HP-UX Network Technology Update PDF

TECHNICAL ON-LINE SEMINAR PROGRAM
HP-UX Network
Technology
Update: Blades
and
Virtualization
©2011 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Legal Notice
©Copyright 2010, 2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice. The only warranties for HP
products and services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional warranty. HP shall not
be liable for technical or editorial errors or omissions contained herein.
This is an HP copyrighted work that may not be reproduced without the written permission of HP. You
may not use these materials to deliver training to any person outside of your organization without the
written permission of HP.
Export Compliance Agreement
Export Requirements. You may not export or re-export products subject to this agreement in violation
of any applicable laws or regulations.
Without limiting the generality of the foregoing, products subject to this agreement may not be
exported, re-exported, otherwise transferred to or within (or to a national or resident of) countries
under U.S. economic embargo and/or sanction including the following countries:
Cuba, Iran, Myanmar/Burma, North Korea, Sudan and Syria.
This list is subject to change.
In addition, products subject to this agreement may not be exported, re-exported, or otherwise
transferred to persons or entities listed on the U.S. Department of Commerce Denied Persons List;
U.S. Department of Commerce Entity List (15 CFR 744, Supplement 4); U.S. Treasury Department
Designated/Blocked Nationals exclusion list; or U.S. State Department Debarred Parties List; or to
parties directly or indirectly involved in the development or production of nuclear, chemical, or
biological weapons, missiles, rocket systems, or unmanned air vehicles as specified in the U.S. Export
Administration Regulations (15 CFR 744); or to parties directly or indirectly involved in the financing,
commission or support of terrorist activities.
By accepting this agreement you confirm that you are not located in (or a national or resident of) any
country under U.S. embargo or sanction; not identified on any U.S. Department of Commerce Denied
Persons List, Entity List, US State Department Debarred Parties List or Treasury Department
Designated Nationals exclusion list; not directly or indirectly involved in the development or production
of nuclear, chemical, biological weapons, missiles, rocket systems, or unmanned air vehicles as
specified in the U.S. Export Administration Regulations (15 CFR 744), and not directly or indirectly
involved in the financing, commission or support of terrorist activities.
Printed in USA
HP-UX Network Technology Update: Blades and Virtualization
Student workbook
2
Copyright 2011 Hewlett-Packard Development Company L.P. Information contained within this document is subject to change without notice
Warranty and Copyright Info
The information contained in this document is subject to change without notice.
HEWLETT-PACKARD PROVIDES THIS MATERIAL "AS IS" AND MAKES NO WARRANTY OF ANY KIND, EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. HEWLETT-PACKARD SHALL NOT BE LIABLE FOR ERRORS CONTAINED
HEREIN OR FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS IN CONNECTION
WITH THE FURNISHING, PERFORMANCE OR USE OF THIS MATERIAL WHETHER BASED ON WARRANTY,
CONTRACT, OR OTHER LEGAL THEORY).
Some states do not allow the exclusion of implied warranties or the limitations or exclusion of liability for
incidental or consequential damages, so the above limitations and exclusion may not apply to you. This
warranty gives you specific legal rights, and you may also have other rights which vary from state to state.
Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not
furnished by Hewlett-Packard.
This document contains proprietary information which is protected by copyright. All rights reserved. No part of
this document may be photocopied, reproduced or translated to another language without the prior consent of
Hewlett-Packard Company.
• Intel, Intel Inside and Itanium are trademarks or registered trademarks of Intel Corporation in the U.S.
and other countries and are used under license.
• Netscape, Netscape Commerce Server, Netscape Communications, Netscape Communications Server
• "N" logo, Netscape Navigator, Netscape Navigator Included logo and Netscape Proxy Server are U.S.
trademarks of Netscape Communications Corporation.
• Oracle ® is a registered U.S. trademark of Oracle Corporation, Redwood City, California.
• Oracle Reports™, Oracle7™ and Oracle7 Server™ are trademarks of Oracle Corporation, Redwood
City, California.
• Pentium® is a U.S. registered trademark of Intel Corporation.
• SQL*Net ® is a registered U.S. trademark of Oracle Corporation, Redwood City, California.
• UNIX ®is a registered trademark of The Open Group.
• Windows NT ® is a U.S. registered trademark of Microsoft Corporation.
• Windows® and MS Windows® are U.S. registered trademarks of Microsoft Corp.
• ® Microsoft is a registered trademark of Microsoft Corporation
• © Red Hat and Red Hat Enterprise are copyrights of Red Hat, Inc.
• ®IBM, AIX, and z OS are registered trademarks of IBM Corporation
• ©Sun, Java, and Solaris are copyrights of Sun Microsystems, Inc.
• ©SCO, UnixWare, and OpenServer are copyrights of The SCO Group, Inc.
• ©Novell and SUSE are copyrights of Novell, Inc.
• ®Debian is a registered trademark of Software in the Public Interest, Inc.
• ©bea and JRockit are copyrights of BEA Systems, Inc.
• ©Symantec and Veritas Storage Foundation are copyrights of Symantec Corporation
• Cisco© is a registered trademark of Cisco Systems, Inc.
• Check Point© is a registered trademark of Check Point Software Technologies Ltd.
• Stonegate© and Stonesoft Firewall Products© are registered trademarks of Stonesoft Corporation
• NetScreen© is a registered trademark of Juniper Networks, Inc.
• Nortel© is a registered trademark of Nortel Networks, Inc.
3
HP Virtual Room Info
Test Your System
• Test the system requirements on the PC you will use to log into the HP Virtual Room. Do this three or four days
prior to the seminar, so you will be able to reach technical support well before the seminar begins, if you happen
to run into any difficulties.
• Go to: www.rooms.hp.com
• Click the “test your setup” link
• You MUST see the Virtual Room open on your system.
• If you do not see the room or test results for step 3, the test was not successful!
• If you experience any problems with this system test, please contact the Virtual Delivery Support Desk.
• Please note that the help desk cannot assist in obtaining the correct key for this presentation. If you have a
question about the keys, please contact annette.zurawski@hp.com
Instructions to Attend the Technical On-line Seminar
The Virtual Room Key doesn’t seem to work

Dial into the audio portion of the seminar, press *0 on your telephone keypad and ask the operator to connect you
with the program manager or call coordinator, who should be in the presenter’s sub-conference approx. 10-15
minutes prior to call start time. She/he will provide the proper key information.
The Dial-in Number is not correct

Log into the HP Virtual Room using the information provided. The dial-in number should be listed at the bottom of the
HP Virtual Room screen. If you are unable to see that number, send a private chat to one of the presenters by right-
clicking on their name or enter your problem in the question tab and raise your hand.
The dot next to my name keeps turning Yellow/Red in the HP Virtual Room
You are experiencing delays in your connection to the HP Virtual Room. To help alleviate this problem, close any
other applications you may be running and avoid browsing the Internet during the presentation. If your problem
persists, log out of the HP Virtual Room, close all other applications and log back in. If it continues, raise your hand
and one of the presenters will message you and contact technical support.
Help Desk Numbers

HP Virtual Delivery Support Desk – http://education.hp.com/hpvr/support.htm
Intercall Phone Conferencing - 888.898.3178 or 706.634.4297 or log into the HP Virtual Room and Private Chat with
the operator in the call
4
HP Virtual Room Info
Important Information about Entering the HP Virtual Rooms
• You can access HP Virtual Rooms using MS Windows, Linux or Macintosh Operating Systems
o Please refer to the HP Virtual Rooms requirements page to ensure you have proper hardware to attend
the upcoming session www.rooms.hp.com/requirements
• If you are using Lotus Notes you will not be able to enter the HP Virtual Room by clicking on the URL link below.
You must cut and paste the URL into a new browser window.
• Before entering the HP Virtual Training Room, please close all other applications, especially email and instant
messaging programs, to ensure you have sufficient virtual memory to display the training material.
• You must temporarily disable any pop-up blocker software you may have installed on your system, including the
pop-up blocker installed with Windows. To do this, in the Internet Explorer window go to:
o Tools/Pop-up Blocker…/disable
o You may also choose to add *.hp.com to your list of specific websites allowed (You MUST do this with ,
to ensure you can use all of the HP Virtual Room functions). To do this, go to:
 Tools/Pop-up blockers/Settings In the Address of website to allow, add: *.hp.com
• If you do not have administrative privileges on your system:
o Your local IT department will need to log onto your machine as Administrator and install HP Virtual
Rooms for you
• HP Virtual Rooms requires both HPVR ActiveX and HP Virtual Rooms to be installed
o Both of these are located at: www.rooms.hp.com/resources along with instructions for installation
• When trying to download the HP Virtual Room software, if you see a yellow bar under the URL bar that reads
“Click Here to Download Active X Control”, please click on it to continue
• If your employer requires you to enter a user-id and password before entering the Internet you will need to enter
those credentials when accessing HP Virtual Rooms
• If you continue to experience issues, please contact the Virtual Delivery Support Desk
Instructions to Attend the Technical On-line Seminar
1. Click on the HP Virtual Room Login link, listed in the logistics at the top of this message
a. Remember, if you are running Lotus Notes, you must copy and paste this URL into a new browser
window
2. Enter your full name into the “Name” field
a. Entering your full name into the HP Virtual Room is important in the attendance verification process
3. The “Key” Field should already be populated for you
4. NOTE: Changing the Language choice from English to another language will change the language displays in
the HP Virtual Room, but it will not change the language of the Slides shown during the presentation.
5. Place your call to the audio conference using the Dial-in # listed in the logistics provided via email
6. Provide the operator with the Conference ID, your name, company and number of people from your company
listening on the same line with you
7. You will be placed on music hold, until the scheduled start time
5
Hand Up, Voting, Questions
Phone lines will be opened before
each break and at the end of the Click here to ask
seminar for Live Q&A a question
anonymously
Type your question in the
Question Field
Click on
the Hand
Up icon if
you have a
question or
problem
Click here if
you have the
Click on the same question Click here to
Yes/No voting as a previously save all Q&A to
if instructed submitted your hard drive
Click on the
to do so by question
Question
the presenter icon to open
the Question
Manager
Read a selected
question
Click to read all of

the responses to a
selected question
Read the
response to a
selected
question
6
©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1
2
• Any network technology deployed on your host is generally going to be a balanced
tradeoff between a number of factors.
• A single port LAN card will be cheaper than a 4 ports card, if only one port is needed
but more expensive “per port”
• If bandwidth is not an issue for the applications to be deployed, then a single LAN
card may be used with VLAN software to connect a single host to multiple (virtual)
LANs.
3
• There are many factors to consider when looking at cost. Simple cost measurements
may be based on a cost per card or per port. Some example costs per card:
• Single port 100BT - $600

• 4 port 100BT - $1300
• Single port Gig $700
• 4 port Gig $1100
• 10Gbe $6000
• Do not forget that each card will also consume an IO slot and the need for more
cards may also require a system with expanded IO capabilities and additional cost.
• Higher port densities on cards can reduce the need for IO slots by a factor of 4.
• Additional ports also require additional cables and switch ports ,which can be very
costly .
• Knowing what the real need for bandwidth is can greatly reduce the cost of
hardware, but do not forget to factor in potential needs in the near future.
• In most cases, Gigabit speed cards are sufficient today.
4
5
6
7
• SOX - Sarbanes-Oxley Act
• HIPAA - Health Insurance Portability and Accountability Act
• PCI DSS – Payment Card Industry Data Security Standard
8
9
1
2
3
4
5
6
7
8
• In this section we will talk about terminology and basic configurations.
9
10
11
12
13
14
15
16
1
2
3
• Trunk, Link Aggregate (HP), Channel (Cisco), NIC Bonding (Linux), Fat Pipe:
• Terms used to describe the grouping of multiple physical ports into one logical port. All of
these terms are interchangeable for this discussion
• PAgP - Port Aggregation Protocol:
• A Cisco proprietary protocol used to automatically form physical link connections into link
aggregates.
• PAgP is part of Cisco's Fast EtherChannel (FEC) product.
• LACP - Link Aggregation Control Protocol:
• IEEE 802.3ad industry standard protocol used to automatically form physical link
connections into link aggregates.
• Network speed vs. throughput:
• Aggregating 4 1Gb links does give 4Gb‟s of throughput speed. Only one NIC per data
flow is used.
• Aggregation distributes traffic across links.
• Data Flow:
• A stream of outbound Ethernet frames sharing a common destination. Data flows are
determined based on the load balancing algorithm configured.
• Load Balancing:
• The distribution of 2 or more data flows over the physical links making up a link
aggregate. Data flows are distributed over physical links based on their destination. The
destination can be based on tcp or udp port numbers, MAC address, or IP address.
• Link Partner
• The switch/router/hub port or server NIC connected to the APA devices.
• Link Down Event

• 1) whenever the operational status of the link is down as viewed with lanadmin.
• 2) when PAgP or LACP determine the link is not functioning. PAgP and LACP send
“hello” packets between the link partners. Thus they can detect link problems that might
not otherwise be detected
• Port
• The physical jack where a cable is attached to a card. It could refer to the port on the
HP9000, or the port on the switch or hub at the other end of the cable.
• PPA - Physical Point of Attachment.

• The PPA number is a means of identifying a particular physical port. For example, the
ppa number for lan3 is 3. But in the context of an aggregate, the PPA number for lan902,
for example, is 902. The aggregate lan902 could be comprised of lan1, lan2, lan3, and
lan4, whose ppa numbers are 1,2,3, and 4. Many of the lanadmin commands used to
manage, configure, and report on aggregates and interfaces refer to these PPA numbers.
6
7
• Only the APA LAN Monitor failover groups of LAN interfaces is supported when
running on HP Blade server Virtual Connect downlink ports.
• APA link-agg is currently not supported on an HP blade server using Flex-10
interconnect modules.
• APA link-agg is not SmartLink aware.
• APA link-aggregation is not supported when connecting to two separate physical
switches, unless the switch supports the split-trunking technology.
• Split Trunking is supported at HP Auto Port Aggregation B.11.11.30:
• Nortel‟s Split Mulit-Link Trunking (SMLT) Technology
• Cisco‟s Virtual Switching System (VSS) Technology
See the white paper:
• http://docs.hp.com/en/J4240-90048/apa-split-trunk-WP.pdf
• http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en
&cc=us&taskId=101&prodClassId=10008&contentType=SupportManual&docInde
xId=64255&prodTypeId=18964&prodSeriesId=4155379
Document: “Split Trunking Support with HP Auto Port Aggregation”
8
• APA provides aggregate grouping for reliability:
• To prevent unexpected ports from joining any link aggregate group numbers are assigned
to associate certain ports to specific link-aggregates.
• HP_APA_KEY/HP_APAPORT_KEY
Correlates LACP ports to a specific LACP aggregate.
• HP_APA_GROUP_CAPABILITY
Ports going to different link aggregates must have different group capabilities. This
value must match the value of HP_APAPORT_GROUP_CAPABILITY
• HP_APAPORT_GROUP_CAPABILITY
The “Link aggregate advanced parameters” describes how to choose the group
capability for link aggregates. The default group capability is 5.
9
Higher TCP throughput requires:
1. Data flow packets to go through one physical NIC to make sure they stay in order.
2. Packets data flows should not have any ordering problems.
• APA will distribute each channeled traffic flow to a different NICs in the logic link-
aggreate.
• The APA link-agg increases network throughput based on distributing traffic across
the ports in the aggregate.
• **Therefore network speed is not increased and throughput does not exceed the
potential of a single port.
• APA only balances outbound link-aggregate traffic flow. Inbound traffic is balanced
through the respective link partner (switch, router or remote server).
• Choosing the right LB algorithm depends on whether most of the traffic goes to a
server, a switch or a router.
• LB distribution efficiency is increase when run over the link-aggregate ports by
starting multiple data flows to various destination MAC addresses, IP addresses or
TCP/UDP port numbers.
• Each new or "aged" (30s inactive) data flow is assigned to the next link in the
aggregation on a round robin basis.
• You might need to reset or clear the data flow for a link aggregation, for example,
when adding
a new port to a link aggregate while the aggregate is up. This can be done after
adding the new link to the aggregate by running:
# nwmgr -r -q data_flow -c lanaggregate_instance
Use the load balancing altrithm that is right for your environment:
• LB_MAC: LB is increased when multiple data flow connections are made to
different systems (MAC addresses) only on the local subnet of the server. All traffic
to a specific remote MAC address on the same subnet will go over the same link in
the aggregate.
• LB_IP: LB is increased when multiple data flow connections pass through a

router to multiple IP addresses. All traffic to a specific remote IP address across a
router will go over the same link in the aggregate.
• LB_PORT: LB is increased when multiple data flow application connections are

made to a server with one IP or MAC. This is especially true when the traffic is TCP
or UDB based. All traffic to the same remote host using the same client and server
TCP or UDP port will go over the same link in the aggregate.
• If the application does not use TCP/UDP ports or the TCP/UDP ports are encrypted
LB will fall back to using LB_MAC.
• If you are unsure of if most traffic will be going to a switch or router then use
LB_PORT because it will balance based on the multiple client ephemeral ports.
• LB_MAC is recommended for server to switch connections.
• LB_MAC uses the destination MAC address found in the Ethernet header.
• Since every node has a unique MAC address, many of the addresses will differ in
the very last byte of the address
• This difference identifies each individual data flow, and data flows are what is
distributed across the ports in an aggregate.
• LB_MAC is NOT appropriate if most of the destinations are on remote subnets
because the traffic destined for those nodes goes the the MAC address of the router
from the HP system
• If the distribution is based on one MAC address, there would be only one data flow,
and only one port would be used.
• LB_IP recommended for server to router connections.
• LB_IP uses the last byte of the destination IP address found in the IP header.
• Low order byte of IP address is used as a hash into a distribution table.
• “Server to router” in this case does NOT refer to the physical cabling for the ports in
the aggregate.
• Instead it means that the traffic sent from the HP system must pass through a router en
route to the ultimate destination
• Since the destination IP is likely to differ greatly among a large number of destinations,
this provides a good basis to distribute traffic over many data flows, and therefore ports.
• This slide shows an excerpt from „netstat –an‟ to demonstrate why LB_PORT
provides a good basis for load balancing, even though in this “back to back” or
“server to server” configuration all the data is destined for the same MAC address
and the same IP address.
• Multiple simultaneous ftp transfers were started
• As the data connections were formed, the client side of the connection acquired
“ephemeral” ports from the OS, which are typically handed out sequentially, 53135
through 53142 in this case
• Adding the source and destination ports and using the last byte of the sum provides 8
different data flows here
• They get assigned to the physical ports in a round robin fashion, so if these were all “new”
dataflows, APA would distribute them evenly across the physical links.
Continued on next page

Continued from previous page
• LB_PORT recommended for server to server connections.

• LB_PORT uses the destination and source UDP/TCP port addresses from the
header.
• The low order byte from a hash of the sum of the UDP/TCP destination and source
port addresses is used as a hash into a distribution table.
• Note the term LB_PORT refers to the UDP/TCP port numbers for the connection,
NOT to ports within the APA configuration.
• In this case, LB_MAC and LB_IP load balancing cannot be effective, because the
destination system has only one IP and one MAC.
• LB_PORT is an effective solution in this case, because of the nature of client
connections to a server to use a sequence of different source port numbers to a
given server application for each connection
• Note that if the nature of the application is to make one connection to the server and
push all the data to the remote through one connection, there is only one data flow
and the throughput will be limited to that maximum for a single interface card in that
case.
•APA using 10 Gig links
17
18
• The only requirement LAN Monitor puts on this is that there be a link between the two switches such
that a linkloop from lan1 to lan2, and vice versa, would be successful.
• This is an advantage over a Hot Standby aggregate which does not have this requirement.
• For this reason, Hot standby aggregates will be phased out in favor of lan monitor
configurations.
/etc/rc.config.d/hp_apaconf
HP_APA_START_LA_PPA[0]=900
HP_APA_GROUP_CAPABILITY[0]=900
HP_APA_DEFAULT_PORT_MODE[0]=MANUAL
/etc/rc.config.d/hp_apaportconf
HP_APAPORT_INTERFACE_NAME[0]=lan1
HP_APAPORT_CONFIG_MODE[0]=LAN_MONITOR
HP_APAPORT_INTERFACE_NAME[1]=lan2
HP_APAPORT_CONFIG_MODE[1]=LAN_MONITOR
/etc/lanmon/lanconfig.ascii
NODE_NAME MyNodeName
POLLING_INTERVAL 10000000 #10s poll
DEAD_COUNT 3 #Polls missed before failover
FAILOVER_GROUP lan900
STATIONARY_IP 15.1.1.2
PRIMARY lan1 5 : 1 #Higher priority with low cost utilization
STANDBY lan2 3 : 1 #Lower priority with low cost utilization
APA LAN Monitor Notes:
• APA can define how many ports fail before the primary FOG migrates to the secondary FOG
• Serviceguard can not do this by itself
• For 11iv1 and 11iv2 only LM must have an IP address assigned to the primary link for LM to
work
• APA LM FOG can now support InfiniBand IPoIB as of APA B.11.31.0812
• If two switches or hubs are used for higher availability, there must be a data path between
them to allow them to be on the same subnet
• APA LM FOG is limited to switches supported by HP APA link aggregates
APA And HP Blade Servers:

• APA LM, not link-agg, is supported on HP Blade Servers
• Only HP Blade Virtual Connect uplink share ports can be link-aggregated with LACP
• Down link ports can not be aggregated with EtherChannel FEC or LACP.
• If an HP Blade Server is using the Virtual Connect module (patch panel, no routing) this will
block any attempts to configure APA link-agg trunking (FEC_AUTO or LACP_AUTO)
• This is because the VC blocks this protocol as the traffic pass-through the interconnect
HOT_STANDBY Mode (Will be depreciated):

• Does not require data-link connectivity between the LANs
• Uses one link in a link-agg with no load balancing
• This is intended for LM FOG (no trunking) or used for MANUAL mode active-standby link-aggs
trunking
• Can be used in a VLAN environment
• APA LM “active polling” sends out data-link layer poll to check the health on all links
in the link aggregate every 10 seconds by default.
• If APA LM “active polling” detects that a link is not responsive with in 3 polls (30
seconds) then nettl will be notified and the data flow to that unavailable link will be
cleared (aged out).
• It is recommended to set “HP_APA_DEFAULT_PORT_MODE=MANUAL” in the

hp_apaconf. If this setting is missing *all* APA capable ports on the system will
default to use the FEC_AUTO mode.
• nwmgr_apa(1M)
• When creating a failover group, a set of attributes may be defined to specify the behavior
of the failover group:
• dead_count, fixed_mac, mac, poll_interval, port_pri, port_cost, rapid_arp,
rapid_arp_interval, rapid_arp_count.
21
• For higher availability use: Failover groups, redundant switches/hubs, redundant
power supplies, etc.
• Failover groups are assigned a single interface name [eg. lan902] similar to lan
aggregates [eg. lan900 and lan901]
• APA LM FOG can have the primary and standby links also be link-aggregates
• The following features apply to Lan Monitor failover groups only:

• Uses SG like commands (lanqueryconf, lancheckconf and lanapplyconf) for configuring,
checking, applying, and deleting ports in failover groups
• LAN_MONITOR mode by itself does not offer load balancing
• Load balancing is available only when combining primary and standby link aggregates in
a Lan Monitor failover group
• APA LM failback to the primary link requires a higher priority setting and requires a
health check of 3 responsive data-link poll packets within 30 seconds by default.
• HP_APAPORT_PRIORITY (in the hp_apaport.conf file):

• Set the port priority for the port
• The port priority determines which port in a link aggregate will be the active interface
when the link aggregate is set to Hot Standby mode (HP_APA_HOT_STANDBY=on)
• The default port priority is 0
• HP_APAPORT_SYSTEM_PRIORITY (in the hp_apaport.conf file):

• For LACP_AUTO only
• Set the port system priority for the port specified by HP_APAPORT_INTERFACE_NAME
• The system priority gives control to the system to resolve waiting ports to be added in a
link aggregate
• The default system priority is 0
• Both Priority and Cost (proactive) failover defines when the active primary port
takes priority or fails over to the next available standby port which is listed as being
„up‟
• PRIORITY-BASED FAILOVER:
• If you assign a priority value to one link, you must assign a priority value to all links in
the failover group
• Otherwise, the default priority will be assigned as a 5
• COST-BASED PROACTIVE FAILOVER:

• Setting a cost defines a baseline of when the throughput is no longer tolerable for
the application needs running on the Primary LAN to switch to the Standby LAN
• The cost is based on the knowledge of external link speed efficiency

• A higher set cost correlates to a lower efficient (slower) network topology (e.g.
intercontinental WAN links)
• If two links have the same normalized cost, the one with the higher priority is
preferred.
• If the costs are the same then the active link will stay on the standby LAN even if the
primary LAN becomes available again.
• This means that when a link goes down APA first considers the priority then the cost
to decide which port will be the active link.
• When using “Proactive Failover”:
• Assigns normalized costs to high efficiency ports
• Setting this can control the potential changing of an active port to a ready port, with lower
normalization, while the active port is up
• An integer cost value must be defined for all ports in the group
• Cost values must follow the port priority value, preceded by a colon
• Setting costs to a low number helps define a higher efficiency
• The lower the cost port setting the higher the efficiency a port will be and the greater chance
it will be switch to these ready ports while the active port is up
• Setting cost is based on knowledge of external network expense (performance, monetary,
etc.)
• It is not based on the link speed
• If the primary and standby port have the same priority when the primary port goes down and
then becomes active again the standby, not the primary, port will continue to be used
• Priority: Defines the preferred (highest value) „active‟ port interface to be used in a failover
group
• Cost: Defines the cost values to preferred (lowest calculated value) ports in a failover group
• The cost is normalized by dividing this value by the “aggregate” link speeds
• The „active‟ port will always be switched to the working port having the lowest normalized cost
• This is referred to as the port with the highest networking utilization
• LAN Monitor transmits gratuitous ARP packets every 1 seconds for 1 minute by default.
25
• Proactive Failover cost is normalized by dividing the cost value by the “aggregate”
link speeds
• The lowest normalized port cost will be the preferred link

27
• *These are SG advantages over what APA can offer
• Before SG A.11.16 “Serviceguard Network Manager” required both inbound and

outbound message counts to stop incrementing before it would declare a NIC failed.
• In SG A.11.16 the "Serviceguard Network Manager" feature allows a NIC fail over to
be based on a defined minimum amount of network traffic.
• For more on traffic statistics and poll monitoring see the “Serviceguard Network
Manager” white paper:
• http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02054473/c02054473.pdf
• The APA link-agg increases network throughput based on distributing traffic across
the ports in the aggregate
• APA aggregates can’t be used for SG HB if also using VERITAS CVM versions 3.5,
4.1 or 5.0 or CFS versions 4.1 or 5.0
• This is only supported when using SG SMS A.03.00 and CVM/CFS 5.0.1.
• HP recommends to complete the configuration of APA prior to integrating it with

Serviceguard
• Requires SG A.11.17.01 and APA B.11.23.30 to do LM with FOG
For updates see: “HP Auto Port Aggregation Administrator's Guide” for the table
labeled “HP APA and LAN Monitor Capabilities”
NOTES for the above table:

1. MANUAL mode: Can be Load Balancing or Non-Load Balancing
• Load Balancing: MAC, IP, or LB_PORT algorithm
• Non–Load Balancing: Hot Standby mode
2. Load Balancing is configurable for outbound traffic on Ethernet links only
3. Links must be of the same speed and type (100Base-T or 1000Base-T)
4. LACP requires full duplex (FD) operation of the links
5. You cannot reset the speed, duplex mode, or MTU size over a link aggregate
6. This is for the total of link aggregates and failover groups combined
Other Notes:
• APA LM and Hot Standby is the only choice for FDDI and Token Ring
• Load Balancing is for outbound traffic only
• For updates see: “HP Auto Port Aggregation Administrator's Guide” for the table
labeled “Interoperability with HP Serviceguard”
• Serviceguard and APA *ARE* compatible with each other if using the versions stated
in the above table
• Serviceguard and APA restrictions:

• HP recommends to complete the configuration of APA prior to integrating it with
Serviceguard
• This will avoid Serviceguard from using a single PPA interface (lan0) which has
previously been configured in an APA virtual PPA (lan900)
• This configuration is unsupported
• SG A.11.17 requires APA links of a HOT_STANDBY link-aggregate to be bridged across
data-link layer
• SG A.11.18 does not support: Token Ring and FDDI interfaces, Virtual LAN (VLAN)
interfaces over FDDI or Token Ring, and failover groups of Token Ring and FDDI
interfaces in the LAN Monitor Mode of the APA product
• Beginning with the Serviceguard A.11.17 patch, PHSS_35427 or later, Serviceguard will
prevent cluster heartbeat from being configured over APA aggregates or InfiniBand
interfaces if CVM or CFS is configured
33
*See the APA Administrators guide for a troubleshooting flowchart.

1. Troubleshoot configuration issues:

• Verify these APA link and link partner characteristics are the same:
• Speed, duplex, CKO, TSO, MTU, flow control, trunk and switch settings, LAN Media
Access methods (1000Base-T, 1000Base-SX, or FDDI)
• Data-link level status can be verified by using the lanscan and 'linkloop -i LocPPA
RemMAC' commands
• You can stop and start the APA configured links by running:
• # /sbin/init.d/hpapa stop ; /sbin/init.d/hpapa start ; /sbin/init.d/net start
2. Failover issues: check link status with:

• # lanadmin -g [PPA]|grep Status
3. Failback issues: Make primary and standby/secondary ports use the proper LAN
Monitor priority and cost utilizations in the /etc/lanmon/lanconfig.ascii file
• Don‟t make these values the same
• Also check for problems with the primary link interface
4. Check link-agg outbound port load balancing utilization:

• Load balancing only works when there are many different outbound connection data flows
• Inbound load balancing is handled by the switch
• Consider all topology load balancing options for throughput
• Using the LB_PORT algorithm is more versatile, because when data flows occur between
the same 2 hosts (same MAC and IP), the client will use different temporary ephemeral
UDP or TCP port numbers
• Tools: HP GlancePlus and HP Software Network Node Manager(NNM) or PerfMon
• Also for APA on HP-UX 11.31 use:
• # /usr/sbin/nwmgr --stats monitor -q counter=p -q value=d --interval 5 -I 900 -S apa
5. For additional APA/LM logging set HP_APA_USE_SYSLOG=1 in the hp_apaconf

file
• Use HP-UX nettl tracing and netfmt subsystem filters:
• [NIC driver], HP_APA , HP_APAPORT, HP_APALACP
6. MANUAL mode can give false indications of having a valid link-aggregation

• SAM:Networking and Communications->AutoPort Aggregation->[select port]-
>Actions->Modify Network Physical Port Attributes
• To access SMH open the Microsoft Internet Explorer web browser to:
• http://hphostname:2301
• SMH:Tools (toolbar pick)->Network Interfaces Configuration (Auto Port Aggregation)
• HP-UX 11iv1 or 11iv2: Verify the desired APA configurations are correct by using the
commands
• See the lanadmin(1M).
# lanscan -q
# lanadmin [-x|-X] [-h|-H] -v PPA
• HP-UX 11iv3: Use the nwmgr_apa(1M) command which is replacing the lanadmin,
lanscan, and linkloop commands
• The lanadmin() command is still supported
• This command also has an added feature of saving settings in the configuration files
For further details see: nwmgr_apa(1M) and the APA Admin Guide.
# nwmgr --help -S [all|apa|subsystem]
# nwmgr [-x|-X] [-h|-H] -v PPA
# nwmgr -h -v [-g|-s|-a|-d|-r|--diag|--cra] -S [all|apa]
• See the APA Admin Guide for a command comparison table entitled:
“Legacy Commands and Corresponding nwmgr Commands”
• These messages can be seen by formatting the HP-UX system nettl log with:
# netfmt –f /var/adm/nettl.LOG000 |tail -50
• For more features see the “HP Auto Port Aggregation Administrator's Guide” and “HP
Auto Port Aggregation (APA) Release Notes”:
• http://h20000.www2.hp.com/bizsupport/TechSupport/Product.jsp?lang=en&cc=us&taskId
=101&prodClassId=10008&contentType=SupportManual&docIndexId=64255&prodTypeI
d=18964&prodCatId=427973&prodSubCatId=4155222
• HP-UX VLAN Documentation:

• http://www.hp.com/go/vlan
• VLAN over APA benefits:
• Higher bandwidth than single link
• Reliablility with VLAN of FOG.
• All usual VLAN benefits like over single links.
• VLAN creation over APA
• Use normal lanadmin commands:
• lanadmin –V create vlanid 200 901 (default options )
• VLAN over APA switch side requirements:
• Ports need to be included in a trunk
• Trunks are assigned to the Vlan or multiple Vlans and all need to be tagged
• Supply the following information during the call:
• The problem description
• A detailed description of the problem including the actions taken to produce the problem,
and actions taken to debug the problem
• The HP APA/LM configuration including the model number/type of the physical links used
in the aggregation or failover group
• You may want to include the hp_apaportconf and hp_apaconf files, or ask the
response center engineer to send the data collection script „linkinfo‟ to easily gather all
this info for you
• The type/model number of the link partner (switch, hub, server) and how it is configured
2
3
4
• Switches can have switchport security defined to specific MAC addresses and
prohibit all others.
• To accomplish its work a switch performs certain supporting tasks not enumerated
above such as calculating checksum and building and maintaining an internal MAC
address table.
5
6
• VLAN ID is defined in IEEE 802.1Q standard
7
• The diagram represents three separate VLANS which are tied together by a pool of
VLAN-aware switches. It can be seen that devices connected to different switches
can be on the same VLAN. The VLAN structure can help enforce security by
segregating traffic to certain ports of each switch included in a particular vlan.
Because the switches can be remotely managed, changes to VLAN membership
can be made easily without rewiring. Bandwidth is preserved because unknown
frame addresses are flooded to only VLAN assigned ports.
8
• All ports on a switch are set up by default to be part of the same default vlan with no
administration required at all. Simply plug in power cable and lan cable.
9
10
11
• The following frame was captured for a telnet session and formatted using
Wireshark. This was taken for a telnet session over VLAN 10.
No. Time Source Destination Protocol Info

45 09:35:54.099660 10.10.10.21 10.10.10.194 TCP [TCP Dup ACK
44#1] 56604 > telnet [ACK] Seq=2090335559 Ack=3855109068 Win=32768 Len=0
Frame 45 (58 bytes on wire, 58 bytes captured)

HP-UX Network Tracing and Logging (nettl) header
Ethernet II, Src: HewlettP_eb:0c:cc (00:19:bb:eb:0c:cc), Dst: HewlettP_eb:6c:69
(00:19:bb:eb:6c:69)
Destination: HewlettP_eb:6c:69 (00:19:bb:eb:6c:69)
Source: HewlettP_eb:0c:cc (00:19:bb:eb:0c:cc)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 10
000. .... .... .... = Priority: 0
...0 .... .... .... = CFI: 0
.... 0000 0000 1010 = ID: 10
Type: IP (0x0800)
Internet Protocol, Src: 10.10.10.21 (10.10.10.21), Dst: 10.10.10.194 (10.10.10.194)
Transmission Control Protocol, Src Port: 56604 (56604), Dst Port: telnet (23), Seq:
2090335559, Ack: 3855109068, Len: 0
12
13
• Note: Switch configuration must allow for level 2 (link level) connectivity between
hosts on same vlan.
• Prior to host VLAN configuration this should be verified with either linkloop or
(starting with hp-ux 11i.v3) nwmgr (–diag) command.
14
15
• [1] A LAN is a broadcast domain at the Data Link Layer because a broadcast or
multicast frame sent from a station is seen by all other stations in its LAN.
• [2] Most switches allow you to assign a name to each VLAN
• [3] Some switches support a much smaller number of VLANs. The number of
VLANs supported must not be confused with the number of FLAN IDs that can be
used. Typically, no limitations exist on which VLAN IDs you can use to identify VLAN
groups – most switches support the entire range of the 12-bit value to be used.
16
17
18
Benefits:
• Enables network I/O consolidation and higher bandwidth, through efficient usage of
multiple links under a single logical APA interface
• Improves reliability, because the VLANs continue to carry traffic in case the active
link failed.
• Provides flexible configuration options for applications, through multiple VLAN

interfaces created over highly available APA interfaces.
• Multiple VLAN interfaces can be configured for separate IP subnets used by different
applications
• Applications using use-dedicated links prior to consolidation can now use VLAN
interfaces created over the highly available HP APA aggregate or LAN Monitor failover
group.
• Thus, VLAN over APA enables resilient network I/O consolidation on servers with a
limited number of slots for network I/O
19
20
21
1
2
• Clusters consist of multiple “cooperating” nodes. They may be sharing a workload and in
High Performance Computing Clusters (HPC) or making resources highly available and in a
Service Guard Cluster
• Single systems are the most commonly deployed solution consisting of a single system with
CPUs, memory, and storage
• An N-Partion is the physical partitioning of a computer that divides the computer into groups
of cell boards where each group operates independently of the other groups. Multiple N-
Partitions (NPARs) may be combined to run a single instance of HP-UX. A hard partition
can also run a single instance of HP-UX or be further divided into virtual partitions. These
are also known as cells and cell based systems. Under an instance of HP-UX in a hard
partition lies real hardware.
• A Virtual Partition (VPAR) is a software partitioning of a computer or hard partition where
each virtual partition contains an instance of an operating system. Resources such as CPUs
and IO slots are assigned to a VPAR as discreet (non-shared) elements. Under an instance
of HP-UX running on a VPAR is a very small bit of software to allocate hardware resources
to various Virtual Partitions.
• A Virtual Machine (HPVM) is a software environment in which a single instance of HP-UX
may run on a single VM Guest. The Guest provides a virtual hardware environment with
virtual IO and CPUs. Multiple Guests may run ion a single HPVM Host. The HP VM Host
manages the actual physical resources and runs the HPVM Guests a s well as virtual
network switches.
• Secure Resource Partitions (SRP) provides multiple separate execution environments within
a single instance of an HP-UX operating system environment. SRPs are typically configured
to have a private IP address, a reserved share of system CPU and memory, and a restricted
ability to access files and processes utilized by other SRPs on the same system.
3
• A hard partition, also referred to as an nPartition or nPar, physically divides the
computer into groups of cell boards which operate independently of other groups.
Hard partitions isolate application environments from single points of failure,
meaning applications running within hard partitions are not affected by hardware or
software events occurring in other partitions. Each nPartition executes a single
operating system image, providing software isolation and enabling alternate
nPartitions to execute different versions of the operating system.
• Starting with HP-UX 11i v3 Update 1 (September 2007 Operating Environment

Update Release [OEUR]), HP released HP-UX 11i v3 Dynamic nPartitions. HP-UX
11i v3 dynamic nPartitions allows hard partitions (nPartitions) to be changed online,
while applications continue to be available to meet business objectives without
interruption. For more information, see
• External "HP-UX 11i v3 Dynamic nPartitions, Features and Configuration
Recommendations" white paper at:
• http://docs.hp.com/en/10907/dynamic_nPars_WP.pdf
• Three videos about HP-UX 11i v3 Dynamic nPartitions are available at:
• http://h71028.www7.hp.com/enterprise/w1/en/os/hpux11i-information-
library.html#webcasts
5
Features:
• Closely corresponds to a stand alone system

• Enables multiple HP UX Operating Systems and applications to be run on the same
physical system
• Provides for electrical isolation and isolates hardware failures to the specific
hardware partition (nPartition)
• Each nPartition has independent processor, memory, and I/O resources allocated
• Resources can be moved using commands via parmgr without manipulating
hardware
• Can increase/decrease processing power by adding/deleting cells to an nPartition
• Dynamic nPartitions allows configuration changes in an nPartition without requiring a
reboot (starting with HP-UX 11i v3
• Update 1 with specific firmware)
• Configuration
• Supported on Superdome, rp8420, rp7420, rx8620, and rx7620 servers today
• nPartitions can be granularized down to one cell
• Maximum number of nPartitions varies per server
• Configuration changes may require a system reboot, depending upon configuration
• Majority of hardware upgrades affect only a specific nPartition. However, when
running the dynamic nPartitions feature available starting in HP-UX 11i v3 Update 1
(with specific firmware), affected nPartitions will continue to process workloads
(Otherwise, the affected nPartition may need to be brought down.)
• Recommend using Partition Manager, a system management tool for configuring
and managing hard partitions
6
• HP-UX Virtual Partitions (vPars) software partitioning product carves up an individual
hard partition or server into several smaller virtual servers, each with their own
operating system, resources, and applications
• Any application or operating system-related failures can only impact or bring down
the vPar in which it is executing-without affecting other virtual partitions executing on
the same system
• Since vPars simply parses separate resources to different virtual partitions, the
technology is simple, with high performance
7
Features:
• Provides operating system, application and resource isolation within a server or hardware
partition.
• Failure is isolated to that specific virtual partition (vPar); other virtual partitions are
unaffected
• High performance software partitioning product, due to:
• Separate processor core, memory, and I/O H/W resources per partition
• Cell local resource support
• Resource granularities: processor core, 64 MB memory, I/O slot
• Provides operating system parameter independence per virtual partition
• Individual vPar reconfiguration and reboot
• Online creation, modification, and deletion of virtual partitions without a system or nPartition
reboot.
Affected virtual partitions may need to be re booted.
• Enables application specific O/S tuning
• Applications run the same within a virtual partition as they do in a standalone OS
• Dynamic processor migration
• Dynamic memory migration across virtual partitions (vPars A.05.01+)
• Configuration of virtual partitions allowed from any virtual partition, or from designated virtual
partitions, using flexible admin option (A.03.03+)
• Mixed HP-UX 11i vPars supported within an nPartition or HP server
• Configuration of virtual partitions allowed from any virtual partition, or from a dedicated
virtual partition using flexible admin option.
• Faster deployment since Ignite/UX is vPars aware
• Automated re allocation of processors between partitions with WLM and gWLM
• Command line interface (CLI)
• Additional resources through iCAP
• Integration with Serviceguard for failover or proactive workload balancing
Configuration
• Hard partitions can contain multiple virtual partitions; however, a virtual partition cannot span
multiple nPartitions.
• There can be a maximum of 8 virtual partitions per nPartition
• Each virtual partition can be supported in an nPartition with a maximum of 8 cells

NOTE: Within a particular nPartition, you cannot run HP-UX 11i Virtual Partitions and either
dynamic nPartitions or Integrity Virtual Machines
• Each virtual partition needs:

• One or more processor cores
• A certain amount of memory
• A bootable disk device (may use a combination card)
• A network connection (not absolutely required)
• Independent storage (may be direct attached or SAN)
8
• Integrity Virtual Machines (Integrity VM) is a soft partitioning and virtualization
product that can be used to carve an individual hard partition or server into several
smaller virtual servers, each with their own operating system, resources, and
applications. Any application or operating system related failure can only impact or
bring down the virtual machine (VM) in which it is executing-without affecting other
VMs executing on the same system.
• HP Integrity Virtual Machines increases server utilization by enabling customers to

partition any Integrity server, HP hard partition (nPartition), or Integrity blade, and its
associated processor, memory and I/O resources, into separate, secure virtual
machines, each with its own O/S instance, which can be tuned to individual
application needs.
• HP Integrity Virtual Machines provides the ability to allocate processor and I/O
resources to an application at a granularity less than that of the physical hardware,
yet keeps applications separate from one another in their own operating system
instance. This allocation model allows customers to increase their server utilization
(by running more applications on a server), while maintaining application fault and
security isolation.
• The physical processor, memory, and I/O resources are virtualized for the Virtual
Machines (VMs). Processor and I/O resources can be shared across virtual
machines reducing cost and increasing utilization.
9
• HP-UX Secure Resource Partitions (SRP) are used to consolidate multiple applications
within a single image of the HP-UX 11i operating system. This is an effective way to lower
the total cost of ownership (TCO). One instance of HP-UX 11i is licensed thus reducing
initial software license costs contrasted to multiple servers running multiple instances of the
software. Application software licensing and recurring costs may also be reduced depending
on the licensing metrics. Due to reduced software instances and reduced server count, TCO
may also be lowered for the recurring costs of maintenance and support, IT operations,
administration and facilities costs.
• SRP uses a combination of Security Containment compartments and HP Process Resource

Manager to provide controlled isolation of execution environments and system resources.
• Security Containment compartments provide for the isolation of files and process and
networking I/O associated with each application. Multiple application instances run securely
and isolated in a consolidated environment. Compartments provide for the isolation of files
and process associated with each application. Three core technologies are used for this
isolation, compartments, fine-grained privileges, and role-based access control. Together,
these three components provide a highly secure operating environment without requiring
applications to be modified.
• HP Process Resource Manager (PRM) is a resource management tool used to control the
amount of resources that processes belonging to an SRP compartment can use during peak
system load. PRM manages the allocation of CPU, real memory, and disk I/O bandwidth
resources.
10
2
3
4
5
6
• Install the Guest Operating System
• Plus…
• Install the Integrity VM guest management software which includes:

• Operating system patches to optimize virtual machine operation
• Integrity VM management tools, including hpvmcollect and hpvminfo (for HP-UX)
• The VM Provider, which allows you to use the VM Manager to manage the guest
• Integrity VM Linux guest management kit (also provides hpvmcollect and hpvminfo)
• Windows guests must install the Integrity VM Windows guest management kit.
7
8
9
10
11
12
13
14
15
16
17
18
• HP Insight Dynamics is advanced infrastructure lifecycle management software
which allows you to instantly adjust to dynamic business demands – provision and
modify a complex infrastructure in minutes.
HP Insight Dynamics includes:
• Integrated infrastructure design with automated activation of servers, storage and

networking
• Built-in capacity planning and rebalancing tools
• Automated disaster recovery and failover capabilities.
• OR…
• HP Capacity Advisor Consolidation software is a six-month-use license for just the

capacity planning capability of the HP Insight Dynamics suite for ProLiant or the HP
Virtual Server Environment suite for Integrity.
• http://h18004.www1.hp.com/products/servers/management/capad/index.html
19
20
2
• As stated earlier, the HPVM Guest runs as an application on the Host, so the guest network
is virtual.
• For virtual machines to communicate either with other virtual machines or outside the VM
Host system, each virtual machine's virtual network must be associated with a virtual switch
(vswitch).
• If you start a virtual machine without a vswitch, the virtual machine has no network
communication channel.
3
• Physical nic is part of the host system
• The physical network adapter, which may be configured with Auto Port Aggregation
(APA) as an aggregate or as a failover group.
• NOTE: Trunking software such as APA/Lan Monitor is supported only on the VM

Host, not on the guest.
• The virtual network adapter, as recognized by the guest operating system
• The virtual network switch maintained by the VM Host that is associated with a pNIC
and can be allocated to one or more guests
4
• The virtual machine monitor --hpvmdvr isolates the guest from the host.
• Virtual switch on the HPVM host runs as a user-space daemon –hpvmnetd
• HPVM-Host# ps -ef | grep hpvmnetd

root 1853 1 0 Mar 23 ? 0:48 /opt/hpvm/lbin/hpvmnetd
root 1860 1 0 Mar 23 ? 8:30 /opt/hpvm/lbin/hpvmnetd
root 12008 1 0 May 25 ? 0:03 /opt/hpvm/lbin/hpvmnetd
• The physical Ethernet adapter must be placed in a promiscuous mode.
From the switch side, host looks like an end node with multiple mac addresses.
• Which means all received packets are sent to the virtual switch driver.
• Vswitch2 = vmlan10 (pnic1 = lan901)
• Vswitch1 = vmsw0 ( pnic2= lan0)
5
• Command and line representation of all the HPVM guests and status.
6
• All VM Host to remote traffic should be via a dedicated network interface that is not
used for a vswitch.
• All VM Guest to remote traffic should be via another dedicated network interface to
back a vswitch. Do not assign an IP address that could be used for non-guest
communications on the VM Host to any LAN that is backing a vswitch. The HPVM
Host 4.X implementation, puts the LAN backing the vswitch into promiscuous mode
to route incoming packets off the wire, then to the vswitch, which then routes to the
guests. Thus, the need to split the traffic of VM Guests from the LAN used by the VM
Host for best performance.
7
• A virtual switch may be defined without a physical NIC and that virtual switch may
then be used by multiple VMs on that Integrity VM Host for communication.
• Localnet vswitch is automatically created
• Still need to associate the guest to the localnet vswitch
• Such virtual switches cannot be used to communicate with the Integrity VM Host or
other systems connected via physical network connections
8
• A vswitch without the backing of a host physical network card can be used by VIO
guest devices for communication among VIO guest devices registered with the same
vswitch
• This type of vswitch is typically referred to as localnet
• For VIO guest networks, a vswitch functions just like a physical network interface
card (pNIC), accepting network traffic from one or more virtual machines and
directing network traffic to all of its ports
• Unlike VIO guest networks, traffic from an AVIO guest LAN network device is
directed to the pNIC directly by a separate host module rather than by the vswitch
• In addition, AVIO does not support localnet type vswitch, because each AVIO guest
device must have a backing of the host physical device
9
• HPVM version 3.5 supported 11.23 as host only
• HP recommends to always download and use the latest available AVIO drivers
• A user must install and configure the respective kernel drivers on the VM Host and
Guest systems for the complete AVIO LAN functionality
• VIO lan driver for hp-ux Guest is iether device driver
• AVIO lan driver for hp-ux Guest is igssn deivce driver
10
• VIO lan driver for hp-ux Guest is iether device driver.
• AVIO lan driver for hp-ux Guest is igssn deivce driver.
HPVM-HOST# hpvmnet
Name Number State Mode Name PPA MAC Address IP Address
======== ====== ======= ===== ========= ============ ==============
localnet 1 Up Shared N/A N/A
vmsw0 25 Up Shared lan0 0x0018fe2fa2ed 16.113.144.193
vmlan10 27 Up Shared lan900 0x0019bbeb0ccc 192.16.16.193
• Hpvm-guest# ioscan -fkC lan

• Class I H/W Path Driver S/W State H/W Type Description
• ================================================================
• lan 0 0/0/1/0 iether CLAIMED INTERFACE HP PCI/PCI-X 1000Base-T
• lan 1 0/0/4/0 igssn CLAIMED INTERFACE HP IGSSN PCI 1000Base-Tr
11
• Guest lan0 associated with vmsw0 using VIO so iether driver is used
• Guest lan1 associated with vmsw10 using AVIO so igssn driver is used
12
Search AVIO on software.hp.com
Latest:
Product name Integrity VM AVIO Software Product # AVIO Version B.11.31.1103
13
14
• You can configure HP-UX VLANs for the guests
• VLANs isolates broadcast and multicast traffic by determining which targets should
receive that traffic, thereby making better use of switch and end-station resources
• With VLANs, broadcasts and multicasts go only to the intended nodes in the VLAN
• A local area network (LAN) defines a broadcast domain in which bridges and
switches connect all end nodes
• Broadcasts are received by every node on the LAN, but not by nodes outside the LAN
• A virtual LAN (VLAN) defines logical connectivity instead of the physical connectivity
defined by a LAN
• A VLAN provides a way to partition a LAN logically such that the broadcast domain for a
VLAN is limited to the nodes and switches that are members of the VLAN
15
• You can configure VLAN rules on the individual ports of the vswitch, similar to most
physical switches.
• Each VLAN is identified by a VLAN identifier (VLAN ID)
• The VLAN ID is a number in the range 0-4094
• Ports on a vswitch that are configured for the same VLAN ID can communicate with
each other
• Ports on a vswitch that are configured for different VLAN IDs are isolated from each
other
• Ports on a vswitch that do not have any VLAN ID assigned cannot communicate with
ports that have a VLAN ID assigned, but they can communicate with other ports that
have no VLAN ID assigned
16
• The HPVM vswitch conceptually acts as a real network switch
• As such, the individual virtual ports on the vswitch need to be configured for the VLAN tag
• The v-port is now conceptually connected as a port based VLAN and by virtue of a
given HPVM being connected to that v-port on the vswitch, will have traffic tag this
the VLAN header outbound and removed inbound
• The physical HPVM host adapter will forward the tagged traffic to the connected
physical switch
17
• Frames arriving at the vswitch from a guest can be “tagged” by the vswitch
• Tagging consists of inserting the VLAN ID information into the MAC header before
forwarding the frame on
• Tagged frames destined for a guest are always stripped of the tag information in the
frame before being forwarded
Good commands to know:
# /opt/hpvm/bin/hpvmnet -S vmlan10 -V
# /opt/hpvm/bin/hpvmnet -S vmlan10 -p all -A
18
• It should be further noted that HPVM vswitches do not support being configured on
the HPVM host's local VLAN PPA, lan5XXX (nested vlans are not supported)
• The vswitches can only be configured over supported Ethernet adapters' and over
APA links' PPAs
Hpvm-host# netstat -in

• Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
• Lan5000 1500 10.10.10.0 10.10.10.21 88 0 109 0 0
• Lan0 1500 16.113.144.0 16.113.144.193 5470219 0 3538352 0 0
• lo0 4136 127.0.0.0 127.0.0.1 10262329 0 10262329 0 0
• Lan900 1500 192.16.16.0 192.16.16.193 747680 0 727493 0 0
• Lan5001 1500 20.20.20.0 20.20.20.31 19 0 24 0 0
19
• Note: New feature starting in HPVM 4.2
• The guest now support VLANs so this should make it easier to configure/manage
20
• Tagging consists of inserting the VLAN ID information into the MAC header before
forwarding the frame on
• Here we have a ProCurve 6108 switch that is configured for three vlans
• Each vlan name has it‟s own ID or „tag‟
22
• ProCurve 6108 switch showing what ports are associated with each vlan
• For example, since lan900 is connected to port 3 on the switch, we can talk over all
three vlans
Hpvm-host# netstat -in

• Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
• Lan5000 1500 10.10.10.0 10.10.10.21 88 0 109 0 0
• lan0 1500 16.113.144.0 16.113.144.193 5470219 0 3538352 0 0
• Lo0 4136 127.0.0.0 127.0.0.1 10262329 0 10262329 0 0
• lan900 1500 192.16.16.0 192.16.16.193 747680 0 727493 0 0
• Lan5001 1500 20.20.20.0 20.20.20.31 19 0 24 0 0
23
• This network tracing example is for a AVIO enabled host/guest
• hssn will see both in and out to the guest, while the link driver will only trace
outbound
24
• hpvmcollect - Collects crash dumps, logs, system status, and configuration on the
VM Host and guests for post-mortem analysis
• When run on a VM Host, it collects system wide information, as well as, information
for a specified guest
25
• When run in a guest, the hpvmcollect command collects only the information
associated with the guest
26
©2010-2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1
©2010-2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
2
3
4
• This is a C7000 Enclosure viewed from the Front without any blades installed.
5
• Note that this presentation will more heavily favor the 7000 vs 3000
• The concepts are very similar, if not the same, and that the hardware typically is the
same for both
6
• Here are some of the C-Class components that we like to fill the enclosures with.
• Once again all these components fit in both the 3000 and 7000, the 3000 just has
less capacity and less I/O
• This presentation will be not be covering Fibre Channel and SAN

• HP Offers a Technical On-Line Seminar called ―Advanced BladeSystem Firmware
Management and Virtual Connect Flex-10‖ which covers these topics in more detail.
7
Proliant Blades – Several Models (not covered here)
Integrity Blades are ―full height‖ and may take 1 or more Blade slots in the front.
Blade types can be mixed in the same chassis
8
• LOM Ports are connected via the mid-plane to the Interconnect Bays 1 and 2.
• We‘ll cover more on Flex 10 shortly
9
• The mezzanine ports plug onto the blade and then connect via mid-plane to the
C7000 Interconnect Bays 3+4 / 5+6 / 7 + 8
• Note: the Flex-10 Nc532m Requires a Revision ―B‖ on the bl860c and bl870c
• More info to come!
10
• The odd and even numbered bays are cross-connected on the mid-plane for
redundancy and cross-module ―stacking‖.
• Notice the two Onboard Administrator (―OA‖) Modules below the Interconnect Bays.
11
• Notice how the LAN on Motherboard (―LOM‖) NIC1-NIC4 connect to Bays 1 and 2.
• This makes it easier to plan for network redundancy.
M1, M2, M3 are Mezzanine plugs on the Blade.

Notice all 3 ―Mezz‖ cards have different Interconnect Bay connection methodologies.
12
• Notice how the LAN on Motherboard (―LOM‖) NIC1-NIC4 all connect to Bay1 on
c3000
• M1, M2, M3 are Mezzanine plugs on the Blade

• Notice all 3 ―Mezz‖ cards have different Interconnect Bay connection methodologies.
13
• The concept of Interconnect module uplink ports and downlink ports is the same for
both LAN and SAN.
14
15
• This is the full family of supported LAN Interconnect Modules as of June 2011.
• n.b. Some modules are no longer sold.
16
17
• SFP/SFP+ Ports available for different media types.
• The HP ProCurve 6120G/XG Blade Switch provides sixteen 1Gb downlinks, four
1Gb copper uplinks, and two 1Gb Small Form-factor Pluggable (SFP) uplinks, along
with three 10Gb uplinks and a single 10Gb cross-connect. The 6120G/XG is well-
suited for data centers in transition or with mixed network requirements.
• The HP ProCurve 6120XG Blade Switch provides sixteen 10Gb downlinks, eight
10Gb SFP+ uplinks (including a dual-personality CX4/SFP+ uplink), and two 10Gb
cross-connect interfaces. The 6120XG is designed specifically for high bandwidth,
high throughput low latency applications.
• Cisco Catalyst Blade Switch 3120G for HP has 8 Gigabit Ethernet uplink ports: 4
10/100/1000BASE-T ports and 4 Small Form-Factor Pluggable (SFP) Gigabit
Ethernet ports. It has 16 downlink ports.
• The Cisco Catalyst Blade Switch 3120X for HP has 4 10/100/1000BASE-T ports and
2 X2-based 10 Gigabit Ethernet ports. The Cisco TwinGig Converter Module can be
used in place of X2 modules. The Cisco TwinGig module converts a single 10
Gigabit Ethernet X2 interface into two 1Gbe Ethernet SFP ports. It has 16 downlink
ports.
• Note these are not IP routers.
18
• The HP BLc 4X QDR IB Switch 16 internal 4X QDR downlink ports
• 16 external 4X QDR QSFP unlink ports
• The HP BLc 4X DDR IB Gen 2 Switch 16 Internal 4X DDR downlink ports
• 16 external 4X DDR QSFP uplink ports
• The QLogic BLc 4X QDR IB Switch 16 Internal 4X QDR downlink ports
• 16 external 4X QDR QSFP uplink ports
19
20
• So, where does Virtual Connect fit into our overall BladeSystem strategy?
• HP BladeSystem is revolutionizing data center infrastructure design and operation.
• In broad phases, it began as ―Blade Everything‖ where we brought all of the
infrastructure pieces together to reduce time, and cost to buy, build and maintain.
• Then we moved into the phase of Virtually Connecting everything. We were already
pooling and sharing the power and cooling for savings there, and then we introduced
server-edge virtualization with the Virtual Connect products. It frees up resources
from the constraints of the infrastructure. A user shouldn‘t be forced to limit his
business because of the way his IT infrastructure is designed. If he or she needs to
add a new server or move the workload from one to another, they can do that
without impacting the LAN or SAN networks.
• And, we‘re now moving into the phase where we automate everything with tools like
Insight Dynamics. The point is to align resources with the needs of the business
applications instead of constraining the business with a rigid infrastructure design.
• Virtual Connect with Flex-10 is all about adjusting the infrastructure to meet the
needs of the business applications. Now we‘re talking about a truly adaptive
infrastructure, and Virtual Connect is the foundation of any Adaptive Infrastructure.
The current and future phases are made possible with Virtual Connect.
21
• Virtual machines consolidate workloads
• Place new demands upon server I/O
22
• HP Virtual Connect
• Wire once – change ready connectivity for servers and virtual machines
• Switch and Virtual Connect
What is the difference?
• In part, it depends on where the interconnect device sits in the data center architecture
and who manages it.
• A switch is part of the Ethernet Network or the Storage Network. It is directly connected to a
server NIC or HBA, it communicates with the other switches that make up the data center
fabrics, and it is managed as part of those fabrics.
• In most enterprises, a switch by definition is owned and managed by the Network operations
group or the Storage operations group. In whatever way the device works, if it is a switch it
must be managed by the LAN or SAN administrator because they must have total control over
their network fabrics to make sure they can operate securely and efficiently.
• Virtual Connect is part of the server system. It forms a layer between the servers and
the Ethernet and Storage Networks so that the networks can‘t see any changes in the
servers.
• It‘s managed by the Systems Administrator as part of the server system. There is less
effort to managing Virtual Connect because it isn‘t as complicated as a switch; so the
Systems Administrator can easily handle that without detailed networking knowledge.
• And it‘s ideal for virtualization environments because it pools and shares the network
connections for the servers so that server changes are transparent to the LAN and
SAN networks.
24
• The Math
• 8 Virtual Machine hosts
• 6 NICs per host (4 LOM+1 dual or quad port Mezz card)
• 2 FC HBAs per host (dual port Mezz card)
• Using Pass-thru modules

• 6 Pass-Thru modules – 4 Ethernet and 2 SAN
• 64 cables per 8 servers.
• Still need LAN and SAN admin involved.
• Still have room to use 2 more NIC‘s per blade, but need 16 more cables.
• Using Virtual Connect

• 4 Virtual Connect Ethernet and 2 Virtual Connect FC modules
• 2 to 4 cables per 8 servers (4 gives redundancy)
• No need to involve LAN and San Admin!
• Still have room to use 2 more NICs per blade with no more cables!
25
• Virtual Connect Environment — The Three key components
• Virtual Connect Background
• HP Virtual Connect technology provides unique capabilities and tangible interconnect
value for BladeSystem c-Class customers. It simplifies network infrastructures by
reducing physical cabling, saves time and costs associated with systems deployment
and operations, provides server workload mobility and helps IT organizations work
smarter. In addition to enabling Flex-10 technology, Virtual Connect also provides the
infrastructure foundation for other Enterprise-class management offerings from HP,
such as HP Virtual Connect Enterprise Manager and HP Insight Dynamics-VSE.
• Virtual Connect Ethernet modules

• Connect selected server Ethernet ports to specific data center networks.
• Supports aggregation/tagging of uplinks to data center.
• ‗LAN-safe‘ for connection to any data center switch environment (Cisco, Nortel, HP ProCurve,
etc.)
• Virtual Connect Fibre Channel modules
• Selectively aggregate multiple server FC HBA ports (QLogic/Emulex) on a FC uplink using
NPIV.
• Connect enclosure to Brocade, Cisco, McDATA, or QLogic data center FC switches.
• Displays as a set of HBA ports to external FC switches.
• Virtual Connect Manager (embedded)
• Manage server connections to the data center without impacting the LAN or SAN
• Move/upgrade/change servers without impacting the LAN or SAN
26
• Virtual Connect
• Datacenter Neutrality
• Each Virtual Connect Ethernet module has several numbered Ethernet connectors. All of
these connectors can be used to connect to data center switches or they can be used to
stack Virtual Connect modules and enclosures as part of a single Virtual Connect domain.
• Networks must be defined within the Virtual Connect Manager (VCM) so that specific,
named networks can be associated with specific external data center connections. These
named networks can then be used to specify networking connectivity for individual
servers.
• A single external network can be connected to a single enclosure uplink or it can make
use of multiple uplinks to provide improved throughput or higher availability. In addition,
multiple external networks can be connected over a single uplink (or set of uplinks)
through the use of VLAN tagging.
27
28
29
30
31
• SmartLink
• SmartLink does not need to be enabled for a single network with multiple redundant
uplink ports assigned. However, it should be enabled if the customer expects the server
NIC port to be put into a down state if all of the uplink ports are no longer available,
regardless of the network configuration.
• If the customer expects to use multiple uplink ports from the same VC module to increase
available bandwidth and uplink port redundancy, the Connection Mode does matter.
When in Auto mode, VC should choose the lower numbered port operating at the highest
speed. You do not have any control over setting which uplink port is primary and which
one would be standby. When in Failover mode, you can set explicit values, however you
lose LACP capabilities.
• As an example, If you have 3 ports in a LAG and you lose one uplink of the three,
SmartLink does not drop link on the downlinks. If you had 3 more uplink ports from
another module in that same Vnet which had been in standby, VC would then use those
three as the active links, and take the 2 remaining ones from the first group, and make
those the standby links, preferring the path with the most ports.
• But
• Under some circumstances you might want servers within an enclosure to be able to
communicate through the network even though all the uplinks are down. For instance,
if you have a group of servers that need to talk amongst themselves within the VC
domain (maybe VMotion or a heartbeat link) and the vNet has an uplink attached, if the
uplink fails and SmartLink kicks in, all the server NICs will be disconnected and now
internal communications are also broken.
32
• SPAN (Port Monitoring)
• Virtual Connect supports port monitoring functionality to assist in troubleshooting networking issues
for servers connected to the external network through Virtual Connect. VC allows an Administrator
to define a single, active port monitoring session per VC domain.
• The monitor session must be configured with at least one ‗monitored port‘ and a single ‗analyzer
port‘. The ‗monitor port‘ list is the list of server downlinks whose traffic will be mirrored. The
‗analyzer port‘ is the VC uplink port that the network analyzer is connected to. VC will mirror the
traffic from the monitored ports to the analyzer port.
• A Port Monitoring session can mirror the traffic for up to 16 server downlinks to the analyzer port.
Any VC uplink can be defined as the analyzer port and any server downlinks can be selected as
the monitored port. There is no VC Ethernet module dependency.
• Lastly, the Administrator can choose the direction of the traffic to mirror – to the server, from the
server, or both.
• More information:
• HP Virtual Connect: Common Myths, Misperceptions, and Objections, Second Edition

• http://h20195.www2.hp.com/V2/GetPDF.aspx/4AA0-4515ENW.pdf
• HP Virtual Connect for the Cisco Network Administrator guide

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c01386629/c01386629.pdf
• Here‘s another great reference:

• Virtual Connect for Dummies
• http://h18004.www1.hp.com/products/blades/virtualconnect/connectfordummies/regForm.html
33
• Virtual Connect
• Server profile migration
• Virtual Connect has the ability to take a server profile from server A and migrate that
profile to a spare server in the event server A were to fail or go offline.
• The profile contains the ―personality‖ of the server including:
• Virtual Connect MAC addresses,
• Virtual Connect Fibre Channel WWNs
• LAN and SAN assignments
• Boot parameters
34
• Virtual Connect
• Once the migration has completed the spare blade assumes the settings of the failed
blade including the MAC addresses, Fibre Channel WWNs, SAN and network
connections.
• In a boot from SAN situation the Spare blade would then boot to the LUN that contains
the failed server‘s OS. In a local boot situation the hard drives of the failed server can be
brought over to the spare for local booting provided the hard drives were not the cause of
the fail over.
35
• HP Virtual Connect family
36
• HP Virtual Connect 1/10Gb-F Ethernet Module
• The VC Ethernet module has sixteen 1GbE downlinks to servers (connected across the
signal midplane), eight 1GbE uplinks to network (RJ45 copper Ethernet connectors), two
10GbE connectors (for copper CX4 cables), and one 10 GbE internal cross-connect link
(across signal midplane) for stacking when there is another Virtual Connect Ethernet
Module beside it.
• For users concerned with over-subscription ratios, all external 1GbE and 10GbE ports are
active all the time. With 16 gigabits (Gb) of bandwidth running down to the servers, and
28Gbps available to the data center switches, oversubscription is not an issue.
• Even if you use one of the 10GbE ports for stacking, 18GbE bandwidth remains available
for uplinks.
• Even using only one 10GbE uplink port to your external switches for one to eight modules
in an enclosure, the oversubscription runs from 1.6 (16Gb down/10Gb up) to 6.4 (64x
1Gb server downlinks / 10 Gb uplink), which can be very practical ratios depending on
what performance a user needs.
• The VC Ethernet module supports a wide variety of signal aggregation methods such as
VLANs, Etherchannel, NIC teaming, and shared port uplinks.
37
• Virtual Connect Ethernet stacking
• Any port can be used for stacking. Stacking cables are auto-detected.
• All VC Ethernet modules have an internal stacking link through the midplane.
• The Flex-10 VC-Ethernet module has two internal stacking links for a total of 20Gb.
• The best practices for stacking is to connect each Ethernet module to two different
Ethernet modules. In the example every module is connected to two different modules.
Each one uses the internal stacking link to stack to it‘s horizontal neighbor (the orange
lines). Then either 1Gb or 10Gb cables are used to stack to another module (the blue
lines).
• Note: The copper cables are limited to 15 meters. The DAC cables are proving more
reliable but, with a SFP+ transceiver moulded onto each end of the cable, are only
supported by the Flex-10 module.
38
39
• 4X more I/O connections per server
• Dual-channel 10Gb Flex-10 NIC onboard
• 8 FlexNICs on the motherboard
• 24 FlexNIC connections per server via expansion slots
• 100% hardware-level performance
• User-adjustable bandwidth from 100Mb to 10Gb
for each FlexNIC
• Virtual Connect Flex-10 technology
• Delivered in the Virtual Connect Flex-10 module
• VC Flex-10 reduces cables and simplifies NIC creation, allocation and management
• Save money at every turn
• Lowest cost solution for more than 2 NICs
• Lowest power consumption for 6 or more NICs – up to 240w savings per enclosure
• Lowest cost for 2 or more NIC connections per server (compared to Cisco 3120x).
One redundant pair of VC Ethernet modules supports 2 to 8 FlexNICs per blade
server, meeting most VM configuration needs.
• Lowest power solution for 4 or more NICs (compared to Cisco 3120x) Provides
lowest cost on-ramp to 10GbE.
40
• Flex-10 is part of Virtual Connect and its available only with Virtual Connect.
• And, its an example of embedding an element of Virtual Connect right on the server
in the form of Flex-10 NICs.
• There are two pieces to VC Flex-10. Special NICs that go onto the server, either
built-in NICs (we call these LOMs for LAN on Motherboard) or as dual-port NIC
mezzanine cards.
And the other piece is a Virtual Connect Flex-10 10 Gb Ethernet Module
• The Flex-10 NICs are very special. When connected to a Virtual Connect Flex-10
Ethernet Module, the NIC becomes 4 individual NICs that share 10Gb of bandwidth
among them. So, each 10Gb Flex-10 NIC is actually 4 NICs and we call them
FlexNICs.
• And, all 4 of the FlexNICs on a single 10Gb channel running over the signal mid-
plane, connect to a single Virtual Connect Flex-10 Ethernet Module. So, you only
need one interconnect module for 4 NICs!
41
• Virtual Connect Flex-10 Ethernet Module
• Sixteen internal 10GBASE-KR Ethernet connections to each server
• Two cross-links between adjacent Virtual Connect Ethernet modules
• Management interface to the Onboard Administrator
• Eight active uplink ports (2 of which are shared with the cross links)
• One CX-4 port
• All external ports except the CX-4 port, use SFP+ transceiver modules
• When Virtual Connect modules are inserted into an enclosure that is not part of a
Virtual Connect domain, the modules are configured to provide basic connectivity.
Each Virtual Connect Ethernet module is configured so that all server ports
connected to that module are connected to a single network, which is then
connected to a single uplink. Additional ports on that module can be aggregated
using LACP to provide greater bandwidth as long as they are connected to the same
external switch. (For aggregation of links to an external switch, the external switch
must support dynamic creation of link aggregation groups using the IEEE 802.3ad
LACP.) All stacking links are disabled. This default configuration is to enable
connectivity testing between server NICs and devices outside the enclosure prior to
Virtual Connect domain configuration.
42
• And Flex-10 offers another huge operational advantage - Precise Bandwidth Control at the
server
• Each FlexNIC speed can be custom set from 100Mb to 10Gb in 100Mb increments so that
each application gets the precise amount of bandwidth it needs. No more rigid network
speeds that under or over provision bandwidth.
• Most applications really need bandwidth within a certain range. For a management console,
500Mb might be plenty, but since normal NICs only come in 1Gb and 10Gb sizes, you‘re
forced to overprovision by 100%. On the other hand, you might want a lot of bandwidth for a
narrow backup window, so you trunk together 3 or 4 1Gb NICs to get a fatter pipe. You
could go all of the way to a 10Gb pipe, but you‘d need to buy expensive 10Gb adapters for
the servers and 10Gb switch ports and you‘d probably be over-provisioning and overpaying
like crazy and have a non-standard configuration.
• But, with Flex-10, the NICs are now built into the server as LOMs if you use bl8x0c i2
blades. So you didn‘t have to buy any NICs, let alone expensive 10Gb NICs. And, you have
10Gb to share across 4 FlexNICs, so if you want one to have 6Gb and another to have
500Mb, then you can set the other two to any value you want as long as the sum of all 4
NICs doesn‘t exceed 10Gb.
• And, Network administrators worry a lot about servers with 10Gb NICs demanding too much
network bandwidth, but with VC Flex-10, the Network Admin can set a ceiling on the
bandwidth available to any NIC and also set a recommended value in case the system
administrator doesn‘t have a particular value in mind. So, Flex-10 lets you make much better
use of your network resources.
43
• HP Virtual Connect Flex-10 Technology lets you Buy Less and Get More!
• It reduces the number of NICs and Interconnect modules needed, while increasing the
bandwidth, providing NIC bandwidth control at the server edge, and increasing the
number of interconnect bays now available for other uses.
• Let‘s go into a little more detail…

• A major challenge for blade server users is that for every network adapter on your
standard server, you‘ll need an interconnect module in the enclosure. This is the same
whether you‘re using switches or pass-thru modules or Virtual Connect modules (before
Flex-10 came along). And, it applies to all of our competitors as well.
• So, if you need 4 redundant Ethernet networks, you‘ll need 8 NICs and 8 interconnect
modules in 8 interconnect bays
• With HP BladeSystem C7000 enclosure you have 8 interconnect bays, which is quite
a lot, but they still fill quickly especially if you‘re using virtual machines
• For example, VMware recommends 6 NICs per server for a basic configuration. If you
also need Fibre Channel and InfiniBand in the enclosure, you‘ve run out of room.
• And, each of those NICs has a fixed speed. It‘s either a 1 gigabit NIC or if you‘re
willing to pay enough, it‘s a 10 gigabit NIC
• Though many applications could really use more than 1Gb, very few need 10 times that
much, but when you‘re buying NICs you don‘t have the choice of a 3.2 Gb NIC even
though that might be what your application really needs. So, you either choke the
application, trunk together multiple NICs and modules, or plug in a 10Gb NIC and
overprovision its bandwidth by 2/3.
44
• The bl860c and bl870c (not the i2 version) have 4x 1Gbe LAN on Motherboard ports
(LOM).
• With Virtual Connect Flex-10, to get those same 8 NICs and 4 redundant networks,
you need 1 Mezz card and you need only 4 interconnect modules!
• With the bl8x0 i2 the requirement drops to NO mezz card and 2 interconnect
modules!
45
• No Flex-10 Virtual Connect Module? In that case, the 2 10Gbe ports on the LOM
negotiate to 1 Gbe on the Interconnect Downlink Port.
46
• 16 x 10Gb Ethernet downlinks to server blade NICs and FlexFabric Adapters
• Each 10Gb downlink supports up to 3 FlexNICs and 1 FlexHBA or 4 FlexNICs
• Each FlexHBA can be configured to transport either Fiber Channel over
Ethernet/CEE or Accelerated iSCSI protocol
47
• Each FlexNIC and FlexHBA is recognized by the server as a PCI-e physical function
device with adjustable speeds from 100Mb to 10Gb in 100Mb increments when
connected to a HP NC553i 10Gb 2-port FlexFabric Converged Network Adapter or
any Flex-10 NIC and from 1Gb to 10Gb in 100Mb increments when connected to a
NC551i Dual Port FlexFabric 10Gb Converged Network Adapter or NC551m Dual
Port FlexFabric 10Gb Converged Network Adapter
• 4 SFP+ external uplink ports configurable as either 10Gb Ethernet or 2/4/8Gb auto-
negotiating Fibre Channel connections to external LAN or SAN switches
• 4 SFP+ external uplink ports configurable as 1/10Gb auto-negotiating Ethernet
connected to external LAN switches
• 8 x 10Gb SR, LR fiber and copper SFP+ uplink ports (4 ports also support 10Gb
LRM fiber SFP+)
• Extended list of direct attach copper cable connections supported
• 2 x 10Gb shared internal cross connects for redundancy and stacking
• HBA aggregation on FC configured uplink ports using ANSI T11 standards-based
N_Port ID Virtualization (NPIV) technology
• Allows up to 255 virtual machines running on the same physical server to access
separate storage resources
• Up to 128 VLANs supported per Shared Uplink Set
• Low latency (1.5 µs Ethernet ports and 2.0 µs Enet/Fibre Channel ports) throughput
provides switch-like performance.
• Line Rate, full-duplex 480 Gbps bridging fabric
• MTU up to 9216 Bytes - Jumbo Frames
• Supports up to 32,000 L2 MAC entries
• VLAN Tagging, Pass-Thru and Link Aggregation supported on all uplinks
• Stack multiple Virtual Connect FlexFabric modules with other VC FlexFabric, VC
Flex-10 or VC Ethernet Modules across up to 4 BladeSystem enclosures allowing
any server Ethernet port to connect to any Ethernet uplink
48
49
• OA is the brains of the operation
• OA is like iLO for the entire enclosure
• OA communicates with iLOs to gather information about each blade
• The OA and iLOs need to be on the same subnet to talk, OA is the gateway to the
iLOs
50
• With OA, one find out information about a particular component just by clicking on it
its graphic image, or by using the drop-down display on the left.
51
52
53
• Accessing the Virtual Connect Manager
• Through the Onboard Administrator
• Access to the VC Manager is over the same Ethernet connection used to access the
enclosure Onboard Administrator and server blade iLO 2 connections. To access the
VC Manager for the first time, you can either log in using a web browser to the
Onboard Administrator and then select the VC Manager link, or use the dynamic DNS
name printed on the tear-off tag for the VC-Ethernet Module in Interconnect Bay 1
(enter the DNS name in the browser address text field).
• Optionally you can set up a static IP address for the VC Manager, which will enable
you to maintain access to the VC Manager in the event that it fails over to the VC-
Ethernet Module in Bay 2.
• Note: The VC Manager typically runs on the Virtual Connect Ethernet module in Bay 1
unless that module is unavailable, causing a failover to the VC Manager running in Bay
2. If you cannot connect to the VC Manager in Interconnect Bay 1, use the Onboard
Administrator to obtain the IP address of the Virtual Connect module in Bay 2.
54
• Virtual Connect Manager Home Page
• This screen provides access for the management of enclosures, servers, and networking.
It also serves as the launch point for the initial setup of VC Manager.
• The VC Manager navigation system consists of a tree view on the left side of the page
that lists all of the system devices and available actions. The tree view remains visible at
all times.
• The right side of the page displays details for the selected device or activity, which
includes a pull-down menu at the top. To view detailed product information, select About
HP VC Manager from the Help pull-down menu.
• Note: The Home Page may look slightly different between firmware revisions
55
56
Thank you for Attending Today’s TOS
I sincerely hope you found today’s seminar

informative and enjoyable.
Your feedback is a necessary and valuable part
of the Technical On-line Seminar Program.
If you have any questions, comments or
suggestions, please send me an email message.
Please include the topic name and date
attended, in your email.
annette.zurawski@hp.com
Annette Zurawski
Program Manager
Technical On-line Seminar Program – Americas
annette.zurawski@hp.com
www.hp.com/services/tos
Technical On-line Seminar Program


HP-UX Network Technology Update PDF

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

HP-UX Network Technology Update PDF

Încărcat de

Drepturi de autor:

Formate disponibile

TECHNICAL ON-LINE SEMINAR PROGRAM

©2011 Hewlett-Packard Development Company, L.P.

Instructions to Attend the Technical On-line Seminar

The Virtual Room Key doesn’t seem to work

The Dial-in Number is not correct

Help Desk Numbers

Instructions to Attend the Technical On-line Seminar

Click to read all of

• Single port 100BT - $600

• In most cases, Gigabit speed cards are sufficient today.

• Link Down Event

• PPA - Physical Point of Attachment.

• LB_IP: LB is increased when multiple data flow connections pass through a

• LB_PORT: LB is increased when multiple data flow application connections are

Continued on next page

• LB_PORT recommended for server to server connections.

APA And HP Blade Servers:

HOT_STANDBY Mode (Will be depreciated):

• It is recommended to set “HP_APA_DEFAULT_PORT_MODE=MANUAL” in the

• The following features apply to Lan Monitor failover groups only:

• HP_APAPORT_PRIORITY (in the hp_apaport.conf file):

• HP_APAPORT_SYSTEM_PRIORITY (in the hp_apaport.conf file):

• COST-BASED PROACTIVE FAILOVER:

• The cost is based on the knowledge of external link speed efficiency

• The lowest normalized port cost will be the preferred link

• Before SG A.11.16 “Serviceguard Network Manager” required both inbound and

• HP recommends to complete the configuration of APA prior to integrating it with

NOTES for the above table:

• Serviceguard and APA restrictions:

Continued on next page

1. Troubleshoot configuration issues:

2. Failover issues: check link status with:

4. Check link-agg outbound port load balancing utilization:

5. For additional APA/LM logging set HP_APA_USE_SYSLOG=1 in the hp_apaconf

6. MANUAL mode can give false indications of having a valid link-aggregation

• HP-UX VLAN Documentation:

No. Time Source Destination Protocol Info

Frame 45 (58 bytes on wire, 58 bytes captured)

• [2] Most switches allow you to assign a name to each VLAN

• Provides flexible configuration options for applications, through multiple VLAN

• Starting with HP-UX 11i v3 Update 1 (September 2007 Operating Environment

Continued on next page

• Closely corresponds to a stand alone system

Continued on next page

• Integration with Serviceguard for failover or proactive workload balancing

• There can be a maximum of 8 virtual partitions per nPartition

• Each virtual partition can be supported in an nPartition with a maximum of 8 cells

• Each virtual partition needs:

• HP Integrity Virtual Machines increases server utilization by enabling customers to

• SRP uses a combination of Security Containment compartments and HP Process Resource

• Install the Integrity VM guest management software which includes:

HP Insight Dynamics includes:

• Integrated infrastructure design with automated activation of servers, storage and

• HP Capacity Advisor Consolidation software is a six-month-use license for just the

• NOTE: Trunking software such as APA/Lan Monitor is supported only on the VM

• The virtual network adapter, as recognized by the guest operating system

• Virtual switch on the HPVM host runs as a user-space daemon –hpvmnetd

• HPVM-Host# ps -ef | grep hpvmnetd

• The physical Ethernet adapter must be placed in a promiscuous mode.

• Vswitch2 = vmlan10 (pnic1 = lan901)

• Vswitch1 = vmsw0 ( pnic2= lan0)

• Localnet vswitch is automatically created

• Still need to associate the guest to the localnet vswitch