Virtual LANs for your Acropolis Hypervisor Virtual Machines

  • 14 December 2015
  • 2 replies
Virtual LANs for your Acropolis Hypervisor Virtual Machines
Userlevel 7
Badge +35
In the first article of our four part Acropolis Networking series we tackled Load Balancing. Today we'll look at placing the Acropolis Hypervisor and Controller Virtual Machine in the correct VLAN for traffic segmentation.
Storage and management traffic are typically separated from user virtual machine traffic, and with Nutanix AHV this is no exception. VLANs provide a convenient way to segment the different traffic types and even segment between types of User VMs. With virtualization, many VLANs are often trunked to the physical servers to account for the different networks used by virtual machines.
In Nutanix, the recommended VLAN configuration is to place the CVM and Acropolis Hypervisor in the default "untagged" (or native) VLAN as shown below.

Note that in this default configuration VLANs 101 and 102 are still trunked to the AHV host for user VMs. Configuration of VM networks will be covered in our next blog post and video using both Prism and aCLI!

Traffic destined to AHV and the CVM will not contain a VLAN tag. If the default configuration of sending untagged traffic to the AHV and CVM is not desired, or is disallowed by security policy, VLAN tags can be added to the host and the CVM with the following configuration.

Configure VLAN tags on br0 on every AHV host in the cluster. Repeat this config on all hosts.

nutanix@CVM$ ssh root@ "ovs-vsctl set port br0 tag=10"
nutanix@CVM$ ssh root@ "ovs-vsctl list port br0"

Configure VLAN tags for the CVM on every CVM in the Nutanix cluster. Repeat on all hosts. I prefer to do this manually per host (one at a time) rather than using the "allssh" command, just in case my network admin hasn't actually trunked the switch ports properly!

nutanix@CVM$ change_cvm_vlan 10

In this design, the AHV host and CVM traffic will be tagged with VLAN ID of 10. Again, user VM traffic will be tagged in the network as configured in Prism or aCLI.

Storage data and management traffic for the CVM will all be carried together in VLAN 10 in the previous example. If network segmentation is required between storage data and management traffic to meet security requirements, please see KB article KB-2748.

Now the CVM and AHV hosts can communicate on their own network, separate from user VM traffic. Make sure to follow up in our next blog post for information on how to bring VLANs to VMs on Nutanix AHV.

This post was authored by Jason Burns, Senior Solutions & Performance Engineer at Nutanix

This topic has been closed for comments

2 replies

Userlevel 1
Badge +5
Great post, used it many times :)

If you want to VLAN tag your management traffic and have access to your switches, you can set native vlan by port basis. This way untagged (management) traffic arriving to Nutanix switch port will be tagged to native VLAN. No need to change bridge and VLAN settings for each AHV host / CVM.

Works at least with Brocade VDX switches.

More info in my blog:
Userlevel 3

vlan 101 tagged traffic between guest vm on two nodes in cluster is not reaching should i make any changes on bro-up port of br0. Thanks in advance.