VMware Cloud Community
SteveHurd
Contributor
Contributor
‎11-26-2008 06:28 AM
Jump to solution

Assigning multiple VLANs to a single Port Group

Hello all!

We have 2 server farm switches that host server connections. Each of our 8 ESX servers has 4 physical nics that support VM's. We have 2 nics going to each physical switch. We have a single vSwitch and 2 VM port groups set up on each ESX server. We are using and active/standby configuration in the Port Groups so we can control which physical switch the VM talks to. All 4 nics are available to the Port Group, with the connections going to switch 1 active and the switch 2 connections standby. This is reversed on the other Port Group.

We have several VLANs associated with our Data Center. Is it possible to set the VLAN tag on the 2 VM Port Groups to support the multiple vlans? Otherwise, I believe we'll have to set up a pair of these Port Groups for each VLAN we want to make accessible to the VMs on each ESX server. Is this correct? We have trunking/EtherChannel enabled on the switches which is working correctly. However, we can't get the VM Port Groups to pass traffic unless we tag them, and it appears we can only enter one VLAN in the field.

Thanks in advance for your help!

Steve Hurd, MCSE, CCNA, VCP

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
kjb007
Immortal
Immortal
‎11-26-2008 06:37 AM
Jump to solution

In order to use trunks that are coming into your ESX host, you have to have your VLANs tagged somewhere along the way. If you're not doing it at the switch level (since you're trunking), then you have to do it at either the vSwitch level, or the vm level.

At the vSwitch level, you do this by creating portgroups, and then tagging at the port group level. The tagging is now happening at the ESX/vSwitch level, and your vm's will need to use the appropriate port group for the VLAN they need to use.

Your last option is to tag at the vm level itself. In order to do this, your vSwitch will need to use VLAN tag of 4095, which allows all VLANs to pass through, and all tags to remain tagged. The vSwitch portgroup here is basically a tunnel, and will allow traffic to pass unmodified, but you will now have to tag your VLAN from the NIC in your vm. This is very inefficient if you have a large number of vm's. The more practical method will be to create the VLAN -based portgroups at the vSwitch level, and go from there.

Without tagging somewhere, communication will not occur properly, as the physical switch will assume all untagged traffic is going to the same vlan it uses for untagged frames (native vlan), and only machines on that vlan will be able to communicate with each other.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB

View solution in original post

0 Kudos
3 Replies
Jasemccarty
Immortal
Immortal
‎11-26-2008 06:35 AM
Jump to solution

So... You have 2 virtual switches identically configured, but talking to different switches.

And you manually assign a virtual switch to a VM to control which physical switch is used?

Why don't you team the 2 physical nics to one virtual switch, and let VMware do the rest?

It would seem to be much less maintenance.

Also, you can only assign 1 vlan to each port group. That's a limitation. Unless... You use Virtual Guest Tagging...

If you configure the virtual switch with a VLAN ID of 4095, then you could configure the VLAN information inside the Guest OS.

The limitation is, the Guest OS would have to have the ability to leverage a trunk port at that point.

Jase McCarty

http://www.jasemccarty.com

Co-Author of VMware ESX Essentials in the Virtual Data Center

(ISBN:1420070274) from Auerbach

Jase McCarty - @jasemccarty
kjb007
Immortal
Immortal
‎11-26-2008 06:37 AM
Jump to solution

In order to use trunks that are coming into your ESX host, you have to have your VLANs tagged somewhere along the way. If you're not doing it at the switch level (since you're trunking), then you have to do it at either the vSwitch level, or the vm level.

At the vSwitch level, you do this by creating portgroups, and then tagging at the port group level. The tagging is now happening at the ESX/vSwitch level, and your vm's will need to use the appropriate port group for the VLAN they need to use.

Your last option is to tag at the vm level itself. In order to do this, your vSwitch will need to use VLAN tag of 4095, which allows all VLANs to pass through, and all tags to remain tagged. The vSwitch portgroup here is basically a tunnel, and will allow traffic to pass unmodified, but you will now have to tag your VLAN from the NIC in your vm. This is very inefficient if you have a large number of vm's. The more practical method will be to create the VLAN -based portgroups at the vSwitch level, and go from there.

Without tagging somewhere, communication will not occur properly, as the physical switch will assume all untagged traffic is going to the same vlan it uses for untagged frames (native vlan), and only machines on that vlan will be able to communicate with each other.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
SteveHurd
Contributor
Contributor
‎11-26-2008 06:46 AM
Jump to solution

Actually, we have each ESX server configured with 1 vSwitch with all 4 physical nics assigned to it. We then have 2 Port Groups set up on the vSwitch. One uses the 2 connections to physical switch 1 as active and the other uses the 2 connections to physical switch 2 as active. We are using this configuration beacuse our backup server has a physical connection to each physical switch, and we want to make sure the VM's backup traffic does not need to cross the fiber links to the core. This config keeps backup traffic on one specific server farm switch. More administrative overhead, but it also gives us more control over things.

We definitely don't want to manage VLAN tagging within the VM. It looks like we'll need to go with the Port Group Pair per VLAN option.

Thanks for the prompt reply!

Steve Hurd, MCSE, CCNA, VCP

Floyd Memorial Hospital

0 Kudos