Join this episode for more Stories from the EUC Road as Sean Donahue (Nutanix) and Al Solorzano (E360) tackle this all too familiar question. But does it have to an \u201cOR\u201d statement? Can you have an \u201cAND\u201d statement instead? Tune in to learn more about performance in EUC, happy employees and how you might sleep better at night in the age of Malware and Ransomware.<\/p>
<\/oembed>Resources<\/p>
- Build a Fortress with Data Lens for Free!<\/a><\/li>\t
- Put an end to Storage worries with Unified Data Services<\/a><\/li>\t
- Nutanix Data Lens Powers Data Management and Ransomware Protection<\/a><\/li>\t
- Nutanix boosts data management services in the cloud<\/a><\/li>\t
- Nutanix Files 4.1 anti-ransomware: Through the Data Lens<\/a><\/li><\/ul>
If you have any questions, feel free to reach out to me on\u00a0Twitter<\/a>\u00a0and if you haven't already done so, make sure you are subscribed to the show wherever you consume podcasts.<\/p>","id":41549,"featuredImage":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/attachment\/37f39b2c-81e8-4d39-b975-e36c6928551a_thumb.png","label":"Blog","replyCount":0,"views":124,"post":{"id":63285,"author":{"id":7898,"url":"\/members\/aluciani-7898","name":"aluciani","avatar":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/icon\/200x200\/77accf89-4f79-48be-81e6-c2ac5507e29b.png","userTitle":"Chevalier","rank":{"isBold":false,"isItalic":false,"isUnderline":false,"name":"Chevalier","color":"#660099"},"userLevel":7},"content":"Join this episode for more Stories from the EUC Road as Sean Donahue (Nutanix) and Al Solorzano (E360) tackle this all too familiar question. But does it have to an \u201cOR\u201d statement? Can you have an \u201cAND\u201d statement instead? Tune in to learn more about performance in EUC, happy employees and how you might sleep better at night in the age of Malware and Ransomware.<\/p><\/oembed>Resources<\/p>
- Build a Fortress with Data Lens for Free!<\/a><\/li>\t
- Put an end to Storage worries with Unified Data Services<\/a><\/li>\t
- Nutanix Data Lens Powers Data Management and Ransomware Protection<\/a><\/li>\t
- Nutanix boosts data management services in the cloud<\/a><\/li>\t
- Nutanix Files 4.1 anti-ransomware: Through the Data Lens<\/a><\/li><\/ul>
If you have any questions, feel free to reach out to me on\u00a0Twitter<\/a>\u00a0and if you haven't already done so, make sure you are subscribed to the show wherever you consume podcasts.<\/p>","url":"\/community-blog-154\/nutanix-community-podcast-the-age-old-euc-paradigm-do-you-choose-performance-or-security-41549?postid=63285#post63285","creationDate":"2023-01-24T14:47:48+0000","relativeCreationDate":"5 days ago"},"contentType":"article","type":3,"likes":2,"hasCurrentUserLiked":false},"phrases":{"Forum":{"{n} year|{n} years":"{n} year|{n} years","{n} month|{n} months":"{n} month|{n} months","{n} day|{n} days":"{n} day|{n} days","{n} hour|{n} hours":"{n} hour|{n} hours","{n} minute|{n} minutes":"{n} minute|{n} minutes","just":"just now","{plural} ago":"{plural} ago"}}}">
Nutanix Community Podcast: The age old EUC paradigm: Do you choose performance OR security
5天前
+17
嗨,在雅典卫城开放式vswitch的每个开放式vswitch支持多少个vlans?雅典卫城开放卫城是否可以进行交通塑造?提前致谢。问候,维维克
图标
最好的答案乔恩2016年7月29日, 10:32
\n
\nCompletely different construct from the typical vSwitch, where you program the vSwitch, then attach VM's to pre-configured \"port groups\".
\n
\nTraffic shaping it not yet available. If you have a use case for it, please submit a support ticket with priority RFE Request for Enhancement, so we can track demand for the feature.","className":"post__content__best_answer"}">
查看原件
+17
Thanks How many VLAN we can create on single host / maximum vlan allowed?
+4
有效ID为0-4094,因此,如果包含不标记的VLAN,则允许的最大VLAN数将为4095(ID 0)。
+2
您能确认是否已将交通塑料用于Acrocolis Open Vswitch?谢谢你。
+29
No, we have not enabled traffic shaping in OVS. I certainly know there are valid use cases, and we've been working on a few of them internally already.
For most use cases, keep in mind that in Nutanix, each node has full network access, such that (for example) a 3 node cluster would have (at minimum) 60 Gbits of bandwidth going into it (assuming 2x 10Gbits per node). That math, of course, goes up linearly with node count or with an increase in NIC speed (like 25/40/100g interfaces).
对于像服务提供商这样的人,这更有意义,因此他们可以塑造租户内特定租户或应用程序的流量,这是我们在内部探索此用途的地方。
与之相关的是,我们将在下一个版本中发布使用OVS的服务链,作为微分分量功能的一部分,这很有趣。
+2
乔恩,
感谢您的快速答复。我的组织是Nutanix和HCI的新手,如果我问基本问题,我的道歉...
我们是VMware商店,但我们正在建造的群集之一仅是AHV。由于目前在AHV Open VSWitch上无法使用网络I/O控制或流量构成,因此您可以为客户提供处理VM实时迁移的建议,因为它可能会使10GB链接饱和(正如我们在VMware VMotion中看到的那样事件)还携带数据和复制流量?还是您在对我的问题的初步答复中所说的那样,这不是Nutanix的问题?再次感谢。
+29
不用担心,每个人都必须从某个地方开始。
In general, its not a problem due to the reasons I mentioned, given you've got copius amounts of bandwidth and live migration events are relatively rare in Nutanix. Stacked together with data locality, where reads are mostly kept off the network, those network adapters will be sitting at lower-ish utilization that you'd expect.
我们是Nutanix的Kiss原理的忠实拥护者,因为大多数事情都“工作”,这非常好。
也就是说,很高兴知道什么并知道我们所做的原因,因此我建议您在此处查看AHV网络指南:伟德国际 391
https://portal.nutanix.com/#/page/solutions/details?targetId=BP-2071-AHV-Networking:BP-2071-AHV-Networking
That should give you some good background. After you read that, you'll find that you'll likely want to use either balance-slb or balance-tcp for load balancing policy on the OVS side, which does give you better load distribution than the default (active/backup), which is the default simply because its the most compatible for almost anyones network setup, so its very easy to get going.
即使您保留了默认值,您仍然会有每个节点线性缩放的带宽量。
+2
乔恩,
我们决定仅使用2x10GB适配器进行我们的部署,并将使用OVS Balance-SLB LB策略。通过这种配置,是否可以将实时迁移流量,管理流量等固定到特定主机NIC?如果是这样,当链接失败以及链接返回在线时,固定作业会发生什么?我了解Nutanix希望保持简单,但只是想知道此选项是否可用。
同样,我要对您提供的所有信息表示衷心的感谢。
+29
No, there isn't the same construct of pinning in OVS (at least what we expose on the ntnx side). All of those traffic types will exist on the same bridge within OVS.
很高兴能帮助你
- 乔恩
+2
乔恩(Jon),埃斯潘(Erspan)呢,开放式vswitch支持它?如果没有,什么是替代解决方案?谢谢。
+29
Check out the general OVS product level FAQ here:
http://docs.openvswitch.org/en/latest/faq/configuration/
TLDR - no, OVS doesn't support ERSPAN but does have some other tunneling technologies. Either way, we dont have that particular tunneling technology plumbed into our side, so we can't set up that tunnel automatically, etc
+2
Can we set up the GRE tunnel manually? In doing so, will this be a supported configuration and can we ask Nutanix support to assist us in troubleshooting set up or configuration issues?
+29
(从技术上讲是),但是不,它不会得到支持,我们真的不建议这样做。
每次您在给定的VM上进行任何类型的操作,例如电源关闭,迁移,高可用性,重新启动,克隆等时,都可能会破坏任何不受支持的更改。这是因为这是因为我们将是一种改变控制飞机没有编程,因此它将在其业务上覆盖它。那是最好的情况。最坏的情况,我们没有测试过,所以我们不知道任何意外的副作用。
That said - Could you expand on what you're hoping to accomplish here? I know what tech you're talking about, but I'm wondering what your specific use case is, so I can take it back to the team here.
+2
这是我们的用例...在同一网络段上的同一主机上的2 VM相互交谈。我们如何捕获这两个VM之间的流量?
+14
网络功能链今天可以在AHV中做到这一点。您将创建一个TAP模式网络函数VM,并将其放入这些VM使用的网络中。这将使您能够在同一“网络”上捕获VM之间的流量,无论它们是否在同一主机上。启用该网络函数链时,所有往返VM的流量都必须流过网络函数链。
https://portal.nutanix.com/#/page/docs/details?targetID=AHV-ADMIN-GUIDE-V55:AHV-AHV-AHV-INTEGRATE-with-network-network-intwork-intwork-functions-intro-c.html
我正在撰写博客文章以介绍此用例。这是显示其工作原理的图像。您可以执行内联端口或TAP端口。
+2
谢谢杰森。我有几个问题...
Currently, we're sending the captured traffic to our Viavi appliance, is it possible to do the same with the Network Function VM? Are the NFV's running Linux, are they accessible via the console (or any other means) and managed using CLI? Is ERSPAN supported by the NFV's? Thanks again.
+14
Depends on where you're capturing the traffic from, where you're sending it to, and how you're sending it.
The NFV I referred to is a special VM that runs on every single AHV host in the cluster. You provision this VM and mark it as an agent VM. Then you add it to a network function chain. This VM can run any OS that's supported on AHV, and you can decide whether to hook up a single interface as a tap, or multiple interfaces as inline.
This NFV VM can receive, inspect, and capture in tap mode. In inline mode it can do these function AND decide to reject or transmit the traffic. In the example diagram above, imagine that VM as a Palo Alto Networks VM-Series firewall. I've also used the Snort IDS in my own lab.
通过在网络函数链中配置的这种类型的NFV,您只能捕获在AHV上运行的VMS发送或接收的流量。您无法捕获物理主机发送的流量,也无法将ERSPAN类型流量发送到NFV VM。
If you setup a regular VM on AHV, you can use this to receive ERSPAN traffic from outside sources, since all that's required is the IP address of the VM. It's up to you to decide what software you want to install inside this VM. You could use something as simple as tcpdump if you wanted, or you could install a VM with software from a 3rd party vendor for analyzing traffic.
+29
当我们说网络函数VM时,在您的情况下,我们将提到Viavi。它必须与要从中捕获流量的系统在同一主机上运行。
To be clear, this isn't some special VM we're providing. The chaining feature in AHV allows you to either put "tap mode" devices where you get a local mirror
或者
在线模式设备,就像IDS/IPS/防火墙类型设置
![](\"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/attachment\/3877i6F0F52626C27FFD5.png\")
<\/a><\/p>","quoteUsername":"bbbburns","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">