XenClient Enterprise 4.5
16
XenClient Enterprise 4.5 Engine Network Addressing Modes
description
XenClient Enterprise 4.5. Engine Network Addressing Modes. Table of Contents. Internal and External Networks. All XCE VMs have two virtual network adapters. Xen Net Device: Connects to external network. Internal Network Device: Connects to internal network. External Network 10.1.0.0/22. - PowerPoint PPT Presentation
Transcript of XenClient Enterprise 4.5
XenClient Enterprise 4.5Engine Network Addressing Modes
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 2
Table of Contents
Internal and External Networks Page 3
Internal Network Page 4
External Network Page 5
Network Addressing Modes Page 6
Network Addressing Mode Comparison Page 7
Virtual Machine Network Connections Page 8
Why Use NAT Mode? Page 9
Virtual Machine Network Configuration: Bridged Mode Page 10
Virtual Machine Network Configuration: NAT Mode Page 11
Network Addressing Mode in Engine Control Panel Page 12
Network Addressing Mode in Engine Policy Page 13
Internal Network Range of IP Addresses Page 14
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 3
Internal and External Networks
External Network10.1.0.0/22
• All XCE VMs have two virtual network adapters.
• Xen Net Device: Connects to external network.
• Internal Network Device: Connects to internal network.
Win7 VM WinXP VM
Internal Network192.168.200.0/28
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 4
Internal Network
• The internal network only exists within the Engine.
• Can be used to access:
• The Dock file share.
• The Engine iSCSI target (for the optical drive).
• Cannot be used to access:
• Other Virtual Machines (VMs) running on the same computer.
• Purposely disabled to promote isolation between VMs.
Engine
Win7 VMDock File Share
Engine iSCSI Target
Internal Network192.168.200.0/28
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 5
External Network
• This is the network the computer is connected to.
• Could be a wired, wireless, or broadband connection.
• Used by VMs to access external network resources.
• The word “external” means “outside the Engine”.
• It could be an intranet or other private network.
Win7 VM
Engine
Local Network Resources
Internet
External Network10.1.0.0/22
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 6
Network Addressing Modes
Engine
VirtualSwitch
Bridged Mode: Virtual Switch•Virtual Machine (VM) connects to external network through a virtual switch.
•VM gets an IP address from DHCP services in the external network.
Two modes for connecting VMs to the external network.
NAT Mode: Virtual Router•VM connects to the internal network.
•Internal network connects to the external network through a virtual router.
•VM gets an IP address from DHCP services in the internal network.
ExternalNetwork
10.1.0.0/22
Engine
VirtualRouter
ExternalNetwork
10.1.0.0/22
InternalNetwork
192.168.200.0/28VM
192.168.200.3
DHCP
DHCP
VM10.1.1.220
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 7
Network Addressing Mode Comparison
Bridged Mode NAT Mode
Engine acts as a… Virtual switch. Virtual router.
Engine gets IP address from… External network DHCP services. External network DCHP services.
VMs get IP addresses from… External network DHCP services. Internal network DHCP services.
Supported network connection types
Wired only. Wired, Wireless LAN, and Wireless broadband.
How many IP addresses are required from DHCP services on the external network?
One for the Engine, plus one for each VM.
One for the Engine only.
Can a computer on the external network connect to a VM?
Yes. VMs act as if they are connected directly to the external network.
No. VMs are hidden behind the NAT layer and not routable from the external network.
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 8
NAT Mode Request To External Network
ExternalNetwork
10.1.0.0/22
InternalNetwork
192.168.200.0/28
VM192.168.200.3
Requestsrc=192.168.200.3
dest=10.1.1.6
Engine10.1.1.170
Requestsrc=10.1.1.170dest=10.1.1.6
Requestsrc=10.1.1.170dest=10.1.1.6
The VM generates a request packet for delivery to the computer in the external network.
The virtual network interface in the VM delivers the request packet to the internal network.
The Engine NAT layer intercepts the packet and sets the source IP address to the Engine.
Engine delivers the modified packet to the external network where its routed to the destination computer.
The external network host receives the request.It appears as if it came from the Engine, not the VM.
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 9
NAT Mode Response From External Network
ExternalNetwork
10.1.0.0/22
InternalNetwork
192.168.200.0/28
VM192.168.200.3
Responsesrc=192.168.200.3
dest=10.1.1.6
Engine10.1.1.170
Responsesrc=10.1.1.6
dest=192.168.200.3
Responsesrc=10.1.1.6
dest=10.1.1.170
The external network host generates a response packet. It is sent to the Engine, not the VM.
The response packet is received by the external network and routed to the Engine.
Engine receives the response packet and sets the destination IP address to the VM.
Engine submits the modified response packet to the internal network.
The virtual network adapter in the VM receives the response from the internal network.
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 10
Virtual Machine Connections To and From External Network
EngineVNC
Service
Engine
VM
RemoteDesktopService
External Network Computer
But connections from computers in the external network to the VM only work in bridged mode.
Connections from the external network computer to the Engine itself work in NAT and bridged mode.
Connections from the VM to computers in the external network work in NAT and bridged mode.
NAT and Bridged
NAT and Bridged
Bridged Only
VNCClient
VNC
RemoteDesktopClient
RDPRemoteDesktopService
RemoteDesktopClient
RDP
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 11
Why Use NAT Mode?
• NAT mode is the only supported network addressing mode for wireless LAN and wireless broadband network connections.
• NAT mode only requires one IP address from DHCP services in the external network. Bridged mode requires one IP address for the Engine and one for each VM.
• NAT mode provides a layer of network protection for the VMs since they can not be addressed from the external network.
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 12
Virtual Machine Network Configuration: Bridged Mode
External Network Device•IP address and other configuration comes from DHCP services in the external network.
•Uses network gateway and DNS services in the external network.
•Other computers in the external network should be able to connect to this IP address via ping, RDP, etc.
ExternalNetwork
10.1.0.0/22
InternalNetwork
192.168.200.0/28
Internal Network Device•IP address and other configuration comes from DHCP services hosted by the Engine on the internal network.
•No network gateway or DNS servers.
•Can only be used to access resources on the internal network by IP address.
•Other computers in the external network will not be able to connect to this IP address.
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 13
Virtual Machine Network Configuration: NAT Mode
External Network Device•IP address and other configuration comes from DHCP services hosted by the Engine on the internal network.
•The Engine also acts as a DNS server and network gateway. Network requests are routed to the external network.
•Other computers in the external network cannot connect to this interface.
InternalNetwork
192.168.200.0/28
Internal Network Device•Same configuration as for bridged mode.
•IP address in the same range as external network device. Both come from the internal network.
•But there is no network gateway or DNS server set so it can not be used to access the external network.
InternalNetwork
192.168.200.0/28
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 14
Network Addressing Mode in Engine Control Panel
The network addressing mode can be viewed or changed in the Engine control panel.
1.Start the Engine networking control panel applet.
2.Select the Wired network connection.
3.Click the “Connection Details” link to view the current addressing mode.
4.Click the “Change Address Mode” link to change the addressing mode.
5.Bridged mode is only supported for wired network connections.
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 15
Network Addressing Mode in Engine Policy
• The default addressing mode for wired network connections is NAT.• The default can be set to bridged mode in Engine policy.• This only applies to wired network connections.
Locate the Engine policy in Synchronizer console.
Select the network section.
Set the address mode to “bridged”.
The setting control should be set to one of the “yes” values.
XenClient Enterprise 4.5Engine Network Addressing Modes
Copyright © 2013 CitrixPage 16
Internal Network Range of IP Addresses
• The range of IP addresses for the internal network is configurable in Engine policy.• Default range in CIDR notation: 192.168.200.0/28• Should be changed if this range conflicts with external network IP addresses.• This can only be done in Synchronizer policy, not in the Engine control panel.
Locate the Engine policy in Synchronizer console.
Select the network section.
The setting control should be set to one of the “yes” values.
Set the base address and netmask length for the internal network.
