Network connections on an M2002 appliance

The appliance has a number of network connections.

The network connections are situated on the front of an M2002 appliance. The location of the network connections is shown in the following illustration.
Figure 1. Network ports on an M2002 appliance
shows the location of the network ports on an M2002 appliance
 1 
Management Ethernet port mgt0
 2 
Management Ethernet port mgt1
 3 
10 Gb ethernet port, eth0
 4 
10 Gb ethernet port, eth1
 5 
40 Gb Ethernet module, eth30
 6 
40 Gb Ethernet module, eth31
 7 
40 Gb Ethernet module, eth32
 8 
40 Gb Ethernet module, eth33
 9 
1 Gb Ethernet module, eth10
 10 
1 Gb Ethernet module, eth11
 11 
1 Gb Ethernet module, eth12
 12 
1 Gb Ethernet module, eth13
 13 
1 Gb Ethernet module, eth17
 14 
1 Gb Ethernet module, eth16
 15 
1 Gb Ethernet module, eth15
 16 
1 Gb Ethernet module, eth14
 17 
10 Gb Ethernet module, eth23
 18 
10 Gb Ethernet module, eth22
 19 
10 Gb Ethernet module, eth21
 20 
10 Gb Ethernet module, eth20

You can configure each of the interfaces when you run the installation wizard for the appliance. Alternatively, you can configure them by using the CLI or the IBM® MQ Appliance web UI (see Configuring the appliance).

Aggregate linking and configuration for VLANs is supported for connections. (VLAN is not supported where the connections are used in a high availability or disaster recovery configuration.)

Each 40 Gb Network module provides a total of 40Gb of bandwidth that is shared between the two physical ports on that module. You can create an aggregate interface using one physical connection to each network module (for example, eth30 and eth32) to boost total bandwidth and the availability characteristics of the link.

IPMI LAN connection

You can use an Intelligent Platform Management Interface (IPMI) connection to interface with the Baseboard Management Controller (BMC) on the appliance. The BMC enables you to power up or power down an appliance remotely (provided that power is available in the rack where the appliance is installed). You can also use IPMI commands to perform other various functions, such as printing sensor data and reading event logs. See https://linux.die.net/man/1/ipmitool for details of IPMI commands.

You can use mgt0 or mgt1 for your IPMI connection. You can dedicate the mgt connection to IPMI, or you can share the mgt connection (for example, with administration interfaces). If you share the connection, IPMI requires the allocation of a second IP address in the same VLAN and subnet as the mgt interface.

Because of the nature of IPMI and the level of control that can be obtained over the IBM MQ Appliance that uses this interface, either connect the mgt port to a secure management network, or do not connect it at all.

Administration

You can administer the appliance by using a command line interface (connecting via SSH) or a web user interface. You can restrict these interfaces either to mgt0 or mgt1 to create a restricted management network.

High availability

If you are implementing a high availability (HA) configuration, note that the following connections are dedicated to HA:
Ideally, you should have a dedicated subnet for each of the HA interfaces. The following table shows a set up for two appliances in an HA configuration, named quirinus and romulus, using IPv4 addresses and Class C private networks for each connection:
Table 1. Example HA configuration
Interface quirinus romulus
eth13 192.168.13.149 192.168.13.150
eth17 192.168.17.149 192.168.17.150
eth21 192.168.21.149 192.168.21.150

Disaster recovery

If you are implementing a disaster recovery (DR) configuration, note that eth20 is dedicated to replication for DR (advanced users can define a different interface for replication, if required, see Configuring custom DR replication interfaces). The eth20 interface on each appliance in the DR configuration can be in a different subnet, although the subnets should be dedicated to DR replication.

Disaster recovery on high availability systems

If you are implementing DR on an HA system, then eth20 is used for DR replication by both HA appliances, and the recovery appliance (advanced users can define a different interface for replication, if required, see Configuring custom DR replication interfaces).

  • The IP addresses used for the two HA appliances should belong to the same dedicated subnet.
  • The appliance at the recovery site does not need to belong to the same subnet, but must be able to reach it.
  • The two HA appliances can share a floating IP address for eth20 (in addition to each having a static IP address defined for eth20). The floating IP is then used for replication with the recovery appliance by whichever appliance is running the queue manager being replicated (that is, the primary appliance for the queue manager).
  • You do not have to physically configure the floating IP. You specify it as an argument when you configure disaster recovery for an HA pair (see Configuring disaster recovery for a high availability queue manager by using the command line). Choose an unallocated IP address on the same subnet as the two static IP addresses.

You can also configure disaster recovery between two pairs of HA appliances. See Example network set up for HA/DR configuration with two HA groups for an example of this configuration.

Naming interfaces

The IBM MQ Appliance enables you to specify a host alias for a specific IP address that is assigned to a network interface. You can use this alias to reference the interface, rather than explicitly using the IP address. Using aliases makes it easier to copy a configuration to another appliance, or migrate between environments, without making extensive changes to accommodate different IP addresses.

For example, the following table shows interfaces that are defined and host aliases allocated. In this example, the data connection has the host alias data-int; you can use this host alias in IBM MQ commands instead of explicitly referencing the IP address 10.61.121.5. The following example shows the command that is used to create a listener and bind it to the data interface:

define listener(CHA2L) trptype(TCP) control(QMGR) IPADDR(data-int)
If you then start the listener and display the status, you can see that data-int was resolved to IP address 10.61.121.5:

start listener(CHA2L)
display lsstatus(CHA2L)
AMQ8631: Display listener status details.
   LISTENER(CHA2L)                         STATUS(RUNNING)
   PID(43918)                              STARTDA(2016-05-04)
   STARTTI(09.31.56)                       DESCR( )
   TRPTYPE(TCP)                            CONTROL(QMGR)
   IPADDR(10.61.121.5)                     PORT(1414)
   BACKLOG(100)

For more information about defining host aliases, see Host Alias commands.

Table 2.
Interface IP address Comment Host alias
eth10 10.61.121.5/24 Used for IBM MQ data data-int: 10.61.121.5
eth11 10.161.121.5/25 Used for monitoring log-int: 10.161.121.5
eth13 192.168.121.5/29 Used for HA Primary hap-int: 192.168.121.5
eth17 192.168.122.5/29 Used for HA Secondary has-int: 192.168.122.5
eth21 192.168.123.5/29 Used for replication har-int: 192.168.123.5

Data connections

You must configure one or more Ethernet connections for the IBM MQ data handled by the appliance. You can use link aggregation to improve the resilience and bandwidth of your data connection.

The M2002 appliance has four 10 Gb connections (eth0, eth1, eth22, eth23) and four 40 Gb connections (eth30, eth31, eth32, eth33) that are not by default used for HA or DR.

Example

The following table shows the network configuration of an example appliance. The appliance is part of an HA group, and also supports disaster recovery for queue managers. IBM MQ data is carried on link aggregated 10 Gb connections, logging data is sent to link aggregated 1 Gb connections. In this example, custom 40 Gb interfaces have been used for HA replication, and DR replication in place of the default eth20 and eth21 replication interfaces. A separate interface (aggregated for availability) is reserved for monitoring data such as writing to syslog targets, or SNMP infrastructure.

Table 3. Example network configuration for M2002 appliance
Interface Used for
mgt0 Web UI and IPMI
mgt1 Command line access (SSH)
eth0 Not used
eth1 Not used
eth10 Not used
eth11 Not used
eth12 Link aggregated 1 Gb interface for monitoring
eth13 HA primary group interface
eth14 Not used
eth15 Not used
eth16 Link aggregated 1 Gb interface for monitoring
eth17 HA group alternative interface
eth20 not used
eth21 not used
eth22 Link aggregated 10 Gb data interface
eth23 Link aggregated 10 Gb data interface
eth30 Aggregated with eth32 for custom HA replication
eth31 Aggregated with eth33 for custom DR replication
eth32 see eth30
eth33 see eth31