TCP/IP Services

by Scott Slyvester and Brad L Brech

Abstract
Enterprises around the world have recognized the shift of networking to TCP/IP technologies and the business potential of leveraging these technologies as well as the Internet itself. It is being used in many fashions for internal company, intercompany, or for public access. As the awareness and adoption rate of TCP/IP has increased, the AS/400 has been enhancing its TCP/IP and related technologies. As a result, the AS/400 has built-in leading-edge security and enterprise-class TCP/IP. This article provides an overview of AS/400 TCP/IP support, and with other articles in the journal, provides greater insight to the technology the AS/400 provides to meet the networking needs of its customers.

Key messages
O

AS/400 delivers the TCP/IP networking offerings that provide you the confidence you need to simplify and grow your e-business. AS/400 leverages both its strong system networking hardware support, scalability, security, and built-in industry TCP/IP standards for enterprise-class TCP/IP in support of e-business.

Introduction
The need to interconnect networks based on different protocols and platforms was recognized early in the 1970s during a period when the use and development of networking technology was increasing. The rapid growth in networking over the past three decades has allowed users much greater access to resources and information as well as causing significant problems when merging, or interconnecting, different types of networks. Open protocols and common applications were required, leading to the development of a protocol suite known as Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP originated with the U.S. Department of Defense (DoD) in the mid-1960s and took its current form around 1978. Because of its openness, it is the main protocol used for system interconnection, and the protocol on which the Internet runs.

The Growth of TCP/IP TCP/IP has become widely used due to its inexpensive availability in UNIX and its spread to other operating systems, resulting in increasing use in both local area network (LAN) and wide area network (WAN) environments. Today, TCP/IP provides the ability for corporations to merge differing physical networks while giving users a common suite of functions. It allows interoperability between equipment supplied by multiple vendors on multiple platforms, and it provides access to the Internet. In fact, the Internet, which has become the largest computer network in the world, is based on the TCP/IP protocol suite. The Internet consists of large international, national, and regional backbone networks, which allow local and campus networks and individuals access to global resources. Use of the Internet has grown rapidly over the last few years. The most recent estimate has a number in excess of 29 million hosts on the Internet today. As opposed to the Internet, the term intranet has evolved recently to describe TCP/IP networks that are entirely under the control of a private authority or company. Those intranets may or may not have connections to other independent intranets (which would then be referred to as extranets) or the Internet. They may or may not be fully or partially visible to the outside depending on the implementation. TCP/IP also provides for the routing of multiple protocols from and to diverse networks. For example, a requirement to connect isolated networks using IPX, AppleTalk, and TCP/IP protocols using a single physical connection can be accomplished by using routers utilizing TCP/IP protocols.One further reason for the growth of TCP/IP is the popularity of the socket programming interface, which is the programming interface between the TCP/IP transport protocol layer and TCP/IP applications. A large number of applications have been written for the TCP/IP socket interface. TCP/IP is a defacto We mentioned in the previous section that the Internet is a large multinational, multivendor, multiplatform network. That might give reason to ask some questions, such as:
O O O O

Are there any standards for such a diverse network? Who establishes and reviews them? Who assigns network addresses? Who manages the Internet?

The Internet Society (ISOC), formerly known as Internet Activities Board (IAB), is the nonprofit, coordinating committee for Internet design, engineering, and management. The ISOC members are committed to making the Internet function effectively and evolve to meet a large-scale, high-speed future. The ISOC holds several bodies for administering, standardizing, and researching for the Internet:
O O O O

The Internet Architecture Board (IAB) The Internet Engineering Task Force (IETF) The Internet Research Task Force (IRTF) The Internet Assigned Numbers Authority (IANA)

While the IAB oversees and manages the Request For Comments (RFC) publication process, the IETF actually defines the standards through a number of subcommittees or task forces, and the IRTF engages in Internet-related research projects. RFC is the mechanism through which the Internet protocol suite has been evolving. For example, an Internet protocol can have one of six states: standard, draft standard, proposed standard, experimental, informational, and historic. In addition, an Internet protocol has one of five statuses: required, recommended, elective, limited use, and not recommended. By communicating using the RFC, new protocols are being designed and implemented by researchers from both academic institutions and commercial corporations. At the same time, some old protocols are being superseded by new ones. The RFC standards are described in the "Internet Official Protocol Standards" RFC, currently RFC 2200. The task of coordinating the assignment of values to the parameters of protocols is delegated to the IANA. These protocol parameters include op-codes, type fields, terminal types, system names, object identifiers, and so on.

TCP/IP stack support

TCP/IP, as a set of communications protocols, is based on layers. Unlike SNA or OSI, which distinguish seven layers of communication, there are only four layers in the TCP/IP model. They enable heterogeneous systems to communicate by performing network-related processing such as message routing, network control, error detection, and correction. The layering model of TCP/IP is shown in Figure 1, with an explanation of each layer following thereafter:
Application Layer FTP, HTTP, Telnet, DHCP DNS, SMTP, POP, SNMP and many more Sockets, Secure Sockets Trasnport Layer TCP, UDP, PPP, L2TP

Internetwork Layer

IP, ICMP, IGMP, ARP

Network Interface Layer

LAN, X.25, ATM, Frame Relay, Async

Figure 1. Protocol stack

Application layer The application layer is provided by the program that uses TCP/IP for communication. Examples of applications are Telnet, FTP, e-mail, HTTP, and SMTP. The interface between the application and transport layers is defined by port numbers and sockets. The applications that are part of the AS/400 offering are discussed later in the TCP/IP suite servers section. Transport layer The transport layer provides communication between application programs. The applications may be on the same host or on different hosts. Multiple applications can be supported simultaneously. The transport layer is responsible for providing a reliable exchange of information. The main transport layer protocol is TCP. Another is User Datagram Protocol (UDP), which provides a connectionless service in comparison to TCP, which provides a connection-oriented service. That means that applications using UDP as the transport protocol have to provide their own end-to-end flow control. Usually, UDP is used by applications that need a fast transport mechanism. Internetwork layer The internetwork layer provides communication between computers. Part of communicating messages between computers is a routing function that ensures that messages will be correctly delivered to their destination. The Internet Protocol (IP) provides this routing function. Examples of internetwork layer protocols follow: IP, ICMP, IGMP, ARP and RARP. Network interface layer The network interface layer, sometimes also referred to as the link layer, data link layer, or network layer, is implemented by the physical network that connects the computers. Examples are LAN (IEEE 802.x standards), Ethernet, X.25, ISDN, ATM, Frame Relay, or async. Note that the RFCs actually do not describe or standardize any network layer protocols per se. They only standardize ways of accessing those protocols from the internetwork layer. Internet protocol (IP) IP is the layer that hides the underlying physical network from the upper-layer protocols. It is an unreliable, best-effort and connectionless packet delivery protocol. Note that best-effort means that the packets sent by IP may be lost, out of order, or even duplicated, but IP will not handle these situations. It is up to the higher-layer protocols to deal with these situations. One of the reasons for developing a connectionless network protocol was to minimize the dependency on specific computing centers that used hierarchical connection-oriented networks. The DoD intended to deploy a network that would still be operational if parts of the country were destroyed.

IP uses IP addresses to specify source and target hosts on the Internet. (For example, we can contrast an IP address in TCP/IP with a fully qualified NETID.LUNAME in SNA.) An IP address consists of 32 bits, which is usually represented in the form of four decimal numbers, one decimal number for each byte (or octet). For example, a 32-bit address 9 67 38 1 decimal notation (9.67.38.1). An IP address consists of two logical parts: a network address and a host address. An IP address belongs to one of four classes depending on the value of its first four bits. (A fifth class, class E, is not commonly used.) Transport protocols Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) provides a reliable delivery of a stream of bytes in sequence. TCP takes a stream of data, breaks it into segments (a TCP header and application data), sends each one individually using IP, and then reassembles the segments back into the original steam. If any segements are lost or damaged during the transmission, TCP detects this and resend the missing segments. From a performance perspective, the AS/400 supports TCP extensions for high-performance (RFC 1323) that provides for large TCP transmissions over high-bandwidth connections. UDP (User Datagram Protocol) UDP enables an application to send datagrams to other programs on other systems with a minimum of protocol overhead. Unlike TCP, UDP is datagram oriented and does not guarantee the delivery of data in sequence. Datagrams may possibly be dropped or reordered as they travel from the source to the destination. UDP can be used instead of TCP when the application does not want to incur the overhead of TCP connecting and disconnecting. It then becomes the responsibility of the application to ensure reliable data transfer and sequencing of datagrams. The AS/400 UDP also includes multicast support, which allows a host to send packets to a group of hosts in a single transmission. PPP (Point-to-Point Protocol) Dial-up TCP/IP, known as Point-to-Point protocol, is used to dial into remote sytems, or allow remote systems to dial into the AS/400 over a telephone line using a modem. Null modems or non-switched connections are also supported. The Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP) are supported on the AS/400. In addition, the AS/400 supports dial-on-demand PPP connections and routing over point-to-point connections. L2TP (Layer 2 Tunneling Protocol) Layer 2 Tunneling Protocol (L2TP) enables connections, which are also called virtual lines, that provide cost-effective access for remote users regardless of whether their IP address is

dynamically assigned. Further, L2TP connections secure access when they are used in conjunction with IP Security (IPSec). L2TP is actually a variation of an IP encapsulation protocol. An L2TP tunnel is created by encapsulating an L2TP frame inside a UDP packet, which in turn is encapsulated inside an IP packet. The source and destination addresses of this IP packet define the tunnels endpoints. Because the outer encapsulating protocol is IP, you can apply IPSec protocols to the composite IP packet. This protects the data that flows within the L2TP tunnel. You can then apply Authentication Header (AH), Encapsulated Security Payload (ESP), and Internet Key Exchange (IKE) protocols in a straightforward manner. Using IPSec protocols to encrypt an L2TP tunnel provides encryption for all sesssions contained in the tunnel. The AS/400 can serve as either an L2TP-enabled client or an L2TP network server (LNS). Internet Control Message Protocol (ICMP) The Internet Control Message Protocol (ICMP) provides for error and control messages between host systems and routers. Routers and host systems use ICMP to send reports of problems. ICMP also includes an echo request or reply message that is used to test whether a destination can be reached and is responding (via Packet InterNet Groper (PING)). Internet Group Management Protocol (IGMP) The Internet Group Management Protocol (IGMP) is used by IP hosts to report their host group memberships to neighboring multicast routers. Multicast routers send host membership query messages to discover which host groups have members on their attached networks. Hosts respond to the query by generating host membership reports reporting each host group to which they belong. The multicast routes use this information to determine where multicast datagrams need to be forwarded. ARP The Address Resolution Protocol (ARP) dynamically associates Internet addresses to physical hardware addresses on a local network. ARP relies on the broadcast capabilities of the underlying media to provide this function. Security The TCP/IP protocol suite provides some security features as options to the base protocol. Several options have been defined, but the three most used and talked about are IP packet filtering, network address translation, and IP secure. IP packet filtering and network address translation The AS/400 provides support for IP packet filtering and Network Address Translation (NAT). IP packet filtering and NAT provided added security features for the AS/400 systems role as an Internet server. Administrators can put security policies in place for access to the Internet or

intranets. In some environments, IP packet filtering and network address translation make it possible to connect an AS/400 to the Internet without a firewall. IP packet filtering examines every IP packet coming into and out of a TCP/IP interface and then compares them against a set of filter rules that are written for that TCP/IP interface. If the IP packet matches a filter rule, the IP packet filtering performs the operation that the filter rule describes (PERMIT, DENY). If there is not a match, the system drops the IP packet. The network address translations support contains two types: masquerade NAT and static NAT. Masquerade NAT, also known as hiding addresses, translates a source IP address into a second, or masquerade, address. The masquerade address appears as the source IP address on the outbound IP packets. A reverse translation occurs for inbound IP packets. Masquerade NAT is a stronger security feature than static NAT because it does not allow inbound connections that are not a result of an outbound request. Conversations are initiated from the masquerade address in an outbound direction only. As a result, the IP addresses must be internal or trusted addressess. In addition, masquerade NAT can translate port numbers. Static NAT, also known as mapping addresses, translates all occurrences of a specific source address to another specific source address for incoming or outgoing IP packets. Static NAT does not translate port numbers. IPSec (IP Secure) The AS/400 fully implements the IPSec Internet standards. The IPSec implementation provides a stable, long lasting base for providing network layer security. It supports all of the cryptographic algorithms in use today and can also accommodate newer, more powerful algorithms as they become available. IPSec protocols address these major security issues:
O O O O O

Data origin authentication verifies that each datagram was originated by the claimed sender. Data integrity verifies that the contents of the datagram were not changed in transit. Data confidentiality conceals the clear text of a message, typically using encryption. Replay protection assures that an attacker cannot intercept a datagram and play it back at a later time. Automated management of cryptographic keys and security associations assures that the security policy can be implemented throughout the extended network with little or no manual configuration of cryptographic keys and algorithms. This is achieved using the Internet Key Exchange (IKE) Internet standard.

The IPSec protocol contains Authentication Header (AH) and Encapsulating Security Payload (ESP). In addition, IPSec support can be in either tunnel or transport mode. Tunnel mode creates a new IP header for the source and destination while transport mode contains the original IP header. The AH protocol provides data origin authentication, data integrity, and replay protection. Data integrity is assured by the checksum that a message authentication code like MD5 generates; data origin authentication is assured by including a secret shared key in the data that is to be authenticated; and replay protection is provided by use of a sequence number field within the AH header. The format of an ESP packet is more complicated than that of the AH packet. There is not only an ESP header, but also an ESP trailer and ESP authentication data. As

the name of the protocol implies, the payload is located between the header and trailer. ESP always provides data confidentiality (encryption). It can also provide data origin authentication, data integrity checking, and protection against replay. ESP and AH can be applied alone, in combination with the other (ESP with AH), or even nested within another instance of itself. With these combinations, authentication and encryption can be provided between a pair of communicating hosts, between a pair of communicating firewalls or gateways, or between a host and a firewall or gateway. More details on Internet security can be found in Internet Security : Doing e-business with confidence article. API support For an application to use all of this support, it needs an application programming interface to the protocol stack. Sockets and secure sockets interface The sockets interface allows you to write your own applicatons to supplement those supplied with TCP/IP. Sockets allows unrelated processes to exchange data locally and over netwworks. Both connection oriented and connectionless communications are provided for TCP/IP. With this support, you can write applications to the TCP, UDP, and IP protocols directly. The sockets interface operates over TCP/IP or AnyNet/400. In addition, the sockets interface has been enhanced to support the Secure Sockets Layer (SSL). Send MIME Mail API The send MIME Mail API allows applications to use SMTP and TCP/IP to send mail to the Internet. Communications line interface support The AS/400 provides several types of physical interfaces for networking connectivity. The AS/400 supports the following:
O O O O O O O O O O

Token-ring (4Mb and 16Mb) Ethernet (10Mb and100Mb) Distributed Data Interface (DDI), including fiber Wireless LAN Frame relay X.25 Permanent and Switched Virtual Circuits (PVC and SVC) X.25 over ISDN PPP over ISDN Netfinity Integrated PC server LAN Asynchronous

O O

ATM Twinaxial

Multihoming support Given the AS/400s strength as a server and scalable business computer, the AS/400 fullys supports multihoming. Multihoming is the support of multiple IP addresses by a single host, which can be thought of as logical interfaces. These logical interfaces may be associated with one or more physical interfaces, and these physical interfaces may be connected to the same or different networks. The AS/400 TCP/IP implementation supports multihoming by allowing the specification of either a single interface or multiple interfaces for a communications line. You can have your AS/400 appear as any one or combination of the following scenarios:
O O O O O

A single host on a network over a communcations line Multiple hosts on the same network over the same communications lines Multiple hosts on the same network over multiple communications lines Multiple hosts on different networks over the same communications lines Multiple hosts on different networks over multiple communications lines

Multiprotocol support (AnyNet/400) AS/400 supports AnyNet/400, which is part of the AnyNet family of products. AnyNet products allow application programs written for one communication protocol to run over non-native protocols without changing (or recompiling) the application programs. The destination address determines if the request is sent over the native protocol or through the AnyNet code and on to a non-native protocol. AnyNet/400 allows sockets, intersystem communications functions (ICF), CPI communications (CPI-C), and CICS/400 applications to run over APPC, TCP/IP and Internetwork Packet eXchange (IPX). AnyNet/400 is based on the Multiprotocol Transport Network (MPTN) architecture, and is designed to allow any application to run over any networking protocol. AnyNet/400 can be used to:
O O O O

Access APPC using TCP/IP if your applications were developed for the System Network Architecture (SNA) but they are using TCP/IP to connect the systems. Access APPC using IPX if your applications were developed for SNA but they are using IPX to connect the systems. Access sockets using SNA if your sockets applications were developed for TCP/IP but they are using SNA to connect the systems. Access sockets using IPX if your sockets applications were developed for TCP/IP but they are using IPX to connect the systems.

TCP/IP suite servers

As we noted in the introduction, the TCP/IP suite is made up of several applications that provide services. The AS/400 provides many of these servers as part of the optional program products library. Here is the description of several of the more popular servers. Dynamic Host Configuration Protocol (DHCP/DHCP relay agent) DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is based on the Bootstrap Protocol, adding the capability of automatic allocation of reusable network addresses and additional configuration options. What does it do? The Dynamic Host Configuration Protocol (DHCP) provides configuration parameters to Internet hosts. DHCP consists of two components:
O O

A protocol for delivering host-specific configuration parameters from a DHCP server to a host A mechanism for allocation of network addresses to hosts.

DHCP is built on a client-server model, where designated DHCP server hosts allocate network addresses and deliver configuration parameters to dynamically configured hosts. The diversity of hardware and protocol implementations in the Internet would preclude reliable operation if random hosts were allowed to respond to DHCP requests. For example, IP requires the setting of many parameters within the protocol implementation software. Because IP can be used on many dissimilar kinds of network hardware, values for those parameters cannot be guessed or assumed to have correct defaults. Also, distributed address allocation schemes depend on a polling or defense mechanism for discovery of addresses that are already in use. IP hosts may not always be able to defend their network addresses, so that such a distributed address allocation scheme cannot be guaranteed to avoid allocation of duplicate network addresses. There are two primary differences between DHCP and BOOTP:
O

DHCP defines mechanisms through which clients can be assigned a network address for a fixed lease, allowing for serial reassignment of network addresses to different clients. DHCP provides the mechanism for a client to acquire all of the IP configuration parameters that it needs to operate.

Services provided by DHCP: The first service provided by DHCP is to provide persistent storage of network parameters for network clients. A client can query the DHCP service to retrieve its configuration parameters. The client interface to the configuration parameters repository consists of protocol messages to request configuration parameters and responses from the server carrying the configuration parameters. The second service provided by DHCP is the allocation of temporary or permanent nework (IP) addresses to hosts. The basic mechanism for the dynamic allocation of network addresses is simple: a client requests the use of an address for some period of time. The allocation mechanism (the collection of DHCP servers) guarantees not to reallocate that address within the requested time and attempts to return the same network address each time the client requests an address. The client may extend its lease with subsequent requests. The client may issue a message to release the address back to the server when the client no longer needs the address. The client may ask for a permanent assignment by asking for an infinite lease. Even when assigning permanent addresses, a server may choose to give out lengthy but not infinite leases to allow detection of the fact that the host has been retired. In some environments it is necessary to reassign network addresses due to exhaustion of available addresses. In such environments, the allocation mechanism reuses addresses whose lease has expired. The server should use whatever information is available in the configuration information repository to choose an address to reuse. For example, the server may choose the least recently assigned address. As a consistency check, the allocation mechanism may probe the reused address, with an ICMP echo request, before allocating the address, and the client will probe the newly received address with ARP. DHCP supports three mechanisms for IP address allocation:
O O

Automatic allocation DHCP assigns a permanent IP address to the host. Dynamic allocation DHCP assigns an IP address for a limited time period called a lease. Dynamic allocation allows reuse of the addresses that are no longer needed. Manual allocation The host's address is assigned by a network administrator.

A particular network will use one or more of these mechanisms, depending on the policies of the network administrator. Dynamic allocation is the only one of the three mechanisms that allows automatic reuse of an address that is no longer needed by the host to which it was assigned. Thus, dynamic allocation is particularly useful for assigning an address to a host that will be connected to the network only temporarily or for sharing a limited pool of IP addresses among a group of hosts that do not need

permanent IP addresses. Dynamic allocation may also be a good choice for assigning an IP address to a new host being permanently connected to a network. This is important where IP addresses are sufficiently scarce and it is important to reclaim them when old hosts are retired. Manual allocation allows DHCP to be used to eliminate the error-prone process of manually configuring hosts with IP addresses in environments where (for whatever reasons) it is desirable to manage IP address assignment outside of the DHCP mechanisms.
1) DHCP Client powers up, and asks if DHCP Server exists via broadcast 2) System responds with IP address of DHCP Server 3) Client sends a DHCP Request packet to DHCP Server 4) DHCP Server responds with a DHCP Offer packet 5) Client send a DHCP ACK packet 6) DHCP Server assigns an IP address according to the pre-programmed rules

The AS/400 system has provided a DHCP server as a part of the Base Operating System. It is automatically installed as option 3 of the BOS (5769SS1 *BASE) during operating system installation. The DHCP integrated server in the AS/400 added the capability for the AS/400 to act either as a DHCP transaction server or as a BOOTP/DHCP Relay Agent. Since we have only one set of attributes associated with the DHCP server taht is *SERVER or *RELAY therefore it is not possible for a single system to assume the roles of a SERVER and a RELAY at the same time. The DHCP server accommodates the already existing BOOTP integrated server available in the earlier release of the OS/400 within itself and can perform all the functions specific to BOOTP in addition to all the added functionality a DHCP server is assumed to carry. There is, however, a downside to this scenario, that is , we cannnot run a BOOTP and a DHCP server at the same time on a single system. The reason for this is that DHCP is basically an extension of the BOOTP protocol and both of them use the same services of the TCP/IP stack i.e. port 67 and 68 to service the clients and almost the same message formats in the UDP packets therefore running both the servers on a single system yields unpredictable results. Due to the embedded nature of the DHCP server it can serve both DHCP clients and existing BOOTP clients. All the functions in BOOTP have a one-to-one mapping in DHCP; therefore, migrating from an existing BOOTP configuration to DHCP is completely transparent. DHCP is configured completely using the Operations Navigator interface which provides a migration wizard to migrate from an existing BOOTP setup to DHCP without any manual configurations or effort. However, you may not want to migrate from the BOOTP. Because you may want to assign IP addresses dynamically instead of statically (BOOTP), you do not keep the static relationship between hardware address and IP address. DHCP server has the capability to serve a complete range of clients including Windows 95/NT, network stations, and the latest of all the twinaxial network stations. Now the twinaxial network stations can participate in a TCP/IP network and assume an IP address that can put them directly

on the Internet for Web browsing and similar functions. However DHCP server still lacks the capability to provide DHCP services to PPP and ISDN clients. Domain Name System (DNS) The AS/400 supports the Domain Name System server. The domain name server is used by applications to translate domain names of hosts to IP addresses. The domain name server is the network naming service of intranets and the Internet. File Transfer Protocol (FTP) AS/400 TCP/IP provides client and server support for transferring files. FTP allows a user to transfer data between local and remote hosts. FTP is built on the services of TCP in the transport layer. FTP transfers files using either an ASCII or EBCDIC mode. ASCII mode is used to transfer data that contains only text characters. FTP provides functions such as listing the remote directories, changing the current remote directory, creating and removing the remote directories, and transferring one or more files in a singe request. In addition, FTP provides support for popular graphical FTP clients and Web server development tools via the UNIX-style directory listings and transferring of large integrated file system files (greater than 2 GB and upto 256 GB). HyperText Transfer Protocol (HTTP) The HTTP server provides World Wide Web browser clients access to AS/400 information and supplies a rich application deployment environment. In addition, the AS/400 HTTP server supports secure HTTP and multiple instances of the HTTP server running on one AS/400. Internet Daemon (INETD) The INETD super server eliminates the need for many individual servers to be up and running at all times waiting for incoming connections. Instead, the INETD listens for connections on a set of configured ports, and when a connection request is received, it decides to which service the port corresponds, and invokes a program to service the request. After the program is started, the INETD continues to listen on the port for additional requests. Essentially, INETD allows one running daemon to invoke serveral others, reducing the load on the system. Post Office Protocol Mail server (POP) The POP server is the AS/400 implementation of the POP version 3 mail interface. This server allows AS/400 systems to acts as POP servers for any clients that support the POP mail interface. One of the key benefits of the POP server is that it allows users to exchange multimedia mail.

Remote Printing -- Line Printer Requester/Line Printer Daemon (LPR/LPD) AS/400 provides client and server support for remote printing. The client, line printer requester (LPR), allows the user to send spooled files to a remote system running a remote line printer daemon (LPD). This enables printing files remotely to any system that supports and is running an LPD. In turn, AS/400 also supports remote printing to its printers by being a remote printer server using LPD. Route Daemon (RouteD) The route server provides support for the Routing Information Protocol (RIP) version 1 and version 2. Routing Information Protocol on the AS/400 is an Interior Gateway Protocol (IGP) used to assist TCP/IP in the routing of IP data packets. Remote Execution (REXEC) The remote execution server enables a client user to submit system commands to a remote server for processing. Simple Mail Transfer Protocol (SMTP) AS/400 provides support for the Simple Mail Transfer Protocol. SMTP enables the exchange of electronic mail between hosts running TCP/IP. The SMTP function on the AS/400 is coupled with the AS/400 SNA distribution services (SNADS). SNADS is part of the OS/400 operating system and it contains extensions to support SMTP. SNADS allows you to send mail to various types of users (not just SMTP users) with one consistent user interface. The distribution services (send, receive, and forward electronic mail) for the OfficeVision licensed program are provided by SNADS. Simple Network Management Protocol (SNMP) The AS/400 can be an SNMP agent in an SNMP network. That is, the AS/400 gathers information about the network and performs the management functions requested by some remote SNMP manager. The AS/400 TCP/IP SNMP provides the means for managing a TCP/IP environment. SNMP allows network management by elements, such as routers and hosts. Network elements act as servers and contain management agents that perform the management functions requested. Network management stations act as clients; they run the management applications that monitor and control the network. SNMP provides a means of communicating between these elements and stations to send and receive information about network resources. SOCKS client The AS/400 SOCKS client support enables programs that use sockets such as AF_INET or SOCK_STREAM to communicate with server programs that run on systems outside a firewall.

In addition, by using SOCKS client support, both AS/400 FTP and AS/400 Telnet client connections can be directed through a firewall. The key advantage to AS/400 SOCKS client support is that it enables client applications to access a SOCKS server transparently without changing any client code. The SOCKS client support operates with any SOCKS server that supports version 4 SOCKS protocols. Telnet AS/400 provides client and server support that allows remote logon to hosts that support the Telnet 5250 protocol. The Telnet client supports both 5250 and 3270. In addition, the Telnet server supports Secure Sockets Layer (SSL) client requests for encrypted data flow. Telnet makes your computer act like a mainframe computers workstation. In other words, when using Telnet, your computer (the client) pretends to be, or emulates, a terminal attached to the remote computer (the Telnet server). Trivial File Transfer Protocol (TFTP) TFTP is a protocol used to provide basic file transfers with no user authentication to and from a remote server. TFTP is used to support the IBM Network Station for AS/400 solution. 5250 Work Station Gateway 5250 HTML Workstation Gateway Server is an application that automatically transforms AS/400 5250 applications to HTML. This server enables users to run AS/400 applications from any client supporting a Web browser.

TCP/IP configuration
IBM has intensified its focus on simplifying AS/400 TCP/IP administration tasks. The AS/400 Operations Navigator that is free with each AS/400 contains the AS/400 graphical adminstration components. One of those key components is the TCP/IP network graphical admininstration component that contains wizards for initial setup called the EZ Setup wizard, as well as wizards and graphical user interfaces for day-to-day tasks. With the AS/400 Operations Navigator, TCP/IP administration, such as setting up TCP/IP and monitoring servers, is easier than ever. A Network folder has been added to the Operations Navigator hierarchy, as shown below, to host the new TCP/IP administration functions. These graphical user interfaces are the foundation for configuring AS/400 e-business solutions.

Figure 2. TCP/IP graphical administration In the Network folder, a Protocols subfolder contains the TCP/IP protocol object. From this object, TCP/IP interfaces and the TCP/IP protocol can be administered. TCP/IP interfaces to the AS/400 can be set up through a wizard. The New Interface wizard creates LAN, WAN, and inbound load balancing interfaces. It guides you through all of the steps necessary to create a TCP/IP interface, such as:
O O O O O O O

Chooses your communication type Choose the hardware Select a line or create a new line on the hardware Set up the IP address information for the interface Set up any gateways and routing information Set up the host and domain information for the interface Test the interface to verify everything is working as planned

Once configured, managing your interfaces is easy through the Interfaces window, which allows you to start, stop, change, or delete the interfaces. The administration of TCP/IP properties, shown in figure 3, is easy since all of the attributes have been integrated into a single dialog containing pages for each category as shown below. The categories include: host and domain information, host table management, TCP/IP protocol settings, TCP/IP port restriction management, AS/400 servers to start when TCP/IP is started, and SOCKs client management.

Figure 3. TCP/IP graphical administration

Administration of AS/400 server applications Managing your network servers has never been easier using Operations Navigator. In the servers subfolder under the network folder, you can monitor the status of the servers, start or stop them, and set their attributes. Also, with a simple click, you can set up a server to start automatically every time TCP/IP is started. You can manage this through each individual server or administer this for all servers in the TCP/IP properties. For example, DHCP and DNS both have powerful graphical user interfaces that include wizards to simplify their initial setup. The DHCP Configuration wizard allows you to migrate existing BOOTP client information and configure IBM network stations easily. Once you have set up the DHCP server, you can view and change the configuration using the graphical user interface shown in figure 4. The subnets, classes, and clients being served, as well as their options, are all presented in one window. For

instance, when you click on a subnet in the left pane, all of the classes and clients within the subnet are shown in the upper right pane. The locally scoped and inherited options, information delivered to all clients within the subnet, are shown in the lower right pane. This provides a quick and easy way to manage DHCP information. In addition, the user interface also supports configuring DHCP in relay agent mode.

Figure 4. DHCP server configuration

Similar to DHCP, a DNS Setup wizard is included for the initial configuration of the DNS server with primary or secondary domains. After setting up the server, you can easily add more primary or secondary domains to manage and also add additional hosts to serve. Creating primary domains has a nice feature that gives the ability to automatically create reverse domains so that when hosts are added into a primary domain they are automatically added to the reverse domain. This is a significant time-saver when managing large networks that require reverse mapping domains. Unlike the DNS administration on Windows NT, the AS/400 DNS administration is structured to give a view of the domains it is serving instead of a view of the DNS records that make up the DNS servers configuration. This provides a very intuitive user interface for managing and monitoring the DNS server. For an active DNS server, the servers statistics and active database can also be viewed. This is shown in the DNS configuration screen in figure 5.

Figure 5. DNS server configuration Remote Access Administration The AS/400s remote access is administered in the Point-to-Point subfolder under Network. Point-to-Point communication profiles and modems can now be created, monitored, and maintained for both SLIP and PPP. Switched and leased line dial-in and dial-out communication profiles using analog or ISDN modems can simply be created using a single dialog. For instance, using Operations Navigator, you can set up the point-to-point communication for mobile users to get access to e-mail on AS/400 while out of the office. Also, you can use point-to-point to allow connection to the Internet through AS/400. All you need to do is set up a dial-out communication profile for AS/400 to call the Internet Service Provider (ISP) which would provide the link to the internet. All of the setup is through the new graphical user interface for Remote Access.

Conclusion
As discussed in this article, AS/400 integrates a rich set of TCP/IP functions and related technologies. AS/400 delivers a robust, complete, and fully integrated TCP/IP suite that is leading edge, standards-based, and enterprise class for an e-business advantage.

References
AS/400 Books: TCP/IP Configuration and Reference Guide SC41-5430 AS/400 Redbooks: Cool Title About the AS/400 and the Internet SG24-4815 Home Pages: Secureway

http://www.ibm.com/security