Professional Documents
Culture Documents
Mastering Complexity:
Monitoring z/OS IP Networks
Easily, Graphically, Thoroughly
A White Paper
VIP
server
intranet
Linux
LPAR z/OS
LPAR
VIP agent
z8xx The
Internet NEW IN VIP V4.5:
fragmentation detection & location
VIP
server
System System
Operators Operators
April 2006
¾ New ‘iconic’ alerts and traffic profile, with fragmentation ‘count’ and pop-
up protocol percentages, on the “Network at a Glance” screen [page 8].
TCP/IP has now firmly displaced SNA as the preferred and strategic means
for mainframe networking. That is beyond refute. SNA mission critical
applications, these days, are successfully sustained across TCP/IP
networks through a combination of ENTERPRISE EXTENDER (EE), TN3270(E)
WEB-TO-HOST and possibly even the IBM COMMUNICATIONS CONTROLLER FOR
LINUX (CCL). Thus to realize ‘zero downtime’ mainframe operations, with
crisp and consistent response times for interactive users, one has no
choice but to master TCP/IP management and response time monitoring
(RTM) – in particular for ‘tn’ and HTTP(S) traffic (along with incisive
capabilities to detect and rectify IP packet fragmentation).
Mainframe TCP/IP networking can involve multiple stacks per LPAR, virtual
addresses, gigabit OSA interfaces, HIPERSOCKETS, DYNAMIC VIPA takeovers
across a SYSPLEX, disparate application protocols, many hosts, and lots of
connectionless interactions. There is also a need to be cognizant of
ROUTERS, (fragmentation inducing) IPSEC GATEWAYS, SWITCHES, FIREWALLS, and
possibly even LINUX LPARs – with performance, in particular ‘3270’ and
HTTP(S) response times, always a concern, and security a nagging worry.
LPAR LPAR
Apps. Apps. Apps. Apps.
LPAR
Apps. Apps.
Coupling
Sockets Facility Sockets
TCP TCP
IP ESCON/FICON IP
I/O System
With these basic parameters nailed down, one can go on to categorize the
essential characteristics of a good mainframe TCP/IP network monitor.
These characteristics are listed in the table on page 6. However, to make
these categorizations even more pragmatic and useful, they have been
further divided into “must-have” imperative features, and “icing on the
cake” highly-desirable attributes. The monitor that you choose should
include, without any caveats, all the features listed in the “must have”
column, and ideally most of those listed in the other column.
THE IP FRAGMENTATION
MONITORING INTRODUCED IN
VIP V4.5 IDENTIFIES
FRAGMENATION AND
FRAGMENATION ERRORS FOR
EACH TCP/IP STACK – WITH
THE PIE-CHARTS AND GRAPHS
PROVIDING ADDITIONAL (AND
HISTORIC) DATA ON
FRAGMENTATION PER
APPLICATION, PROTOCOL, PORT
OR CONNECTION ETC.
¾ ability to monitor multiple LPARs per ¾ direct retrieval of management data from the
mainframe and multiple mainframes from a TCP/IP stacks, via IBM supplied Network
single screen. Management APIs (NMI) when possible,
augmented, where necessary, with full SNMP
¾ accurate, “up to the second” at-a-glance
access and packet tracing.
status maps of the entire network, with
iconic alert summaries, traffic profiles and ¾ browser-based, highly-visual, point-and-click
packet fragmentation notification. monitoring – that is both intuitive and simple
(without a steep and rocky learning curve).
¾ ever vigilant, fast acting (but intelligent)
‘watch dog’ scheme to quickly generate ¾ support for Enterprise Extender (EE), ideally
alerts when certain thresholds are crossed. using IBM’s strategic NMI, so that all
connection details are always available.
¾ intelligent, real-time synthesis and
correlation of data from the stacks, NMI and ¾ fast auto-discovery of all local stacks,
traffic analysis to create a true and incisive applications and interfaces.
portrayal of network conditions.
¾ agent/server based architecture to minimize
¾ Exploit SNMP traps and report to a Monitor of mainframe overhead [e.g. CPU usage] while
Monitors vis-à-vis HP OpenView and CA affording maximum deployment flexibility.
Unicenter.
¾ integrated DNS look-up.
¾ incisive response time monitor (RTM) for
¾ minimal reliance on high-overhead data
mission-critical interactive traffic, in
collection schemes such as SNMP, to avoid
particular ‘tn’ and HTTP(S) sessions—with
high mainframe CPU usage.
the ‘tn’ monitor compliant with the RFC 2562
standard as supported by IBM’s tn3270(E) ¾ Multi-protocol ping and traceroute, to probe
server. employing the same protocol and hence the
same routing as the application, with the
¾ comprehensive IP fragmentation monitoring
potential to traverse firewalls, and, in the
with the necessary functions to help locate
case of TCP, to determine if a remote
the cause of any packet fragmentation.
application is listening on a port.
¾ immediate access to both current and
¾ access to summarized OSA performance data
historic FTP and telnet activity reports.
reports on physical channel, LPAR utilization,
¾ remote host monitoring to have visibility of and OSA usage.
external systems, such as routers, switches
¾ Externally deliverable (such as by email)
and firewalls.
graphical reports to show historic
¾ being nimble, light and low-overhead so that performance metrics such as interface or
it is responsive – and furthermore does not stack usage.
get in the way of production workloads.
¾ customizable chart types [i.e. data views] to
¾ comprehensive support for all OSA and OSA- suit individual preferences.
Express interfaces.
¾ flexibility to set multiple, meaningful RTM
¾ intelligent monitoring of tn3270(E) with SNA threshold alarms based on multiple criteria.
correlation; e.g. LU names, unused LUs etc.
¾ quick and easy installation of the necessary
¾ NetView interoperability. mainframe agents.
SIMPLE, INTUITIVE AND EASY-TO-USE.
VIP
server
intranet
Linux
LPAR z/OS
LPAR
VIP agent
z8xx The
Internet
VIP
server
System System
Operators Operators
VIP’S TRADE-MARK “NETWORK AT A GLANCE” SCREEN, ENHANCED WITH V4.6 TO DISPLAY NEW
‘ICONIC’ ALERTS AND A GRAPHICAL TRAFFIC BAR THAT ALSO INCLUDES PACKET FRAGMENTATION
COUNT LINKED TO THE FRAMENTATION MONITOR (IN THE EVENT THAT FRAGMENTATION IS TAKING
PLACE WITHIN THE NETWORK) AS WELL AS POP-UP PROTOCOL USAGE IN TERMS OF PERCENTAGES.
THE NEW,
INFORMATION-
PACKED, “ALERTS AT
A GLANCE” SCREEN
IN VIP V4.6 THAT
ENABLES OPERATORS
TO QUICKLY ZERO-IN
ON ON-GOING OR
POTENTIAL NETWORK
ISSUES.
- FTP - TELNET/TN3270(E) - EE
15. Includes 7 powerful and utilitarian (but easy to use) diagnostic tools
that address all pertinent TCP/IP network management scenarios:
17. Extensive tracking of FTP session activity with real-time, live traces
as well as historical data.
19. A full, successful installation is unlikely to take more than one hour.
• EE connection data.
Each of the above chosen methodologies has its own set of unique
advantages. For example, VIP being browser accessible means that
suitably authorized system operators can monitor and manage their
TCP/IP networks from anywhere in the world – whether it be another
SDS VIP v4.6: mastering complexity 13/32 Software Diversified Services
building, a conference room, home, hotel, airport lounge, or a health club.
But that is not all.
MULTIMODAL
DATA COLLECTION AGENT/SERVER BROWSER-BASED
EFFICIENCY 9 9 9
SPEED 9 9
FUNCTIONALITY 9 9 9
EXTENSIBILITY 9 9 9
RELIABILITY/REDUNDANCY 9 9
OVERALL SIMPLICITY 9 9 9
EASE-OF-USE 9
FAST INSTALLATION 9 9 9
If you stop and think about it, even for a second, it is easy to see that all
TCP/IP related data maintained by a MIB must come, in the first place,
from, or via, the TCP/IP stack. This is the basic premise of what this key
VIP feature is all about. If you can tap into the required data at its very
source, i.e. the stack, then there is really no rationale for using any other
scheme.
VIP’s direct stack access scheme allows it to retrieve all the same TCP/IP
monitoring data that SNMP obtains from the standard TCP/IP and IBM
Enterprise MIBs – albeit at a fraction of the processing overhead. This
translates directly to:
The last item mentioned above, i.e. ‘more up-to-date accuracy’, is a direct,
positive consequence of the low CPU utilization of this scheme. Given the
low CPU utilization [i.e. lower costs], VIP v4.6 can collect data more often
without impinging on the CPU resources available to handle the production
workload.
More frequent data collection eliminates the potential for blind spots by
ensuring that events and changes in status are detected faster, minimizing
the elapsed time before the pertinent changes are visible to the system
operators. This is in marked contrast to the case with mainframe monitors
that rely predominantly on SNMP.
Since SNMP querying gobbles up CPU cycles, the SNMP polling interval has
to be relatively long to make sure that SNMP processing does not severely
impact the production workloads. Much, however, can and will happen
during these long SNMP sampling intervals. Thus with a monitor that
relies mainly on SNMP, activity monitoring becomes akin to looking at the
stars in heaven. What you are seeing is an image of things that happened
a long time ago, as opposed to what is really happening out there now!
Thus with direct stack access you get genuinely real-time, minimally
obtrusive network monitoring that does not get in the way of the
production workloads that it is supposed to be monitoring. In reality,
direct stack access, à la VIP, is the best way to obtain accurate real-time
data about TCP/IP activity.
Once configured and activated, the daemon for each stack has to be
repeatedly polled, via UDP packets, to obtain the necessary data from the
MIBs. In some cases, these queries to the OSNMP daemon can result in
large amounts of superfluous data, such as lengthy connection tables.
These repeated polls, and the data they generate, consume considerable
mainframe bandwidth and furthermore impinge on the processing of the
production workload. Genuine, real-time network monitoring is really not
possible with this approach.
The bottom line here is that one cannot escape the fact that the SNMP
approach is inferior to the direct, cross-memory stack access scheme used
by VIP v4 – whichever way you try to slice or dice it. One can sum it up in
one pithy phrase:
When it comes to mainframe TCP/IP monitoring,
SNMP is just passé.
The VIP v4.6 SNMP MIB inquiry capability, moreover, maps several
standard MIBs and supports the querying of any free-form MIB entry.
VIP V4.6’S “REMOTE HOST MONITORS AT A GLANCE” SCREEN WITH THREE ‘DRILL DOWN’
POP-UP SCREENS DISPLAYING SPECIFIC RESPONSE TIME AND PATH LENGTH OPTIONS.
Packet tracing can be a great diagnostic tool – used judiciously when the
required data [e.g. ‘tn’ response times] is not available from other
sources, in particular the stack. It is not an efficient or complete primary
means of network monitoring. Hence the emphasis with VIP on
multimodal data collection, with packet tracing being just one of the
multiple schemes used.
Packet tracing involves intercepting and then analyzing each and every
packet destined to, or originating from, a TCP/IP stack. It involves
copying and storing packet images so that they can be processed to
extract the relevant network monitoring data. Though, at face value, this
approach may appear to be a viable means of providing real-time network
monitoring, in reality, it is fraught with drawbacks.
For a start, just the act of intercepting and copying all packets slows down
all network traffic! Mainframe performance experts will vouch for this.
The delay introduced by packet tracing is such that in some cases timing
related TCP/IP problems can be “fixed” by activating packet tracing to slow
down the network traffic. So packet tracing rather than being truly real-
time, instead distorts real-time network processing.
This technique, with its reliance on data copying, may also incur significant
CPU, virtual storage and paging overhead. The bottom line here is that
just as with SNMP MIB querying, packet tracing is not a method suited for
fast, low-overhead mainframe TCP/IP monitoring.
Packet tracing, though not optimum for network monitoring, is, however, a
very useful diagnostic tool for problem isolation. Thus, VIP v4.6 does
indeed have a powerful IP packet trace facility that interfaces directly to
IBM’s packet trace utility. In addition, VIP v4.6 uses packet tracing for its
tn3270 RTM, HTTP performance and packet fragmentation detail
However, VIP v4.6 only intercepts and analyzes the packets associated
with the specific sessions being monitored. It is thus very much a goal-
specific packet tracing mechanism that is markedly different from that of
constantly tracing each and every packet in order to glean management
data (that is available from other sources, in particular the stack). This is
another example, as with the SNMP support, of VIP’s overarching
multimodal data collection philosophy. It ensures that customers always
get the best of all worlds; packet tracing for diagnostic purposes as well as
for the performance related features, and direct stack access for most of
the other monitoring activities.
Thus VIP v4.6’s rationale for favoring direct stack access for the bulk of its
needs, rather than relying on SNMP or packet tracing, is obvious and
extremely logical. The stack, with a plethora of relevant data and
statistics, is the source of most of the data required for incisive, real-time
mainframe TCP/IP monitoring.
VIP v4.6 includes three response time and performance monitoring related
features to ensure that system operators have the best possible real-time
visibility of network activity. These three response time and performance
monitoring related features being:
1
“Definitions of Protocol and Managed Objects for TN3270E Response Time
Collection Using SMIv2 (TN3270E-RT-MIB)” submitted by IBM in April
1999.
------------------------------------------------
| |
| Client TN3270E Target |
| Server SNA Host |
| Timestamps |
| |
| <---IP Network-------><---SNA Network---> |
| |
| request D |
| ------------------------------------------> |
| reply(DR) E | |
| <----------------------------------------< |
| | +/-RSP F |
| >-------------------- - - - - - - - - - > |
| |
------------------------------------------------
The VIP v4.6 RFC 2562 compliant RTM scheme is powerful and flexible
with no artificial caveats. The v4.6 RTM is capable of monitoring an entire
server, a specific subnet or individual sessions. It is also possible to have
multiple RTMs, with each RTM invoked on-demand or via a pre-scheduled
automated activation. When multiple RTMs are being used, VIP permits
overlap in terms of what each is monitoring. Thus it is indeed possible to
have two RTMs monitoring subnets with overlapping connection ‘pools’, or
to have one monitoring a subnet while the other is monitoring the entire
server. The bottom line here is that VIP v4.6 comprehensively (and
easily) addresses all customer requirements when it comes to tn3270(E)
RTM with IBM’s tn3270(E) server within z/OS Communication Server.
The v4.6 RTM can be used to monitor response times to a specific remote
location, determine the validity of a user complaint of slow performance,
check the ‘health’ of a specific tn3270(E) server, or provide detailed,
historic data for resolving ‘service-level agreement’ (SLA) disputes.
VIP v4.6's ability to show both the SNA system and IP network transit
times, rather than just the IP component or Round Trip Time (RTT),
enables system operators to get a complete view of the RTM composition.
Thus, if there are response time issues they can quickly determine
whether these are occurring within the IP network or inside the
mainframe.
VIP V4.6 TN3270 RTM CONFIGURATION SCREEN SHOWING HOW THE RESPONSE TIME THRESHOLD
BUCKET BOUNDARIES ARE SPECIFIED.
Whereas TN3270 traffic follows a very simple request / reply format with a
single screen of data or less being sent and received over a persistent TCP
connection, HTTP follows a more complex format. With HTTP, a single
mouse click can generate many TCP connections of varying duration as
various parts of the screen are refreshed. And, unlike with TN3270, when
all the data has been moved and the updates made, the connections do
not persist. This means that the TCP handshake time can be an
appreciable component of a user’s overall response time experience.
Finally, HTTP can download large files, for instance PDFs, which are best
characterized via an FTP-like transfer rate mechanism.
VIP V4.6 HTTP PERFORMANCE ANALYSIS CONFIGURATION SCREEN THAT SHOWS THE 3
TYPES OF ALERT THRESHOLDS THAT CAN BE SET – ALONG WITH THE ‘RIDER’ THAT CAN
SPECIFY THE TRANSACTION VOLUME CRITERIA FOR THE ALERTS.
As shown in the screen shot on page 7, VIP’s new HTTP monitor provides
just this sort of information and therefore a complete characterization of
HTTP performance.
Albert Einstein, who knew a thing or two about what true knowledge is all
about, was fond of observing that:
Raw network management data, presented haphazardly, will not help you
get a handle on what is really happening on a mainframe network. The
network management information, whether obtained from a stack, SNMP,
a ping, or an IP packet trace, has to be presented to the operator in ways
which make immediate sense – at a glance.
Operators, help desk staff, and systems programmers do not have the
time to wade through multiple, disparate screens searching for the
information they need. Ideally they have to have all the pertinent
YOUR Z/OS MACHINE CAN SEND YOU DAILY CHARTS BY E-MAIL, ILLUSTRATING HTTP
CONNECTION RATES, IP FRAGMENTATION ERRORS, DATA-TRANSFER RATES OVER TIME,
AT EACH AND EVERY TCP/IP STACK.
VIP v4, thus, does not present operators with just a torrent of raw data, or
a very narrow, specific view of a network subcomponent [e.g. a single
stack or a single application]. Instead VIP v4 gives you the total, big
picture, at a glance, with the necessary views and tools to drill down to
progressively more detailed views – as needed. Yet another instance of
VIP v4 giving users the best of all worlds.
¾ straightforward internationalization.
¾ proven stability.
The bottom line here is that VIP v4 with its browser-based GUI sets out to
define a new and compelling standard for mainframe TCP/IP monitoring.
The best way to appreciate the value of this interface is to look at an on-
line demo, or better still to actually test drive a VIP v4 installation.
New [i.e. modified] data gathered by the agents are fed, in real-time, to
one or more VIP servers. The use of multiple servers ensures resilience
for ‘zero downtime’ operations. If one server fails, users simply need to
redirect their browsers to one of the other servers. In addition, data is
kept at the agent. This means that even without any servers, no data is
lost.
The VIP servers, which are implemented in JAVA, can be deployed on PCs
running Windows, Linux/Unix servers [including Linux LPARs], or an ‘MVS’
LPAR with Unix System Services (USS). This flexible system even allows
for mixing server platforms when multiple servers are used. Thus
customers have a choice between running on the mainframe under USS or
Linux with all the inherent reliability or offloading network management
functions - thus freeing up CPU cycles for more production work. Or, you
can do both.
Unlike most other mainframe monitors VIP does not rely on SNMP,
full-time packet tracing or screen scraping, which are all known to be
inefficient and cumbersome, for its primary data collection needs. VIP v4,
instead, uses a variety of collection methods including directly accessing
the relevant z/OS TCP/IP stacks, via a cross-memory interface, to obtain
most of the network management data it requires. As a result VIP v4
provides true real-time network monitoring, at a fraction of the mainframe
CPU utilization used by other offerings.
Though opting not to use SNMP for its vital stack monitoring functions, VIP
v4, nonetheless, includes uncompromised support for SNMP queries on
remote devices. VIP has a full compliment of easy to use diagnostic tools
such as live IP packet tracing, multiprotocol ping and traceroute, DNS
lookup, MIB query, connection explorer, and a standard MVS system
operator command console.
[[[ \\\
SDS is noted for having the highest quality software, documentation, and
technical support in this industry sector. SDS technical support has been
rated #1 by the prestigious IBEX Bulletin.
Phone: 763-571-9000
Fax: 763-572-1721
www.sdsusa.com