Considerations for XenServer Switch Ports
Summary
This article contains guidelines that should be considered when connecting XenServer to a switch:
Requirements
You require Administrative access to the switch.
Background
Switch ports must be configured differently for a XenServer host as opposed to a standard workstation. The following considerations are recommended when connecting a XenServer to a switch.
Considerations
Change the following options on the switches for XenServer ports:
- Enable PortFast on XenServer connected ports.
PortFast allows a switch port running Spanning Tree Protocol (STP) to go directly from blocking to forwarding mode by skipping the learning and listening modes. PortFast should only be enabled on ports connected to a single host. Port must be an 802.1q trunk port if you are using VLANS and the port must be in access mode. Ports used for storage should have PortFast enabled.Note: It is important that you enable PortFast with caution, and only on ports that do not connect to multi-homed devices such as hubs or switches.
- Disable Port Security on XenServer connected ports.
Port security prevents multiple MAC addresses from being presented to the same port. In a virtual environment, you see multiple MAC addresses presented from Virtual Machines to the same port. If you have enabled Port Security, it shuts down the port.
- Disable Spanning Tree Protocol on XenServer connected ports.
Spanning Tree Protocol must be disabled if you are using Bonded or teamed NICs in a virtual environment. Spanning Tree Protocol should be disabled because of the nature of Bonds and NIC teaming, to avoid failover delay issues when using bonding.
- Disable BPDU guard on XenServer connected ports.
BPDU is a protection setting part of the STP that prevents you from attaching a network device to a switch port. When you attach a network device, the port shuts down and has to be enabled by an administrator. A PortFast port should never receive configuration BPDUs.
Note: When BPDUs are received by a PortFast port, it indicates another bridge is connected to the port, and it indicates that there is a possibility of a bridging loop formation during the Listening and Learning phases. In a valid PortFast configuration, configuration BPDUs should never be received, so Cisco switches support a feature called PortFast BPDU Guard, which is a feature that shuts down a PortFast-enabled port in the event a BPDU is received. This feature ensures that a bridging loop is not formed, because the switch’s shutting down the port removes the possibility of a loop forming.
- Change port speed settings to Static if you are using a 10/100 switch.
If you are connecting to a 100 MBP/s port, set the PIF speeds to 100 MBPs static with full duplex.
Note: It is not necessary to change speed or duplex settings when connecting to 1GB switches.
