We do this as well, a completely private network that's not used for
anything else. Even though we are multi-tenant and this network touches
all our customers they cannot 'see' it as it's on the Service Tools
interface only and connects Only to our PTF/ Image host partition. No
gateway, no other partitions there.
What you suggest IS one option. Scrap the VLAN and change GDISYS2 to the
10.10.6 network. I don't like it.
Since the issue you have is that on the HOST partition you need to have
a standard IBM i interface in the 'Image Hosting Network', the other (my
preferred) option is to ADD another standard IBM i interface to the host
partition that is in the 10.10.206 network. Use the same CMNxx interface
you had set up there for Service Tools since you do not need a Service
Tools interface on the host.
Once that is alive then you MUST MUST MUST be able to ping the service
tools interfaces on the guest/client partitions from the host. If you
cannot Ping that service tools interface STOP. Do not continue. Do not
pass go do not go directly to jail. You must fix whatever network issue
that exists before going any further. Verify subnets and VLANs and IPs
and that interfaces are active for example. Once PINGing works you will
have success. (Side note there is no way to ping from the service tools
interface of the client back to the host.)
Now when you want to add different partitions, as you suggest DMZ which
would be in a completely different subnet from production, simply place
it's service tools interface in the 10.10.206 vlan and subnet and you'll
be good to go.
- Larry "DrFranken" Bolhuis
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.
On 8/30/2016 10:59 AM, Rob Berendt wrote:
I get that the host lpar will be up and I should count on that.
However, I thought that by using the virtual ethernet kind of stuff then
it would be a totally private network and I could have even the lpars who
are in our DMZ in on this. They're not all currently in the same subnet.
If our host, RACK2HST, is currently 10.10.6.181, and our guest, GDISYS2,
everyday IP address is 10.10.6.129 then I should abandon a separate vlan
and the whole 10.10.206.x range and use a number like 10.10.6.130 (if
available) on GDISYS2? And end up changing
Internet address . . . . . . 10.10.206.129
Gateway router address . . . 10.10.206.1
Subnet mask . . . . . . . . . 255.255.255.0
Internet address . . . . . . 10.10.6.130
Gateway router address . . . 10.10.6.1
Subnet mask . . . . . . . . . 255.255.254.0
*Note: we use subnet 255.255.254.0 for our regular lan traffic.
What happens when we want to do our dmz lpar? It's everyday IP address is
something like 208.xx.yy.zz, and runs in a different vlan. Do I give a
service tools IP address in the 10.10.6 range and vlan?