| |
Currently virtualized applications more widely, in general, a physical host after installing VMware ESXi or Hyper-V virtual machine software, you can create multiple virtual machines on a single physical host, with each virtual machine can be created as Like the original physical external services, which will undoubtedly be able to take full advantage of server resources, to save power, space-saving purposes. But most of my friends are using a virtual machine, when there is a question: is the physical host performance is already high enough, generally configured with 64GB of memory, CPU host two 6 core intel, you can create 30 to 60 virtual machine. But the physical host configuration generally only 2 to 4 cards, each card connected to a network segment only. The corporate network may be divided into multiple VLAN, so how can these virtual machines use different flexible segment address? To solve this problem, we need to make a "virtual switch supports VLAN", This paper describes the content in this area.
1 Experimental Environment Overview
If you want the virtual machine in VMware ESXi, create, you need to use a different network address, it is necessary in vSphere virtual switch, modeled on the physical switch, a virtual division of VLAN ports.
VMware Workstation, VMware ESXi virtual machine software, can simulate multiple computers "virtual" on a single physical machine, virtual switch also similar. Bind virtual switch physical network card, a "virtual computer" via "virtual switch" and "virtual machine port group" to "virtual switch" and then through the physical NIC on the host computer and other networks bound to a virtual switch, virtual machine communication. Each virtual switch can be bound to one or more physical network interface card (NIC not bound physical virtual switch can not communicate directly with the host network).
Physical NIC binding properties of the virtual switch is connected to the switch port, it determines whether a virtual switch can be divided VLAN. In simple terms, if the physical NIC is connected to a common switch, or connect to an Access Layer Switch port (ie, ordinary divided VLAN port), then the physical NIC teaming virtual switch can be set to the Access port specified VLAN; if the physical NIC is connected to three switches Trunk port, you can divide the virtual switch and physical network adapter that is bound (or add) a virtual machine port groups each port group can be divided or added specify a VLAN, and connected by three switches, and other computer communications networks. By following a specific examples are introduced.
To implement VLAN function in the virtual switch, you need to network with the use of three switches
We have a three-tier exchange, a server with two network cards. In the three switches, divided VLAN2001, VLAN2002, VLAN2003, VLAN2004, VLAN2005, VLAN2006 total of six VLAN.
Three switches divided VLAN, and gateway address
VLAN
View Address
Gateway Address
VLAN2001
172.18.91.0/255.255.255.0
172.18.91.254
VLAN2002
172.18.92.0/255.255.255.0
172.18.92.254
VLAN2003
172.18.93.0/255.255.255.0
172.18.93.254
VLAN2004
172.18.94.0/255.255.255.0
172.18.94.254
VLAN2005
172.18.95.0/255.255.255.0
172.18.95.254
VLAN2006
172.18.96.0/255.255.255.0
172.18.96.254
The main three switches configuration parameters are as follows:
< 3526b> disp curr
#
sysname 3526b
#
dhcp-server 1 ip 172.18.96.1 172.18.96.5
#
vlan 2001
vlan 2002
vlan 2003
vlan 2004
vlan 2005
vlan 2006
interface Vlan-interface2001
ip address 172.18.91.254 255.255.255.0
dhcp-server 1
#
interface Vlan-interface2002
ip address 172.18.92.254 255.255.255.0
dhcp-server 1
#
interface Vlan-interface2003
ip address 172.18.93.254 255.255.255.0
dhcp-server 1
#
interface Vlan-interface2004
ip address 172.18.94.254 255.255.255.0
dhcp-server 2
#
interface Vlan-interface2005
ip address 172.18.95.254 255.255.255.0
dhcp-server 1
#
interface Vlan-interface2006
ip address 172.18.96.254 255.255.255.0
dhcp-server 2
#
interface Ethernet0 / 1
port access vlan 2001
#
interface Ethernet0 / 2
port access vlan 2001
#
interface Ethernet0 / 3
port access vlan 2002
#
interface Ethernet0 / 4
port access vlan 2002
#
interface Ethernet0 / 5
port access vlan 2003
#
interface Ethernet0 / 6
port access vlan 2003
#
interface Ethernet0 / 7
port access vlan 2004
#
interface Ethernet0 / 8
port access vlan 2004
#
interface Ethernet0 / 9
port access vlan 2005
#
#
interface Ethernet0 / 14
port access vlan 2006
#
interface Ethernet0 / 15
port access vlan 2006
#
interface Ethernet0 / 16
port access vlan 2006
#
interface Ethernet0 / 23
port link-type trunk
port trunk permit vlan all
interface Ethernet0 / 24
port link-type trunk
port trunk permit vlan all
interface GigabitEthernet1 / 1
#
Trunk another network card to connect to the switch; on this server installed on VMware ESXi 5.1, the first card of this server to connect to an Access port, the port is divided into VLAN2006, while this card is set up management address 172.18.96.11 port (connected to the switch 23 or 24-port).
Next we look at how to enable VLAN function for a virtual switch, and assign it to a virtual machine.
Trunk port 2 is connected to the network card to add a virtual switch
Use the vSphere Client to connect to the VMware ESXi Server, in the "Configuration -> Network", you can see, it is only one virtual switch, and assigned to the virtual switch management address 172.18.96.11
(1) Click the "Add Network" link to enter the "Add Network Wizard" dialog box, select the "virtual machine" in the "Connection Type".
(2) In the "Virtual machine - Network Access" dialog box, select "Create a vSphere standard switch," and select a second network card (NIC that is connected to the Trunk switch ports)
(3) In the "Port Group Properties" option group, in the "Networks tab" is added at the first available VLAN tags, add this VLAN2001, enter the corresponding VLAN in "VLANID" text box, in this case 2001
(4) In the "Ready to Complete" dialog box displays the virtual machine port group you want to add.
Return to the vSphere Client console, you can see, we have added a second standard switch. In this standard only VLAN2001 switch a virtual machine port group.
3 Add the virtual machine port group for other VLAN
In the previous operation, at the same time create a virtual switch, has been added virtual machine port group VLAN2001, the next step is to add a virtual machine port group VLAN2002 ~ VLAN2006, to add VLAN2002 example, other similar.
(1) Select the second virtual switch, click the "Properties" link to open the "vSwitch1 Properties" dialog box, click "Add" button.
(2) Select the "virtual machine" in the connection type.
(3) In the "Port Group Properties" in the "Networks tab" to add VLAN2002, in "VLAN" text box corresponding VLAN2002.
(4) In the "Ready to Complete" dialog box, click "Finish" button to finish adding the virtual machine port group.
(5) to return to the "vSwitch1 Properties" dialog box, then click the "Add" button, and continue to add other virtual machine port group, which can refer to (1) to (4) step, followed VLAN2003 ~ VLAN2006 add these It does not describe. When all of the virtual machine port group addition is complete, click "Close" button to return.
Return to the vSphere Client console, you can see the case of two virtual switches.
4 verification in a virtual machine
After the virtual machine, the virtual machine is allocated to the corresponding virtual machine port group, which is assigned to the specified VLAN. Here verified by experiments.
(1) start a virtual machine, and modify the virtual machine properties, the first network to modify the label VLAN2001.
4 verification in a virtual machine
(2) into the virtual machine, view the current network configuration. We can see that the current computer to obtain the IP address 172.18.91.200, which is in accordance with Table 4-1 assignment (network is configured with DHCP server).
(3) and then use the ping command to test connectivity to other network segments, you can test the DHCP server 172.18.96.1 connectivity. Can be seen from the figure, the test was very successful!
(4) and then the virtual machine's network to another network segment, such as VLAN2005.
(5) again to enter the virtual machine, and then enable the NIC is disabled, re-enter the command prompt to view the current address is the address VLAN2005 and use the ping command to test to see from the figure, the test is still a success.
[Note] can also be connected directly to ESXi LAN switch port is set to "Trunk", and then set the VLAN is also possible in the management of addresses. |
|
|
|