VMware Networking Community
lamelendrez
Contributor
Contributor
‎08-14-2023 02:42 PM

Extended Switch accross multiple ESX hosts

Hello,

 

I am new to VMWare and I would like to know if a vSwitch can be extended across multiple ESXs.

My goal is to deploy a Virtual Firewall that has two interfaces and outside and inside interface.

The outside interface is connected to a virtual switch with connections to uplinks to external connectivity.

The inside interface is connected to an internal isolated protected vSwitch with no uplinks.

I have the need to extend the internal switch risiding on ESX1 for example to another ESX2 server where I can deploy other servers to be protected over the same virtual firewall.

Thanks

Labels (3)
Reply
0 Kudos
4 Replies
sguadamu1
Enthusiast
Enthusiast
‎08-14-2023 03:36 PM

Good afternoon, hope you are fine.

What you will have is a DVS, this DVS (Distributed Virtual Switch) will be used by all the hosts that you define. My question is, is the DFW going to use for north - south traffic only, or is it going to be used for east - west traffic as well? If this is the scenario, you will need to use NSX.

Best Regards.

SG

Reply
0 Kudos
lamelendrez
Contributor
Contributor
‎08-14-2023 04:10 PM

It is only for North/South traffic.

 

So the DVS will behave as one single switch accross multiple ESX servers?

Reply
0 Kudos
MJMSRI
Enthusiast
Enthusiast
‎08-15-2023 12:16 AM

Yes all hosts can be connected to a distributed switch for central management and administration. However you will require the Enterprise Plus licence for all hosts CPUs to use that distributed switch. (or if you have vSAN, the distributed switch feature is included)

Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee
‎08-15-2023 12:59 AM

And just because you have the distributed switch working on all your hosts, that doesn't have an effect on traffic flow.

In other words, if your virtual firewall is a VM and you build it on one host, connecting that VM to a port group on your distributed switch doesn't also "distribute" copies of the virtual firewall VM to all your other hosts.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos