<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: internal only portGroup on vDS in vSphere™ vNetwork Discussions</title>
    <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651621#M13455</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello &lt;B&gt;sajal1&lt;/B&gt;,&lt;/P&gt;&lt;P&gt;I only have Enterprise (not plus) edition, so I cannot do it with a vDS. I´ve tried to do it with standard switch but no success. The two VMs in a vswitch/port group with no uplink dont see each other, is that a way to work arround?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Fri, 07 Jul 2017 14:55:25 GMT</pubDate>
    <dc:creator>rzilli_eng</dc:creator>
    <dc:date>2017-07-07T14:55:25Z</dc:date>
    <item>
      <title>internal only portGroup on vDS</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651616#M13450</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello, is it possible to create on vDS (vSphere 5.0, Enterprise Plus)&amp;nbsp; PortGroup for internal VMs only. We need to setup two VMs: APPS and DB. APPS VM should have access to DMZ, internal campus network and DB server. DB VM should have access to APPS VM only (no Internet, no internal campus network). Would it be better to use standard vSwitch for this purpose? Will we be able to use vMotion between hosts?&lt;/P&gt;&lt;P&gt;Thank you for all advice and recommendations.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 10 Mar 2014 16:40:18 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651616#M13450</guid>
      <dc:creator>ndmuser</dc:creator>
      <dc:date>2014-03-10T16:40:18Z</dc:date>
    </item>
    <item>
      <title>Re: internal only portGroup on vDS</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651617#M13451</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi ndmuser,&lt;/P&gt;&lt;P&gt;You can solve this by many approaches.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;1. The first approach is to use two separate VLAN's for this. Say internal campus network portgroup with VLAN 20 and external VLAN (DMZ) is 30.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; So a DB would have a single NIC with connecting to portgroup with VLAN 20 and APP VM has two NIC one connected to Internal Campus Network and another to DMZ &lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; VLAN.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; This is the easiest way.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;2. Second way is to use the internal PVLAN feature of vDS. For details check the below link&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;A href="http://pubs.vmware.com/vsphere-55/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-55-networking-guide.pdf" title="http://pubs.vmware.com/vsphere-55/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-55-networking-guide.pdf"&gt;http://pubs.vmware.com/vsphere-55/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-55-networking-guide.pdf&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Page 54&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Saying the above there is no limitation in doing the vMotion between the hosts. You need to have underlying physical NIC's of the host server in TRUNK port so that all the VLAN data would flow through the NIC and you would implement VLAN tagging at the vDS/vSS level.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Please let me know if you need more information or clarification&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 10 Mar 2014 19:02:28 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651617#M13451</guid>
      <dc:creator>sajal1</dc:creator>
      <dc:date>2014-03-10T19:02:28Z</dc:date>
    </item>
    <item>
      <title>Re: internal only portGroup on vDS</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651618#M13452</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Sajal, DB VM should not be connected to internal campus network  or public network at all. It needs to be connected to APP server via Xover cable or their own switch if we would talk about physical world. Thank you for you advice!&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 11 Mar 2014 03:15:18 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651618#M13452</guid>
      <dc:creator>ndmuser</dc:creator>
      <dc:date>2014-03-11T03:15:18Z</dc:date>
    </item>
    <item>
      <title>Re: internal only portGroup on vDS</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651619#M13453</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello ndmuser,&lt;/P&gt;&lt;P&gt;Yes I forgot that part. If you want your DB VM to be connected to APP VM only then a simple solution do exist &lt;img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /&gt; . Create two Separate vSwitch or vDS. Do not attach any physical NIC to the first switch (no uplinks). Create a portgroup on this vSwitch (say by the name secured). Attach physical NICs (uplinks) to the second vSwitch and create one or more port groups (say Internal). Now your DB VM should have only one NIC and connected to the portgroup "secured". In your APP VM&amp;nbsp; create two vNICs and attach them to "secured" and "internal". So in that way the vSwitch which does not have any uplinks will not be connected to any internal or external network.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;In fact you need to place DB and APP VM on the same host and then the traffic between DB and APP never goes out of the host. Whereas traffic from APP vm goes out to the appropriate location.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;But one shortcoming of this process is you need to vMotion both the VMs together and they always need to be in the same host (well you can create VM-VM affinity rule for that &lt;img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /&gt; ).&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 11 Mar 2014 18:44:09 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651619#M13453</guid>
      <dc:creator>sajal1</dc:creator>
      <dc:date>2014-03-11T18:44:09Z</dc:date>
    </item>
    <item>
      <title>Re: internal only portGroup on vDS</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651620#M13454</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;&lt;SPAN style="font-size: 10pt; font-family: arial,helvetica,sans-serif;"&gt;Thank you! Followed your recommendations: created vSwitches without uplinks on all ESXi hosts, created affinity rule for both VMs, &lt;/SPAN&gt;&lt;SPAN style="mso-bidi-font-family: Arial; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; line-height: 107%; color: #555555; font-size: 10pt; mso-ansi-language: EN; font-family: arial,helvetica,sans-serif; mso-fareast-font-family: 'Times New Roman';"&gt;turned off the internal vSwitch restriction on vMotion events, and so far everything works as expected. &lt;img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 13 Mar 2014 16:40:41 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651620#M13454</guid>
      <dc:creator>ndmuser</dc:creator>
      <dc:date>2014-03-13T16:40:41Z</dc:date>
    </item>
    <item>
      <title>Re: internal only portGroup on vDS</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651621#M13455</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello &lt;B&gt;sajal1&lt;/B&gt;,&lt;/P&gt;&lt;P&gt;I only have Enterprise (not plus) edition, so I cannot do it with a vDS. I´ve tried to do it with standard switch but no success. The two VMs in a vswitch/port group with no uplink dont see each other, is that a way to work arround?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 07 Jul 2017 14:55:25 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651621#M13455</guid>
      <dc:creator>rzilli_eng</dc:creator>
      <dc:date>2017-07-07T14:55:25Z</dc:date>
    </item>
    <item>
      <title>Re: internal only portGroup on vDS</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651622#M13456</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi Rodrigo, in that case you create a new VLAN for that isolated VLAN and create the PortGroup for that isolated VLAN.&lt;/P&gt;&lt;P&gt;Do not create a gateway/interface VLAN/SVI on the physical switch/router.&lt;/P&gt;&lt;P&gt;If you need multiple isolated VLAN and they need to be able to reach each other then you can either use VRF (&lt;A href="https://en.wikipedia.org/wiki/Virtual_routing_and_forwarding" title="https://en.wikipedia.org/wiki/Virtual_routing_and_forwarding"&gt;Virtual routing and forwarding&lt;/A&gt;​) or use Private VLAN (&lt;A href="https://en.wikipedia.org/wiki/Private_VLAN" title="https://en.wikipedia.org/wiki/Private_VLAN"&gt;Private VLAN&lt;/A&gt;) &lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 18 Jul 2017 00:35:13 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/internal-only-portGroup-on-vDS/m-p/2651622#M13456</guid>
      <dc:creator>bayupw</dc:creator>
      <dc:date>2017-07-18T00:35:13Z</dc:date>
    </item>
  </channel>
</rss>

