Using SLES within IBM Power Virtual Server
IBM Power Virtual Server located in IBM data centers: Off-premises
IBM Power Virtual Server Private Cloud: On-premises
You can deploy a Linux® virtual machine (VM) by using one of the IBM stock operating system (OS) images, or you can bring your own Linux image (in OVA format).
You can choose from the following options:
- Register for a full Linux subscription.
- Use your own Linux subscription from a Linux vendor.
If you choose to register for full Linux subscription, an extra charge applies to your provisioned VM for Linux support through IBM. A full Linux subscription requires use of one of the stock OS images that are provided by IBM. In the image menu, select IBM provided subscription to choose one of the IBM stock images. For more information on how to provision and register by using a full Linux subscription, see Full Linux subscription for Power Virtual Server.
If you plan to use your own license, select the OS image that is suffixed with -BYOL
. On the VM Provisioning page, these images are listed under the Client supplied subscription section.
The IBM® Power® Virtual Server provides Linux (RHEL and SLES) stock images for SAP and non-SAP applications. To know more about the SLES versions that are supported, see What versions of AIX, IBM i, and Linux are supported?.
To ensure that you are running the supported OS levels and to plan for upgrades to the latest levels, refer to SLES OS release lifecycle information.
If you do not choose to use the full Linux subscription for Power Virtual Server you must obtain the subscription directly from the vendor and bring your image. After you deploy your Linux VM, you must log in to the VM and register it with the Linux vendor’s satellite server. To reach the Linux vendor satellite servers (where you can register and obtain packages and fixes), you must attach a public network to your VM.
When you create an OVA image, you must include the appropriate Power Virtual Server environment cloud-init
packages. Download the appropriate cloud-init
package from Installing and configuring cloud-init.
To run SUSE Linux Enterprise Server on Power Virtual Server, your hardware must meet the minimum memory requirements. A minimum of 1024 MB of memory is required for a minimal installation. On machines with more than two processors, add 512 MB per CPU. The memory values specified are valid only for the installation of the operating system. The actual memory requirement in production depends on the workload of the system. For more information about the SLES hardware recommendations, see https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-power.html.
Registering and purchasing a subscription to SLES
You cannot contact the SUSE-based repository and download the appropriate software packages without first enabling your SLES subscription.
-
To buy a SUSE subscription, see How to Buy.
-
To register your system, see Registering an Installed System .
Capturing and importing a SLES image
To use SLES within the Power Virtual Server, you can use the IBM Power Virtualization Center (PowerVC) to capture your Linux image, then import it as an Open Virtualization Appliance (OVA) file. You must also bring your own license (BYOL). If you cannot use PowerVC to capture an image, see the Power OVA image capture instructions.
Linux networking
To connect a Linux virtual machine (VM) to the public internet, you must add a public network when you provision a Power Virtual Server. You must set up a Linux-based NAT gateway on a public-facing Linux VM if you have Linux VMs that do not need an internet-facing external IP address. For more information, see 19.6 Basic Router Setup and Linux NAT(Network Address Translation) Router Explained.
When you are configuring a Source NAT (SNAT) gateway between your public and private networks, ensure that the TCP checksum offload option is disabled. You must also set the maximum transmission unit (MTU) value to 1450 on the network interface that is connected to the private network. To ensure that the interface checksum offloading and MTU settings of the network interface are persistent whenever the virtual machine is restarted, you need to modify the configuration files of your network interface.
The TCP checksum offload option must be disabled on the private network interface of the SNAT Gateway and virtual Ethernet device must be of the type ibmveth
. You do not need to change the TCP checksum offload option for public
network interface. IBM® Power® Virtual Server VMs are deployed by using ibmveth devices only.
You can verify that the device interface type is ibmveth
by using the following command:
ethtool -i <interface name> | grep driver
The following instructions are applicable to SLES version SP15. If you need additional help to configure network interfaces, refer to the SLES documentation.
-
Identify the name of the private network interface that you want to modify. Use the following command to identify the network interface names based on the IP address that is assigned to the network interface:
ip -4 a s (for IPv4 address) ip -6 a s (for IPv6 address)
-
Edit the
ifcfg-<NIC>
file (where NIC is the network interface name that is identified in step 1).SLES: /etc/sysconfig/network/ifcfg-<NIC>
- Add or modify the following lines:
For SLES: MTU='1450' ETHTOOL_OPTIONS='-K <NIC> rx off'
-
Restart the VM.
-
After the restart operation is complete, verify that the MTU value and the checksum offloading setting are correct.
-
Verify the checksum offloading setting by running the following command:
ethtool -k eth0 Features for eth0: rx-checksumming: off tx-checksumming: off <cut>
-
The ethtool
command sets both the rx-checksumming and tx-checksumming options to off when one of these options is disabled.
Verify the MTU value by running the following command:
ip link show eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc fq_codel state UNKNOWN mode DEFAULT <...>
Configuring SNAT in the Power Virtual Server environment
Most organizations are allotted a limited number of publicly routable IP addresses from their ISP. Due to this limited allowance, administrators must find a way to share access to internet services without giving limited public IP addresses to every node on the LAN. To learn more, see Forward and NAT rules.
SNAT router configuration
Complete these steps to accurately configure your SNAT router.
- Deploy a SLES LPAR on a public network.
- Create subnets that require the SNAT function to get internet access.
- Use the following commands to allow private network traffic to be accessible for SNAT-ing:
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -o eth1 -j ACCEPT
These commands assume that the network device for the public network is eth0
, and eth1
for the private network.
You can permanently set IP forwarding by editing the /etc/sysctl.conf
file:
-
Find and edit the following line within the
/etc/sysctl.conf
file (replacing0
with1
if required):net.ipv4.ip_forward = 1
. -
Update the
sysctl.conf
file by entering the following command:sysctl -p /etc/sysctl.conf
. -
Finally, configure the source NAT by entering the following command:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
.
Configuring Linux VMs to use a SNAT router
-
Deploy the Linux VMs that will be using the SNAT router to access the internet. Make sure that the SNAT router is routing the attached private networks.
-
Set the default router for your Linux VM to the SNAT router IP on the private network.