VMware Cloud Community
kamsz
Contributor
Contributor
Jump to solution

Promiscuous mode

Hi there,

Is there any alternative to enabling promiscuous mode on vSwitch to make nested VMs see eachother?

Kind regards.

Reply
0 Kudos
1 Solution

Accepted Solutions
a_p_
Leadership
Leadership
Jump to solution

I'm afraid no. At least I'm not aware of any (unsupported or hidden) option to configure MAC address tables for the dvSwitch.

André

View solution in original post

Reply
0 Kudos
6 Replies
a_p_
Leadership
Leadership
Jump to solution

Welcome to the Community,

the nested VMs themselves should be able to communicate with each other regardless of promiscuous mode enabled or not. Promiscuous mode is required on the outer vSwitch to ensure traffic is forwarded to the inner (nested) vSwitches in the vSwitch-Cascade, i.e. basically to communicate with other systems on the network.

André

Reply
0 Kudos
kamsz
Contributor
Contributor
Jump to solution

Thank you for your reply,

I've 3 Linux guests at ESXi 5.0 and I'm using KVM to virtualize nested VMs. Those nested VMs are not able to reach eachother or any other Linux guests beside their own host. Turning on promiscuous mode at vSwitch resolved the problem, however I'm not comfortable with leaving it enabled.

Any other suggestions to resolve this issue without promiscuous mode enabled at vSwitch?

Edit: current structure:

vCenter -> distributed vSwitch -> Port group -> Linux machines with KVM -> Nested VMs

Reply
0 Kudos
a_p_
Leadership
Leadership
Jump to solution

I'm not familiar with KVM, but from how I understand your setup you may want to check the KVM configuration to see whether this can be configured to allow/deny direct communication between nested VM's. For nested VMs on different KVM VMs, promiscuous mode is required, because the dvSwitch does not learn the MAC addresses of the nested VMs and therefore does not forward traffic for them to the KVM by default.

André

kamsz
Contributor
Contributor
Jump to solution

Thanks, your answer was helpful to understand why it should be enabled.

One more idea - how about static MAC address assignment for VMs at dvSwitch? Is it possible somehow?

Reply
0 Kudos
a_p_
Leadership
Leadership
Jump to solution

I'm afraid no. At least I'm not aware of any (unsupported or hidden) option to configure MAC address tables for the dvSwitch.

André

Reply
0 Kudos
kamsz
Contributor
Contributor
Jump to solution

Thank you for your help and effort.

Reply
0 Kudos