This section introduces TN3270 and summarizes the TN3270E server function implemented in IBM routers. It includes the following topics:
Many companies today are consolidating their WAN traffic onto IP-only backbones. Companies are also simplifying their workstation configurations and attempting to run only the TCP/IP protocol stack at the desktop. However, most of these companies still require access to SNA application hosts.
TN3270 meets these requirements by allowing you to run IP from the desktop over the network and attach to your SNA host through a TN3270 server. The clients connect to the server using a TCP connection. The server provides a gateway function for the downstream TN3270 clients by mapping the client sessions to SNA dependent LU-LU sessions that the server maintains with the SNA host. The TN3270 server handles the conversion between the TN3270 data stream and an SNA 3270 data stream.
To deploy a TN3270 solution, you install TN3270 client software on desktop workstations 3 and TN3270 server software in one of several places discussed below. Client software is available from IBM and many other vendors, and runs on top of the TCP/IP stack in the workstation. A given client product provides one of two possible levels of standards support:
These clients conform to RFC 1576 (TN3270 Current Practices) and/or RFC 1646 (TN3270 Extensions for LU name and Printer Selection).
These clients conform to RFC 1647 (TN3270 Enhancements), and RFC 2355 (TN3270 Enhancements).
A server implementation that can support TN3270E clients is called a TN3270E server.
The TN3270 server function can be placed in a variety of products and positions within a network, including:
IBM and several other vendors provide host TN3270 server software that sits on top of the host TCP/IP stack and connects within the host to VTAM.
IBM and other vendors provide TN3270 server function in networking hardware products. You can place these products directly adjacent to the SNA host, or at any position in the network where you have SNA connectivity to the host. If you are using IBM routers and your host is running APPN, you can use Enterprise Extender technology to place the server at any position where you have IP connectivity to the host.
IBM and other vendors provide TN3270 server software products that you install on mid-range servers that use operating systems such as AIX, OS/2, or Windows/NT. You can place these products at any position in the network where you have SNA connectivity to the application host.
The choice of TN3270 server product and network position is a complex one, involving such factors as:
IBM routers provide a high-performing TN3270E server implementation that scales to large networks. By combining this implementation with the Network Dispatcher feature, you can implement server redundancy and load sharing in large TN3270 installations. You can also place an IBM router out into an SNA or IP network away from the data center and get the same advantages of scalability, incremental addition, and reduced impact of server failure.
The IBM router implementation of TN3270E server supports these RFCs:
It can handle both base TN3270 and TN3270E clients at the same time.
The path from a TN3270 client to the SNA host consists of two pieces:
The form of the SNA connection from the server to the host depends on how the server represents PUs and dependent LUs. When you are using an IBM router as your TN3270 server, you can configure either of two different ways to establish links and represent PUs and LUs to VTAM:
You configure this way when you are not running APPN at the host (even though the router is still APPN-capable). You configure a separate DLC-layer link to the host for every PU (maximum of 255 LUs per PU). Multiple PUs require multiple parallel host links. SNA frames arriving at the router on one of these links flow directly to the corresponding internal PU.
Subarea host links must be a single DLC-layer hop to the product providing the SNA subarea boundary function. Typically, this product is either NCP running in a FEP (front-end processor), or is VTAM itself in the host. The subarea link from the router can traverse bridges or other DLC-layer forwarding mechanisms (such as protocol converters or external DLSw routers). IBM routers support the following link types for subarea host attachment (where the link type is available on a given router product):
You configure this way when you are running APPN with its Dependent LU Server (DLUS) function at the host. At the DLUR router, you configure one or more DLUS(es) to support the TN3270 internal dependent PUs (and any external dependent PUs that may exist). A router running DLUR can either be directly connected to the DLUS host, or can be located remotely across several APPN links. Only one link is required to carry the first or only hop of the DLUR-DLUS "pipe", even if you are defining multiple local PUs (to have more than 255 total LUs). SNA frames arriving on the DLUR-DLUS pipe flow to the DLUR function, which redirects them to the correct internal or external PU.
When you are using DLUR, you can route through an APPN network using either ISR or HPR routing to reach the host. IBM routers support the following link types as the "first hop" APPN link to the host (where the link type is available on a given router product):
Note especially that when using DLUR and HPR routing, you can place a TN3270E server across an IP network from the SNA application host. Enterprise Extender maintains session-level class of service and transmission priority across the IP network.
If an LU-LU session exists when the TN3270 client disconnects from the TN3270 server, an UNBIND or TERM-SELF request will be sent to the host to terminate the LU-LU session. The default is UNBIND cleanup. The local PU or link station must be configured appropriately for TERM-SELF to flow. TERM-SELF should be configured if a session manager (front end) application is being used to get to applications such as TSO or CICS.
From a VTAM or NetView/390 operator console, you can control the links, PUs, and LUs involved with TN3270. For LUs, when a TN3270 client connects in, the router reports the client's IP address and TCP port number to VTAM on its session activation flows (via CV64). VTAM console display commands such as "/D NET,ID=(lu name),E" have the ability to display the TCP/IP address information associated with particular LUs. This permits problem determination for TN3270 clients from a VTAM operator console.
VTAM support for receiving and displaying client IP addresses is in CS for OS/390 V2R6 base code. It was also PTF'd to CS for OS/390 V2R5 (VTAM APAR OW31454, TCP/IP APAR PQ12574).
In addition to enabling this console support, APPN generates SNA alerts for a variety of error configurations, and can forward alerts from other SNA devices. There are no alerts specific to the TN3270 server function, but alerts that the router itself generates may relate to SNA resources involved with TN3270.
IBM routers support an Internet Draft version of both of these standard MIBs for TN3270 server function:
IBM router support for these MIBs includes the ability to:
In addition, the following enterprise-specific MIB shows the reasons why clients were not able to successfully connect to the TN3270 server:
These TN3270-related MIBs supplement the extensive IBM router MIB support for APPN and SNA resources.
Some IBM router products (currently the 2216 and 2212) support a "Web Server Cache" function, where they can sit in front of an HTTP server and offload the server by caching Web objects and serving them up to requesting clients. Among the objects these routers can cache are Java applets that provide TN3270 client function.
Host On-Demand (HOD) Client Caching allows one of these routers or the IBM Network Utility to cache TN3270 client function applets from an HOD host Web server and serve them to client browsers upon request. The browsers then launch the TN3270 terminal emulation applets. These applets connect to an SNA host either through the router's TN3270 server function, or through some other TN3270 server.
Host On-Demand support is packaged with the TN3270 server function, but you configure the two independently. The router can cache HOD clients but not be configured as a TN3270 server. Likewise, the router can be a TN3270 server with no HOD caching enabled. The Web Server Cache router code loads that do not include TN3270 server function (only on 2216 and 2212) can also cache HOD client applets if so configured.
Because the HOD client cache function is completely separate from the Server function, it is not further discussed in this chapter. See the chapter entitle "Configuring and Monitoring IBM eNetwork Host On-Demand Client Cache" in the Using and Configuring Features publication, for more information on this function.
This section covers general information about configuring TN3270 server support. For specific example configurations, see "Example Configurations".
Depending on your router type and configuration method, you may have to take extra steps to load APPN and TN3270 code and be able to access their command-line configuration and monitoring prompts:
For details about the load add command, see the chapter entitled "The CONFIG Process (CONFIG - Talk 6) and Commands" in the Software User's Guide.
In the IBM router implementation of TN3270 server, all SNA functions are bundled within the APPN protocol. This means that even when you are configuring SNA subarea host attachment and your SNA host is not running APPN, you must use the configuration and console services of the APPN protocol. In particular:
When you configure SNA subarea support, the router does in fact still function as an APPN network node, but only on links to other APPN nodes. If the only ports and links you configure are those for SNA subarea host attachment, then the APPN function itself does not run.
To enable the TN3270 server function, you must configure an IP address to which the TN3270 clients will connect. The IBM router TN3270 implementation supports only a single server IP address (but multiple destination TCP ports). The address you configure for TN3270 must match one of the following addresses you configure for IP, otherwise TN3270 will not initialize.
You can assign any number of addresses to an interface. The interface can be either physical or a virtual "loopback" interface. Physical interface addresses are active only when the associated interface is up, but loopback interface addresses are always active.
This is a single address that represents the entire router and is active independent of the state of any particular interface.
When you choose the IP address for the TN3270 function, you must consider that administrative users also need to be able to establish regular Telnet sessions, to bring up remote router consoles. The default destination port for both Telnet and TN3270 is the same (23), so unless you want one or the other sets of users to use a non-default destination port, you must set aside different IP addresses for Telnet and TN3270 users.
If you are using router code V3.4 or higher, the recommended procedure is to define a loopback interface and use one of the IP addresses on that interface as your TN3270 server IP address. If you are using router code before V3.4, you need to choose either to use a physical interface address for TN3270 and leave the internal address for Telnet, or vice versa. One important consideration in this choice is whether you have multiple parallel TN3270 servers, each of which needs the same server address but different Telnet addresses for maintenance.
When you configure the server IP address, you also specify a destination TCP port number to which the TN3270 clients will connect. You must provide at least one port number as part of server's general configuration (TN3270E config> set command, Configuration Program TN3270E Server/General panel). Optionally, you can configure additional TCP ports for the TN3270 server to "listen" on (TN3270E config> add port command, Configuration Program TN3270E Server/Ports panel).
The following are reasons you might want to configure more than one server TCP port:
The TN3270 protocol requires an E-capable server to initiate certain negotiations with clients. Some old non-E clients fail instead of simply ignoring these negotiations. You can configure the router so that it treats clients connecting to a given destination port as non-E clients, and does not send them the offending request. You then configure the non-E clients to attach to that port.
Many clients cannot request an SNA resource by name, but they all connect to a destination TCP port. When you configure a destination port, you associate an LU pool with that port number (there is a global default pool if you do not specify a particular one). Clients that connect to this port and do not specify an LU name will be assigned an LU from this pool.
If you have globally enabled the mapping of client IP addresses to LU or LU pool names, the router chooses the LU using the IP address mapping rules rather than using the port to LU pool association. You may want to have a set of clients that are exempt from this mapping (note that clients who fail to match the configured mappings are refused a connection). You can configure a destination port so that when a client connects to that port, IP address mapping is ignored. When you select this option, the LU pool associated with that port is used instead to choose the LU.
If you have globally enabled the mapping of client IP addresses to LU or LU pool names, you may want to have different IP mapping rules apply to different sets of clients. When you configure an IP mapping table entry, you can specify a destination TCP port number (the default is "all ports"). When you do so, only the clients that connect to that port number are checked against that mapping entry.
You must always define dependent PUs in the router, to contain the LUs that the router associates with incoming TN3270 client TCP connections. Each PU you define must have a corresponding PU definition in VTAM.
If you are using DLUR for your host connection, the internal PUs you define each appear to have an "inside the box" logical link to the DLUR function. This logical link is always active when APPN and TN3270 are active. DLUR may at the same time be serving other dependent PUs external to the router.
You need to define only as many PUs as you need to contain your LUs, where each PU can have 255 LUs. If you are defining more than one local PU, you distinguish them by specifying different local node IDs. To configure a local PU for DLUR using the command line, use the add local-pu command. From the Configuration Program, select Local PUs from under the TN3270E Server protocol in the Navigation window.
If you are using subarea links for your host connection, each link is bound to an associated internal PU. The router creates this internal PU automatically when you configure a subarea link; you do not explicitly configure internal PUs the way you do with DLUR. The link associated with each PU is a real external link which can go up or down. Some users distribute the LUs that are in a single pool across multiple subarea PUs, so that if one link fails there may be another available to service client reconnection attempts.
To configure a subarea link using the command line, use the add link command. Respond yes to the question "Solicit SSCP session?", and no to the question "Does link support APPN function?". From the Configuration Program, select Interfaces from under the APPN protocol in the Navigation Window, then click on the Link stations column heading. If you are configuring more than one subarea link under the same physical port, you must enable that port to support multiple PUs. You distinguish the PUs by local node ID as well as by local addressing information such as the SAP address.
When a TN3270 client is fully connected, its TCP connection is paired with an SNA LU representation in the server. VTAM also has a representation for the same LU. Each of these LU representations has a name, and it is possible but not necessary for the server LU name to match the VTAM LU name. Since a typical TN3270 configuration involves thousands of LUs to satisfy as many potential clients, various schemes have been developed to ease the burden of configuring LUs and to make it possible for the server and VTAM names to match.
The IBM router implementation of TN3270 server currently supports the following LU definition methods. See the sections that follow for a detailed description of each method. All these methods are available regardless of whether your host link attachment is DLUR or subarea.
With this method, you configure LUs in the router either individually by name or in groups using name seeds. You define corresponding LUs in VTAM by hand using the same or different LU names. The PU ID and LU's NAU addresses are what relate the router's LUs to VTAM's LUs.
With this method also, you configure LUs in the router either individually by name or in groups using name seeds. In VTAM, you code model LU definitions and associate them with the dependent PUs defined in the router. When a TN3270 client connects in to the router, the router selects an LU and sends its configured information about that LU to VTAM (both NAU address and name). Passing the router LU name in this manner is referred to as "name pushing". VTAM creates the LU definition dynamically, using either its own name seed or the LU name "passed" by the router.
When a TN3270 client disconnects, the router sends a notification of this event. Later levels of VTAM have the ability to destroy the dynamic LU. Earlier versions do not destroy the LU but simply deactivate it pending usage by another client. Dynamic creation and deletion make it possible to have the same named LU be served by any of a number of parallel load-balanced TN3270 servers.
With this method, you are not required to configure LUs in the router. You simply configure on a PU basis that a PU supports host-initiated dynamic LUs. In VTAM, you define PUs and LUs by hand as normal. When you activate the LUs at VTAM, the ACTLUs cause the router to dynamically create corresponding LUs using the VTAM LU name. The dynamic LUs are treated as explicit LUs or are placed into implicit LU pools based on whether you configure a pool name for the HIDLU-capable PU.
You can choose any of these LU definition methods, based on the size of your network configuration, level of router and VTAM code, LU naming requirements, and server load balancing requirements. You can combine HIDLU with the other methods by configuring some LUs in the router and allowing the rest to be dynamically created, even within the same PU.
You need to configure LUs in the router unless you are using Host-Initiated Dynamic LUs. You can configure individual LUs or groups of LUs. Normally, you configure individual LUs when you want to fully specify the LU name and fix it at a particular NAU address. You configure groups of LUs when you have a large number of similar LUs to define and you want the router to generate the LU names.
To configure an individual LU from the command line, use the add lu command. You specify the name of the PU (or subarea link) for the LU, and the LU's name, type, and NAU address. To configure an individual LU from the Configuration Program, select LUs from under the TN3270E Server protocol in the Navigation Window, then click on the LUs column heading.
To configure a group of LUs from the command line, use the add implicit-pool command. This command defines a group of LUs under a single PU and places them in a pool. You can use this command several times to place different groups of LUs in the same pool, such as LUs from different PUs.
Each time you add a group, you specify the name of the PU, name of the pool, and LU type information. Instead of a single NAU address, you specify either a range of addresses, or the number of LUs you want to add. At initialization time, the router fixes the NAU addresses for configured individual LUs, then assigns the remaining addresses in the range, or number of addresses, to LUs in the group.
Instead of a single LU name, for a group you specify an LU name mask. When the router initializes, it assigns LU names by suffixing this mask with the LU's NAU address in decimal (not padded with leading zeros). For example, a mask of "@LU1A" might result in the LU names @LU1A1, @LU1A2, and so forth.
If you specify a NAU address range, the router generates names appending the NAU address starting with the bottom of the range going to the top, as just shown with @LU1A. If you specify the number of LUs instead of an NAU address range, the router generates names starting with NAU 2, incrementing up to 255, and ending with 1. For example, a mask of @LU2A for 10 LUs would generate the names @LU2A2, @LU2A3, ..., @LU2A11. The server code starts with 2 for migration consistency with prior code releases that did not support the NAU value 1. To see the exact names the router generates for LUs under a particular PU, use the Talk 5 TN3270 list pu name command.
To configure a group of LUs from the Configuration Program, you must first name the target pool by selecting Pools from under the TN3270E Server protocol in the Navigation Window. Then select LUs from the Navigation window and click the Implicit Pool column heading.
As summarized in Defining LUs, you may use DDDLU to avoid duplicate definition of LUs in both VTAM and the router. DDDLU allows you to configure LUs in one place only, the router. In VTAM, you only need to define one or more PUs depending on the number of LUs you need. Implementation of DDDLU also eliminates the effort of VTAM definitions and maintenance for future LU definition requirements.
When a TN3270E client requests a connection using one of the LUs defined in the router, the router sends a Reply PSID NMVT command to VTAM on the SSCP-PU session. In this command, the router sends the following information:
On receipt of this NMVT, VTAM sees from the PU definition that there is no definition for the LU in question. VTAM then uses the PU definition and the information in the NMVT to choose a model LU statement and create an LU definition.
The name that VTAM chooses for the dynamic LU is driven by an exit routine for Selection of Definitions for Dependent LUs (SDDLU). If you use the standard IBM-supplied user exit routine, VTAM constructs a name using the LUSEED value on the PU statement, suffixed by the NAU address. You must also code the LUGROUP operand to specify a model major node. These operations are described in VTAM Network Implementation Guide, SC31-8370, under the section entitled "Defining Dependent LUs Dynamically".
If you want VTAM to use the LU name that the router sends in the Reply PSID NMVT command, you must replace the standard SDDLU user exit with one available from the IBM router support download Web pages. This routine ignores the LUSEED operand and simply uses the name pushed from the router. To download this routine from the 2216 Web pages, for example, go to http://www.networking.ibm.com/support/downloads/2216 , select the link to "APPN/TN3270 Files", and select the user exit package. The package is common to all IBM routers.
When a TN3270 client disconnects from the router, it sends VTAM another Reply PSID NMVT indicating that the device has powered off. VTAM can then delete the dynamically created LU. This frees up storage and makes the name available for reuse.
VTAM support for dynamic LU deletion on client disconnect is in the base code of CS for OS/390 V2R6, and is PTF'd to CS for OS/390 V1R3 and above with APAR OW29773.
IBM's Network Dispatcher (ND) can provide a TCP load balancing function when installed between clients and two or more TN3270 servers. The IBM router version of ND and TN3270 Server work together so that ND sends new client connections to the least busy TN3270 server. Previously, when using ND to load balance between TN3270 servers going to the same VTAM, you could not have LUs that needed a fixed VTAM LU name. This is because ND could route the client TCP connection to any of the servers, but you could not have duplicate LU names active at VTAM at the same time.
With LU name pushing and deletion, you can configure the desired LU name at all the potential TN3270 servers. When the client connects in, the server that ND selects sends the name to VTAM for dynamic creation. When the client disconnects, VTAM can delete it. This makes it available to be created again through whichever TN3270 server ND selects the next time the client connects in.
The following example shows a VTAM PU definition for DDDLU. Note that several static LUs that require specific LU names and 3270 printers on specific ports are also defined under the same switched major node.
Example:
DDDPU VBUILD TYPE=SWNET
DDPU PU ADDR=02, x
IDBLK=077, x
IDNUM=22160, x
PUTYPE=2, x
USSTAB=US327X, x
LUGROUP=GROUP1, x
LUSEED=DDLU###, x
DLOGMOD=D4C32XX3
SALE01 LU LOCADDR=98, x (1)
DLOGMOD=D4C32XX3, x
LOGAPPL=CICSA
SALEPRT LU LOCADDR=99, x (2)
LOGMODE=SAL3287, x
LOGAPPL=CICSA
(1) In this sample definition, the LU 'SALE01' was requested to be on LOCADDR=98 because of specific requirements. Therefore, this specific LU is defined under this 'DDDPU' to meet the requirements.
(2) In this definition, the printer must also be on a specific address. This especially happens for some SNA applications (e.g. CICS). The application for the sales department needs a printer on address 99, with LOGMODE=SAL3287, and it needs to be connected to application CICSA when it is activated.
For users who wish to write their own or modify one of the VTAM SDDLU exit routines, the router sends LU information in the Reply PSID NMVT as follows:
An example of these subvectors follows:
191000 161103130012F3F2F7F0F0F0F2 (3270 device - mod 2)
1D86 1100C9C2D4E3D5F3F2F7F0D3E4D5C1D4C5 (IBMTN3270LUNAME)
0A10C1C1C1C1C2C2C2C2 (LU name is AAAABBBB)
Table 3. Device/model type Values
| Device/Model | NMVT Vector |
|---|---|
| 3270 mod 2 display | 3270002 |
| 3270 mod 3 display | 3270003 |
| 3270 mod 4 display | 3270004 |
| 3270 mod 5 display | 3270005 |
| 3270 printer | 3270P |
| SCS printer | SCSP |
As summarized in "Defining LUs", HIDLU removes the burden of configuring LUs in the router by having the router dynamically create LUs as they are activated from VTAM. This is essentially the opposite of DDDLU, where you configure the LUs in the router and dynamically create them in VTAM. HIDLU allows LUs to be defined in VTAM only. In the router you define only a PU, or as many PUs you need, but no LUs for these PUs.
When VTAM activates the PU and its LUs, the VTAM LU names are conveyed to the router in ACTLU commands in Control Vector 0E. LUs defined in this manner have the same name in both VTAM and the router.
To configure HIDLU in the router, you must still define local dependent PUs in the router either for DLUR or subarea links, as described in "Defining PUs". When you configure the DLUR PU or the subarea link, you simply indicate that Host-initiated dynamic LUs should be allowed for this PU. You also indicate whether these dynamic LUs are to be placed in a pool or not, by optionally specifying a pool name. If you do not specify a pool name, the LUs will be treated only as workstation LUs. If you do specify a pool name, you can indicate whether they are workstation or printer LUs. All pooled HIDLU LUs under a given PU must be in the same pool and have the same type. You can use the same pool name for multiple PUs if you want more than 255 LUs in the pool or you want the pool to span multiple subarea links.
If you place HIDLUs into a pool, you do not need to configure clients to explicitly request a particular LU. The clients can request an LU by pool name, using an IP address to pool mapping, or using a TCP port to pool mapping. You can also mix explicit LUs with HIDLU pooled LUs by configuring an individual LU under a PU that is configured with a host-initiated pool. When the ACTLU arrives for the configured individual LU, the router does not create a dynamic LU.
To configure HIDLU in VTAM, you must define the dependent LUs in the major node and specify INCLUD0E=YES on the PU statement. The INCLUD0E keyword is supported by VTAM V4R4 with APARs OW31805 and OW31436. For remote subarea connections through NCP, V7R6 is needed for INCLUD0E keyword support.
If the host is a DLUS and the PU is being serviced by a DLUR in another node, then CV0E of the ACTLU request may not be forwarded to the PU from the DLUR. In this case, the LUs will not be created dynamically. Once LUs have been created dynamically, they can only be removed by rebooting or manually deleting via configuration. If the LU names are changed in the host major node file after the LUs have been created dynamically, the local names in the router will not be changed.
When a TN3270 client connects to a server, the server must choose an LU to associate with that client, or deny the connection. There are a number of ways you can configure your clients and server to control which LUs will be chosen, and which clients will be denied. The IBM router implementation of TN3270 server supports the following methods:
The following sections describe background concepts, how to configure each of these methods, and how they work.
As described above in "Configured LUs", you can configure individual LUs or groups of LUs in the router. In addition, dynamic host-initiated LUs can be treated individually or in groups. An LU pool is simply a named group of LUs. For example, you might call a pool MYPOOLA.
The LUs in a pool can come from one or many different PUs. Except for host-initiated dynamic LUs, the LUs under a PU can be placed in multiple pools. The LUs that you place into a specific pool would typically have similar VTAM definitions and characteristics such as using the same USSMSG10. Using pools is your primary means to group similar LUs together and you will ultimately map a set of like TN3270 client end users to specific pools.
There is always at least one pool defined to TN3270E Server, referred to as the Global Default Pool. You name this pool when you initially configure TN3270E Server, and by default it is named PUBLIC. Whatever you name the default pool, you can refer to that name in other parts of the server configuration using the special character string <DEFLT >. This permits you to later change the pool name in only one place without having to change all references to it. Note however that the string <DEFLT> has special meaning when used in an IP address mapping table entry, so you should be careful to understand that meaning when defining such mappings.
You may not need to have a default pool, but it will exist regardless. You do not, however, have to put any LUs into this pool.
LUs in the TN3270 server can be divided into two categories, based on how clients are allowed to access them. Implicit LUs are always members of a pool, and clients can access them either by their individual name or by any of the methods that use pool names. You configure implicit LUs either by adding a group of them to a pool, or by adding individual ones to a pool. Explicit LUs are never members of a pool (even the global default pool), so they can be accessed only by clients requesting their individual name, or by IP address mappings to that name. The server function will never assign an explicit LU to a client that requests or is mapped to a pool name.
Client implementations that support RFCs 1646 or 2355 can request a resource name when they connect to a TN3270 server. In the IBM router server, this name is treated either as an individual LU name or as a pool name. In the client configuration, it may be called an LU name even though the same name is configured in the router as a pool name.
If your LU definition method involves different LU names at the router and at VTAM, the name passed by the client must match the router's LU name, not the LU name in VTAM.
In the absence of IP address and TCP port mapping, the server attempts to satisfy the client's request as follows:
See the sections below for what happens when a client a name and one of the mapping methods also applies.
You can configure the router's TN3270 server function to map client IP addresses either to individual LU names or to LU pool names. You may want to do this if your clients do not have the ability to request resource names, or you do not want to configure the clients individually. You may also want to use this function as a security mechanism, to deny connections to any clients that are not on the IP mapping access list.
To configure this mapping function, you first enable it globally as part of overall TN3270 server configuration. If you wish clients connecting to certain server TCP ports to be exempt from IP address mapping, you can disable this function on a port-by-port basis when you configure the ports. You then create a table of IP address mapping entries, each of which maps a set of IP addresses to a single LU or pool name. By default, a given entry applies to all server TCP ports, but you can specify that an entry should be used only for connections made to a certain destination TCP port. This allows you to have clients from different IP networks use the same set of port numbers but map to different LU pools based on both their network and the destination server port number.
The key fields in each mapping entry are: an IP address, and IP address mask, and an LU or LU pool name. The IP address mask indicates which bits of the configured IP address are to be compared against the corresponding bits in the incoming client's source IP address. This allows you to map either individual clients or entire subnets.
For example, if your mapping entry is defined as:
IP Address: 1.2.3.4 Subnet Mask: 255.255.255.255 Pool or LU: MYLU
If a TN3270 client connects in using IP address 1.2.3.4, then the TN3270E Server will assign MYLU to this client. Here we are mapping an individual IP address to an Individual LU. Specific clients can also be mapped to a pool.
If your mapping entry is defined as:
IP Address: 1.2.3.4 Subnet Mask: 255.255.255.0 Pool or LU: YOURPOOL
If a TN3270 client connects in using an IP address of 1.2.3.1, or 1.2.3.2, or 1.2.3.3, ..., etc. then TN3270E Server will assign the client an LU from YOURPOOL. Since the subnet mask is 255.255.255.0, all clients in this subnet would match this mapping entry. Masks that are not 255.255.255.255 must be mapped to a pool rather than to an individual LU.
Suppose you define both of the above mapping entries. Note that client 1.2.3.4 would match both of these mapping entries. TN3270E Server will always use the most specific match first. In this example, the client would get mapped to the LU called MYLU.
Suppose again that both of the above mapping entries are defined and client 1.2.3.4 connects in. TN3270 will choose the most specific mapping entry and attempt to connect with the LU called MYLU. However, for some reason the server cannot successfully establish the session with MYLU; MYLU could already be in use, or it may not be activated by VTAM. After unsuccessfully attempting to connect to MYLU, the server normally scans the IP address mapping table to see if there is another less specific match for this client. In our example there is another match and TN3270E Server would connect the client to an LU from YOURPOOL.
There are cases where you may not want the router to use a less-specific match after a more specific match fails. To control this behavior, you can optionally configure an entry as the "final LU mapping connection attempt". If this yes/no flag is set, the server function does not look for less specific matches following a failed match on this entry.
The TN3270 server makes the following checks when a client connects to the router and does not pass in a specific name request:
When a client connects in and makes a request for a specific name, the matching logic is different. In order to successfully connect, a mapping entry must exist whose IP address and mask match the client and whose resource name is the exact same as the name passed in by the client. If the client requests an individual LU name, that name must be in the mapping table, not just the name of a pool containing that LU. The server does not search the mapping table for the most specific IP address and mask match. If the connection to the LU/pool with the requested name cannot be satisfied, the server does not re-scan the mapping table for other matching entries.
You can use the TN3270 Talk 5 command list mapping to see the order in which mapping entries will be searched. You can put a specific IP address as a parameter to this command, to see only those mapping entries that apply to that IP address.
Here are a number of important additional considerations for constructing IP address mapping entries:
You can configure the router's TN3270 server function to map incoming client connections to LU pools based on the TCP port number to which the clients are connecting. You may want to do this if your clients do not have the ability to request resource names, or you do not want to configure the clients individually. You may also be migrating an existing network where clients already connect to different TCP port numbers based on application needs.
To configure TCP port to pool association, you specify a pool name with the port when you configure the port (see "Server TCP Ports"). Clients obviously each have to connect in through one of the defined ports and the server function assigns an LU based on what pool is associated with the port. If you do not specify a pool name for a port, or you give the special value <DEFLT>, the global default pool is associated with that port. This is the same pool you associate with the globally defined server port when you first configure the TN3270 server.
If a client connects in and does not pass a resource name, the TN3270 server function assigns an LU from the pool associated with the destination port. If no LUs are available, the connection is rejected.
If a client connects in and passes a specific LU or LU pool name, the following rules apply:
The above description assumes IP mapping is disabled. If IP address mapping is enabled, then by default the IP address mapping function applies to all ports and will override TCP port to pool mapping. You can change this default behavior by disabling IP address mapping on a TCP port basis, as described earlier. Note also the special case where an IP address mapping entry with the <DEFLT> pool can cause LU allocation from the pool associated with the TCP port.
It is possible to use a combination of both IP address mapping and TCP port to pool association. The following is an example of how one user combined these methods to meet their mapping needs.
It is common to define a large pool of LUs that reside in multiple PUs. Any pool with more than 255 LUs must include more than one PU. Spreading a pool's LUs across multiple PUs can lessen the number of clients affected by any given link or PU failure. How the server allocates LUs from among these multiple PUs also determines how many clients are affected by a link or PU failure. For example, if the server allocated all the LUs in one PU before allocating any from the second PU, failure of the first might affect as many as 255 clients needlessly.
The IBM router implementation of TN3270 generally does round-robin allocation of LUs from among multiple PUs in a pool. All other things being equal, it will allocate LU1 from PU1, LU1 from PU2, and so on. At the same time the allocation algorithm favors those PUs that are currently active (avoiding the delay of an activation attempt), and it favors LUs that provide an exact match to the model type requested by the client.
The rules for LU selection are as follows:
Based on whether an exact or acceptable match is found, PUs are moved on a list to provide general round-robin allocation while keeping less desirable PUs from always being searched first.
This section contains sample VTAM and router command-line configurations for basic TN3270 server scenarios. For more advanced scenarios and Configuration Program information, see "Other Example Configurations".
If you are using DLUR to communicate with the host, the local PUs used by the TN3270E Server need to be configured in the host as DLUR internal PUs. The following code is an example of the host VTAM configuration:
PUJOE7 PU ADDR=12,
IDBLK=077, IDNUM=EEEE7, (1)
MAXPATH=8,
ISTATUS=ACTIVE,
MODETAB=LMT3270,
USSTAB=STFTSNA2,
ANS=CONT,
MAXDATA=521,
IRETRY=YES,
MAXOUT=7,
DLOGMOD=G22NNE,
NETID=STFNET,
PASSLIM=5,
PUTYPE=2
JCPATH7 PATH PID=1,
DLURNAME=VLNN01,
DLCADDR=(1,C,INTPU),
DLCADDR=(2,X,07711111)
JC7LU2 LU LOCADDR=2
JC7LU3 LU LOCADDR=3
JC7LU4 LU LOCADDR=4
JC7LU5 LU LOCADDR=5
JC7LU6 LU LOCADDR=6
| Note: | (1) 07711111 represents the ID block/ID number of the local PU. The 077 part of this value is not configurable at the router. |
The following example shows how to configure the router to use an upstream DLUR connection for TN3270, using the command line.
APPN config>
APPN config>set node
Enable APPN (Y)es (N)o [Y]?
Network ID (Max 8 characters) [STFNET]?
Control point name (Max 8 characters) [VLNN2]?
Enable branch extender (Y)es (N)o [N]?
Route addition resistance(0-255) [128]?
XID ID number for subarea connection (5 hex digits) [00000]?
Use enhanced #BATCH COS (Y)es (N)o [Y]?
Use enhanced #BATCHSC COS (Y)es (N)o [Y]?
Use enhanced #INTER COS (Y)es (N)o [Y]?
Use enhanced #INTERSC COS (Y)es (N)o [Y]?
Write this record? [Y]?
The record has been written.
APPN config>
APPN config>
APPN config>set dlur
Enable DLUR (Y)es (N)o [Y]?
Fully-qualified CP name of primary DLUS [STFNET.MVS8]?
Fully-qualified CP name of backup DLUS []?
Perform retries to restore disrupted pipe [Y]?
Delay before initiating retries(0-2756000 seconds) [120]?
Perform short retries to restore disrupted pipe [Y]?
Short retry timer(0-2756000 seconds)[120]?
Short retry count(0-65535) [5]?
Perform long retry to restore disrupted pipe [Y]?
Long retry timer(0-2756000 seconds) [300]?
Write this record? [Y]?
The record has been written.
APPN config>
APPN config>tn3270e
TN3270E config>set
TN3270E Server Parameters
Enable TN3270E Server (Y/N) [Y]?
TN3270E Server IP Address[4.3.2.1]?
Port Number[23]?
Enable Client IP Address to LU Name Mapping (Y/N) [N]
Default Pool Name[PUBLIC]?
NetDisp Advisor Port Number[10008]?
Keepalive type:
0 = none,
1 = Timing Mark,
2 = NOP[2]?
Frequency ( 1 - 65535 seconds)[60]?
Automatic Logoff (Y/N)[N]?
Write this record?[Y]?
The record has been written.
TN3270E config>exit
APPN config>
APPN config>add loc
Local PU information
Station name (Max 8 characters) []? link1
Fully-qualified CP name of primary DLUS[STFNET.MVS8] ?
Fully-qualified CP name of a backup DLUS[]?
Local Node ID (5 hex digits)[11111]?
Autoactivate (y/n)[Y]?
Write this record?[Y]?
The record has been written.
APPN config>tn3270
TN3270E config>add im
TN3270E Server Implicit definitions
Pool name (Max 8 characters)[<DEFLT>]?
Station name (Max 8 characters)[]? link1
LU Name Mask (Max 5 characters) [@01LU]?
LU Type ( 1 - 3270 mod 2 display
2 - 3270 mod 3 display
3 - 3270 mod 4 display
4 - 3270 mod 5 display) [1]?
Specify LU Address Range(s) (y/n) [n]
Number of Implicit LUs in Pool(1-255) [50]?
Write this record?[Y]?
The record has been written.
TN3270E config>
TN3270E config>add lu
TN3270E Server LU Definitions
LU name(Max 8 characters) []? printer1
NAU Address (1-255) [0] 2
Station name (Max 8 characters) []? link1
Class:
1 = Explicit Workstation,
2 = Implicit Workstation,
3 = Explicit Printer,
4 = Implicit Printer[3]?
LU Type ( 5 - 3270 printer
6 - SCS printer) [5]?
Write this record[Y]?
The record has been written.
TN3270E config>
TN3270E config>list all
TN3270E Server Definitions
TN3270E enabled: YES
TN3270E IP Address: 4.3.2.1
TN3270E Port Number: 23
Keepalive type: NOP Frequency: 60
Automatic Logoff: N Timeout: 30
Enable IP Precedence: N
Link Station: link1
Local Node ID: 11111
Auto activate : YES
Implicit Pool Informationø
Number of LUs: 50
LU Mask: @01LU
LU Name NAU addr Class Assoc LU Name Assoc NAU addr
--------------------------------------------------------------- --------
printer1 2 Explicit Printer
TN3270E config>exit
APPN Config>exit
Config> Config>p ip Internet protocol user configuration IP config>li all Interface addresses IP addresses for each interface: intf 0 9.1.1.20 255.0.0.0 Local wire broadcast, fill 1 intf 1 IP disabled on this interface intf 2 IP disabled on this interface Internal IP address: 4.3.2.1 Routing Protocols BOOTP forwarding: disabled IP Time-to-live: 64 Source Routing: enabled Echo Reply: enabled TFTP Server: enabled Directed broadcasts: enabled ARP subnet routing: disabled ARP network routing: disabled Per-packet-multipath: disabled OSPF: disabled BGP: disabled RIP: disabled IP config> *
The following example shows how to configure the router to use an SNA subarea (non-APPN) upstream host connection for TN3270, using the command line. In this example, the router appears to VTAM as multiple downstream PUs.
Config>p appn APPN config>set node Enable APPN (Y)es (N)o [Y]? Network ID (Max 8 characters) [STFNET]? Control point name (Max 8 characters) [VLNN2]? Enable branch extender (Y)es (N)o [N]? Route addition resistance(0-255) [128]? XID ID number for subarea connection (5 hex digits) [00000]? Use enhanced #BATCH COS (Y)es (N)o [Y]? Use enhanced #BATCHSC COS (Y)es (N)o [Y]? Use enhanced #INTER COS (Y)es (N)o [Y]? Use enhanced #INTERSC COS (Y)es (N)o [Y]? Write this record? [Y]? The record has been written. APPN config>
APPN config>add port
APPN Port
Link Type: (P)PP, (FR)AME RELAY, (E)THERNET, (T)OKEN RING,
(S)DLC, (X)25, (FD)DI, (D)LSw, (A)TM, (I)P []?fr
Interface number(Default 0): [0]? 2
Port name (Max 8 characters) [F00002]?
Enable APPN on this port (Y)es (N)o [Y]?
Port Definition
Support multiple subarea (Y)es (N)o [N]? y
All active port names will be of the form <port name sap>
Service any node: (Y)es (N)o [Y]?
High performance routing: (Y)es (N)o [Y]? n
Maximum BTU size (768-8136) [2048]?
Percent of link stations reserved for incoming calls (0-100) [0]?
Percent of link stations reserved for outgoing calls (0-100) [0]?
Local SAP address (04-EC) [4]?
Support bridged formatted frames: (Y)es (N)o [N]?
Edit TG Characteristics: (Y)es (N)o [N]?
Edit LLC Characteristics: (Y)es (N)o [N]?
Edit HPR defaults: (Y)es (N)o [N]?
Write this record? [Y]?
The record has been written.
APPN config>add link
APPN Station
Port name for the link station [ ]&sqbul.? f00002
Station name (Max 8 characters) [ ]? suba1
Activate link automatically (Y)es (N)o [Y]?
DLCI number for link (16-1007) [16]? 23
Adjacent node type: 0 = APPN network node,
1 = APPN end node or Unknown node type,
2 = LEN end node [0]?
Solicit SSCP Session: (Y)es (N)o [N]? y
Local Node ID (5 hex digits) [00000]? 12345
Local SAP address (04-EC) [4]? c
Allow CP-CP sessions on this link (Y)es (N)o [Y]? n
Configure CP name of adjacent node: (Y)es (N)o [N]?
Edit TG Characteristics: (Y)es (N)o [N]?
Edit LLC Characteristics: (Y)es (N)o [N]?
Edit HPR defaults: (Y)es (N)o [N]?
Write this record? [Y]?
The record has been written.
APPN config>act
APPN config>
APPN config>tn3270e
TN3270E config>set
TN3270E Server Parameters
Enable TN3270E Server (Y/N) [Y]?
TN3270E Server IP Address[4.3.2.1]?
Port Number[23]?
Enable Client IP Address to LU Name Mapping (Y/N) [N]
Default Pool Name[PUBLIC]?
NetDisp Advisor Port Number[10008]?
Keepalive type:
0 = none,
1 = Timing Mark,
2 = NOP[2]?
Frequency ( 1 - 65535 seconds)[60]?
Automatic Logoff (Y/N)[N]?
Write this record?[Y]?
The record has been written.
TN3270E config>exit
APPN config>
Write this record?[Y]?
The record has been written.
APPN config>tn3270
TN3270E config>add im
TN3270E Server Implicit definitions
Pool name (Max 8 characters)[<DEFLT>]?
Station name (Max 8 characters)[]? suba1
LU Name Mask (Max 5 characters) [@01LU]?
Specify LU Address Range(s) (y/n) [N]
Number of Implicit LUs in Pool(1-255) [50]?
Write this record?[Y]?
The record has been written.
TN3270E config>
TN3270E config>add lu
TN3270E Server LU Definitions
LU name(Max 8 characters) []? printer1
NAU Address (1-255) [2]
Station name (Max 8 characters) []? suba1
Class:
1 = Explicit Workstation,
2 = Implicit Workstation,
3 = Explicit Printer,
4 = Implicit Printer[3]?
LU Type ( 5 - 3270 printer
6 - SCS printer) [5]?
Write this record[Y]?
The record has been written.
TN3270E config>
TN3270E config>list all
TN3270E Server Definitions
TN3270E enabled: YES
TN3270E IP Address: 4.3.2.1
TN3270E Port Number: 23
Keepalive type: NOP Frequency: 60
Automatic Logoff: N Timeout: 30
Enable IP Precedence: N
Link Station: suba1
Local Node ID: 12345
Auto activate : YES
Implicit Pool Informationø
Number of LUs: 50
LU Mask: @01LU
LU Name NAU addr Class Assoc LU Name Assoc NAU addr
--------------------------------------------------------------- --------
printer1 2 Explicit Printer
TN3270E config>exit
APPN Config>exit
APPN config>act
The TN1 model of the Network Utility product was designed to be used as a TN3270 server, and it shipped with example TN3270 configuration information that can be helpful to users of the 2216, 2212, and 2210. This information is available both in product publications and in example binary configuration files on the Web.
The publication Network Utility: Installation, Getting Started, and User's Guide, GA27-4167-02, documents the router configuration (usually both the command-line and Configuration Program) and sample VTAM configurations for the following network configurations:
Some of the above configurations are supplemented on the Web by both router-format and Configuration Program-format binary configuration files. Use your browser to reach these as follows: