Virtual Switch

The virtual switch is a guest LAN technology that bridges real hardware and virtual networking LANs, which offers external LAN connectivity to the guest LAN environment. Start of changeThe virtual switch operates with virtual adapters, which can be OSA-Express simulation (QDIO) or Network Express simulation (EQDIO).End of change

Start of changeLAN (Uplink port) connectivity is available through OSA adapters in QDIO mode (OSA-Express; CHPID type OSD) and EQDIO mode (Network Express; CHPID type OSH). Start of changeThe virtual switch supports the transport of either IP packets or Ethernet frames in QDIO mode but only Ethernet frames in EQDIO modeEnd of changeEnd of change

By default, the virtual switch operates in IP mode. Each guest is identified by one or more IP addresses for the delivery of IP packets. Data is transported within IP packets, and therefore the virtual switch in IP mode supports only IP based application communications. All traffic destined for the physical portion of the LAN segment is encapsulated into an Ethernet frame with the Start of changeOSA adapter'sEnd of change MAC as the source MAC address. On inbound, the Start of changeOSA adapterEnd of change strips the Ethernet frame and forwards the IP packet to the virtual switch for delivery to the guest by the destination IP address within the IP packet.

When operating in Ethernet mode, the virtual switch uses each guest's unique MAC address to forward frames. Data is transported and delivered within Ethernet frames, providing the ability to transport both IP and non-IP base application data through the fabric that the virtual switch supports. Through the ARP processing of each guest, the guest's MAC address becomes known (cached) by hosts residing on the physical side of the LAN segment. The generation and assignment of the locally defined MAC address is performed by z/VM® under the direct management control of the LAN administrator. Each outbound or inbound frame through the Start of changeOSA adapterEnd of change switch trunk connection is an Ethernet frame with the guest's MAC address as the source or destination MAC address.

The virtual switch that is configured in Ethernet mode supports the aggregation of multiple Start of changeOSA adaptersEnd of change for external LAN connectivity. By supporting the IEEE 802.3ad Link Aggregation protocols and mechanisms, the aggregation of individual physical links (adapters) makes this collection or group appear as one large link. The deployment of this type of configuration increases the virtual switch bandwidth and provides near seamless failover in the event that a port becomes unavailable. This support provides the ability to aggregate physical Start of changeOSA adapters.End of change The ability also exists to configure multiple virtual switches to the same LAG by sharing the Start of changeOSA adaptersEnd of change that comprise the Link Aggregation port group. The aggregation of simulated guest NIC ports is not supported (simulated NICs are those defined with the DEFINE NIC command). For more information of z/VM VSwitch support of Link Aggregation see Virtual Switch Link Aggregation.

A system administrator has the option to manage a VSwitch by a user strategy, by a port strategy or by using a combination of the two methods. For user management strategy virtual switch, authorization and configuration will be on a user ID basis via the SET VSWITCH GRANT and REVOKE commands. All connections for a particular user have the same attributes (port type, promiscuous, VLAN id, etc). For port management strategy, authorization and configuration is on a port basis. Each port must be defined and configured with the SET VSWITCH PORTNUMBER command or NICDEF directory statement. Connectivity to a specific port number can be specified on the COUPLE command. A guest can have multiple unique ports connected to the same virtual switch. Each port has it own attributes.

The virtual switch coupled with the Start of changeOSA adapterEnd of change provides a very powerful, flexible, and robust virtualization model. Data is transferred between guest ports of the virtual switch and between sharing partitions of the same Start of changeOSA adapterEnd of change without having to leave the box. For installations that have security policies that require that access to the guest ports of the virtual switch be controlled, the deployment of the virtual switch port isolation facility is required. This facility actually isolates all guest port communications and also isolates the virtual switch Start of changeconnectionEnd of change from all other sharing hosts/LPARs on the Start of changeOSA adapterEnd of change or port. An external router configured as a firewall can be deployed to control access between the virtual switch guest ports themselves and between a guest port and any hosts (LPARs) that share the same Start of changeOSAEnd of change port.

The virtual switch HiperSockets Bridge Port supports QDIO (OSD) type simulated LANs. Through the configuration of a HiperSockets Bridge Port on the virtual switch, this bridging is extended to the HiperSockets channel LAN (CHPID) as well. A HiperSockets Bridge Port provides a layer 2 Bridge for bridge capable ports connected to a HiperSockets LAN through the virtual switch to an external network LAN over its Start of changeOSAEnd of change Uplink port. This configuration places all LAN endpoints on the same flat layer 2 broadcast domain. This bridging capability allows a virtual machine with a single HiperSockets connection, connectivity to destinations that reside on the HiperSockets network, as well as simulated NIC devices coupled to the virtual switch and more importantly external destination located on the physical network.