Converged Network Understanding VLAN

Hi

I think I might have a little gap in my understanding about converged networking in Hyper-V, I have never used this before but it looks fairly simple to set up. Its the whole VLAN ID thing that I dont really get. I have followed these two examples for my configuration, I have read other sources too but they dont cover the physical switches which is where I think my gap of knowledge is.

https://marckean.wordpress.com/2012/09/26/windows-server-2012-hyper-v-server-command-line-configuration-2/

https://technet.microsoft.com/fr-fr/library/dn550728.aspx

When I first looked at this I thought it wouldnt involve any configuration on the physical switch in terms of VLAN, I assumed that the virtual switch on hyper-v handled all that. However, when I use VLAN IDs as per the examples above, I cannot route traffic through my main network between the two hosts (I have two hosts, each with 8 NICs, all of them are plugged into my main network switches which is also shared by all my clients and servers laptops and mobiles etc, I create 1 team using all 8 NICs). I create the virtual networks give them IP addresses but I cant ping between them at all from one host to another (for example to ping between the cluster networks I use ping S 10.10.7.1 10.10.7.2).

As soon as I remove the VLAN IDs (I just comment out the lines for VLAN ID and run the script again) and again set IP addresses on the vNICs used for the cluster I can then ping between the two hosts. My management network uses a 192.1.x.x range and the cluster network uses a 10.10.x.x range. My cluster validation all goes ok, each vNIC (cluster, migration, SMB) is on its own subnet and this all gets green ticks.

I have two questions about this:

  1. In order to get VLAN IDs working, do I need to configure the physical ports on the physical switches to use specific VLANs, and create a trunk to the switch in my other building for the other node? I am assuming yes since I cant get this to work.
  2. Doing it without VLAN IDs, is there any real drawback to this provided I do keep the networks in their own separate subnets or should I really be using VLANs?

Many thanks

Steve

January 30th, 2015 9:19am

Hi Steve,

>>In order to get VLAN IDs working, do I need to configure the physical ports on the physical switches to use specific VLANs, and create a trunk to the switch in my other building for the other node?

Yes, your understanding is correct. Please change the switch port to trunk mode and allow the specified VLANs on the trunk port.

>>Doing it without VLAN IDs, is there any real drawback to this provided I do keep the networks in their own separate subnets or should I really be using VLANs?

VLAN is used to separate the VMs into different subnets when we only have one physical NIC.  If we have enough physical NICs to separate the VMs into different subnet, we can leave the VLAN disabled.

Best Regards.

Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2015 2:47pm

just to add what has been said,

 Remember, VLANs are used to separate Networks/Subnets, if you want to route/have access to between different networks/subnets, you would need a layer 3 device (such as a router)

February 2nd, 2015 3:50pm

Hi

thanks for your reply on this. since all my network cables form one "team" and then virtual network adapters are created off of this team with different VLAN ID's, I assume I would have to allow multiple VLAN ID onto each port, so for example if Cluster was VLAN 10, Heartbeat VLAN 11 and ISCSI VLAN 12 id need to allow VLAN IDs 10,11,12 on port 1 of my switch, and 10,11,12 on port 2, 10,11,12 port 3 and so on?

in answer to my second question, I am trying to do it the way of making a team, creating a virtual switch from that team and then virtual networks off that virtual switch so I can get a better effective use of my bandwidth rather than dedicate an entire 1Gbps for heartbeat and then have another 1Gbps for backup heartbeat and so on. In this manner I could have far more management level virtual NICs than I do physical if I wanted.

So to extend your answer slightly.... would there actually be a need for me to VLAN the cluster networks or could I just put each one in its own subnet by setting the IP and subnet mask of each virtual NIC? I guess I am more thinking from a performance perspective or some other reasons... I am unsure which is best to do. I don't want to over-complicate the solution but obviously want to do it the most modern best way :)

referencing the first web link I posted might clarify what my setup most closely resembles.

thanks

Steve

Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2015 3:52pm

One subnet per vNIC is proper. Referencing your first web link, here is an example of what to do on cluster worload's vNICs :


New-NetIPAddress -InterfaceAlias "LiveMig" -IPAddress 10.10.0.1 -PrefixLength "24"

New-NetIPAddress -InterfaceAlias "CSV" -IPAddress 10.10.1.1 -PrefixLength "24"

New-NetIPAddress -InterfaceAlias "Cluster HB" -IPAddress 10.10.2.1 -PrefixLength "24"

Adapt according to your specifications...



March 27th, 2015 4:40pm

I think your first link is the more helpful: you can see on the diagram just under the physical switches, they have noted a list of the VLANs that are also configured on each of the vNICs.
This is actually trying to tell you: you must trunk each VLAN used on the vNICs between the physical NICs and the Physical switches.

Once the traffic is isolated by VLAN, the HyperV switch maintains that isolation. It functions as a Layer2 switch only (ie, devices within a VLAN/subnet can see each other).

Devices on different VLANs/subnets can only communicate at Layer3 (routing).

There is more than one way to provide Layer3 routing between VLANs, but the basic way is as hinted at by your first link's diagram: the VLANs are extended onto the physical network. Each VLAN has an IP address configured on it, (eg on the physical network's "core" switch).

A device on VLAN11 attempting to send a packet to a device on VLAN12 will see from its own subnet mask that the other device is on a different subnet and so it will not try to find it, it will encapsulate the packet into a frame, and it will address the frame with the MAC address for the IP address it has configured as its "default gateway".

So your default gateway for each VLAN is the address on the physical network's "core" switch where interVLAN routing is planned to occur for that VLAN.


Free Windows Admin Tool Kit Click here and download it now
April 13th, 2015 3:19am

I think your first link is the more helpful: you can see on the diagram just under the physical switches, they have noted a list of the VLANs that are also configured on each of the vNICs.
This is actually trying to tell you: you must trunk each VLAN used on the vNICs between the physical NICs and the Physical switches.

Once the traffic is isolated by VLAN, the HyperV switch maintains that isolation. It functions as a Layer2 switch only (ie, devices within a VLAN/subnet can see each other).

Devices on different VLANs/subnets can only communicate at Layer3 (routing).

There is more than one way to provide Layer3 routing between VLANs, but the basic way is as hinted at by your first link's diagram: the VLANs are extended onto the physical network. Each VLAN has an IP address configured on it, (eg on the physical network's "core" switch).

A device on VLAN11 attempting to send a packet to a device on VLAN12 will see from its own subnet mask that the other device is on a different subnet and so it will not try to find it, it will encapsulate the packet into a frame, and it will address the frame with the MAC address for the IP address it has configured as its "default gateway".

So your default gateway for each VLAN is the address on the physical network's "core" switch where interVLAN routing is planned to occur for that VLAN.


April 13th, 2015 7:18am

Hi

thanks for replying, the thing i am a little confused over on this is how to configure the VLAN on the switches (if i need to do that at all that is). the first link shows that two physical NICs are teamed together, then split out into vNICS ... those vNICS are still travelling down two physical cables.... but there are multiple VLAN ID's within there....

on my switch, do i configure for example VLAN 10 and tie it to port 1 of switch 1 and port 1 of switch 2, and then VLAN 11 to port 1 of switch 1 and port 1 of switch 2 and so on?

I have 6 x 1 Gbps cables in the server i am looking at doing this converged design on, i want to team them and have 3 cables connect to switch 1 (ports 1-3) and 3 cables connect to switch 2 (ports 1-3) i am going to have multiple VLANs (heartbeat, storage, ISCSI, sync, backup, live migration and so on).... so will i be creating VLAN 10 on all 6 ports, and then VLAN 11 on all 6 ports and so on?

the design looks very similar to that of the other thread of mine you commented on at https://social.technet.microsoft.com/Forums/en-US/7c73bd5b-f7b6-4b11-902b-17256b83e34a/struggling-to-max-out-the-network-adapters?forum=winserverPN

I essentially want to keep the switch bit of that diagram but the networking from the servers will be converged. my current design maps 1 VLAN per physical switch port... i dont know if multiple VLANs can be assigned to each physical port and even whether this is what i actually need to do?

thanks

Steve

Free Windows Admin Tool Kit Click here and download it now
April 15th, 2015 6:33am

so will i be creating VLAN 10 on all 6 ports, and then VLAN 11 on all 6 ports and so on?

Right, whatever the number of ethernet cards you are willing to use, physical switch ports of converged network must allow multiple VLANs. So make sure these ports are set to trunk (or general). You can't use 1 VLAN per physical switch port with converged topology.

April 15th, 2015 8:37am

ahh that's great, is this what's referred to as dynamic VLANs, 802.1Q ??

thanks

Steve

Free Windows Admin Tool Kit Click here and download it now
April 15th, 2015 9:31am

"so will i be creating VLAN 10 on all 6 ports, and then VLAN 11 on all 6 ports and so on?"

 Yes!

The *very* important reason you have ALL VLANs on ALL ports is so that any one link failure doesn't cause a break in communications on any VLAN.
In any case, if your switchports are configured differently, you can't do link-aggregation on them.

Forget dynamic VLANs, you never want anything dynamic happening, especially at the data centre end where everything needs to be up and running according to design.

802.1q = VLAN tagging: it describes a Layer2 frame format that includes extra bits necessary to carry a VLAN ID.

April 16th, 2015 12:37am

Ha, thanks that was a missing piece of the puzzle about the VLANS on all ports, i suspected so but wasn't 100% sure. when you say "In any case, if your switchports are configured differently, you can't do link-aggregation on them." what do you mean by "differently" and are you referring to LACP between the individual ports that i assign to VLANs or are you referring to the LACP Trunk i have between the two fibres back-end of the switches? as shown in my diagram on the other thread, i have a trunk between the two 10Gbps fibres that link my two buildings together, i dont have LACP configured on any individual ports and i dont really intend to at this stage because i dont see the benefit (the switches are used for cross-site redundancy and performance)

thanks

Steve

Free Windows Admin Tool Kit Click here and download it now
April 16th, 2015 3:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics