10-16-2009 12:36 PM
Before the big YES, use an external Nexus switch and use VN-Tag. The question is when there is a 3120 in a blade chassis that connects to the ESX hosts that have a 1000v installed on the ESX host. So, first hop outside the ESX host is not a Nexus box.
Looking for if this is possible, if so how, and if not, where that might be documented. I have a client who's security policy prohibits switching (yes, even on the same VLAN) within a host (in this case blade server). Oh and there is an insistance to use 3120s inside the blade chassis.
Has to be the strangest request I have had in a while.
Any data would be GREATY appreciated!
Solved! Go to Solution.
10-20-2009 09:23 AM
Right. PVLANs = Private VLANS. The VEM module will still switch, but all hosts that are members of the isolated PVLAN will not have L2 connectivity to each other on the VEM.
10-16-2009 01:20 PM
Let me make the question simpler. Customer wants to use Nexus 1000V in the ESX host instead of native VM vSwitch. Is that possible to disable local switching (traffic among VMs in the same ESX host in the same VLAN) in this scenario without turning on VNTag? Thanks.
10-19-2009 09:45 AM
I don't think its possible to the tell the VEM to push all traffic upstream instead of switching locally. I will ask to be sure.
Your best bet might be to use Private VLANs.
10-20-2009 08:58 AM
I checked and there is no way to turn off the local switching feature.
The best feature available would be to use Private VLANS. This would give your customer the isolation they are looking for.
10-20-2009 09:19 AM
Thanks for the follow up.
So by private VLANs, are you referring to "PVLAN":
"PVLANs: PVLANs are a new feature available with the VMware vDS and the Cisco Nexus
1000V Series. PVLANs provide a simple mechanism for isolating virtual machines in the
same VLAN from each other. The VMware vDS implements PVLAN enforcement at the
destination host. The Cisco Nexus 1000V Series supports a highly efficient enforcement
mechanism that filters packets at the source rather than at the destination, helping ensure
that no unwanted traffic traverses the physical network and so increasing the network
bandwidth available to other virtual machines"
10-20-2009 09:23 AM
Right. PVLANs = Private VLANS. The VEM module will still switch, but all hosts that are members of the isolated PVLAN will not have L2 connectivity to each other on the VEM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide