PowerVM QuickStart IV-Virtual Network Setup & Management
1.SEA Setup - Overview
• The command used to set up a SEA (Shared Ethernet Adapter) is mkvdev.
• IP addresses cannot be configured on either the virtual or the physical adapter used in the mkvdev command. IP addresses are configured either on the SEA itself (created by the mkvdev -sea command) or another physical or virtual adapter that is not part of a SEA "bridge". (An example of the latter is seen in Figure 2.)
• Best practices suggest that IP addresses for the VIOS should not be created on the SEA but should be put on another virtual adapter in the VIOS attached to the same VLAN. This makes the IP configuration independent of any changes to the SEA. Figure 2, has an example of an IP address configured on a virtual adapter interface en1 and not any part of the SEA "path". (This is not the case when using SEA failover).
• The virtual device used in the SEA configuration should have "Access External Networks" (AKA: "Trunk adapter") checked in its configuration (in the profile on the HMC). This is the only interface on the VLAN that should have this checked. Virtual interfaces with this property set will receive all packets that have addresses outside the virtual environment. In figure 2, the interface with "Access External Networks" checked should be ent2.
• If multiple virtual interfaces are used on a single VLAN as trunk adapters then each must have a different trunk priority. This is typically done with multiple VIOS servers - with one virtual adapter from the same VLAN on each VIO server. This is required when setting up SEA Failover in the next section.
Figure 2: Configuration of IP address on virtual adapter.
• The examples here are of SEAs handling only one VLAN. A SEA may handle more than one VLAN. The -default and -defaultid options to mkvdev -sea make more sense in this (multiple VLAN) context.
2.Network Redundancy in VIOS
• The two primary methods of providing network redundancy for a VIOC in a dual VIOS configuration are NIB (Network Interface Backup) and SEA Failover. (These provide protection from the loss of a VIOS or VIOS connectivity to a physical LAN.)
• NIB creates a link aggregation in the client of a single virtual NIC with a backup NIC. (Each virtual NIC is on a separate VLAN and connected to a different VIOS.) This configuration is done in each client OS. (See Figure 3 for an example of the VIOC that uses NIB to provide redundant connections to the LAN.)
• SEA Failover is a VIOS configuration option that provides two physical network connections, one from each VIOS. No client configuration is required as only one virtual interface is presented to the client.
• Most Power 6 based systems offer IVE (Integrated Virtual Ethernet) hardware that provides virtual NICs to clients. These do not provide redundancy and must be used in pairs or with another NIC / backup path on each client (or VIOS) to provide that capability. (Note: This is in the context of client NIB configurations. When IVE is used directly to the client different configuration rules apply. See the IVE Redpaper for the particulars of configuring IVE for aggregation and interface failover.)
• NIB and SEA Failover are not mutually exclusive and can be used together or with link aggregation (EtherChannel / 802.3ad) to a physical device in the VIOS. Figure 3 shows a link aggregation device (ent3) in VIOS 1 as the physical trunk adapter for the SEA (ent4) in what is seen by the client as a NIB configuration.
• Link aggregation (EtherChannel / 802.3ad) of more than one virtual adapter is not supported or necessary from the client as all I/O moves at memory speed in the virtual environment. The more appropriate method is to direct different kinds of I/O or networks to particular VIOS servers where they do not compete for CPU time.
Figure 3: NIC failover implemented at the VIO Client layer along with additional aggregation/failover at the VIOS layer.
• The primary benefit of NIB (on the client) is that the administrator can choose the path of network traffic. In the case of figure 3, the administrator would configure the client to use ent0 as the primary interface and ent1 as the backup. Then more resources (in the form of aggregate links) can be used on VIOS1 to handle the traffic with traffic only flowing through VIOS2 in the event of a failure of VIOS1. The problem with this configuration is that it requires additional configuration on the client and is not conducive as SEA Failover to simplistic NIM installs.
• NIB configurations also allow the administrator to balance clients so that all traffic does not go to a single VIOS. In this case hardware resources would be configured more evenly than they are in figure 3 with both VIOS servers having similar physical connections as appropriate for a more "active / active" configuration.
refere SEA fail-over setup on dual VIO Servers
3.SEA Setup - Example
Create a SEA "bridge" between the physical ent0 and the virtual ent2 (from Figure 2)
mkvdev -sea ent0 -vadapter ent2 -default ent2 -defaultid 1
››› Explanation of the parameters:
-sea ent0 -- This is the physical interface
-vadapter ent2 -- This is the virtual interface
-default ent2 -- Default virtual interface to send untagged packets
-defaultid 1 -- This is the PVID for the SEA interface
• The PVID for the SEA is relevant when the physical adapter is connected to a VLAN configured switch and the virtual adapter is configured for VLAN (802.3Q) operation. All traffic passed through the SEA should be untagged in a non-VLAN configuration.
• This example assumes that separate (physical and virtual) adapters are used for each network. (VLAN configurations are not covered in this document).
4.SEA Management
Find virtual adapters associated with SEA ent4
lsdev -dev ent4 -attr virt_adapters
Find control channel (for SEA Failover) for SEA ent4
lsdev -dev ent4 -attr ctl_chan
Find physical adapter for SEA ent4
lsdev -dev ent4 -attr real_adapter
List all virtual NICs in the VIOS along with SEA and backing devices
lsmap -all -net
List details of Server Virtual Ethernet Adapter (SVEA) ent2
lsmap -vadapter ent2 -net
5.SEA Failover
• Unlike a regular SEA adapter, a SEA failover configuration has a few settings that are different from stated best practices.
• A SEA failover configuration is a situation when IP addresses should be configured on the SEA adapter.
• A control channel must be configured between the two VIOS using two virtual ethernet adapters that use that VLAN strictly for this purpose. The local virtual adapter created for this purpose should be specified in the ctl_chan attribute in each of the SEA setups.
• Both virtual adapters (on the VLAN with clients) should be configured to "Access External network", but one should have a higher priority (lower number) for the "Trunk priority" option. A SEA failover configuration is the only time that you should have two virtual adapters on the same VLAN that are configured in this manner.
Figure 3: SEA Failover implemented in the VIOS layer.
The following command needs to be run on each of the VIOS to create a simple SEA failover. (It is assumed that interfaces match on each VIOS.)
mkvdev -sea ent0 -vadapter ent1 -default ent1
-defaultid 1 -attr ha_mode=auto
ctl_chan=ent3 netaddr=10.143.180.1
››› Explanation of the parameters:
-sea ent0 -- This is the physical interface
-vadapter ent1 -- This is the virtual interface
-default ent1 -- Default virtual interface to send untagged packets
-defaultid 1 -- This is the PVID for the SEA interface
-attr ha_mode=auto -- Turn on auto failover mode
(-attr) ctl_chan=ent3 -- Define the control channel interface
(-attr) netaddr=10.143.180.1 -- Address to ping for connect test
• auto is the default ha_mode, standby forces a failover situation
Change the device to standby mode (and back) to force failover
chdev -dev ent4 -attr ha_mode=standby
chdev -dev ent4 -attr ha_mode=auto
See what the priority is on the trunk adapter
netstat -cdlistats | grep "Priority"
No comments:
Post a Comment