Join us for a virtual Nutanix User Group meeting with Jarian Gibson as he covers Nutanix Cloud Clusters (NC2) on Azure and AWS with Citrix. <\/span><\/p>

Jarian will take a deep dive into NC2 on Azure architecture and Citrix on NC2 on Azure\u00a0that helps you strengthen your business continuity and disaster recovery position. He\u2019ll also provide the latest updates for NC2 on AWS.<\/span><\/p>

Plus, we're\u00a0giving away a Nutanix suitcase to one lucky winner!\u00a0Opt-in when you register\u00a0to be entered to win.\u00a0<\/p>","author":{"id":113632,"url":"\/members\/karlie-beil-113632","name":"Karlie Beil","avatar":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/icon\/200x200\/1581aab3-bcf6-49f4-b2fb-3d11e8c010dc.png","userTitle":"Community Manager","rank":{"isBold":false,"isItalic":false,"isUnderline":false,"name":"Community Manager","color":"#0873ba"},"userLevel":4},"type":"Webinar","url":"https:\/\/next.nutanix.com\/events\/global-nug-nc2-on-azure-and-aws-with-citrix-151","image":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/attachment\/f9693b5b-436b-427a-9b98-531b4040ff24_thumb.png","location":"","startsAt":1678298400,"endsAt":1678302000,"contentType":"event","attendees":[],"attendeeCount":0,"isLoggedInUserAttendee":false,"createdAt":"1675974969"},"phrases":{"Forum":{"{n} year|{n} years":"{n} year|{n} years","{n} month|{n} months":"{n} month|{n} months","{n} day|{n} days":"{n} day|{n} days","{n} hour|{n} hours":"{n} hour|{n} hours","{n} minute|{n} minutes":"{n} minute|{n} minutes","just":"just now","{plural} ago":"{plural} ago"}}}">

解决了

雅典卫城开放vswitch

v
UserLevel 2
徽章 +17
嗨,在雅典卫城开放式vswitch的每个开放式vswitch支持多少个vlans?在雅典卫城开放式vswitch中,交通塑造是否可能发生?提前致谢。问候,维维克
图标

最好的答案乔恩2016年7月29日,10:32

\n
\nCompletely different construct from the typical vSwitch, where you program the vSwitch, then attach VM's to pre-configured \"port groups\".
\n
\nTraffic shaping it not yet available. If you have a use case for it, please submit a support ticket with priority RFE Request for Enhancement, so we can track demand for the feature.","className":"post__content__best_answer"}">
查看原件
谢谢
    该主题已关闭以供评论

    18个答复

    乔恩
    秩
    UserLevel 6
    徽章 +29
    请记住,当您在Acrocolis中配置VLAN时,它不会将其编程为任何形式的OVS,直到在主机上提供VM为止。发生这种情况时,我们将其配置在该OVS上,并将VLAN编程为该TAP设备。



    与典型的Vswitch完全不同的结构,您可以在其中编程VSWITCH,然后将VM附加到预配置的“端口组”中。



    交通构成尚不可用。如果您有用例,请提交带有优先rfe请求增强请求的支持票,以便我们可以跟踪该功能的需求。
    乔恩·科勒(Jon Kohler)|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!

    \n

    \nCompletely different construct from the typical vSwitch, where you program the vSwitch, then attach VM's to pre-configured \"port groups\".

    \n

    \nTraffic shaping it not yet available. If you have a use case for it, please submit a support ticket with priority RFE Request for Enhancement, so we can track demand for the feature.","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    v
    UserLevel 2
    徽章 +17
    感谢我们可以在单主 /最大VLAN上创建多少个VLAN?
    谢谢
    r
    秩
    徽章 +4
    有效ID为0-4094,因此,如果包含一个不标记的VLAN(ID 0),则允许的VLAN的最大数量为4095。
    r
    徽章 +2
    您能确认是否已将交通塑料用于Acrocolis Open Vswitch?谢谢。
    乔恩
    秩
    UserLevel 6
    徽章 +29
    不,我们尚未启用OVS的流量成型。我当然知道有有效的用例,而且我们已经在内部进行了一些用例。



    在大多数用例中,请记住,在Nutanix中,每个节点都具有完整的网络访问,因此(例如)3节点群集(至少)将具有60个带宽的GBIT(假设每个节点为2x 10Gbits)。当然,该数学随节点计数或NIC速度的提高(例如25/40/100G接口)线性上升。



    对于像服务提供商这样的人,这更有意义,因此他们可以塑造租户内特定租户或应用程序的流量,这是我们在内部探索此用途的地方。



    与之相关的是,我们将在下一个版本中使用OVS链条作为微分析功能的一部分,这很有趣。
    乔恩·科勒(Jon Kohler)|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!

    \n

    \nFor most use cases, keep in mind that in Nutanix, each node has full network access, such that (for example) a 3 node cluster would have (at minimum) 60 Gbits of bandwidth going into it (assuming 2x 10Gbits per node). That math, of course, goes up linearly with node count or with an increase in NIC speed (like 25\/40\/100g interfaces).

    \n

    \nFor folks like Service Providers, this makes more sense, so that they can shape the traffic of specific tenants or applications within a tenant, which is where we've been exploring this use internally.

    \n

    \nOn a related note, we're releasing service chaining with OVS in the very next release as part of the microsegmentation feature, which is quite interesting.","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    r
    徽章 +2
    乔恩,



    感谢您的快速答复。我的组织是Nutanix和HCI的新手,如果我问基本问题,我的道歉...



    我们是VMware商店,但我们正在建造的群集之一仅是AHV。由于当前在AHV Open VSWitch上无法使用网络I/O控制或流量构成,因此您可以为客户提供处理VM实时迁移的建议,因为它可能会使10GB链接饱和(正如我们在VMware VMotion中看到的那样事件)还携带数据和复制流量?还是您在对我的问题的初步答复中说明的那样,这不是Nutanix的问题?再次感谢。

    \n

    \nThank you for your quick reply. My organization is new to Nutanix and HCI, my apologies if I'm asking basic questions...

    \n

    \nWe are a VMware shop but one of the clusters we're building is AHV only. Since Network I\/O Control or traffic shaping is not currently available on AHV Open vSwitch, what recommendation(s) do you provide your customers in handling VM live migrations since it could potentially saturate the 10Gb link (as we've seen in VMware vMotion events) that's also carrying data and replication traffic? Or is this not an issue with Nutanix as you've illustrated in your initial reply to my question? Thanks again.","quoteUsername":"rappy39nix","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    乔恩
    秩
    UserLevel 6
    徽章 +29
    不用担心,每个人都必须从某个地方开始。



    通常,由于我提到的原因,这并不是问题,因为在Nutanix中,您的带宽量和现场迁移事件相对较少。这些网络适配器将与数据遗址堆叠在一起,其中读取大部分是远离网络的,因此将坐在您期望的较低利用率上。



    我们是Nutanix的Kiss原理的忠实拥护者,因为大多数事情都“工作”,这非常好。



    也就是说,很高兴知道什么并知道我们所做的原因,因此我建议您在此处查看AHV网络指南:伟德国际 391https://portal.nutanix.com/#/page/solutions/details?targetId=bp-2071-ahv-networking:bp-2071-ahv-networking



    那应该给你一些良好的背景。阅读后,您会发现您可能需要在OVS侧使用Balance-SLB或Balance-TCP进行负载平衡策略,这确实使您比默认的(Active/Backup)更好地负载分配,这仅仅是因为它几乎是任何人网络设置最能兼容的,因此它很容易开始。



    即使您保留了默认值,您仍然会有每个节点线性缩放的带宽量。
    乔恩·科勒(Jon Kohler)|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!

    \n

    \nIn general, its not a problem due to the reasons I mentioned, given you've got copius amounts of bandwidth and live migration events are relatively rare in Nutanix. Stacked together with data locality, where reads are mostly kept off the network, those network adapters will be sitting at lower-ish utilization that you'd expect.

    \n

    \nWe're huge fans of the kiss principle here at nutanix, as most things \"just work\", which is quite nice.

    \n

    \nThat said, its good to know whats what and know the reasoning behind what we do, so I'd recommend checking out the AHV networking guide here: https:\/\/portal.nutanix.com\/#\/page\/solutions\/details?targetId=BP-2071-AHV-Networking:BP-2071-AHV-Networking<\/a>

    \n

    \nThat should give you some good background. After you read that, you'll find that you'll likely want to use either balance-slb or balance-tcp for load balancing policy on the OVS side, which does give you better load distribution than the default (active\/backup), which is the default simply because its the most compatible for almost anyones network setup, so its very easy to get going.

    \n

    \nEven if you kept the default though, you'll still have copius amounts of bandwidth that scales linearly per node.","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    r
    徽章 +2
    乔恩,



    我们决定仅使用2x10GB适配器进行我们的部署,并将使用OVS Balance-SLB LB策略。使用此配置,是否可以将实时迁移流量,管理流量等固定到特定主机NIC?如果是这样,当链接失败以及链接返回在线时,固定作业会发生什么?我了解Nutanix希望保持简单,但只是想知道此选项是否可用。



    同样,我要对您提供的所有信息表示衷心的感谢。

    \n

    \nWe've decided to use only the 2x10Gb adapters for our deployment and will be using OVS balance-slb LB policy. With this configuration, is it possible to pin the Live Migration traffic, management traffic, etc. to a particular host NIC? If so, what happens to the pinning assignment when a link fails and when the link comes back online? I understand Nutanix wants to keep things simple but just wondering if this option is available.

    \n

    \nAgain, I'd like to express my sincere gratitude for all the information you've provided.","quoteUsername":"rappy39nix","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    乔恩
    秩
    UserLevel 6
    徽章 +29
    不,在OVS中固定的结构没有相同的结构(至少我们在NTNX侧暴露的内容)。所有这些流量类型都将存在于OVS内的同一桥上。



    很高兴能帮助你

    - 乔恩
    乔恩·科勒(Jon Kohler)|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!

    \n

    \nhappy to help

    \n- jon","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    r
    徽章 +2
    乔恩(Jon),埃斯潘(Erspan)怎么样,开放式Vswitch支持它?如果没有,什么是替代解决方案?谢谢。
    乔恩
    秩
    UserLevel 6
    徽章 +29
    在此处查看一般OVS产品级别常见问题解答:

    http://docs.openvswitch.org/en/latest/faq/configuration/



    TLDR-不,OVS不支持Erspan,但确实有其他一些隧道技术。无论哪种方式,我们都没有进入我们一边的特定隧道技术,因此我们无法自动设置该隧道,等等
    乔恩·科勒(Jon Kohler)|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!
    r
    徽章 +2
    我们可以手动设置GRE隧道吗?这样一来,这将是支持的配置,我们是否可以要求Nutanix支持以帮助我们进行故障排除设置或配置问题吗?
    乔恩
    秩
    UserLevel 6
    徽章 +29
    (从技术上讲是),但是不,它不会得到支持,我们真的不建议这样做。



    每次您在给定的VM上进行任何类型的操作,例如电源打开/关闭,迁移,高可用性,重新启动,克隆等时,都可能会破坏任何不受支持的更改。控制平面没有编程,因此随着其业务的发展,它将覆盖它。那是最好的情况。最糟糕的情况,我们没有测试过,所以我们不知道任何意外的副作用。





    也就是说 - 您能扩展您希望在这里完成的工作吗?我知道您在说什么技术,但是我想知道您的特定用例是什么,所以我可以将其带回这里。
    乔恩·科勒(Jon Kohler)|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!

    \n

    \nDoing an unsupported change like that would very likely break every time you do any sort of operation on a given VM, like power on\/power off, migration, high availability restarts, cloning, etc. This is because it would be a change that our control plane didn't program in, so it would just override it as it went about its business. Thats best case. Worst case, we haven't tested it, so we dont know any unintended side effects.

    \n

    \n

    \nThat said - Could you expand on what you're hoping to accomplish here? I know what tech you're talking about, but I'm wondering what your specific use case is, so I can take it back to the team here.","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    r
    徽章 +2
    这是我们的用例...同一网络段上同一主机上的2 VM相互交谈。我们如何捕获这两个VM之间的流量?
    Bbbburns
    秩
    UserLevel 3
    徽章 +14
    网络功能链今天可以在AHV中做到这一点。您将创建一个TAP模式网络函数VM,并将其放入这些VM使用的网络中。这将使您能够在同一“网络”上捕获VM之间的流量,无论它们是否在同一主机上。启用网络函数链时,所有往返VM的流量都必须流过。

    https://portal.nutanix.com/#/page/docs/details?targetID=AHV-AHV-ADMIN-GUIDE-V55:AHV-AHV-AHV-INTEGRATE-with-network-network-network-intwork-introk-unctions-intro-intro-c.html



    我正在撰写博客文章以介绍此用例。这是显示其工作原理的图像。您可以执行内联端口或抽头端口。

    杰森·伯恩斯|CCIE合作#20707 |导演技术营销|jason.burns@nutanix.com |@bbbburns
    r
    徽章 +2
    谢谢杰森。我有几个问题...



    当前,我们将捕获的流量发送到我们的Viavi设备,是否可以使用网络功能VM进行操作?NFV的运行Linux是否可以通过控制台(或任何其他方式)访问并使用CLI进行管理?ERSPAN是否得到NFV的支持?再次感谢。

    \n

    \nCurrently, we're sending the captured traffic to our Viavi appliance, is it possible to do the same with the Network Function VM? Are the NFV's running Linux, are they accessible via the console (or any other means) and managed using CLI? Is ERSPAN supported by the NFV's? Thanks again.","quoteUsername":"rappy39nix","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    Bbbburns
    秩
    UserLevel 3
    徽章 +14
    取决于您从哪里捕获流量,将其发送到何处以及如何发送。

    我提到的NFV是一个特殊的VM,可在集群中的每个AHV主机上运行。您可以提供此VM并将其标记为代理VM。然后,将其添加到网络功能链中。该VM可以运行AHV上支持的任何操作系统,您可以决定是否将单个接口作为水龙头或多个接口将单个接口连接起来。

    此NFV VM可以在TAP模式下接收,检查和捕获。在内联模式下,它可以执行这些功能并决定拒绝或传输流量。在上面的示例图中,想象一下VM作为Palo Alto Networks VM系列防火墙。我还在自己的实验室中使用了鼻涕ID。

    通过在网络功能链中配置的这种类型的NFV,您只能捕获在AHV上运行的VMS发送或接收的流量。您无法捕获物理主机发送的流量,也无法将ERSPAN类型流量发送到NFV VM。



    如果您在AHV上设置了常规VM,则可以使用它从外部来源接收Erspan流量,因为所需的只是VM的IP地址。由您决定要在此VM中安装的软件。如果需要的话,您可以使用像TCPDUMP这样简单的东西,也可以使用来自第三方供应商的软件安装VM来分析流量。
    杰森·伯恩斯|CCIE合作#20707 |导演技术营销|jason.burns@nutanix.com |@bbbburns

    \nThe NFV I referred to is a special VM that runs on every single AHV host in the cluster. You provision this VM and mark it as an agent VM. Then you add it to a network function chain. This VM can run any OS that's supported on AHV, and you can decide whether to hook up a single interface as a tap, or multiple interfaces as inline.

    \nThis NFV VM can receive, inspect, and capture in tap mode. In inline mode it can do these function AND decide to reject or transmit the traffic. In the example diagram above, imagine that VM as a Palo Alto Networks VM-Series firewall. I've also used the Snort IDS in my own lab.

    \nWith this type of NFV configured in a network function chain, you can only capture traffic sent or received by VMs running on AHV. You cannot capture traffic sent by physical hosts, or send in ERSPAN type traffic to the NFV VM.

    \n

    \nIf you setup a regular VM on AHV, you can use this to receive ERSPAN traffic from outside sources, since all that's required is the IP address of the VM. It's up to you to decide what software you want to install inside this VM. You could use something as simple as tcpdump if you wanted, or you could install a VM with software from a 3rd party vendor for analyzing traffic.","quoteUsername":"bbbburns","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    乔恩
    秩
    UserLevel 6
    徽章 +29
    当我们说网络函数VM时,在您的情况下,我们将提到Viavi。它必须与要捕获流量的系统在同一主机上运行。



    需要明确的是,这不是我们提供的特殊VM。AHV中的链接功能使您可以在获取本地镜子的地方放置“ Tap Mode”设备



    或者



    在线模式设备,就像IDS/IPS/防火墙类型设置一样
    乔恩·科勒(Jon Kohler)|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!

    \n

    \nTo be clear, this isn't some special VM we're providing. The chaining feature in AHV allows you to either put \"tap mode\" devices where you get a local mirror

    \n

    \nor

    \n

    \nin-line mode devices, which would be like a IDS\/IPS\/Firewall type setup","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
    条款和条件
    Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
    Functional","cookiepolicy.modal.level2":"Normal
    Functional + analytics","cookiepolicy.modal.level3":"Complete
    Functional + analytics + social media + embedded videos"}}}">
    Baidu