C H A P T E R 12 |
Adding Blade Management and VLAN Tagging in Solaris x86 |
This chapter tells you how to configure the system chassis to permit secure management of server blades from the management network.
This chapter contains the following sections:
This chapter tells you how to refine the configuration in Chapter 11 to enable you (as network administrator) to perform management tasks on the server blades from the management network (that is, by telnet connections direct to the server blades) without compromising the security of the management network.
The switch configuration described in Chapter 6 of the Sun Fire B1600 Blade System Chassis Software Setup Guide uses tagged VLANs to separate the data and management networks. For IPMP to work with this switch configuration, you need four IP addresses for each VLAN that the server blade is a member of. In other words, for a:
This is because the IPMP driver supports tagged VLANs by using a separate pair of logical Ethernet interfaces for each VLAN. These logical interfaces each have to be named manually according to a simple formula:
bge(VLAN id x 1000) + instance
where VLAN id is the number of the VLAN (as configured on the switch ports that the server blade is connected to inside the chassis), and instance is:
The effect of creating these pairs of logical Ethernet interfaces is to ensure that frames for one network go to that network and not to any other. Whenever the IPMP driver has a frame to send to the switch, it tags it for whichever VLAN is destined to receive it, and then transmits it using one of the logical interfaces available for that VLAN. One of the switches then receives the frame. And, assuming that the switch has been configured to accept frames for the VLAN indicated by the tag, it forwards the frame onto that VLAN.
The important point is that the server blade's IPMP driver has transmitted the frame onto a particular VLAN, and has used a redundant virtual connection to that VLAN to do so. Any other VLANs that the server blade is a member of have been prevented from receiving the frame.
This section tells you how to configure IPMP on a server blade so that the two Ethernet interfaces both provide two active logical interfaces (one each to the data VLAN and the management VLAN).
For purposes of illustration the instructions below use sample configuration input from the network scenario described in Chapter 6 of the Sun Fire B1600 Blade System Chassis Software Setup Guide.
Note - You need to perform the instructions in this section on each B100x blade that requires a redundant connection to the data network and the management network. |
1. If you have not already done so, migrate the blade from its DHCP configuration to a configuration that uses static IP addresses.
To do this, follow the instructions in Section 11.3, Migrating From DHCP to Static IP Addresses.
2. If you havenot already configured your switches by following the instructions in Chapter 6 of the Sun Fire B1600 Blade System Chassis Software Setup Guide, do so now.
3. Log into the console of the server blade whose interfaces you want to configure.
Type the following at the sc> prompt:
where n is the number of the slot containing the server blade you want to log into.
4. Edit the /etc/hosts file on the server blade to add the IP addresses for the management interfaces.
5. Remove the /etc/hostname.interface files, where interface is beg0 or bge1:
6. Set the netmasks for the management and data networks in the server blade's /etc/netmasks file.
7. Disable routing, because the server blade is not being used to perform routing.
8. In the blade's /etc directory, create files called:
hostname.bge2000, hostname.bge2001,
hostname.bge3000, hostname.bge3001