Example: Open vSwitch with Network Express

Edit online

Starting with IBM® z17 ™ and IBM LinuxONE 5, virtual switches can be based on the Network Express adapter.

Network Express can run two modes: Hybrid mode (function type NETH) and direct mode (function type NETD). Virtual switches can be based on either of these two modes. This chapter explores the possibilities of a virtual function (VF) or physical function (PF) working as an uplink network device with Open vSwitch bridges.

NETH

NETH devices enable to run promiscuous mode.

To set up a Linux bridge or Open vSwitch, the virtual function (VF) that underlies the NETH device must be allowed to enter promiscuous mode by the administrator. This is accomplished by setting bit 0 in FIDPARM in the IOCDS. For example: FIDPARM = 0x01. More information can be found in the chapter Configuring FIDPARM to support promiscuous mode on a VF.

Open vSwitch automatically sets all attached network devices into promiscuous mode. The ip -d link can be used to verify if the VF network device runs in promiscuous mode.

NETD

With NETD, the LPAR has full controll over the network interface controller. The controller is initially visible as a physical function (PF). A Linux bridge or Open vSwitch can be attached to a PF network device with no extra setup necessary, because the PF supports promiscuous mode by default.

Additionally, the controller can be programmed to create multiple virtual functions (VFs). A Linux bridge or Open vSwitch can be attached to a VF network device, but the VF does not support promiscuous mode by default and requires additional setup steps. The following example shows how to create and configure a VF (VF 0) to support promiscuous mode with the network interface controller (PF=ens96f0np0):
PF=ens96f0np0
# create 1 VF (VF 0)
echo 1 > /sys/class/net/$PF/device/sriov_numvfs
# configure the VF 0 to allow promiscuous mode
ip link set $PF vf 0 trust on

About this task

This example creates a virtual switch vs_net0 with one NETH network device ens68 and one NETD network device ens112f1np1.
Figure 1. Virtual switch example

This graphic shows a virtual switch with NETH/NETD network devices

Procedure

  1. Make sure that the network devices are configured to support promiscuous mode.
  2. Create the virtual switch.
    # ovs-vsctl add-br vs_net0
# ovs-vsctl show
3935bfec-241e-4610-a555-9e6f60987f87
    Bridge "vs_net0"
        Port "vs_net0"
            Interface "vs_net0"
                type: internal
    ovs_version: ...
  3. Create an uplink port.
    # ovs-vsctl add-bond vs_net0 vsbond0 ens68 ens112f1np1
# ovs-vsctl show
...
   Bridge "vs_net0"
        Port "vsbond0"
            Interface "ens68"
            Interface "ens112f1np1"
        Port "vs_net0"
            Interface "vs_net0"
                type: internal
...
  4. Restart Open vSwitch for the configuration changes to take effect.
    #systemctl restart openvswitch
  5. Verify that the virtual switch automatically set the network devices to promiscuous mode. 
    # ip -d link
    If the output displays promiscuity 1, the device has been successfully switched to the promiscuous mode.