From aa01ba75ca7baf35a7060f165439cfa78a401841 Mon Sep 17 00:00:00 2001 From: Radhika PC Date: Tue, 11 Jun 2013 14:55:39 +0530 Subject: [PATCH] CLOUDSTACK-2404 --- docs/en-US/networks.xml | 1 + docs/en-US/pvlan.xml | 108 ++++++++++++++++++++++++++++++++++------ 2 files changed, 93 insertions(+), 16 deletions(-) diff --git a/docs/en-US/networks.xml b/docs/en-US/networks.xml index b557088273f..d1fc541659a 100644 --- a/docs/en-US/networks.xml +++ b/docs/en-US/networks.xml @@ -48,6 +48,7 @@ + diff --git a/docs/en-US/pvlan.xml b/docs/en-US/pvlan.xml index e3f2ea3ace7..f0cdbac94e3 100644 --- a/docs/en-US/pvlan.xml +++ b/docs/en-US/pvlan.xml @@ -110,20 +110,16 @@ url="http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml" >Private VLAN Catalyst Switch Support Matrixfor more information. - - Connect a switch to the gateway; connect additional switches to the gateway via a - trunk port: Only Cisco Catalyst 4500 has the PVLAN promiscuous trunk mode to connect both - normal VLAN and PVLAN to a PVLAN-unaware switch. For other Catalyst PVLAN support switch, - connect the switch to upper switch by using cables. The number of cables should be greater - than the number of PVLANs used. - All the layer 2 switches, which are PVLAN-aware, are connected to each other, and one of them is connected to a router. All the ports connected to the host would be configured - in trunk mode. Allow Management VLAN, Primary VLAN (public) and secondary Isolated VLAN + in trunk mode. Open Management VLAN, Primary VLAN (public) and Secondary Isolated VLAN ports. Configure the switch port connected to the router in PVLAN promiscuous trunk mode, - which would translate an isolated VLAN to primary VLAN for router, which is PVLAN-unaware. - + which would translate an isolated VLAN to primary VLAN for the PVLAN-unaware router. + Note that only Cisco Catalyst 4500 has the PVLAN promiscuous trunk mode to connect + both normal VLAN and PVLAN to a PVLAN-unaware switch. For other Catalyst PVLAN support + switch, connect the switch to upper switch by using cables. The number of cables should be + greater than the number of PVLANs used. If your Catalyst switch supports PVLAN, but not PVLAN promiscuous trunk mode, perform @@ -137,15 +133,15 @@ For each PVLAN, perform the following: - Connect one port of the Catalyst switch to the upper switch. + Connect a port of the Catalyst switch to the upper switch. Set the port in the Catalyst Switch in promiscuous mode for one pair of - PVLAN + PVLAN. - Set the port in upper switch to access mode, and allow only the traffic of - primary VLAN of the PVLAN pair. + Set the port in the upper switch to access mode, and allow only the traffic of + the primary VLAN of the PVLAN pair. @@ -154,10 +150,90 @@ Configure private VLAN on your physical switches out-of-band. + + Open vSwitch (OVS) used by XenServer and KVM does not support PVLAN. Therefore, + simulate PVLAN on OVS for XenServer and KVM by modifying the flow table to achieve the + following: + + + For every traffic leaving user VMs, tag with the secondary isolated VLAN + ID. + + + Change the VLAN ID to primary VLAN ID. + This allows the traffic which is tagged with the secondary isolated VLAN ID reach + the DHCP server. + + + The gateway is PVLAN-unaware; therefore, the switch connected to the gateway + should translate all the secondary VLAN to primary VLAN for communicating with the + gateway. + + +
- - <para/> + <title>Creating a PVLAN-Enabled Guest Network + + + Log in to the CloudPlatform UI as administrator. + + + In the left navigation, choose Infrastructure. + + + On Zones, click View More. + + + Click the zone to which you want to add a guest network. + + + Click the Physical Network tab. + + + Click Add guest network. + The Add guest network window is displayed. + + + Specify the following: + + + Name: + + + Description: + + + VLAN ID: + + + Private VLAN ID: + + + Scope: + + + Network Offering: + + + Gateway: + + + Netmask: + + + IP Range: + + + IPv6 CIDR: + + + Network Domain: + + + + Click OK to confirm. +