Hi there,
Is there any alternative to enabling promiscuous mode on vSwitch to make nested VMs see eachother?
Kind regards.
I'm afraid no. At least I'm not aware of any (unsupported or hidden) option to configure MAC address tables for the dvSwitch.
André
Welcome to the Community,
the nested VMs themselves should be able to communicate with each other regardless of promiscuous mode enabled or not. Promiscuous mode is required on the outer vSwitch to ensure traffic is forwarded to the inner (nested) vSwitches in the vSwitch-Cascade, i.e. basically to communicate with other systems on the network.
André
Thank you for your reply,
I've 3 Linux guests at ESXi 5.0 and I'm using KVM to virtualize nested VMs. Those nested VMs are not able to reach eachother or any other Linux guests beside their own host. Turning on promiscuous mode at vSwitch resolved the problem, however I'm not comfortable with leaving it enabled.
Any other suggestions to resolve this issue without promiscuous mode enabled at vSwitch?
Edit: current structure:
vCenter -> distributed vSwitch -> Port group -> Linux machines with KVM -> Nested VMs
I'm not familiar with KVM, but from how I understand your setup you may want to check the KVM configuration to see whether this can be configured to allow/deny direct communication between nested VM's. For nested VMs on different KVM VMs, promiscuous mode is required, because the dvSwitch does not learn the MAC addresses of the nested VMs and therefore does not forward traffic for them to the KVM by default.
André
Thanks, your answer was helpful to understand why it should be enabled.
One more idea - how about static MAC address assignment for VMs at dvSwitch? Is it possible somehow?
I'm afraid no. At least I'm not aware of any (unsupported or hidden) option to configure MAC address tables for the dvSwitch.
André
Thank you for your help and effort.