TCP/IP Level 440 Preventive Service Planning
(PSP) Bucket
**> Last update: 30 Sep 2006
**> Synch'd w/RETAIN: 02 Oct 2006
***********************
* SUBSET VM440 *
***********************
This SUBSET contains installation information for TCP/IP Level 440 for
z/VM Version 4 Release 4.0.
************************************************************************
* C H A N G E S U M M A R Y *
************************************************************************
Date Last
Changed Section
1. 2004/12/02 Installation Information
2. yyyy/mm/dd Documentation Changes
3. 2003/07/31 General Information
4. 2006/09/30 Service Recommendations -- See 0601RSU and 0501RSU
5. yyyy/mm/dd Cross Product Dependencies
Service Recommendation Summary
DATE APAR PTF VOLID COMMENTS
1. yyyy/mm/dd xxnnnnn xxnnnnn nnnn N/A
************************************************************************
* SECTION 1. I N S T A L L A T I O N I N F O R M A T I O N *
************************************************************************
This section contains changes relevant to the installation of the
product, or to its Program Directory.
8. 2004/12/02 Beginning with the 0404 RSU, TCP/IP RSU service includes
updates to the following sample files:
FTPEXIT SEXEC
FTPEXIT SAMPASM
Because these files have been updated through service,
messages DTCPRD3036W and DTCPRD3043I will be reported for
each of these files when they are placed into production
by the TCP2PROD utility. These messages serve to raise
awareness that the content of these sample files differs
from their production-use counterparts (FTPEXIT EXEC and
FTPEXIT ASSEMBLE) -- and, that such changes may affect the
use of these files in a production environment.
Messages DTCPRD3045I and DTCPRD3046I will also be
reported, which cite basic file attributes of the
pertinent sample and production-use files.
If a production file listed by message DTCPRD3046I is -NOT
USED- for your installation, you can manually replace that
file with its serviced sample counterpart to prevent
future occurrences of these messages, when files are again
processed after the installation of TCP/IP service. File
replacement in this instance should be done using the
VMSES/E VMFCOPY command illustrated here:
VMFCOPY samp_file_ID prod_file_ID (OLDDATE REPLACE
PRODID 4TCPIP40%TCPIP SPRODID 4TCPIP40%TCPIP
If a production file listed by message DTCPRD3046I -IS
USED- by your installation, do not replace that file.
Instead, review the content of the (serviced) sample
counterpart (cited by messages DTCPRD3045I) and adapt your
production file based on any changes present, as
warranted. Once this has been done, message DTCPRD3036W
(and its associated messages) then can be ignored.
7. 2003/07/31 Action Required -- Port Restriction Defaults Have Changed
Multiple TCP/IP Applications May Be Affected
Various TCP/IP applications may no longer function
unless you take action.
The security of the z/VM TCP/IP stack has been improved
by making the RESTRICTLOWPORTS operand of the
ASSORTEDPARMS statement active by default. Thus, all
TCP/IP applications that listen on "well-known" ports
(ports 1 through 1023) must be given permission to do
so. Such permission can be granted by customizing the
TCP/IP server configuration file (PROFILE TCPIP, or its
equivalent) in one of three ways:
1) Use the PORT statement to reserve the specific port
(or ports) required by each application (virtual
machine) used on your system. This is the preferred
method. Note that with z/VM Version 4 Release 4,
ports can be reserved within a specific range, in
addition to being reserved on an individual basis.
2) Modify the OBEY statement such that affected
application virtual machines are included in the
TCP/IP obey list.
3) Include the FREELOWPORTS operand as part of an
ASSORTEDPARMS statement. This method removes the
default protection for all well-known ports.
Note: When the RESTRICTLOWPORTS default is in effect and
appropriate port authorizations have not been
provided, applications that rely upon
"well-known" ports (for example, VM-based web
servers or remote printing functions such as LPR)
are likely to report "Unable to open port(s)" or
"Permission denied" conditions
6. 2003/07/31 When network devices are configured for the TCP/IP
(stack) server virtual machine, ensure that any virtual
device addresses specified for a device are available
for use. (Such virtual addresses are specified as part
of DEVICE statements within the TCP/IP server
configuration file -- PROFILE TCPIP, or its
equivalent.)
For example, for a default installation environment,
virtual addresses 401, 402 and 405 cannot be used for
network devices unless local adjustments are made.
These addresses have been reserved and defined within
the z/VM system directory for establishing links to
MAINT-owned National Language Support (NLS) HELP
minidisks, to allow specific help information to be
referenced in the appropriate environments.
5. 2003/07/31 It my be possible to address certain z/VM host
connectivity problems by including specific
ASSORTEDPARMS operands in the TCP/IP server
configuration file (PROFILE TCPIP, or its equivalent).
The OVERRIDEPRECEDENCE operand may help alleviate
general connectivity problems that arise when clients
alter TCP/IP Type-of-Service (TOS) values after a
connection has been established. Connections that
appear to close unexpectedly are symptomatic of a
possible need for using the OVERRIDEPRECEDENCE operand.
The NORFC1323 operand may help alleviate TN3270
connectivity problems that arise with Telnet
connections that are associated with Windows 95 (Win95)
hosts. Win95-initiated Telnet connections that appear
to "hang" on a regular basis, and with consistent
duration, are symptomatic of a possible need for using
the NORFC1323 operand.
Note: The use of the NORFC1323 operand may impact TCP
connection performance for other TCP clients, as
this operand prevents the z/VM TCP/IP server from
initiating RFC 1323-related performance features
(although client requests to enable these
facilities are always accepted).
4. 2003/07/31 For customers who plan to use the Secure Socket Layer
(SSL) server support, please note the following:
To use the Secure Socket Layer (SSL) server, a suitably
configured Linux kernel and file system must be
installed on your z/VM system. Detailed information
about Linux requirements and preparation for use by the
SSL server are available at the TCP/IP for z/VM home
page on the World Wide Web. The URL for this home
page is:
http://www.vm.ibm.com/related/tcpip/
Note: If no specific action is taken to configure the
SSL server and an attempt is made to initialize
this server, the SSL server will report errors
similar to those shown here and will fail to
initialize:
DTCRUN1011I Server started at nn:nn:nn
on dd mmm yyyy (day)
DTCRUN1011I Running "VMSSL"
DTCSSL2428I Port 9999 is used for SSL administration.
HCPVMI232E IPL UNIT ERROR; IRB 00404017 00000010
00200018 00800000
HCPGIR450W CP entered; disabled wait PSW 000E0000
00000232
3. 2003/07/31 Customers who plan to use an External Security Manager
(ESM) different from the IBM Resource Access Control
Facility (RACF), such as VMSECURE from Sterling Software
Inc., should review Informational APAR II11256 for
additional information about configuring TCP/IP servers
in such an environment.
2. 2003/07/31 Missing interrupt conditions for I/O operations involving
devices dedicated to the TCPIP virtual machine should be
detected, but *not* dealt with. For z/VM, the default
MIH setting of OFF will accomplish this. (This default
is in effect when MIH is not specified on the user
directory OPTION statement or the SET MIH command is not
issued within a virtual machine).
However, when MIH OFF is in effect, CP issues HCPMHT2150I
messages to the operator, to indicate that an I/O
operation was started but the MIH interval expired before
the device sent an interrupt. In some instances, these
messages may flood the OPERATOR console.
Use of the 'OFF' parameter of a related command, CP SET
MITIME, can prevent excessive HCPMHT2150I messages
related to TCPIP from appearing on the OPERATOR console.
This command controls the time interval at which a
specified device is checked for missing interrupts.
To reduce occurrences of HCPMHT2150I messages, use the
following command. Note that only the device(s)
dedicated to the TCPIP server should be specified with
this command.
CP SET MITIME rdev1-rdev2 OFF
The CP SET MITIME command should be issued within
an "exit" exec, identified by an ":Exit." tag that is
defined for the TCPIP server entry in a locally created
DTCPARMS file.
1. 2003/07/31 Prior to installing TCP/IP for z/VM, you may find it
useful to review the content of the following ITSO
Redbooks if you're not familiar with TCP/IP protocols,
functions and networking principles:
* "TCP/IP Tutorial and Technical Overview",
(GG24-3376)
* "IP Network Design Guide", (SG24-2580)
* "TCP/IP Solutions for VM/ESA", (SG24-5459)
* "IBM Communications Server for OS/390 V2R10 TCP/IP
Implementation Guide, Volume 1: Configuration and
Routing", (SG24-5227)
Additional textbook references that may be useful are:
* "TCP/IP Illustrated, Volume 1: The Protocols," Richard
W. Stevens, Addison-Wesley, Reading, Massachusetts,
1994. ISBN: 0-201-63346-9 (SR28-5586-00)
* "Internetworking with TCP/IP Volume I:Principles,
Protocols, and Architecture," Douglas E. Comer, Prentice
Hall, Englewood Cliffs, New Jersey, 1991.
ISBN: 0-13-216987-8 (SC31-6144-00)
* "DNS and BIND in a Nutshell," Paul Albitz & Cricket
Liu, O'Reilly & Associates, Sebastopol, California,
1992. ISBN: 1-56592-010-4 (SR28-4970-00)
************************************************************************
* SECTION 2. D O C U M E N T A T I O N C H A N G E S *
************************************************************************
This section provides corrections for significant errors in TCP/IP
Level 440 documentation.
This item contains no records.
************************************************************************
* SECTION 3. G E N E R A L I N F O R M A T I O N *
************************************************************************
This section contains general information, i.e., hints/tips.
4. 2003/07/31 Several TCP/IP for VM functions are Pascal-based, and use
VMCF communications to communicate with the TCPIP server.
Therefore, these functions cannot be reliably used in
conjunction with other applications that also use VMCF
communications (such as the CMS Utility, WAKEUP); doing
so may produce intermittent hangs during processing or
other unpredictable results.
The TCP/IP Pascal-base functions for which such problems
may arise are:
FTP HOMETEST LPQ LPR LPRM NETSTAT
OBEYFILE PING REXEC TELNET TESTSITE TFTP
See CMS Utilities APAR VM58540 for more information about
problems when using FTP in conjunction with WAKEUP.
3. 2003/07/31 With RSCS Version 3 Release 1 (V3 R1), enhanced
configuration features, such as embedded files, new
configuration statements (such as LINKDEFINE), and the
ability to use additional comment delimiters ('/*' and
'*/') are available for configuring RSCS. For example:
IMBED fn ft /* RSCS V3 R1 style comments */
The TCP/IP for VM program, SMTPRSCS, uses the RSCS CONFIG
file to build an RSCS host table file (SMTPRSCS
HOSTINFO). SMTPRSCS can process RSCS V3 R1 embedded
files, its new configuration definitions, and the
additional comment delimiters.
However, if "generic routing" is used in your environment
(as from using a "ROUTE *" statement), you still need to
identify -- with respect to SMTPRSCS -- any additional
RSCS host names that are relevant to your RSCS network,
which are not in the RSCS CONFIG configuration file.
To do this, you can create a separate file to be used as
input for the SMTPRSCS program. For example, a file
named TCP-RSCS CONFIG, that contains:
IMBED RSCS CONFIG
ROUTE nodeid1
ROUTE nodeid2
:
where each ROUTE statement must have two tokens --
"ROUTE" and a nodeid name of an additional RSCS node to
be identified for use by the SMTP server.
2. 2003/07/31 APAR VM63168, through its associated PTF, UM97440, is
used as the ordering mechanism for the current level of
the TCP/IP Function Level 440 RSU. This APAR/PTF will
be updated during every RSU cycle to indicate the RSU
level that is currently available through ISMD service.
The RSU can be ordered upon request by contacting the
Level 2 support group, or through the SRD (Service
Request & Delivery) function of IBMLink. Please see
the text of APAR VM63168 for more information, if
necessary.
Note: TCP/IP RSU maintenance is provided only as part
of the z/VM 4.4.0 "stacked" RSU.
1. 2003/07/31 When appropriate, the support center will open
informational APARs covering various aspects of TCP/IP
for VM. These APARs will cover installation and
maintenance specific information, information on using
the product, and other information that will often assist
the customer. Customers can search for these APARs by
using The product component ID (5735FAL00) and the
keyword TCPIPINFO. It's recommended that customers using
TCP/IP for VM review these APARs for information specific
to their needs.
************************************************************************
* SECTION 4. S E R V I C E R E C O M M E N D A T I O N S *
************************************************************************
1. 2006/09/30 Refer to 0601RSU and 0501RSU for service recommendations.
************************************************************************
* SECTION 5. C R O S S P R O D U C T D E P E N D E N C I E S *
************************************************************************
This section contains information that is dependent upon another
product other than this subset ID. It also contains information
dealing with migration and product coexistence.
This item contains no records.
1. yyyy/mm/dd Interdependent Product:
Problem:
Users Affected:
Recommendation: Install xxxxxxx on Volid xxxx
************************************************************************
* I N F O R M A T I O N A L / D O C U M E N T A T I O N *
* APARs Follow (If Any) *
************************************************************************
------------------------------------------------------------------------
PTF Include List:
This item contains no records.
------------------------------------------------------------------------
PTF Exclude List:
This item contains no records.
------------------------------------------------------------------------
PE APAR List:
This item contains no records.
------------------------------------------------------------------------
Pending PE APAR List:
This item contains no records.