Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP Integrity Virtual Machines Version 4.0 Installation, Configuration, and Administration > Chapter 8 Creating Virtual Networks

Configuring VLANs

» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

A local area network (LAN) defines a broadcast domain in which bridges and switches connect all end nodes. Broadcasts are received by every node on the LAN, but not by nodes outside the LAN.

A virtual LAN (VLAN) defines logical connectivity instead of the physical connectivity defined by a LAN. A VLAN provides a way to partition a LAN logically such that the broadcast domain for a VLAN is limited to the nodes and switches that are members of the VLAN.

VLANs provide the following benefits:

  • Enhanced security through traffic isolation within nodes that are VLAN members

  • Bandwidth preservation, limiting the broadcast domain to a VLAN instead of the entire LAN

  • Enhanced manageability for node migrations and network topology changes

Figure 8-2 illustrates a basic virtual machine VLAN that allows guests on different VM Host systems to communicate.

Figure 8-2 Integrity VM VLAN Configuration Example

Integrity VM VLAN Configuration Example

A vNIC on a guest is associated with a port on the vswitch and all network communication to and from the guest passes through this vswitch port. You can configure VLAN rules on the individual ports of the vswitch, similar to most physical switches. Each VLAN is identified by a VLAN identifier (VLAN ID). The VLAN ID is a number in the range 0-4094. A port on the vswitch can be assigned a VLAN ID that identifies the VLAN to which the port (and, therefore, the guest vNIC using that port) belongs.

Ports on a vswitch that are configured for the same VLAN ID can communicate with each other. Ports on a vswitch that are configured for different VLAN IDs are isolated from each other. Ports on a vswitch that do not have any VLAN ID assigned cannot communicate with ports that have a VLAN ID assigned, but they can communicate with other ports that have no VLAN ID assigned.

If the guest has to communicate with the VM Host or outside the VM Host over a VLAN, additional configuration is necessary. For communication to the VM host, configure a VLAN interface on the VM host interface for that vswitch. This VLAN interface should have the same VLAN ID as the guest port. For information about configuring VLANs on the VM Host, see the Using HP-UX VLANs manual. Do not use the hpvmnet command to create a virtual switch that is associated with a VLAN port on the VM Host (that is, a LAN created with lanadmin -V). This “nested VLAN” configuration is not supported.

Frames arriving at the vswitch from a guest can be “tagged” by the vswitch. Tagging consists of inserting the VLAN ID information into the MAC header before forwarding the frame on. Tagged frames destined for a guest are always stripped of the tag information in the frame before being forwarded. For Integrity VM, only tag-unaware guests are supported.

To configure a VLAN, follow this procedure:

  1. Create and start the vswitch. For example, to create and boot vswitch vmlan4 on lan1, enter the following command:

    # hpvmnet -c -S vmlan4 -n 1 # hpvmnet -b -S vmlan4
  2. Use the hpvmnet command with the —u option to create the port and assign it a VLAN ID. For example, to create ports 1 and 2 for VLAN 100, enter the following command:

    # hpvmnet -S vmlan4 -u portid:1:vlanid:100 # hpvmnet -S vmlan4 -u portid:2:vlanid:100
  3. Add the vswitch ports to the guest configuration using the hpvmmodify command. For example, to add the new VLAN ports to guests vm1 and vm2, enter the following command:

    # hpvmmodify -P vm1 -a network:lan::vswitch:vmlan4:portid:1 # hpvmmodify -P vm2 -a network:lan::vswitch:vmlan4:portid:2

The following command shows the resulting configuration:

# hpvmnet -S vmlan4 Name Number State Mode PPA MAC Address IP Address ======== ====== ======= ========= ====== ============== =============== vmlan4 2 Up Shared lan4 0x00127942fce3 192.1.2.205 [Port Configuration Details] Port Port Untagged Number of Active VM Number state VLANID Reserved VMs ======= ============ ======== ============ ============ 1 Active 100 2 vm1 2 Active 100 1 vm2 3 Active none 2 vm1 4 Active none 1 vm2

The two virtual machines, vm1 and vm2, have access to the virtual switch vmlan4 and are active on VLAN 100. Specifically, port 1 (guest vm1) and port 2 (guest vm2) can communicate with each other. Port 1 (guest vm1) and port 4 (guest vm2) cannot communicate with each other.

The hpvmnet command displays the following information about the VLAN ports:

  • Port number.

  • State of the port. Table 8-2 describes the possible VLAN port states:

    Table 8-2 VLAN Port States

    StateDescription
    ActiveThe port is active and is allocated to a running guest. No other guests with the same vNIC with the same vswitch and port can start
    DownThe port is inactive and is allocated to a running guest. No other guests with the same vNIC with the same vswitch and port can start.
    ReservedAt least one guest reserved the port for its vNIC, but no guest that uses the port is running.
    AvailableNo guest reserved the port for its vNIC. When a VLAN is configured on the port, that port is displayed as Available. If no VLAN is configured, the port is not displayed at all.

     

  • The untagged VLAN ID number (if any)

  • The number of virtual machines that have access to the VLAN

  • The names of virtual machines that are up and that have access to the VLAN

Cloning Guests with VLAN Information

If you use the hpvmclone command to clone guests, the operation automatically assigns new port numbers for new guests. To assign the same port number to the new guest, use the —S option, as follows:

# hpvmclone -P vm1 -N vmclone1 -S

This command creates a new guest (vmclone1) based on the existing guest vm1, and preserves the vswitch port number so that the new guest will have access to the same VLANs as the existing guest.

Displaying VLAN Information

You can display the vswitches and ports on a vswitch used by a guest using the hpvmstatus command. For example, to display the network information about the guest named vm1, enter the following command:

# hpvmstatus -P vm1 . . . [Network Interface Details] Interface Adaptor Name/Num PortNum Bus Dev Ftn Mac Address ========= ========== ========== ======= === === === ============== vswitch lan localnet 1 0 1 0 de-19-57-23-74-bd vswitch lan localnet 2 0 2 0 7a-fb-4e-68-4f-5f vswitch lan vmlan4 1 0 4 0 16-e8-c6-fa-b5-bc vswitch lan vmlan4 2 0 5 0 fa-18-82-9f-1a-95 vswitch lan vmlan900 1 0 6 0 86-81-0b-6d-52-36 vswitch lan vmlan900 2 0 7 0 6a-b9-cf-06-02-94 . . .

The preceding example shows the Network Interface Details portion of the hpvmstatus display. In the list of network interfaces, note that each virtual network connection is associated with either port 1 or port 2 of several vswitches. The vswitch named vmlan4 is associated with Bus/Dev/Ftn 0/4/0 on port 1, and with 0/5/0 on port 2.

To disable a VLAN, use the following command:

# hpvmnet -S vswitch-name -u portid:portnum:vlanid:none

To display information about a specific VLAN port, include the -p option to the hpvmnet command. For example, display VLAN information for port 2 on the vswitch named vmlan4, enter the following command:

# hpvmnet -S vmlan4 -p 2 Vswitch Name : vmlan4 Max Number of Ports : 100 Port Number : 2 Port State : Active Active VM : vm1 Untagged VlanId : 100 Reserved VMs : vm1 Adaptor : avio_lan

To view the all the VLANs defined on the vswitch named vlan4, enter the following command:

# hpvmnet -S vmlan4 -p all Vswitch Name : vmlan4 Max Number of Ports : 100 Configured Ports : 4 Port Number : 1 Port State : Active Active VM : vm1 Untagged VlanId : none Reserved VMs : vm1 Adaptor : avio_lan Port Number : 2 Port State : Active Active VM : vm1 Untagged VlanId : 100 Reserved VMs : vm1 Adaptor : avio_lan Port Number : 3 Port State : Active Active VM : vm2 Untagged VlanId : none Reserved VMs : vm2 Adaptor : avio_lan Port Number : 4 Port State : Active Active VM : vm2 Untagged VlanId : 100 Reserved VMs : vm2 Adaptor : avio_lan

Configuring VLANs on Physical Switches

When communicating with a remote VM Host or guest over the network, you might need to configure VLANs on the physical switches. The physical switch ports that are used must be configured specifically to allow the relevant VLANs. If the remote host is VLAN aware, You must configure VLAN interfaces on the host for the relevant VLANs. Use thelanadmin command to configure VLANs on a remote HP-UX host. For example, to configure a VLAN interface with VLAN ID 100 on lan4, enter the following command:

# lanadmin -V create vlanid 100 4 Successfully configured lan5000: vlanid 100 name UNNAMED pri 0 tos 0 tos_override IP_HEADER pri_override CONF_PRI ppa 4
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.