Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10687
Views
10
Helpful
6
Replies

Vlan trunking to servers ! good or a bad idea ?

Go to solution
manish arora
Level 6
Level 6

‎05-09-2011 04:20 PM - edited ‎03-06-2019 04:58 PM

Hi Experts,

Recently I was asked  by some System Admins  to trunk vlans to Virtual Host machines ( with around 8-10 Virtual Xen machines ) on it , so I was wondering is it a Good Idea or a Bad ? I am enviroment is very simple (  i like keeping things normal  ) , I have two core switches connecting rack ( access ) switches in a more of collapsed core design with links coming both core switches to each access switch and one of the uplink is blocked as per RSTP. Now with around 30 Vlans in the whole enviorment , would it be a good idea to to have trunk links spanning all vlans  to the servers ( around 100 ) ?

I already said no for the time being to system admin on the following reasons :-

1> If we are going to Span all vlans to the servers , then why not just have a single vlan since the whole purpose of vlan is to limit the amount of chatter in a subnet.

2> It creates more complexity in the network and will make things harder to troubleshoot.

Is there any other reason why this shouldn't be done or why this should infact be done ?

Thank you.

Manish

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎05-09-2011 05:42 PM

Hi Manish,

It is very common these days to trunk to the servers in VM environment. Usually the virtual servers keep the management in one vlan and the data in a different vlan.  Some times you also have to add native vlan for PIX booting, if the servers guys use it to load OS into virtual servers.  Also, in order for the cluster failover and Vmotion to work correctly, devices have to reside in the same vlan. If you can, try to separate switches used in virtual environment from switch used to connect to regular server, so you don't have to span the vlan to all switches.

Good Luck

Reza

View solution in original post

Go to solution
Bert Gevers
Cisco Employee
Cisco Employee
In response to manish arora

‎05-10-2011 03:49 AM

Hello Manish,

using a trunk port to a host/server is something common.

Basically, the reason for using it would be to allow different virtual machines on the host to communicate on different vlans.

It does not matter if they are using VMWare or any other software (like xensource) for the virtualization.

So, for your guys, they want to run DB Servers in one vlan and webservers in another.  Therefore, their use of a trunk towards the host is perfectly valid.

HTH,

Bert

View solution in original post

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP

‎05-10-2011 05:34 AM

For me is a good idea, but a 1 best pratice is restrict your trunk interface:

For example

Server vlan 1

Server vlan 2

conf t

switchport mode trunk

switchport trunk encapsulation dot1q ---- for layer 3 switches ----

switchport trunk allowed vlan 1,2  ---- for add more vlan in hot you must use .... switchport trunk allowerd vlan add

shut

no shut

end

good luck.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎05-09-2011 05:42 PM

Hi Manish,

It is very common these days to trunk to the servers in VM environment. Usually the virtual servers keep the management in one vlan and the data in a different vlan.  Some times you also have to add native vlan for PIX booting, if the servers guys use it to load OS into virtual servers.  Also, in order for the cluster failover and Vmotion to work correctly, devices have to reside in the same vlan. If you can, try to separate switches used in virtual environment from switch used to connect to regular server, so you don't have to span the vlan to all switches.

Good Luck

Reza

Go to solution
manish arora
Level 6
Level 6
In response to Reza Sharifi

‎05-09-2011 06:31 PM

Thank you for replying Reza , but these guys do not use VMware , they use xensource , which doesn't come with fancy tools like Cluster failover or VM motion. The reason they gave me was that they need to have trunking only because they need to able build multiple virtual servers ( xensource ) that logical exists in different vlans. For example they have all DB servers in one vlan , all web servers in one vlan Just for what you call classification or access list purpose.

So , i still think It is a not a good idea since :-

1> You are using xensource and not vmware that have to have trunking to the Host server.

2> They never used it or have any experience with it in a production enviorment, which makes it really spectical for me.

If you could please let me , why and when this kind of enviorment is used , that I will be really helpful , I am going to read over why vmware needs that kind of set up and what bad things can happen with this.

Thank you.

Manish

0 Helpful

Go to solution
Bert Gevers
Cisco Employee
Cisco Employee
In response to manish arora

‎05-10-2011 03:49 AM

Hello Manish,

using a trunk port to a host/server is something common.

Basically, the reason for using it would be to allow different virtual machines on the host to communicate on different vlans.

It does not matter if they are using VMWare or any other software (like xensource) for the virtualization.

So, for your guys, they want to run DB Servers in one vlan and webservers in another.  Therefore, their use of a trunk towards the host is perfectly valid.

HTH,

Bert

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP

‎05-10-2011 05:34 AM

For me is a good idea, but a 1 best pratice is restrict your trunk interface:

For example

Server vlan 1

Server vlan 2

conf t

switchport mode trunk

switchport trunk encapsulation dot1q ---- for layer 3 switches ----

switchport trunk allowed vlan 1,2  ---- for add more vlan in hot you must use .... switchport trunk allowerd vlan add

shut

no shut

end

good luck.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
manish arora
Level 6
Level 6
In response to Julio E. Moisa

‎05-10-2011 08:44 AM

Thank you Guys ! I read a little more on this from vmware stand point of view, which clearly states that Vswitch can do dot1q + do not participate in STP which makes me a little more comfortable about it. I did found some what same stuff about Citrix Xenserver.

Still not sure about how and what does xensource virtual bridge would do about. But thanks to all of your replies, I will try to mock a test lab with complex STP setting and will go this a try in Lab before trying anything in the Production.

Thank you again

Manish

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to manish arora

‎05-10-2011 08:59 AM

Welcome,

You can use rapid-pvst  and the spanning-tree vlan 1,2,3.....command




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card