Configuring the network mapping policy

A virtual LAN (VLAN) is created by assigning artificial LAN identifiers (VLAN IDs) to the datagrams that are exchanged through the physical network. Hosts that are located on the same VLAN represent a subset of the hosts that are located on the physical network. Hosts that belong to the same subnet allows communication without any physical device. The subnets are separated when the hosts in a subnet have different VLAN IDs.

When a virtual Ethernet adapter is created in an HMC, a virtual Ethernet switch port is configured simultaneously. The virtual machines within a host, which need to communicate with other virtual machines for workload operations, are configured to have the same VLAN IDs. Similarly, some virtual machines in your host environment might be isolated from other virtual machines through a private network and might have different VLAN IDs.

For example, consider a host in the active site that contains two virtual machines that use the following VLAN IDs: VLAN1, VLAN12, VLAN13, and VLAN5. If you want these virtual machines to start in the backup site with VLAN IDs: VLAN1, VLAN22, VLAN23, and VLAN5, you can set a VLAN policy that modifies the VLAN ID from VLAN12 to VLAN22, and from VLAN13 to VLAN23 when virtual machines are moved from the active site to the backup site. Therefore, when you move the virtual machines across sites, the virtual machines are restarted in the target site with the assigned VLAN IDs as shown in the following figure:

Figure 1. Example of network mapping policy configuration
Network mapping policy configuration
Notes:
  • You can modify the KSYS system properties to enable or disable the network mapping policy for all virtual machines across the sites.
  • When you map VLAN IDs at host-level, the VLAN IDs are applied to all the virtual machines of that host.
You can create VLAN ID or virtual switch mapping policies that contains a mapping of VLAN IDs or virtual switches that are assigned to virtual machines when the virtual machines are moved from the active site to the backup site. These policies are useful in the following cases:
  • In a disaster situation, when you move source hosts or host groups to the backup site, the hosts must have the same VLAN ID, otherwise the recovery operation fails. If the target site is configured with a different VLAN ID, you must set a VLAN policy for source hosts to acquire the same VLAN ID when virtual machines are restarted in the backup site for a successful recovery operation.
  • During the test operation for the disaster recovery, when you move hosts or host groups to the backup site in the test mode, if you do not specify a VLAN ID or virtual switch, the virtual machines are started with the same VLAN ID or virtual switch in the backup site as the existing virtual machine in the source site. If both source and target hosts have same VLAN ID, it can result in an IP conflict.
If you start the failover rehearsal operation without configuring the virtual switch and VLAN settings, the KSYS subsystem displays a warning message to indicate that virtual switch and VLAN settings are not configured and prompts whether you want to proceed with the failover rehearsal operation.

A VLAN ID from the source site must be mapped to a single VLAN ID in the target site. Similarly, a VLAN ID from the target site must be mapped to a single VLAN ID in the source site. A virtual switch from the source site must be mapped to a single virtual switch in the target site. Similarly, a virtual switch from the target site must be mapped to a single virtual switch in the source site. In case of VLAN, the ID of the VLAN must be used in the configuration. In case of virtual switch, the name of the virtual switch must be used in the configuration.

The following figure shows an example of virtual switch mapping policy configuration:
Figure 2. Example of virtual switch mapping policy configuration
Virtual switch mapping policy configuration

System-level network mapping policy

To enable the network mapping policy and to create network mapping policy for all hosts and host groups across the active site and the backup site, enter the following command in the KSYS LPAR:
ksysmgr modify system network_mapping=<enable | disable>
network=<vlanmap | vswitchmap> sites=<siteA,siteB>
       siteA=<#,[#,...]> siteB=<#,[#,...]>]
For example:
ksysmgr modify system network_mapping=enable network=vlanmap sites=siteA,siteB
   siteA=1,12,13,5 
   siteB=1,22,23,5

Site-level network mapping policy

To enable the network mapping policy and to create network mapping policy for all hosts and host groups in a specific site, enter the following command in the KSYS LPAR:
ksysmgr modify site <sitename[,sitename2,...]> | file=<filepath>
[network=<vlanmap | vswitchmap>  backupsite=siteB
  sitename=<#[,#,...] || all> siteB=<#[,#,...] || all> [dr_test=<yes|no>]
For example:
ksysmgr modify site site1 network=vlanmap backupsite=site2 
  site1=1,2,3 site2=4,5,6 dr_test=yes

Host-group level network mapping policy

To create a mapping policy of VLAN ID or virtual switches for all the hosts in a host group across sites, enter the following command in the KSYS LPAR: 
ksysmgr modify host_group <name> options
      network=<vlanmap | vswitchmap>  sites=<siteA,siteB>
       siteA=<#,[#,...]> siteB=<#,[#,...]>
For example:
ksysmgr modify host_group HG1 options
     network=vswitchmap sites=site1,site2
     site1=vswitch1,vswitch2
     site2=vswitch2,vswitch1

Host-level network mapping policy

To create a VLAN ID mapping policy for all virtual machines in a host across sites, enter the following command in the KSYS LPAR:
ksysmgr modify host <hostname[,hostname2,...]> | file=<filepath>
     network=<vlanmap | vswitchmap>  sites=<siteA,siteB>
       siteA=<#,[#,...]> siteB=<#,[#,...]>
For example:
ksysmgr modify host host_1_2,host_2_2 network=vlanmap sites=Site1,Site2 
   site1=1,12,13,5 
   site2=1,22,23,5

Proactive monitoring for network isolation

Proactive monitoring enables continuous monitoring and reporting of network devices.

  • To add a hostname or IP address to proactive monitoring, run the following command on the KSYS node: 
    ksysmgr modify system [network_isolation=<ip1,ip2,..|ALL> action=<add | delete>]