z/VM Virtual Networking Enhancements

z/VM Release Description
7.1.0 new Virtual Switch Priority Queuing

Support for VSwitch Priority Queuing is delivered via the PTFs for APARs VM66219, PH04703, and VM66223.

Currently all VSwitch outbound traffic to the external network is transmitted at the same priority. When VSwitch Priority Queuing is enabled, z/VM will establish multiple OSA QDIO Output queues, and transmit data to the external network at different priorities.

For an overview of this support, see Virtual Switch Priority Queuing.

7.1.0 Removal of Support for IEEE 802.3 Ethernet Frame Types

For the z/VM Virtual Switch, 802.3 Ethernet frame formats were removed from CP initiated Layer 2 ARP communications. CP will support only Ethernet II (DIX) frame formats for ARPs and any other initiated communications. This will not prevent Guest VM use of 802.3 Ethernet frame formats. For the TCP/IP server, all TCP/IP initiated ARP requests for OSD devices will use Ethernet II (DIX) frame format. LCS devices will continue to support 802.3 and DIX frame formats.

6.4.0 VSwitch Link Aggregation Load Balancing Enhancements

With the PTF for APAR VM65918, z/VM support for exclusive and Multi-VSwitch Link Aggregation configurations is enhanced to improve load balancing to leverage both horizontal and vertical growth in single and cross virtual switch networking configurations.

6.4.0 Simplified virtual NIC configuration and VSWITCH operation with enhanced NICDEF statement
RFE 64250

APAR VM65925 provides support for Directory Network Authorization (DNA). With this new capability, each virtual NIC can be configured and authorized entirely within the user directory, simplifying virtual server provisioning.

New operands on the NICDEF statement enable specification of the following attributes for a virtual NIC:

  • Virtual port number on the connected VSWITCH
  • Virtual trunk port enablement
  • VLAN associations
  • Promiscuous (virtual sniffer) authorization

Additional support is provided in DirMaint with APAR VM65926 and in RACF with APAR VM65931.

6.4.0 Resetting counters for a virtual switch
Requirement MR1027104651

This function provides the ability to clear certain counts that are displayed via the QUERY VSWITCH DETAILS command while the virtual switch remains active. The counts that can be cleared are: data, discarded, and errors. These counts can be cleared for the UPLINK port or the BRIDGEPORT.

6.4.0 VLAN access security improvement

When using an External Security Manager (ESM) to control a z/VM virtual switch, user access to the default VLAN ID is not permitted unless permission has been explicitly granted through appropriate ESM controls.

z/VM Release Description
6.3.0 Multi-VSwitch Link Aggregation
Requirement MR0510116451

With the PTFs for APARs VM65583 and PI21053, z/VM provides support for Multi-VSwitch Link Aggregation on the IBM z13, allowing a port group of OSA-Express features (OSA-Express4S or later) to be shared by multiple virtual switches within a single z/VM system or between multiple z/VM systems. Sharing a Link Aggregation Port Group (LAG) with multiple virtual switches increases optimization and utilization of the OSA-Express when handling larger traffic loads. Higher feature utilization protects customer investments, which is increasingly important as 10 Gigabit deployments become more prevalent. With this support, a port group is no longer required to be dedicated to a single virtual switch.

A complete description of the support for Multi-VSwitch Link Aggregation can be found in z/VM V6.3 Connectivity, SC24-6174-05. It is highly recommended that this material be reviewed to gain and understand the concepts and scope of this new support.

6.3.0 Live guest relocation support for port based virtual switches

This support builds on the existing live guest relocation framework to:

  • Allow relocation of a port based interface.
  • Prevent relocation of an interface that will clearly be unable to establish network connectivity.
  • Adjust the destination virtual switch configuration (when possible) by inheriting virtual switch authorization from the origin.

The support adds the checks that are needed to safely relocate a guest with a port based virtual switch interface. Eligibility tests are performed before relocation to determine if the destination network is equivalent.

The support improves the preexisting base network eligibility test by testing other attributes that would prevent the guest from establishing connectivity. Without the improved checks, if you accidentally mislabel two networks as equivalent, a guest might be relocated to the destination node but find it impossible to establish network connectivity, and the reason for the loss of connectivity might not be clear.

6.3.0 Virtual Switch Support for VEPA

The z/VM virtual switch has been enhanced to support Virtual Edge Port Aggregator (VEPA) mode, which allows advanced access, traffic, and security controls to be performed on network traffic.

VEPA is part of the IEEE 802.1Qbg standardization effort and is designed to reduce the complexities associated with highly virtualized deployments such as hypervisor virtual switches bridging many virtual machines. VEPA provides the capability to take all virtual machine traffic sent by the server and send it to an adjacent network switch. This mode of operation moves all frame relay switching from the hypervisor virtual switch to the (external) adjacent switch. With the adjacent switch handling the frame relay for virtual switch guest port to guest port communications, imbedded network based appliances in the adjacent switch such as firewalls, Access Control Lists (ACLs), Quality of Service (QoS), and port mirroring are available to be deployed for this guest port to guest port switching. VEPA eliminates the need to provide and support these network based appliances in the hypervisors or LPARs.

6.3.0 Virtual Switch Recovery Stall Prevention
Requirement MR0825111220

A new SET VSWITCH UPLINK SWITCHOVER command provides a fast mechanism to switch an uplink port's network connection from its current device to one of its configured backup devices. The use of this new command is less disruptive to virtual switch external network connectivity when there is a need to apply service to an OSA-Express feature.

Additionally, support is added to automatically enable or disable the z/VM Missing Interruption Handler (MIH) function for an OSA-Express or HiperSockets read, write, and data uplink device. MIH is used to detect and recover (failover) from network connectivity problems due to unresponsive or broken hardware.

6.3.0 Duplicate IP Address Handling on a Virtual Switch Requirement MR0513111155

The IP (Layer 3) virtual switch has been updated with a change in the way a duplicate IP address is handled. When a guest coupled to an IP virtual switch registers its IP address, the virtual switch will forward this setting to the Uplink for registration with the OSA-Express. The OSA-Express will verify that the same IP address is not already registered on the LAN segment. If it is, the OSA-Express rejects the request.

Prior to z/VM V6.3, the virtual switch marked this IP address as Local, and the guest IP address was reachable only on the local simulated LAN segment. In z/VM V6.3, the IP virtual switch now disables the IP address and marks it as Conflict. The guest IP address will no longer be reachable by guests on the simulated LAN segment.

This change allows the configuration problem to be highlighted more quickly. In the event that an existing configuration has been configured with a duplicate IP address for local connectivity within the virtual switch LAN, a unique IP address should be assigned, or the virtual switch should be configured without an Uplink port.

z/VM Release Description
6.2.0 z/VM HiperSockets bridge

The z/VM virtual switch is enhanced to transparently bridge a guest virtual machine network connection on a HiperSockets LAN segment. This bridge allows a single HiperSockets guest virtual machine network connection to also directly communicate with the following:

  • Other guest virtual machines on the virtual switch
  • External network hosts through the virtual switch OSA UPLINK port
  • Through the z/VM HiperSockets Bridge support, LGR (Live Guest relocation) between CECs in an SSI configuration is now supported for HiperSockets-connected guests

z/VM CP APAR VM65042, TCP/IP APAR PM46988, and Perfkit APAR VM65044 are required for this support. For more information see Virtual switch HiperSockets bridge

6.2.0 z/VM single system image clusters

z/VM V6.2 implements multisystem virtualization using a z/VM single system image (SSI) cluster composed of up to four z/VM systems. This multisystem virtualization technology for the mainframe extends the z/VM virtualization technology to a new level, allowing members of the cluster to share resources and synchronize with other nodes, together presenting the appearance of a single system.

All members of a cluster share LAN segments and IP subnets. The concept of a global virtual switch provides identical network connectivity across all active members within a cluster.

6.2.0 NOTE: This support was removed in z/VM 6.3.0

Support for IBM zEnterprise System networks

z/VM enables access to the IBM zEnterprise System intranode management network (INMN) and intraensemble data network (IEDN) through the real and virtual networking capabilities of z/VM. As a result, the deployment and management of z/VM network topology is integrated into the zEnterprise environment and can be managed by the Unified Resource Manager. When connected to a z196 or z114 through the INMN, the resources of the zBX are viewed as a logical extension of the z196 or z114. These resources are then controlled and managed through the Hardware Management Console (HMC) and Support Element (SE) of the z196 or z114. The INMN requires an OSA-Express3 1000BASE-T, while the IEDN requires a port on two separate OSA-Express3 or OSA-Express4S 10 GbE features. Managing z/VM V6.2 from the Unified Resource Manager requires the z196 or z114 to be at driver level 93.

6.2.0 Multiple access ports per guest (PORTBASED VSWITCH)

z/VM now provides the ability for a guest to have multiple unique access ports connected to the same virtual switch instance. Each access port has its own attributes (promiscuous and OSDSIM authority) and VLAN ID. Methods to associate guest NICs and VSWITCH ports are also provided. With this support, configuring a server to provide connectivity to multiple VLANs is easier because the guest does not need to be VLAN-aware. In addition, customers can choose which port numbers will be used. Because the mapping of systems to switch ports is known ahead of time, SNMP monitoring of the switch status is more useful, allowing virtual switches to be monitored and managed more like real switches.

6.2.0 OSA Address Table support

The z/VM TCP/IP NETSTAT command has been enhanced with an option to display information such as IP addresses and MAC addresses from the OSA Address Table (OAT) for OSA devices and virtual switch controllers. Installation of OSA/SF to satisfy diagnostic requirements in service situations is no longer necessary for OSA-Express3 or OSA-Express4S devices.

z/VM Release Description
6.1.0 The z196 platform offers an ensemble managed (zManager) system environment that consists of new "internal" Ethernet LANs created to provide standard Ethernet access for z Systems and attached blades. z/VM supports these new LANs in both its real and virtual networking support. With APARs VM64780 and PM06209, the z196 managed system environment is integrated into the deployment and management of z/VM's network topology. Included with this support are the following z/VM VSwitch enhancements:
  1. New VLAN AWARE and NATIVE NONE operands and attributes
  2. New Uplink NIC selection
  3. New MAC address assignment and usage enforcement
(APARs VM64780 and PM06209)
6.1.0 Enhanced performance of virtual networking environments running heavy guest-to-guest streaming workloads
z/VM Release Description
5.4.0 Port isolation security that provides the ability to restrict guest-to-guest communications within a VSWITCH and between other partitions sharing the OSA-Express adapters used by the VSWITCH. Virtual Switch port isolation and QDIO data connection isolation can help you design virtual networks that adhere to strict traffic-separation policies.
(APARs VM64463 and PK67610)
5.4.0 Query VSWITCH filtering by user ID or RDEV. Query LAN filtering by user ID.
5.4.0 VSWITCH data transfer counters at VLAN level. Obtained using Diagnose x'26C' interface.
5.4.0 Improved monitoring of VSWITCH backup devices.
5.4.0 SNMPTRAP CMS command to generate SNMP Version 1 enterprise trap.
5.4.0 z/VM stack provides OSD Layer 2 support.
z/VM Release Description
5.3.0 Port Isolation support.
(APARs VM64463 and PK67610)
5.3.0 Network Diagnose Support.
(APAR VM64471)
5.3.0 Fulfilled statement of direction for Virtual switch IEEE Standard 802.3ad Link Aggregation support. Up to eight OSA-Express2 features associated with an ETHERNET (Layer 2) virtual switch can be grouped and used as a single "fat pipe" helping to increase bandwidth and provide near-seamless failover in the event of a link failure.
5.3.0 dot1dBridge MIB support for virtual switches. SNMP support for the dot1dBase group and the dot1dTp group as documented in RFC 1493.
5.3.0 Domain 8 - Virtual Networking monitor domain
5.3.0 Diagnose x'26C' functions. Information equivalent to the QUERY CONTROLLER, QUERY LAN, QUERY VSWITCH, and QUERY NIC commands.
5.3.0 Virtual network configuration change simplification. Changes to the authorized VLAN ID set and to promiscuous mode authorization take effect immediately instead of requiring a REVOKE, a GRANT, and an UNCOUPLE/COUPLE.
5.3.0 Virtual switch Native VLAN ID configuration.
5.3.0 Virtual network SNMP Trap support.
z/VM Release Description
5.2.0 OSA-Express3 4-port Gigabit Ethernet support.
(APARs VM64277 and PK50120)
5.2.0 Sniffer support for virtual networks including ESM authorization.
5.2.0 VLAN range support with APAR VM63735.
5.2.0 Pre-configured virtual switch controller stacks DTCVSW1 and DTCVSW2.
5.2.0 Fulfilled statement of direction to simplify networking administration and management of VLANs with support for GARP VLAN Registration Protocol (GVRP) using OSA-Express2.
(APARs VM63784 and PK08444)
5.2.0 Fulfilled statement of direction to provide system and guest exploitation of HiperSockets supporting the IPv6 protocol.
(APARs VM63850 and PK14010)
z/VM Release Description
5.1.0 ETHERNET (Layer 2) VSWITCH Statement of Direction fulfilled with CP APAR VM63538 and TCP/IP APAR PQ98202.
The virtual switch can handle all types of traffic - not just IP.
Requires a current OSA Express Feature on a z890 or z990 or an OSA Express 2 Feature.
5.1.0 ESM Support for VSWITCH and Guest LAN
5.1.0 IEEE 802.1q compliance changes. VSWITCH is VLAN aware or not VLAN AWARE. PORTTYPE option added. VLAN ANY option removed.
Some configurations may require migration effort.
5.1.0 Enhanced VSWITCH failover support. Stall detection. Improved error reporting and recovery.
5.1.0 VMLAN allows specification of ranges for automatic and static MAC address assignments
5.1.0 Removed virtual NIC requirement for even/odd pair
z/VM Release Description
4.4.0 HiperSockets Guest LAN - broadcast
4.4.0 QDIO Guest LAN - IPv6
4.4.0 IP VSWITCH introduced with VLAN support
z/VM Release Description
4.3.0 HiperSockets Guest LAN - multicast, accounting
4.3.0 QDIO Guest LAN - unicast, multicast, broadcast, accounting
z/VM Release Description
4.2.0 HiperSockets Guest LAN - unicast

This document is maintained by:

Susan Farrell
z/VM Development