Thanks for the question. I had bits and pieces this knowledge, but I asked for some help to make sure I did not steer you in the wrong direction. One of the developers at Intel sent me a link to a Microsoft TechNet Wiki page that gives the best way to configure VLANs with Hyper-V in Hyper-V: Virtual Networking Survival Guide. I think you will find the Understanding Hyper-V VLANs topic to explain the BKM for configuring the VLANs. This topic has some good diagrams.
On the physical adapter, don't configure any ANS VLANs. Then traffic will be routed according to the VLANs configured on the Hyper-V switch and VMs. This is meant to work with the VLAN trunking, and all the appropriate tagging will be on the wire.
I hope this answers your question.
Thank you for your answer.
When you say don't configure ANS VLAN, does it apply to the untagged interface as well ? The untagged interface is the only one that we want to use by hyper-v virtual switch. The others ANS VLAN interface will be used for other purpose such as cluster shared volume or live migration.
The reason why I am asking is that QLogic cards have the same sort of ANS VLAN with the possibility of having a untagged interface. I know for sure that using this untagged interface by the hyper-v virtual switch and having the tagging made at the hyper-v level (on the VMs and the hyper-v virtual interface) is working with QLogic cards.
We came across the following article on the Intel's web site:
It is unclear if this article applies to every interface including the untagged one or if we can use the untagged one (and only this one) by the virtual switch and have the tagging made by hyper-v like with QLogic.
We are not sure if we can use Intel cards for this project.
We need both, VLAN tagging on the adapter (for VLANs such as cluster share volume, live migration, management) and VLANs tagging by hyper-V (for the VLAN used by the VM).
That's why we need to use the VLAN tab on the adapter, with the untagged VLAN used by the hyper-V virtual switch. We are wondering if it is a configuration supported by Intel.
Can you give me an example of how you want to configure Hyper-V in your case. Are you asking about a configuration like this example:
VM10 uses VLAN ID 10 configured in Hyper-V and ANS is configured with VLAN ID 10.
VM11 uses VLAN ID 11 configured in Hyper-V and ANS is configured with VLAN ID 11.
Hyper-V Switch on host is not configured with a VLAN and ANS is configured with an untagged VLAN for communications to the host.
If you don't want to post the details here, feel free to send me a private message with the details. I will show the details to one of our experts to confirm that the configuration is supported.
Thank you for your help, here are the details, they are quite simple.
Let's assume that we have only one physical interface that we use as a trunk (in fact we will use also teaming for redundancy).
On the host:
VLAN 10 for the management network
VLAN 11 for cluster share volume
VLAN 12 for live migration
For the VMs:
VLAN 21 for VM1
VLAN 22 for VM2
VLAN 23 for VM3
On the physical interface we would need to create:
- ASN VLAN 10 for the management network
- ASN VLAN 11 for cluster share volume
- ASN VLAN 12 for live migration
- the ASN untagged VLAN interface for the Hyper-V virtual switch
- one vSwitch that will use the ASN untagged VLAN interface
- each VLAN (21, 22, 23) will be set in the network configuration of each VMs
This can only work if the untagged interface keeps the tagging made at the Hyper-V level. If this tagging is removed then VLAN 21, 22 and 23 will never reach the switch with the correct tagging.
When an ANS VLANs are configured, an associated filter is used in the hardware to only allow that VLAN on the interface. The untagged VLAN would only work for packets with no VLAN tag. The untagged VLAN interface would not pass packets tagged with a VLAN ID. Those packets would get dropped.
You are correct in saying, "This can only work if the untagged interface keeps the tagging made at the Hyper-V level." Because the untagged interface will not pass any tagged frames, those frames will be dropped and the configuration you described will not work.
If you configure ANS VLANs, you will need to configure an ANS VLAN for EVERY tagged VLAN used by Hyper-V or those packets will be dropped. Every tagged VLAN would need both an ANS VLAN and a Hyper-V switch VLAN. That is a lot of extra confguration that you could skip by not creating any ANS VLANs.
I hope this answers your question.