HPE Community
BladeSystem - General
1819519 Members
2875 Online
109603 Solutions
New Discussion

Private Networks

 
Pedals
Occasional Contributor

‎08-12-2010 01:54 PM

‎08-12-2010 01:54 PM

Private Networks

Hi,

 

I have a blade chassis setup as in the diagram above.

 

I have a blade C7000 chassis with 2 x blade servers, 2 x Virtual Connect Flex-10 modules.

 

The VC modules are connected to external Cisco 6509 switch, via dual etherchannel links configured with lacp, and dot1q encapsulation for VLAN tagging. These are trunks ports allowing VLAN 10,20 & 30.

 

The Virtual connect is configured with two Shared Uplink Sets SUS A on VC 1 and SUS B on VC 2 and VLAN mapping is configured.

The two blade servers are configured for VLAN 10 with private network option.

 

When I ping blade 2 from blade 1 I get a timeout, if I ping a none blade server connected to the cisco switches in the same VLAN I get a response.

If I take private networks off it all works.

 

See attached file for layout.

 

Can anyone suggest why this is and what/if will resolve this?

 

Thanks

0 Kudos
Reply
2 REPLIES 2
chuckk281
Trusted Contributor

‎08-16-2010 02:10 PM

‎08-16-2010 02:10 PM

Re: Private Networks

From the VC Cookbook  for Cisco Administrators it says that when you invoke a VLAN to be Private that the VC links can't talk to each other and must go to an external switch to resolve the security aspects of a "Private VLAN."

0 Kudos
Reply
Stevem
Frequent Advisor

‎08-27-2010 01:10 PM

‎08-27-2010 01:10 PM

Re: Private Networks

The Virtual Connect Private Networks feature is working for you as designed.

 

Private Networks will prevent servers on the same vNet within the same enclosure from talking to each other over that vNet.  So the fact that the two servers in the enclosure, cannot ping each other proves this is working.  Now, if you don't want the blade on VLAN 10 to ping the rack server on VLAN 10, then you will need to employ an external PVLAN or similar configuration on the external switch that the rack server and/or VC are connected to, which is beyond the scope of the VC Cookbook.

 

So, with that...  What behavior are you expecting?.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.