问题

CVM Host和Guest的VLan标签

  • 2020年11月12日
  • 4回复
  • 1424的浏览量
一个
徽章

嗨,团队,

我们有三个节点(NX-8155)集群连接到nexus交换机。

CVM和Host的Vlan Tag: 600

Guest/Prod的Vlan Tag: 10

均在同一子网(主机IP: 172.21.10。. x/24, CVM IP: 172.21.10. x/24。Network: 172.21.10. x/24、Guest/Prodx / 24)

我们允许在Nexus上使用第二层,中继端口流量,并添加了两个vlan(600和10)

问题:

  1. 我们能把它们都放在同一个子网下吗?如果是,如何在vlan间通信,使CVM可以与NTP、DNS、Monitoring和Internet通信。
  2. 否则我可以保持CVM,主机和客户在同一Vlan ?这将如何影响广播域和任何问题的拥塞。
  3. 我们可以有两个不同的子网范围(CVM,主机)和客户不同的Vlan(600)和(10)
Hi Team,<\/p>

We have three node (NX-8155 ) cluster connected to nexus switch.<\/p>

Vlan Tag for CVM and Host : 600<\/p>

Vlan Tag for Guest\/Prod : 10<\/p>

All are in same subnet ( Host IP : 172.21.10.x\/24 , CVM IP : 172.21.10.x\/24\u00a0 and Guest\/Prod Network : 172.21.10.x\/24\u00a0 )<\/p>

We have allowed Layer-2 on Nexus, trunk port traffic and added both Vlans ( 600 and 10)<\/p>

Question:<\/p>

  1. Can we keep all under same subnet ? If so how can I communicate inter-VLan , for the purpose of CVM to communicate NTP,DNS,Monitoring and Internet.<\/li>\t
  2. Else Can I keep CVM, Host and Guest in same Vlan ? How this will impact broadcast domain and any issue with congestion.<\/li>\t
  3. Else Can we have two different subnet range for (CVM, Hosts) and Guest with different Vlan (600) and (10)<\/li><\/ol>","quoteUsername":"Anwar101","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

4回复

Alona
排名
Userlevel 6
徽章 +5

嗨Anwar101,

  1. 我们能把它们都放在同一个子网下吗?如果是,如何在vlan间通信,使CVM可以与NTP、DNS、Monitoring和Internet通信。

所有Controller虚拟机和hypervisor主机必须在同一个子网和广播域中。除了cvm和hypervisor主机之外,没有其他系统应该在这个网络上,这些系统应该被隔离和保护。AHV组网最佳实践:AHV主机和cvm的vlan

  1. 否则我可以保持CVM,主机和客户在同一Vlan ?这将如何影响广播域和任何问题的拥塞。

与上面相同,不推荐使用此配置。

  1. 我们可以有两个不同的子网范围(CVM,主机)和客户不同的Vlan(600)和(10)

这是树外最好的选择。建议将CVM和AHV主机的VLAN配置为untagged VLAN(有时称为native VLAN),如下图所示。CVM和AHV主机都不需要对这个选项进行特殊配置。配置交换机允许用户虚拟机网络使用标准802.1Q VLAN标签连接到AHV主机。同时,将交换机配置为CVM和AHV主机的VLAN发送和接收流量为untagged。在面对AHV主机的端口上,选择交换机上除1之外的任何一个VLAN作为本机untagged VLAN。”可为主机和CVM虚拟机添加VLAN标签。

我想知道你们为什么用VLAN标签把一个IP子网分成三个?使用三个IP范围,每个IP范围使用一个专用的VLAN标记,将使管理和故障排除变得更加容易。

Hi Anwar101,<\/p>
  1. Can we keep all under same subnet ? If so how can I communicate inter-VLan , for the purpose of CVM to communicate NTP,DNS,Monitoring and Internet.<\/li><\/ol><\/blockquote>

    All Controller VMs and hypervisor hosts must be on the same subnet and broadcast domain. No systems other than the CVMs and hypervisor hosts should be on this network, which should be isolated and protected. AHV Networking Best Practices: VLANs for AHV Hosts and CVMs<\/a><\/p>

    1. Else Can I keep CVM, Host and Guest in same Vlan ? How this will impact broadcast domain and any issue with congestion.<\/li><\/ol><\/blockquote>

      Same as above, this configuration is not recommended.<\/p>

      1. Else Can we have two different subnet range for (CVM, Hosts) and Guest with different Vlan (600) and (10)<\/li><\/ol><\/blockquote>

        This is the best option out of the tree. \u201cThe recommended VLAN configuration is to place the CVM and AHV host in the untagged VLAN (sometimes called the native VLAN) as shown in the figure below. Neither the CVM nor the AHV host requires special configuration with this option. Configure the switch to allow tagged VLANs for user VM networks to the AHV host using standard 802.1Q VLAN tags. Also, configure the switch to send and receive traffic for the CVM and AHV host\u2019s VLAN as untagged. Choose any VLAN on the switch other than 1 as the native untagged VLAN on ports facing AHV hosts.\u201d You can add a VLAN tag to the host and the CVM as well.<\/p>

        I wonder what makes you separate one IP subnet into three by the use of the VLAN tags? Using three IP ranges each with a dedicated VLAN tag would make both management and troubleshooting so much easier.<\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

一个
徽章

谢谢您的回复,

“上行交换机本地Vlan”被阻塞。

我将使用两个不同的子网和两个不同的Vlan,一个用于(CVM&Host),另一个用于Guest。

我有4个10gb端口(2个Sfp+铜)和2个RJ45。我可以添加所有在一个桥(Br0)。

下面有AHV。你能建议LACP(动态/静态)需要设置什么吗?

Thank You for your reply,<\/p>

Native Vlan is blocked at Uplink Switch, As you suggested.<\/p>

I will use two different subnet and two different Vlan , one for ( CVM&Host) and Other for Guest.

I have 4 , 10 GB ports ( 2 with Sfp+ copper ) and 2 with RJ45 . Can I add all in one Bridge (Br0).

We Have AHV running underneath. Can you suggest what need to set for LACP ( Dynamic\/Static ) .<\/p>

\u00a0<\/p>","quoteUsername":"Anwar101","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

一个
徽章

与此同时,任何文章改变CVM和主机ip或我应该用新的配置重建集群?

Along with that , Any article to change CVM and Host Ips or Shall I rebuild the cluster with new configuration ?<\/p>","quoteUsername":"Anwar101","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
Alona
排名
Userlevel 6
徽章 +5

嘿,

我真的认为你会从阅读我在之前的评论中提到的AHV最佳实践文档中受益匪浅。它涵盖LACP、vlan、网卡速度、网桥配置等。它还回顾了更改CVM VLAN的过程。

我们建议在br0绑定中保持相同的网卡速度。

AHV管理指南:修改卫城主机IP地址
Acropolis高级设置指南:在你的Nutanix集群中修改控制虚拟机的IP地址(CLI脚本)

KB-3263 AHV |如何使能、禁用和验证LACP

Hey,<\/p>

I really think you would benefit greatly from reading the AHV Best Practices doc that I referenced in my previous comment. It goes over LACP, VLANs, NICs speed, bridge configuration and more. It also goes over the process of changing the CVM VLAN.<\/p>

We recommend keeping NICs of the same speed in the br0 bond.<\/p>

AHV Admin Guide: Changing the IP Address of an Acropolis Host<\/a>
Acropolis Advanced Setup Guide: Changing the Controller VM IP Addresses in your Nutanix Cluster (CLI Script)<\/a><\/p>

KB-3263 AHV | How to Enable, Disable, and Verify LACP<\/a><\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

回复


Baidu