Here are some questions I received recently regarding VLAN tagging on the VIO server. My answers are shown in green.
Hi Chris,
Q: Im trying to understand when, where and why there would be the need to use mkvdev vlan (etc.) on the VIOS, and Im wondering whether you would be able to clarify this for me, please.
Is it necessary to add the VLAN tag devices to the SEA, or is it suffice to just have them defined within the Virtual Ethernet itself which is part of the SEA?
A: It is suffice to simply define the VLAN ids assigned to the Virtual Ethernet adapters associated with the SEA.
Q: For completeness, on the rare occasions I have done this, I have added the VLANs to the Virtual Ethernet and also as VLAN devices on the VIOS (mkvdev vlan etc.)
A: mkvdev vlan is not necessary, unless the VIOS needs to communicate with hosts on different VLANs i.e. you need an IP address on the VIOS for each VLAN. This does not mean the SEA will bridge this VLAN traffic for VIOCs.
Q: The reason I started thinking of this is, is because one of our customers wants to add new VLANs to their SEA, but theyre not running Power7 hardware. Therefore, the online method would be to add a new Virtual Adapter which contains the new VLAN IDs to the VIOS using DLPAR, then use chdev dev (etc.) on the SEA to include the new Virtual Ethernet.
A: Agreed. The IBM PowerVM Virtualization Managing and Monitoring Redbook states: If your system doesnt support dynamic VLAN modifications and you are modifying the VLAN list of a virtual Ethernet adapter that is configured in a SEA with ha_mode enabled, the HMC will not allow you to reconfigure the list of VLANs on that interface. You will need to add an additional virtual Ethernet adapter and modify the virt_adapters list of the SEA, or modify the profile of both Virtual I/O Servers and re-activate both Virtual I/O Servers at the same time.
Q: From the phone call I had, it would appear that the VLAN tags are included on the Virtual Ethernet device, but have not been added to the SEA by running mkvdev vlan (etc. ) on the VIOSs. This leads me to assume that the mkvdev vlan is only required if there is a requirement to access the VIOS itself from a particular VLAN. Am I right, or is there something Im not understanding? Im unable to find documentation that explains the answer. Do you happen to know?
A: That is also my understanding (based on my experience). On page 483 of the IBM PowerVM Virtualization Introduction and Configuration Redbook , it states: The addition of VLAN interfaces to the SEA adapter is only necessary if the VIO Server itself needs to communicate on these VLANs.
Q: Hi Chris,
We are trying to associate a new entX Virtual Ethernet Trunk Device to an existing SEA. The new device must be configured for VLAN tagging. The existing virtual Ethernet adapter that (is already associated with the SEA) is not configured for VLAN tagging. This device will remain associated to the SEA and continue to pass untagged packets to the already configured network.
Ultimately the configuration we want would be two entX devices associated with the existing SEA. One entX device is configured for notagged packets and the other entX device is configured for tagging.
How do we configured this?
A: What you are trying to do should work:
Existing setup:
VIOC1 boot1 PVID 20 ---> VIOS1 ent3 PVID 20 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X
VIOC1 boot2 PVID 21 ---> VIOS2 ent3 PVID 21 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X
Proposed setup:
VIOC1 boot1 PVID 20 ---> VIOS1 ent3 PVID 20 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X (NO CHANGE)
VIOC1 boot2 PVID 21 ---> VIOS2 ent3 PVID 21 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X (NO CHANGE)
VIOC2 boot1 PVID 22 ---> VIOS1 ent6 PVID 92*, VID 22, 802.1Q ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X, VID=22 (NEW)
VIOC2 boot2 PVID 23 ---> VIOS2 ent6 PVID 93*, VID 23, 802.1Q ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X, VID=23 (NEW)
*The PVID can be any unused/throw away number. The new ent6 adapter would be configured similar to this:
Then you would run this command to associate the new ent6 with the existing SEA, ent5:
$ chdev -dev ent5 -attr virt_adapters=ent3,ent6
Have a look at the following sections of this Redbook:
3.2.3 Virtual I/O Server: Dynamically add or modify an existing adapter such that the required VLAN is listed in the 802.1q Additional VLAN fields (on POWER7 only).
3.2.2 Hardware Management Console: Dynamic VLAN modification in the GUI (on POWER7 only).
http://www.redbooks.ibm.com/redpieces/abstracts/sg247590.html?Open
This document (by Anthony English) is also a very useful document relating to VLANs, SEAs and VIOS:
http://www.ibm.com/developerworks/aix/library/au-managevlans/index.html?ca=drs-
Reply: hmm ok I see what you are saying, I will give it a go and tell you how it turns out...thanks. ok finally got around to testing using a VIOS at DR site. Created new virtual adapter PVID 55 and VID 888 (ent9) then added it to the existing SEA as shown below:
accounting
enabled Enable per-client accounting of network
statistics
True
ctl_chan ent6
Control Channel adapter for SEA
failover
True
gvrp
no Enable GARP VLAN Registration
Protocol
(GVRP)
True
ha_mode auto
High Availability
Mode
True
jumbo_frames no Enable Gigabit
Ethernet Jumbo
Frames
True
large_receive no Enable receive TCP
segment aggregation
True
largesend
0 Enable Hardware Transmit TCP
Resegmentation
True
lldpsvc
no Enable IEEE 802.1qbg
services
True
netaddr
0 Address to
ping
True
pvid
40 PVID to use for the SEA
device
True
pvid_adapter ent4 Default virtual adapter
to use for non-VLAN-tagged packets
True
qos_mode disabled
N/A
True
real_adapter ent2 Physical adapter
associated with the
SEA
True
thread
1 Thread mode enabled (1) or
disabled
(0)
True
virt_adapters ent4,ent9 List of virtual adapters associated
with the SEA (comma separated) True
VLAN Ids :
Invalid VLAN ID Packets: 0
Port VLAN ID: 40
VLAN Tag IDs: None
Invalid VLAN ID Packets: 0
Port VLAN ID:
55
VLAN Tag IDs: 888
Invalid VLAN ID Packets: 0
Port VLAN ID: 91
VLAN Tag IDs: None
So looks ok. Thanks for your help.