Скачать презентацию IBM TCP IP for z VM Update Tracy
44802895723311cefb190e18d5004fdf.ppt
- Количество слайдов: 54
Скачать презентацию IBM TCP IP for z VM Update Tracy
Скачать презентацию IBM TCP IP for z VM Update Tracy
IBM ^ ™ TCP/IP for z/VM Update Tracy Adams, z/VM Connectivity Development CAVMEN April 17, 2008 © 2007 IBM Corporation
IBM ^ ™ Agenda § General IPv 6 Support § Level 520 Enhancements § Level 530 Enhancements § Service Strategy © 2007 IBM Corporation
IBM ^ ™ IPv 6 support currently in z/VM § CP support for IPv 6 4 QDIO and HIPERSOCKETS Guest LANs support IPv 6 4 Layer 2 VSWITCH supports IPv 6 § TCP/IP support for IPv 6 4 Hiper. Sockets (QDIOIP) and OSA-Express (QDIOETHERNET) devices 4 Dynamic 4 Static routing with MPROUTE routing and IPv 6 Router Advertisements 4 IFCONFIG, 4 Failover IPWIZARD, NETSTAT, PING and TRACERTE and Virtual IP address (VIPA) support © 2007 IBM Corporation
IBM ^ ™ Function: IPv 6 § Steps toward support for IPv 6 networks Address constraint relief 4 Auto-configuration 4 Other improvements 4 § Support for IPv 6 networks connected through OSA Express (QDIO) adapter Static routing 4 Router Advertisements 4 TRACERTE, PING, and IFCONFIG support 4 IPv 6 sockets through Language Environment and Open. Extensions Callable Services 4 © 2007 IBM Corporation
IBM ^ ™ Function: IPv 6 … § v 4 and v 6 networks treated separately Separate HOME lists, filters (BLOCK statement) address translation tables, static routing tables (GATEWAY statement), PORT lists 4 No routing between networks 4 New DEVICE OSD statement options 4 – IPv 6 Pri. Router – IPv 6 Sec. Router – IPv 6 Non. Router 4 New LINK QDIOEthernet statement options – Enable. IPv 6 – Dup. Addr. Xmits © 2007 IBM Corporation
IBM ^ ™ Function: IPv 6 … § New Router. Adv statement 4 Defines characteristics of router advertisements for a link § New Router. Adv. Prefix statement 4 Defines address prefix to be used for link router advertisements and associated on-link determination, autonomous, and lifetime characteristics § New Assorted. Parms statement options 4 Ignore. IPv 6 Redirect 4 Equal. Cost. IPv 6 Multi. Path © 2007 IBM Corporation
IBM ^ ™ Function: IPv 6 … § New NCBPool. Size statement 4 Defines size of IPv 6 Neighbor Control Block pool 4 Define maximum rate per second of IPv 6 ICMP error packets transmitted on a link 4 Display/delete neighbor cache entries § New ICMPError. Limit statement § New Neighbor and Del. Neighbor functions of NETSTAT § NETSTAT DEVLINKS reports Maximum frame size (Hipersockets links) 4 MTU size 4 IPv 6 status 4 Multicast addresses 4 © 2007 IBM Corporation
IBM ^ ™ TCP/IP Level 520 New Function § New MPROUTE § Standard GATEWAY Statement Syntax § Sniffer data formatting tool § Enhanced IPMailer. Address statement § Improved SSL support § IPv 6 Hipersockets (Post GA) § GVRP Support (Post GA) © 2007 IBM Corporation
IBM ^ ™ Function: New MPROUTE § Initial MPROUTE implementation ported z/OS Communications Server OMPROUTE to CMS 4 Recompile with CMS C compiler 4 Fix code incompatibilities 4 Add VM-specific interfaces (e. g. , SMSG) 4 Renumber all messages § Problems 4 Service and enhancements require refit 4 Divergent code bases – No IPv 6 support – No simultaneous use of RIPv 1 and RIPv 2 4 Limited documentation © 2007 IBM Corporation
IBM ^ ™ Function: New MPROUTE … § New MPROUTE implementation uses z/OS Communications Server V 1. 7 OMPROUTE as-is 4 Use z/OS binary in CMS unchanged 4 Enhance CMS cradling environment to provide equivalents of z/OS functions used by OMPROUTE 4 Use z/OS messages § Benefits 4 Current routing technology 4 Common code base – Functional equivalence – OMPROUTE service handled by z/OS service team – Upgrade requires minimal effort 4 Less VM-specific documentation © 2007 IBM Corporation
IBM ^ ™ Function: Standard GATEWAY Statement Syntax. ---------------. v | >>-GATEWAY-+---------------+----------->< |-| IPv 4 GATEWAY list entry |-| '-| IPv 6 GATEWAY list entry |-' IPv 4 GATEWAY list entry: |-+-ipv 4_dest/mask. Length--+-first_hop-link-+-max_packet_size-+---| |-ipv 4_dest-subnet_mask-+ |-DEFAULTSIZE-----| '-DEFAULTNET------' '-0 --------' IPv 6 GATEWAY list entry: |-+-ipv 6_dest/prefix. Length-+-first_hop-link-+-max_packet_size-+--| '-DEFAULTNET 6 ------' |-DEFAULTSIZE-----| '-0 --------' © 2007 IBM Corporation
IBM ^ ™ Function: Standard Gateway Statement Syntax HOME 9. 130. 48. 78/24 ETH 0 9. 130. 15. 128 255. 0 ETH 1 * Subnet Mask GATEWAY 9. 150. 20. 0/24 9. 150. 30. 0 255. 0 defaultnet Next hop 9. 130. 48. 5 9. 130. 15. 16 9. 130. 48. 1 Intfc MTU ETH 0 ETH 1 ETH 0 0 © 2007 IBM Corporation
IBM ^ ™ Function: Sniffer Data Formatting Tool § New CP facility to record Guest LAN traffic § IPFORMAT command provided to format and display data 4 Configuration file defines – – – RPC program names NFS procedure types Telnet Option Names ASCII-EBCDIC translation Colors © 2007 IBM Corporation
IBM ^ ™ Function: Sniffer Data Formatting Tool … © 2007 IBM Corporation
IBM ^ ™ Function: Sniffer Data Formatting Tool … © 2007 IBM Corporation
IBM ^ ™ Function: Sniffer Data Formatting Tool … © 2007 IBM Corporation
IBM ^ ™ Function: Sniffer Data Formatting Tool … © 2007 IBM Corporation
IBM ^ ™ Function: Sniffer Data Formatting Tool …. -TRCDATA *----. >>-IPFORMAT-fn-+-------+-+--------+->< |. -*--. | '-(-| Options |-' '-ft----+-' '-fm-' Options: . -OUTFile--fn--IPFDATA--rwm----. . -VIew---. |--+-----------------+-+----+-| |. --IPFDATA---rwm-. | '-NOView-' '-OUTFile--ofn--+--------+-' |. -rwm-. | '--oft---+-----+-' '-ofm-' © 2007 IBM Corporation
IBM ^ ™ Function: Sniffer Data Formatting Tool … § Subcommands 4 FILTER packets by source and destination IP address or range, source and destination port number or range, time, protocol, and application 4 SAVE data 4 APPEND data to existing file 4 VIEW detailed packet information 4 HEADER display control © 2007 IBM Corporation
IBM ^ ™ Function: Enhanced IPMailer. Address (PTF) § Host names and IP addresses allowed § ALL redirects all non-local mail >>-IPMAILERADDRESS-+-----+-+-+-ip_address-+-----+->< | | '-ALL-' +- hostname -----+ | | '- Destination List –' Destination List: . --------. v | |--LIST-+-+-ip_address-+-+-ENDIPMAILERADDRESS--| | | '-hostname---' © 2007 IBM Corporation
IBM ^ ™ SSL – Secure Sockets Layer § Provides security functions for any server § SSL for VM TCP/IP clients § Negotiated security § Client authentication § Certificate database and management © 2007 IBM Corporation
IBM ^ ™ Function: Improved SSL Support § Additional distribution support 4 4 4 SUSE SLES 8 Service Pack 3 (31 -bit) SUSE SLES 9 Service Pack 2 (64 -bit) Red Hat Enterprise Linux AS V 3 (31 -bit) Red Hat Enterprise Linux AS V 3 (64 -bit) § Industry-standard encryption algorithms 4 Includes DES, triple-DES, RC 2, and RC 4 4 Keys up to 128 bits § Hashes provided by SHA-1 and MD 5 § Certificate activation and removal without server restart § Federal Information Processing Standard (FIPS 140 -2) operational mode support © 2007 IBM Corporation
IBM ^ ™ Function: IPv 6 Hipersockets § IPv 6 -related parameters accepted 4 HIPERS devices 4 QDIOIP links § Corresponding NETSTAT response changes for IPv 6 -enabled devices and links © 2007 IBM Corporation
IBM ^ ™ Function: GVRP Support § GARP (Generic Attribute Registration Protocol) VLAN Registration Protocol § Provides more of standard switch semantics by automatically registering VLAN identifiers with GVRP-aware network switches § Eliminates manual configuration of individual physical switch port VLAN assignments for VSWITCH and QDIO links |-GVRP---| >>-LINK-QDIOETHernet-. . . -VLAN-nnn-+----+-. . . ->< |-NOGVRP-| © 2007 IBM Corporation
IBM ^ ™ TCP/IP Level 520 Serviceability Improvements § Report PROFILE file attributes § Log access violations on console § NETSTAT CONFIG § Load address in NETSTAT LEVEL © 2007 IBM Corporation
IBM ^ ™ Serviceability: Report PROFILE File Attributes § Display PROFILE file characteristics during stack initialization § Identify source of configuration data § Help identify cause of configuration problems DTCIPI 006 I Using profile name type mode dated date time © 2007 IBM Corporation
IBM ^ ™ Serviceability: Log Access Violations on Console § Access violation detected when user in RESTRICT list attempts to use TCP/IP services § Now recorded in console log as well as in separate file DTCUTI 044 I Unauthorized TCP/IP access attempt by user © 2007 IBM Corporation
IBM ^ ™ Serviceability: NETSTAT CONFIG § New NETSTAT command options to display current stack configuration '-PARMS-TRACE-----' >>-NETSTAT-CONFIG-+---------+----->< |. -------. | | v | | '-+-|ACCESS---|-+-' |ALL------| |HELP-----| |OBEY-----| |PARMS----| |PORT-----| |TRANSLATE| 'TRACE----' © 2007 IBM Corporation
IBM ^ ™ Serviceability: Load Address in NETSTAT LEVEL § NETSTAT LEVEL displays stack module load address § Useful for computing trace trap addresses IBM 2094; z/VM Version 5 Release 2. 0, service level 0000 (64 bit), VM TCP/IP Level 520; RSU 0000 running TCPIP MODULE E 2 dated 10/17/05 at 16: 53 TCP/IP Module Load Address: 00 BAC 000 © 2007 IBM Corporation
IBM ^ ™ TCP/IP Level 520 Performance Improvements § 64 -bit Diagnose X’ 98’ © 2007 IBM Corporation
IBM ^ ™ Performance: 64 -bit Diagnose X’ 98’ § TCP/IP stack uses Diagnose X’ 98’ to lock real memory for QDIO, ATM, Hyper. Channel, CLAW, CTCA, and LCS devices § Diagnose X’ 98’ extended in z/VM 5. 2. 0 to allow pages to be locked above 2 G in real memory § TCP/IP stack attempts to use pages above 2 G to reduce system-wide pressure on memory below 2 G © 2007 IBM Corporation
IBM ^ ™ TCP/IP Level 520 Infrastructure Improvements § NETSTAT CP output limit increased 4 Up to 32767 bytes © 2007 IBM Corporation
IBM ^ ™ TCP/IP Level 520 Packaging Enhancements § Preconfigured VSWITCH controllers § Migration support © 2007 IBM Corporation
IBM ^ ™ Packaging: Preconfigured VSWITCH Controllers § Two new virtual machines defined as VSWITCH controllers 4 DTCVSW 1 and DTCVSW 2 4 Started by AUTOLOG 1 4 No configuration required – Define VSWITCHes with CONTROLLER * (default) § Designed to simplify VSWITCH implementation § Demonstrates best practices © 2007 IBM Corporation
IBM ^ ™ Packaging: Migration Support § TCP/IP migration exit 4 Examines existing configuration files 4 Controls copying actions to new system 4 Recommends areas requiring customer attention – E. g. , Reports session connection exit interface changes © 2007 IBM Corporation
IBM ^ ™ TCP/IP Level 530 New Function § LDAP Server and Client § IP Takeover (IPv 4 and IPv 6) § Delete Device and Link § SSL upgrade § TLS support § SNMP for Virtual Switches § MPROUTE V 1 R 8 § Route. D and Boot. P discontinued © 2007 IBM Corporation
IBM ^ ™ LDAP § Solves a problem: the ability to have RACF be a central repository for your z/VM and Linux passwords § Lightweight Directory Access Protocol (RFC 2251) § Standard way for a client to retrieve data stored in a Directory Information Tree (DIT) § z/OS 1. 8 IBM Tivoli Directory Server (ITDS) © 2007 IBM Corporation
IBM ^ ™ Function: LDAP Server and Client § LDAP Server provides: 4 Multiple concurrent database instances (referred to as backends) 4 Interoperability with LDAP V 2 or V 3 protocol-capable clients 4 LDAP Version 2 and Version 3 protocol support 4 Native authentication using Challenge-Response Authentication Method (CRAM-MD 5), DIGEST-MD 5 4 Authentication, and Simple (unencrypted) authentication 4 Root DSE information master/slave and peer-to-peer replication © 2007 IBM Corporation
IBM ^ ™ Function: LDAP Server and Client § LDAP Server provides: 4 The ability to refer clients to additional directory servers 4 The capability to create an alias entry in the directory to point to another entry in the directory 4 Access controls on directory information 4 Change logging 4 Schema publication and update 4 SSL communication (SSL V 3 and TLS V 1) 4 Client and server authentication using SSL/TLS © 2007 IBM Corporation
IBM ^ ™ Function: LDAP Server and Client § LDAP client utilities provides a way to add, modify, search, and delete entries in any server that accepts LDAP protocol requests. © 2007 IBM Corporation
IBM ^ ™ Interface High Availability – IP Takeover § IP takeover is supported to minimize the impact of an hardware interface failure 4 QDIO ethernet and LCS ethernet devices only § No special parameters or options necessary 4 If the TCP/IP stack determines two interfaces are on the same network, IP takeover will be enabled for those interfaces 4 For IPv 4, determination is based on the IP addresses and subnet masks of the interfaces – Subnet masks may be defined on the HOME statement, the GATEWAY statement, or in the MPROUTE CONFIG file © 2007 IBM Corporation
IBM ^ ™ IP Takeover Details z/VM TCP/IP OSA 1 10. 1. 1. 1 OSA 2 10. 1. 1. 0/24 Host 10. 1. 1. 3 forms a connection with 10. 1. 1. 1 (OSA 1) 10. 1. 1. 3 © 2007 IBM Corporation
IBM ^ ™ IP Takeover Details (cont. ) z/VM TCP/IP OSA 2 10. 1. 1. 1 OSA 1 10. 1. 1. 0/24 OSA 1 Fails 10. 1. 1. 3 OSA 2 informs host that traffic for 10. 1. 1. 1 should be sent through this interface © 2007 IBM Corporation
IBM ^ ™ IP Takeover Details (cont. ) z/VM TCP/IP OSA 2 10. 1. 1. 1 OSA 1 10. 1. 1. 0/24 10. 1. 1. 3 starts sending packets to OSA 2 10. 1. 1. 3 © 2007 IBM Corporation
IBM ^ ™ Function: Delete Device and Link § Device and Link statements can now be dynamically removed from the z/VM TCP/IP stack. § New -Remove option for IFCONFIG –REMOVE § New SIOCDINTERFACE subcommand for REXX and C © 2007 IBM Corporation
IBM ^ ™ Function: SSL upgrade § Support for 4 Novell(R) SUSE(R) Linux Enterprise Server (SLES) 9 Service Pack 3 (64 -bit) 4 Novell SUSE Linux Enterprise Server (SLES) 9 Service Pack 3 (31 -bit) 4 Red Hat Enterprise Linux(R) (RHEL) AS 4 Update 4 (64 -bit) 4 Red Hat Enterprise Linux (RHEL) AS 4 Update 4 (31 -bit) © 2007 IBM Corporation
IBM ^ ™ Function: TLS Support § Secure Sockets Layer/Transport Layer Security (SSL/TLS) 4 FTP 4 Telnet 4 SMTP § Data Transmission can start in clear text and be converted to secure text at a later time. © 2007 IBM Corporation
IBM ^ ™ Function: SNMP for Virtual Switches § Management IP address for Virtual Switch 4 New HOME statement § Generic SNMP Subagent § Bridge MIBS for Virtual Switch reporting © 2007 IBM Corporation
IBM ^ ™ Function: MPROUTE § MPROUTE support upgraded to V 1 R 8 © 2007 IBM Corporation
IBM ^ ™ Route. D and Boot. P support discontinued § MPROUTE and DHCP are available and recommended to provide the services formally performed by Route. D and Boot. P. © 2007 IBM Corporation
IBM ^ ™ Statement of Direction § Support for the following will be withdrawn in a future release: 4 Network Database (NDB) system 4 Trivial File Transfer Protocol (TFTP) 4 X 25 (including X 25 IBI server) interface 4 SNALINK server © 2007 IBM Corporation
IBM ^ ™ Recommended Service Strategy § Apply the latest RSU § Visit the TCP/IP for z/VM Feature home page for late-breaking service news © 2007 IBM Corporation
IBM ^ ™ Summary § TCP/IP for VM is alive and well § Level 520 delivered major advances § Level 530 continued the trend § We still have more to do 4 Anticipate where most z/VM TCP/IP customers are going next 4 Your requirements are important to us © 2007 IBM Corporation
IBM ^ ™ References In person: bolinda@us. ibm. com 607 -429 -5469 On the Web: http: //www. vm. ibm. com/networking/ipv 6/ http: //www. ibm. com/vm/related/tcpip/ <- IPv 6 support in z/VM <- TCP/IP for z/VM Feature Page http: //www. rfc-editor. org/rfc. html http: //www. redbooks. ibm. com/ Via mailing lists: IBMTCP-L@VM. MARIST. EDU IBMVM@LISTSERV. UARK. EDU LINUX-390@VM. MARIST. EDU © 2007 IBM Corporation
Скачать презентацию IBM TCP IP for z VM Update Tracy
44802895723311cefb190e18d5004fdf.ppt