|
Larry,
That is the strategy I was planning on going with. Separate virtual ethernet adapters for user traffic and replication. For all of the user VLANS, I think it would be a cleaner config to do the VLAN on the client OS, less config work up/down the stack. In this scenario, does the VIOS adapter need to have the VLAN ID also or just the OS?
________________________________
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxx> on behalf of DrFranken <midrange@xxxxxxxxxxxx>
Sent: Tuesday, May 29, 2018 12:29:11 PM
To: Midrange Systems Technical Discussion
Subject: Re: v7.3 VLAN tagging and VIOS configs
The ability to use VLAN tags truly simplifies everything. Why would I
want a separate Ethernet line, controller, and device for every separate
VLAN? In addition I need to configure each virtual network adapter so I
end up with a whole bunch of stuff to no gain. If you can tag, tag.
Simple, Quick, Efficient.
That said, it's not for everything! For example if you have PowerHA
Geomirror or Mimix or other HA software that really pounds a pipe I
would keep that traffic on a separate Ethernet line to avoid queuing
issues that might slow production traffic.
Another other use I like is the ability to install or upgrade or PTF a
partition using network based virtual optical. I always keep that on a
separate virtual adapter as you cannot use the same one for both IBM i
and the Service Tools adapter at the same time. Additionally you need to
tag that adapter as the alternate restart device in the partition profile.
SECURITY NOTE however. DO pay attention to the allowed VLANs on the
virtual adapters!! This is especially true in a multi-tenant
environment. If you open that up you theoretically allow someone to add
an interface in a VLAN you don't want them in and thus security is
compromised.
- Larry "DrFranken" Bolhuis
www.Frankeni.com<http://www.Frankeni.com>
www.iDevCloud.com<http://www.iDevCloud.com> - Personal Development IBM i timeshare service.
www.iInTheCloud.com<http://www.iInTheCloud.com> - Commercial IBM i Cloud Hosting.
On 5/29/2018 9:50 AM, Steve Pavlichek wrote:
What are best practices for configuring VLANs to IBM I LPARs running under VIOS? Prior to v7r2, we would configure the VLAN on the virtual ethernet adapter on the LPAR profile. Now that v7r2/v7r3 support VLAN tagging at the OS, which is preferred, on the Profile or in the OS?--
Say I need to support 5 interfaces each on different VLANs. Should I define 5 virtual ethernet adapters on the Profile and then have ETHLIN01-05 or should I define 1 virtual ethernet adapter on the Profile and add the VLAN tag to the TCP/IP Interface and share ETHLIN01 between all 5? I would think the second option sounds like a cleaner configuration, but networking has never been my strongest area.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
