Daniel,
Dag very well explained the problem with VMware and Virtual Guest Tagging
(VGT). I could add to that, if you'd use a Distributed Virtual Switch (DVS)
you effectively can limit tags on a trunked connection to a Vmware Guest.
So you would need to:
(1) Use VMware DVS (Enterprise Plus Feature
Hi Daniel,
Yes you could do .1q at an interface level for the VR ( this is what we do with
KVM networking ). However this brings you a couple of stumbling blocks:
1) For you to trunk VLANs to this interface it would need to be attached to a
trunked vSwitch – which is currently all or nothing in
Hi Dag,
you would need to do that with the Linux dot1q kernel module, yes. This way you
can create virtual interfaces with VLAN tags and bind them to one NIC. We are
routing and firewalling in software anyway, I do not see any considerable
additional overhead here. Instead of “physical” NICs, w
There is the statement of a citrix employee:
https://discussions.citrix.com/topic/389152-remove-the-limit-of-seven-nics/
2017-08-15 14:56 GMT+02:00 Dennis Meyer :
> Well, the other point is citrix is supporting more nics than seven if
> using the CLI.
> How does CloudStack speaks to XenServer, vi
Well, the other point is citrix is supporting more nics than seven if using
the CLI.
How does CloudStack speaks to XenServer, via the RPC API or CLI? That would
be interesting because of the exception CloudStack throws if i try to add
more than seven through the gui or api.
2017-08-15 14:34 GMT+02
Hi Daniel,
The mechanism for isolating L2 traffic is at the vSwitch level – there is no
way to VLAN tag the at the NIC level for a VM in VMware. Your only other option
is therefore to VLAN tag at the guest OS level which adds security issues +
overhead, etc.
Regards,
Dag Sonstebo
Cloud Archit
Hi Dag,
thank you for your answer. As far as I know, the end user never has direct
access to the virtual router. I am not talking about adding a VLAN tag at the
user VM, only at the VPR, where the limit most likely comes into play when
creating a number of tiers in a VPC.
We could do both: nor
Hi Daniel,
In theory that could work – but keep in mind we are working in a multi-tenant
environment, where guest isolation must be guaranteed, hence cannot ever be
exposed to normal users. The isolation method must be abstracted from the end
user VMs – otherwise you would have a potential secu
Hi,
we are hitting the same limitation, except that we can use 10 NICs on VMware.
The fact that we also use the Private Gateway functionality addes another NIC,
besides the management and outside NIC which is present as well.
I wonder that is the reason for one NIC per tier? Why not just use on
Hi Dennis,
Any tier or network which is accessible and part of a VPC requires an interface
on the VPC Virtual Router.
What you can however do is create separate shared networks and connect these as
secondary networks to your VMs – these shared networks get their own VR.
Regards,
Dag Sonstebo
C
Hi,
im using xenserver as hypervisor so im limited to 7 nic's / vm, so the
router vm cant handle more than 7 nics which corresponds to 7 networks
inside a vpc. I had created some networks for different drbd and corosync
stuff, they dont need a gateway, dhcp and a router vm. How should a network
of
11 matches
Mail list logo
