MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » March 2014

Re: Logical Partitions and TCP/IP over virtual ethernet



fixed

Hi Larry

I appreciated the explanation as to why not to put any IP configurations
onto the Bridged interfaces, most enlightening,

If you could clarify for me, you say that route for the guest must be the
same as the route for the host. While I have nothing to look at right now
(not in the office) it's not my recollection that this has to be the case.

The partitions I have configured have had a number of different routes (as
far as I remember) and the key has been making sure that the network guys
have got their end of it right. If they use the same route wouldn't they
effectively be on the same network - which would seem to reduce the benefit
and advantage of being able to bridge the connections.

Could be my terminology but that statement has got me curious. I'll be
checking some stuff when I make it into the office.


On Tue, Mar 25, 2014 at 2:25 AM, DrFranken <midrange@xxxxxxxxxxxx> wrote:

Anna,

You *DO NOT* want to do this this way! The use of ANY IP at all on
the bridge is not recommended because of severe potential performance
issues. Also NAT is not required or desired on the bridge.

Also just to be clear this is not a service partition, to people like
Pete and Jim and others here that term describes a partition that is
used to update firmware on the server without using the HMC. While we
also don't recommend service partitions, we do reserve the name for it.

What you have is a 'Host Partition'. No matter what else it might be
hosting it is at least hosting network traffic.

The short course is this:

1) Connect an Ethernet cable from an available port on this host
partition to your network switch. You want to identify an available port
that currently has NO Line description associated with it. Identify the
CMNnn number for this port.
2) Create a line description using this CMNnn that matches the speed and
duplex of the switch. Put a name in the BRIDGE parameter and remember it
as we'll be using it again in a moment. Be SURE to include TEXT on this
line. Vary on the line.
3) Using "Dynamic LPAR - Virtual Adapters" Create a new virtual Ethernet
Adapter for this host partition. Critical pieces are two: First assign
the Port VIrtual Ethernet (VLAN ID) as the VLAN you wish the client
partitions to be on. Typically this is 1. Second, check the box "Access
external network." Once created identify the CMNnn number for this new
adapter.
4) Create a line description using this CMNnn that designates *FULL and
1G for the line speed. Use THE SAME Bridge name from step 2 above. Add
text to the line! Vary it on.
5) Verify that the two lines are Varied On.

Here is an example of two lines that form a bridge:

Description Status
ETHBRIDGEE VARIED ON
ETHBRIDGEI VARIED ON

Note that they should NEVER go past VARIED ON. If they do, you have
done a bad thing and assigned an IP address to one or the other. As I
mentioned before you do not want to do this. The reason is that the
bridge, in order to self-learn which devices are on which side of the
bridge, must put itself in promiscuous mode. This means it will see
every packet not just packets the switch thinks it should see. If there
was an IP interface on the line then EVERY PACKET gets handed to IP to
see if it's destined for this host partition. The VAST Majority of them
will not and thus will be thrown away but they ALL must be checked thus
burning value CPU resource. Note this is also why you don't want to try
Proxy ARP or NAT on this line - same problem.

6) Next on the guest partition(s) create a virtual Ethernet adapter in
the same VLAN as the Host. *DO NOT* check the 'Access external network'
box here.
7) On the Guest create a typical Ethernet line description using the
CMNnn number for this new Virtual Ethernet Adapter. DO NOT specify a
bridge name. Do use 1G and *FULL duples. Do add text! Vary it on.
8) Add a TCP/IP Interface to this new line and start the interface. This
interface should be in the same IP subnet as the host partition. The
bridge will work it's magic carrying the traffic from the inside to the
outside of the system.
Note: The ROUTE for this guest partition is THE SAME as it is for the
Host partition. The host is NOT routing, rather it is merely a bridge.
ROUTING is a Layer 3 (IP) function while Bridging is a Layer 2
(Ethernet) function.
You may add as many client partitions on this VLAN as desired.

- Larry "DrFranken" Bolhuis

www.frankeni.com
www.iDevCloud.com
www.iInTheCloud.com

On 3/21/2014 4:26 PM, Anna Abt wrote:

I've set up a service partition and a guest partition. On the service
partition I created a virtual Ethernet adapter and one on the client
partition using the same VLAN id. I have 2 line descriptions, one for
the
physical and one for the virtual created on the service partition. I
have a
line description created for the virtual adapter on the client
partition. I
then created the routing for the physical adapter with a public address
and
routing for each of the virtual adapters. I used NAT to map the private
address of partition 2 (client) to the public address of partition 1
(service). I thought I had this set up correctly, but I am unable to see
the public interface from the network. Did I do something incorrectly?
I
am able to see another interface on partition 1 that is not bridged. Any
help would be appreciated.





Anna Abt
Director of Programming
CYBRA Corporation
(914)963-6600 Ext 207
acosgrove@xxxxxxxxx

<http://www.cybra.com/> www.cybra.com



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.









Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact