Re: OSA configurations

Thu, 07 Dec 2006 05:40:36 -0800 

My plan is to have separate VSWITCHes for each type of network (trusted,
private and public).  All three will be defined on the first level system.
Each VSWITCH will have their own TCPIP stack.  The applications (webservers)
have the TCPIP stack to be used in their configuration files...

The guest systems will also have 3 tcpip stacks.  The applications within
those guests will utilize the TCPIP stack that is appropriate.  Each guest
system will have the following for each network type.
     NICDEF aaa TYPE QDIO DEVICES 3 LAN SYSTEM xxxxxxx1
     NICDEF bbb TYPE QDIO DEVICES 3 LAN SYSTEM xxxxxxx2
     NICDEF ccc TYPE QDIO DEVICES 3 LAN SYSTEM xxxxxxx3  
Your statement "Do not casually connect a single guest to multiple VLANs."
means this should not be done?  

Presently I am testing the isolation of the 3 VSWITCHES on my production
system using trusted IP addresses.  That test will also be done on each of
the guest systems.  Once the isolation tests are completed, the network will
be reconfigured to permit the 3 types of networks traffic to the mainframe.

Presently my definition for the VSWITCH is:
'CP DEFINE VSWITCH xxxxx01 ',       
          'RDEV 503 603 ',          
          'CONNECT ',               
          'QUEUESTORAGE 8M ',       
          'CONTROLLER xxxxxx11 ',   
          'IP ',                    
          'IPTIMEOUT 5 ',           
          'NONROUTER ',             
          'VLAN UNAWARE ',          
          'PORTNAME OSAxxx1 OSAxxx2'

Once the network group changes the network topology, the definition for the
VSWITCH will need to change to "VLAN AWARE"?  Are there other defintions
that will need to be changed?

Thank you.

Cecelia Dusha

-----Original Message-----
From: Alan Altmark [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 06, 2006 2:13 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: OSA configurations

On Wednesday, 12/06/2006 at 05:41 GMT, "Dusha, Cecelia Ms. WHS/ITMD" 
<[EMAIL PROTECTED]> wrote:
> How do I set up a port as a trunk port?  Reference materials are 
> greatly appreciated.

Physical port setup is handled by your network people.  "Do not try this at
home."

A few things to remember:
- Every VLAN represents a unique subnet
- Routing between the subnets is controlled by your external switch/router.
- Do not casually connect a single guest to multiple VLANs.  This is where
you can easily introduce security problems.
- If you use the VSWITCH, you don't have to configure each guest to be
VLAN-aware.  CP will hide it.  When you authorize a guest to a VSWITCH, you
can set his VLAN ID.  This is just like access ("regular") ports on the
physical switch.  They are typically assigned to a VLAN - you just don't
know it and don't care, a.k.a. "the miracle in step 2".

Alan Altmark
z/VM Development
IBM Endicott

Reply via email to