Re: Supporting Dot.1q trunk in z/Linux
Thanks Mary! Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Marcy Cortes Sent: Sunday, March 27, 2011 1:22 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux Marcy :) Your using a trunk port requires the vswitch to vlan tag the stuff sent over it. So say you have default vlan of 100 on the vswitch going out over it and your vswitch has that defined as the default. Then if the IP x.x.x.x is on vlan 100 then you don't need a vlan on the grant. If the IP x.x.y.x is on vlan 200 then you will need a VLAN parm on the vswitch grant. Like set vswitch vswitch1 grant Linux8 vlan 200. I kind of feel it's safer to always put a vlan number on any grant on a vswitch using a trunk port. Symptoms of getting it wrong will be no packets going anywhere on a 'q vswitch details Marcy -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Saturday, March 26, 2011 10:06 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Supporting Dot.1q trunk in z/Linux Mary, What would be the LAN name on the GRANT? And is the GRANT the place I would need to specify LAN parameter? Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Marcy Cortes Sent: Saturday, March 26, 2011 10:34 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux Right, your vswitch and nicdef statements don't change.You may have to put a vlan on your SET VSWITCH GRANT statements. Marcy -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Thursday, March 24, 2011 8:05 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Supporting Dot.1q trunk in z/Linux Thanks Alan, this is what I was looking for. So the Vswitch and the NIC def for the guest does not change correct? It appears that the only thing that changes is at the switch level where it becomes a Trunk connection correct? Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Alan Altmark Sent: Thursday, March 24, 2011 3:29 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux On Thursday, 03/24/2011 at 01:01 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: So my question is from my z/Linux side what changes to I need to make and where are these changes reflected In my setup on the z/Linux. Just so you know my z/VM TCP/IP stack is not really being used for the z/Linux guests that is being done within z/Linux in my case RHEL 5.2 You will make NO changes to your Linuxes. Those on existing subnet A will remain there and be on VLAN A. New ones on Subnet B will be assigned to VLAN B. When a Linux on A and one on B want to talk to each other, the traffic will flow into the VSWITCH, down the OSA, out of the box, into the router, and back. This may generate a requirement to reassign IP addrs so that those two servers are placed in the same subnet, with no need for traffic to flow out of the box. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
Re: Supporting Dot.1q trunk in z/Linux
On Friday, 03/25/2011 at 11:35 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: Thanks Alan, this is what I was looking for. So the Vswitch and the NIC def for the guest does not change correct? It appears that the only thing that changes is at the switch level where it becomes a Trunk connection correct? 1. The switch port will be reconfigured as a trunk 2. The port will be authorized to one or more VLANs 3. There is a default VLAN id in the switch. 4. You will add a VLAN to every SET VSWITCH GRANT (or authorize in your ESM) So, you will DEFINE VSWITCH VLAN 666 NATIVE nnn SET VSWITCH ... GRANT userid VLAN vvv Where: 666 is some VLAN that is NOT authorized on the trunk. nnn is the default VLAN id of the switch vvv is the VLAN you want the specified guest to use Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
Re: Supporting Dot.1q trunk in z/Linux
Right, your vswitch and nicdef statements don't change.You may have to put a vlan on your SET VSWITCH GRANT statements. Marcy -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Thursday, March 24, 2011 8:05 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Supporting Dot.1q trunk in z/Linux Thanks Alan, this is what I was looking for. So the Vswitch and the NIC def for the guest does not change correct? It appears that the only thing that changes is at the switch level where it becomes a Trunk connection correct? Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Alan Altmark Sent: Thursday, March 24, 2011 3:29 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux On Thursday, 03/24/2011 at 01:01 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: So my question is from my z/Linux side what changes to I need to make and where are these changes reflected In my setup on the z/Linux. Just so you know my z/VM TCP/IP stack is not really being used for the z/Linux guests that is being done within z/Linux in my case RHEL 5.2 You will make NO changes to your Linuxes. Those on existing subnet A will remain there and be on VLAN A. New ones on Subnet B will be assigned to VLAN B. When a Linux on A and one on B want to talk to each other, the traffic will flow into the VSWITCH, down the OSA, out of the box, into the router, and back. This may generate a requirement to reassign IP addrs so that those two servers are placed in the same subnet, with no need for traffic to flow out of the box. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
Re: Supporting Dot.1q trunk in z/Linux
Thanks Mary! Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Marcy Cortes Sent: Saturday, March 26, 2011 10:34 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux Right, your vswitch and nicdef statements don't change.You may have to put a vlan on your SET VSWITCH GRANT statements. Marcy -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Thursday, March 24, 2011 8:05 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Supporting Dot.1q trunk in z/Linux Thanks Alan, this is what I was looking for. So the Vswitch and the NIC def for the guest does not change correct? It appears that the only thing that changes is at the switch level where it becomes a Trunk connection correct? Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Alan Altmark Sent: Thursday, March 24, 2011 3:29 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux On Thursday, 03/24/2011 at 01:01 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: So my question is from my z/Linux side what changes to I need to make and where are these changes reflected In my setup on the z/Linux. Just so you know my z/VM TCP/IP stack is not really being used for the z/Linux guests that is being done within z/Linux in my case RHEL 5.2 You will make NO changes to your Linuxes. Those on existing subnet A will remain there and be on VLAN A. New ones on Subnet B will be assigned to VLAN B. When a Linux on A and one on B want to talk to each other, the traffic will flow into the VSWITCH, down the OSA, out of the box, into the router, and back. This may generate a requirement to reassign IP addrs so that those two servers are placed in the same subnet, with no need for traffic to flow out of the box. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
Re: Supporting Dot.1q trunk in z/Linux
Mary, What would be the LAN name on the GRANT? And is the GRANT the place I would need to specify LAN parameter? Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Marcy Cortes Sent: Saturday, March 26, 2011 10:34 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux Right, your vswitch and nicdef statements don't change.You may have to put a vlan on your SET VSWITCH GRANT statements. Marcy -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Thursday, March 24, 2011 8:05 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Supporting Dot.1q trunk in z/Linux Thanks Alan, this is what I was looking for. So the Vswitch and the NIC def for the guest does not change correct? It appears that the only thing that changes is at the switch level where it becomes a Trunk connection correct? Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Alan Altmark Sent: Thursday, March 24, 2011 3:29 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux On Thursday, 03/24/2011 at 01:01 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: So my question is from my z/Linux side what changes to I need to make and where are these changes reflected In my setup on the z/Linux. Just so you know my z/VM TCP/IP stack is not really being used for the z/Linux guests that is being done within z/Linux in my case RHEL 5.2 You will make NO changes to your Linuxes. Those on existing subnet A will remain there and be on VLAN A. New ones on Subnet B will be assigned to VLAN B. When a Linux on A and one on B want to talk to each other, the traffic will flow into the VSWITCH, down the OSA, out of the box, into the router, and back. This may generate a requirement to reassign IP addrs so that those two servers are placed in the same subnet, with no need for traffic to flow out of the box. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
Re: Supporting Dot.1q trunk in z/Linux
Marcy :) Your using a trunk port requires the vswitch to vlan tag the stuff sent over it. So say you have default vlan of 100 on the vswitch going out over it and your vswitch has that defined as the default. Then if the IP x.x.x.x is on vlan 100 then you don't need a vlan on the grant. If the IP x.x.y.x is on vlan 200 then you will need a VLAN parm on the vswitch grant. Like set vswitch vswitch1 grant Linux8 vlan 200. I kind of feel it's safer to always put a vlan number on any grant on a vswitch using a trunk port. Symptoms of getting it wrong will be no packets going anywhere on a 'q vswitch details Marcy -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Saturday, March 26, 2011 10:06 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Supporting Dot.1q trunk in z/Linux Mary, What would be the LAN name on the GRANT? And is the GRANT the place I would need to specify LAN parameter? Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Marcy Cortes Sent: Saturday, March 26, 2011 10:34 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux Right, your vswitch and nicdef statements don't change.You may have to put a vlan on your SET VSWITCH GRANT statements. Marcy -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Thursday, March 24, 2011 8:05 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Supporting Dot.1q trunk in z/Linux Thanks Alan, this is what I was looking for. So the Vswitch and the NIC def for the guest does not change correct? It appears that the only thing that changes is at the switch level where it becomes a Trunk connection correct? Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Alan Altmark Sent: Thursday, March 24, 2011 3:29 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Supporting Dot.1q trunk in z/Linux On Thursday, 03/24/2011 at 01:01 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: So my question is from my z/Linux side what changes to I need to make and where are these changes reflected In my setup on the z/Linux. Just so you know my z/VM TCP/IP stack is not really being used for the z/Linux guests that is being done within z/Linux in my case RHEL 5.2 You will make NO changes to your Linuxes. Those on existing subnet A will remain there and be on VLAN A. New ones on Subnet B will be assigned to VLAN B. When a Linux on A and one on B want to talk to each other, the traffic will flow into the VSWITCH, down the OSA, out of the box, into the router, and back. This may generate a requirement to reassign IP addrs so that those two servers are placed in the same subnet, with no need for traffic to flow out of the box. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
Supporting Dot.1q trunk in z/Linux
Hi We have run out of the IPs on a certain SUBNET. The network folks say we need to set the VSWITCHES up as a Dot.1q trunk on both their side and the z/Linux side. We are not currently using Dot.1q trunk. So my question is from my z/Linux side what changes to I need to make and where are these changes reflected In my setup on the z/Linux. Just so you know my z/VM TCP/IP stack is not really being used for the z/Linux guests that is being done within z/Linux in my case RHEL 5.2 Thanks for the help! Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191
Re: Supporting Dot.1q trunk in z/Linux
If you are using a VSWITCH with a trunk port on the physical switch, you are already doing 802.1q trunking between VM and the network. CP is doing it for you. Why in heaven's name do they want the Linux guests doing .1q trunking? That's a recipie for VLAN jumping, which they will have fits about.
Re: Supporting Dot.1q trunk in z/Linux
Make sure your VNICs remain ACCESS (not trunk) with the correct VLAN/subnet and zLinux will see no difference. VSWITCH will sort out the trunking on behalf of the zLinux guest. If you need to communicate between zLinux instances in different VLANs/subnets IP traffic will need to be routed instead of going directly on the VSWITCH. Regards, Mike Mike Wawiorko Global z Connectivity and Automation Engineering GISD Core Engineering GRB Technology Barclays Bank Ground Floor (B4), Turing House, Radbroke Hall, WA16 9EU (Mail Van 49) Tel: +44(0)1565 615415 or internal 7-2000-5415 Mobile: 07824527120 Email: mailto:mike.wawio...@barclays.com mailto:mike.wawio...@barclays.com P Please consider the environment before printing this e-mail _ From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: 24 March 2011 17:01 To: IBMVM@LISTSERV.UARK.EDU Subject: Supporting Dot.1q trunk in z/Linux Hi We have run out of the IPs on a certain SUBNET. The network folks say we need to set the VSWITCHES up as a Dot.1q trunk on both their side and the z/Linux side. We are not currently using Dot.1q trunk. So my question is from my z/Linux side what changes to I need to make and where are these changes reflected In my setup on the z/Linux. Just so you know my z/VM TCP/IP stack is not really being used for the z/Linux guests that is being done within z/Linux in my case RHEL 5.2 Thanks for the help! Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this e-mail may be monitored by the Barclays Group for operational or business reasons. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group. Barclays Bank PLC.Registered in England and Wales (registered no. 1026167). Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom. Barclays Bank PLC is authorised and regulated by the Financial Services Authority.
Re: Supporting Dot.1q trunk in z/Linux
On Thursday, 03/24/2011 at 01:01 EDT, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: So my question is from my z/Linux side what changes to I need to make and where are these changes reflected In my setup on the z/Linux. Just so you know my z/VM TCP/IP stack is not really being used for the z/Linux guests that is being done within z/Linux in my case RHEL 5.2 You will make NO changes to your Linuxes. Those on existing subnet A will remain there and be on VLAN A. New ones on Subnet B will be assigned to VLAN B. When a Linux on A and one on B want to talk to each other, the traffic will flow into the VSWITCH, down the OSA, out of the box, into the router, and back. This may generate a requirement to reassign IP addrs so that those two servers are placed in the same subnet, with no need for traffic to flow out of the box. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
