IBM: TCP/IP for VM

WINDOW SCALING ERRORS DEGRADE SECURE CONNECTION THROUGHPUT

 
 APAR Identifier ...... PK84255      Last Changed ........ 09/08/24
 WINDOW SCALING ERRORS DEGRADE SECURE CONNECTION THROUGHPUT
 
 Symptom ...... PR PERFORMANCE       Status ........... CLOSED  PER
 Severity ................... 4      Date Closed ......... 09/04/16
 Component .......... 5735FAL00      Duplicate of ........
 Reported Release ......... 530      Fixed Release ............ 999
 Component Name TCP/IP V2 FOR V      Special Notice
 Current Target Date ..              Flags
 SCP ...................
 Platform ............
 
 Status Detail: SHIPMENT - Packaged solution is available for
                           shipment.
 
 PE PTF List:
 
 PTF List:
 Release 530   : UK45879 available 09/04/21 (0902 )
 Release 540   : UK45880 available 09/04/21 (0902 )
 
 Parent APAR:
 Child APAR list:
 
 ERROR DESCRIPTION:
 When a secure file transfer (FTP) of a large file is performed,
 the time required for such a transfer is significantly greater
 than for a nonsecure transfer of that same file. CPU utilization
 and DASD I/O have been determined to not be factors in causing
 this discrepency.  Investigation of this problem has shown that
 the observed performance degredataion occurs due to the manner
 in which the TCP/IP server uses and manages data buffers, as
 data is processed for the virtual machines involved in the data
 transfer (the FTP and SSL servers, in this instance).
 
 LOCAL FIX:
 None.
 
 PROBLEM SUMMARY:
 ****************************************************************
 * USERS AFFECTED: All z/VM TCP/IP SSL users that negotiate TLS *
 *                 security                                     *
 ****************************************************************
 * PROBLEM DESCRIPTION:                                         *
 ****************************************************************
 * RECOMMENDATION: APPLY PTF                                    *
 ****************************************************************
 Performance is degraded for large data transfers that flow
 through the z/VM SSL server when TLS security is negotiated.
 In some cases, the degradation can be significant.
 
 PROBLEM CONCLUSION:
 When TLS security is negotiated, the original non-secure
 connection is broken into multiple connections with the SSL
 server in the middle.  The internal connection that is
 established between the SSL server and the client/server
 incorrectly reset the window scale for one side of the
 connection.  This mismatch caused the window size to be
 miscalculated causing retransmissions and time delays.
 
 The window scale factors have been updated so that they
 match on both sides of the internal connection.  Data
 IS NO LONGER RETRANSMITTED CONSISTENTLY FOR LARGE DATA
 transfers.
 
 TEMPORARY FIX:
 
 COMMENTS:
 
 MODULES/MACROS:   TCPIP    TCPSSL
 
 SRLS:      NONE
 
 RTN CODES:
 
 CIRCUMVENTION:
 
 MESSAGE TO SUBMITTER: