Make VLAN tagging modular to avoid downtime
The problem and goal:
You have a shared Ethernet adapter (SEA) with VLAN tagging that services mission-critical websites. A new website requires an additional VLAN to be attached to the SEA. Outages are difficult to arrange. You can not use dynamic logical partitioning (DLPAR) to add VLANs to an existing virtual adapter on the SEA, because the adapter is in use as part of the SEA configuration.Frequently used acronyms
- IEEE: Institute of Electrical and Electronics Engineers
- LPAR: Logical partition
- PVID: Port virtual LAN ID
- VLAN: Virtual local area network
The modular approach
In the initial setup of the SEA with VLAN tagging, a virtual Ethernet adapter is required to trunk, or bridge, traffic. This adapter must have the default port virtual LAN ID (PVID) to allow the virtual Ethernet adapter to communicate with other virtual Ethernet adapters that have the same PVID. You can also configure the virtual Ethernet adapter to communicate over multiple VLANs by selecting IEEE 802.1 compatible adapter. (For details on how to set up an SEA, see Resources.)By creating a separate virtual adapter for each additional VLAN, the SEA configuration becomes more modular, allowing you to add single adapters with new VLANs to the SEA. Similarly, when you need to retire a VLAN from the SEA, you can remove its adapter from the SEA's list of virtual adapters. This modular approach saves having to remove and re-create the SEA, which involves an outage.
This modular approach can best be explained by looking at an existing configuration and seeing how it can be improved.
Existing configuration: Multiple VLANs on one adapter
The existing configuration shows that one virtual adapter is used for VLAN tagged packets.
List VLANs on the virtual adapter
You can list the SEA's existing virtual adapters by logging into the virtual I/O (VIO) server as padmin and running the
lsdev command for the
SEA. The example in Listing 1 below includes a list of virtual adapters,
shown as virt_adapters. There is only one adapter in this
list: ent3. As it is the only one, it has also been set as the default adapter (see
pvid_adapter).
Listing 1. List attributes of the SEA
lsdev -dev ent5 -attr attribute value description accounting disabled Enable per-client accounting of network statistics ctl_chan ent4 Control Channel adapter for SEA failover gvrp no Enable GARP VLAN Registration Protocol (GVRP) ha_mode auto High Availability Mode jumbo_frames no Enable Gigabit Ethernet Jumbo Frames large_receive no Enable receive TCP segment aggregation largesend 0 Enable Hardware Transmit TCP Resegmentation netaddr 0 Address to ping pvid 1 PVID to use for the SEA device pvid_adapter ent3 Default virtual adapter to use for non-VLAN-tagged packets qos_mode disabled N/A real_adapter ent2 Physical adapter associated with the SEA thread 1 Thread mode enabled (1) or disabled (0) virt_adapters ent3 List of virtual adapters associated with the SEA (comma separated) |
All VLANs using external access go through ent3. This virtual adapter has been set up with a PVID of 1 and three additional VLANs: 100, 200, and 300. The new website requires VLAN tagging on the SEA using VLAN 400.
Rebuild the virtual adapter and the SEA
The virtual adapter ent3 has additional VLANs 100, 200, and 300 attached to it. You can not add another VLAN (VLAN 400) to that adapter while the adapter is in use as part of the SEA. To add VLAN 400 to the existing adapter would require blocking all traffic through that adapter, removing the SEA, creating a new adapter with all required additional VLANs, and then creating the SEA again.
Modular approach: Separate VLANs, separate adapters
The alternative is to add a new virtual adapter to the VIO server for the new VLAN, and then assign it to the SEA.Create a new virtual adapter for the VIOS LPAR
Using the Hardware Management Console (HMC), you can create a new virtual adapter (ent6) with a throwaway PVID for untagged packets and an additional VLAN of 400. You do so through the HMC using DLPAR and by editing the profile for the VIO server, ready for the next time it is activated via the HMC.Assign a virtual adapter to the SEA
When the new adapter has been created on the VIO server, you need to assign it to the SEA. You do so through the VIO server command line—without removing and recreating the SEA device. You just update the list of virtual adapters that the SEA uses with thechdev command.
Note that the list of virtual adapters replaces the existing list of adapters, so
make sure you include all the adapters you want in the new SEA
configuration, not just the new virtual adapter you have created. The VIO command
used is shown below. The virtual adapters should be in a comma-separated list.
chdev -dev ent5 -virt_adapters ent3,ent6 |
If you are using a dual-VIO server configuration with failover, you must run this command on the SEA on both VIO servers. The device names may be different on the second VIO server.
Once the new adapter is allocated to the active SEA, traffic for VLAN 400 should start going through the SEA.
Three VLANs on one adapter
At this stage, the SEA has two virtual adapters for VLAN tagging. The original adapter (ent3) tags traffic for VLANs 100, 200, and 300, and the new adapter (ent6) handles traffic for VLAN 400. These adapters can be listed via thelsdev
command again, as you can see below in Listing 2.
Listing 2. List attributes of the SEA
lsdev -dev ent5 -attr attribute value description accounting disabled Enable per-client accounting of network statistics ctl_chan ent4 Control Channel adapter for SEA failover gvrp no Enable GARP VLAN Registration Protocol (GVRP) ha_mode auto High Availability Mode jumbo_frames no Enable Gigabit Ethernet Jumbo Frames large_receive no Enable receive TCP segment aggregation largesend 0 Enable Hardware Transmit TCP Resegmentation netaddr 0 Address to ping pvid 1 PVID to use for the SEA device pvid_adapter ent3 Default virtual adapter to use for non-VLAN-tagged packets qos_mode disabled N/A real_adapter ent2 Physical adapter associated with the SEA thread 1 Thread mode enabled (1) or disabled (0) virt_adapters ent3,ent6 List of virtual adapters associated with the SEA (comma separated) |
You can see the VLANs that these adapters use via the
entstat
command for the SEA. The relevant fields are displayed here:
entstat -all ent5 Port VLAN ID: 1 VLAN Tag IDs: 100 200 300 400 |
The PVID is set to 1, which is used for untagged packets. The additional VLANs (100, 200, 300, and 400) are also shown.
Removing a VLAN
If the design of your organization's network needs to change, you may need to remove a VLAN from the SEA. Perhaps that VLAN will be used elsewhere, or maybe it's being phased out. Whatever the reason, how would you go about removing VLAN 200, which is on the adapter servicing two other valid VLANs that need to be kept (100 and 300)? The unfortunate answer is that you would need to remove the SEA and add it again with a new adapter that has only the VLANs you want to use.If each VLAN is on its own separate adapter, you can add or remove any VLAN by changing the list of virtual adapters on the SEA.
Default adapter
One of the virtual adapters must be assigned as the default adapter. It is used for untagged packets. If there is only one virtual adapter, it should be the default adapter. You set the default using thechdev command.
The attribute is called pvid_adapter.
If you want to remove a virtual adapter that is also acting as the default adapter, you must first set a new default adapter using the
chdev
command. With that done, you can remove the obsolete adapter by excluding it
from the list of virtual adapters on the SEA.
Conclusion
By using a separate virtual adapter for each tagged VLAN, it's a minute's work to start additional VLAN traffic to the SEA. Having tagged VLANs on separate adapters is especially helpful if you need to remove a VLAN that is no longer used through the SEA.Source:
IBM Developer works:http://www.ibm.com/developerworks/aix/library/au-managevlans/index.html
No comments:
Post a Comment