When I was a child, I had a series of books called “How it works…”, for example “How it works – the motor car”, “How it works – Nuclear Physics. As I’ve been working on making Liberty highy available, and using Virtual IP Addresses (VIPAs), I’ve realised that I had had holes in my knowledge about TCPIP. There are many books about how TCP/IP works, but they do not provide the information in an easily digested format – and often went too deep too quickly. So this blog post is my view on what you need to know to understand VIPAs etc.
I’ll only consider TCPIP V4.
- IP connections
- Subnet mask
- How applications use TCPIP
- How applications can bind to a specific IP address and port
- On z/OS
- How to issue TCPIP commands on z/OS
- What is the IP address of my TCPIP image?
- What routing is there on my TCPIP image
- On Linux
- What IP address does my Ubuntu machine have
- What routing is there on my Ubuntu machine
- What is the routing for a particular IP address ?
Some IP basics.
- Every connection has an IP address at each end. An address looks like 10.3.4.15 or 4 * 8 bit numbers.
- You can use a name instead of a number, so you could have MVS1.SSS.COM. To covert this to an IP address you call a Domain Name Server(DNS). You pass it MVS1.SSS.COM and get back 10.3.4.15.
- My machine has several connections (logic bits of wire connected to the back of the machine), Ethernet, wireless, and a tunnelling connection to z/OS. Each connection has a different IP address.
- Packets get routed through the network depending on the destination IP address. The router has logic like, packets going to 10.4.5.* go does this connection, packets for 17.2.2.* go down that connection, any other packets – try sending them to down the connection 220.127.116.11.
- The router uses a netmask to calculate which connection to use.
- A net mask is a string of 1’s followed by 0s. For example 255.255.255.0 – or 3 * 8 =24 ones.
- A router takes a packet IP address and a netmask and logically ands them together, and uses the result to decide where to route the packet.
- A connection handling 10.4.1.0 to 10.4.1.255 would have a netmask of 255.255.255.0 (also written /24 bits) a default connection may handle all packets for 10.* with a netmask of 255.0.0.0 or /8.
- Multiple z/OS LPARs can be attached to an OSA Adapter (think if it as Ethernet with more function), they can all be listening for an IP address – only one LPAR will get the data. If that LPAR goes down, another LPAR will get the data.
How applications use TCPIP
You have network connection (for example wireless) which connect your machine to another machine. On each machine applications use a port.
When your application talks to another application it establishes a session with the IP address:port.
Applications including web servers, web browsers, 3270 emulators and FTP connect.
If your application is a server it may bind to a specific port, if not your application can say give me any free port. A port can be set up, so it is shared, so two servers can listen to connection requests on it. Only one will get the connection request.
A server application can say I am interested in traffic on port 9443 – coming in over a specific IP address, or coming in over any address.
How does an application specify a bind value .
A Java application can issue a request for a specific port and IP address.
ServerSocket listener = factory.createServerSocket(port,1,host )
where port is 9443 and host is “10.1.3.7”
You can also configure this in the TCPIP parameters
9443 TCP * SHAREPORT BIND 10.1.3.7
You can also control which applications can use specify which ports by using the SAF resname and the RACF profile
Changing TCPIP configuration on z/OS
The startup configuration for a TCPIP instance is in the JCL PROFILE ddname, or a file like TCPIP.PROFILE.
You can change the configuration of a TCPIP image using the operator command
- V TCPIP tells z/OS to route this TCPIP
- TCPIPn is the name of the TCPIP address space to direct the command to, for example V TCPIP,TCPIP2. If there is only one TCPIP running you can use V TCPIP,,
- OBEY this is the TCP command
- filename is the parameter passed to the OBEY command. The filename containing the commands/configuration to be executed.
How to display information on z/OS
There are three ways of displaying TCPIP information, for example the IP address(es) of the TCP image
- The operator command D TCPIP,TCPIP2,NETSTAT,HOME
- The TSO command NETSTAT HOME TCP TCPIP2
- The USS command netstat -h -p tcpip The commands are similar to, but different from Linux commands!
The output is usually similar between the commands.
What is the IP address of my z/OS TCPIP image?
From the TSO NETSTAT HOME command
EZZ2350I MVS TCP/IP NETSTAT CS V2R4 TCPIP Name: TCPIP2 17:15:53 EZZ2700I Home address list: EZZ2701I Address Link Flg EZZ2702I ------- ---- --- EZZ2703I 10.1.1.3 ETH1 P EZZ2703I 10.1.2.3 ETHB EZZ2703I 18.104.22.168 EZASAMEMVS EZZ2703I 10.1.3.10 VIPL0A01030A I EZZ2703I 127.0.0.1 LOOPBACK
For the links
- I configured link ETH1 and ETHB.
- The VIPL0A01030A takes the VIPA IP address and converts it to hex so 10.1.3.10 becomes VIPL 0A 01 03 0A
- EZASAMEMVS is prefix EZA and “SAME MVS”. This is generated by TCPIP from the DYNAMIXCF configuration.
- You always get a LOOPBACK address at 127.0.0.1
What routing is there on z/OZ TCPIP?
The command TSO command NETSTAT ROUTE TCP TCPIP2 or the USS command netstat -r -p tcpip gives
MVS TCP/IP NETSTAT CS V2R4 TCPIP Name: TCPIP2 16:15:43 Destination Gateway Flags Refcnt Interface ----------- ------- ----- ------ --------- Default 10.1.1.1 UGS 0000000000 ETH1 10.0.0.0/8 0.0.0.0 US 0000000000 ETH1 10.1.1.3/32 0.0.0.0 UH 0000000000 ETH1 10.1.2.0/24 0.0.0.0 US 0000000000 ETHB 10.1.2.3/32 0.0.0.0 UH 0000000000 ETHB 127.0.0.1/32 0.0.0.0 UH 0000000000 LOOPBACK 22.214.171.124/32 0.0.0.0 UHS 0000000000 EZASAMEMVS 126.96.36.199/32 0.0.0.0 UH 0000000000 EZASAMEMVS 188.8.131.52/32 0.0.0.0 UHS 0000000000 EZASAMEMVS
This shows that to get to 10.1.2.0 to10.1.2.255 (with a netmask of /24 or 255.255.255.0) it goes by link(interface) ETHB.
What configuration does Ubuntu have?
There are many commands to display network configuration information on Linux, for example ip and the older, superseded command, ifconfig.
What address does Ubuntu have?
ip address gives a lot of information – but I did not use it
What packet routing does my desktop have?
The command ip route gives
- 10.1.0.0/24 dev eno1 proto kernel scope link src 10.1.0.3 metric 100
- 10.1.1.0/24 dev tap0 proto kernel scope link src 10.1.1.1
- 10.1.2.0/24 dev tap1 proto kernel scope link src 10.1.2.1
- 10.1.3.0/24 dev tap0 scope link
- 10.20.2.4 dev tap0 scope link
- 192.168.1.0/24 dev wlxd037450ab7ac proto kernel scope link src 192.168.1.67 metric 600
Bold line(2) shows
- Traffic for any address between 10.1.1.0 and 10.1.1.255 (remember the netmask /24 means 24 bits or 255.255.255.0) goes to device(connection) tap0
- The IP address for the desktop end of the connection is 184.108.40.206
Bold line(4) shows
- that any traffic 10.1.3.0 to 10.1.3.255 goes to device tap0
The command used to set this up was sudo ip route add 10.1.3.0/24 dev tap0
Bold line(5) shows
- that traffic to 10.20.2.4 goes to device tap0.
The command used to set this up was sudo ip route add 10.20.2.4 dev tap0
What is the routing for a particular IP address ?
You can use traceroute command to display which route a packet would take. For example
- traceroute 10.1.3.10
- traceroute to 10.1.3.10 (10.1.3.10), 30 hops max, 60 byte packets
1 colins machine(10.1.1.1) 30 ms !H 30 ms !H 30 ms !H
- traceroute to 10.1.3.10 (10.1.3.10), 30 hops max, 60 byte packets
This shows the route to 10.1.3.10 went to the connection with IP address 10.1.1.1
For a connection that is not defined
traceroute 10.20.2.5 traceroute to 10.20.2.5 (10.20.2.5), 30 hops max, 60 byte packets 1 bthub.home (192.nnn.1.mmm) 3.170 ms 4.742 ms 6.379 ms 2 * * *
So we can see it went to my bt hub wireless router.
You can also use the ping command. On linux there is the -R option for display route.
ping -R 10.1.3.10 PING 10.1.3.10 (10.1.3.10) 56(124) bytes of data. 64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=2.54 ms NOP RR: 10.1.1.1 10.1.1.2 10.1.1.1
The request went to 10.1.1.1. 10.1.1.2 caught it, and sent the reply back, via 10.1.1.1
I was looking for my VIPA address, 10.1.3.10, and we can see it got to 10.1.1.2.
For the ping to work, there must be a server processing the ping request. If there are no applications processing the VIPA, the VIPA is not active, so a ping will fail.
A successful ping to a VIPA address means a packet can get to the LPAR, be processed and the reply set back. If the ping does not respond it could be
- The VIPA is not active
- The VIPA is active and a packet was sent to the LPAR hosting the VIPA, but it could not send a response back due to a set up error.