XenServer VLAN Networking

This article provides information on the network functions for VLANs on the XenServer platform.

Background

Citrix XenServer connects to a switch trunk port when you want to use VLANs. VLANs allow a network administrator to segregate traffic for bandwidth or security purposes.
The following are a few good to know topics, but not mandatory:

• Network Fundamentals

• Citrix XenServer Administration Knowledge

• Cisco IOS Switch Familiarity

• Windows Server 2003 Networking Skills

Components and Definitions

The following components and acronyms are used throughout this article:

• XenServer - The host machine running XenServer software.

• Virtual Machine (VM) - Software implementation of a computer.

• Network Interface Card (NIC) - Physical network interface card attached to the host.

• Switch - Device used to join multiple computers together.

• Trunk Port - Port designated to handle many VLANs.

• Virtual LAN - Group of hosts with a common broadcast domain.

XenServer Networking

Refer to the XenServer Administrators Guide for creating VLANs networks through XenCenter. XenServer allows a single physical network to support multiple logical VLAN networks used as broadcast domains.

Creating a VLAN in XenServer is done through the process of creating additional virtual interfaces that correspond to a specific VLAN tag. This is done through the XenCenter Host Network tab by adding an External network name and assigning an NIC with a VLAN number.

Assign the XenServer Virtual Machines to a specific VLAN by adding the VLAN network created for the host.
Configuring the XenServer management interface on a VLAN network is not supported. Set the VLAN  on the switch as shown in the following screen shot.

 
To configure the switch on a VLAN network, you must configure it as follows:

• Port connected to XenServer on the switch must be configured as trunk port.

• Port on the switch must be configured for 802.1q encapsulation.

• Port security cannot be set on the trunk port.

• Port designated as trunk should be assigned a native VLAN; use 1 as default.
  Note: If a Native VLAN is used on the switch trunk port, then you cannot assign that VLAN number to a Virtual Machine on the XenServer. Refer to the following example for a working tested model.

Example Cisco Configuration

The following is a lab setup for a XenServer to support VLANs with a Cisco 2950 Catalyst switch:

• Server running XenServer

• XenServer has two physical NICs (Network Interface Cards) installed on the XenServer (eth0 and eth1)

• Cisco Catalyst 2950 configuration displayed

• One port (Port 4) on switch is used for management and second (Port 9) is being used as trunk port

 
Using XenServer, the WinSrv2003 Virtual Machine to VLAN 181 is isolated with the following example.

In XenServer (Fig. 1), there were two physical network interfaces labeled eth0 and eth1. The NICs are used for two different functions; management communication and VLAN 181 traffic. A Windows 2003 Virtual Machine was built with a VLAN network created on the host labeled New Network that is assigned VLAN 181. Upon creation of the network and a dedicated NIC the XenServer application automatically configures the appropriate bridge (Fig. 2) by adding the interface eth1.181 that is designated for VLAN 181.
Using bridges, XenServer can communicate with VLANs in a production environment by creating bridges to correspond to each physical interface and mapping it to the appropriate VLAN.
It is possible to capture the VLAN tags that are transmitted across the switch to the XenServer with the use of packet sniffing software with NICs that allow VLAN tags to be displayed.