IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace z/OS
Categories Communications Server
Created by Guest
Created on Sep 15, 2014

RELATED IDEAS

Allow z/OS FTP client to choose, fix, or limit ephemeral port usage of data connection

I already knew the answer to the question ('No') but my networkign folks were pressing me for definitive documentation, so I opened an SR 92729 499 000 to ask if

1) testcase.boulder.ibm.com was limiting ports to any specific range (answer is inconclusive - maybe, per response. Random doc makes it sound like a 65nnn range, 65024 up I think). (Later: actually looking at the ticket now they have updated and it seems to say it is definitively 65024-65535) and

2) Regardless of #1, is there any way at all to limit the ephermeral port usage of the z/OS FTP client to facilitate "least impact" firewall rules. This was in context of external traffic such as uploading docs and dumps to IBM or other vendors. So the context is mostly external/border type traffic.

Answer was (as I thought) 'No'. They mentioned an existing RFE that was under 'FITS' so it seems they are suggesting I go ahead and open another RFE.

So consider this an official "me too" / request to add this functionality. We're already having to go without this ability but maybe it will help someone else, and maybe we can restrict these rules even more if this ability materializes.

Idea priority Medium
  • Guest
    Reply
    |     Nov 19, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - z Systems Software
    Product - z/OS Communications Server

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Enterprise Networking
    Product - z/OS Communications Server

  • Guest
    Reply
    |     Jan 13, 2015

    As noted in a previous comment, z/OS V2R1 CS provided an EPHEMERALPORTS parameter in the TCP/IP Profile that allows you to configure the allowed range of ports to be used by the TCP/IP stack when allocating ephemeral ports. That capability would seem to be sufficient to address this need, so this requirement will be closed.

  • Guest
    Reply
    |     Nov 6, 2014

    If the pool is exhausted, then the data connection would fail. There are no rules of thumb on the number of ports to allocate. As you say, I think you would ideally monitor your usage over a few peak periods, and then allocate a block 50% or so larger to allow plenty of room for growth. (And then periodically check it to make sure you're not creeping too close to the allocated number of ports.) Of course, you would have to do the same thing if you had an FTP-specific parameter, although I suppose it would be easier to estimate the number of ports since you would only be estimating FTP's needs.

  • Guest
    Reply
    |     Oct 28, 2014

    That may indeed be sufficient. I did not notice that in 2.1 info or migration notes, thanks. We are concentrated on FTPS connections to external vendors (including IBM) at this point so it'd be nice if it was protocol specific but I am not sure that is needed. Our network guys seemed OK with limiting to testcase's passive range but other vendors may not have any limiting ranges.

    I can try this on a sandbox LPAR. My immediate question would be what happens when this pool is exhausted? Are there any monitoring mechanisms, or sizing rules of thumb? Or do I just have to do a NETSTAT every day and figure out which are ephemeral and manually monitor and intervene? Or alternatively just make it excessively large, like 2000 ports? Basically just trying to prevent getting a 3AM call because somebody is running some test and doing excessive socket connections or otherwise exhausting a range that I otherwise assumed was sufficient. While at the same time not opening huge swaths of ports unnecessarily when many of the ephemeral ports may not even be leaving our network.

  • Guest
    Reply
    |     Oct 27, 2014

    z/OS V2R1 CS introduced a new EPHEMERALPORTS parameter in the TCP/IP Profile that allows you to configure the allowed range of ports to be used by the TCP/IP stack when allocating ephemeral ports. Is this sufficient to address your need, or do you see a need for an FTP-specific parameter?

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.