Citrrix Xe

enSerrver Design
D n:
Introoduction to
t XenServver N
Netwo
orking
g

www
w.citrix.com
Contents
About ....................................................................................................................................................................... 4 

Purposse of the Guide ....................................................................................................................................... 4 

nce ............................................................................................................................................................. 5 
Audien

ons ............................................................................................................... 5 
Findingg Configuratiion Instructio

Visual Legend
L .................................................................................................................................................... 6 

Additio ology ................................................................................................................................... 7 

onal Termino

Chapter 1: on ....................................................................................................................................... 8 
1 Introductio

Chapter 2: working Conccepts ..................................................................................... 10 

2 Basic XenSServer Netw

Introduuction to Xen working .....................................................................................................10 

nServer Netw

o Networks ................................................................................................11 
Conneccting Virtual Machines to

Networrking Configguration afterr Installation......................

. .......................................................................13 

Impactt of Pools on
n XenServer Networking
N ......................
. .......................................................................14 

Sequen orking Configguration Taskks .........................................................................................17 

nce of Netwo

Cabliing Configurration for XenServer .....................................................................................................17 

Conn
necting XenSServer to Phyysical Switchees .........................................................................................20 

Chapter 3:
3 Sample Neetworking Sccenario ....................................................................................................... 22 

Examp
ple: Adding Virtual
V Machiines to a Nettwork ...................................................................................22 

Creatting Networkk Resiliency through

t Bon
nds........................................................................................23 

Conn
necting a VM
M to a Netwo
ork using Virttual Interfacees....................................................................25 

Segreegating VM Traffic
T nt and Storagge Traffic........................................................27 
from Managemen

Scenaario 1: Segreggating Traffic .................................................................................................................28 

Scenaario 2: Usingg the Manageement Netwo

ork for VM T
Traffic ............................................................29 

Scenaario 3: Isolatting VM Trafffic on a Privvate Networkk ......................................................................30 

Scenaario 4: Conn
necting VMs to
t Multiple Linked
L VLAN
Ns ..................................................................32 

Page 2
Version History
H ................................................................................................................................................... 38 

Page 3
 Abo
out

This guid
de helps you understand
u XenServer
X neetworking annd design a networking co
onfiguration for
XenServeer environmeents. It includ
des the followwing topics:

 The
T correct seequence in which
w to conffigure XenServer networkking

 Guidance
G abo
out cabling XenServer
X hosts and connnecting them to physical sswitches

 How
H XenServver networkin
ng behaves in
n a pool

 An
A overview of
o basic netw
working conccepts, includiing bonds annd the primarry managemeent
in
nterface

Purpo
ose of the
t Guide
This guid
de uses a scen
nario-based approach
a to explain
e basicc XenServer nnetworking cconcepts.
Learning XenServer networking
n concepts provvides the fouundation for uunderstandin
ng networkin
ng
design an
nd best practiices.

Since thiss guide is meant to help you

y achieve a high-level uunderstandingg of networkking, it does n not
include in
n-depth inforrmation abouut networking features, suuch as qualityy of service o or bonding.
Likewise,, this guide generally doess not providee configuratioon instructioons except as needed to cllarify
concepts..

This guidde assumes thhe most common method d of managinng XenServerr is through X XenCenter, sso it
typically refers
r to Xen
nCenter. Howwever, it does provide CL LI commandds as well in ssome cases.
Howeverr, because thiis is a concep
pts guide, it iss assumed yoou will find innstructions in
n the
administrrative docummentation, as described in “Finding Coonfiguration Instructions”” on page 5.

Page 4
Audie
ence
Before reeading this guuide, you sho
ould have a basic
b knowleddge of physiccal networkinng and, ideallly,
the physical network infrastructur
i e in your envvironment. T
This guide haas several auddiences:

 Application
A Administrat
A tors. XenApp p and XenD esktop adminnistrators wh ho are
mplementingg a virtualizatiion solution to virtualize Citrix produucts, IT infrastructure, or
im
other applicattions they maanage.

 hitects. Systeems architectts who are deesigning a virrtualized envvironment.

Syystems Arch

 In
nfrastructurre Engineerss and Netw work Adminiistrators. Neetworking and storage
professionals who configuure storage orr manage thee Layer 2 netw
work infrastrructure in theeir
organizations..

This guid de assumes th

hat you are faamiliar with basic
b XenSerrver conceptss, including X
XenServer
installatio
on, XenCenteer, resource pools,
p and th
he pool masteer.

Finding Con
nfigurattion Ins
structio
ons
You can find networkking configurration instrucctions in the following loccations:

 XenCenter
X Help.
H The XeenCenter helpp provides UUI-based stepp-by-step insttructions usin
ng
XenCenter,
X th
he XenServerr UI-based ad
dministrationn console. Ussers who are not comforttable
with
w the XenSServer xe CLI commandss, may prefer this option.

 XenServer
X Ad dministrator’s Guide. The
T XenServerr Administratoor’s Guide pro ovides comm mand-
lin
ne based insttructions for performing networking ttasks. For integrators, it aalso providess
in
nformation about XenSerrver networkking from thee object-moddel perspectivve.

Page 5
Visua
al Legend
This guid
de relies heavvily on diagrams to explain
n key conceppts. These diaagrams use th
he followingg
icons:

Icon Meaaning

Virtu
ual Machinee (VM). A vi
virtual compuuter that runss on the
XenSServer host.

Virtuual Interfacee. On VMs, the logical innterface that appears and

functions like a NIC
N is knownn as a virtuall interface. A virtual interface
lets VMs
V send an nd receive network trafficc. Some prodduct literaturee
referrs to virtual in
nterfaces as V
VIFs and virrtual NICs.

Netw work. A netwwork is the vvirtual networrk switching fabric built iinto
XenSServer that leets you conneect your virtuual machiness. It links thee
physsical NICs to the virtual innterfaces andd connects th
he virtual
interrfaces togetheer.

Hosst. A XenServver host is thhe physical coomputer on w

which XenSeerver
runs.

NIC
C. The physiccal network innterface cardd (NIC) in a h
host.

Pooll. A XenServver resource ppool is a connnected group

p of up to 166
hostss which, com
mbined with sshared storagge, provides a platform too run
virtuual machines.

To jo
oin hosts to a pool, they rrequire broaddly compatib
ble hardware and
shouuld be runnin
ng the same XXenServer veersion and paatches.

Poolls comprise a pool masterr and suborddinate serverss known as ppool

mbers (sometiimes also refferred to as ""slaves"). Thee pool master
mem

Page 6
 provvides a single point of conntact for all thhe servers in
n the pool and the
mastter will forwaard commandds to individuual pool mem mbers as
necessary.

Physsical Switch
h. The devicee on a physicaal network th
hat connects
netw
work segmentts together.

This guide presennts physical sswitches eithher as a three--dimensionall

physsical box or as
a a one-dimeensional paneel with ports.

NIC
C Bond. In th
his guide, encclosing NICss in green rep
presents a bo
ond.

A NIIC bond is a pair of NIC s configuredd so they logically function

n as
one network
n cardd. NIC bondding is also knnown as NIC C teaming.

Addittional Termino
T ology
These terrms appear in
n the sections that follow
w:

Primary Managemeent Interfacee. The primarry managemeent interface is a NIC asssigned an IP

address th
hat XenServeer uses for its managemennt network, iincluding, buut not limitedd to, traffic
between hosts,
h between a host and d Workload Balancing
B annd for live miigration.

VM trafffic. The traffi fic going to or from a VMM. This trafficc may be from m the VM’s gguest operatiing
system orr data users send
s to the ap
pplication on
n the VM. VM M traffic refeers to the staandard netwo
ork
traffic thaat was in youur environmeent before yo ou virtualizedd servers and their applicaations. This is
sometimees referred to o as guest traffic or VM/gguest traffic.

Page 7
 C
Chapte
er 1: Introduction

This docuumentation explains

e basicc networkingg concepts annd their appliication by ussing a series o
of
scenarios to illustrate the conceptss. The scenarrios begin im
mmediately affter installatio
on and end wwith
ng a VM to a network.
connectin

These sam mple scenarioos focus on three

t differen
nt types of nnetworks: Extternal Netwo orks, VLANss, and
single-serrver private networks.
n If you
y configurred the scenaarios demonsstrated in thiss guide, by thhe
time you finished, youu would create a deploym ment that lookked like the ffollowing illuustration.

This illustrration shows hoow virtual macchines connect too three differentt types of netwoorks: an externnal network, a
VLAN network,
n and a single-server private network..

Page 8
This guid
de explains th
hese types off networks byy providing thhe followingg information
n:

Chapter 2 introducess XenServer networking

n and
a explains how to preppare for XenSServer netwo orking
configuraation by conffiguring the physical
p infraastructure andd hardware layers in yourr environmennt,
includingg the correct sequence forr physically configuring nnetworking. T The chapter aalso discusses the
effect poo oling XenSerrver hosts haas on networkking and desscribes the neetworking coonfiguration aafter
installatio
on.

Chapter 3 provides several samplle scenarios that t illustrate how to add virtual mach hines to a
network. The first sceenario guidess you through h the processs of segregatiing different types of trafffic,
includingg storage and managemen nt traffic. Thee second scennario gives yoou an alternaative to dediccating
NICs to specific
s typess of traffic; itt shows an exxample of ussing the manaagement netw work for
managem ment and VM M traffic. The third scenariio shows an example of hhow to segregate traffic b by
creating a single-serveer private nettwork on a host.

If you waant to review

w XenServer networking
n concepts
c befoore reading tthis informatiion, see the
“Visual Legend”
L on page
p 6.

Page 9
 Chapte
er 2: Ba
asic Xen
nServer Netwo
orking Concepts

This chap
pter includes the followin
ng topics:

 An
A introductio
on to XenServer networkking

 The
T network settings creatted during in
nstallation

Introd
duction
n to Xen
nServer Netwo
orking
XenServeer provides virtual
v networrking featurees that let youu build netwoorks for yourr virtual machines
the same way you build networks for physical machines.

The VMs connect to threee different typees of networks: an office netwoork, an internaal private netwoork, and a VL
LAN.

Page 10
You can connect virtuual machiness to your prod
duction netw work like youu connect phyysical machinnes
or build private
p netwo
orks within a host or poo
ol for testing, developmennt, or securityy purposes. Y
You
can connect virtual machines
m to yo
our VLAN networks
n usinng standard V
VLAN configurations.

The mostt important networking

n components
c XenServer
X leets you configgure are virtuual interfaces an
nd
networks:

 Virtual
V interffaces. Virtuaal machines connect
c to neetworks usingg virtual NIC
Cs, known ass
viirtual interfacces. Virtual in
nterfaces let VMs send annd receive neetwork traffic. You can assign
eaach virtual in
nterface its ow wn IP addresss and MAC address. Som me product liiterature refeers to
viirtual interfacces as VIFs and
a virtual NICs.
NI

 Networks.
N XenServer
X hass an internal virtual
v switchh, known as a network, th
hat lets virtual
machines
m on a XenServer host commuunicate with eeach other ussing the same networkingg
protocols thatt are used on
n physical nettworks.

A network is the t logical neetwork switch hing fabric bbuilt into XennServer that lets you netwwork
yoour virtual machines.
m It liinks the physsical NICs too the virtual iinterfaces andd connects th
he
viirtual interfacces together. These netwo orks are virtuual switches that behave as regular L22
leearning switches. Some veendors’ virtuualization prooducts refer tto networks aas virtual switcches
or bridges.

Conn
necting Virtuall Machiines to Networks
When youu are configuuring network connectivitty on XenSerrver hosts, yoour ultimate goal is to
connect the
t VMs to a network. To o do this:
1. Connect
C the host
h to a phyysical networkk. (For VMs without exteernal networkk connectivitty,
yo
ou would con
nfigure a privvate networkk instead.)
2. Connect
C the VM
V by creatin ng a Virtual Interface
I forr it and connecting the Viirtual Interfaace to
a network. Ass shown in th
he illustration
n on page 10,, the virtual iinterfaces on the VMs
co
onnect to networks in a host
h and then n connect to a physical neetwork throuugh the host’’s
NIC.
N
One way to think abo out these taskks is that youu need to connfigure conneectivity at both the hardw
ware
and virtuaal layers as sh
hown in the illustration th hat follows.

Page 11
This illustrration shows thhe order in whicch you should configure
c netwo rking in your vvirtual environmment: (1) Start
rt on
the physicaal infrastructuree layer, which means
m connectinng NICs to swi
witches; (2) conffigure the hardw
ware layer, whiich
means connnecting hosts to networks and configuring theese networks; (3(3) configure thee virtual layer, which means
attaching VMs
V to networrks through virrtual interfaces.

Importan nt: Configuriing networkiing in the ord der listed desscribed in “Seequence of N Networking
Configuraation Tasks”” on page 17 is critical. If you vary from m this sequeence, the primmary manageement
interface may not be configured
c coorrectly on each
e host. If tthis occurs, aall VMs in th
he pool may sstart
on the poool master an
nd not their home
h or optiimal servers.

Page 12
Netw
working Config
guration
n after IInstalla
ation
After insttallation, the XenServer host
h has all thee informationn it needs to connect to aat least one o
of
your exteernal networkks. This is because you deefine the folloowing netwoorking option
ns while instaalling
XenServeer:

 IP
P Address Configuratio
C on and Otheer Settings. Y You set the hhost’s initial XenServer
networking coonfiguration when you firrst install XennServer on thhe physical ccomputer.
XenServer
X Settup configurees options, suuch as the IP
P address connfiguration (D DHCP/static),
based on the values
v you prrovide duringg installationn.

 Network
N Connnectivity. XenServer
X in
nstallation preepares each N
NIC connectted to a switcch
fo
or network connectivity by b creating on ne network ffor each NICC. This mean
ns that if the h
host
has, for exampple, three NIICs, XenServver creates thhree networks: Network 00, Network 1,
Network
N 2. Fo
or a visual exxplanation, seee page 14.

 Primary
P Man nagement In nterface and d the Manag gement Nettwork. Durin ng XenServerr
Seetup, you speecify an IP ad
ddress for onne NIC. XennServer uses tthat NIC to connect to yyour
organization’ss network and d to carry maanagement trraffic for funnctions like communicatin ng
with
w other hosts in a pool,, XenCenter, Workload B Balancing, annd other commponents. Thiis
NIC
N is known n as the primaary managemennt interface. Thhis is the onlyy NIC that Seetup configuures
with
w an IP add dress.

The illustration th
hat follows sh
hows a regulaar (unconfiguured) NIC annd a NIC con
nfigured as a
primaary managem ment interfacee.

This illustrration contrastss a regular NIC

C with one conf
nfigured as the pprimary managgement interfacce. The primaryy
managemennt interface hass an IP addresss, subnet mask,k, and gateway assigned to it.

Page 13
During in
nstallation, XenServer
X also
o creates a seeparate netw
work for eachh NIC it deteccts on the ho
ost.
Unless yo
ou change thiis set up, XennServer uses the additionnal NICs on tthe host for VM traffic o only.

The illusttration that fo

ollows shows an examplee of XenServver’s initial neetwork configguration
followingg installation.

This illustrration shows hoow, during insttallation, XenS

Server lets you cchoose a NIC as the primaryy management
interface. In
I this case, the administratorr selected NIC00. XenServer uuses the other N
NICs for VM traffic.

Most envvironments reequire additioonal configurrations to theese basic nettwork settinggs. These can
n
range from creating pools
p to integgrating additio
onal networkks, connectinng your VMs to those
networks, and configuuring a separrate storage network.
n Thee scenarios inn the followinng chapter
provide examples
e of these
t tasks.

Note: If you plug anyy NICs into switches

s after installing XXenServer, if you cannot ssee the NICss in
XenCenteer or xsconsoole, you migh
ht need to eitther a) run xxe pif-list or xe pif-plug in the CLI o
or
reboot th
he XenServerr host.

Impact of Po
ools on
n XenSe
erver N
Network
king
Networkiing is a pool--level featuree in XenServeer. When youu change netw
tworking on tthe pool masster,
XenServeer synchronizzes all hosts ini a pool to use
u the samee network setttings.

As a resuult, for XenSeerver to operrate correctly, you must ennsure that neetwork settin
ngs match acrross
all hosts in
i the pool, including:
i

 Which
W NICs are
a bonded

 Which
W NICs are
a configureed as the prim
mary manageement interfaace

 Which
W NICs connect
c to sttorage

Page 14
The netw
works to whicch NICs conn
nect must bee the same onn the correspponding NIC
Cs on each ho
ost in
the pool.

This illustrration shows tw

wo hosts joined together in a pool
p before any networking connfiguration is pperformed on thhem.

Ideally, yoou should ad

dd all desired hosts to thee pool beforee configuringg any networkk settings.
Pooling the
t hosts befofore configuriing networkiing creates clleaner recordds in XenServver’s internall
networkin ng-configuraation database.

Page 15
These two illustrations shhow how XenSeerver replicates the network seettings created oon the pool maaster on all otheer
hosts in thee pool. In the top
to illustration, NICs 3 and 6 on both hosts ts use Network ks 3 and 6. In tthe bottom
illustrationn, after reconfiguuring NIC 3 on
o the pool masster to use Netw
twork 12 and N NIC 6 to use NNetwork 18,
XenCenterr automaticallyy configures the other host in thhe pool to use tthose settings.

After creaating a new pool

p or joininng a host to an
a existing ppool, XenServver automaticcally replicates
the netwoork settings on
o the master to the joiniing hosts.

When youu use XenCeenter to makee networkingg changes, XeenCenter chaanges the oth
her hosts to
match thee newly mod
dified host. When
W you usee the CLI to cchange netw
work settings, you must either:

 Change
C each host
h manuallly to match th
he modified host’s settinggs

 Make
M the chan
nge on the pool master an
nd restart alll the memberr hosts in thee pool

XenServeer requires neetwork settin

ngs to match across the p ool because of features th hat use live
migration
n, such as XeenMotion, Hiigh Availabiliity, and Worrkload Balanccing. These ffeatures enab ble
the physical server ho t change at any time, andd possibly auutomatically w
osting a VM to without yourr
interventiion. Therefore, the VMs must be ablee to access allll of their targget networkss regardless o
of
which hoost XenServerr moves them m on to.

Page 16
For this reason,
r it is critical
c to havve and maintaiin an identicaal physical caabling, NIC, aand switch
configuraation for eachh host acrosss the pool. Liikewise, Citriix strongly reecommends cchanging thee
physical configuration
c n on all hostss in a pool beefore changinng network ssettings on eaach host.

Importan nt: After join

ning the hostts to the pooll, check the pprimary mannagement inteerface on eacch
member host
h to makee sure that it has its own unique
u IP adddress and/or set the corrrect static IP
address.

Sequ
uence of
o Netwo
orking Configuration
n Tasks
s
Citrix reccommends peerforming yo our initial nettworking connfiguration inn the sequencce that follow
ws to
help ensuure XenServeer stores yourr networkingg configuratioon correctly:

1. Cablee the hosts byy plugging alll NICs into the

t appropriaate switches,, as describedd in “Cablingg
Confi
figuration forr XenServer”” on page 17.

2. Confi
figure the swiitches. See “C
Connecting XenServer
X too Physical Sw
witches” on p
page 20.

3. Installl XenServer on the hostss.

4. Creatte a pool of the hosts, if you

y want to pool
p them. Seee “Impact oof Pools on X
XenServer
Netw
working” on page
p 14.

5. Confi
figure NIC bo
onds and nettworks. For more
m inform
mation, see thee scenarios in
n “Chapter 33:
Samp
ple Networkin
ng Scenario.””

Cabling
g Configuration for XenServe
er
Citrix reccommends pllugging the physical
p Etheernet cables innto all the NNICs and the appropriate
switches before installling XenServver. The ideaal process is aas follows:

1. Iff you did nott cable your hosts

h before installation, pplug all the N h host in the pool
NICs in each
in
nto the approopriate switchh ports.

2. Connect
C the correspondin
c ng NICs on each
e host in tthe pool to thhe same physical switch ((that
iss, the same suubnet).

The
T term correesponding referrs to the NIC
C of the samee number onn another hosst. For example,
NIC
N 3 on Host 1, NIC 3 on o Host 2, NIC
N 3 on Hosst 3. This meeans that each h individual N
NIC
on every host must connecct to the samme physical neetwork as the NIC in thee same positioon
on all other ho
osts in the po
ool.

The follo
owing figure is
i a visual exaample of thiss configuratioon in an enteerprise enviro
onment.

Page 17
This illustrration shows hoow each correspponding NIC on
o both hosts m
must physically connect to the ssame network. Each
switch reprresents a separaate physical netw
work. Each member host’s N
NICs must be cconnected to thee same physicall
networks as
a the corresponnding NICs on the pool masteer.

Ensuringg the cabling on each hostt in the pool is correct is critical. As shhown in the previous
illustratio
on, all NICs must
m connectt to the samee physical nettworks (show wn as separatte switches) aas the
NICs in thet same possition on all hosts
h across the
t pool.

In an envvironment wiith only one logical

l switch
h (for exampple, one that hhas a hierarcchy of switch
hes
that form
m one large ph
hysical netwo
ork), you onlly need to coonnect the NIICs to switch hes on that
network that
t have thee same physiccal or logical (VLAN) connnectivity. TThe example tthat follows
shows hoow you mightt cable such an
a environm ment.

Page 18
This illustrration shows tw
wo switches thatt are connectedd across a backpplane and are oon the same phy
hysical network..
These switcches function log
ogically as one unit.
u Because thhere are no VL LANs configuured on any of tthe ports and all
ports have the same conneectivity, the NIICs can be plugg gged into any poort on these tw
wo switches.

XenServeer cannot dettect if you make any errorrs while settiing up the phhysical netwo ork. For exam
mple,
if a XenServer host exxpects to be able to contaact a specific gateway usinng a certain N NIC, XenSerrver
cannot in orrect. If you receive errorrs, they mighht not indicatte network
ndicate the caabling is inco
configuraation as the cause.
c

Ensuringg that the corrresponding NIC

N on each h host has thee same netwoork configuraation is whatt
ensures th
hat a host’s VM
V attached to, for exam mple, Networrk 1, can commmunicate wiith a VM attaached
to Netwoork 1 on anotther host. Thhis ensures thhat if you miggrate a VM too a new hostt, the VM rettains
the same physical connnectivity afteer migration..

Note: Wh hen you configure netwo NICs plugged in to switches,

orking, if youu do not havee all of your N
you mustt have, at a minimum,
m thee NIC(s) for the
t primary m managementt interface on n all hosts in your
pool pluggged into youur network. Otherwise,
O th
he pool masteer cannot synnchronize itss network setttings
to the meember hosts. Likewise, if you are usingg a dedicatedd NIC for stoorage, you m
must also conn nect
the cabless for that NIIC on each hoost.

Page 19
Connec
cting XenServer to Physical Switchess
When con nnecting a XenServer
X host to a switch
h, you must cconfigure thee switch’s po orts differentlly
than you would when n connecting a workstation to a switchh. There are sspecific, critiical guidelinees
about thee Spanning Tree
T Protocoll (STP) and enabling
e PorttFast. PortFaast lets a swittch port runn ning
Spanningg Tree Protoccol (STP) go directly from
m blocking too forwardingg mode; skipp ping learningg and
listening.

To conn
nect XenServver hosts to switch portts

When con
nnecting Xen
nServer hostts to switch ports,
p changee the followinng:

1. Enab ble PortFast on

o the ports that you are plugging in X
XenServer hoosts. However, note the
follow
wing:

 PortFast
P shouuld only be en
nabled on po
orts connecteed to a singlee host.

 The
T port you plugging Xen
nServer into cannot be a trunk port aand the port m
must be in acccess
mode.
m

 Ports
P used forr storage sho
ould have PorrtFast enableed.

2. Disab
ble port securrity on the po
orts that youu are pluggingg in XenServver hosts.

Port security
s prevvents multiplee MACs from
m being preseented to the same port. IIn a virtual
enviro
onment, VM Ms present muultiple MACss to the samee port causinng your port tto shut downn if
you have
h port security enabledd.

3. Disab
ble the Spann
ning Tree Pro
otocol on thee ports that yyou are pluggging in XenServer hosts.

If youu are bondingg NICs, you should disab

ble the Spannning Tree Prootocol to avo
oid failover ddelay
issuess.

4. If using a Cisco sw
witch, disablee the PortFasst Bridge Prootocol Data U
Unit (BPDU
U) guard featuure
on th
he ports that you
y are pluggging in XenSServer hosts.

The BPDU
B guard
d is a protectiion setting in
n the Spanninng Tree Protoocol that preevents you froom
attach
hing a network device to a switch porrt. When youu attach a netw work device with the guaard
enablled, the port shuts down anda an admin nistrator musst re-enable iit.

Notee: When PorttFast port recceives BPDU Us, the recepttion indicates another briidge is someh how
conneected to the port,
p and it means
m that th
here is a posssibility of a bbridging loop forming durring
the Listening
L and Learning ph hases. In a vallid PortFast configurationn, configurattion BPDUs
shoulld never be received. As a result, Cisco o switches suupport a featture called Po ortFast BPDU
guard
d, which is a feature
f that shuts
s down a PortFast-ennabled port inn the event a BPDU is
receivved. This feature ensures that a bridgiing loop cannnot form beccause the swiitch shuts do own
the poort.

Page 20
5. Chan
nge port speed settings to Static if usin
ng a 10/100 sswitch.

Conn
necting to a 100 MBP/s port
p set the PIF
P speeds too 100 MBPs static with fuull duplex.

Notee: You do not need to chaange speed or

o duplex setttings when coonnecting to
o 1GB switch
hes.

Note: Th
his topic was based on an
nd enhanced from CTX1223158 -- Conssiderations for XenServer Sw
witch
Ports.

Page 21
 Cha
apter 3: Samplle Netw
working
g Scena
ario

This chap
pter providess a scenario-b
based example of how to connect virttual machines to a physical
network. This includees the followiing:

 Seegregating traffic

 Using
U the man
nagement neetwork for traaffic in a veryy small envirronment

Exam
mple: Ad
dding Virtual
V Machin
nes to a Netwo
ork
This sectiion provides a sample sceenario of a siimple networrking configuuration that iincludes
connectin
ng VMs to neetworks, creaating redundaancy, and connfiguring NIICs.

Designingg a XenServeer networking deploymen nt may requirre several tasks, includingg, for examplle,
configurinng redundanncy for netwo ork availabilitty, configurinng NICs, andd, ultimately, connecting V
VMs
to the dessired networkks. During th
his process, you
y might alsso separate ddifferent typees of traffic fo
or
security or
o performan nce reasons (ffor example, separating trraffic for maanaging the X XenServer
platform from VM traaffic).

Before co
onfiguring neetworking onn a pool, you should knoww to which nnetworks youur VMs will n
need
to connecct. A standarrd network co
onfiguration process migh
ght require:

1. Configuring
C reedundancy fo
or network availability.
a

2. Creating
C separrate storage or
o managemeent networkss (used to sepparate managgement or sto
orage
trraffic from VM
V traffic).

3. Creating
C VMss and connecting them to the desired X
XenServer nnetwork(s).

This sectiion provides you with an example of that process.. This sectionn describes th he different
configuraation optionss and steps reequired to puut your virtuaal machines oon the netwo
ork by using a

Page 22
sample sccenario. Whille the scenariio might not directly applly to your ennvironment, iit is designedd to
put XenSServer’s netw
working featurres into conttext.

Creatin
ng Networrk Resilien
ncy throug
gh Bonds
After joinning all hostss to your poo
ol, you may want
w to ensurre that any crritical serverss have high
availabilitty access to th
he network. One way XeenServer lets you achieve high networrk availabilityy is to
create reddundancy thrrough NIC boonding.

NIC bonding is a tech

hnique for in
ncreasing resiiliency and/oor bandwidthh in which ann administratoor
configurees two NICs together so they
t logicallyy function as one networkk card. Both NICs have tthe
same MAAC address annd, in the casse of manageement interfaaces, have onne IP addresss.

XenServeer supports bonding

b two NICs
N togetherr on a host. IIf one NIC inn the bond ffails, XenServver
automaticcally redirects traffic to th
he second NIIC. NIC bonnding is also ssometimes kknown as NIC C
teaming.

You can use

u XenCentter or the xe CLI to creatte NIC bondds. If XenCennter is managging a pool,
XenServeer automaticaally replicatess the bondingg configuratiion across alll hosts in thee pool.

In the illuustration thatt follows, thee primary maanagement innterface is boonded with a NIC so that it
forms a bonded
b pair of
o NICs. Xen nServer will use
u this bondd for manageement trafficc.

This illustrration shows thhree pairs of bonded NICs, inncluding the priimary managem
ment interface. E
Excluding the
Primary Management
M Intterface bond, XenServer
X uses the other two NNIC bonds andd the two un-bonded NICs fo for
VM traffiic.

Page 23
Ensuring
g Resiliencee through Redundant
R Switches
S

When VM M networks use

u bonded NICs,
N traffic is sent over both NICs. If you conneect one of the
NICs in a bond to a second
s (redunndant switch h) and a singlle NIC or sw
witch fails, thee virtual macchines
remain on
n the networrk since their traffic fails over
o to the oother NIC/sw witch.

Provided you enable bonding

b on NICs
N carryin
ng only guest traffic, bothh links are acttive and NIC
C
bonding can
c balance each
e VM’s trraffic between NICs. Likeewise, bondinng the primaary managem ment
interface NIC to a seccond NIC alsso provides resilience.
r Hoowever, onlyy one link (NIIC) in the bo
ond is
active and
d the other reemains unused unless traaffic fails oveer to it.

If you bo
ond a manageement interfaace, a single IP
I address is assigned to the bond. Th
hat is, each N
NIC
does not have its own
n IP address; XenServer treats
t the twoo NICs as onne logical con
nnection.

Note: Wh hile NIC bon

nding can provide load balancing for traffic from multiple VM
Ms, it cannot
provide a single VM with
w the thro oughput of tw
wo NICs.

The illusttration that fo

ollows shows how the caables and netw
work configuuration for th
he bonded N
NICs
have to match.
m

This illustrration shows hoow two NICs in

i a bonded paair use the samee network settinngs, as represennted by the netw
works
in each hosst. The NICs ini the bonds connnect to differennt switches for redundancy.

Page 24
Connec
cting a VM
M to a Nettwork usin
ng Virtual Interface
es
Virtual machines
m conn nect to a netwwork througgh a virtual innterface on thhat particularr network.
XenServeer sends the VM’s
V traffic through the target netwoork’s associatted NIC. By default, when n you
create a VM
V in XenCeenter, XenSeerver creates a virtual inteerface conneccting the VM M to Networkk 0.
This conffiguration letts VMs connect to an external networrk through thhe NIC attach hed to Netwwork
0.

You needd a virtual intterface on a VM

V for each separate phyysical networrk to which yyou want to
connect it.
i In environ nments that connect
c to on
nly one physiical network,, the virtual iinterface
XenCenteer creates byy default when n you create a VM may bbe sufficient ffor your needds. Howeverr, if
you need a VM to con nnect to mulltiple physicaal networks, yyou must creeate a virtual interface forr each
one of th
hose networkks.

This illustrration shows hoow VMs requiire a virtual intterface for each physical netwoork to which thhey need to connnect.

Page 25
Some add
ditional pointts about virtuual interfacess:

 Most,
M ne virtual inteerface. (If an administrato
but nott all, VMs havve at least on or accesses a VM
only through XenCenter,
X the
t VM doess not need a vvirtual interfface.)

 Each
E virtual in
nterface musst have a “virrtual” MAC aaddress. Youu can configuure XenServeer to
geenerate thesee automaticallly for you (reecommendedd) or specifyy them manuaally.

 When
W you creeate a networrk in XenCennter, you can specify if yoou want XenC
Center to creeate a
new virtual interface for th
hat network automatically
a y, whenever yyou create a VM.

 Unlike
U for thee physical and
d infrastructuure layers, thhe networkingg configuratiions on VMs do
not need to match
m other VMs
V in the po ool.

Understtanding Vir
irtual MAC
C Addressin
ng

Just like NICs

N in the physical
p worlld, each virtuual interface m
must have itss own (virtuaal) MAC adddress.
When youu create a virrtual interface, you can either specify a MAC addrress manuallyy or let XenServer
generate one for you.

When XeenServer generates MAC addresses auutomatically, it generates llocally adminisstered addressess.
Locally ad dministered addresses
a aree addresses assigned
a to deevices by a uuser, which tyypically lack
manufactturer-specificc encoding. As A a result, thhey do not coontain a mannufacturer-specific
Organizatiionally Uniquee Identifier (OU UI). Typicallyy, manufactuurers “burn-iin” MAC adddresses in wh hich
the first three
t octets in
ndicate which company manufactured
m d the device.

This meaans that the MAC

M addressses XenServeer generates w
will not clashh with addressses from harrdware
devices on
o your netwo ork.

XenServeer generates a MAC addreesses at random based onn the random m seed in the VM.other-
config:mac--seed parameter of the VM
M and the devvice number of the virtuaal interface (aa sequence
number forf the VIF: 0…6).
0

A particuular combinattion of a MA AC seed and device

d numbber always ressults in the saame MAC
address. Consequently
C y, if you remove a virtual interface froom a VM andd recreate it llater, the new
w
virtual intterface typicaally gets the same
s MAC asa before.

XenServeer preserves MAC

M addresses when miigrating VMss. However, w when you copy or clone V
VMs,
the VM receives
r a new
w random MAC
M address seed and thee virtual interrfaces get new
w MAC addrresses
based on that seed.

Tip: To obtain
o the MAC
M address of a XenServver VM in X
XenCenter, seelect the VM’’s Network ttab,
select thee virtual interrface, and clicck Propertiees.

Page 26
Segreg
gating VM Traffic fro
om Management a
and Storag
ge Traffic
You can separate each h type of trafffic –VM, sto
orage, and maanagement trraffic – onto
o its own netw
work
for eitherr security or performance
p e reasons.

For mostt environmen nts, Citrix reccommends seegregating VM traffic froom managem ment traffic ass the
best practice. Not onlly does it incrrease the seccurity of the m
managementt network, it can improvee
performaance by reduccing competiition between n traffic types for networrk resources, reducing
potential collisions, an
nd reducing thet load on the
t primary m management interface.

There aree a variety off ways in whicch you can seeparate traffiic, including::

 Seeparating all types of trafffic from each

h other. For example, puutting the virttual machines on
a network nott used for sto orage or man nagement trafffic.

 Seeparating thee managemen

nt traffic from
m the VM annd storage traaffic.

Howeverr, VMs will only use a NIC

C for VM traaffic if they hhave a virtuall interface on
n the same
network as
a the NIC. The
T illustration that follows shows thhe best practicce example o of how you m
might
separate traffic.
t

This illustrration shows hoow NICs that are not designaated for managgement or storagge traffic only ccarry VM traffffic.

While sepparating trafffic is a best practice in largger environm

ments, it is noot an absolutte requiremen
nt for
all enviro
onments. In smaller
s enviro
onments, youu may want tto configure VMs to sendd their trafficc on
the manaagement netw work. Howevver, Citrix reccommends evvaluating thee performancce of this
configuraation regularlly.

Page 27
The scenarios that folllow illustratee both of theese concepts:: separating ttraffic and sending traffic over
NICs shaared by multiiple networkss.

Scenarrio 1: Segregating Traffic

T
In this scenario, an ad
dministrator wants
w a dediccated networrk for managgement and sstorage trafficc. To
do this, th
he administraator:

 Attached
A the network
n cablles coming frrom the NIC Cs to a switchh for a netwo
ork to be useed for
VM
V traffic, whhich is physiccally isolated
d from the stoorage and maanagement n networks

 Created
C virtuaal interfaces on
o the same networks as the NICs

ollows shows these segreegated networrks.

The illusttration that fo

This logicaal illustration shhows segregatedd guest, storage,, and managem

ment networks. In this scenariio, all the VM Ms
using netwoork 2 can comm municate with each other becaause they are coonfigured to usee the same (corrresponding) NIIC
bond on thheir respective hosts and that bond
b connects too the same physsical network. L Likewise, the ttwo VMs connnected
to network 3 can communnicate with eachh since the corre responding NIC C 7 on each host connects to tthe same physiccal
switch.

As shownn in previouss illustration, not all NICss have virtuall interfaces aassociated witth them. If yyou
do not co
onfigure a virrtual interfacee connectingg to the manaagement netw work, the maanagement N NIC
becomes dedicated foor managemeent traffic. Fo or example, inn the previouus illustration
n there are N
NICs

Page 28
connected d to the man
nagement and
d storage nettworks that ddo not have ccorrespondin
ng virtual
interfacess.

Note: Cittrix does nott recommendd assigning IP

P addresses ((that is, creatting managem
ment interfacces)
for each NIC
N on yourr host. Ideallyy, Citrix doess not recomm
mend using aany NICs witth IP addressses
assigned to
t them for VMV traffic.

Scenarrio 2: Usin
ng the Managemen
nt Networkk for VM T
Traffic
In enviro
onments withh minimal seccurity requireements, you ccan configuree VMs to shaare the
managem ment or storagge networks.
In this exxample, the organization
o uses
u the man
nagement nettwork for tw
wo purposes:

 XenCenter
X can connect to
o the management networrk through thhe primary m management
in
nterface on th
he pool mastter. This is beecause of thee IP address on that NIC. Likewise, h
hosts
an
nd other commponents, suuch as Worklo oad Balancinng, can use thhe connection
n to
co
ommunicate with XenSerrver.

Note:
N XenCenter only commmunicates with
w the poool master andd not any member serverss.
Sp
pecifically, XenCenter
X on
nly connects to the IP adddress of the m
master’s prim
mary management
in
nterface.

 VM
V traffic is also
a sent on this
t managem ment networrk. This is thee default con nfiguration an
nd
reequires no ch
hanges. To reevert to this configuration
c n, create a virrtual interfacce on the VM
M and
sppecify the VM
M network th hat is sharingg the manageement networrk.

This conffiguration letts (1) XenSerrver use the NIC

N configurred as the prrimary managgement interfface
to communicate with other hosts and (2) VMss transparentlly forward guuest traffic onto that netw
work
and back.

Howeverr, this configuuration has security implications. Worrkstations hoosting XenCeenter and
XenServeer hosts usingg this managgement netwo ork can comm municate witth each otherr because theey are
on the same network. This makes the managem ment networrk, which ultiimately manaages the harddware
layer and controls thee hypervisors themselves, vulnerable to any attackss originating from the VM Ms.
For exammple, if the VMMs host Web b servers, anyy successful attacks originnating from outside the
organizattion can poteentially penetrate your enttire virtual innfrastructure – or all infraastructure on the
targeted pool.
p

In contraast, scenario 1 on page 28 separates th network, which

he VM trafficc from the management n
confines any successfuful external atttacks to the guest network.

The follo
owing illustration shows some VMs seending their V
VM traffic ovver the manaagement netw
work.

Page 29
This logicaal illustration shhows how the administrator
a coonfigured the vi
virtual interfacees on VM 1 annd VM 3 to seend
their trafficc across the maanagement netw
work.

Note: Virtual interfacces appear differently in Linux

L and Wi
Windows VMss:

 n a Windowss VM, the iniitial Windows installationn has an emullated network device thatt uses
In
a built-in driveer.

 In
n a Linux VM
M, the NIC appears
a as a standard
s Linuux network ddevice and usses the high-
sp
peed Xen parravirtualized network drivver.

After youu install the XenServer

X To
ools (for Win
ndows guestss), Windows also uses higgh-speed
paravirtuaalized network drivers.

Scenarrio 3: Isola
ating VM Traffic
T on a Private
e Networkk
You migh ht have speciific types of workloads
w th
hat require isoolation. For eexample, in eenvironmentts
with tech
hnically savvyy workers, yoou might not want serverss with confiddential emplo oyee data on the
same netw work as reguular VM traffi
fic. XenServeer lets you seggregate traffiic by creatingg two types o
of
private neetworks: singgle-server priivate networkks and cross--server privatte networks.

Private neetworks do not

n have an uplink
u or a ph
hysical NIC. Private netw works connecct VMs on thhe
same Xen nServer host or the same resource poo
ol. In a privaate network, V
VMs can onlly communiccate
with VMss on the samme switch on the
t same hosst. In the case of cross-seerver private networks, V
VMs
can only communicatte with VMs on the same vSwitch.

Page 30
Essentiallly, a private network
n funcctions like an
n isolated local area netwoork that is local to either a
host or a group of hosts (pool). Th his results in higher speedd networks ssince responsses between V VMs
are based
d on the storaage speed and d not limitedd by the netwwork bandwiddth or bottlen necks.

Due to th
he speed, lab machines an
nd test enviro
onments are a good use ccase for privaate networks..
Creating private netw
works might also
a be desiraable for thesee reasons:

 Security. Singgle-server and d cross-serveer private nettworks can leet you isolatee VMs from o other
network traffiic (almost like creating a virtual
v “stovee pipe”). Privvate networkks and cross-
seerver private networks are completelyy isolated from m regular neetwork trafficc. VMs outsidde of
he private network canno
th ot sniff or injeect traffic intto the netwoork, even if booth sets of V
VMs
arre on the samme physical server and thee virtual interrfaces on both sets of VM Ms transmit
trraffic across virtual
v interfa
faces connectted to a netw work on the ssame underlyying NIC.

 Faster
F trafficc for connections betweeen VMs on the same h host. Becausee VMs do not
need to interaact with regullar network and
a switches,, they can traansmit trafficc faster to eacch
other.

Private neetworks provvide connectiivity only bettween VMs oon a given X XenServer host and do no ot
have a co
onnection to the outside world.
w Netwo orks with a NNIC (PIF) association aree considered
external: they providee a bridge bettween virtuall interfaces annd the NIC cconnected to
o the networkk,
enabling connectivity to resourcess available thrrough the NIIC.

Note: In previous XeenServer releaases, single-sserver privatee networks w

were known aas internal
networks.

To createe a cross-servver private neetwork, all po

ool servers m
must use the O Open vSwitcch for networking
and the pool
p must havve a vSwitch Controller configured.
c F
For informatiion about co onfiguring thee
vSwitches, see the XenServer Adminnistrator’s Guiide. Configuriing the vSwitch Controlleer is done ouutside
of XenCeenter and desscribed in thee XenServer Distributed
D Virrtual Switch C
Controller User Guide).

Note: Too use cross-seerver private networks, alll the pool seervers must bbe running X
XenServer 5.66
Feature Pack
P 1 or greater.

Isolating
ng VM Trafffic on Onee Host

If you havve some VM Ms on one host that you dod not want oon your organnization’s neetwork, you ccan
create a siingle-server privvate network. This
T is an intternal networrk that has no association
n with a physsical
network interface.
i It only
o connectts the virtual machines onn the host annd has no con nnection to tthe
outside world.
w

ollows shows a private neetwork confiigured on onne host.

The illusttration that fo

Page 31
This illustrration shows hoow the virtual interfaces
i on thhe VMs are onn the single-servver private netw
work. This netw
work
does not haave any connectt to any NICs since all trafficc is sent inside tthe XenServer host.

To createe a single-servver private network that is

i isolated froom the exterrnal network,, you

1. Create
C a singlee-server private network in XenCenteer.
In
n XenCenterr, select the host
h in the Reesource panee. Click the N
Network tab. Click Add
Network
N and
d then select Single-Serve
S er Private N
Network.

Unlike
U when you
y create exxternal netwo
orks, XenCennter does nott prompt youu to specify a
NIC
N when you create privvate networkss. This is beccause private networks do
o not require a
NIC
N for conn nectivity.

2. Create
C a virtuaal interface on
o each VM that
t specifiess the new priivate networkk.

Iff you want to

o isolate the VMs’
V traffic completely, iif necessary, remove any virtual interffaces
on the VMs th hat are on ann external nettwork.

Note: To o create crosss-server privaate networks, see CTX1227585 – XenSServer 5.6 Featture Pack 1 vSSwitch
Controller User Guide.

Scenarrio 4: Connecting VMs

V to Mu
ultiple Linkked VLAN
Ns
Many orgganizations to
oday configuure VLANs to o logically seeparate their pphysical netw
works for eith
her
performaance or securrity reasons. If
I your organ
nization has VVLANs, youu might want to connect yyour
VMs to one
o or more VLANsV on your
y networkk.

Page 32
To conneect a VM to a VLAN, youu must createe a network ffor the VLAN N and then cconnect the V
VM
to that neetwork. To perform
p this configuration
c n, you create a separate exxternal netwo
ork for each
VLAN an nd then creatte a virtual in
nterface on th
he VM for eaach of these nnetworks.

This illustrration shows hoow VMs requiire a separate virtual

v interfacee for each netwoork to which yoou want to connnect
them, incluuding VLANs Ns. In this exam
mple, VM 2 coonnects to Netwwork 0 throughh Virtual Interf rface 2 and to
VLAN 58 5 through Virrtual Interface 3. As shown by VM1 and N NIC1, multiplle networks cann connect out thhrough
one NIC.

While truunk lines from

m the physicaal switch can
n contain mulltiple 802.1q VLANs, XeenServer does not
let you coombine multiiple VLANs in one XenSServer networrk. This meaans that to lett a VM connnect
to multip
ple VLANs yo ou must either (a) create a separate neetwork in XeenServer for each VLAN or
(b) createe a XenServerr network fo
or a VLAN th hat can accesss all of the ddesired VLAN
Ns.

Page 33
In the illuustration thatt follows, thee VMs conneect to a VLAN
N through a trunked switch port.

This illustrration shows hoow VMs on thhe host connect to an external network that tthe administrattor configured tto
connect to VLAN
V 485 and VLAN 234. 2 To achievve this, the adm ministrator creaated an externaal network thatt uses
NIC 5 to connect to a truunked switch port
p that includdes VLAN 4885 and a seconnd external netw work that also uses
NIC 5 to connect to VL LAN 234. The administratorr ran a cable frfrom the VLA AN trunk port to NIC 5.

Connecting a VM to a VLAN requuires that youu:

1. Create
C a physiical connection between the
t correspoonding NIC oon each host and the VLA
AN
trrunk port forr that VLAN on the switcch.

For
F example, if you conneect NIC 7 on n the XenServver pool masster to a VLA
AN trunk porrt on
th
he switch witth access to VLAN
V 485, you
y must runn a cable fromm NIC 7 on all other hossts in
th
he pool to a similarly
s configured VLAAN trunk porrt on the sam
me switch, whhich can acceess
VLAN
V 485.

Page 34
 2. Enable
E XenSeerver to conn nect to a speccific VLAN oon the switchh by creatingg an external
network speciifying that VL
LAN tag.

This
T means crreating an extternal network on the XeenServer poool master andd specifying tthe
VLAN
V tag wh
hen you creatte the networrk.

Inn XenCenterr, select the pool

p (<your-poool-name>) inn the Resource pane, click the Netwo ork
taab, and click the Add Neetwork butto on. In the Neew Network w wizard, selecct External
Network.
N Onn the Locatioon page, speccify the NIC
C you physicaally connectedd to the switch
annd enter the VLAN tag forfo the VLAN N in the VLA AN box.

In
n the XenSerrver CLI, youu can use thee pool-vlan-ccreate xe commmand to crreate the VLA AN
on all hosts in
n a resource pool.
p For moore informatiion, see the X
XenServer Adm
ministrator’s G
Guide.

After
A you creaate the netwo
ork for the VLAN
V on thee pool masterr, XenServerr configures tthe
NICs
N on all th
he other hostts so that thee correspondiing NIC on eeach host

Note:
N The nuumbers of VL
LAN tags muust be betweeen 0 to 4094.

3. Connecting
C th
he appropriatte VMs to th
he VLAN by configuring a virtual inteerface that po
oints
to
o that networrk on each VM
V you want to be able too connect to the VLAN.

Inn XenCenterr, this is donee by selectingg the VM in tthe Resourcee pane, clickin
ng the Netw
work
taab, and clickiing Add Inteerface and th hen specifyinng the VLAN
N network wh hen you creatte the
in
nterface.

Again, beecause netwoorking is a po

ool-level featuure, if you coonnect one hhost to a VLA
AN, you musst
connect all
a hosts in th
he pool to the VLAN. Th his means thaat you must pphysically connnect the
corresponnding NIC on
o each host to the VLAN N port on thee switch.

In the illuustration thatt follows the VMs on muultiple hosts inn a pool connnect to a VL
LAN through
ha
trunked switch
s port.

Page 35
This illustrration shows hoow, because XeenServer autom
matically synchrronizes the netwwork settings inn pools so that they
match, NIIC 7 on all hossts in the pool will
w be configurered with the samme network andd VLAN setttings as NIC 7 on
the pool maaster. However,r, for the VMs on the memberr servers to be aable to connect to the VLAN N, the administtrator
must also physically
p conneect NIC 7 on each
e host to a trunk
t port on tthe switch thatt can access VLLAN 485.

Before co
onfiguring a VLAN,
V ensuure the switch
h on your VL
LAN networkk is configurred as followss:

 The port
p on the sw
witch conneccted to each XenServer hhost must be configured aas trunk portt.

 The port
p on the sw
witch must be
b configured
d for 802.1q encapsulatioon.

 Port security
s cann
not be set on the trunk po
ort.

 The port
p designatted as trunk should
s be asssigned a nativve VLAN; use 1 as defauult.

XenServeer lets you create multiplee networks an

nd VLAN neetworks on thhe same NIC C. XenServerr
does not limit the num
mber of VLA ANs you can connect to V
VMs. Insteadd, the limit co
omes from thhe
Page 36
802.1q standard is 40996. You add an external network
n for eeach VLAN to the host aand then con
nnect
the VMs to the VLAN Ns by specifyying that netw
work in the VVM’s virtual interface.

Note: If a Native VL
LAN is used on
o the switch
h trunk port, then you cannnot assign tthat VLAN
number to
t a VM on the
t XenServeer.

For an exxample of a tested

t workin
ng model of a VLAN connfiguration, ssee CTX1234489 -- XenSerrver
VLAN Networking.
N For more infoormation aboout configurinng VLANs oon your switcch and 802.1qq
support, see the documentation foor your switcches.

Tip: To verify
v that yo
ou have confi
figured the XenServer
X hosst to commuunicate acrosss the correct
network, you can use the packet sn
niffing softw
ware includedd with your N
NICs to captuure and displlay
the VLANN tags that are
a transmitteed across the switch to thhe XenServerr.

Creating
g VLANs on
o Bonded
d Networks

XenServeer supports connecting

c to
o VLANs fro NICs. To do so, do the fo
om bonded N ollowing:

1. Bond
B the two NICs togeth C bond appeaars as a bonded
her. After you have done so, the NIC
network in XeenCenter.

2. In
n XenCenterr, for examplee, create an External
E Neetwork speciifying the folllowing:

a) The VLAN’s
V tag

b) The NIC
N bond as the NIC

You mighht want to nam

me this exterrnal networkk the same naame as the VL
LAN (for
example, VLAN
V 25).

3. When
W you creeate the virtual interface for
f the VM, sspecify the exxternal netwo
ork with the
VLAN
V tag as the network.

Creating
g VLANs on
o the Prim
mary Manag
gement Int
nterface

You can have

h a singlee VLAN on the
t primary management
m interface, annd this VLAN
N can be on an
access po
ort. If you waant to use a trunk,
t either you define a default VLA AN on that trunk and thee
managem ment interfacee can use thaat or you makke the port a full access pport.
XenServeer 5.6 Featuree Pack 1 doees not supporrt having a V
VLAN trunk port on the p
primary
managem
ment interfacee.

Page 37
 Versio
on Histo
ory

Revision
n Date Comments

1 Decemmber 30, Initial release.

2010

2 Feb 25, 2011 Added infformation ab out VLANs,, MAC addreesses, and sin ngle-
server privvate networkks. Added inttroductory ch hapter. Stylisttic
changes. Clarity
C improovements to iillustrations. Fixed broken n
cross-referrence.

Page 38
About Ciitrix

Citrix Sysstems, Inc. (N

NASDAQ:CT TXS) is the leading
l proviider of virtuaalization, netw
working andd
software as a service technologies
t for more thaan 230,000 oorganizations worldwide. Its Citrix
Delivery Center, Citriix Cloud Cen nter (C3) and Citrix Onlinne Services product famillies radically
simplify computing
c fo
or millions off users, delivvering applicaations as an oon-demand sservice to anyy
user, in an
ny location on
o any devicee. Citrix custo omers includde the world’’s largest Inteernet compannies,
99 percen nt of Fortunee Global 500 enterprises, and hundredds of thousannds of small businesses and
prosumerrs worldwidee. Citrix partn ners with oveer 10,000 com mpanies worl rldwide in mo ore than 100
countries. Founded in n 1989, annuaal revenue in n 2008 was $11.6 billion.

©2010-20011 Citrix Syystems, Inc. All

A rights reseerved. Citrix® ®, Access GGateway™, Branch
Repeater™™, Citrix Reepeater™, HD DX™, XenSServer™, XennApp™, XennDesktop™ and Citrix
Delivery Center™ aree trademarks of Citrix Sysstems, Inc. annd/or one or more of itss subsidiaries, and
may be reegistered in the United Sttates Patent and
a Trademaark Office annd in other co ountries. All other
trademarkks and registered trademaarks are prop perty of theirr respective oowners.

Page 39