hello,
i am planing to introduce private vlan in my environment.
I have 100 DMZ VMs running on 10 port groups.
I have to move them to vDS,
how many isolated and primary VLANS i should create.
should i create same number of primary VLAN as i have vswitch port group (10) and then i create isolated vlan for each primary VLAN.
any batter idea ?
In one isolated VLAN how many virtual machines i can put and is there any performance impact?
Thanks in advance.
Hey VirtualRay,
Well how many Max VM's per isolated VLAN, I would say you could put as many as you want, as its no different then putting a VLAN on a port group, the port group doesn't care how many VM's are behind it.
As far as performance goes, the number of VM's on a VLAN won't be your performance issue, it will be the bandwith on your NIC. So if you have 500VM's coming out of a PVLAN which is coming out 2 Physicl NICS on an ESXi host you will probably run into bandwidth issue. With that said I would still follow the standard Network Sizing best practices. For Example:
Say you have 30VM's on that ESXi host using 75Mbps of network traffic each, well we can then figure out:
30 * 75Mbps = 2250 Mbps or 2.25Gbps worth traffic required, so you would need 3 NIC minimum on that host to supply the throughput, however 3nics leaves a single point of failure so you would probably just got to 4 1GB NIC's. Also when caculating throughput I never count on getting 100% of a 1GB nic, typically in best cases you will get 800Mbps, so thats usally what I spec out to.
Hope this has helped.
Hey Virtual Ray,
I would imagine you could just have 1 PVLAN and put your 10 port group VLAN's as secondaries inside your PVLAN as seperate communities or Isolated secondary PVLAN's,
For Example:
PVLAN100 (promiscous)
Secondary 101 (Community) - Web Server Group1
Secondary 102 (Community) - Web Server Group2
Secondary 103 (Community) - Web Server Group3
Secondary 104 (Community) - Web Server Group4
Secondary 105 (Community) - Web Server Group5
Secondary 106 (Community) - Isolated Backend Server Goup1
Secondary 107 (Community) - Isolated Backend Server Group2
Secondary 108 (Community) - Database Server Group1
Secondary 109 (Community) - Database Server Group2
Secondary 110 (Community) - Client Group1
However you want to cut it up.
However I haven't had to do that many PVLAN's before so I'm not sure if it would be better to break it out into 2-3 PVLAN's, however I would assume breaking it out to multiple PVLAN's if its even possible would be much more of a hassle.
thanks JPM,
how many maximum VMs i can put in one isolated VLAN.
i was worried about performance, any idea how many VMs can easily placed in one VLAN.
Hey VirtualRay,
Well how many Max VM's per isolated VLAN, I would say you could put as many as you want, as its no different then putting a VLAN on a port group, the port group doesn't care how many VM's are behind it.
As far as performance goes, the number of VM's on a VLAN won't be your performance issue, it will be the bandwith on your NIC. So if you have 500VM's coming out of a PVLAN which is coming out 2 Physicl NICS on an ESXi host you will probably run into bandwidth issue. With that said I would still follow the standard Network Sizing best practices. For Example:
Say you have 30VM's on that ESXi host using 75Mbps of network traffic each, well we can then figure out:
30 * 75Mbps = 2250 Mbps or 2.25Gbps worth traffic required, so you would need 3 NIC minimum on that host to supply the throughput, however 3nics leaves a single point of failure so you would probably just got to 4 1GB NIC's. Also when caculating throughput I never count on getting 100% of a 1GB nic, typically in best cases you will get 800Mbps, so thats usally what I spec out to.
Hope this has helped.