1 ZlatkoAIX commented Permalink

"If two LPAR are on the same internal network and the root user puts the virtual adapter in to promiscuous mode then it can see all packets. <div>&nbsp;</div> Just like a physical network." <div>&nbsp;</div> Disagree! <div>&nbsp;</div> <div>&nbsp;</div> Remember: If you have to do it, how you would do it yourself? <div>&nbsp;</div> The packets are routed by the Power Hypervisor. So it is a software routing. As a side note: there is a widespread confusion that it is done by VIOS but the latter only bridges the packets to the outside world. <div>&nbsp;</div> Now with the software routing would I bother to copy a packet from partition A to partition B to partitions C, D and E? No, I will not! I would look up the target MAC address in the Ethernet frame, and will deliver the packet only to partition B. I will not waste precious CPU time to copy it to all other vEth adapters, and will not waste their throughput with unneeded data either. <div>&nbsp;</div> The exception to the rule are Ethernet broadcast packets, for example ARP queries. They are sent to MAC address of FF:FF:FF:FF:FF:FF, and will have to be copied to all ports in the VLAN. That includes the trunk port, and the VIOS will forward the frame to the physical network. <div>&nbsp;</div> <div>&nbsp;</div> <div>&nbsp;</div> "If in doubt think: "Just like a physical network" and you will not go far wrong." <br /> Concur on that! PowerVM provides a virtual switch (on P7 more than one), not a hub. A physical switch will keep a table of MAC addresses, and will forward the packet only to the target port.