VMware Cloud Community
Biagio76
Contributor
Contributor

VLAN Tags removed by vSwitch

Hi All

i have a special request regarding VLAN Tagging i need for our Hotel application.

We have a guest on ESXi5.1 that has several different NIC's in different Subnets all separated on vSwitches.

One of the Adapters is responsible for the Guest-Internet-Access and here is the problem.

To separate all Rooms in the Hotel from each other we need to setup a VLAN for every Room, so 100 rooms, 100 VLAN's.

The VLAN Tag must arrive at the Guest OS where a special Routing tool is running that is responsible for all Routings into our System.

I can see the VLAN Tag if i mirror the Trunk-Port with Wireshark on our physical Switch but it doesn't arrive on the Guest OS.

I have tried everything that i found on vmware-support Site or google and im nearly shire that VGT is the Mode we need here.

Switch: Zyxel XGS

Portgroup ESX: VLAN4095

Guest OS: Windows XP

Guest NIC: E1000

Thanks for any creative inputs

Biagio

Tags (3)
Reply
0 Kudos
13 Replies
MKguy
Virtuoso
Virtuoso

Yes, you need VGT mode in this case. This will retain the 802.1q VLAN tags for your Guest which will then be responsible for tagging.

See this KB article for detailed information on how to configure VGT:

VMware KB:    Sample configuration of virtual machine VLAN Tagging (VGT Mode) in ESX 

-- http://alpacapowered.wordpress.com
Reply
0 Kudos
Biagio76
Contributor
Contributor

i think i have done all steps in this article but it doesn't work here.

The question is if it is possible to have one NIC into the Guest that receives all VLANS?

I have used the E1000 NIC and installed the original Intel driver into the guest OS

In the article under additional Information there is a information about using a VMXNET3.

It's a bit confusing.

Reply
0 Kudos
MKguy
Virtuoso
Virtuoso

The question is if it is possible to have one NIC into the Guest that receives all VLANS?

Yes, and this is exactly what VGT and the procedure described in the KB article is supposed to do. Do a tcpdump -i eth0 -enn on the NIC inside the guest and check if you see the traffic.

The main question here is how do you direct the traffic from all the different VLANs to your VM? Do you have 100 virtual tagged interfaces inside the guest which are acting as default gateways for the clients? Is this intended as some "transparent bridging" configuration?

Traffic isn't magically forwarded from the network to your VM just by enabling VGT mode.

In the article under additional Information there is a information about using a VMXNET3.

It's a bit confusing.

The type of the vNIC doesn't matter at all.

-- http://alpacapowered.wordpress.com
Reply
0 Kudos
Biagio76
Contributor
Contributor

The main question here is how do you direct the traffic from all the different VLANs to your VM? Do you have 100 virtual tagged interfaces inside the guest which are acting as default gateways for the clients? Is this intended as some "transparent bridging" configuration?

i have one vNIC on one vSwitch and that vNIC is connected to a Trunk-Port on my Switch. All the Tagged Packets should be received by the VM with one Network-Card and the Router Software that is running on the System is doing DHCP and is responsible for all Gateway functions.

I have a physical box here and this works without any Problems.

In the Article i have found this "You should now be able to install the advanced network services software with VLANs."

Do i need additional Software from Intel here?

Reply
0 Kudos
MKguy
Virtuoso
Virtuoso

In the Article i have found this "You should now be able to install the advanced network services software with VLANs."

Do i need additional Software from Intel here?

Wait, are you running that proxy software on Windows XP as implied in the intial post? The Intel Proset software is for Windows systems with Intel NICs (virtual e1000 in this case) and allows you to create virtual VLAN interfaces since Windows can't handle tagging out of the box: Network Connectivity — Advanced Networking Services (ANS) VLANs

Linux is able to handle VLAN tagging natively.

So what exactly is this proxy software and is it the same (with OS) on your physical box?

-- http://alpacapowered.wordpress.com
Reply
0 Kudos
Biagio76
Contributor
Contributor

First, Thanks a lot for your help and your answers!

Yes the Softare is running on Windows XP.

i know that i can create virtual VLAN Interfaces with the Intel Software but with this solution in a Hotel with 200 rooms, i need 200 NIC's, that's not what i want.

Yes on the physical Box it is Windows XP too and there we have a physical Realtek NIC inside.

The Software is a kind of Router written by the manufacturer of the Hotel-Information-System we use. This Router takes care of all network traffic from the TV's, the Guest's and so on.

Is it really that complicated to get the VLAN Tag's that are send from the physical Switch into the VM?

Reply
0 Kudos
MKguy
Virtuoso
Virtuoso

Is it really that complicated to get the VLAN Tag's that are send from the physical Switch into the VM?

You said you're seeing the traffic in your mirror session from the physical switch, so let me first ask: Have you confirmed how or if the traffic arrives on the guest side? Meaning, have you run a wireshark on the actual interface from within the guest? What you said implied that the traffic arrives, albeit untagged, at the guest which seems odd.

Also what's the destination MAC of these packets when you sniff on the switch side, is it the correct MAC of the vNIC (apart from broadcasts)?

I don't know how exactly this software digs into the OS networking stack to receive the traffic from all different VLANs, but it might be worth a try to enable promiscuous mode on the vSwitch port group as well.

-- http://alpacapowered.wordpress.com
Reply
0 Kudos
Biagio76
Contributor
Contributor

I have done Wireshark on the mirrored Port and into the VM.

On the Mirrored Switch-Port i see the Traffic with the VLAN-Tag, source is the test client and destination the NIC on the VM.

Into the VM i don't see any VLAN tags with Wireshark but the traffic arrives at the NIC. The test client  get's a DHCP IP-Adress from the Router-Software into the VM.

Promiscuous Mode is enabled on the Portgroup.

Reply
0 Kudos
Biagio76
Contributor
Contributor

Nobody here to help me?

Reply
0 Kudos
HeathReynolds
Enthusiast
Enthusiast

Just to confirm your port group VLAN is set to 4095?

My sometimes relevant blog on data center networking and virtualization : http://www.heathreynolds.com
Reply
0 Kudos
Biagio76
Contributor
Contributor

Yes it is 🙂

Reply
0 Kudos
dandreye
Contributor
Contributor

Biagio76:


Have you ever managed to fix it, if so any chance to share how exactly? As a w/a I'm using an Ubuntu 14 VM with vmxnet3, which works perfectly well w/o any tweaking whatsoever, but I still need a fix for Windows. Just created a separate thread on it:

vmxnet3 NIC removes VLAN tags in Windows 7 x64 VM

Reply
0 Kudos
Banbouk
Contributor
Contributor

This issue is related to the adapter driver settings.

For Windows with vmxnet3 adapter there is an option called EnableMonitorMode in the registry under Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\00xx where xx refers to your adapter, just change the value from 0 to 1 to enable monitoring mode and VLAN tags should appear in Wireshark.

Note1: To find the adapter number (00xx) in case you have multiple adapters, you can compare the "DeviceInstanceID" in registry to the "Device instance path" under the Adapter properties in the Details tab.

Note2: Once monitor mode is enabled, then VLAN tagging at the Windows OS level will stop working in case you were using.

Reply
0 Kudos