Support for VSwitch Priority Queuing is delivered via the PTFs for APARs VM66219, PH04703, and VM66223.

Currently all VSwitch outbound traffic to the external network is transmitted at the same priority. When VSwitch Priority Queuing is enabled, z/VM will establish multiple OSA QDIO Output queues, and transmit data to the external network at different priorities.

For an overview of this support, see Virtual Switch Priority Queuing.

For the z/VM Virtual Switch, 802.3 Ethernet frame formats were removed from CP initiated Layer 2 ARP communications. CP will support only Ethernet II (DIX) frame formats for ARPs and any other initiated communications. This will not prevent Guest VM use of 802.3 Ethernet frame formats. For the TCP/IP server, all TCP/IP initiated ARP requests for OSD devices will use Ethernet II (DIX) frame format. LCS devices will continue to support 802.3 and DIX frame formats.

With the PTF for APAR VM65918, z/VM support for exclusive and Multi-VSwitch Link Aggregation configurations is enhanced to improve load balancing to leverage both horizontal and vertical growth in single and cross virtual switch networking configurations.

APAR VM65925 provides support for Directory Network Authorization (DNA). With this new capability, each virtual NIC can be configured and authorized entirely within the user directory, simplifying virtual server provisioning.

New operands on the NICDEF statement enable specification of the following attributes for a virtual NIC:

• Virtual port number on the connected VSWITCH
• Virtual trunk port enablement
• VLAN associations
• Promiscuous (virtual sniffer) authorization

Additional support is provided in DirMaint with APAR VM65926 and in RACF with APAR VM65931.

This function provides the ability to clear certain counts that are displayed via the QUERY VSWITCH DETAILS command while the virtual switch remains active. The counts that can be cleared are: data, discarded, and errors. These counts can be cleared for the UPLINK port or the BRIDGEPORT.

When using an External Security Manager (ESM) to control a z/VM virtual switch, user access to the default VLAN ID is not permitted unless permission has been explicitly granted through appropriate ESM controls.

With the PTFs for APARs VM65583 and PI21053, z/VM provides support for Multi-VSwitch Link Aggregation on the IBM z13, allowing a port group of OSA-Express features (OSA-Express4S or later) to be shared by multiple virtual switches within a single z/VM system or between multiple z/VM systems. Sharing a Link Aggregation Port Group (LAG) with multiple virtual switches increases optimization and utilization of the OSA-Express when handling larger traffic loads. Higher feature utilization protects customer investments, which is increasingly important as 10 Gigabit deployments become more prevalent. With this support, a port group is no longer required to be dedicated to a single virtual switch.

A complete description of the support for Multi-VSwitch Link Aggregation can be found in z/VM V6.3 Connectivity, SC24-6174-05. It is highly recommended that this material be reviewed to gain and understand the concepts and scope of this new support.

This support builds on the existing live guest relocation framework to:

• Allow relocation of a port based interface.
• Prevent relocation of an interface that will clearly be unable to establish network connectivity.
• Adjust the destination virtual switch configuration (when possible) by inheriting virtual switch authorization from the origin.

The support adds the checks that are needed to safely relocate a guest with a port based virtual switch interface. Eligibility tests are performed before relocation to determine if the destination network is equivalent.

The support improves the preexisting base network eligibility test by testing other attributes that would prevent the guest from establishing connectivity. Without the improved checks, if you accidentally mislabel two networks as equivalent, a guest might be relocated to the destination node but find it impossible to establish network connectivity, and the reason for the loss of connectivity might not be clear.

The z/VM virtual switch has been enhanced to support Virtual Edge Port Aggregator (VEPA) mode, which allows advanced access, traffic, and security controls to be performed on network traffic.

VEPA is part of the IEEE 802.1Qbg standardization effort and is designed to reduce the complexities associated with highly virtualized deployments such as hypervisor virtual switches bridging many virtual machines. VEPA provides the capability to take all virtual machine traffic sent by the server and send it to an adjacent network switch. This mode of operation moves all frame relay switching from the hypervisor virtual switch to the (external) adjacent switch. With the adjacent switch handling the frame relay for virtual switch guest port to guest port communications, imbedded network based appliances in the adjacent switch such as firewalls, Access Control Lists (ACLs), Quality of Service (QoS), and port mirroring are available to be deployed for this guest port to guest port switching. VEPA eliminates the need to provide and support these network based appliances in the hypervisors or LPARs.

A new SET VSWITCH UPLINK SWITCHOVER command provides a fast mechanism to switch an uplink port's network connection from its current device to one of its configured backup devices. The use of this new command is less disruptive to virtual switch external network connectivity when there is a need to apply service to an OSA-Express feature.

Additionally, support is added to automatically enable or disable the z/VM Missing Interruption Handler (MIH) function for an OSA-Express or HiperSockets read, write, and data uplink device. MIH is used to detect and recover (failover) from network connectivity problems due to unresponsive or broken hardware.

The IP (Layer 3) virtual switch has been updated with a change in the way a duplicate IP address is handled. When a guest coupled to an IP virtual switch registers its IP address, the virtual switch will forward this setting to the Uplink for registration with the OSA-Express. The OSA-Express will verify that the same IP address is not already registered on the LAN segment. If it is, the OSA-Express rejects the request.

Prior to z/VM V6.3, the virtual switch marked this IP address as “Local”, and the guest IP address was reachable only on the local simulated LAN segment. In z/VM V6.3, the IP virtual switch now disables the IP address and marks it as “Conflict”. The guest IP address will no longer be reachable by guests on the simulated LAN segment.

This change allows the configuration problem to be highlighted more quickly. In the event that an existing configuration has been configured with a duplicate IP address for local connectivity within the virtual switch LAN, a unique IP address should be assigned, or the virtual switch should be configured without an Uplink port.

The z/VM virtual switch is enhanced to transparently bridge a guest virtual machine network connection on a HiperSockets LAN segment. This bridge allows a single HiperSockets guest virtual machine network connection to also directly communicate with the following:

• Other guest virtual machines on the virtual switch
• External network hosts through the virtual switch OSA UPLINK port
• Through the z/VM HiperSockets Bridge support, LGR (Live Guest relocation) between CECs in an SSI configuration is now supported for HiperSockets-connected guests

z/VM CP APAR VM65042, TCP/IP APAR PM46988, and Perfkit APAR VM65044 are required for this support. For more information see Virtual switch HiperSockets bridge

z/VM V6.2 implements multisystem virtualization using a z/VM single system image (SSI) cluster composed of up to four z/VM systems. This multisystem virtualization technology for the mainframe extends the z/VM virtualization technology to a new level, allowing members of the cluster to share resources and synchronize with other nodes, together presenting the appearance of a single system.

All members of a cluster share LAN segments and IP subnets. The concept of a global virtual switch provides identical network connectivity across all active members within a cluster.

Support for IBM zEnterprise System networks

z/VM enables access to the IBM zEnterprise System intranode management network (INMN) and intraensemble data network (IEDN) through the real and virtual networking capabilities of z/VM. As a result, the deployment and management of z/VM network topology is integrated into the zEnterprise environment and can be managed by the Unified Resource Manager. When connected to a z196 or z114 through the INMN, the resources of the zBX are viewed as a logical extension of the z196 or z114. These resources are then controlled and managed through the Hardware Management Console (HMC) and Support Element (SE) of the z196 or z114. The INMN requires an OSA-Express3 1000BASE-T, while the IEDN requires a port on two separate OSA-Express3 or OSA-Express4S 10 GbE features. Managing z/VM V6.2 from the Unified Resource Manager requires the z196 or z114 to be at driver level 93.

z/VM now provides the ability for a guest to have multiple unique access ports connected to the same virtual switch instance. Each access port has its own attributes (promiscuous and OSDSIM authority) and VLAN ID. Methods to associate guest NICs and VSWITCH ports are also provided. With this support, configuring a server to provide connectivity to multiple VLANs is easier because the guest does not need to be VLAN-aware. In addition, customers can choose which port numbers will be used. Because the mapping of systems to switch ports is known ahead of time, SNMP monitoring of the switch status is more useful, allowing virtual switches to be monitored and managed more like real switches.

The z/VM TCP/IP NETSTAT command has been enhanced with an option to display information such as IP addresses and MAC addresses from the OSA Address Table (OAT) for OSA devices and virtual switch controllers. Installation of OSA/SF to satisfy diagnostic requirements in service situations is no longer necessary for OSA-Express3 or OSA-Express4S devices.

1. New VLAN AWARE and NATIVE NONE operands and attributes
2. New Uplink NIC selection
3. New MAC address assignment and usage enforcement