Solved: Re: pvlans

khaliqamar · ‎08-20-2014

hello,

i am planing to introduce private vlan in my environment.

I have 100 DMZ VMs running on 10 port groups.

I have to move them to vDS,

how many isolated and primary VLANS i should create.

should i create same number of primary VLAN as i have vswitch port group (10) and then i create isolated vlan for each primary VLAN.

any batter idea ?

In one isolated VLAN how many virtual machines i can put and is there any performance impact?

Thanks in advance.

JPM300 · ‎08-22-2014

Hey VirtualRay,

Well how many Max VM's per isolated VLAN, I would say you could put as many as you want, as its no different then putting a VLAN on a port group, the port group doesn't care how many VM's are behind it.

As far as performance goes, the number of VM's on a VLAN won't be your performance issue, it will be the bandwith on your NIC. So if you have 500VM's coming out of a PVLAN which is coming out 2 Physicl NICS on an ESXi host you will probably run into bandwidth issue. With that said I would still follow the standard Network Sizing best practices. For Example:
Say you have 30VM's on that ESXi host using 75Mbps of network traffic each, well we can then figure out:

30 * 75Mbps = 2250 Mbps or 2.25Gbps worth traffic required, so you would need 3 NIC minimum on that host to supply the throughput, however 3nics leaves a single point of failure so you would probably just got to 4 1GB NIC's. Also when caculating throughput I never count on getting 100% of a 1GB nic, typically in best cases you will get 800Mbps, so thats usally what I spec out to.

Hope this has helped.

View solution in original post

JPM300 · ‎08-20-2014

Hey Virtual Ray,

I would imagine you could just have 1 PVLAN and put your 10 port group VLAN's as secondaries inside your PVLAN as seperate communities or Isolated secondary PVLAN's,

For Example:

PVLAN100 (promiscous)

Secondary 101 (Community) - Web Server Group1

Secondary 102 (Community) - Web Server Group2

Secondary 103 (Community) - Web Server Group3

Secondary 104 (Community) - Web Server Group4

Secondary 105 (Community) - Web Server Group5

Secondary 106 (Community) - Isolated Backend Server Goup1

Secondary 107 (Community) - Isolated Backend Server Group2

Secondary 108 (Community) - Database Server Group1

Secondary 109 (Community) - Database Server Group2

Secondary 110 (Community) - Client Group1

However you want to cut it up.

However I haven't had to do that many PVLAN's before so I'm not sure if it would be better to break it out into 2-3 PVLAN's, however I would assume breaking it out to multiple PVLAN's if its even possible would be much more of a hassle.

khaliqamar · ‎08-22-2014

thanks JPM,

how many maximum VMs i can put in one isolated VLAN.

i was worried about performance, any idea how many VMs can easily placed in one VLAN.

JPM300 · ‎08-22-2014

Hey VirtualRay,

Well how many Max VM's per isolated VLAN, I would say you could put as many as you want, as its no different then putting a VLAN on a port group, the port group doesn't care how many VM's are behind it.

As far as performance goes, the number of VM's on a VLAN won't be your performance issue, it will be the bandwith on your NIC. So if you have 500VM's coming out of a PVLAN which is coming out 2 Physicl NICS on an ESXi host you will probably run into bandwidth issue. With that said I would still follow the standard Network Sizing best practices. For Example:
Say you have 30VM's on that ESXi host using 75Mbps of network traffic each, well we can then figure out:

30 * 75Mbps = 2250 Mbps or 2.25Gbps worth traffic required, so you would need 3 NIC minimum on that host to supply the throughput, however 3nics leaves a single point of failure so you would probably just got to 4 1GB NIC's. Also when caculating throughput I never count on getting 100% of a 1GB nic, typically in best cases you will get 800Mbps, so thats usally what I spec out to.

Hope this has helped.

All

pvlans