Use the TCPCONFIG statement to update the
TCP layer of TCP/IP.
Syntax
Tip: Specify the parameters
for this statement in any order.
>>-TCPCONFIG---------------------------------------------------->
.---------------------------------------------------------.
V |
>----+-----------------------------------------------------+-+-><
| .-CONNECTInitinterval 3000---------. |
+-+----------------------------------+----------------+
| '-CONNECTInitinterval milliseconds-' |
| .-CONNECTTimeout 75------. |
+-+------------------------+--------------------------+
| '-CONNECTTimeout seconds-' |
| .-DELAYAcks---. |
+-+-------------+-------------------------------------+
| '-NODELAYAcks-' |
| .-EPHEMERALPORTS 1024 65535----------. |
+-+------------------------------------+--------------+
| '-EPHEMERALPORTS low_port high_port-' |
| .-FINWait2time 600--------------. |
+-+-------------------------------+-------------------+
| '-FINWait2time finwait2_seconds-' |
| .-FRRTHReshold 3----. |
+-+-------------------+-------------------------------+
| '-FRRTHReshold acks-' |
| .-INTerval 120--------------------------. |
+-+---------------------------------------+-----------+
| '-INTerval --default_keepalive_interval-' |
| .-KEEPALIVEPROBEInterval 75------. |
+-+--------------------------------+------------------+
| '-KEEPALIVEPROBEInterval seconds-' |
| .-KEEPALIVEPROBES 10-----. |
+-+------------------------+--------------------------+
| '-KEEPALIVEPROBES number-' |
| .-MAXImumretransmittime 120-----. |
+-+-------------------------------+-------------------+
| '-MAXImumretransmittime seconds-' |
| .-NAGLE---. |
+-+---------+-----------------------------------------+
| '-NONAGLE-' |
| .-QUEUEDrtt 20-----------. |
+-+------------------------+--------------------------+
| '-QUEUEDrtt milliseconds-' |
| .-UNRESTRICTLowports-. |
+-+--------------------+------------------------------+
| '-RESTRICTLowports---' |
| .-RETRANSMITAttempts 15----. |
+-+--------------------------+------------------------+
| '-RETRANSMITAttempts times-' |
| .-NOSELECTIVEACK-. |
+-+----------------+----------------------------------+
| '-SELECTIVEACK---' |
| .-SENDGarbage --FALSE-. |
+-+---------------------+-----------------------------+
| '-SENDGarbage --TRUE--' |
| .-TCPMAXRCVBufrsize 256K--------------------------. |
+-+-------------------------------------------------+-+
| '-TCPMAXRCVBufrsize --tcp_max_receive_buffer_size-' |
| .-TCPMAXSENDBufrsize 256K---------------------. |
+-+---------------------------------------------+-----+
| '-TCPMAXSENDBufrsize tcp_max_send_buffer_size-' |
| .-TCPRCVBufrsize 65536----------------------. |
+-+-------------------------------------------+-------+
| '-TCPRCVBufrsize -- tcp_receive_buffer_size-' |
| .-TCPSENDBfrsize 65536------------------. |
+-+---------------------------------------+-----------+
| '-TCPSENDBfrsize --tcp_send_buffer_size-' |
| .-TCPTIMEstamp---. |
+-+----------------+----------------------------------+
| '-NOTCPTIMEstamp-' |
| .-TIMEWAITInterval 60------. |
+-+--------------------------+------------------------+
| '-TIMEWAITInterval seconds-' |
| .-NOTTLS-. |
'-+--------+------------------------------------------'
'-TTLS---'
Parameters
- CONNECTINITINTERVAL milliseconds
- The initial retransmission interval in milliseconds.
The range is 100 - 3000. The default value is 3000.
- CONNECTTIMEOUT seconds
- The number of seconds before the initial connection times out. This
connection includes TCP connections that are established over SMC-R
links. The range is 5 - 190. The default value is 75.
- DELAYACKS | NODELAYACKS
-
- NODELAYACKS
- Specifies that an acknowledgement is returned immediately when
data is received that has the PUSH bit set on in the TCP header. Specifying
the NODELAYACKS parameter on the TCPCONFIG statement overrides the
specification of the DELAYACKS parameter on the TCP/IP stack PORT
or PORTRANGE profile statements for the port used by a TCP connection,
or on any of the following statements used to configure the route
used by a TCP connection:
- The TCP/IP stack BEGINROUTES or GATEWAY profile statements
- The Policy Agent RouteTable statement
- The OMPROUTE configuration statements
- DELAYACKS
- Delays transmission of acknowledgments when a packet is received
with the PUSH bit on in the TCP header. This is the default, but
the behavior can be overridden by specifying the NODELAYACKS parameter
on the TCP/IP stack PORT or PORTRANGE profile statements for the port
used by a TCP connection, or on any of the following statements used
to configure the route used by a TCP connection:
- The TCP/IP stack BEGINROUTES or GATEWAY profile statements
- The Policy Agent RouteTable statement
- The OMPROUTE configuration statements
- EPHEMERALPORTS low_port high_port
- Indicates the range of ephemeral ports that are to be assigned
at bind time. The default ephemeral port range is 1024 - 65535.
- low_port
- The starting port for the range of ports. The low_port value
is in the range 1024 - 65535.
- high_port
- The ending port for the range of ports. The high_port value
is in the range 1024 – 65535, and must be greater than
or equal to the low_port value.
Guidelines: - The TCP/IP stack selects an ephemeral port from the range of ports
that are defined on the EPHEMERALPORTS parameter only if an ephemeral
port was not assigned by EXPLICITBINDPORTRANGE, SYSPLEXPORTS or PASSIVEDATAPORTS
processing.
- The SYSPLEXPORTS processing uses only ports that are within the
range of ports that the EPHEMERALPORTS parameter defines.
- For the ports within the EPHEMERALPORTS range, if they are reserved
by using port reservation definitions or the EXPLICITBINDRANGE parameter,
they are excluded from the EPHEMERALPORTS port pool. Such exclusion
effectively makes the pool smaller.
Restriction: Ports that are defined by BPXPARMS
INADDRANYPORT and INADDRANYCOUNT must be restricted by the PORT or
PORTRANGE statement to the job name OMVS. The stack does not assign
these ports unless the user has the job name of OMVS.
- FINWAIT2TIME finwait2_seconds
- The number of seconds a TCP connection should remain in the FINWAIT2
state. The range is 1 - 3600. The default value is 600 seconds.
- FRRTHRESHOLD acks
- The threshold of duplicate ACKs for the functional recovery routine
(FRR) to engage. The range is 1 - 2048. The default value is 3. Do
not change this parameter from the default value unless a specific
FRR-related problem occurs or you are under the direction of IBM® service personnel.
- INTERVAL default_keepalive_interval
- The default TCP keepalive interval for applications that enable
the SO_KEEPALIVE socket option and do not override the interval using
the TCP_KEEPALIVE socket option. The range is 0 - 35791 minutes,
and the default is 120. A value of 0 disables the keepalive function,
so that sockets for which SO_KEEPALIVE is specified do not perform
TCP keepalive. In this case, sockets specifying a specific interval
using TCP_KEEPALIVE continue to send keepalive probes.
TCP keepalive
probes end TCP connections after a period of inactivity. TCP keepalive
is disabled by default for a connection, but can be enabled by issuing
the SO_KEEPALIVE or TCP_KEEPALIVE socket options. The TCP_KEEPALIVE
socket option enables the application to specify the keepalive probe
interval, while the SO_KEEPALIVE socket option uses default_keepalive_interval as
the interval.
After the interval has expired, TCP sends a single
keepalive probe to the peer. If the TCP_KEEPALIVE socket option is
not used to specify the probe interval, a total of ten probes are
then sent at 75-second intervals if no response is received from the
peer. If no response has been received 75 seconds after the last
probe, the connection is reset. If TCP_KEEPALIVE is used to specify
the keepalive probe interval, the number of probes and the interval
between the probes might differ depending on the interval specified.
- KEEPALIVEPROBEINTERVAL seconds
- The interval in seconds between keepalive probes. The range is
1 - 75. The default value is 75.
This parameter does not change
the initial keepalive timeout interval. It controls only the time
between the probes that are sent out after the initial keepalive interval
has expired.
- KEEPALIVEPROBES number
- The number of keepalive probes before the connection is aborted.
The range is 1 - 10. The default value is 10.
This parameter does
not change the initial keepalive time out interval. It controls only
the number of probes that are sent out after the initial keepalive
interval has expired.
- MAXIMUMRETRANSMITTIME seconds
- The maximum retransmit interval in seconds. The range is 0 - 999.990. The default value is 120.
Rule: If none of the following parameters is specified, this
MAXIMUMRETRANSMITTIME parameter is used and the MINIMUMRETRANSMITTIME
parameters of the following statements are not used:
- MAXIMUMRETRANSMITTIME on the BEGINROUTES statement
- MAXIMUMRETRANSMITTIME on the GATEWAY statement
- MAXIMUMRETRANSMITTIME on the ROUTETABLE statement
- Max_Xmit_Time on the OSPF_INTERFACE statement
- Max_Xmit_Time on the RIP_INTERFACE statement
The TCPCONFIG parameter value is used if no
route parameter has been explicitly specified. If the TCPCONFIG parameter
value of the maximum retransmit time is used, the MINIMUMRETRANSMITTIME
value that is specified on the route parameter is not used, which
means the minimum retransmit time is 0.
MAXIMUMRETRANSMITTIME
of 0 indicates that the smallest retransmission interval must be used.
When 0 is specified, TCP/IP uses a maximum retransmission interval
of approximately 100 milliseconds. Specifying a very low maximum
retransmission interval can result in additional system overhead for
increased retransmission processing.
- NAGLE | NONAGLE
- NAGLE
- Specifies that the Nagle algorithm is enabled. This is the default
value.
- NONAGLE
- Specifies that the Nagle algorithm is disabled.
Rules: - If the setsockopt() with TCP_NODELAY is specified for a connection,
the Nagle algorithm is disabled for the connection.
- If NONAGLE is specified, the setsockopt() with TCP_NODELAY is
ignored.
- QUEUEDRTT milliseconds
- The threshold at which the outbound serialization is engaged.
The range is 0 - 50 milliseconds. The default value is 20 milliseconds. A
value of 0 millisecond enables outbound serialization for all connections.
Do not change this parameter from the default setting unless specific
problems with outbound serialization occur or you are under the direction
of IBM service personnel.
- RESTRICTLOWPORTS | UNRESTRICTLOWPORTS
-
- RESTRICTLOWPORTS
- When set, ports 1- 1023 are reserved for users by the PORT and
PORTRANGE statements. The RESTRICTLOWPORTS parameter is confirmed
by the message:
EZZ0338I TCP PORTS 1 THRU 1023 ARE RESERVED
Restriction: When
RESTRICTLOWPORTS is specified, an application cannot obtain a port
in the 1- 1023 range unless it is authorized. Applications can be
authorized to low ports in the following ways:
- Using PORT or PORTRANGE with the appropriate job name or a wildcard
job name such as * or OMVS. If the SAF keyword is used on PORT or
PORTRANGE, additional access restrictions can be imposed by a security
product, such as RACF®.
- APF authorized applications can access unreserved low ports.
- OMVS superuser (UID(0)) applications can access unreserved low
ports.
Applications with a dependency on being able to obtain an available
port in the 1- 1023 range without having that port explicitly reserved
for its use should be run as APF authorized or superuser. Use RESTRICTLOWPORTS
to increase system security.
- UNRESTRICTLOWPORTS
- When set, ports 1 - 1023 are not reserved. This is the default
value. The UNRESTRICTLOWPORTS parameter is confirmed by the message:
EZZ0338I TCP PORTS 1 THRU 1023 ARE NOT RESERVED
- RETRANSMITATTEMPTS times
- The number of times that a segment is retransmitted before the
connection is aborted. The range is 0 - 15. The default value is 15.
- SELECTIVEACK | NOSELECTIVEACK
-
- SELECTIVEACK
- Enables the exchange of selective acknowledgements with partners
that support the selective acknowledgement (SACK) option as defined
by RFC 2018. For information about this RFC, see Related protocol specifications.
If TCP/IP initiates a TCP connection,
then a selective acknowledgement permit option is sent. During a passive
connect, if TCP/IP receives a TCP connection request with a selective
acknowledgement permit option from a client and the SACK option is
enabled, then TCP/IP sends a SYN-ACK with its own selective acknowledgement
permit option. The SACK option must be enabled to help prevent unnecessary
packets from being retransmitted when packet loss occurs in the network.
- NOSELECTIVEACK
- Disables the exchange of selective acknowledgements during connection
setup and also during the entire connection. This is the default
value.
- SENDGARBAGE
- Specifies whether the keepalive packets sent by TCP contain 1
byte of random data.
- FALSE
- Causes the packet to contain no data. This is the default value.
- TRUE
- Causes the packet to contain 1 byte of random data and an incorrect
sequence number, assuring that the data is not accepted by the remote
TCP.
- TCPMAXRCVBUFRSIZE tcp_max_receive_buffer_size
- The TCP maximum receive buffer size is the maximum value an application
can set as its receive buffer size using SETSOCKOPT(). The minimum
acceptable value is the value coded on TCPRCVBUFRSIZE, the maximum
is 2M, and the default is 256K. If you do not have large
bandwidth interfaces, you can use this parameter to limit the receive
buffer size that an application can set.
IBM Health
Checker for z/OS® can be used
to check whether the TCPMAXRCVBUFRSIZE value is sufficient to provide
optimal support to the z/OS Communications
Server FTP server. By default, it checks that TCPMAXRCVBUFRSIZE is
at least 180 K. For more details about IBM Health Checker, see z/OS Communications Server: IP Diagnosis Guide.
- TCPMAXSENDBUFRSIZE tcp_max_send_buffer_size
- The maximum send buffer size, which is between the
value that is specified on the TCPSENDBUFRSIZE parameter and 2M. The
default value is 256K.
- TCPRCVBUFRSIZE tcp_receive_buffer_size
- The TCP receive buffer size, which is between 256 bytes and the
TCPMAXRCVBUFRSIZE value. The default value is 65536. This
value is used as the default receive buffer size for those applications
that do not explicitly set the buffer when they use SETSOCKOPT().
Increasing
the receive buffer size does not allocate or consume any additional
storage. The receive buffer size determines the amount of data that
TCP/IP can buffer for the application to receive. When the TCP/IP
stack receives the data, the data is stored in CSM data space or TCP/IP
private storage. Each received segment has an associated data descriptor
that resides in ECSA or TCP/IP private. No external mechanism controls
which storage type is selected for the received data. For
more information about the receiver buffer size and the TCP receive
window, see TCP receive window in z/OS Communications Server: IP Configuration
Guide.
- TCPSENDBFRSIZE tcp_send_buffer_size
- The TCP send buffer size, which is between 256
bytes and the TCPMAXSENDBUFRSIZE value. The default value is
65536. This value is used as the default send buffer size for those
applications that do not explicitly set the buffer size when they
use SETSOCKOPT().
Increasing the send buffer size does not allocate
or consume any additional storage. The send buffer size determines
the amount of data that TCP/IP can buffer for the application to send.
When the application sends the data, the TCP/IP stack stores the data
in CSM data space. The sent data has one or more associated data descriptors
that reside in ECSA.
- TCPTIMESTAMP | NOTCPTIMESTAMP
-
- NOTCPTIMESTAMP
- TCP Timestamp Option is disabled, and MVS™ does
not participate in TCP timestamp negotiation during connection setup
and also during the entire life of connection.
- TCPTIMESTAMP
- TCP Timestamp Option is enabled. If MVS initiates
a TCP connection, then a TCP timestamp option is sent. During a passive
connect, for example, if MVS receives
a TCP connection request with TCP timestamp option from a client and
this option is enabled, then MVS sends
a SYN-ACK with its own TCP timestamp option. This option should be
enabled to help prevent wrapping of sequence numbers or to prevent
a connection from receiving a delayed segment that was originally
intended for an earlier incarnation of the connection. The sequence
numbers can wrap more quickly with higher bandwidth networks. This
is the default value.
- TIMEWAITINTERVAL seconds
- The number of seconds that a connection remains in the TIMEWAIT
state. The range is 0 - 120. The default value is 60.
- TTLS | NOTTLS
- NOTTLS
- Indicates that the Application Transparent Transport Layer Security
(AT-TLS) function is not activated for the TCP/IP stack.
This is the default value.
- TTLS
- Indicates
that the AT-TLS function is activated for the TCP/IP stack.
The AT-TLS function provides invocation of System SSL in
the TCP transport layer of the stack. When a TCPCONFIG TTLS value
is specified, the AT-TLS function uses AT-TLS policy information
that is configured by using Policy Agent to determine how
application connections are processed. If the setting is
modified by using the VARY TCPIP,,OBEYFILE command, only new connections
are affected by the change.
Guideline: If AT-TLS is enabled, you must activate the
SERVAUTH class, define the INITSTACK resource profile, and permit
users to it.
For more information about AT-TLS data protection, see z/OS Communications Server: IP Configuration
Guide.
Steps for modifying
To
modify parameters for the TCPCONFIG statement, you must respecify
the statement with the new parameters.
The parameter changes
do not affect existing connections. They effect only new connections.
Examples
This example shows a TCPCONFIG
statement that reserves ports 1 - 1023 for users by the PORT and
PORTRANGE statements:
TCPCONFIG RESTRICTLOWPORTS