Anybody know if in a future implementation vSwitches in ESX 3.5+ will support protocol to assign cisco PVLAN (private vlan) to a port group?, this important feature permit that a group of VM's with ip address belonging to same subnet network, attached to same vSwitch, share a common gateway without in same time be able to connect togheter, for example in an ISP provider scenario.
-
-Andrew Stueve
Andrew,
this would be a very helpfull feature - even without Cisco proprietary extension. There are many LAN Switch vendors with PVLAN or Private VLAN support already built-in, e.g.
Foundry Networks
D-Link
LinkSys
HP Procuve
and many others
What I would like to see is a common basic support for Private VLANs - description:
Ports A,B, C and D are members of VLAN 500 - and all Ports are members of one PVLAN
Port A is the common (or uplink) PVLAN port - and could be a standard tagged VLAN port
Ports B, C and D are not able to communicate on Layer 2 to other members of PVLAN 500, except to Port A
Port A is able to communicate on Layer 2 to all members of VLAN 500, including the members of the PVLAN
Sample scenarios:
Hotel and Guest Rooms:
Internet-Router is attached to Port A, each guest room has it's on port (Ports B, C and D) - this allows to isolate each room from it's neigbour but they can share the same router for internet access
Firewall and DMZ (more ESX like scenario)
Firewall DMZ segment is member of VLAN 500 and reachable via Port A, servers attached to Ports B, C and D are isolated and only reachable via Firewall - communication between membes of PVLAN hosts are controlled by Firewall on Layer 3
We are really looking forward for Private VLAN support for ESX vSwitches, because it would be significant security enhancement feature without the port-based ACL approach and maintenance overhead - especially in hosting environments.
So, any good news ou there about basic Private VLAN support for ESX vSwitches?
-am-
it is very unlikely that any new functionality will be built into the vSwitch in the current version of ESX
If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
Tom Howarth
VMware Communities User Moderator
Blog: www.planetvm.net
As Tom pointed out there will probably be no new functionality in the switches in VI-3 but vSphere Cisco and VMware have been working to build the next generation of virtual switches - http://www.vmware.com/company/news/releases/cisco_vmworld08.html - incorporating Cisco Nexus 1000v switch into vSphere -
If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
How do you define "current version" in terms of ESX and vSwitch? Very unlikely = not available in a 3.x Version?
-am-
David, you pointed me to the right direction - thanks!
Paul Fazzone (Product Manager of Nexus 1000v at Cisco) states at this interview that Nexus 1000v will support Private VLAN (Isolated, Community, Promiscuous Trunks) .
But as an virtual add-in, Nexus 1000V requires VMware ESX 4.
Nevertheless, I'm sure that VMware will extend the built-in ESX vSwitch with some new features (like the distributed vSwitch feature) - and hopefully PVLAN (isolated) will be part of it .... anyone who could could confirm ...?
-am-
That type of information I am sure is covered under the NDA -
If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
That is about the sum of it yes. the next version of ESX has just gone in to RC. so the updates you wish for may or may not be coming
If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
Tom Howarth
VMware Communities User Moderator
Blog: www.planetvm.net
On the basis of infomation in the public domain regarding DVS it will not have PLAN capabiltiy. anything else is subject to the strictures of the NDA.
If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
Tom Howarth
VMware Communities User Moderator
Blog: www.planetvm.net
Okay, PVLAN are now available vor vSpere, but only for Enterprise Plus
check
vSphere ESX 4.0 Configuration Guide - PVLAN
-am-