VMware Cloud Community
bdf0506
Contributor
Contributor
‎05-31-2020 02:37 PM

Bridge two internal ESXi networks

I have to ESXi hosts that sit on the same management network, let's call is 192.168.10.0/0, where ESXi 1 is 192.168.10.101 and ESXi 2 is 192.168.10.102.

Each ESXi host is configured to have a private internal network that sits behind it 10.0.10.0/24, so that all the VMs can talk to each other. However, I now need to bridge the internal network on both ESXi hosts together. I want the two internal networks talking to each other, but I do NOT want either internal network to be visible by my main network. I have a pfSense VM running on each ESXi host, so I can utilize pfSense for routing capabilities, if needed.

Is it possible to do this? Perhaps I can trunk the internal networks together somehow?

Reply
0 Kudos
4 Replies
daphnissov
Immortal
Immortal
‎05-31-2020 02:58 PM

You need an external VLAN which is trunked to each host. It doesn't have to be routed, but it needs to be an external network. You then create a port group which tags for this VLAN and assign whatever IP address schema you wish. Then, assign your VMs you want to talk on to that port group and give them an appropriate IP.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
bdf0506
Contributor
Contributor
‎05-31-2020 03:06 PM

Thanks daphnissov​. So it sounds like I need to add an uplink to my virtual switch on both hosts, and select a vlan ID that is not in use in any other part of my network and things will just "work" or would there be any other steps needed?

Reply
0 Kudos
daphnissov
Immortal
Immortal
‎05-31-2020 03:08 PM

You can't just manufacture a VLAN out of thin air. It has to exist on the physical network and the ports into which those uplinks are cabled must be tagged for that VLAN ID. from there, once you create a port group and assign that VLAN ID, things should work if you did it correctly.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
bdf0506
Contributor
Contributor
‎05-31-2020 06:26 PM

Makes sense. It will be a week or two before I can get the network admin to create a vlan for me for this purpose and tag the applicable ports. Appreciate the pointers!

Reply
0 Kudos