다음을 통해 공유


VLAN Tricks with NICs - Teaming & Hyper-V in Windows Server 2012

After I wrote my prior post on our new natively supported NIC Teaming in Windows Server 2012 and our FREE Hyper-V Server 2012 product, there’s been a ton of questions around how VLANs work with NIC Teaming and Hyper-V.  In this article, I’ll build upon my prior post and cover configuring VLAN traffic segregation for physical and virtualized workloads.

In addition, my friend and colleague, Kevin Remde, has written a great article on his "Full of I.T." blog that provides a detailed technical overview of NIC teaming features.  Be sure to check it out!

How do VLANs work with NIC Teaming?

When you create a NIC Team, a single team interface is defined with the name of the new NIC team. This team interface is used to present the teamed network adapters as what appears to be a single NIC to the IP stack in the operating system.  This team interface is configured for “default” mode which passes traffic from all VLANs.

Each NIC Team can include up to a total of 32 team interfaces – the additional team interfaces are intended for configurations in which you want to pull off traffic for a particular VLAN to another team interface that is presented to the server.  When additional team interfaces are created within a team, each additional interface is configured with a particular VLAN ID.  Once configured, any VLAN traffic that matches the VLAN ID of a team interface is segregated to that team interface.  All other VLAN traffic that doesn’t match the VLAN ID of a particular team interface will be passed to the original team interface operating in “default” mode.

NICTeamVLAN00

If you reconfigure the original team interface on a NIC team for a specific VLAN, such as VLAN 99 as shown in the second example above, instead of “default” mode, then any traffic destined for a VLAN that doesn’t match the VLAN ID on a specific team interface will be dropped (ie., sent to a black hole).

How can I add another Team Interface and VLAN to my NIC Team?

To add a new Team Interface to an existing team, launch the NIC Teaming wizard from the Local Server page in Server Manager, as instructed in Kevin’s prior post and follow these steps:

  1. Select your existing NIC Team in the “Teams” list box, and then select the “Team Interfaces” tab in the “Adapters and Interfaces” list box.  Click on the Tasks menu and click Add Interface.
     
    NICTeamVLAN01
     
  2. In the New team interface dialog box, type the VLAN ID to assign to the new interface in the Specific VLAN field and click the OK button.
     
    NICTeamVLAN02
     
  3. You will now see two team interfaces associated with a single NIC team – the original team interface still operating in “default” mode and the new team interface that is assigned to a specific VLAN ID.
     
    NICTeamVLAN03

Alternatively, the Add-NetLbfoTeamNIC PowerShell 3.0 cmdlet can be used to configure a new team interface on an existing NIC team using the following command line:

Add-NetLbfoTeamNIC -Team NetTeam01 -VlanID 56

Should I use VLANs with NIC Teaming in Hyper-V?

No. When using Hyper-V to virtualize workloads, our recommendation is to configure all VLANs for VMs within the Hyper-V Virtual Network Switch instead of configuring VLANs on team interfaces.  Taking this approach ensures that virtual machines are capable of being configured for any VLAN traffic that is passed to the NIC team and prevents confusing configurations that can occur when certain VLAN traffic is split off on a separate VLAN from the Hyper-V Virtual Switch.

To configure a particular VLAN ID for Hyper-V management traffic, specify that VLAN ID in the Virtual Switch properties in Hyper-V Manager using the Virtual Switch Manager dialog.

VLANHyperV00

To configure a particular VLAN ID for a virtual machine, specify that VLAN ID in the VM Network Adapter properties in Hyper-V Manager in the Settings of that virtual machine.

VLANHyperV01

How do I configure my network switch for VLANs with NIC Teaming or Hyper-V?

To setup your network switch for VLANs with NIC teaming, you’ll need to configure your teamed switch port and each underlying physical switch port for VLAN trunk mode.  Building on the network switch configuration example that I provided in my prior post, here are the additional configuration commands that I’ve used on one of my lab network switches:

kemlabsw01(config)# int port-channel1
kemlabsw01(config-if)# switchport trunk encapsulation dot1q
kemlabsw01(config-if)# switchport trunk allowed vlan all
kemlabsw01(config-if)# switchport mode trunk
kemlabsw01(config-if)# switchport trunk native vlan 2

kemlabsw01(config-if)# int gi0/23
kemlabsw01(config-if)# switchport trunk encapsulation dot1q
kemlabsw01(config-if)# switchport trunk allowed vlan all
kemlabsw01(config-if)# switchport mode trunk
kemlabsw01(config-if)# switchport trunk native vlan 2

kemlabsw01(config-if)# int gi0/24
kemlabsw01(config-if)# switchport trunk encapsulation dot1q
kemlabsw01(config-if)# switchport trunk allowed vlan all
kemlabsw01(config-if)# switchport mode trunk
kemlabsw01(config-if)# switchport trunk native vlan 2

Note that I’m using VLAN ID 2 as a special VLAN ID in the example above.  Normally, the native VLAN is the “default” VLAN which causes native traffic to be passed across a trunk port in an untagged fashion.  By using the “switchport trunk native vlan 2” command, it causes all native traffic to be passed across the trunk with a VLAN ID 2 tag.  In this case, this passes native traffic to my Hyper-V management interface on the Virtual Network Switch and presents another alternative for handling management traffic on a separate VLAN instead of configuring VLAN ID 2 in the Hyper-V Switch properties.

Note that you’ll need to also define the native VLAN ID in the switch configuration.  For example:

kemlabsw01(config)# int vlan 2
kemlabsw01(config-if)# no ip address

Based on your network configuration, you may or may not want to include an alternate native VLAN ID in your switch configuration.

Your Turn ... Now You Try It!

As part of our Windows Server 2012 "Early Experts" Installer Quest, we have additional study resources and a hands-on lab available where you can practice NIC teaming and VLAN tagging for FREE.  Join us and begin the Installer Quest today!

Share Your Experiences!

Are you using NIC Teaming and/or VLAN tagging in your environment?  Share your experiences in the comments below!

Hope this helps,

Keith

Comments

  • Anonymous
    January 01, 2003
    Hi Revo, Sounds great - For the 6x1GB team, I'd normally recommend using Hyper-V Port load balancing since it sounds like they'll be used for VM traffic.  For the other teams, Address hashing should work fine. Thanks! Keith

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi Thomas, Check out Module 2 in our Build Your Private Cloud series at http://aka.ms/BuildYourCloud.  The networking topics walk through the configuration that you're looking for. Hope this helps! Keith

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Nice write-up.

  • Anonymous
    January 01, 2003
    Hi Calvin, Yes - the screenshots above were taken from my lab environment where I configured these settings.  To confirm the steps - you created a team on the host and then created a new External virtual switch in Hyper-V Manager that is bound to the "multiplexor" adapter that the new NIC team is using?  If so, you should be able to then configure a VM to use that new virtual network and set the VLAN ID using the VM Settings in Hyper-V Manager as shown in my last screenshot above. Hope this helps! Keith

  • Anonymous
    January 01, 2003
    Hi George, Yes - this configuration is possible - from your configuration above, be sure to set both the etherchannel interface and each individual switchport interface that is part of the etherchannel to use VLAN trunking as outlined in the switch configuration above. Hope this helps! Keith

  • Anonymous
    November 20, 2012
    what applications has this been useful to implement ?

  • Anonymous
    December 03, 2012
    Have you tried this yet? I've been working on this for 3 days, and if you are using nic teaming, you cannot specify the vlan in the client's settings. You can only create virtual nics and then bind them to virtual switches, however I have not successfully gotten that to work yet...(no ip address)

  • Anonymous
    April 12, 2013
    Hi everyone! One Thing I don't get is whether I could use the teams with Hyper-V VMs and VLANs on the vSwitch (not on the virtual Interfaces for each vlan on the physical Server) . Unfortunately the screenshot of the HyperV Config shows again the Intel 82579LM.. My Idea is:

  • Create a LACP Team
  • Connect a HyperV vSwitch to the Team Adapter (i.e. the team NIC that uses the Multiplexor driver)
  • Assign the required  VLAN-IDs to the LACP trunk on the switch
  • Add the VLAN IDs in the Properties Dialog of the VM I tried this (although on rather heterogeneous Hardware - an Intel 82579LM and an Intel Pro100/GT) and it did not work. Could you please point out whether this config would work or if I am a victim of a genral misconception? Best George
  • Anonymous
    April 15, 2013
    Thanks for your reply! I'm using HP switches where you would only define the tags on the team itself not on the individual ports. I got it to work, all I had to do was to transport one VLAN untagged to the team. As soon as I did that everything worked fine. As I've pointed out before, the behavior observed could also be related to the client-NICs I was using for my tests.. Cheers, George

  • Anonymous
    August 07, 2013
    So if I wanted to create a NIC team and use it for the Host, CSV/HeartBeat, and Live Migration networks---having them all on separate VLAN's, how would I go about doing that?