Hmm, i see. Anyway of stripping off the 802.1q header before delivering it to the guest?
My problem is that i cant assign more than 10 vNics to each guest. I have about than 100 guests. The one (server) VM which needs to communicate with everyone would need 100 Nics.
That's exactly what the virtual interfaces per VLAN are doing. Besides stripping the tag would not be sufficient in your scenario, you also need to tag the reply packets appropriately.
On Windows you can use multiple virtual interfaces on a single (v)NIC with the E1000 adapter and the Intel ProSet software as described in the KB article I linked.
Still this approach is probably not what you want, as it would entail configuring 100 virtual NICs in the GuestOS, each with their own IP and you also have to take care of the routing between this system and the 100 other VMs (ideally you would use a small different subnet for each).
Yes, im using a standard vSwitch, Is the behavior different in a distributed vSwitch?
It's not really much different, but you can specify ranges and lists of which VLANs should be trunked instead of using the all VLANs approach.
However, distributed vSwitches support the private VLAN feature, which seems exactly like what you're trying to do. You configure your central whatever box in the promiscuous VLAN, and the 100 others in an isolated VLAN for micro-segmentation. This also allows you to have a single subnet for all systems while the dvSwitch applies layer 2 isolation. See:
VMware KB: Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept Overview
VMware KB: Configuration of Private VLAN (PVLAN) on vNetwork Distributed Switch
The dvSwitch also supports layer 2 filtering (firewalling) based on MAC-Addresses which you can use to isolate traffic on layer 2:
Traffic Filtering and Marking Policy
vSphere Distributed Switch, Traffic Filtering | VMware vSphere Blog - VMware Blogs
--
http://alpacapowered.wordpress.com
