HP Virtual Connect 1Gb Ethernet Cookbook
Introduction to Virtual Connect 1Gb Ethernet Networking 9
If you create a new network access group, NetGroup1, and move existing networks from the Default network
access group to NetGroup1, then a profile that uses NetGroup1 cannot use networks included in the Default
network access group. Similarly, if you create a new network and assign it to NetGroup1 but not to the Default
network access group, then a profile that uses the Default network access group cannot use the new network.
Therefore, an administrator cannot inadvertently, or intentionally, place a server on networks that reside in
different Network Access Groups.
Private Networks
The Private Networks option provides extra networking security. When checked, the network is configured so
that all server ports connected to it cannot communicate with each other within the Virtual Connect domain.
All packets from servers are sent through the VC domain and out the uplink ports only. Servers on the network
can only communicate with each other through an external Layer 3 router that redirects the traffic back to the VC
Domain.
IGMP Snooping
The IGMP Snooping feature enables VC-Enet modules to monitor (snoop) the IGMP IP multicast membership
activities and configure hardware Layer 2 switching behavior of multicast traffic to optimize network resource
usage. IGMP v1, v2, and v3 snooping are supported.
The IGMP Snooping idle timeout interval is set to 260 seconds by default. This value is the "Group Membership
Interval" value as specified by IGMP v2 specification (RFC2236). For optimum network resource usage, set the
interval to match the configuration on the customer network's multicast router settings.
Network loop protection
To avoid network loops, Virtual Connect first verifies that only one active uplink exists per network from the
Virtual Connect domain to the external Ethernet switching environment. Second, Virtual Connect makes sure that
no network loops are created by the stacking links between Virtual Connect modules.
One active link—A VC uplink set can include multiple uplink ports. To prevent a loop with broadcast
traffic coming in one uplink and going out another, only one uplink or uplink LAG is active at a time. The
uplink or Link Aggregation Group (LAG) with the greatest bandwidth should be selected as the active
uplink. If the active uplink loses the link, then the next best uplink is made active.
No loops through stacking links—If multiple VC-Enet modules are used, they are interconnected using
stacking links, which might appear as an opportunity for loops within the VC environment. For each
individual network in the Virtual Connect environment, VC blocks certain stacking links to ensure that
each network has a loop-free topology.
Enhanced network loop protection detects loops on downlink ports, which can be a Flex-10 logical port or
physical port. The feature applies to Flex-10 logical function if the Flex-10 port is operating under the control of
DCC protocol, which provides the ability to manage, control or prevent a loop at the FlexNIC. If DCC is not
available, the feature applies to a physical downlink port.
Enhanced network loop protection uses two methods to detect loops:
It periodically injects a special probe frame into the VC domain and monitors downlink ports for the
looped back probe frame. If this special probe frame is detected on downlink ports, the port is considered
to cause the loop condition.
It monitors and intercepts common loop detection frames used in other switches. In network
environments where the upstream switches send loop detection frames, the VC Enet modules must
ensure that any downlink loops do not cause these frames to be sent back to the uplink ports. Even
though VC probe frames ensure loops are detected, there is a small time window depending on the probe
frame transmission interval in which the loop detection frames from the external switch might loop
through down link ports and reach uplink ports. By intercepting the external loop detection frames on
downlinks, the possibility of triggering loop protection on the upstream switch is eliminated. When
network loop protection is enabled, VC-Enet modules intercept the following types of loop detection
frames: