VLAN tagging and the VIOS: some questions and answers.
cggibbo 270000TMUJ Comments (4) Visits (66137)
Here are some questions I received recently regarding VLAN tagging on the VIO server. My answers are shown in green.
Q: I’m trying to understand when, where and why there would be the need to use ‘mkvdev –vlan (etc.) on the VIOS, and I’m wondering whether you would be able to clarify this for me, please.
Is it necessary to add the VLAN tag devices to the SEA, or is it suffice to just have them defined within the Virtual Ethernet itself which is part of the SEA?”
A: It is suffice to simply define the VLAN ids assigned to the Virtual Ethernet adapters associated with the SEA.
“Q: For completeness, on the rare occasions I have done this, I have added the VLAN’s to the Virtual Ethernet and also as VLAN devices on the VIOS (mkvdev –vlan etc.)”
A: mkvdev –vlan is not necessary, unless the VIOS needs to communicate with hosts on different VLANs i.e. you need an IP address on the VIOS for each VLAN. This does not mean the SEA will bridge this VLAN traffic for VIOCs.
“Q: The reason I started thinking of this is, is because one of our customers wants to add new VLAN’s to their SEA, but they’re not running Power7 hardware. Therefore, the online method would be to add a new Virtual Adapter which contains the new VLAN ID’s to the VIOS using DLPAR, then use chdev –dev (etc.) on the SEA to include the new Virtual Ethernet.”
A: Agreed. The “IBM PowerVM Virtualization Managing and Monitoring” Redbook states: “If your system doesn’t support dynamic VLAN modifications and you are modifying the VLAN list of a virtual Ethernet adapter that is configured in a SEA with ha_mode enabled, the HMC will not allow you to reconfigure the list of VLANs on that interface. You will need to add an additional virtual Ethernet adapter and modify the virt_adapters list of the SEA, or modify the profile of both Virtual I/O Servers and re-activate both Virtual I/O Servers at the same time.”
“Q: From the phone call I had, it would appear that the VLAN tags are included on the Virtual Ethernet device, but have not been added to the SEA by running mkvdev –vlan (etc. ) on the VIOS’s. This leads me to assume that the ‘mkvdev –vlan’ is only required if there is a requirement to access the VIOS itself from a particular VLAN. Am I right, or is there something I’m not understanding? I’m unable to find documentation that explains the answer. Do you happen to know?”
A: That is also my understanding (based on my experience). On page 483 of the “IBM PowerVM Virtualization Introduction and Configuration” Redbook , it states: “The addition of VLAN interfaces to the SEA adapter is only necessary if the VIO Server itself needs to communicate on these VLANs”.
“Q: Hi Chris,
We are trying to associate a new entX Virtual Ethernet Trunk Device to an existing SEA. The new device must be configured for VLAN tagging. The existing virtual Ethernet adapter that (is already associated with the SEA) is not configured for VLAN tagging. This device will remain associated to the SEA and continue to pass untagged packets to the already configured network.
Ultimately the configuration we want would be two entX devices associated with the existing SEA. One entX device is configured for notagged packets and the other entX device is configured for tagging.
How do we configured this?”
A: What you are trying to do should work:
VIOC1 boot1 PVID 20 ---> VIOS1 ent3 PVID 20 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X
VIOC1 boot2 PVID 21 ---> VIOS2 ent3 PVID 21 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X
VIOC1 boot1 PVID 20 ---> VIOS1 ent3 PVID 20 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X (NO CHANGE)
VIOC1 boot2 PVID 21 ---> VIOS2 ent3 PVID 21 ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X (NO CHANGE)
VIOC2 boot1 PVID 22 ---> VIOS1 ent6 PVID 92*, VID 22, 802.1Q ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X, VID=22 (NEW)
VIOC2 boot2 PVID 23 ---> VIOS2 ent6 PVID 93*, VID 23, 802.1Q ---> SEA ent5 ---> Physical Ethernet adapter connected to Network Switch Port PVID=X, VID=23 (NEW)
*The PVID can be any unused/throw away number. The new ent6 adapter would be configured similar to this:
Then you would run this command to associate the new ent6 with the existing SEA, ent5:
$ chdev -dev
ent5 -attr virt
Have a look at the following sections of this Redbook:
3.2.3 Virtual I/O Server: Dynamically add or modify an existing adapter such that the required VLAN is listed in the 802.1q Additional VLAN fields (on POWER7 only).
3.2.2 Hardware Management Console: Dynamic VLAN modification in the GUI (on POWER7 only).
This document (by Anthony English) is also a very useful document relating to VLANs, SEAs and VIOS:
Reply: “hmm ok I see what you are saying, I will give it a go and tell you how it turns out...thanks. ok finally got around to testing using a VIOS at DR site. Created new virtual adapter PVID 55 and VID 888 (ent9) then added it to the existing SEA as shown below:
enabled Enable per-client accounting of network
VLAN Ids :
“So looks ok. Thanks for your help”.