Saturday, May 15, 2010

Shared Ethernet Adapter Redundancy

Shared Ethernet adapter: It can be used to connect a physical network to a virtual Ethernet network. Several client partitions to share one physical adapter.

Shared Ethernet Redundancy: This is for temporary failure of communication with external networks. Approaches to achieve continuous availability:

  • Shared Ethernet adapter failover
  • Network interface backup

Shared Ethernet adapter failover: It offers Ethernet redundancy. In a SEA failover configuration 2 VIO servers have the bridging functionality of the SEA. They use a control channel to determine which of them is supplying the Ethernet service to the client. The client partition gets one virtual Ethernet adapter bridged by 2 VIO servers.

Requirements for configuring SEA failover:

  • One SEA on one VIOs acts as the primary adapter and the second SEA on the second VIOs acts as a backup adapter.
  • Each SEA must have at least one virtual Ethernet adapter with the “access external network flag(trunk flag) checked. This enables the SEA to provide bridging functionality between the 2 VIO servers.
  • This adapter on both the SEA’s has the same pvid
  • Priority value defines which of the 2 SEA’s will be the primary and which is the secondary. An adapter with priority 1 will have the highest priority.

Procedure for configuring SEA failover:

  • Configure a virtual Ethernet adapter via DLPAR. (ent2)
    • Select the VIOàClick task buttonàchoose DLPARàvirtual adapters
    • Click actionsàCreateàEthernet adapter
    • Enter Slot number for the virtual Ethernet adapter into adapter ID
    • Enter the Port virtual Lan ID(PVID). The PVID allows the virtual Ethernet adapter to communicate with other virtual Ethernet adapters that have the same PVID.
    • Select IEEE 802.1
    • Check the box “access external network”
    • Give the virtual adapter a low trunk priority
    • Click OK.
  • Create another virtual adapter to be used as a control channel on VIOS1.( give another VLAN ID, do not check the box “access external network” (ent3)
  • Create SEA on VIO1 with failover attribute. ( mkvdev –sea ent0 –vadapter ent2 –default ent2 –defaultid 1 –attr ha_mode=auto ctl_chan=ent3. Ex: ent4
  • Create VLAN Ethernet adapter on the SEA to communicate to the external VLAN tagged network ( mkvdev –vlan ent4 –tagid 222) Ex:ent5
  • Assign an IP address to SEA VLAN adapter on VIOS1. using mktcpip
  • Same steps to VIO2 also. ( give the higher trunk priority:2)

VIO Backup

Backup:

Create a mksysb file of the system on a nfs mount: backupios –file /mnt/vios.mksysb –mksysb

Create a backup of all structures of VGs and/or storage pools: savevgstruct vdiskvg ( data will be stored to /home/ios/vgbackups)

List all backups made with savevgstruct: restorevgstruct –ls

Backup the system to a NFS mounted file system: backupios –file /mnt

Link Aggregation

Link aggregation means you can give one IP address to two network cards and connect to two different switches for redundancy purpose. One network card will be active on one time.

Devices à communication à Etherchannel/IEEE 802.3 ad Link Aggregation à Add an etherchannel / Link aggregation

Select ent0 and mode 8023ad

Select backup adapter as redundancy ex: ent1

Automatically virtual adapter will be created named ent2.

Then put IP address : smitty tcpip à Minimum configuration and startup à select ent2 à Put IP address

Friday, May 14, 2010

VIOs Security:


VIO Security

Enable basic firewall settings: viosecure -firewall on

view all open ports on firewall configuration: viosecure –firewall view

To view current security settings: viosecure –view nonint

Change system security settings to default: viosecure –level default

List all failed logins : lsfailedlogin

Dump the global command log: lsgcl

Network interface backup

NIB(Network Interface Backup)

NIB can be used to provide redundant access to external networks when 2 VIO servers used.

Configuring NIB:

  • Create 2 VIO server partitions
  • Install both VIO servers
  • Configure each VIO server with one virtual Ethernet adapter. Each VIO server needs to be a different VLAN.
  • Define SEA with the correct VLAN ID
  • Add virtual Scsi adapters
  • Create client partitions
  • Define the ether channel using smitty etherchannel

Hi

Hi,

This is Prasad Banisetti. Now onwards i will post an important useful AIX topics.

Thank You
Prasad Banisetti