

ix

Step 1: Update PROFILE TCPIP.............................................................................................................. 448Step 2: Update the DTCPARMS File for SNMPQE................................................................................... 449SQESERV Command................................................................................................................................ 449Step 3: Create the MIB Data File.............................................................................................................450Step 4: Configure the SNMP/NetView Interface.....................................................................................451

SNMPIUCV..........................................................................................................................................451SNMP Command Processor............................................................................................................... 451SNMP Messages................................................................................................................................. 452SNMPIUCV Initialization Parameters................................................................................................ 452

SNMP Client Installation Steps............................................................................................................... 453SNMP Command Processor and SNMPIUCV on NetView.................................................................453

Chapter 15. Configuring the SSL Server.............................................................. 455Overview of an SSL Session.....................................................................................................................456Understanding Certification Validation................................................................................................... 457

Certification Authorities and Self-Signed Certificates...................................................................... 458Step 1: Determine the SSL Server Configuration For Your Installation................................................. 459

Single Versus Multiple SSL Server Configurations............................................................................ 459Step 1a: Enabling the SSL Server to Use IBM Z Cryptographic Hardware.............................................462Step 2: Update the TCP/IP Server Configuration File (PROFILE TCPIP)................................................462Step 3: Update the DTCPARMS File for the TCP/IP Server.....................................................................463Step 4: Update the DTCPARMS File for the SSL DCSS Management Agent Server............................... 463

SSLIDCSS Command..........................................................................................................................464Step 5: Update the DTCPARMS File for the SSL Server Pool..................................................................465

VMSSL Command............................................................................................................................... 467Step 6: Set Up the Certificate (Key) Database........................................................................................477Step 7: Implement Customization for Protected Communications.......................................................480

Step 7A. Designate the Secure Ports (Static SSL Connections)....................................................... 481Step 7B. Configure TLS Services (Dynamic SSL/TLS Connections).................................................. 481

Dynamic Server Operation...................................................................................................................... 482SSL Server Administration................................................................................................................. 482

SSL Server Administration Commands................................................................................................... 483General SSLADMIN Command................................................................................................................ 484SSLADMIN CLEAR Command.................................................................................................................. 486SSLADMIN CLOSECON Command.......................................................................................................... 486SSLADMIN HELP Command.................................................................................................................... 487SSLADMIN LOG Command...................................................................................................................... 487SSLADMIN QUERY Command................................................................................................................. 487SSLADMIN REFRESH Command............................................................................................................. 493SSLADMIN RESTART Command............................................................................................................. 493SSLADMIN SET Command.......................................................................................................................494SSLADMIN START Command..................................................................................................................494SSLADMIN STOP Command....................................................................................................................495SSLADMIN SYSTEM Command............................................................................................................... 495SSLADMIN TRACE/NOTRACE Command................................................................................................497SSLPOOL Command................................................................................................................................ 499Migrating Certificates From a Prior-Level SSL Server Certificate Database.......................................... 501

Chapter 16. Configuring the TCP/IP Server......................................................... 503TCPIP Virtual Machine Configuration Process........................................................................................503

Step 1: Create a Multiprocessor Configuration................................................................................. 503Step 2: Update the DTCPARMS File...................................................................................................504Step 3: Create an Initial Configuration File....................................................................................... 505TCP/IP Configuration Statements......................................................................................................519Summary of TCP/IP Configuration Statements.................................................................................520

ACBPOOLSIZE Statement....................................................................................................................... 523ADDRESSTRANSLATIONPOOLSIZE Statement......................................................................................524

x

ARPAGE Statement..................................................................................................................................524ASSORTEDPARMS Statement................................................................................................................. 525AUTOLOG Statement...............................................................................................................................529BLOCK Statement.................................................................................................................................... 530CCBPOOLSIZE Statement....................................................................................................................... 532DATABUFFERLIMITS Statement.............................................................................................................532DATABUFFERPOOLSIZE Statement........................................................................................................533DEVICE and LINK Statements.................................................................................................................534

Intelligent default MTU Values Based on the Device and Link Type................................................ 534DEVICE and LINK statements for CTC Devices.................................................................................534DEVICE and LINK Statements for HiperSockets Connections......................................................... 537DEVICE and LINK Statements for Local IUCV Connections............................................................. 540DEVICE and LINK Statements for Remote IUCV Connections......................................................... 543DEVICE and LINK Statements for LCS Devices.................................................................................546DEVICE and LINK Statements for OSD Devices................................................................................ 549DEVICE and LINK Statements for Virtual Devices (VIPA).................................................................554

ENVELOPEPOOLSIZE Statement............................................................................................................ 555FILE Statement........................................................................................................................................ 556FIXEDPAGESTORAGEPOOL.....................................................................................................................557FOREIGNIPCONLIMIT Statement...........................................................................................................558FOREIGNIPPOOLSIZE Statement...........................................................................................................559GATEWAY Statement.............................................................................................................................. 559HOME Statement..................................................................................................................................... 570ICMPERRORLIMIT Statement.................................................................................................................574INFORM Statement................................................................................................................................. 575INTERNALCLIENTPARMS Statement......................................................................................................575IPROUTEPOOLSIZE Statement...............................................................................................................581KEEPALIVEOPTIONS Statement............................................................................................................. 581LARGEENVELOPEPOOLSIZE Statement................................................................................................. 582LESSTRACE Statement............................................................................................................................ 583MAXRESTART Statement........................................................................................................................ 584MONITORRECORDS Statement.............................................................................................................. 585MORETRACE Statement.......................................................................................................................... 586NCBPOOLSIZE Statement....................................................................................................................... 587NOSCREEN Statement.............................................................................................................................587NOTRACE Statement............................................................................................................................... 588OBEY Statement...................................................................................................................................... 588PACKETTRACESIZE Statement............................................................................................................... 589PATHMTUAGE Statement........................................................................................................................591PENDINGCONNECTIONLIMIT Statement.............................................................................................. 591PERMIT Statement.................................................................................................................................. 592PERSISTCONNECTIONLIMIT Statement................................................................................................593PORT Statement...................................................................................................................................... 594PRIMARYINTERFACE Statement............................................................................................................ 598RCBPOOLSIZE Statement....................................................................................................................... 599RESTRICT Statement...............................................................................................................................599ROUTERADV Statement.......................................................................................................................... 600ROUTERADVPREFIX Statement..............................................................................................................602SCBPOOLSIZE Statement....................................................................................................................... 604SCREEN Statement..................................................................................................................................605SKCBPOOLSIZE Statement..................................................................................................................... 605SMALLDATABUFFERPOOLSIZE Statement............................................................................................ 606SOMAXCONN Statement......................................................................................................................... 607SSLLIMITS Statement............................................................................................................................. 607SSLSERVERID Statement........................................................................................................................ 608START Statement.................................................................................................................................... 609STOP Statement...................................................................................................................................... 609SYSCONTACT Statement.........................................................................................................................610

xi

SYSLOCATION Statement....................................................................................................................... 610TCBPOOLSIZE Statement........................................................................................................................611TIMESTAMP Statement........................................................................................................................... 612TINYDATABUFFERPOOLSIZE Statement............................................................................................... 612TN3270E Statement................................................................................................................................613TRACE Statement.................................................................................................................................... 614TRACEONLY Statement........................................................................................................................... 616TRANSLATE Statement........................................................................................................................... 617UCBPOOLSIZE Statement....................................................................................................................... 618VSWITCH CONTROLLER Statement........................................................................................................618Changing the TCP/IP Configuration with the IFCONFIG Command.......................................................622IFCONFIG Command...............................................................................................................................622Changing the TCP/IP Configuration with the OBEYFILE Command.......................................................635OBEYFILE Command............................................................................................................................... 635Starting and Stopping TCP/IP Services...................................................................................................637

Chapter 17. Configuring the UFT Server..............................................................639Step 1: Update PROFILE TCPIP.............................................................................................................. 639Step 2: Update the DTCPARMS File........................................................................................................ 639UFTD Command.......................................................................................................................................639Step 3: Update the TCPIP DATA File.......................................................................................................640Step 4: Customize the UFTD CONFIG File.............................................................................................. 640UFT Configuration File Statements......................................................................................................... 640IDENTIFY Statement............................................................................................................................... 640MAXFILEBYTES Statement..................................................................................................................... 641NSLOOKUP Statement.............................................................................................................................641PORT Statement...................................................................................................................................... 642TRACE Statement.................................................................................................................................... 642TRANSLATE Statement........................................................................................................................... 643UFTCMDS EXIT Statement...................................................................................................................... 644Step 5: Advanced Configuration Considerations.................................................................................... 645

DNS Lookup Exit.................................................................................................................................645Protocol Commands Exit....................................................................................................................646

Dynamic Server Operation...................................................................................................................... 647UFTD Subcommands............................................................................................................................... 647IDENTIFY Subcommand......................................................................................................................... 647NSLOOKUP Subcommand....................................................................................................................... 648QUERY Subcommand.............................................................................................................................. 649QUIT Subcommand................................................................................................................................. 649STOP Subcommand.................................................................................................................................649TRACE Subcommand...............................................................................................................................650UFTCMDS EXIT Subcommand.................................................................................................................651UFT Clients and Servers for Other Platforms..........................................................................................652

Chapter 18. Configuring the RSCS UFT Client......................................................653Step 1: Update the RSCSTCP CONFIG Configuration File...................................................................... 653

UFT Client LINKDEFINE and PARM Statements............................................................................... 653Operands............................................................................................................................................ 654

Step 2: Update the RSCSUFT CONFIG Configuration File...................................................................... 654Step 3: Update the TCPIP DATA File.......................................................................................................654

Chapter 19. Using Translation Tables................................................................. 657Character Sets and Code Pages.............................................................................................................. 657TCP/IP Translation Table Files................................................................................................................657Translation Table Search Order.............................................................................................................. 658

Special Telnet Requirements.............................................................................................................659IBM-Supplied Translation Tables........................................................................................................... 659

xii

Customizing SBCS Translation Tables.................................................................................................... 662Syntax Rules for SBCS Translation Tables........................................................................................ 663

Customizing DBCS Translation Tables....................................................................................................663DBCS Translation Table..................................................................................................................... 663Syntax Rules for DBCS Translation Tables........................................................................................663Sample DBCS Translation Tables...................................................................................................... 664

Converting Translation Tables to Binary.................................................................................................665CONVXLAT Command........................................................................................................................ 666

Chapter 20. Testing and Verification...................................................................667Loopback Testing.....................................................................................................................................667TCP/IP Checksum Testing....................................................................................................................... 667

CHECKSUM Statement.......................................................................................................................667NOCHECKSUM Statement................................................................................................................. 667

Chapter 21. Using Source Code Libraries............................................................ 669VMFASM EXEC, VMFHASM EXEC, and VMFHLASM EXEC.......................................................................669VMFPAS EXEC.......................................................................................................................................... 670VMFC EXEC.............................................................................................................................................. 670TCPTXT EXEC...........................................................................................................................................671TCPLOAD EXEC........................................................................................................................................ 672TCPCOMP EXEC....................................................................................................................................... 673Special Considerations............................................................................................................................ 673

Appendix A. Using TCP/IP with an External Security Manager.............................675Server Validation Methods...................................................................................................................... 675Security Interfaces.................................................................................................................................. 675

Server Initialization............................................................................................................................ 676Client Authentication......................................................................................................................... 676Resource Access................................................................................................................................ 677The DTCPARMS File........................................................................................................................... 677

Minidisk Security......................................................................................................................................678Using TCP/IP with RACF.......................................................................................................................... 678

Steps for using TCP/IP with RACF..................................................................................................... 678

Appendix B. SMF records................................................................................... 681SMF Record Type 83, subtype 3 records................................................................................................ 681RACF SMF unload utility output.............................................................................................................. 684

Appendix C. Activity Log Records....................................................................... 697Activity Log Start and End Field Descriptions......................................................................................... 697

Activity Log mergedRecord Field Descriptions................................................................................. 701

Appendix D. Related Protocol Specifications...................................................... 705

Appendix E. Abbreviations and Acronyms.......................................................... 711

Notices..............................................................................................................715Programming Interface Information.......................................................................................................716Trademarks..............................................................................................................................................716Terms and Conditions for Product Documentation................................................................................ 717IBM Online Privacy Statement................................................................................................................ 717

Bibliography......................................................................................................719Where to Get z/VM Information.............................................................................................................. 719z/VM Base Library....................................................................................................................................719

xiii

z/VM Facilities and Features................................................................................................................... 721Prerequisite Products..............................................................................................................................722Other TCP/IP Related Publications......................................................................................................... 722

Index................................................................................................................ 725

xiv

Figures

1. Native authentication example...................................................................................................................94

2. General format of DS CONF...................................................................................................................... 126

3. The SMTP Virtual Machine Configured as a Mail Gateway.......................................................................407

4. Overview of NetView SNMP Support........................................................................................................ 448

5. Sample MIB_DESC DATA Line.................................................................................................................. 451

6. Host routing under single subnet............................................................................................................. 506

7. Subnet assignment for destinations beyond a single hop.......................................................................506

8. Basic host routing configuration...............................................................................................................507

9. Adding hosts to subnetted interfaces...................................................................................................... 507

10. Single VIPA Configuration.......................................................................................................................511

11. Point-to-Point Link..................................................................................................................................516

12. Example of route types...........................................................................................................................562

13. Example of Network Connectivity Using Variable Subnetting...............................................................563

14. Example of Network Using equal-cost multipath routes.......................................................................565

15. Intranet with Two Guest LANs............................................................................................................... 566

16. An IPv6 multicast default route on the GATEWAY statement.............................................................. 569

xv

Tables

1. Examples of Syntax Diagram Conventions................................................................................................xxii

2. TCP/IP Server and User ID Assigned Privilege Classes................................................................................4

3. Required TCP/IP Server Minidisk Links...................................................................................................... 33

4. Required Virtual Machines.......................................................................................................................... 33

5. Optional Virtual Machines........................................................................................................................... 34

6. DTCPARMS File Search............................................................................................................................... 35

7. DTCPARMS Tags for Configuring Servers................................................................................................... 37

8. Server Parameters Generated at Initialization...........................................................................................43

9. TCP/IP Server-specific Exits....................................................................................................................... 48

10. Configuration Files and Minidisk Location Summary............................................................................... 49

11. Operating modes for native authentication binding................................................................................ 87

12. The errno values returned by __passwd() when binding........................................................................ 88

13. Operating modes for updating native password or password phrases...................................................89

14. The errno values returned by __passwd() when updating password or password phrase....................92

15. Behavior of native authentication in example 1.......................................................................................94

16. Behavior of native authentication in example 2.......................................................................................95

17. cn=configuration entry attribute descriptions......................................................................................... 98

18. cn=Replication,cn=configuration entry attribute descriptions............................................................. 100

19. cn=Replication,cn=Log Management,cn=Configuration entry attribute descriptions......................... 101

20. cn=safadmingroup,cn=configuration entry attribute descriptions....................................................... 102

21. Debug levels............................................................................................................................................106

22. SSL ciphers supported by the sslCipherSpecs configuration option.....................................................116

23. Sample checklist and DS CONF (using SDBM and LDBM)..................................................................... 124

xvii

24. Sample checklist and DS CONF (using GDBM and LDBM).....................................................................124

25. Sample checklist and DS CONF (using SDBM and GDBM).....................................................................125

26. Configuration file options checklist........................................................................................................128

27. Mapping between Unicode and UTF-8...................................................................................................188

28. Multipath route limitations..................................................................................................................... 195

29. Route precedence...................................................................................................................................213

30. MPROUTE IPv4 Route Type and COST Value mapping......................................................................... 294

31. MPROUTE IPv6 Route Type and COST Value mapping......................................................................... 321

32. Correct Combinations for TRANS and FEATURE Settings..................................................................... 371

33. SMTP CONFIG Configuration Statements.............................................................................................. 378

34. Privileged SMTP SMSG Commands..........................................................