Affinity Control with taskset

Linux (pLinux & x86) 2013. 5. 22. 12:39

+. schedutils 

# apt-get install schedutils (ubuntu)

# up2date schedutils (redhat)

# rpm -ivh schedutils* (redhat)



+. check for the taskset information for process

   > -p  : hex formant for cpu number

   > -pc : decimal formant for cpu number

# taskset -pc 2360 

pid 2360's current affinity list: 0



+. assign affinity with invoking the process

# taskset -c 1-3 /etc/init.d/httpd start



+. assign affinity on a running process

  > -p : Operate on an existing PID and do not launch a new task

  > -c : Specify a numerical list of processors instead of a bitmask.

         The numbers are separated by commas and may include ranges.  

       For example: 0,5,7,9-11.

# taskset -c 1 -p 12314

# taskset -c 3,4 -p 12314

저작자표시 비영리 변경금지

'Linux (pLinux & x86)' 카테고리의 다른 글

chrome installation using google ppa on ubuntu  (0) 2013.12.09
IBM Installation Toolkit: Loading Linux on POWER  (0) 2013.05.28
JVM Large Pages in Linux (huge page)  (0) 2013.05.22
RHEL의 repository를 CentOS 혹은 Daum 으로 변경하기...  (0) 2013.02.20
idle시 HDD spindown 을 통해 HDD saving 모드 지정  (0) 2013.01.17
블로그 이미지

Melting

,

JVM Large Pages in Linux (huge page)

Linux (pLinux & x86) 2013. 5. 22. 12:24

+. memory space / number of large memory pages 

 - each huge page size : 16 MB

 - jvm heap size : 2048 MB

 - jvm instances : 4

 

 > total memory space for jvm heap 

     : 2048 MB * 4 (jvm) = 8 GB

   total memory space for huge page 

     : (1024 (1kb) * 1024 (1mb) * 1024 (1gb) * 2 (jvm heap) * 4 (jvm count)) - 1  = 8589934591

   total huge page number

     : 1024 (1gb) * 2 (jvm heap) * 4 (jvm count) / 16 (huge page size) = 512



+. allocate the shared memory segement 

#. echo 8589934591 > /proc/sys/kernel/shmmax   (temporary configuration)

#. vi /etc/sysctl.conf                         (permanent configuration)

   kernel.shmmax = 8589934591


+. set the number of huge pages

#. echo 512 > /proc/sys/vm/nr_hugepages        (temporary configuration)

#. vi /etc/sysctl.conf                         (permanent configuration)

   vm.nr_hugepages = 512


+. set the user group to access the huge pages (ex. user's group id : 1001) 

#. echo 1001 > /proc/sys/vm/hugetlb_shm_group  (temporary configuration)

#. vi /etc/sysctl.conf                         (permanent configuration)

   vm.hugetlb_shm_group = 1001


+. run jvm with huge page support option

 > java -Xlp -Xmn1400m -Xms2048m -Xmx2048m -XlockReservation -Xnoloa -XtlhPrefetch -Xaggressive -Xcompressedrefs -Xconcurrentlevel0

 > java -d64 -server -Xms2048m -Xmx2048m -Xss192k -XX:+UseLargePages -XX:LargePageSizeInBytes=2m -XX:+UseParNewGC



+. check the huge pages in memory 

#. cat /proc/meminfo | grep Huge


저작자표시 비영리 변경금지

'Linux (pLinux & x86)' 카테고리의 다른 글

IBM Installation Toolkit: Loading Linux on POWER  (0) 2013.05.28
Affinity Control with taskset  (0) 2013.05.22
RHEL의 repository를 CentOS 혹은 Daum 으로 변경하기...  (0) 2013.02.20
idle시 HDD spindown 을 통해 HDD saving 모드 지정  (0) 2013.01.17
LinuxMint 에서 compiz 설정하기...  (0) 2013.01.17
블로그 이미지

Melting

,

IBM Power Systems Performance Guide - Implementing and Optimizing

IBM Power 2013. 5. 8. 10:04




sg248080 - IBM Power Systems Performance Guide - Implementing and Optimizing.pdf


저작자표시 비영리 변경금지

'IBM Power' 카테고리의 다른 글

PowerVM new Redbooks  (0) 2013.06.28
AIX Installation with USB Memory Stick  (0) 2013.05.28
Configuring a Shared Ethernet Adapter  (0) 2013.04.22
[펌] How to work with VLAN using VIOS  (0) 2013.04.22
Configuring Multi-Path I/O for AIX client logical partitions  (0) 2013.04.18
블로그 이미지

Melting

,

Configuring a Shared Ethernet Adapter

IBM Power 2013. 4. 22. 13:51

- http://pic.dhe.ibm.com/infocenter/powersys/v3r1m5/topic/iphb1/iphb1_vios_configuring_sea.htm


Configuring a Shared Ethernet Adapter

Find instructions for configuring Shared Ethernet Adapters.

Before you can configure a Shared Ethernet Adapter, you must first create the adapter using the Hardware Management Console (HMC). For instructions, see Creating a virtual Ethernet adapter using HMC version 7.

To configure a Shared Ethernet Adapter using the HMC, version 7 release 3.4.2 or later, see Creating a shared Ethernet adapter for a Virtual I/O Server logical partition using the Hardware Management Console.

To configure a Shared Ethernet Adapter using versions prior to the HMC, version 7 release 3.4.2, complete the following steps from the Virtual I/O Server command-line interface:

  1. Verify that the virtual Ethernet trunk adapter is available by running the following command: 
    lsdev -virtual
  2. Identify the appropriate physical Ethernet adapter that will be used to create the Shared Ethernet Adapter by running the following command: 
    lsdev -type adapter
    Notes:
    • Ensure that TCP/IP is not configured on the interface for the physical Ethernet adapter. If TCP/IP is configured, the mkvdev command in the next step fails.
    • You can also use a Link Aggregation, or EtherChannel, device as the Shared Ethernet Adapter.
    • If you plan to use the Host Ethernet Adapter or Integrated Virtual Ethernet with the Shared Ethernet Adapter, ensure that you use the Logical Host Ethernet Adapter to create the Shared Ethernet Adapter.
  3. Configure the Shared Ethernet Adapter by running the following command: 
    mkvdev -sea target_device -vadapter virtual_ethernet_adapters \
-default DefaultVirtualEthernetAdapter -defaultid SEADefaultPVID
    Where:
    target_device
    The physical adapter being used as part of the Shared Ethernet Adapter device.
    virtual_ethernet_adapters
    The virtual Ethernet adapter or adapters that will use the Shared Ethernet Adapter.
    DefaultVirtualEthernetAdapter
    The default virtual Ethernet adapter used to handle untagged packets. If you have only one virtual Ethernet adapter for this logical partition, use it as the default.
    SEADefaultPVID
    The PVID associated with your default virtual Ethernet adapter.
    For example:
    • To create Shared Ethernet Adapter ent3 with ent0 as the physical Ethernet adapter (or Link Aggregation) and ent2 as the only virtual Ethernet adapter (defined with a PVID of 1), type the following command: 
      mkvdev -sea ent0 -vadapter ent2 -default ent2 -defaultid 1
    • To obtain the value for the SEADefaultPVID attribute in the mkvdev command, type the following command:
      enstat -all ent2 | grep "Port VLAN ID:"
      Output similar to the following example is displayed:
      Port VLAN ID: 1
  4. Verify that the Shared Ethernet Adapter was created by running the following command: 
    lsdev -virtual
  5. Do you plan to access the Virtual I/O Server from the network with the physical device used to create the Shared Ethernet Adapter?
    • Yes: Go to step 6.
    • No: You are finished with this procedure and do not need to complete the remaining steps.
  6. Do you plan to set bandwidth apportioning by defining a Quality of Service (QoS)?
    • Yes: Go to step 11 to enable the Shared Ethernet Adapter device to prioritize traffic.
    • No: Go to step 9 to configure a TCP/IP connection.
  7. Do you plan to define IP addresses on any VLANs other than the VLAN specified by the PVID of the Shared Ethernet Adapter?
    • Yes: Go to step 8 to create VLAN pseudo-devices.
    • No: Go to step 9 to configure a TCP/IP connection.
  8. To configure VLAN pseudo-devices, complete the following steps:
    1. Create a VLAN pseudo-device on the Shared Ethernet Adapter by running the following command: 
      mkvdev -vlan TargetAdapter -tagid TagID
      Where:
      • TargetAdapter is the Shared Ethernet Adapter.
      • TagID is the VLAN ID that you defined when creating the virtual Ethernet adapter associated with the Shared Ethernet Adapter.
      For example, to create a VLAN pseudo-device using the Shared Ethernet Adapter ent3 that you just created with a VLAN ID of 1, type the following command: 
      mkvdev -vlan ent3 -tagid 1
    2. Verify that the VLAN pseudo-device was created by running the following command: 
      lsdev -virtual
    3. Repeat this step for any additional VLAN pseudo-devices that you need.
  9. Run the following command to configure the first TCP/IP connection. The first connection must be on the same VLAN and logical subnet as the default gateway.
    mktcpip -hostname Hostname -inetaddr Address -interface Interface -netmask \
SubnetMask -gateway Gateway -nsrvaddr NameServerAddress -nsrvdomain Domain
    Where:
    • Hostname is the host name of the Virtual I/O Server
    • Address is the IP address you want to use for the TCP/IP connection
    • Interface is the interface associated with either the Shared Ethernet Adapter device or a VLAN pseudo-device. For example, if the Shared Ethernet Adapter device is ent3, the associated interface is en3.
    • Subnetmask is the subnet mask address for your subnet.
    • Gateway is the gateway address for your subnet.
    • NameServerAddress is the address of your domain name server.
    • Domain is the name of your domain.
    If you do not have additional VLANs, then you are finished with this procedure and do not need to complete the remaining step.
  10. Run the following command to configure additional TCP/IP connections: 
    chdev -dev interface -perm -attr netaddr=IPaddress -attr netmask=netmask 
-attr state=up
    When using this command, enter the interface (enX) associated with either the Shared Ethernet Adapter device or VLAN pseudo-device.
  11. Enable the Shared Ethernet Adapter device to prioritize traffic. Client logical partitions must insert a VLAN priority value in their VLAN header. For AIX® clients, a VLAN pseudo-device must be created over the Virtual I/O Ethernet Adapter, and the VLAN priority attribute must be set (the default value is 0). Do the following steps to enable traffic prioritization on an AIX client:
    1. Set the Shared Ethernet Adapter qos_mode attribute to either strict or loose mode. Use one of the following commands: chdev -dev <SEA device name> -attr qos_mode=strict or chdev -dev <SEA device name> -attr qos_mode=loose. For more information about the modes, see Shared Ethernet Adapter.
    2. From the HMC, create a Virtual I/O Ethernet Adapter for the AIX client with all of the tagged VLANs that are required (specified in the Additional VLAN ID list). Packets sent over the default VLAN ID (specified in the Adapter ID or Virtual LAN ID field) will not be tagged as VLAN; therefore, a VLAN priority value cannot be assigned to them.
    3. On the AIX client, run the smitty vlan command.
    4. Select Add a VLAN.
    5. Select the name of the Virtual I/O Ethernet Adapter created in step 1.
    6. In the VLAN Tag ID attribute, specify one of the tagged VLANs that are configured on the Virtual I/O Ethernet Adapter that you created in step 1.
    7. Specify an attribute value (0 - 7) in the VLAN Priority attribute, which corresponds to the importance the VIOS should give to the traffic sent over that VLAN pseudo-device.
    8. Configure the interface over the VLAN pseudo-device created in step 6.
    Traffic sent over the interface created in step 7 will be tagged as VLAN and its VLAN header will have the VLAN priority value specified in step 6. When this traffic is bridged by a Shared Ethernet Adapter that has been enabled for bandwidth apportioning, the VLAN priority value is used to determine how quickly it should be sent in relation to other packets at different priorities.
The Shared Ethernet Adapter is now configured. After you configure the TCP/IP connections for the virtual adapters on the client logical partitions using the client logical partitions' operating systems, those logical partitions can communicate with the external network.
Parent topic: Configuring virtual Ethernet on the Virtual I/O Server
Related concepts
Related information



저작자표시 비영리 변경금지

'IBM Power' 카테고리의 다른 글

AIX Installation with USB Memory Stick  (0) 2013.05.28
IBM Power Systems Performance Guide - Implementing and Optimizing  (0) 2013.05.08
[펌] How to work with VLAN using VIOS  (0) 2013.04.22
Configuring Multi-Path I/O for AIX client logical partitions  (0) 2013.04.18
lsof on aix  (0) 2012.12.20
블로그 이미지

Melting

,

[펌] How to work with VLAN using VIOS

IBM Power 2013. 4. 22. 13:25

http://www.torontoaix.com/vio-how-to-s/how-to-work-with-vlan-using-vios



How to work with VLAN using VIOS

Introduction

This article assumes the following:

  • System administration experience in setting up Ethernet networks, but no experience with virtual Local Area Networks (VLANs)
  • Experience in pSeries® hardware and, in particular, POWER5™-based machines
  • Experience with the Hardware Management Console (HMC) and creating logical partitions (LPARs)
  • Experience with the IBM Virtual I/O Server (VIO Server) in simple configuration

Note: The term VIO Server is used in this article to refer to the IBM Virtual I/O Server LPAR running on a pSeries POWER5-based machine. The term VIO client is used to refer to any LPAR making use of the virtual SCSI (small computer system interface) and/or virtual Ethernet services of the VIO Server.


Basic networks and basic VLAN

You can run two different IP address ranges on the same Ethernet cable segment. For example, all cables being plugged into the same hub. This would give you two logical networks on one physical network. While this does work well, there is a large problem –- one machine, with the right network setup and software, can capture all the packets for both IP address ranges. So, there is no security between the logical networks. Figure 1 below illustrates this point:


Figure 1. Two logical networks on one physical network

To stop this security hole, Cisco first invented ISL (Inter Switch Link), which has since moved on and become the IEEE-802.1Q standard that covers VLANs. This standard, in its simplest form, requires an Ethernet switch with IEEE-802.1Q VLAN to support ports on the switch that have extra attributes (VLAN tagging), so machines (or their PCI adapters) can use VLAN tagging. So inFigure 1 above, you would want to replace the Ethernet hub with an Ethernet switch -- this means it is intelligent in sending packets. The ports within the switch are capable of belonging to one or more VLANs with a default VLAN for the port -- this is called Port VLAN ID (PVID). Packets that arrive at the switch with a VLAN tag are permitted to pass, depending on whether this matches one of the VLANs that the port is a member of. If a packet arrives without a VLAN tag, the switch then tags it with the PVID of the switch port. The routing of packets within the network will now rely not only on the subnet, but also on the VLAN tags. The VLAN tag separates the ports into what are effectively separate physical networks -- for example, using two VLANs with VLAN IDs of 31 and 45. If you assign the same VLAN ID (31) to ports where machines A, B, and C are plugged in and VLAN ID 45 to the ports where machines 1, 2, and 3 are plugged in, the switch will not transfer packets between the two logical networks -- that is two sets of machines. Most devices are completely unaware of this VLAN tagging at the switch and do not accept packets with VLAN tags, although most devices can be configured to accept and understand the tags. With this in mind, most switches, if they receive a packet with a VLAN tag matching the PVID, strip the tag from the packet before sending it out of the switch to the attached device. If the VLAN tag matches one of the possible additional VLANs that the port belongs to (for example, not the default PVID), the tag will be left intact. This allows devices that are both VLAN aware and VLAN unaware to exist side by side. See Figure 2 below.


Figure 2. Two logical networks on two VLAN networks

See Figure 3 below for a simpler view. By using VLAN IDs and port tagging, the Ethernet switch logically separates the two VLANs so that packets are no longer communicated between the two sets of machines.


Figure 3. Two logical networks on two VLAN networks using one Ethernet switch 

It is also worth pointing out that using the switch to add VLAN ID tagging means the network administrator has complete control of where packets go and who can see them. This is how most network administrators like to operate, as it is invisible to the machines and their system administrators. Your network administrators are probably using VLANs without you knowing, as there are many benefits when running a large network. I did not know this until I asked, but every floor in the IBM building in which I work is a separate VLAN. Listed below are some other reasons for using VLANs:

  • Limits packets to a subset of the company network backbone
  • Limits pointless network flow of packets between non-server machines
  • Increases performance
  • Provides security -- using VLANs to limit hostile connections (for example, direct Internet connection)
  • Allows you to monitor network traffic for planning

If your operating system allows it, you can also add these VLAN tags on the machines themselves. In addition, the Ethernet switch can be told not to automatically add VLAN tags on the port. This decentralizes the point of control away from the switch to many machines, making it much harder to control -- keep in mind that a rogue device could read all Ethernet packets on the network with a simple administration mistake. In general, it is better to control the VLAN tagging at the switches for simplicity.

Note: I have only scratched the surface of what VLANs can do. For example, Switch ports can have multiple VLANs, send every packet to a particular port regardless of the VLAN (this is often used for monitoring and security), and much more complex configurations. Let's now move on to VLANs in the Hypervisor.


The virtual Ethernet in the Hypervisor

In the IBM eServer™ p5 pSeries machines have a Hypervisor, which is used to control the LPARs in the machine. This Hypervisor is firmware that all operating systems (AIX® and Linux®) use to interact with the hardware. It also provides a virtual Ethernet service, so that without an Ethernet adapter, the LPARs can communicate over the Hypervisor (through memory) using TCP/IP (Transmission Control Protocol/Internet Protocol ).

The Hypervisor virtual Ethernet is implemented to behave just like a VLAN-aware Ethernet switch -- so every use of the Hypervisor virtual Ethernet is using VLAN technology -- even if you are not aware of it. See Figure 4 below:


Figure 4. Two logical networks on two VLAN networks using Hypervisor virtual Ethernet

For two LPARs to communicate using virtual Ethernet, you need to add a virtual Ethernet adapter to each LPAR and set the PVID to the same number -- the two LPARs can use standard TCP/IP tools to communicate like Telnet, FTP, SSH, and so forth. This is exactly the same model as in the Basic networks and basic VLAN section for say machines A and B to communicate, but Machine A and Machine 2 can not communicate.

The PVID is added to outgoing packets from an LPAR. This is called tagging or VLAN tagging. These tags are then used to decide where the packet goes and what is stripped off when the packet gets delivered to the other LPARs with the same PVID. LPARs are unaware of this tagging/untagging. VLAN tagging is used to separate LPARs using different PVIDs. It can also have multiple internal networks where packets are routed between a subset of the LPARs within the pSeries chassis to avoid going to the wrong LPAR.

Note: This VLAN security model is used so that you can be sure that potential hackers cannot jump from one internal network to another. An LPAR can only see packets on its VLAN, and not others.

There is another VLAN feature that you need to be aware of. For example, if a packet arrives at a destination virtual Ethernet adapter (the analogue of a Ethernet Switch port) with a matching VLAN tag (that is the packet VLAN ID equals the PVID), the tag is then stripped off (the packet is untagged). This is part of the IEEE 802.1Q standard and happens regardless of how the VLAN tag got there in the first place, either arriving on a tagged port (virtual Ethernet adapter) or added by the originating adapter in a machine or LPAR. Also note that if the packet VLAN ID does not equal the PVID but equals one of the additional VLAN IDs that the port permitted to pass, the VLAN tag is not removed and the packet is allowed to pass with the VLAN tag left intact.


A worked example

The previous sections have been about Ethernet packets within a machine and LPARs communicating with themselves across the internal Hypervisor network. There is, of course, a need to get packets to and from an external Local Area Network (LAN). In a VIO Server environment, it is the VIO Server that provides the link between internal and external LANs. This gets a little more complex, as you might have many VLANs within the machine that need to be connected to multiple VLANs outside the machine in a secure way. Therefore, the VIO Server needs to be connected to all of the VLANs but not let packets move between the VLANs, as this would break the security model.

Figure 5 below illustrates how to set up this type of configuration:


Figure 5. A worked example

There are multiple requirements for this to work:

  1. LPARs must be able to communicate with other LPARs on the same VLAN. Requirement -- internal VLAN communications are simple to setup.
  2. For many LPARs to talk to a single virtual Ethernet adapter in the VIO server, you have to use IEEE 802.1Q standard on the virtual Ethernet adapter of the VIO Server to allow more than single PVID tagged packets to be accepted at the virtual Ethernet adapter. Requirement -- one virtual Ethernet adapter/port for multiple VLANs on the VIO Server.
  3. Also, you do not want the VLAN tags stripped from the arriving packets, as the VIO Server could not forward them on to the right external VLAN. Requirement -- no stripping of VLAN tags on the VIO Server.
  4. In addition, you also have to enable the Shared Ethernet Adapter (SEA) to allow packets with many VLANs to pass through it. Requirement -- allow the SEA to transmit packets for many VLANs.

In this example, you are going to use VLAN IDs of 23, 150, and 160. There is nothing special about these numbers, so simply substitute your own. Note: VLAN IDs 8 and 89 are also used here as otherwise unused VLAN IDs, so be careful of these numbers. Let's now build up this picture one step at a time in the following sections.


Requirement 1: Internal VLAN communications are simple to set up

Internal VLAN communications are simple set up on the HMC. The LPAR profile is assigned to a virtual Ethernet adapter -- it is assumed you are familiar with the HMC. If you have created an LPAR and an LPAR profile, you should see the virtual resources panels. Each LPAR below has been given a virtual Ethernet adapter with a PVID. The Trunk and IEEE802.1Q are also unselected. As discussed above, the PVID will be added to the packets from an LPAR, used to route packets to the right LPARs, and then stripped off before delivery. For example, see Figure 6 below of four LPARs. LPAR3 and LPAR4 have the same PVID(for example, 160) so that they can communicate directly. LPAR1 and LPAR2 have other PVIDs so that they cannot talk to LPAR3 or LPAR4, or each other. However, LPAR1 and LPAR2 can communicate with other machines on VLANs external to the machine.


Figure 6. Requirement 1: Internal VLAN communications are simple to set up

Figure 7 below shows the creation of the virtual Ethernet adapter for LPAR1. The virtual Ethernet adapter settings are PVID = 23and the Trunk adapter and IEEE 802.1Q are unselected. Note that the Slot number needs to be unique within an LPAR for each virtual device. Its value is otherwise unimportant for virtual Ethernet devices.


Figure 7. Virtual Ethernet adapter for LPAR1

For LPARs 2, 3, and 4, the same settings are used except for the PVID numbers.


Requirement 2: One virtual Ethernet adapter/port for many internal VLANs on the VIO Server

The VIO Server is a single relay point between multiple internal VLANs and the single external physical Ethernet adapter and LAN. To connect up the virtual and physical networks, you need to use the Shared Ethernet Adapter (SEA) device to link one or more virtual adapters to a physical adapter. This single virtual Ethernet adapter connecting to multiple internal VLANs is by far the simplest to set up and covers most cases. Remember that the virtual Ethernet runs over the internal memory of the system -- you cannot gain performance by having extra virtual adapters. In more complex cases, you might have other complete sets -- physical adapter, virtual adapter, and SEA. However, to setup this simple case, when the virtual Ethernet adapter in the VIO Server is created, you need to make sure to name all the internal VLANs that are connected, as shown in Figure 8 below.


Figure 8. One virtual Ethernet adapter/port for many internal VLANs on the VIO Server

Figure 9 below illustrates the purpose of having multiple fields (in the virtual Ethernet adapter creation dialogue) for Additional VLAN IDs in the VIO Server.


Figure 9. Virtual Ethernet adapter properties

Here the Trunk adapter is selected because this VIO Server is going to be using the SEA function to transfer packets to and from the external network. The IEEE 802.1Q is selected so that you can add additional VLAN IDs. The additional VLAN IDs have been typed in the Add field and the Add button clicked to add them to the list of VLAN IDs lower down the panel. This gives you all theVLAN IDs on the internal network that the VIO Server is allowing to arrive at this particular virtual Ethernet adapter/port. Note: These are the same as the PVIDs in the VIO client LPARs. This means packets that arrive with the VLAN tag that the Hypervisor adds can pass over the SEA.


Requirement 3: No stripping of VLAN tags on the VIO Server

You do not want the VLAN ID added to the packets as it leaves VIO client LPARs (set using the PVID number) to be removed on entering this VIO Server LPAR. Note that in Figure 10 below, the PVID is set to a seemingly weird number, 88 for example. This must be an otherwise unused VLAN ID (clearly it must not be in a PVID either, as it is the same thing). If a packet arrived with this VLAN ID (for example, 88), then the VLAN ID tag would be stripped off (untagged) and it could not be forwarded on to the right external VLAN. For example, if a packet with VLAN ID 88 arrived, then 88 would be removed. If this was sent through the SEA to the external physical network, it would arrive at the Ethernet switch untagged. What happens next is purely up to the settings on the Ethernet switch. For example, it could be discarded or sent on to a default VLAN, but the chances of it going to VLAN ID 88 are remote unless your network administrator has explicitly set this up (for example, the Ethernet switch port has a PVID of 88). Untagged packets in a VLAN environment are generally a mistake or assumed to be on some unimportant or legacy network, and best avoided.


Figure 10. Requirement 3: No stripping of VLAN tags on the VIO Server


Requirement 4: Allow the SEA to transmit packets for many VLANs

If you are familiar with creating a SEA in a non-VLAN environment, then you will be familiar with the VIO Server command: mkvdev –sea. This creates a low-level "bridge" of the internal virtual Ethernet to the external physical Ethernet. It is not obvious, but it does this at a low level in the TCP/IP stack and is efficient because packets avoid rising through the TCP/IP stack before being forwarded -- that would take POWER5 CPU cycles. The command takes the virtual Ethernet adapter, physical Ethernet adapter, a couple of other parameters, and creates a higher level adapter. In the example below, virtual adapter ent2 and physical adapter ent0 creates the new super adapter ent3 -- it is this adapter (actually en3) on which you might add an IP address, but this is covered in more detail later. The example command is:

mkvdev –sea ent0 –vadapter ent2 –default ent2 –defaultid 89


This VIO Server command displays the new super adapter name in example en3, or you can find this by using the VIO Server command:

 lsdev -virtual

Look for the SEA entry in the list.

Note 1: The "–default ent2" is the default internal virtual VLAN to send the packet on if the it is untagged. In this example, there is only one virtual Ethernet adapter, but this would be used in more complex cases of multiple virtual Ethernet adapters specified in the command.

Note 2: The "–defaultid 89" is the VLAN ID to use for untagged packets. In effect, this is the PVID of the SEA. See Figure 11 below. In this diagram, you are not expecting untagged packets. By using an unused number like this, these packets are dropped, as no client will accept VLAN 89 packets.


Figure 11. VLAN ID to use for untagged packets

This newly created SEA would only forward untagged packets using the PVID 89; however, the Virtual Ethernet adapter behind it will not accept the VLAN ID, so all untagged packets would be dropped. You have to tell the VIO Server SEA that the other VLAN IDs are allowed. This is done with the VIO Server command:

mkvdev –vlan

In this example, you want these three VLANs to have access to the external Ethernet. To do this, run the following commands on the VIO Server:

mkvdev –vlan ent3 –tagid 23

mkvdev –vlan ent3 –tagid 150

mkvdev –vlan ent3 –tagid 160


This creates yet more Ethernet adapter names -- one for each of the previous commands.

If you have an internal virtual Ethernet that you don't what to be visible for security reasons, do not use the previous command on that VLAN. For example, there is no need for the network between the Application Server LPAR and the relational database management system (RDBMS) LPAR to appear externally to the physical Ethernet.


VIO Server, to IP address or not!

Here are some considerations when putting the VIO Server on the network:

  1. VIO Server network access is optional.

    You can access the VIO Server from a HMC using a secure and private HMC to service processor network. This makes having a network address and access to the VIO Server optional. If the VIO Server does not appear on any network at all, it makes the VIO Server very secure -- no network = no possible security risk.

  2. Hostile network concerns

    In a hostile network environment, making the VIO Server accessible on the network can be dangerous; if the VIO Server is compromised (hacked), then all networks are vulnerable, as the VIO Server can access them all. The hacker would have to assign an IP address to each VLAN adapter and then get access to them. If one of the VLANs is directly connected to the Internet network, you might have a problem. To avoid this, it might be best to use a physical adapter that is directly connected to the LPAR for vulnerable external networks. This also gives you the means to physically disconnect the cable to stop an attack.

  3. Dynamic logical partition changes

    It you want to perform dynamic logical partition changes to the VIOS LPAR (for example, changing the number of CPUs or the entitlement) it will need to be on a network that can provide communication between HMC and the VIOS OS.

  4. Upgrading the VIO Server

    There are two methods to upgrade the VIO server code -- from CD or using FTP. Make sure that you do give yourself the option to add an IP address to the VIO Server if you are going to use the FTP option.

For non-hostile networks, it is perfectly normal for the VIO Server to go on the network to make management a little more flexible. To do this, use a second virtual Ethernet adapter, add an IP address, and run the VIO Server command, mktcpip, on that second virtual Ethernet adapter and not the SEA itself. If you are operating VLANs for LPARs, you will want to put the VIO Server on a specific VLAN. In Figure 12 below, the VIO Server is being placed on VLAN 23.


Figure 12. Putting the VIO Server on the network

On the VIO Server, use the mktcpip command, for example:

mktcpip -hostname op34 -inetaddr 9.137.62.34 -interface en3 -netmask 

255.255.255.0 -gateway 9.137.62.1


Notes:

  • This extra virtual Ethernet adapter would make the SEA adapter name en4 -- one higher.
  • The VIO Server command sometimes requires "ent" and "en" interfaces. This can get confusing. For example, if you use "ent" when "en" should have been used, then you will receive an error message about "entt" (note the extra "t"), because the command added the "t" to convert "en" to "ent".


Why not put the IP address of the VIO Server on the SEA?

As an alternative, you could use a second physical Ethernet in the VIO Server for network traffic directly to the VIO Server. For example, let's assume you want to back up over the network from the VIO Server. A second physical Ethernet adapter would be a good choice for this scenario. The reason for this is because the second physical Ethernet adapter can separate the client LPAR network traffic from large volume backups that might benefit from using large IP packets. In the example, you have a second adapter called en1 in the VIO Server that can be used.

The unused physical Ethernet port in the example was just a coincidence. It was included in the example because many machines have dual Ethernet port adapters or dual Ethernet ports on the motherboard. By having this in the example, it might warn you to be on the lookout for the case of more than one physical Ethernet port per adapter.


Summary

In this article, you have learned some of the basics for how a VLAN works and that the virtual Ethernet of the Hypervisor behaves just like a VLAN switch.

You have set up a VIO Server to allow access from many client LPARs using different VLAN IDs and how to set up the SEA to transfer Ethernet packets to and from external VLANs.

You have also seen the best way to place the VIO Server on a VLAN or a direct network for remote systems management or backup access.

Acknowledgements

Special thanks to Dave Williams and Chris Milsted for their input and review.



저작자표시 비영리 변경금지

'IBM Power' 카테고리의 다른 글

IBM Power Systems Performance Guide - Implementing and Optimizing  (0) 2013.05.08
Configuring a Shared Ethernet Adapter  (0) 2013.04.22
Configuring Multi-Path I/O for AIX client logical partitions  (0) 2013.04.18
lsof on aix  (0) 2012.12.20
POWER7 Virtualization Best Practice Guide version 2.0  (0) 2012.12.13
블로그 이미지

Melting

,

Configuring Multi-Path I/O for AIX client logical partitions

IBM Power 2013. 4. 18. 18:14

lsattr -El hdisk2 | grep "hcheck_"

lspv | awk '{print "chdev -l " $1 " -a hcheck_interval=60 -P " }' | sh -x

--------------------------------------------------------------------


Scenario: Configuring Multi-Path I/O for AIX client logical partitions

Multi-Path I/O (MPIO) helps provide increased availability of virtual SCSI resources by providing redundant paths to the resource. This topic describes how to set up Multi-Path I/O for AIX® client logical partitions.

In order to provide MPIO to AIX client logical partitions, you must have two Virtual I/O Server logical partitions configured on your system. This procedure assumes that the disks are already allocated to both the Virtual I/O Server logical partitions involved in this configuration.
To configure MPIO, follow these steps. In this scenario, hdisk5 in the first Virtual I/O Server logical partition, and hdisk7 in the second Virtual I/O Server logical partition, are used in the configuration.

The following figure shows the configuration that will be completed during this scenario.

An illustration of an MPIO configuration with two Virtual I/O Server logical partitions.

Using the preceding figure as a guide, follow these steps:

  1. Using the HMC, create SCSI server adapters on the two Virtual I/O Server logical partitions.
  2. Using the HMC, create two virtual client SCSI adapters on the client logical partitions, each mapping to one of the Virtual I/O Server logical partitions.
  3. On either of the Virtual I/O Server logical partitions, determine which disks are available by typing lsdev -type disk. Your results look similar to the following:
    name            status     description

hdisk3          Available  MPIO Other FC SCSI Disk Drive
hdisk4          Available  MPIO Other FC SCSI Disk Drive
hdisk5          Available  MPIO Other FC SCSI Disk Drive
    Select which disk that you want to use in the MPIO configuration. In this scenario, we selected hdisk5.
  4. Determine the ID of the disk that you have selected. For instructions, see Identifying exportable disks. In this scenario, the disk does not have an IEEE volume attribute identifier or a unique identifier (UDID), so we determine the physical identifier (PVID) by running the lspv hdisk5 command. Your results look similar to the following:
    hdisk5          00c3e35ca560f919                    None
    The second value is the PVID. In this scenario, the PVID is 00c3e35ca560f919. Note this value.
  5. List the attributes of the disk using the lsdev command. In this scenario, we typed lsdev -dev hdisk5 -attr. Your results look similar to the following
    ..
lun_id          0x5463000000000000               Logical Unit Number ID           False
..
..
pvid            00c3e35ca560f9190000000000000000 Physical volume identifier       False
..
reserve_policy  single_path                      Reserve Policy                   True
    Note the values for lun_id and reserve_policy. If the reserve_policy attribute is set to anything other than no_reserve, then you must change it. Set the reserve_policy to no_reserve by typing chdev -dev hdiskx -attr reserve_policy=no_reserve.
  6. On the second Virtual I/O Server logical partition, list the physical volumes by typing lspv. In the output, locate the disk that has the same PVID as the disk identified previously. In this scenario, the PVID for hdisk7 matched:
    hdisk7          00c3e35ca560f919                    None
    Tip: Although the PVID values should be identical, the disk numbers on the two Virtual I/O Server logical partitions might vary.
  7. Determine if the reserve_policy attribute is set to no_reserve using the lsdev command. In this scenario, we typed lsdev -dev hdisk7 -attr. You see results similar to the following:
    ..
lun_id          0x5463000000000000               Logical Unit Number ID           False
..
pvid            00c3e35ca560f9190000000000000000 Physical volume identifier       False
..
reserve_policy  single_path                      Reserve Policy
    If the reserve_policy attribute is set to anything other than no_reserve, you must change it. Set the reserve_policy tono_reserve by typing chdev -dev hdiskx -attr reserve_policy=no_reserve.
  8. On both Virtual I/O Server logical partitions, use the mkvdev to create the virtual devices. In each case, use the appropriate hdisk value. In this scenario, we type the following commands:
    • On the first Virtual I/O Server logical partition, we typed mkvdev -vdev hdisk5 -vadapter vhost5 -dev vhdisk5
    • On the second Virtual I/O Server logical partition, we typed mkvdev -vdev hdisk7 -vadapter vhost7 -dev vhdisk7
    The same LUN is now exported to the client logical partition from both Virtual I/O Server logical partitions.
  9. AIX can now be installed on the client logical partition. For instructions on installing AIX, see Installing AIX in a Partitioned Environment in the IBM® System p® and AIX Information Center.
  10. After you have installed AIX on the client logical partition, check for MPIO by running the following command:
    lspath

    You see results similar to the following:

    Enabled hdisk0 vscsi0
Enabled hdisk0 vscsi1
    If one of the Virtual I/O Server logical partitions fails, the results of the lspath command look similar to the following:
    Failed  hdisk0 vscsi0
Enabled hdisk0 vscsi1
    Unless a health check is enabled, the state continues to show Failed even after the disk has recovered. To have the state updated automatically, type chdev -l hdiskx -a hcheck_interval=60 -P. The client logical partition must be rebooted for this change to take effect.
Parent topic: Configuration scenarios for the Virtual I/O Server

저작자표시 비영리 변경금지

'IBM Power' 카테고리의 다른 글

Configuring a Shared Ethernet Adapter  (0) 2013.04.22
[펌] How to work with VLAN using VIOS  (0) 2013.04.22
lsof on aix  (0) 2012.12.20
POWER7 Virtualization Best Practice Guide version 2.0  (0) 2012.12.13
Resource Affinity 문제 해결을 위한 SPPL 설정...  (0) 2012.12.13
블로그 이미지

Melting

,

FSM에서 DLPAR ...

Pureflex 2013. 3. 27. 13:22

1. 해당 virtual server 및 os에 대해서 inventory collection 수행이 완료되어야 함


2. Resource Explorer > Virtual Server 선택 > System Configuration > Manage Virtual Server




3. Assign a resource



저작자표시 비영리 변경금지

'Pureflex' 카테고리의 다른 글

CMM 및 FSM IPv6 설정하기...  (0) 2013.03.22
FSM 1.2(+) 에서 external V7000 등록하기  (0) 2013.03.22
p node의 console 창이 뜨지 않을 경우...  (0) 2013.03.19
BA09000B critical error in CMM (power node)  (0) 2013.02.12
블로그 이미지

Melting

,

CMM 및 FSM IPv6 설정하기...

Pureflex 2013. 3. 22. 14:52

+. CMM IP Configuration
  > FSM이 관리하는 Chassis 내의 모듈들은 IPv6를 통해 관리되므로 아래와 같이 IPv6를 Enable 해주어야 함

 

+. FSM IP Configuration

    > FSM은 Management Network과 Data Network으로 나누어 시스템을 관리하며, Management Network은 IPv6로만 통신하도록 설정되어야 FSM에서 정상적인 Discovery 이루어 짐








저작자표시 비영리 변경금지

'Pureflex' 카테고리의 다른 글

FSM에서 DLPAR ...  (0) 2013.03.27
FSM 1.2(+) 에서 external V7000 등록하기  (0) 2013.03.22
p node의 console 창이 뜨지 않을 경우...  (0) 2013.03.19
BA09000B critical error in CMM (power node)  (0) 2013.02.12
블로그 이미지

Melting

,

FSM 1.2(+) 에서 external V7000 등록하기

Pureflex 2013. 3. 22. 14:37
 
+. FSM 의 ssh key 정리
USERID@FSM-***:~> rm ./.ssh/*

+. 기존에 datasource 와 충돌되는 것이 있는지 확인
USERID@FSM-***:~> smcli lsdatasource
No data sources are available.
 
+. V7000 관리 콘솔에서 'USERID' 라는 계정 삭제
   > 삭제전 반드시 v7000 의 'superuser‘ 계정의 암호를 확인해둬야 함

+. FSM 콘솔에서 아래의 명령 수행
  > smcli manageV7000 -p <password_for_superuser> -i <Flex_System_V7000_IP_address>
 
USERID@FSM-***:~> smcli manageV7000 -p passw0rd -i 160.160.70.105
DNZFM2273I Generating SSH keys for admin using command: " su USERID -c "ssh-keygen -t rsa -N '' -f /home/USERID/.ssh/id_rsaV7000 ""
DNZFM2275I SSH public key for admin was generated successfully
DNZFM2268I Pushing the SSH public key for admin to the V7000 storage node using the command: " su superuser -c "scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null /home/USERID/.ssh/id_rsaV7000.pub superuser@160.160.70.105:/tmp/id_rsaV7000.pub  ""
DNZFM2275I SSH public key for admin was generated successfully
DNZFM2278I Assigned SSH public key file to admin.
DNZFM2279I Issue "mkdatasource" command: " /usr/smrshbin/smcli mkdatasource -c svc -f /home/USERID/.ssh/id_rsaV7000  -v V7000 -i 160.168.70.105"
DNZFM2284I Waiting for storage device managed endpoint to be created.
DNZFM2270I V7000 with management address: "160.160.70.105" was managed succesfully.
USERID@FSM-***:~>




 

저작자표시 비영리 변경금지

'Pureflex' 카테고리의 다른 글

FSM에서 DLPAR ...  (0) 2013.03.27
CMM 및 FSM IPv6 설정하기...  (0) 2013.03.22
p node의 console 창이 뜨지 않을 경우...  (0) 2013.03.19
BA09000B critical error in CMM (power node)  (0) 2013.02.12
블로그 이미지

Melting

,

p node의 console 창이 뜨지 않을 경우...

Pureflex 2013. 3. 19. 19:37

Chassis Management > Compute Nodes > node selection > Settings
      > Serial Over LAN
      > Enable Serial Over LAN : uncheck



저작자표시 비영리 변경금지

'Pureflex' 카테고리의 다른 글

FSM에서 DLPAR ...  (0) 2013.03.27
CMM 및 FSM IPv6 설정하기...  (0) 2013.03.22
FSM 1.2(+) 에서 external V7000 등록하기  (0) 2013.03.22
BA09000B critical error in CMM (power node)  (0) 2013.02.12
블로그 이미지

Melting

,

공지사항

태그목록

글 보관함

달력

«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

티스토리툴바