- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Discusion a round "Private" VLANs to control traff...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2010 01:20 PM
08-06-2010 01:20 PM
Discusion a round "Private" VLANs to control traffic to servers in a c7000
Alex was looking for some clarification:
*********************************************
Sorry for jumping in late on this, some questions
I thought checking private on a network in VC meant that VLAN was private to the VC – are we talking the same private – or have I got it wrong J
If the customer wants to control the traffic between to machines why put them on the same Ethernet broadcast domain.
If they are on the same Ethernet broadcast domain (vlan), then different ip subnet addresses isn’t really protecting any one ?
**********************************************
Cullen joined the conversation:
***********************************************
Alex,
If you want to make a network in Virtual Connect that is internal only, you simply don’t assign it to an uplink/shared uplink set.
A Private network is one where the systems can only talk out the uplink, not to each other (within the enclosure, as it’s not enforced outside a single Virtual Connect domain). Suppose you had an “out of band” management VLAN for monitoring the servers at the OS level and suppose you wanted to be sure that systems could not talk to each other on this VLAN. If you were using switches with the capability, you could use Access Control Lists (ACLs) to restrict which machines could communicate, but Virtual Connect doesn’t support ACLs. If you were using Cisco gear you could use their proprietary private networking capability (which is pretty flexible) – but that’s Cisco only and works best when you have an end-to-end Cisco environment.
With Virtual Connect, you’d have two choices:
- Create 32 networks attached to 32 VLANs (assuming double density blades) and assign each blade to a different network. This potentially wastes a lot of IP address space. It also complicates the settings for firewalls and routing.
- Use a private network. All machines are on the same VLAN and same IP subnet but can’t talk to each other. IP address space is not wasted, routing is simplified.
**************************************************************
Are you using Private VLANs in your network infrastructure? How do you use it? Let us know.