Adding Additional NIC to LTM VE

Sorry no such luck on the hot add. If you add interfaces as VMXNET3 they may show up on reboot, to be sure you have to delete /var/db/mcpdb.bin before the reboot.

 

Adding interfaces is not supported though, as they tend to get re-ordered by vSphere randomly, though in a lab you can figure things out OK, in production its much better to just run VLAN trunking with the original interfaces instead.

How would I go about configuring VLAN trunking? Assume for purposes of discussion that I have 4 different VLANs that I will need to create VIPs on.

 

 

What I would like to be able to do is create a trunk with the three interfaces and then just tag the traffic with the appropriate VLAN ID so that our switches will handle the traffic appropriately.

 

 

Adding an additional layer of complexity, let me explain how our network is configured. The Virtual Host where the Big IP VM resides has multiple physical NICs. These physical NICs are connected to two physical Cisco switches and configured into a single Port Channel (the switches are connected with a stacking cable).

 

 

 

On the VM Host, we have configured a Distributed Switch (dvSwitch) with multiple Port Groups (dvPortGroup). Each of the Port Groups corresponds to a VLAN configured with the appropriate VLAN ID so that network traffic coming out of the Virtual Host is tagged appropriately and the switch then handles the rest.

 

 

 

Where I'm confused is that since each of the three virtual NICs assigned to the Big IP VM is configured for a specific port group, and I have more port groups (with appropriate VLAN ID) than I have virtual NICs, how do I configure the Big IP appliance?

 

Sure, you just need to change the VLAN within the vSphere interfaces to be 4095 (which means to vSphere - pass VLAN tags directly through to the VM), then create the VLANs you need within the VE - the names don't have to be consistent with the environment outside the VE but the VLAN numbers/tags must be, and associate those VLANs with the 2 VE interfaces as you require.

Hmm, the only problem there is that vSphere doesn't allow you to specify a VLAN ID higher than 4094. I haven't tried creating a VLAN Trunk and then specifying the range of VLAN IDs I'll be using. I'll play around with that and see how that works.

 

 

When I create the VLANs on the Big IP appliance, I'm confused what is meant by "tagged, available, and untagged" in reference to the interfaces. If I'm going to create a VLAN (let's call it VLAN11) and tag it with "11" as the number, do I then put all three interfaces in the "tagged" column?

Simon is correct. In vSphere the 4095 tag should be used when creating a virtual machine port group. I wrote this up a while back:

 

 

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1082331/Whaddya-Mean-LTM-VE-Only-Has-Two-Interfaces.aspx

Thanks Jason, that's perfect.

 

 

Yes you need to create a VLAN trunk on the vSphere end of things.

 

 

That's up to you, the virtual environment is unusual because usually in the physical world, you would create a pair of interfaces for 'inside' with multiple VLANs, and a pair for 'outside' with multiple VLAN's, for both bandwidth and redundancy. In virtual land there's not much point in doing that though, so you could just put all the VLANs on one virtual NIC, all in the tagged column.

The only place I have seen separation is when the physical uplinks are going into different security zones, for example, a pair of physical NICs connecting into the LAN versus a different pair connecting into a DMZ. In that case, you'd possibly want untagged or separately tagged interfaces to map to the appropriate port group.

OK, here's what I've done. I've created a VLAN Trunk port group in vSphere and told it that the VLAN ID range is 10-21. I've then assigned two of the interfaces on the Big IP VE to that port group. On the Big IP VE, I've created a trunk with those two interfaces and left all settings as default. I've then attempted to create a VLAN with a "tag" of 10 and assign the trunk to the untagged interfaces. When I attempt to do so, I receive the error message "01070734:3: Configuration error: vmw-compat: vlan member type must be an interface".

 

 

I'm obviously missing something somewhere and I can't figure out what it is.

 

 

All I want to be able to do is create multiple VLANs on the Big IP VE and assign them specific IDs and then have those VLANs route out over any of the three available NICs. Seems simple, but it's proving to be much more complicated than it would seem.

 

 

Jason, you can't assign 4095 to the virtual machine port group. The allowed VLAN IDs are 1-4094. I don't know how you're assigning 4095 to a port group. Your VLAN options when creating a port group are "None, VLAN, VLAN Trunk, and Private VLAN". Selecting VLAN allows you to put in a value between 1 and 4094. Using VLAN Trunk allows you to specify a range. Private VLAN requires that you have a Private VLAN configured on your vSwitch.

Are you using the dVS ? VLAN 4095 is how you configure VLAN trunking on the regular vSwitch.

 

 

Once you have created tagged VLAN's (with a VLAN ID) those will need to go into tagged interfaced, not untagged ones.

Yes, these are Distributed Virtual Switches.

 

 

I receive the same "01070734:3: Configuration error: vmw-compat: vlan member type must be an interface" error regardless of whether I try to put the trunk into the "untagged" or "tagged" column.