How To: On the NSR, isolate a switch interface and dedicate to a VM
Overview
Applies to Net SR only
This example will show how to isolate a specific switch port on an NSR's ethernet switch expansion module and dedicate it to a virtual machine. This involves using a transit vlan. The vlan only exists in the switch and is not used anywhere else. To better visualize, the diagram below represents the NSR and the transit vlan topology and how we want to bridge with the VM. In our example, we want to isolate netS1-16 and dedicate to the VM running on the host.
Even if netS1-1 and netS1-2 are on the same actual network that netS1-16 is on (regardless of vlans), this will ensure that traffic for the VM is isolated through one port only, netS1-16. Here is how to do it.
Create the Transit VLAN
You can use any VLAN id, it should be an ID that is not used by any other ports. In the switch configuragion, Network-->Switch-->VLAN, create the transit vlan. In our example, we are using ID 170. Set backplane0 as tagged for 170, and netS1-16 as untagged.
Create Interfaces
Next, create the interfaces. First, create the VLAN interface for 170, then we create a bridge on the VLAN 170 interface. Do not assign any IP addresses to the interfaces.
Now the bridge
Your connections page should look similar to this:
Connect VM to Bridge
Finally, connect the VM to the bridge. Navigate to Applications-->Virtual Machines, select your VM and shut it down first. Edit the existing network interface for the VM or add a new one. You want to change the interface type to "Bridge to LAN". Make sure to note the bridge interface that was created on your Nodegrid, it will be listed under the 'Interface' column. In my case it is br0, yours might be different.
It should look similar to this:
Done
That is all that is needed, start your VM and now it's network traffic will only traverse the transit vlan and thus be isolated to the switch port, no other traffic will traverse it unless you add other switch ports into the same transit vlan or bridge other VMs to the same bridge.
Related Articles
How to map interfaces and switch ports to a Virtual Machine?
Map interfaces to your VM allows you to use the physical ports of the Nodegrid in your virtualized environment. For that, we use the Bridge to LAN option on the Network Interfaces inside the VM configuration (Applications :: Virtual Machines :: VM). ...Local Virtual Machines VM's can't be accessed from ZPE Cloud - Workaround
Unable to launch Local VM from ZPE Cloud portal. ZPE Cloud Portal Access: Login into the ZPE cloud interface Navigate to Applications :: Virtual Machines :: Virtual Machines VM - Workaround The VNC console will keep on spinning trying to connect. ...How To: Live Backup VM and Restore VM on Nodegrid
There are several ways to backup virtual machines and as Nodegrid becomes a popular choice for hosting virtual machines in the data center or at the edge running on our Nodegrid Service Routers, administrators need a way to backup and restore the VM. ...How to build the set-up for Virtual Serial Ports communicating to an end device, via the Nodegrid OS
Abstract: In the industry, some legacy applications impose to use serial ports (COM) to interface with the industrial automates. In this article, we will study a set-up in which a desktop emulates a virtual serial COM, and conveys the connection via ...Palo Alto internal VM with Network segmentation
Introduction: Setting up the Palo Alto VM internal to the Nodegrid to segment the traffics from different virtual networks. The public IP is passthrough to the internal PA and allows access to all internal Networks that are configured behind the ...