VN-Tag Explained & Configuration

Introduction:

VNTag is needed to augment the forwarding capability of an Ethernet switch and make it capable to operate in a virtualized environment. Classical Ethernet switches do not support the forwarding of frames where the source and destination MAC address are on the same port and therefore do not support forwarding frames between two VMs connected on the same switch port. VN-Tag solves this and other issues by creating a virtual Ethernet interface per each VM on the switch. Since the switch is capable of forwarding between these virtual Ethernet interfaces, it is capable of forwarding between VMs connected on the same physical port.

What is VNTag:

The VN-Tag protocol is an encapsulation mechanism to transport frames from the Port Extenders (FEX) to the Parent Switch, or Controlling Bridge according to IEEE. Thanks to this protocol, we can differentiate traffic between host interfaces traversing the fabric uplinks

A unique tag ID is allocated for each host interface on the FEX. The parent and FEX mark each frame sent across the uplink with the appropriate tag. Logically, this actually allows the FEX host ports to show up on the parent switch just like physical ports. The VN-tag acts like a virtual wire that connects the host port directly to the parent.

The VN-Tag technology itself simply adds an additional header to the packet as it traverses between the ‘Instant Access’ (Or FEX) and its parent switch, where all the switching occurs:

VN_Tag Header an additional 6-bytes. The fields are as follows:

EtherType [16-bits] = 0x8926
Destination Bit [1-bit] – Indicates which direction the frame is flowing.
Pointer bit [1-bit] –
Destination VIF – [14-bits] – Identifies the destination port.
Looped – Identifies the source vNIC, ment to identify multicast frames to ensure it is not forwarded back to where it originated.
Reserved [2-bits] – For future use.
Source VIF [12-bits] – vif_id of the downstream port.
Version [2-bits] – Set to 0

How VNTag works:

First, we have to know the FEX operation and the type of interfaces involved in this kind of topologies. Therefore, it’s important to identify the HIF (Host Interface), NIF (Network Interface), LIF (Logical Interface), and VIF (Virtual Interface).

The physical link between parent switch and fabric extender is called Fabric Interface (FIF).
The physical ports on the FEX where the actual hosts are connected are called Host Interfaces (HIF).
In the parent switch new virtual ports are created that are called the Logical Interfaces (LIF): this is a data structure in the parent switch that emulates an Ethernet interface. It carries properties such as VLAN membership, access control list (ACL) labels, and STP states and is mapped to a virtual interface created on a Fabric Extender. These logical interfaces are mapped to virtual ports in the FEX called Virtual Interfaces (VIF).
VIF(Virtual Interfaces) is a logical entity inside Fabric Extenders that receives its configuration from the parent switch, and it is used to map frames to a switch Logical Interface (LIF). When one VIF wants to communicate with other VIF on same FEX it must go through the parent switch.

VN-Tag Configuration:

Step1: Install and enable the virtualization feature set.

(config)# install feature-set virtualization
(config)# feature-set virtualization

Step-2: Configure the Nexus 5000 interface that connects to the servers in Virtual Network Tag (VNTag) mode.

(config)# interface Eth 1/10
(config-if)# switchport mode vntag
(config-if)# no shutdown

Step-3: Configure the port profile(s) to be applied to the vNICs.

The port profiles are configuration templates that can be applied (inherited) by the switch interfaces. In the context of Adapter-FEX, the port profiles can be either applied to the virtual Ethernet interfaces that are manually defined or to the ones that are automatically created when the vNICs are configured on the UCS C-Series Cisco Integrated Management Controller (CIMC) GUI interface. The port-profile is of type ‘vethernet’.

A sample port-profile configuration is shown here:

(config)# port-profile type vethernet VNIC1
(config-port-prof)# switchport mode access
(config-port-prof)# switchport access vlan 10
(config-port-prof)# no shutdown
(config-port-prof)# state enabled

Step-4: Configure the server to support NIV Mode :

Complete these steps on the UCS C-Series server:

Connect to the CIMC interface via HTTP and log in with the administrator credentials.
Choose Inventory > Network Adapters > Modify Adapter Properties.
Check the Enable NIV Mode check box.
Click Save Changes.
Power off and then power on the server.

Step-5: create vNICs on the server:

After the server comes up, choose Inventory > Network Adapters > vNICs > Add in order to create vNICs. The most important fields to be defined are:
1. VIC Uplink port to be used (P81E has 2 uplink ports referenced as 0 and 1).
2. Channel Number – a unique channel ID of the vNIC on the adapter. This is referenced in the bind command under the virtual Ethernet interface on the Nexus 5000. The scope of the channel number is limited to the VNTag physical link. The channel can be thought of as a ‘virtual link’ on the physical link between the switch and server adapter.
3. Port Profile – the list of port profiles defined on the upstream Nexus 5000 can be selected. A virtual Ethernet interface will be automatically created on the Nexus 5000 if the Nexus 5000 is configured with the vethernet auto-create command. Note that only the virtual Ethernet port profile names (port-profile configuration is not) are passed to the server. This occurs after the VNTag link connectivity is established and the initial handshake and negotiation steps are performed between the switch and server adapter.