View as PDF

Virtualization with PowerVM > Practical Introduction > I/O Virtualization > Virtual Ethernet

7.3.3. Virtual Ethernet Switches

Each POWER system has the virtual Ethernet switch ETHERNET0 by default. If necessary, additional virtual Ethernet switches can be created. If a managed system has only one connection to exactly one external network, then the use of the ETHERNET0 default switch is sufficient.

ETHERNET0 and an external network
Figure 7.6: ETHERNET0 and an external network

The external network shown in figure 7.6 is expanded into the managed system, using the shared Ethernet adapter ent11 and the virtual switch ETHERNET0.

The situation is completely different when another independent network is connected to the managed system. When using the same virtual Ethernet switch, the two independent (separated) external networks are connected within the managed system to one another by the shared virtual Ethernet switch. This is sketched in figure 7.7. This is clearly not the intention of network administrators and should be avoided.

Connecting two external networks via ETHERNET0
Figure 7.7: Connecting two external networks via ETHERNET0

In practice, this is often not a serious problem, as different VLAN IDs are usually used in the two external networks. But it is still unpleasant, when two physically separated networks use the same virtual Ethernet switch in a managed system. If a VLAN with the same VLAN ID is used in both networks, then only one of the two VLANs can be used within the managed system. This configuration should be avoided in any case and could also be considered a security problem in a security audit, for example.

A separate virtual Ethernet switch should therefore be used for each external physical network that is connected to a managed system. The external, physically separate, networks then remain separate from one another within the managed system. Figure 7.8 shows the separation with the help of an additional virtual Ethernet switch ETHNAS. With this configuration, both networks can easily use the same VLAN IDs without causing problems.

Separation of two external networks by using an additional virtual Ethernet switch.
Figure 7.8: Separation of two external networks by using an additional virtual Ethernet switch.

The virtual Ethernet switches of a managed system can be displayed using the command “ms lsvswitch” (list virtual switch):

$ ms lsvswitch ms03
NAME  VSWITCH             SWITCH_MODE  VLAN_IDS
ms03  ETHERNET0(Default)  VEB          1,100,150,200,250,300,900,950
$

To add another virtual Ethernet switch, the command “ms addvswitch” (add virtual switch) can be used:

$ ms addvswitch ms03 ETHNAS
$

A new virtual Ethernet switch initially has no VLAN IDs assigned:

$ ms lsvswitch ms03
NAME  VSWITCH             SWITCH_MODE  VLAN_IDS
ms03  ETHERNET0(Default)  VEB          1,100,150,200,250,300,900,950
ms03 ETHNAS VEB none
$

When creating a virtual Ethernet adapter, the “-s” option can be used to specify the virtual Ethernet switch to which the adapter is to be connected. By default, this is the default switch with the name ETHERNET0.

$ lpar addeth -s ETHNAS aix22 9 700
$

The port VLAN ID specified for the virtual Ethernet adapter is listed among the supported VLAN IDs of the virtual switch ETHNAS:

$ ms lsvswitch ms03
NAME  VSWITCH             SWITCH_MODE  VLAN_IDS
ms03  ETHERNET0(Default)  VEB          1,100,150,200,250,300,900,950
ms03 ETHNAS VEB 700
$