How to Create and Use VLANs on Intel® Compute Modules and Intel® Gigabit Ethernet Switch Modules

Use VLANs to configure and control server traffic on Intel® Compute Modules and Intel® Gigabit Ethernet Switch Module (ESM).

Jump to:

1. No VLANs configured. All traffic is open

   All servers
   	Network

2. One VLAN per Compute Module, and one VLAN per external port

   Server 1 Network A

   Servers 2–6 Network B

3. Multiple VLANs on one Compute Module, and one VLAN per external port

   Server 1: Virtual Machine 1 Virtual Machine 2 Virtual Machine 3
   Virtual Machine 1	External port 1
   Virtual Machine 2	External port 2
   Virtual Machine 3	External port 3

4. Multiple VLANs on one Compute Module, and one or more VLANs on multiple trunked external ports

   Server 1: Virtual Machine 1 Virtual Machine 2 Virtual Machine 3

   External ports 1–4

No VLANs configured. All traffic is open

By default, all compute modules pass all traffic to the ESM. Traffic is forwarded based on the destination MAC address, and all other Compute Modules see the broadcasts.

No configuration is required on the Compute Modules, ESM, operating system (OS), or other switches.

Back to top

One VLAN per Compute Module, and one VLAN per external port

The switch can be configured so that each external port matches a single port on a compute module. Different compute modules can be on separate physical networks, and traffic can be rerouted by moving the physical cables.

1. Create a VLAN ID and name; for example, VLAN ID 10, named Database, by going to:

   Advanced Configuration - Layer 2 - VLAN - Properties - Add

   

   

2. Add the first external port (Ext.1) and the first server NIC port (Server.1.1) as untagged members of that VLAN, by going to:

   Advanced Configuration - Layer 2 - VLAN - Membership - VLAN ID 10 - Ports - Ext.1 - Edit - Untagged
   Advanced Configuration - Layer 2 - VLAN - Membership - VLAN ID 10 - Ports - Server.1.1 - Edit - Untagged

   

   

   

3. Configure the default VLAN for untagged packets on those ports to be the new VLAN, by going to:

   Advanced Configuration - Layer 2 - VLAN - Interface Settings - Ext.1 - Edit - PVID - 10
   Advanced Configuration - Layer 2 - VLAN - Interface Settings - Server.1.1 - Edit - PVID - 10

   

   

   

Any network plugged into the external port 1 on the ESM, will only have access to the first NIC on the first server. A network plugged into any other port, will have access to all server ports except the first NIC on the first server.

To use both ports on the first server with a single external port, also add Server.1.2 to VLAN 10, and bond the NICs through the OS.

Because the ports are untagged, no special configuration is required for the OS or other switches.

Back to top

Multiple VLANs on one Intel® Compute Module, and one VLAN per external port

When using virtual machines, the traffic from each virtual machine can be kept separate from other traffic. For example, a hypervisor on an Intel® Compute Module contains both public web servers and private DHCP or Active Directory servers. This hypervisor must keep the public and private traffic separate.

To configure the traffic, put the different virtual machines on different VLANs, and tag all traffic.

1. Create VLAN IDs and names, by going to:

   Advanced Configuration - Layer 2 - VLAN - Properties - Add
   VLAN ID 11 "VM1"
   VLAN ID 12 "VM2"
   VLAN ID 13 "VM3"

2. Add the server NIC ports (Server.1.1 and Server.1.2) as tagged members of each VLAN, and assign a different external port to each VLAN, by going to:

   Advanced Configuration - Layer 2 - VLAN - Membership
   VLAN ID 11 - Ports - Ext.1 - Edit - Untagged
   Server.1.1 - Edit - Tagged
   Server.1.2 - Edit - Tagged
   VLAN ID 12 - Ports - Ext.2 - Edit - Untagged
   Server.1.1 - Edit - Tagged
   Server.1.2 - Edit - Tagged
   VLAN ID 13 - Ports - Ext.3 - Edit - Untagged
   Server.1.1 - Edit - Tagged
   Server.1.2 - Edit - Tagged

3. Configure your hypervisor to tag outbound packets.

4. Since the external ports are untagged, no special configuration is required for the other switches.

Back to top

Multiple VLANs on one Compute Module, and one or more VLANs on multiple trunked external ports

To increase bandwidth to other switches, create a Link Aggregation Group (LAG) on external ports

Configure the switch
Enter Advanced Configuration on the switch
Open Layer 2 - Interface - LAG Configuration
Edit LAG1

Add a Description. For this example, we will be connecting to a Cisco* switch.

Be sure to click Apply before clicking Close.
Open Layer 2 - Interface - LAG Membership
Edit ToCisco

Add the first four external ports

Click Apply, then Close

Open Layer 2 - VLAN - Membership
Select VLAN ID 10 from the drop-down list
Select the LAGs radio button
Edit LAG 1

Set the Interface Status to Tagged

By default, each VLAN is user-defined as tagged or untagged (full IEEE802.1q mode). If you need to assign the interface to a single untagged VLAN, open

Layer 2 - VLAN - Membership - VLAN - Interface Settings - LAG 1
Choose Edit
Set the LAG VLAN Mode to Access

If you need all VLANs tagged except one, set the LAG VLAN Mode to Trunk.

To configure your external switch, consult your switch documentation. For some example commands, see Creating a multiport trunk with an external switch

Back to top