IBM Support

How to Setup SEA Failover on DUAL VIO servers with VLAN Tagged Ethernet Adapters

Question & Answer


Question

How do I setup SEA failover on DUAL VIO servers (VIOS) with VLAN Tagging? This document describes some general concepts related to Shared Ethernet Adapter (SEA) and the procedure to configure SEA Failover with VLAN Tagged virtual ethernet adapters.

Cause

I cannot communicate to my VLAN Tagged network from my Shared Ethernet Adapter or my AIX client LPAR.

Answer

Note: The procedure described in this document is the most commonly used of several options.

Shared Ethernet Adapter

    A Shared Ethernet Adapter can be used to connect a physical network to a virtual Ethernet network. It provides the ability for several client partitions to share one physical adapter. SEA can only be configured on the Virtual I/O server (VIOS) and requires the POWER Hypervisor and Advanced POWER Virtualization feature. The SEA, hosted on the Virtual I/O server, acts as a Layer-2 bridge between the internal and external network.

Restrictions with Configuring SEA Failover
    • SEA failover can only be hosted on the VIOS and not on the client partition.
    • The VIOS running Integrated Virtualization Manager (IVM) cannot implement SEA Failover because only one single VIOS can be configured on the P5/P6 with IVM.

Requirements for Configuring SEA Failover
    • One SEA on one VIOS acts as the primary (active) adapter and the second SEA on the second VIOS acts as a backup (standby) adapter.
    • Each SEA must have at least one virtual Ethernet adapter with the “Access external network” flag (previously known as “trunk” flag) checked. This enables the SEA to provide bridging functionality between the two VIO servers.
    • This adapter on both the SEAs has the same PVID, but will have a different priority value.
    • A SEA in ha_mode (Failover mode) might have more than one trunk adapters, in which case all should have the same priority value.
    • The priority value defines which of the two SEAs will be the primary and which will be the backup. The lower the priority value, the higher the priority, e.g. an adapter with priority 1 will have the highest priority.
    • An additional virtual Ethernet adapter , which belongs to a unique VLAN on the system, is used to create the control channel between the SEAs, and must be specified in each SEA when configured in ha_mode.
    • The purpose of this control channel is to communicate between the two SEA adapters to determine when a fail over should take place.

NOTE: If the SEA Failover will be using Etherchannel as the physical device, configure the switch ports for etherchannel PRIOR to configuring the Etherchannel device on the VIO server. Failure to follow this sequence may result in a network storm.

Requirements for Configuring SEA Failover with VLAN Tagging
    • The enterprise security policy recognizes IEEE 802.1Q VLAN tagging.

    • The IEEE 802.1Q VLAN tagging is implemented in the PowerVM hypervisor firmware. The Virtual I/O Server is able to have up to 21 VLANs per Shared Ethernet Adapter, but in order to use these, the physical network port must support the same number of VLANs. The physical VLAN policy within the enterprise will therefore determine the virtual VLAN policy.
    • The enterprise security policy allows a network switch to have multiple VLANs.
    • The enterprise security policy allows multiple VLANs to share a network
      switch (non-physical security). If it is a security requirement that a network
      switch only have one VLAN, every VLAN will require a separate Shared
      Ethernet Adapter or Virtual I/O Server. If you just make a separate Virtual I/O Server in a managed system, the hypervisor firmware will act like one switch with multiple VLANs, which in this case, is not allowed by the security policy outside the Virtual I/O Server.

VIO SERVER PROCEDURE:
1. Create a virtual adapter to be used in the SEA adapter on VIOS1. EX: (ent2).

    To configure a virtual Ethernet adapter via Dynamic Logical Partition (DLPAR) for a running logical partition using HMC, follow these steps:
    Note: a DLPAR operation requires the partition to be on the network.

      1
      . In the navigation panel, open Systems Management, open Servers, and click on the managed system on which the logical partition is located.

      2. In the contents panel, select the VIOS on which you want to configure the virtual Ethernet adapter, click on the Tasks button -> choose Dynamic Logical Partitioning -> Virtual Adapters.

      3. Click Actions -> Create -> Ethernet Adapter.

      4. Enter the slot number for the virtual Ethernet adapter into Adapter ID.

      5. Enter the Port Virtual LAN ID (PVID) for the virtual Ethernet adapter into VLAN ID. The PVID allows the virtual Ethernet adapter to communicate with other virtual Ethernet adapters that have the same PVID.
      Note: Give the virtual adapter a unique VLAN ID (PVID): "1"

      6. Select IEEE 802.1 compatible adapter if you want to configure the virtual Ethernet adapter to communicate over multiple virtual LANs such as VLAN Tagged networks. Enter all VLAN Tags that your SEA or client LPARs will be using to communicate to the external network. If you leave this option unchecked and you want this partition to connect to multiple virtual networks, then you must create multiple virtual adapters by creating additional virtual LAN IDs.

      7. Check the box "access external network".

      8. Give the virtual adapter a low trunk priority. EX: "1"

      9. Click OK.

      NOTE: After you have finished, access any existing partition profiles for the logical partition and add the virtual Ethernet adapters to those partitions profiles. The virtual Ethernet adapter will be lost if you shut down the logical partition and activate that logical partition using a partition profile that does not have the virtual Ethernet adapter in it.

2. Create another virtual adapter to be used as a Control Channel on VIOS1. EX: (ent3)
    a. Give this new virtual adapter another unique VLAN ID (PVID) EX: "99"
    b
    . Do NOT check the box "access external network".
    c
    . Shutdown, Activate VIOS1 or run cfgdev from VIOS command line if created with DLPAR.

3
. Create SEA on VIO server 1 with failover attribute:
    $ mkvdev -sea ent0 -vadapter ent2 -default ent2 -defaultid 1 -attr ha_mode=auto ctl_chan=ent3
    $ ent4 available

    Note: The defaultid value of the SEA should be the Port VLAN ID (PVID) of the default trunk adapter if there are more than one trunk adapters configured in the SEA.

4
. Create a VLAN Ethernet adapter on the SEA to communicate to the external VLAN Tagged network. EX: (ent4)
    $ mkdev -vlan ent4 -tagid 222
    $ ent5 available

5
. Assign an ip address to SEA VLAN adapter on VIOS1:
    $ mktcpip -hostname vio1 -interface en5 -inetaddr 9.3.5.136 -netmask 255.255.255.0 -gateway 9.3.5.41 -nsrvaddr 9.3.4.2 -nsrvdomain itsc.austin.ibm.com -start

6
. Create a virtual adapter to be used in the SEA adapter on VIOS2. EX: (ent2)
    a. Give the virtual adapter the same VLAN ID (PVID) as VIOS1. EX: "1" .
    b
    . Check the box "access external network".
    c
    . Give the virtual adapter a higher trunk priority. EX: "2"
    d
    . Select IEEE 802.1 compatible adapter if you want to configure the virtual Ethernet adapter to communicate over multiple virtual LANs such as VLAN Tagged networks. Enter all VLAN Tags that your SEA or client LPARs will be using to communicate to the external network. If you leave this option unchecked and you want this partition to connect to multiple virtual networks, then you must create multiple virtual adapters by creating additional virtual LAN IDs.

7
. Create another virtual adapter to be used as a Control Channel on VIOS2. EX: (ent3):
    a. Give this new virtual adapter the same unique VLAN ID (PVID) as the control channel on VIOS1. EX: "99"
    b
    . Do NOT check the box "access external network".
    c
    . Shutdown, Activate VIOS2 or run cfgdev from VIOS command line if created with DLPAR.

8
. (Optional) Create SEA on VIOS2 with failover attribute:
    $ mkvdev -sea ent0 -vadapter ent2 -default ent2 -defaultid 1 -attr ha_mode=auto ctl_chan=ent3
    $ ent4 available
9. Create a VLAN Ethernet adapter on the SEA to communicate to the external VLAN Tagged network.
    $ mkdev -vlan ent4 -tagid 222
    $ ent5 available
10. Assign an ip address to SEA VLAN adapter on VIOS2:
    $ mktcpip -hostname vio2 -interface en5 -inetaddr 9.3.5.137 -netmask 255.255.255.0 -gateway 9.3.5.41 -nsrvaddr 9.3.4.2 -nsrvdomain itsc.austin.ibm.com -start

CLIENT LPAR PROCEDURE:

1. Create a virtual adapter to be used on the client LPAR. EX: (ent0). To configure a virtual Ethernet adapter via Dynamic Logical Partition (DLPAR) for a running logical partition using HMC, follow these steps:

Note: a DLPAR operation requires the partition to be on the network.

    1
    . In the navigation panel, open Systems Management, open Servers, and click on the managed system on which the logical partition is located.

    2. In the contents panel, select the client LPAR on which you want to configure the virtual Ethernet adapter, click on the Tasks button -> choose Dynamic Logical Partitioning -> Virtual Adapters.

    3. Click Actions -> Create -> Ethernet Adapter.

    4. Enter the slot number for the virtual Ethernet adapter into Adapter ID.

    5. Enter the Port Virtual LAN ID (PVID) for the virtual Ethernet adapter into VLAN ID. The PVID allows the virtual Ethernet adapter to communicate with other virtual Ethernet adapters that have the same PVID.
    Note: Give the virtual adapter the same VLAN ID (PVID) of the SEA failover: "1"

    6. Select IEEE 802.1 compatible adapter if you want to configure the virtual Ethernet adapter to communicate over multiple virtual LANs such as VLAN Tagged networks. Enter all VLAN Tags that your client LPARs will be using to communicate to the external network. If you leave this option unchecked and you want this partition to connect to multiple virtual networks, then you must create multiple virtual adapters by creating additional virtual LAN IDs.

    7. DO NOT check the box "access external network".

    8. Give the virtual adapter a trunk priority of "1".

    9. Click OK.

    NOTE: After you have finished, access any existing partition profiles for the logical partition and add the virtual Ethernet adapters to those partitions profiles. The virtual Ethernet adapter will be lost if you shut down the logical partition and activate that logical partition using a partition profile that does not have the virtual Ethernet adapter in it.

2. Create a VLAN Ethernet adapter to communicate to the external VLAN Tagged network. EX: (ent1)
    # smitty vlan
    Add a VLAN
    Select ent0
    Specify VLAN ID 222 (same as SEA failover)
    Press Enter
    # ent1 available

3. Add the TCPIP address information to the new VLAN adapter using 'smitty tcpip':
    # smitty mktcpip
    Select en1
    Enter HOSTNAME, Internet ADDRESS,Network MASK,NAMESERVER,Default Gateway,START TCP/IP daemons Now = yes
    Press Enter.

[{"Product":{"code":"SSPHKW","label":"PowerVM Virtual I\/O Server"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"--","Platform":[{"code":"","label":"Other"}],"Version":"2.2.5;2.2.4;2.2.3;2.2.2;2.2.1;2.2.0","Edition":"Advanced;Enterprise;Standard","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
19 February 2022

UID

isg3T1011897