While configuring two vio server the other day, i wanted to transform both vio server SEA cards into SEA failover mode. I fell into the following trap :
If one Vio server is configured as followed :
1 virtual ethernet in vlan / pvid 1 with external network access yes, and trunk pri 1
SEA created between the adapter and this card, and, an internal adress configured on the SEA.
While configuring the other VIO server, in the same way than the first one, in order to transform it in failover mode, later, when you create the SEA adapter (with the virtual adapter on the same Vlan / pvid than the first vio server), you generate a biiig arp storm / broadcast storm, that can put your vlan, and more, down.
So, the good way to do it is to make directly the failover mode, as you create the SEA, or, to transform it before creating the second SEA on the second VIO server.
NOT : mkvdev -sea ent1 -vadapter ent4 -default ent4 -defaultid 3
but directly
mkvdev -sea ent1 -vadapter ent4 -default ent4 -defaultid 3 ha_mode=auto ctl_chan=ent3
Before, you should have the virtual adapter ent3 created, on vlan 3.
OR : if you just need to modify your existing SEA into failover mode :
chdev -dev ent3 -attr ha_mode=auto ctl_chan=ent4
there seems also to be a bypass at the switch level, which could be helpful : its the BPDU guard setting, which disables the port if bridging loop or packet storm occurs.
This is what it looks like at the end (2 differents networks for every partition)
Hello! Thank you so much for the post! We just had this exact scenario take place in our production network on a Cisco 6506-E with over 100 hosts attached. Unfortunately, we were down for over 4 hours before it was discovered what was actually happening (the AIX admin brought up the second VIO server and didn't tell anyone what he had done).
RépondreSupprimerMy question, if you know the answer, is: What happens internally to the VIO/SEA/etc. when you bring up the second VIO and it is not properly configured. We saw an ARP broadcast storm, but we are trying to understand what is actually taking place internal to the IBM server at that time? Great post and thank you so much!
Cheers,
Travis
Hello Travis,
RépondreSupprimerThanks for the comment. In fact, i guess that the real problem is that each adapter (and each vio server) "thinks" it's the primary.. and the two vio servers consider themselves as two switches able to route the same trafic.... I made the mistake by reading an "old" IBM redbook, which has been updated since (sg247940 : PowerVM Virtualization on IBM Sytem p: introduction ans Configuration page 267).
When you have two vio servers, which have independant adapters, they are not aware of the other one, unless they are tuned for failover. The broadcast occur when you have configured both lan adapters with the same pvid (internal vlan id), and same priority, and external networking. I reproduced it easily with my pals from networking...
I cannot go any further in explaination, i guess ibm support could maybe give you details on the internal details.
We used it to validate the bpdu guard feature, that was very useful.
Do not hesitate if you need more info, hope that helps!
Gilles