Monday, June 10, 2019

I don't understand how Native Vlans work on UCS

Hi, 

I have a UCS domain (end host mode Fabrics Interconnect) with different type of clusters.

It is connected to two N9Ks which themselves are connected to my Forti Router/FW/DHCP server (router on a stick with a DHCP server on each VLAN interface)
As for clusters types : I have Hyperflex (HX240) on one hand and I'm configuring baremetal on the other hand (C220 rack servers).

I understand that with Hyperflex we never have to bother with native VLAN because the way it configures ESXi hosts, packets coming out of VMs are tagged on vSwitch egress and then arrives on the FI etc etc. So we are dealing with tagged packets and the vSwitch adds/removes Q tag on egress/ingress so that VM's OSes only deal with untagged packets.
So if I understand correctly, if I spawn a new VM on HX, the OS send an untagged DHCP request via the vNIC (say it is configured on vlan 40) but when it flows out of vSwitch on uplink port, it is tagged with vlan 40 tag. 
It arrives on N9K trunk that allows vlan 40 tagged packets and eventually arrives on Forti DHCP that answers back.
Answer arrives on my vSwitch, it removes Q tag before sending the answer packet to my VM so that my VM's OS understand the packet and gets its IP setted.

For the baremetal part, I am lost. We were trying to deploy the rack server's OSes with PXE but DHCP would not work.
Config was 4 vNIC for each server. 2 on vlan 40 (one for each FI) and 2 on vlan 41 (one for each FI).
I discovered that DHCP would not work until I specify that the unique VLAN that is deployed on each vNIC is also the Native VLAN for that vNIC.
At that point I'm already confused because for me Native VLAN is a Switch concept so I don't understand why it is set on the Server side? 
I saw that the vEthernet is always in trunk mode either on HX cluster or on Baremetal cluster.

I do understand that because PXE ROM does not tag the DHCP request, if I don't specify a Native VLAN on my vNIC, request is being forwarded on VLAN 1 and my PXE ROM will never receive an answer because there is no DHCP on subnet 1.

But I do not understand why it would work with Native VLAN 40 on the vNIC of my server.
Because even if my PXE ROM's untagged DHCP request is sent on VLAN 40 (because of Native VLAN 40), the other side of my Trunk is not on Native VLAN 40.
Actually I'm not even sure what is the other side of that Vethernet Trunk. I guess it is the uplink port that is connected to my N9Ks, but neither my FI Uplink port nor my N9Ks have Native VLAN set to 40, so my untagged DHCP request packet should be placed on vLAN 1 either between the Vethernet and the FI uplink or between the FI uplink and the N9K interface.
Afterwards, the DHCP request should be lost too because there is no DHCP on that VLAN 1.

What am I missing here ? 

Thanks a lot, I'm drowning



No comments:

Post a Comment