>Is there some way to define virtual hipersockets without real addresses?
That is exactly what a TYPE HIPER guest LAN is. > What can we do? I can't setup a Guest lan, because i need all of my guests to talk to z/OS > since we have an LDAP server we authenticat to over on that side. Not true (unless there's some policy restriction in your organization that we don't know about). Look at it at as a logical network connectivity problem. You need each guest to have IP connectivity to z/OS to reach your LDAP server. That does *not* imply that you must have a direct connection between each guest to a physical hipersocket to the z/OS system. You need the ability for packets to flow between the guest LAN on the VM side through the hipersocket to the z/OS system. This needs a layer 2 or 3 frame or packet forwarding capability -- something needs to copy the packets between the LAN segments (in the external networking sense, this would be a switch or router). The problem is how to set up that capability. That's the gist of the suggestion that Adam and I made -- you can connect each guest to a guest LAN and use a single guest as a bridge between the guest LAN and the physical hipersocket going to the z/OS LPAR. You get exactly the same effect as connecting multiple LAN segments to a router managing a WAN link -- just as you wouldn't attach a physical WAN link to every possible remote service from every possible guest, the same concept applies here. If you drew this picture to your networking group (treating the physical hipersocket as the "wan link" in this picture, either VM TCPIP or a Linux system as "router1" and z/OS TCPIP as "router2"): linux machine --- lan segment --- router1 --- wan link --- router2 --- LDAP server on z/OS they'll nod and say "yes, that's what we're trying to do". Translating it into 390 terms, it looks like: linux machine --- guest lan --- linux router/bridge or VM TCPIP -- physical hipersocket -- z/OS TCPIP --- LDAP server on z/OS This layout requires zero IOCP or OSA changes to add or delete a Linux guest, you can support multiple guest LANs on the VM side, and do "safety" firewalling on the Linux side as a freebie. If you need to, add additional router/bridge machines, costing you one connection set on the physical hipersocket per router/bridge machine rather than dozens. It costs you 390 cycles to do the routing function, but it scales far better than either shared OSA or trying to configure direct connection to a physical hipersocket for each guest. Another option would be to use the IEEE VLAN support to pipe the traffic between LPARs out to a real switch and router and back in, but that wastes a lot of bandwidth and opens up some issues about sniffing. -- db ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
