vSphere Distributed Switch pVLAN issues

N

Neutrino

Gawd
Joined
Nov 10, 2005
Messages
602
Hi guys, i was wondering if you could give your opinion on an issue we are having.

We have a cluster of 3 ESXi 5.1 hosts on a blade system HP gen8.

I set up a vdswitch to give us easier centralized management of networking and allow us to use pVLANs.

all hosts are now part of the switch and have NICs assigned to the uplinks (default trunking)

now to the issue: if i have 2 VMs on the same pVLAN (both community) as long as they are both on the same ESX host they can communicate; however if i move one VM on another ESX host the communication stops.

I think the issue is with the virtual connect used by the blades to communicate with each other inside the enclosure. I'm not an expert here but i did notice a setting (for the blades' enclosure) labeled VLAN tunneling (it claims that you need to check it to allow it to pass VLAN tags)

This setting is now unchecked...the guy that set up the blades claims this is not the issue and that the problem is with my distributed switch settings.

What is your guys take on this?
 
It's outside the vswitch - you've already proven that (pretty sure, I'm not as strong on the networking side). The virtual connects have to be configured to pass vlan tags and understand them.
 
Heh..VirtualConnect.

Your physical switches need to support pVLANs to use it with the VDS. They don't to do it with Nexus 1Kv. So make sure they do. You'll need to configure them with the same community/isolation/promisc VLANs as you do in the VDS. Config needs to match. If it doesn't it won't work.
 
lopoetve said:
It's outside the vswitch - you've already proven that (pretty sure, I'm not as strong on the networking side). The virtual connects have to be configured to pass vlan tags and understand them.
Click to expand...


I was thinking the same thing that if it works one the same host the issue should be with the "outside" network

but I'm also not a networking guru so I want to make sure

NetJunkie said:
Heh..VirtualConnect.

Your physical switches need to support pVLANs to use it with the VDS. They don't to do it with Nexus 1Kv. So make sure they do. You'll need to configure them with the same community/isolation/promisc VLANs as you do in the VDS. Config needs to match. If it doesn't it won't work.
Click to expand...

we don't have yet a nexus 1000v appliance (we plan to buy one eventually) we use the built in vDS from vCenter

anyway since I have direct control only on the vDS i would prefer (if possible) not to have to ask my colleagues each time to set a new vLAN when i want to make one

what I found interesting was the blade enclosure's "VLAN tunneling" option in the network settings. In the description it said that you need to enable it in order for Virtual Connect to pass along VLAN tags (otherwise it drops them)

I wonder if this "VLAN tunneling" can simply forward VLAN tags and ignore the Virtual Connect's own VLANs.

I belive the cisco has something along the lines with Q-in-Q VLAN Tunnels:
http://www.cisco.com/en/US/docs/swi...faces/configuration/guide/if_qinq_tunnel.html
 
Going by Google the PVLAN support in Virtual Connect is called Private Networks. Look for that.

You're finding out why I don't like Virtual Connect. It's a black box. If it doesn't work you have a real hard time figuring out why.
 
ND40oz said:
The Nexus 1000v's are free now anyway, you just have to buy support if you want it and you still have to buy the VSG if you need that functionality. But you should be fine deploying the VSM(s) and VEMs on each of the hosts without purchasing it.

http://blogs.cisco.com/datacenter/new-nexus-1000v-free-mium-pricing-model/
Click to expand...


Very interesting....free is nice....especially since it seems to have most features too

Still confused about the license too...it seems that even with the free version you have to buy some support...so it's not quite free

NetJunkie said:
Going by Google the PVLAN support in Virtual Connect is called Private Networks. Look for that.

You're finding out why I don't like Virtual Connect. It's a black box. If it doesn't work you have a real hard time figuring out why.
Click to expand...


Yeah i saw that option too....guess I'll give it a try, and yes it seems that Virtual Connect is a pain :(
 
N1Kv Essential is free. Support is optional. But I'd look at what you need before making that move. Adds complexity and the VDS in 5.1 is pretty good.
 
Well I got it working!

As I was suspecting the VLAN Tunneling needed to be enabled in Virtual Connect. So today I bugged them to enable it and sure enough any pVLANs I make now in VDS work across different ESX hosts

@ NetJunkie: after reading more carefully the Private Networks feature, it clams to isolate the interfaces from each other requiring them to communicate via a layer 3 outside interface. So somewhat like a isolated pVLAN

NetJunkie said:
N1Kv Essential is free. Support is optional. But I'd look at what you need before making that move. Adds complexity and the VDS in 5.1 is pretty good.
Click to expand...

awesome! good to know, since it's free i guess I'll try it at least in my home lab
 
I know it's tricky to implement Private VLANs with DvSwitch and VC modules but once you know the logic it should be straightforward :)

One thing to note that VC modules doesn't know about PVLANs, it just pass through all the VLANs trunked at uplink switch level.

Refer this step by step article to implement PVLANs in with Virtual connect modules/ C7000 enclosures and dVswitch.

http://virtualcloudzz.blogspot.com.au/2013/09/steps-to-configure-pvlans-in.html

Thanks,
 
hahaha :), I just found while looking at some other stuff. I thought it would be helpful if someone else doing the same.
 
You must log in or register to reply here.
Back
Top