Thanks David. I thought about doing vswitch but then AFIK I would end up with with virtual hipersockets on linux guest. And I've read in IBMs redbook for oracle 12:
IBM HiperSockets™ are certified and supported for the private network. Only a network that is configured with *real* HiperSockets is possible, as z/VM guest LAN HiperSockets cannot be configured on layer 2, which is required for ARP. Gregory 2015-11-19 15:20 GMT-05:00 David Kreuter <[email protected]>: > Hi - I've done the hipersocket VLAN implementation. It works well and of > course Alan's comments are correct. > > Another approach I've used is to create a VSWITCH on each LPAR using the > same set of OSAs. Now when you use VLANs on this VSWITCH RACF can be > involved for better protection. > > OK won't be as fast as hipersocket but it doesn't go far out of the box > either. > David Kreuter > > > > -------- Original Message -------- > Subject: Re: hipersockets > From: Alan Altmark <[email protected]> > Date: Thu, November 19, 2015 3:05 pm > To: [email protected] > > On Thursday, 11/19/2015 at 07:38 GMT, Grzegorz Powiedziuk > <[email protected]> wrote: > > From what I've learned so far, In order to achieve this, we need to have > a > > shared chpid between LPARS. Hipersockets on the same chpid can > communicate > > with each other. > > Hosts using the same VLAN on the same HiperSocket chpid can talk to each > > other. There are no controls on the VLAN ID that a host is permitted to > use, so from a security perspective, don't rely on HiperSocket VLAN > controls. > > > Ok, we've done that. We have defined a set of hipersockets on one chipd > for > > every LPAR and it works. Linux in one LPAR can talk to another linux in > > different lpar. > : > > Do I need to have a separate chpid for every cluster? Doesn't really > make > > sense, does it? > > Am I missing something? > > It depends entirely on your security posture. If you need enforced > isolation of each pair, then you need one chpid per pair. > > Alan Altmark > > Senior Managing z/VM and Linux Consultant > Lab Services System z Delivery Practice > IBM Systems & Technology Group > ibm.com/systems/services/labservices > office: 607.429.3323 > mobile; 607.321.7556 > [email protected] > IBM Endicott > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
