Network support for IBM z/OS Container Platform

z/OS 3.1 Communications Server has added network support for IBM® z/OS® Container Platform.

IBM z/OS Container Platform is an enterprise-ready platform for running containerized applications on z/OS. It provides the ability to build and deploy z/OS applications as containers on z/OS.

z/OS 3.1 Communications Server with APAR PH39613 provides network support for IBM z/OS Container Platform workloads by introducing a new type of VIPARANGE dynamic VIPA (DVIPA) called ZCONTainer. A ZCONTainer DVIPA provides network access for a Pod or a container when a container image is started on z/OS. To reserve ports for applications running in IBM z/OS Container Platform environments, a new jobname (BCZ-CNTR) specification can be defined on the PORT and PORTRANGE statements in the TCP/IP profile.

z/OS 3.1 Communications Server with APAR PH39613 also enhances support for LE and UNIX System Services (USS) Callable Services APIs, as well as System Resolver APIs and the Netstat application.
  • The getsockopt() and setsockopt() LE APIs and BPX1OPT and BPX4OPT USS APIs are enhanced to support a new option to retrieve and set the time-to-live field in the IP header that is used for every packet sent from the TCP or UDP socket connection.
  • New support is added for the clone(), unshare() and setns() LE APIs and BPX1CLN, BPX1UNS, and BPX1SNS USS APIs to create/join a UNIX Time Sharing (UTS) namespace for a USS process.
  • The gethostname() LE API, BPX1HST and BPX4HST USS APIs and System Resolver APIs are enhanced to support the UTS namespace and to retrieve the hostname associated with that namespace.
  • New support is added for the sethostname() LE API and BPX1HST and BPX4HST USS APIs to set a new hostname in the UTS namespace associated with a z/OS Container.
  • System Resolver is enhanced to change the search order for resolver configuration for USS processes running in an IBM z/OS Container Platform environment.
  • Netstat is enhanced to display network information specific to a z/OS container when called from within an IBM z/OS Container Platform environment.
Restriction: IBM z/OS Container Platform support is added for LE APIs, USS Callable Services APIs, and System Resolver APIs only.
Dependencies:
The z/OS Communication Server support for IBM z/OS Container Platform has dependencies on LE, USS and the IBM z/OS Container Platform function. Here’s a list of LE and USS APARs:
  • IP_TTL and gethostname()/sethostname() dependencies - USS OA61799 and LE PH42264
  • UTS namespace, clone()/unshare()/setns() support - USS APAR OA61972, USS APAR OA62757 and LE APAR PH40094
  • Container ID support - USS APAR OA62281
Note: The Network Configuration Assistant (NCA) cannot be used to update the TCP/IP profile. If you are currently using NCA to manage your TCP/IP profile, the recommended method to configure these new VIPARANGE DVIPAs is to create a new TCP/IP profile data set that has an INCLUDE statement for the NCA-generated TCP/IP profile data set, followed by an INCLUDE statement for a second TCP/IP profile data set with the VIPARANGE DVIPA ZCONTainer definitions. See z/OS Communications Server: IP Configuration Reference for more information about the INCLUDE statement.

Using APIs and System Resolver support for IBM z/OS Container Platform

To use APIs and System Resolver support for IBM z/OS Container Platform, complete the appropriate tasks in Table 1.

Table 1. Task topics to enable APIs and System Resolver support for IBM z/OS Container Platform
Task Reference
To set or retrieve the time-to-live value for a socket, issue the setsockopt()/getsockopt() API with the new IP_TTL option
To create/join a UTS namespace for an IBM z/OS Container Platform environment or a USS process, issue the clone(), unshare() or setns() API
To obtain the hostname for an IBM z/OS Container Platform environment or a USS process with a UTS namespace, issue the gethostname() API
To set a new hostname for an IBM z/OS Container Platform environment or a USS process with a UTS namespace, issue the sethostname() API
Review the files used to obtain resolver configuration information for IBM z/OS Container Platform environments
Use the netstat command to obtain information relevant to a z/OS container environment z/OS Communications Server: IP System Administrator's Commands:

Using network support for IBM z/OS Container Platform workloads

To use network support for IBM z/OS Container Platform workloads, complete the appropriate tasks in Table 2.

Table 2. Task topics to enable network support for IBM z/OS Container Platform workloads
Task Reference
Configure a range of dynamic VIPAs per address family to be assigned to IBM z/OS Container Platform environments
  • Define a VIPARANGE for IPv4 and/or IPv6 with the new ZCONTainer keyword
 VIPADYNAMIC - VIPARANGE statement in z/OS Communications Server: IP Configuration Reference
Display VIPARANGE configuration settings for IBM z/OS Container Platform environments
  • Issue the Netstat VIPADCFG/-F command
 Netstat VIPADCFG/-F report in z/OS Communications Server: IP System Administrator's Commands
Display the current dynamic VIPA information for IBM z/OS Container Platform environments
  • Issue the Netstat VIPADyn/-V command
 Netstat VIPADyn/-V report in z/OS Communications Server: IP System Administrator's Commands

Reserve ports for IBM z/OS Container Platform environments with the PORT or PORTRANGE statement and the new jobname value BCZ-CNTR

 z/OS Communications Server: IP Configuration Reference:
Display the list of reserved ports for IBM z/OS Container Platform environments
  • Issue the Netstat PORTLIST/-o command
 Netstat PORTLIST/-o report in z/OS Communications Server: IP System Administrator's Commands
Use the z/OS UNIX netstat command from within an IBM z/OS Container Platform environment to obtain information relevant to this container/Pod.

The following netstat report options are supported: netstat -? |-A |- a | -b |-c |-d |-h |-r |-s

 z/OS Communications Server: IP System Administrator's Commands: