You *DO NOT* want to do this this way! The use of ANY IP at all on
the bridge is not recommended because of severe potential performance
issues. Also NAT is not required or desired on the bridge.
Also just to be clear this is not a service partition, to people like
Pete and Jim and others here that term describes a partition that is
used to update firmware on the server without using the HMC. While we
also don't recommend service partitions, we do reserve the name for it.
What you have is a 'Host Partition'. No matter what else it might be
hosting it is at least hosting network traffic.
The short course is this:
1) Connect an Ethernet cable from an available port on this host
partition to your network switch. You want to identify an available port
that currently has NO Line description associated with it. Identify the
CMNnn number for this port.
2) Create a line description using this CMNnn that matches the speed and
duplex of the switch. Put a name in the BRIDGE parameter and remember it
as we'll be using it again in a moment. Be SURE to include TEXT on this
line. Vary on the line.
3) Using "Dynamic LPAR - Virtual Adapters" Create a new virtual Ethernet
Adapter for this host partition. Critical pieces are two: First assign
the Port VIrtual Ethernet (VLAN ID) as the VLAN you wish the client
partitions to be on. Typically this is 1. Second, check the box "Access
external network." Once created identify the CMNnn number for this new
4) Create a line description using this CMNnn that designates *FULL and
1G for the line speed. Use THE SAME Bridge name from step 2 above. Add
text to the line! Vary it on.
5) Verify that the two lines are Varied On.
Here is an example of two lines that form a bridge:
ETHBRIDGEE VARIED ON
ETHBRIDGEI VARIED ON
Note that they should NEVER go past VARIED ON. If they do, you have
done a bad thing and assigned an IP address to one or the other. As I
mentioned before you do not want to do this. The reason is that the
bridge, in order to self-learn which devices are on which side of the
bridge, must put itself in promiscuous mode. This means it will see
every packet not just packets the switch thinks it should see. If there
was an IP interface on the line then EVERY PACKET gets handed to IP to
see if it's destined for this host partition. The VAST Majority of them
will not and thus will be thrown away but they ALL must be checked thus
burning value CPU resource. Note this is also why you don't want to try
Proxy ARP or NAT on this line - same problem.
6) Next on the guest partition(s) create a virtual Ethernet adapter in
the same VLAN as the Host. *DO NOT* check the 'Access external network'
7) On the Guest create a typical Ethernet line description using the
CMNnn number for this new Virtual Ethernet Adapter. DO NOT specify a
bridge name. Do use 1G and *FULL duples. Do add text! Vary it on.
8) Add a TCP/IP Interface to this new line and start the interface. This
interface should be in the same IP subnet as the host partition. The
bridge will work it's magic carrying the traffic from the inside to the
outside of the system.
Note: The ROUTE for this guest partition is THE SAME as it is for the
Host partition. The host is NOT routing, rather it is merely a bridge.
ROUTING is a Layer 3 (IP) function while Bridging is a Layer 2
You may add as many client partitions on this VLAN as desired.
- Larry "DrFranken" Bolhuis
On 3/21/2014 4:26 PM, Anna Abt wrote:
I've set up a service partition and a guest partition. On the service
partition I created a virtual Ethernet adapter and one on the client
partition using the same VLAN id. I have 2 line descriptions, one for the
physical and one for the virtual created on the service partition. I have a
line description created for the virtual adapter on the client partition. I
then created the routing for the physical adapter with a public address and
routing for each of the virtual adapters. I used NAT to map the private
address of partition 2 (client) to the public address of partition 1
(service). I thought I had this set up correctly, but I am unable to see
the public interface from the network. Did I do something incorrectly? I
am able to see another interface on partition 1 that is not bridged. Any
help would be appreciated.
Director of Programming
(914)963-6600 Ext 207