XG and VLAN under Hyper-V or vSphere

As far as your WAN is concerned will really depend on what connection type you have? If PPPoE then the VLAN will not work you will need a dedicated NIC.

Also VLANs on XG are not very good (v16), you require the physical port as well as the VLANs.

Ian

Tobias,

for WAN, a dedicated physical NIC is recommende (as Ian suggested).

For VLAN, create a virtual switch and then tag all the vlan on it and create each VLAN interface on XG too for inter-vlan traffic monitoring.

Regards

My preference is the second option - one virtual NIC on Hyper-V and trunk everything over that. Especially if your Hyper-V only has the one physical adapter (like my Intel NUC).

There area  few limitations under XG that make this less than ideal for your WAN interface though (I can't tell from your post if you want to combine the WAN interface as a VLAN in the new setup):

• When doing initial config, XG assumes you have a LAN and a WAN interface and while it's possible to get through the registration/synchronisation process with a bit of creativity, it's a pain
• MTU is set on the physical NIC, so if you need to set a lower MTU on an interface (common for a WAN interface if it's PPPoE) you won't be able to. You can't even set an MSS mangle rule.

The disadvantages for splitting out all the VLAN's into separate virtual NIC's are:

• Adding a new VLAN to your network later is harder. A reboot is probably required after adding the virtual NIC to get XG to recognise it (i'm guessing - i've not tested this)
• There is a limit to the number of virtual NIC's you can have in a VM. It was 8 in previous editions of Hyper-V, and i've not heard that it has increased.

I'd go with 1 virtual interface for each WAN link, and 1 for everything else.

James

rfcat_vk - PPPoE over VLAN will actually work. It even gets the MTU right. The one time i've found problems is where your WAN link is delivered over IP but with a lower MTU, you can't set MTU on an individual VLAN. If there are any PMTU problems then your connections with freeze.

Either way i'd still recommend putting at least one WAN link on its own virtual NIC.

What do you mean by "Also VLANs on XG are not very good"?

James

Hi James,

a couple of points

1/. you cannot use vlan ids in rules

2/. you need to assign an IP address to the physical network before you can create VLANs.

Ian

There was a typing mistake in my post. I corrected. One of the two physical nics is connected to WAN with PPPoE. WAN has separte vswitch in Hyper-V and is connected to the WAN interface in XG. So, all my questions are not related to the WAN network. 

All other networks (LAN, WLAN, DMZ) are connected via the 2nd physical nic and a VLAN capable physical switch as well inside Hyper-V via a vswitch by using VLAN tagging.

Beside some minor points I found in the answers so far it seems to be that there are no major aspects for the one or the other solution out of my original post.

• limitation number of vswitch in Hyper-V 
  --> Not relevant for me as Home user
• No posibility of creating VLAN in XG without having IP on LAN.
  --> This is the reason why so far I havn't do it. I do not understand the philosophy of the XG developers for this limitatiion.
• Reboot required in case of solution with more virtual nics in Hyper-V
  --> Not relevant for me as Home user.

But anything related to security, performance or function I could not find so far to prefer the one option (VLAN tagging in Hyper-V with several nics) or the other option (one nic with VLAN tagging in XG).