XenClient Enterprise 4.5 Engine Network Addressing Modes
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 2 Table of Contents Internal and External NetworksPage 3 Internal Network Page 4 External Network Page 5 Network Addressing Modes Page 6 Network Addressing Mode Comparison Page 7 Virtual Machine Network Connections Page 8 Why Use NAT Mode? Page 9 Virtual Machine Network Configuration: Bridged Mode Page 10 Virtual Machine Network Configuration: NAT Mode Page 11 Network Addressing Mode in Engine Control Panel Page 12 Network Addressing Mode in Engine Policy Page 13 Internal Network Range of IP Addresses Page 14
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 3 Internal and External Networks External Network /22 All XCE VMs have two virtual network adapters. Xen Net Device: Connects to external network. Internal Network Device: Connects to internal network. Win7 VMWinXP VM Internal Network /28
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 4 Internal Network The internal network only exists within the Engine. Can be used to access: The Dock file share. The Engine iSCSI target (for the optical drive). Cannot be used to access: Other Virtual Machines (VMs) running on the same computer. Purposely disabled to promote isolation between VMs. Engine Win7 VM Dock File Share Engine iSCSI Target Internal Network /28
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 5 External Network This is the network the computer is connected to. Could be a wired, wireless, or broadband connection. Used by VMs to access external network resources. The word “external” means “outside the Engine”. It could be an intranet or other private network. Win7 VM Engine Local Network Resources Internet External Network /22
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 6 Network Addressing Modes Engine Virtual Switch Bridged Mode: Virtual Switch Virtual Machine (VM) connects to external network through a virtual switch. VM gets an IP address from DHCP services in the external network. Two modes for connecting VMs to the external network. NAT Mode: Virtual Router VM connects to the internal network. Internal network connects to the external network through a virtual router. VM gets an IP address from DHCP services in the internal network. External Network /22 Engine Virtual Router External Network /22 Internal Network /28 VM DHCP VM
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 7 Network Addressing Mode Comparison Bridged ModeNAT Mode Engine acts as a…Virtual switch.Virtual router. Engine gets IP address from…External network DHCP services.External network DCHP services. VMs get IP addresses from…External network DHCP services.Internal network DHCP services. Supported network connection types Wired only.Wired, Wireless LAN, and Wireless broadband. How many IP addresses are required from DHCP services on the external network? One for the Engine, plus one for each VM. One for the Engine only. Can a computer on the external network connect to a VM? Yes. VMs act as if they are connected directly to the external network. No. VMs are hidden behind the NAT layer and not routable from the external network.
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 8 NAT Mode Request To External Network External Network /22 Internal Network /28 VM Request src= dest= Engine Request src= dest= Request src= dest= The VM generates a request packet for delivery to the computer in the external network. The virtual network interface in the VM delivers the request packet to the internal network. The Engine NAT layer intercepts the packet and sets the source IP address to the Engine. Engine delivers the modified packet to the external network where its routed to the destination computer. The external network host receives the request. It appears as if it came from the Engine, not the VM.
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 9 NAT Mode Response From External Network External Network /22 Internal Network /28 VM Response src= dest= Engine Response src= dest= Response src= dest= The external network host generates a response packet. It is sent to the Engine, not the VM. The response packet is received by the external network and routed to the Engine. Engine receives the response packet and sets the destination IP address to the VM. Engine submits the modified response packet to the internal network. The virtual network adapter in the VM receives the response from the internal network.
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 10 Virtual Machine Connections To and From External Network Engine VNC Service Engine VM Remote Desktop Service External Network Computer But connections from computers in the external network to the VM only work in bridged mode. Connections from the external network computer to the Engine itself work in NAT and bridged mode. Connections from the VM to computers in the external network work in NAT and bridged mode. NAT and Bridged Bridged Only VNC Client VNC Remote Desktop Client RDP Remote Desktop Service Remote Desktop Client RDP
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 11 Why Use NAT Mode? NAT mode is the only supported network addressing mode for wireless LAN and wireless broadband network connections. NAT mode only requires one IP address from DHCP services in the external network. Bridged mode requires one IP address for the Engine and one for each VM. NAT mode provides a layer of network protection for the VMs since they can not be addressed from the external network.
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 12 Virtual Machine Network Configuration: Bridged Mode External Network Device IP address and other configuration comes from DHCP services in the external network. Uses network gateway and DNS services in the external network. Other computers in the external network should be able to connect to this IP address via ping, RDP, etc. External Network /22 Internal Network /28 Internal Network Device IP address and other configuration comes from DHCP services hosted by the Engine on the internal network. No network gateway or DNS servers. Can only be used to access resources on the internal network by IP address. Other computers in the external network will not be able to connect to this IP address.
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 13 Virtual Machine Network Configuration: NAT Mode External Network Device IP address and other configuration comes from DHCP services hosted by the Engine on the internal network. The Engine also acts as a DNS server and network gateway. Network requests are routed to the external network. Other computers in the external network cannot connect to this interface. Internal Network /28 Internal Network Device Same configuration as for bridged mode. IP address in the same range as external network device. Both come from the internal network. But there is no network gateway or DNS server set so it can not be used to access the external network. Internal Network /28
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 14 Network Addressing Mode in Engine Control Panel The network addressing mode can be viewed or changed in the Engine control panel. 1.Start the Engine networking control panel applet. 2.Select the Wired network connection. 3.Click the “Connection Details” link to view the current addressing mode. 4.Click the “Change Address Mode” link to change the addressing mode. 5.Bridged mode is only supported for wired network connections.
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 15 Network Addressing Mode in Engine Policy The default addressing mode for wired network connections is NAT. The default can be set to bridged mode in Engine policy. This only applies to wired network connections. Locate the Engine policy in Synchronizer console. Select the network section. Set the address mode to “bridged”. The setting control should be set to one of the “yes” values.
XenClient Enterprise 4.5 Engine Network Addressing Modes Copyright © 2013 Citrix Page 16 Internal Network Range of IP Addresses The range of IP addresses for the internal network is configurable in Engine policy. Default range in CIDR notation: /28 Should be changed if this range conflicts with external network IP addresses. This can only be done in Synchronizer policy, not in the Engine control panel. Locate the Engine policy in Synchronizer console. Select the network section. The setting control should be set to one of the “yes” values. Set the base address and netmask length for the internal network.