_files/genppageinit.gif){kind=small}
_files/ibm-comm-wordmark.png){kind=small}
_files/blank.gif){kind=spacer}
_files/iconWarning.gif "IC Sunset")
The
developerWorks Connections platform will be sunset on December 31,
2019. On January 1, 2020, this blog will no longer be available. More details available on our FAQ.
VLAN tagging and the VIOS: some questions and answers.Here are some questions I received recently regarding VLAN tagging on the VIO server. My answers are shown in green.
“Hi Chris,
Q: I’m trying to understand when, where and why there would be the need to use ‘mkvdev –vlan (etc.) on the VIOS, and I’m wondering whether you would be able to clarify this for me, please.
Is it necessary to add the VLAN tag devices to the SEA, or is it suffice to just have them defined within the Virtual Ethernet itself which is part of the SEA?”
A: It is suffice to simply define the VLAN ids assigned to the Virtual Ethernet adapters associated with the SEA.
“Q: For completeness, on the rare occasions I have done this, I have added the VLAN’s to the Virtual Ethernet and also as VLAN devices on the VIOS (mkvdev –vlan etc.)”
A: mkvdev –vlan is not necessary, unless the VIOS needs to communicate with hosts on different VLANs i.e. you need an IP address on the VIOS for each VLAN. This does not mean the SEA will bridge this VLAN traffic for VIOCs.
“Q: The reason I started thinking of this is, is because one of our customers wants to add new VLAN’s to their SEA, but they’re not running Power7 hardware. Therefore, the online method would be to add a new Virtual Adapter which contains the new VLAN ID’s to the VIOS using DLPAR, then use chdev –dev (etc.) on the SEA to include the new Virtual Ethernet.”
A: Agreed. The “IBM PowerVM Virtualization Managing and Monitoring” Redbook states: “If your system doesn’t support dynamic VLAN modifications and you are modifying the VLAN list of a virtual Ethernet adapter that is configured in a SEA with ha_mode enabled, the HMC will not allow you to reconfigure the list of VLANs on that interface. You will need to add an additional virtual Ethernet adapter and modify the virt_adapters list of the SEA, or modify the profile of both Virtual I/O Servers and re-activate both Virtual I/O Servers at the same time.”
“Q: From the phone call I had, it would appear that the VLAN tags are included on the Virtual Ethernet device, but have not been added to the SEA by running mkvdev –vlan (etc. ) on the VIOS’s. This leads me to assume that the ‘mkvdev –vlan’ is only required if there is a requirement to access the VIOS itself from a particular VLAN. Am I right, or is there something I’m not understanding? I’m unable to find documentation that explains the answer. Do you happen to know?”
A: That is also my understanding (based on my experience). On page 483 of the “IBM PowerVM Virtualization Introduction and Configuration” Redbook , it states: “The addition of VLAN interfaces to the SEA adapter is only necessary if the VIO Server itself needs to communicate on these VLANs”.
“Q: Hi Chris, We are trying to associate a new entX Virtual Ethernet Trunk Device to an existing SEA. The new device must be configured for VLAN tagging. The existing virtual Ethernet adapter that (is already associated with the SEA) is not configured for VLAN tagging. This device will remain associated to the SEA and continue to pass untagged packets to the already configured network.
Ultimately the configuration we want would be two entX devices associated with the existing SEA. One entX device is configured for notagged packets and the other entX device is configured for tagging.
How do we configured this?”
A: What you are trying to do should work:
Existing setup:
VIOC1 boot1 PVID 20 ---> VIOS1 ent3 PVID 20 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X VIOC1 boot2 PVID 21 ---> VIOS2 ent3 PVID 21 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X
Proposed setup:
VIOC1 boot1 PVID 20 ---> VIOS1 ent3 PVID 20 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X (NO CHANGE) VIOC1 boot2 PVID 21 ---> VIOS2 ent3 PVID 21 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X (NO CHANGE)
VIOC2 boot1 PVID 22 ---> VIOS1 ent6 PVID 92*, VID 22, 802.1Q ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X, VID=22 (NEW) VIOC2 boot2 PVID 23 ---> VIOS2 ent6 PVID 93*, VID 23, 802.1Q ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X, VID=23 (NEW)
*The PVID can be any unused/throw away number. The new ent6 adapter would be configured similar to this:
Then you would run this command to associate the new ent6 with the existing SEA, ent5:
$ chdev -dev
ent5 -attr virt
Have a look at the following sections of this Redbook:
3.2.3 Virtual I/O Server: Dynamically add or modify an existing adapter such that the required VLAN is listed in the 802.1q Additional VLAN fields (on POWER7 only).
3.2.2 Hardware Management Console: Dynamic VLAN modification in the GUI (on POWER7 only).
http
This document (by Anthony English) is also a very useful document relating to VLANs, SEAs and VIOS:
http
Reply: “hmm ok I see what you are saying, I will give it a go and tell you how it turns out...thanks. ok finally got around to testing using a VIOS at DR site. Created new virtual adapter PVID 55 and VID 888 (ent9) then added it to the existing SEA as shown below:
accounting
enabled Enable per-client accounting of network
stat
VLAN Ids :
“So looks ok. Thanks for your help”.
|
_files/photo_002.png){kind=small}
How does setting up the netaddr attribute work when you have a switch that is only allowing two vlans defined in the virtual bridge adapter? Do I have to put a vlan adapter off of it in this case?
_files/photo.png){kind=small}
Hi Chris, P.S. My previous comment/follow-up question didn't capture the whole message, so here it is... I have a follow-up question on adding a new virtual ethernet that is VLAN-tagged to an existing SEA with a non-VLAN-tagged virtual ethernet. Currently we are using a SEA FAILOVER configuration, with an etherchannel and virtual ethernet(non VLAN-tagged associated to the SEA on both VIO servers. Now we need to move to a new network with a VLAN-tagged 500 and our main goal is to achieve this without any network outage. Is this possible? Here's the implementation that I'm thinking about but I'm not 100% sure if this can be done without any outage. Current SETUP: SEA FAILOVER with PVID=1 on all VIOS and client lpars, no VLAN-tagging. 1. Add another virtual ethernet on one of the lpars with vlan tag 500. 2. Add another virtual ethernet on the standby VIO server with PVID=88 (non-tagged VLAN), VLAN ID=500. 3. Add the new virtual ethernet to the SEA. This will make 2 virtual ethernets on the existing SEA i.e PVID=1 and PVID=88 or non-tagged VLAN and tagged VLAN 500. 4. Configure the physical network switch for VLAN tagging i.e VLAN 500. 5. Then failover from Primary VIOS to Standby VIOS and test the connectivity. My questions on this: 1. Is that a possible implementation or testing on doing this kind of scenario? 2. I'm not sure if the non-tagged VLAN and tagged VLAN can co-exist on the same SEA or network physical switch?
1. Add another virtual ethernet on one of the lpars with vlan tag 500. 2. Add another virtual ethernet on the standby VIO server with PVID=88 (non-tagged VLAN), VLAN ID=500. 3. Add the new virtual ethernet to the SEA. This will make 2 virtual ethernets on the existing SEA i.e PVID=1 and PVID=88 or non-tagged VLAN and tagged VLAN 500. 4. Configure the physical network switch for VLAN tagging i.e VLAN 500. 5. Then failover from Primary VIOS to Standby VIOS and test the connectivity. My questions on this: 1. Is that a possible implementation or testing on doing this kind of scenario? 2. I'm not sure if the non-tagged VLAN and tagged VLAN can co-exist on the same SEA or network physical switch?
_files/photo.jpg){kind=small}
Another great blog post, Chris. The technical FAQs for real-world situations are just so helpful. One small note regarding this part: "This document (by Anthony English) is also a very useful document relating to VLANs, SEAs and VIOS:" http://www.ibm.com/developerworks/aix/library/au-managevlans/index.html?ca=drs- There's a small correction to that article of mine. When assigning a new set of virtual adapters to an SEA, the command flag for chdev should be -virt_adapters, e.g. chdev -dev ent5 -virt_adapters ent3,ent6 In my original version of the document I had the flag listed as -vadapter instead of -virt_adapters The article on developerWorks is in process of being updated.
