Upload
ngocong
View
236
Download
8
Embed Size (px)
Citation preview
© 2016, 2017 IBM Corporation 1
© 2016, 2017 IBM Corporation
Session ID:
Agenda Key:
Cognitive Systems
37CO How to Get Started with VIOS Configure Networking in a Virtual EnvironmentGary KonicekIBM Lab [email protected]
170296
37CO
© 2016, 2017 IBM Corporation
Cognitive Systems
Network Virtualization Options and Purposes
• There are 3 types of network virtualization available with PowerVM– built-in virtual ethernet network that is included in every Power system
• For partition to partition communication on the hypervisor’s private network• No additional hardware needed
– SR-IOV adapters virtualized by the hypervisor• Access external network• Provide all or portion of adapter port to client partitions or VIOS• Specific adapters and software level required
– Virtualize a physical ethernet adapter in VIOS and share it with one or more client partitions (IBM i, AIX, Linux)
• Access external network• Adapter can be a physical network card, IVE/HEA ports (POWER6), or SR-IOV port
• In order for an IBM i client to use a physical network adapter in VIOS, a virtual ethernet adapter must be created in both the VIOS and IBM i LPARs– Virtual ethernet adapters need to be on the same VLAN
2
© 2016, 2017 IBM Corporation 2
© 2016, 2017 IBM Corporation
Cognitive Systems
Private Network Configuration
Hypervisor
Client LPARs
VLAN 5
LPAR1
CMN05
Slot 5
CMN04
Slot 5
CMN06
Slot 5
CMN04
Slot 5
CMN04
Slot 5
LPAR2 LPAR3 LPAR5LPAR4
10.10.10.xxx
• Use virtual adapters to communicate on the hypervisor’s internal network
• Select a different PVID (VLAN ID) for the private network
• Do not bridge to the external network
3
© 2016, 2017 IBM Corporation
Cognitive Systems
Create Virtual Ethernet Adapter in IBM i LPAR
Using VLAN 5 for the
private network.
Do not bridge to the external network.
4
© 2016, 2017 IBM Corporation 3
© 2016, 2017 IBM Corporation
Cognitive Systems
View of Private VLAN – Virtual Network Management - Classic
5
© 2016, 2017 IBM Corporation
Cognitive Systems
Shared Ethernet Adapter (SEA)
VIOS provides the capability to share a physical network adapter by creating a Shared Ethernet Adapter (SEA)
IBM i virtual servers (LPARs) using VIOS SEA can access the external network through a virtual Ethernet adapter
Eliminates the need for each IBM i virtual server to have a physical adapter
Many IBM i virtual servers could share a single adapter
IBM i
Client 1
CMN01
Slot 2
VIOS1
en0
Intf
ent4
Slot 2
ent0
C10-T1
ent1
C10-T2
ent2
C10-T3
ent3
C10-T4
ent5
SEASwitch
Hypervisor PVID 1000
IBM i
Client 2
CMN01
Slot 2
10.1.123.xx1 10.1.123.xx2
6
© 2016, 2017 IBM Corporation 4
© 2016, 2017 IBM Corporation
Cognitive Systems
Link Aggregation
Link aggregation is the capability to aggregate multiple physical adapter ports to make a single physical link
Link Aggregation and Shared Ethernet Adapters can be used concurrently
Benefits of Link Aggregation
– Increased bandwidth in a single link
• Three 1Gb ports become one 3Gb link
• Allows an SEA to be shared with more client partitions
– Higher availability – if one physical port fails, the link can stay up
VIOS1
en0
Intf
ent4
Slot 2
ent0
C10-T1
ent1
C10-T2
ent2
C10-T3
ent3
C10-T4
ent6
SEASw
itch
Hypervisor PVID 1000
ent5
Link
IBM i
Client 1
CMN01
Slot 2
IBM i
Client 2
CMN01
Slot 2
10.1.123.xx1 10.1.123.xx2
7
© 2016, 2017 IBM Corporation
Cognitive Systems
SEA Failover with Link Aggregation
Failover and Redundancy– VIOS 1 can be taken down for maintenance – VIOS 2 would take over the network traffic– A broken cable, or failed adapter would not disrupt Ethernet traffic
• Control Channel may be required to communicate between two VIOS– Recent firmware levels may not require a control channel
VIOS1
en0
Intf
10.1.xxx.201
ent4
Slot 2
PVID 99
Primary
ent0
C10-T1
ent1
C10-T2
ent2
C10-T3
ent3
C10-T4
ent6
Slot 3
ent7
SEA
ent5
Link
VIOS2
ent6
Slot 3
ent7
SEA
ent5
Link
ent4
Slot 2
Standby
PVID 99 10.1.xxx.202
en0
Intf
ent0
C12-T1
ent1
C12-T2
ent2
C12-T3
ent3
C12-T4
PVID 1000
Control Channel
IBM i
Client 1
CMN01
Slot 2
IBM i
Client 2
CMN01
Slot 2
10.1.123.xx1 10.1.123.xx2
8
© 2016, 2017 IBM Corporation 5
© 2016, 2017 IBM Corporation
Cognitive Systems
Requirements for the SEA – Initial Steps
First, be sure you have a physical ethernet adapter assigned to each VIOS
9
© 2016, 2017 IBM Corporation
Cognitive Systems
Settings on Virtual Ethernet Adapter used by the SEA
Select when using virtual adapter for SEA
Repeat for VIOS2 and set Priority = 2.
Select if using Virtual LAN ID
tagging on the external switch
Each SEA needs a unique
Port Virtual Ethernet ID or
VLAN ID
10
© 2016, 2017 IBM Corporation 6
© 2016, 2017 IBM Corporation
Cognitive Systems
Physical/Virtual Adapter View on Command Line
ent0, ent1, ent2, ent3 = ports on physical ethernet adapter
ent4 = virtual ethernet adapter (created on previous slide)
Note: All adapters are “Available”
If adapter is removed or failed, the status is “Defined”
11
© 2016, 2017 IBM Corporation
Cognitive Systems
Locating Physical Adapter in the Power System
How do you know where the physical adapter port ent0 is located?
– lsdev –dev ent0 -vpd
Enclosure and slot Port Number
12
© 2016, 2017 IBM Corporation 7
© 2016, 2017 IBM Corporation
Cognitive Systems
Create Virtual Adapter in Client Partition
Needs to match VLAN ID
in VIOS.
Any adapter on this
VLAN can communicate
with this LPAR
13
© 2016, 2017 IBM Corporation
Cognitive Systems
Link Aggregation
Link aggregation is the capability to aggregate multiple physical adapter ports to make a single physical link
Link Aggregation and Shared Ethernet Adapters can be used concurrently
Benefits of Link Aggregation
– Increased bandwidth in a single link
• Three 1Gb ports become one 3Gb link
• Allows an SEA to be shared with more client partitions
– Higher availability – if one physical port fails, the link can stay up
VIOS1
en0
Intf
10.1.xxx.201
ent4
Slot 2
Primary
ent0
C10-T1
ent1
C10-T2
ent2
C10-T3
ent3
C10-T4
ent5
Link
VIOS2
ent5
Link
ent4
Slot 2
Standby
10.1.xxx.202
en0
Intf
ent0
C12-T1
ent1
C12-T2
ent2
C12-T3
ent3
C12-T4
PVID 1000
14
© 2016, 2017 IBM Corporation 8
© 2016, 2017 IBM Corporation
Cognitive Systems
Creating an Aggregated Link
There is currently no interface in the Classic HMC to create an aggregated link
Aggregated link is created from the VIOS command line or VIOS cfgassist menu
mkvdev -lnagg ent1 ent2 ent3 -attr mode=standard hash_mode=dst_port
If network switch is using etherchannel, use mode = standard
If network switch is using LACP, use mode = 8023ad
Repeat on VIOS2 15
© 2016, 2017 IBM Corporation
Cognitive Systems
VIOS1
en0
Intf
10.1.xxx.201
ent4
Slot 2
PVID 99
Primary
ent0
C10-T1
ent1
C10-T2
ent2
C10-T3
ent3
C10-T4
ent6
Slot 3
ent5
Link
VIOS2
ent6
Slot 3
ent5
Link
ent4
Slot 2
Standby
PVID 99 10.1.xxx.202
en0
Intf
ent0
C12-T1
ent1
C12-T2
ent2
C12-T3
ent3
C12-T4
PVID 1000
Control Channel
Aggregated Link with Control Channel
A control channel is created to allow a primary VIOS to communicate with a secondary VIOS so
that a failover can occur if the primary VIOS is unavailable
The control channel is a virtual ethernet adapter pair (one on each VIOS) that is linked to the SEA
on that VIOS
Heartbeat messages are passed from the primary to the secondary VIOS over a separate VLAN
(PVID)
16
© 2016, 2017 IBM Corporation 9
© 2016, 2017 IBM Corporation
Cognitive Systems
Create Virtual Adapter Control Channel
Control channel must be created before the failover SEA is created on the secondary VIOS
–Operation will fail if control channel doesn’t exist
–EXCEPTION: Recent firmware levels may not require a control channel
Repeat on VIOS2
17
© 2016, 2017 IBM Corporation
Cognitive Systems
SEA Failover with Link Aggregation
Each VIOS has a SEA adapter
Each VIOS has a link aggregation
A control channel is created between the 2 VIOS
– Note: One SEA adapter must
have a lower priority at creation
Failover and Redundancy– VIOS 1 can be taken down for
maintenance
– VIOS 2 would take over the network traffic
– A broken cable, or failed adapter would not disrupt Ethernet traffic
VIOS1
en0
Intf
10.1.xxx.201
ent4
Slot 2
PVID 99
Primary
ent0
C10-T1
ent1
C10-T2
ent2
C10-T3
ent3
C10-T4
ent6
Slot 3
ent7
SEA
ent5
Link
VIOS2
ent6
Slot 3
ent7
SEA
ent5
Link
ent4
Slot 2
Standby
PVID 99 10.1.xxx.202
en0
Intf
ent0
C12-T1
ent1
C12-T2
ent2
C12-T3
ent3
C12-T4
PVID 1000
Control Channel
18
© 2016, 2017 IBM Corporation 10
© 2016, 2017 IBM Corporation
Cognitive Systems
Create Shared Ethernet Adapter
19
© 2016, 2017 IBM Corporation
Cognitive Systems
Create SEA with Failover
VIOS2(2)
VIOS1(1)
20
© 2016, 2017 IBM Corporation 11
© 2016, 2017 IBM Corporation
Cognitive Systems
View of Both VLANs - Virtual Network ManagementVLAN 1 – SEAs and Clients VLAN 99 – Control Channel
21
© 2016, 2017 IBM Corporation
Cognitive Systems
View of SEA from Command Line
Shared Ethernet Adapter ent7
22
© 2016, 2017 IBM Corporation 12
© 2016, 2017 IBM Corporation
Cognitive Systems
Cases that Initiate Failover When the standby SEA detects that the keep-alive (heartbeat) messages are no
longer received over the control channel.
When the active SEA detects that a loss of physical link is reported by the physical Ethernet adapter’s device driver.
On VIOS with primary adapter, when ha_mode is manually set to standby
The active SEA pings no longer receives replies
VIOS1
en0
Intf
10.1.xxx.201
ent4
Slot 2
PVID 99
Primary
ent0
C10-T1
ent1
C10-T2
ent2
C10-T3
ent3
C10-T4
ent6
Slot 3
ent7
SEA
ent5
Link
VIOS2
ent6
Slot 3
ent7
SEA
ent5
Link
ent4
Slot 2
Standby
PVID 99 10.1.xxx.202
en0
Intf
ent0
C12-T1
ent1
C12-T2
ent2
C12-T3
ent3
C12-T4
PVID 1000
Control Channel
IBM i
Client 1
CMN01
Slot 2
IBM i
Client 2
CMN01
Slot 2
10.1.123.xx1 10.1.123.xx2
23
© 2016, 2017 IBM Corporation
Cognitive Systems
Steps for Configuring SEAs using Command Line
Create control channel adapters first– mkvdev –vlan 99 (for each VIOS)
Create primary VIOS objects
– Create Aggregated Link (if desired)•mkvdev –lnagg ent3 ent4 –attr mode=standard hash_mode=dst_port
– Create Shared Ethernet Adapter•mkvdev -sea ent5 -vadapter ent2 -default ent2 -defaultid 1 -attr ha_mode=autoctl_chan=ent7
– Configure Shared Ethernet Adapter•cfgassist -> VIOS TCP/IP Config and use en6 for network interface
Create secondary VIOS objects
– Create Aggregated Link (if desired)•mkvdev –lnagg ent0 ent1 –attr mode=standard hash_mode=dst_port
– Create Shared Ethernet Adapter•mkvdev -sea ent3 -vadapter ent2 -default ent2 -defaultid 1 -attr ha_mode=autoctl_chan=ent4
– Configure Shared Ethernet Adapter
•use en5 for network interface
VIOS 1BVIOS 1A IBM i
Client
VLAN 99
Control
Channel
PV
ID =
99
PV
ID =
99
Hyp
erv
isor
PV
ID =
1
PV
ID =
1
PV
ID =
1
Primary Standby
CMN0
Virt
Ent 4
Virt
Ent 2
Virt1Gb 1GbEnt 2
Virt
Ent 7
Virt
Ent 3
Aggr
Ent 5
Aggr
Ent 6
SEAEnt 5
SEA
Ent 0
Phy
Ent 1
PhyEnt 3
Phy
Ent 4
Phy
24
© 2016, 2017 IBM Corporation 13
© 2016, 2017 IBM Corporation
Cognitive Systems
Dual SEAs
Another option is to create shared ethernet adapters (SEAs) in each VIOS and make them peers (not primary/secondary)
–This is also referred to as “load sharing”
–Sharing is scoped to a VLAN so this option can be used only when you have multiple VLANs
HMC does not support this feature yet so need to use VIOS command line
Need to set ha_mode = sharing when creating the SEAs from the VIOS command line
If changing existing SEAs that were previously set to primary/secondary, make sure you change the ha_mode attribute on the primary first
–chdev -dev entX -attr ha_mode=sharing (where entX is name of the SEA)
25
© 2016, 2017 IBM Corporation
Cognitive Systems
SEA with Clients in Multiple VLANs• IBM i 7.1 and earlier does NOT
support multiple VLANs, but VIOS does support multiple VLANs
• What if you want multiple IBM iclients in different VLANs (subnets) to share a single ethernet adapter link?
• IBM i Client uses PVID that matches a secondary VLAN on the virtual adapter in VIOS
• Network switch config must be aware of secondary VLANs
VIOS 1
Ent4
SEA
Hypervisor
Switch
PV
ID =
3 V
LA
N =
11
Ent 3
Aggr
IBM i
Client 1
PV
ID =
11
CMN0
Virt1GbEnt 2
Virtual
Ent 0
Phy
Ent 1
Phy
IBM i
Client 2
PV
ID =
22
CMN0
Virt
PV
ID =
3 V
LA
N =
22
123.123.11.xxx 123.123.22.xxx
26
© 2016, 2017 IBM Corporation 14
© 2016, 2017 IBM Corporation
Cognitive Systems
Creating Virtual Ethernet Adapters with VLAN Tagging
27
© 2016, 2017 IBM Corporation
Cognitive Systems
IEEE 802.1Q VLAN Tagging Considerations
• When using 802.1Q VLAN tagging to enable multiple VLANs on a single SEA, consider the following:
– Port Virtual Ethernet ID (PVID) in IBM i LPAR needs to match the 802.1Q tag in the VIOS LPAR
– When 802.1Q tagging is used, the network switch needs to be configured to understand each 802.1q VLAN that is configured in VIOS
• Avoid using VLAN=1 because this is often used as the switch management VLAN
• Good VLAN Tagging Reference
– http://www.ibm.com/developerworks/aix/library/au-managevlans/
28
© 2016, 2017 IBM Corporation 15
© 2016, 2017 IBM Corporation
Cognitive Systems
Summary
• Use the HMC browser to reduce complexity
• Keep the overall design as simple as possible
• Take advantage of the failover capability in the hypervisor
for maximum availability
29
#COMMONS17www.common.org
Don’t Forget Your Session Surveys
• Sign in to the Online Session Guide (www.common.org/sessions)
• Go to your personal schedule
• Click on the session that you attended
• Click on the Feedback Survey button located above the abstract
Completing session surveys helps us plan future programming and provides feedback used in speaker awards. Thank you for your participation.
© 2016, 2017 IBM Corporation 16
© 2016, 2017 IBM Corporation
Cognitive Systems
https://facebook.com/IBMPowerSystems
https://twitter.com/IBMPowerSystems
https://www.linkedin.com/company/ibm-power-systems
IBM Power Systems Official Channels:
http://www.youtube.com/c/ibmpowersystems
https://www.ibm.com/blogs/systems/topics/servers/power-
systems/
Power Systems Social Media
© 2016, 2017 IBM Corporation
Cognitive Systems
32
More to Follow:
Blogs to Follow More to Follow Hashtags To Use
• IBM Systems Magazine You and I (Steve Will)
• IBM Systems Magazine i-Can (Dawn May)
• IBM Systems Magazine: iDevelop (Jon Paris and
Susan Gantner)
• IBM Systems Magazine: iTalk with Tuohy
• IBM DB2 for i (Mike Cain)
• IBM DB2 Web Query for i (Doug Mack)
@IBMSystems@COMMONug
@IBMChampions@IBMSystemsISVs
@LinuxIBMMag@OpenPOWERorg
@AIXMag@IBMiMag
@SAPonIBMi@SiDforIBMi
@IBMAIXeSupp@IBMAIXdoc
#PowerSystems
#IBMi
#IBMAIX
#POWER8
#LinuxonPower
#OpenPOWER
#HANAonPower
#ITinfrastructure
#OpenSource
#HybridCloud
#BigData