5 Replies Latest reply on Aug 2, 2012 6:21 AM by a.p.

    communication between port group and vmkernel in the same vlan requires promiscuous mode

    realdreams Novice

      The networking on the hostC is set up like this. vmnic 0 is trunked to the switch

       

       

      vmware_promiscuous mode_port_group_vmkernel.png

      ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

       

       

      I have a nested ESXi VM named ESXi-Test1 on hostC.

      vmware_promiscuous mode_port_group_vmkernel_guest.png

       

      ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

       

      Guest VM ESXi_Test1's vMotion uses vmnic5, which is in VM Network vMotion port group with VLAN 3. The host's vMotion vmkernel also uses VLAN 3. But the problem is with promiscuous mode disabled, I can ping vMotion VMkernel for hostC but not vMotion VMkernel for guest ESXi(ESXi_Test1). And they cannot ping each other and of course vMotion fails.

       

      Once I have promiscuous mode enabled, they can ping each other and vMotion works.

       

      This is true for all port groups I am using. On the same vSwitch, a port group and a vmkernel with the same VLAN ID cannot communicate with each other with promiscuous mode disabled. IMO this communication does not violate VLAN policies(in the same VLAN). Did I set something up incorrectly or VMWare implemented vSwitch this way for some specific purpose? How can I allow communication between a port group and a vmkernel with the same VLAN ID if I don't want promiscuous mode enabled? It can cause both security and performance issues IMO.