PowerVM

Software Defined Networking - IBM PowerVM + Cisco ACI Proof of Concept

By Robert Kovacs posted Wed July 22, 2020 11:35 AM

  

Overview

The combination of IBM's Power servers, PowerVM virtualization, and Cisco ACI software-defined capabilities bring best of breed products together for the best performance, security, flexibility and control in enterprise level cloud deployments. 

Software-defined networking (SDN) provides the overall benefit of faster provisioning and agility, better security and improved control over traffic in the network.  These capabilities facilitate deploying workloads and resources quickly and securely to enable applications in the cloud.

 

Proof-of-concept Objectives

The objective of this proof-of-concept (PoC) was to validate out-of-the box compatibility of PowerVM based Power servers with Cisco ACI and to verify that ACI’s SDN capabilities could be extended to PowerVM logical partitions (LPARs) and workloads.

The primary focus of the PoC was network connectivity and Live Partition Mobility (LPM) on overlay networks (VXLAN). Specifically to validate that PowerVM LPARs (VMs) hosted on different Power servers and on different physical networks are able to communicate, and also to validate Live partition Mobility (LPM) between these servers.

In addition, validated that Cisco ACI Endpoint Group (EPG) contracts are properly preserved and enforced post LPM migration of LPARs from one Power server to another (i.e. security policies are retained and successfully applied post-migration). Each of these Power servers were connected to different leaf switches.

 

Proof-of-concept Topology

 

Figure 1:

 

PowerVM Configuration

Power Servers

Power S822 (Model: 8284-22A)

PowerVC

1.3.0.2

Virtual IO Server (VIOS)

2.2.4.10

Operating System

AIX 7100-03-05

  • Each of the Power Servers were configured with dual VIOS setup
  • LPAR creations and migrations were driven from PowerVC

 

Cisco ACI Configuration

ACI controller

1.2(3c)

Spine Switches

n9000-11.2(3c)

Leaf Switches

n9000-11.2(3c)

 

Integrating PowerVM with Cisco ACI

PowerVM LPARs (VM’s) were created using PowerVC, Power’s virtualization management tool. In Cisco ACI terms, LPARs are End Points (EPs). If one wants a set of EPs to be part of the same overlay network, then all of these EPs need to be part of the same End Point Group (EPG). The first step involves connecting the PowerVM servers to Cisco ACI Leaf switches. These leaf switches are interconnected by a spine switch as shown in Figure 1. After this, the VLAN ids used by the LPARs and leaf switch ports to which the PowerVM server are connected are mapped to the same End Point Group (EPG). The creation of the EPG and the mappings are done via Application Policy Infrastructure Controller (APIC) GUI.

 

Scenarios Validated

  1. LPAR communication via Cisco Virtual Tunnel Endpoints (VTEPs)
  • LPARs which are part of the same overlay network were hosted across different Power Servers, which were connected to different physical networks.
  • LPAR communication after a VIOS failure in a PowerVM dual VIOS setup (ie. Validated SEA Failover compatibility)
  • ping, ssh, and web (ports 22, 80 and 443) traffic were used for the tests.
  1. Live Partition Mobility (LPM) of AIX LPARs across physical networks
  • Migration of an AIX 7.1 LPAR from one Power Server to another which were part of different physical networks.
  1. Contracts across EPGs
  • Example EPG’s (e.g. HR, Sales, and Web EPGs) were created with contracts applied between the EPGs.
  • Migration of AIX LPARs which are part of the above EPGs to validate that the contracts are present and enforced post-migration.

 

LPM Validation Details

  • Single EPG (PowerVM-logicalnet) created
  • Both the Power S822 servers were connected to ports belonging to PowerVM-logicalnet EPG
  • Each of the Power S822 servers were part of different subnets
  • LPAR migrations (initiated via PowerVC) were performed successfully across the Power S822 servers.

                             


The left column of the above table represents the PowerVM-demo tenant with EPG PowerVM-logicalnet, and the right column shows the Bridge Domain and its contained subnets. 

Contract Validation Details

  • The same Topology (shown in Figure 1) was utilized.
  • Three EPGs, namely HR (VLAN 110), Sales (VLAN 120) and Web (VLAN 130) were created. Endpoints from Power Servers were linked to these EPGs (based on the VLANs they were part of).
  • LPARs (endpoints) which are part of these EPGs were migrated across Power servers to validate the contracts still enforce policy on the destination host post-migration.  Security policies were applied post-migration as per the contract rules.
  • All the configured contracts (shown in the table below) were successfully tested.

Contracts created:

  • HR EPG is allowed to ping and access web services (80/443) for the other two EPGs
  • ('consumes' the web-ping contract)

  • Sales EPG is allowed to SSH to the Web EPG
  • ('consumes' the sales-to-web contract, and 'provides' the web-ping contract)

  • Web EPG cannot access any of the other two EPGs
  • ('provides' the web-ping contract and the sales-to-web contract)

 

 

This document showed the steps for integrating PowerVM LPARs with Cisco ACI in your production and dev/test environments.  This is just the beginning.  Power Systems and Cisco plan to continue to collaborate to bring forward valuable enterprise grade SDN solutions to our users.

 


IBM and Cisco continue to cooperate to bring the best solutions to our shared clients as they move to new deployment models like cloud and new servers based on the POWER8 processor. 

About these solutions:

Cisco Application Centric Infrastructure (ACI) reduces TCO, automates IT tasks, and accelerates data center application deployments. It accomplishes this using a business-relevant software defined networking (SDN) policy model across networks, servers, storage, security, and services.

IBM® PowerVM® provides the industrial-strength virtualization for IBM Power Systems™ servers that run AIX®, Linux, and IBM i workloads. PowerVM enables efficient virtualization of server resources reducing server sprawl by driving higher utilization per core and more throughput per server. This efficiency results in significantly reduced costs, with improved service levels and security. 

Contacting the PowerVM Team
Have questions for the PowerVM team or want to learn more? Follow our discussion group on LinkedIn IBM PowerVM or IBM Community Discussions

0 comments
40 views

Permalink