We do this as well, a completely private network that's not used for anything else. Even though we are multi-tenant and this network touches all our customers they cannot 'see' it as it's on the Service Tools interface only and connects Only to our PTF/ Image host partition. No gateway, no other partitions there.

What you suggest IS one option. Scrap the VLAN and change GDISYS2 to the 10.10.6 network. I don't like it.

Since the issue you have is that on the HOST partition you need to have a standard IBM i interface in the 'Image Hosting Network', the other (my preferred) option is to ADD another standard IBM i interface to the host partition that is in the 10.10.206 network. Use the same CMNxx interface you had set up there for Service Tools since you do not need a Service Tools interface on the host.

Once that is alive then you MUST MUST MUST be able to ping the service tools interfaces on the guest/client partitions from the host. If you cannot Ping that service tools interface STOP. Do not continue. Do not pass go do not go directly to jail. You must fix whatever network issue that exists before going any further. Verify subnets and VLANs and IPs and that interfaces are active for example. Once PINGing works you will have success. (Side note there is no way to ping from the service tools interface of the client back to the host.)

Now when you want to add different partitions, as you suggest DMZ which would be in a completely different subnet from production, simply place it's service tools interface in the 10.10.206 vlan and subnet and you'll be good to go.

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 8/30/2016 10:59 AM, Rob Berendt wrote:
I get that the host lpar will be up and I should count on that.

However, I thought that by using the virtual ethernet kind of stuff then
it would be a totally private network and I could have even the lpars who
are in our DMZ in on this. They're not all currently in the same subnet.

If our host, RACK2HST, is currently 10.10.6.181, and our guest, GDISYS2,
everyday IP address is 10.10.6.129 then I should abandon a separate vlan
and the whole 10.10.206.x range and use a number like 10.10.6.130 (if
available) on GDISYS2? And end up changing
Internet address . . . . . . 10.10.206.129
Gateway router address . . . 10.10.206.1
Subnet mask . . . . . . . . . 255.255.255.0
to
Internet address . . . . . . 10.10.6.130
Gateway router address . . . 10.10.6.1
Subnet mask . . . . . . . . . 255.255.254.0
*Note: we use subnet 255.255.254.0 for our regular lan traffic.

What happens when we want to do our dmz lpar? It's everyday IP address is
something like 208.xx.yy.zz, and runs in a different vlan. Do I give a
service tools IP address in the 10.10.6 range and vlan?

Rob Berendt


This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].