View as PDF

Virtualization with PowerVM > Practical Introduction > I/O Virtualization > Virtual Ethernet

7.3.1. VLANs and VLAN-Tagging

Every virtual Ethernet switch supports VLANs (Virtual Local Area Network) according to IEEE 802.1q. Ultimately, this means that all Ethernet packets within a virtual Ethernet switch have a VLAN tag. Permitted VLAN IDs are 1-4094. Each virtual Ethernet adapter has a so-called port VLAN ID (attribute port_vlan_id), which must be specified when creating a virtual Ethernet adapter. As shown in Figure 7.4, the hypervisor adds a VLAN header with the port VLAN ID to every outgoing untagged packet (a packet without a VLAN header). Correspondingly, in the case of incoming packets with a VLAN ID that is the same as the port VLAN ID of the destination adapter, the VLAN header is removed again by the hypervisor. This allows LPARs to communicate with one another without using VLAN headers themselves. Packets with a VLAN header are referred to as tagged, packets without a VLAN header are referred to as untagged (not marked). Adding a VLAN header to a packet is called tagging. Ethernet adapters that do not support VLAN headers are often referred to as VLAN unaware.

VLAN tagging with the port VLAN ID (port_vlan_id)
Figure 7.4: VLAN tagging with the port VLAN ID (port_vlan_id)

As figure 7.4 demonstrates, Ethernet adapters that do not use/support VLAN tagging themselves, can still function without problems in an environment with VLANs, by having the switch (POWER Hypervisor) perform the tagging with the port VLAN ID of the virtual Ethernet adapter.

A virtual Ethernet adapter can optionally be created as IEEE 802.1q compatible (attribute ieee_virtual_eth=yes). In addition to untagged packets, it then also supports tagged packets for a list of VLAN IDs that can be specified with the attribute addl_vlan_ids. Then, several different VLANs can be used by one LPAR via a virtual Ethernet adapter. The virtual Ethernet adapter adds a VLAN header to the packets for the additional VLAN IDs. The packets therefore arrive at the virtual switch as tagged packets and the hypervisor no longer needs to add a VLAN tag.

Figure 7.5 shows the delivery of a packet with VLAN ID 200: VLAN ID 200 belongs to the additional VLAN IDs (addl_vlan_ids) of the sending virtual Ethernet adapter, so the virtual Ethernet adapter must generate a tagged packet. The packet is then forwarded unchanged to the virtual Ethernet switch. The VLAN ID 200 also belongs to the additional VLAN IDs for the target Ethernet adapter. The VLAN header is therefore not removed by the hypervisor and the packet including the VLAN header is forwarded to the target LPAR by the virtual Ethernet adapter. The VLAN header is retained during the entire delivery from the source LPAR to the destination LPAR!

Delivery of tagged packets, here for the VLAN 200.
Figure 7.5: Delivery of tagged packets, here for the VLAN 200.