> the guest lan is created defining it to vm, then i must > define the nics, > and couple them to the linux clients, and then configure it > just like if > the guest lan would be the hub or switch, and the nics are standard > ehternet cards right?
Right. Think of it as a LAN segment connected directly to a router, like it was in the old days when Ethernet was really physcial coax and you tapped the coax with a vampire tap where you wanted to put a host. You design it the same way. Keep in mind that you should also be designing for redundancy, so plan on having at least two physical connections to the outside world, and plan on accepting dynamic routing updates into the network from the server farm complex, so you can shut down one of the incoming physical connections if you need to tinker with the topology inside the machine. > what speed can the nic reach? It's a function of how fast your CPUs are. Theoretically, as fast as the memory bus of your machine. Realistically, on a z900, it's in the 0.6-1GByte/sec per guest LAN range, by the time you factor in protocol overhead, etc. That's still lots faster than real Ethernet, but it *will* be a CPU hog if you try to drive it that hard. Also keep in mind that that speed figure *only* applies to hosts communicating WITHIN the box; if you have to go outside the box, you're limited to the bandwidth of a single adapter at the moment (ie, 1 Gbit/sec). I don't think anyone's got multilink Etherchannel-style processing working yet, and the OSA microcode attempting to be smart is making that work much more complicated. > and, what about firewall inside the z800, its a good idea to keep that > load inside vm or its best to keep it in another server outside the z? Firewalling is a very expensive operation in terms of CPU. On the other hand, the cost of creating multiple connections to the outside is equally a royal pain. If you have spare CPU capacity -- and I mean at least a full CPU to dedicate -- you can keep it inside the box. Otherwise, you're probably better off keeping that function outside the 390. 390 network adapters are still a lot cheaper than 390 CPUs, and a outboard 500Mhz Intel Linux system is very cost effective as a firewall server. When 10Gbit Ethernet rolls around, this will be a much bigger issue. We (Sine Nomine) are working with IBM to explore some different ways to improve the OSA to make it better suited for the server farm environment. We hope some changes in the way packet processing is done and elimination of some of the more annoying features of the current design will make these types of implementations a lot less complicated. -- db
