Join this episode for more Stories from the EUC Road as Sean Donahue (Nutanix) and Al Solorzano (E360) tackle this all too familiar question. But does it have to an \u201cOR\u201d statement? Can you have an \u201cAND\u201d statement instead? Tune in to learn more about performance in EUC, happy employees and how you might sleep better at night in the age of Malware and Ransomware.<\/p>
<\/oembed>Resources<\/p>
- Build a Fortress with Data Lens for Free!<\/a><\/li>\t
- Put an end to Storage worries with Unified Data Services<\/a><\/li>\t
- Nutanix Data Lens Powers Data Management and Ransomware Protection<\/a><\/li>\t
- Nutanix boosts data management services in the cloud<\/a><\/li>\t
- Nutanix Files 4.1 anti-ransomware: Through the Data Lens<\/a><\/li><\/ul>
If you have any questions, feel free to reach out to me on\u00a0Twitter<\/a>\u00a0and if you haven't already done so, make sure you are subscribed to the show wherever you consume podcasts.<\/p>","id":41549,"featuredImage":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/attachment\/37f39b2c-81e8-4d39-b975-e36c6928551a_thumb.png","label":"Blog","replyCount":0,"views":126,"post":{"id":63285,"author":{"id":7898,"url":"\/members\/aluciani-7898","name":"aluciani","avatar":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/icon\/200x200\/77accf89-4f79-48be-81e6-c2ac5507e29b.png","userTitle":"Chevalier","rank":{"isBold":false,"isItalic":false,"isUnderline":false,"name":"Chevalier","color":"#660099"},"userLevel":7},"content":"Join this episode for more Stories from the EUC Road as Sean Donahue (Nutanix) and Al Solorzano (E360) tackle this all too familiar question. But does it have to an \u201cOR\u201d statement? Can you have an \u201cAND\u201d statement instead? Tune in to learn more about performance in EUC, happy employees and how you might sleep better at night in the age of Malware and Ransomware.<\/p><\/oembed>Resources<\/p>
- Build a Fortress with Data Lens for Free!<\/a><\/li>\t
- Put an end to Storage worries with Unified Data Services<\/a><\/li>\t
- Nutanix Data Lens Powers Data Management and Ransomware Protection<\/a><\/li>\t
- Nutanix boosts data management services in the cloud<\/a><\/li>\t
- Nutanix Files 4.1 anti-ransomware: Through the Data Lens<\/a><\/li><\/ul>
If you have any questions, feel free to reach out to me on\u00a0Twitter<\/a>\u00a0and if you haven't already done so, make sure you are subscribed to the show wherever you consume podcasts.<\/p>","url":"\/community-blog-154\/nutanix-community-podcast-the-age-old-euc-paradigm-do-you-choose-performance-or-security-41549?postid=63285#post63285","creationDate":"2023-01-24T14:47:48+0000","relativeCreationDate":"6 days ago"},"contentType":"article","type":3,"likes":2,"hasCurrentUserLiked":false},"phrases":{"Forum":{"{n} year|{n} years":"{n} year|{n} years","{n} month|{n} months":"{n} month|{n} months","{n} day|{n} days":"{n} day|{n} days","{n} hour|{n} hours":"{n} hour|{n} hours","{n} minute|{n} minutes":"{n} minute|{n} minutes","just":"just now","{plural} ago":"{plural} ago"}}}">
Nutanix社区播客:古老的EUC范式:您选择性能还是安全性
6 days ago
+17
嗨,在雅典卫城开放式vswitch的每个开放式vswitch支持多少个vlans?雅典卫城开放卫城是否可以进行交通塑造?提前致谢。问候,维维克
icon
最好的答案乔恩2016年7月29日,10:32
\n
\nCompletely different construct from the typical vSwitch, where you program the vSwitch, then attach VM's to pre-configured \"port groups\".
\n
\nTraffic shaping it not yet available. If you have a use case for it, please submit a support ticket with priority RFE Request for Enhancement, so we can track demand for the feature.","className":"post__content__best_answer"}">
View original
This topic has been closed for comments
+17
-
- Author
- Trailblazer
- 30 replies
-
Thanks How many VLAN we can create on single host / maximum vlan allowed?
+4
Valid ID's are 0-4094, so the max number of VLANs allowed would be 4095 if you include a VLAN that doesn't tag (id 0).
+2
您能确认是否已将交通塑料用于Acrocolis Open Vswitch?谢谢你。
+29
不,我们尚未启用OVS中的流量成型。我当然知道有有效的用例,而且我们已经在内部进行了一些用例。
For most use cases, keep in mind that in Nutanix, each node has full network access, such that (for example) a 3 node cluster would have (at minimum) 60 Gbits of bandwidth going into it (assuming 2x 10Gbits per node). That math, of course, goes up linearly with node count or with an increase in NIC speed (like 25/40/100g interfaces).
For folks like Service Providers, this makes more sense, so that they can shape the traffic of specific tenants or applications within a tenant, which is where we've been exploring this use internally.
On a related note, we're releasing service chaining with OVS in the very next release as part of the microsegmentation feature, which is quite interesting.
+2
乔恩,
Thank you for your quick reply. My organization is new to Nutanix and HCI, my apologies if I'm asking basic questions...
我们是VMware商店,但我们正在建造的群集之一仅是AHV。由于目前在AHV Open VSWitch上无法使用网络I/O控制或流量构成,因此您可以为客户提供处理VM实时迁移的建议,因为它可能会使10GB链接饱和(正如我们在VMware VMotion中看到的那样事件)还携带数据和复制流量?还是您在对我的问题的初步答复中所说的那样,这不是Nutanix的问题?再次感谢。
+29
No worries, everyone's gotta start somewhere.
通常,由于我提到的原因,这并不是问题,因为您在Nutanix中拥有副本的带宽和实时迁移事件相对罕见。这些网络适配器将与数据遗址堆叠在一起,其中读取大部分是在网络上远离网络的,因此将坐在您期望的较低利用率上。
We're huge fans of the kiss principle here at nutanix, as most things "just work", which is quite nice.
也就是说,很高兴知道什么并知道我们所做的原因,因此我建议您在此处查看AHV网络指南:伟德国际 391
https://portal.nutanix.com/#/page/solutions/details?targetId=BP-2071-AHV-Networking:BP-2071-AHV-Networking
That should give you some good background. After you read that, you'll find that you'll likely want to use either balance-slb or balance-tcp for load balancing policy on the OVS side, which does give you better load distribution than the default (active/backup), which is the default simply because its the most compatible for almost anyones network setup, so its very easy to get going.
Even if you kept the default though, you'll still have copius amounts of bandwidth that scales linearly per node.
+2
乔恩,
我们决定仅使用2x10GB适配器进行我们的部署,并将使用OVS Balance-SLB LB策略。通过这种配置,是否可以将实时迁移流量,管理流量等固定到特定主机NIC?如果是这样,当链接失败以及链接返回在线时,固定作业会发生什么?我了解Nutanix希望保持简单,但只是想知道此选项是否可用。
Again, I'd like to express my sincere gratitude for all the information you've provided.
+29
不,在OVS中固定的结构没有相同的结构(至少我们在NTNX侧暴露的内容)。所有这些流量类型都将存在于OVS内的同一桥上。
很高兴能帮助你
- 乔恩
+2
乔恩(Jon),埃斯潘(Erspan)呢,开放式vswitch支持它?如果没有,什么是替代解决方案?谢谢。
+29
在此处查看一般OVS产品级别常见问题解答:
http://docs.openvswitch.org/en/latest/faq/configuration/
TLDR-不,OVS不支持Erspan,但确实有其他一些隧道技术。无论哪种方式,我们都没有进入我们一边的特定隧道技术,因此我们无法自动设置该隧道,等等
+2
我们可以手动设置GRE隧道吗?这样一来,这将是支持的配置,我们可以要求Nutanix支持以帮助我们进行故障排除设置或配置问题吗?
+29
(从技术上讲是),但是不,它不会得到支持,我们真的不建议这样做。
Doing an unsupported change like that would very likely break every time you do any sort of operation on a given VM, like power on/power off, migration, high availability restarts, cloning, etc. This is because it would be a change that our control plane didn't program in, so it would just override it as it went about its business. Thats best case. Worst case, we haven't tested it, so we dont know any unintended side effects.
也就是说 - 您能否扩大希望在这里完成的工作?我知道您在说什么技术,但是我想知道您的特定用例是什么,所以我可以将其带回这里。
+2
这是我们的用例...在同一网络段上的同一主机上的2 VM相互交谈。我们如何捕获这两个VM之间的流量?
+14
Network function chains can do this today in AHV. You would create a tap mode network function VM and put it in the network that these VMs use. This would allow you to capture traffic between VMs on the same "Network" regardless of whether or not they were on the same host. All traffic to and from a VM MUST flow through the network function chain when it's enabled.
https://portal.nutanix.com/#/page/docs/details?targetId=AHV-Admin-Guide-v55:ahv-ahv-integrate-with-network-functions-intro-c.html
I'm working on a blog post to cover this use case. Here is an image to show how it would work. You can do an inline port or a tap port.
+2
Thank you Jason. I have a few questions...
当前,我们将捕获的流量发送到我们的Viavi设备,是否可以使用网络函数VM进行操作?NFV的运行Linux是否可以通过控制台(或任何其他方式)访问并使用CLI进行管理?ERSPAN是否得到NFV的支持?再次感谢。
+14
取决于您从哪里捕获流量,将其发送到哪里以及如何发送。
我提到的NFV是一个特殊的VM,可在群集中的每个AHV主机上运行。您提供此VM并将其标记为代理VM。然后,将其添加到网络函数链中。该VM可以运行AHV上支持的任何操作系统,您可以决定是否将单个接口作为水龙头或多个接口将单个接口连接起来。
此NFV VM可以在TAP模式下接收,检查和捕获。在内联模式下,它可以执行这些功能并决定拒绝或传输流量。在上面的示例图中,想象一下VM作为Palo Alto Networks VM系列防火墙。我还在自己的实验室中使用了Snort ID。
通过在网络函数链中配置的这种类型的NFV,您只能捕获在AHV上运行的VMS发送或接收的流量。您无法捕获物理主机发送的流量,也无法将ERSPAN类型流量发送到NFV VM。
如果您在AHV上设置了常规VM,则可以使用它从外部来源接收ERSPAN流量,因为所需的只是VM的IP地址。由您决定要在此VM中安装的软件。如果需要的话,您可以使用像TCPDUMP这样简单的东西,也可以使用第三方供应商的软件安装VM来分析流量。
+29
When we say network function VM, in your case we'd be referring to Viavi. It would have to be running on the same host as the system(s) you want to capture traffic from.
需要明确的是,这不是我们提供的特殊VM。AHV中的链接功能使您可以在获取本地镜子的地方放置“ TAP模式”设备
或者
in-line mode devices, which would be like a IDS/IPS/Firewall type setup