Thanks for taking the time to type out that detailed response, Lech! If I may, I'd like to keep my follow up questions answerable by yes or no.
>
1a) When creating a Shared Ethernet Adapter in a two VIOS failover setup, the mkvdev can also specify an IP address attribute (-attr netaddr=x.x.x.x) which is then associated with the SEA being configured. Is this required?
> No
So, basically, I can have an SEA failover setup between two VIO servers without any IP addresses?
>
1b) Is this for exclusive use of the control channel to ping the other VIOS to check on its availability? Or can it also be used for external administration/management communications?
> This address is the IP address of the external entity that would be used by VIOS to verify SEA access to outside world by ICMP ping. So this is not a local address (it does not get assigned to any interface on VIOS) and therefore one cannot use it for network traffic from/to VIOS.
So although the "-attr netaddr" attribute is specified in the same mkvdev command that creates the SEA itself, that IP address is not directly associated to the SEA itself, correct?
Also, this IP address is not something I can ssh into from the external network?
>
1c) If used exclusively for the control channel, do I create another virtual adapter that connects to the SEA and give that adapter its own IP address?
> N/A as answer to 1b) makes it so.
Got it.
>
1d) If external admin/mgmt is on its own VLAN (12 for example), is it enough to just do "mkvdev -vlan SEAentX -tagid 12", give it a different IP address and expect external hosts to be able to communicate with that VIOS? (SEA is on VLAN ID 999, in my example)
> Yes, although configuring network access to VIOS by assigning IP address to SEA interface is usually not the best idea - you might not be able to reconfigure SEA without disrupting communication from/to this address. This in turn means that for such action you'd have to login to VIOS from virtual console as an SSH session could get cut off by your own actions (SEA reconfiguration).
This is a bit of a gray area for me because I've seen in several documents (e.g., IBM PowerVM Virtualization Introduction and Configuration, for one) saying that the IP address should be configured on the SEA adapter itself, but your explanation makes perfect sense because of the availability implications. Guess I have to do a bit more reading on this specific point.
>
1e) What happens if you fail to specify an IP address on both VIOS?
> I am not sure which IP address you are referring to. If it is the one you write about in 1a), then in general nothing would happen, but this means each SEA would base its usability solely on the real interface link state and ha_mode attribute setting. Whether this is what you really want actually depends on you and your environment.
Yes, you understood it correctly. I guess my question now should be, is it proper to configure an SEA failover between VIO servers
without configuring these IP addresses on the two VIOS?
>
2a) As stated above, the system will have LPARs on three different VLANs. Is it absolutely necessary to create separate virtual ethernet adapters for each VLAN with "mkvdev -vlan entX -tagid vlanid"?
> No. You may have multiple VLANs bridged by one virtual adapter. Limit is 20 - 1 specified in as PVID and 19 specified by additional VLANs set. Waring: VLAN tags for PVID gets stripped from network frames on egress from vswitch, so this might not be what you really want. In particular, having multiple briging virtual network interfaces when at least one of them have just PVID specified (no additional VLANs) is most likely not what you want as it won't get you all those VLANs bridged properly.
Makes sense.
>
2b) Is it instead possible to have all LPAR's virtual ethernet client adapters (across three different VLANs) to connect to a single virtual ethernet server adapter in the VIOS servers (VLAN 99, which no host on the network uses)? Is this recommended?
> First, there are no "server vs client" differentiation for virtual network adapters. There are bridging and non-bridging ones, depending on "trunk-priority" value. Having said so, if you mean something like
"configure SEA with just one bridging adapter that has VLAN 99 as PVID and VLANs X, Y and Z as additional VLANs and use this SEA to service traffic to/from other LPARs that use VLANs X, Y or Z" then yes, this will work. Is it recommended over having three separate bridging virtual network interfaces? Usually yes, because you get almost the same flexibility (additional VLANs set can be modified on-the-fly by DLPAR actions) while wasting less VLAN IDs - basically not more than one of all PVIDs in bridging adapters may be effectively used, as mentioned in 2a). Please remember about limits for a single virtual adaptera (no more than 19 additional VLANs), one SEA (no more than 16 bridging virtual adapters) and one LPAR (no more than 256 virtual ethernet adapters.
You got it exactly right (the part which I italicized in your reply).
Again, awesome reply! Thanks!
Carlo Castillo