cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1139
Views
0
Helpful
2
Replies
pricec
Beginner

Nexus 1000V Port profiles best practice question

Hi,

I am new to this so I just wanted to say thanks to all the sharers out there helping others, I can't wait to join in!

I am looking for some help with port-profiles on the 1000V.  I would like to know if it is best practice to put 2 servers (same VLAN) that need direct access to each other (no ACLs, no VACLS, etc) on the same port profile to allow them to communicate directly with each other, or if you would put them on seperate port profiles, just leave them in the same VLAN?

port-profile type vethernet DEV1-machine
  vmware port-group
  switchport mode access
  switchport access vlan 111
  no shutdown
  state enabled


port-profile type vethernet DEV2-machine
  vmware port-group
  switchport mode access
  switchport access vlan 111
  no shutdown
  state enabled

Or should both servers share one port profile:

port-profile type vethernet DEV-VLAN
  vmware port-group
  switchport mode access
  switchport access vlan 111
  no shutdown
  state enabled

I would assume that if they are using the same PP traffic would stay right in the V environment, and not have to travel to the physical layer 2 switch, where as if they are on 2 seperate PPs they would have to be switches as you would with 2 physical ports in the same VLAN?

If anyone know of a doc that would help explain their use better, that would be great too.

I have already read the DMZ virtuallization doc and the 10 GIG E on VMware deployment doc.

thanks!!!!!!

1 ACCEPTED SOLUTION

Accepted Solutions
cutran
Cisco Employee

Hello there.  The port-profile is basically a construct (container) to provide network attributes for particular virtual machine(s).  In this case, your 2 DEV VMs want to be on the same VLAN.  So you will want to just create 1 port-profile that is an access port on VLAN 111 (which you have given in your example).  Regardless of the use of the port-profiles, if 2 virtual machines are on the same physical server and is on the same VLAN, then the traffic will not leave the physical server since it will be locally switched in the hypervisor layer.  Hope this helps.

View solution in original post

2 REPLIES 2
cutran
Cisco Employee

Hello there.  The port-profile is basically a construct (container) to provide network attributes for particular virtual machine(s).  In this case, your 2 DEV VMs want to be on the same VLAN.  So you will want to just create 1 port-profile that is an access port on VLAN 111 (which you have given in your example).  Regardless of the use of the port-profiles, if 2 virtual machines are on the same physical server and is on the same VLAN, then the traffic will not leave the physical server since it will be locally switched in the hypervisor layer.  Hope this helps.

View solution in original post

Thanks, this is exactly what I thought, this was very helpful!