Topic
8 replies Latest Post - ‏2012-06-26T11:12:34Z by robinsguk
robinsguk
robinsguk
7 Posts
ACCEPTED ANSWER

Pinned topic BRMS Network - DMZ

‏2012-06-26T08:01:33Z |
Hello,

I have 8 x V6R1 LPARs with BRMS installed. One of these LPARs is in a DMZ (LPAR8). The main prod LPAR (LPAR1) can communicate with ALL of the LPARS, including the one in the DMZ.

How do I set up my BRMS network so that that LPAR8 is part of the BRMS network but only communicates with LPAR1?
Thanks

Glenn
Updated on 2012-06-26T11:12:34Z at 2012-06-26T11:12:34Z by robinsguk
  • SystemAdmin
    SystemAdmin
    353 Posts
    ACCEPTED ANSWER

    Re: BRMS Network - DMZ

    ‏2012-06-26T10:37:02Z  in response to robinsguk
    Hi Glen, unfortunately this is not possible as BRMS uses a PEER network where all systems need to communicate with all other systems in the BRMS network. This means all systems have to be able to PING all other systems in the network and be able to DDM to all

    Thanks
    Mervyn
    • robinsguk
      robinsguk
      7 Posts
      ACCEPTED ANSWER

      Re: BRMS Network - DMZ

      ‏2012-06-26T10:40:11Z  in response to SystemAdmin
      That's what I thought.

      Could I have two BRMS networks?

      NWKA - LPAR1 and LPAR8
      NWKB - LPAR2-LPAR7

      The two networks communicate between LPAR1 and LPAR2.

      The V6R1 manual kind of suggests that but it's not clear.

      Glenn
      • SystemAdmin
        SystemAdmin
        353 Posts
        ACCEPTED ANSWER

        Re: BRMS Network - DMZ

        ‏2012-06-26T10:45:17Z  in response to robinsguk
        Hi Glen, no that is not possible either. A system cannot be in 2 different BRMS networks.

        Thanks
        Mervyn
        • robinsguk
          robinsguk
          7 Posts
          ACCEPTED ANSWER

          Re: BRMS Network - DMZ

          ‏2012-06-26T10:50:43Z  in response to SystemAdmin
          I understand but it seems the V6R1 BRMS documentation suggests that two BRMS networks can communicate e.g.

          LPAR1 and LPAR8 in NWKA
          LPAR2, LPAR3, LPAR4, LPAR5, LPAR6 and LPAR7 in NWKB

          LPAR1 and LPAR2 would then be the communication point between NWKA and NWKB.

          Page 269 and 270 of Backup, Recovery, and Media Services for i5/OS V6R1M0.
          Glenn
          • SystemAdmin
            SystemAdmin
            353 Posts
            ACCEPTED ANSWER

            Re: BRMS Network - DMZ

            ‏2012-06-26T10:58:31Z  in response to robinsguk
            Hi Glen, the text below figure 13 states this :
            "To avoid this, you must split one of the networks before joining them so that all of the systems in the network have knowledge of each other."

            The figure shows the incorrect way to join networks. Figure 14 shows the correct way to join 2 BRMS networks by first breaking up one network and then adding the systems one at a time to the other network so that all systems know about each other.

            Thanks
            Mervyn
        • robinsguk
          robinsguk
          7 Posts
          ACCEPTED ANSWER

          Re: BRMS Network - DMZ

          ‏2012-06-26T10:58:00Z  in response to SystemAdmin
          I've read through again a couple of times.

          I think the approach is to have LPAR1-LPAR7 in NWKA and LPAR8 in NWKB. The join NWKA and NWKAB using LPAR1 and LPAR8.

          I'll give it a try.
          Glenn
          • SystemAdmin
            SystemAdmin
            353 Posts
            ACCEPTED ANSWER

            Re: BRMS Network - DMZ

            ‏2012-06-26T11:01:05Z  in response to robinsguk
            Hi Glenn, no that will cause problems - see my previous post. You cannot join two BRMS networks. You have to break up one network first and then add the systems one at a time to the other BRMS network,

            Th
            • robinsguk
              robinsguk
              7 Posts
              ACCEPTED ANSWER

              Re: BRMS Network - DMZ

              ‏2012-06-26T11:12:34Z  in response to SystemAdmin
              I get it now. The manual is showing how to merge two networks.

              Looks like I'll have to do this via ip routing through LPAR1.

              Thanks

              Glenn