VMware Cloud Community
qwert1235
Enthusiast
Enthusiast
‎02-03-2010 07:40 PM
Jump to solution

Quick Network question

Hello:

I have quick network question and wondering if someone can help me…

If I have VMs on the same port group that configured with IPs on the same subnet, does it mean that traffic between those VMs never leave ESX box (vSwitch)? If the traffic (between VMs on the same post group) never leaves the vSwitch, is there a way to block traffic between VMs? What’s best practice here?

I just want all traffic goes through my gateway even between VMs on the same port group… Is it possible?

Thanks,

qwert

0 Kudos
1 Solution

Accepted Solutions
Erik_Zandboer
Expert
Expert
‎02-03-2010 09:58 PM
Jump to solution

VMs on the same subnet on the same ESX server in the same portgroup will never hit the physical network.

You can force your VMs not to "see" each other using PVLANs, but you'd need vSphere enterprise plus (and its distributed vswitch) to get it done. But even then, since you're still on layer2, the VMs will NEVER see each other.

The only way for your setup to work, is to put each VM in a different VLAN, then route them together with a physical router.



Visit my blog at http://www.vmdamentals.com

Visit my blog at http://www.vmdamentals.com

View solution in original post

0 Kudos
3 Replies
AndreTheGiant
Immortal
Immortal
‎02-03-2010 09:19 PM
Jump to solution

Traffic between two VMs on the same portgroup does not exit on the uplink but remain on the vSwitch.

Multicast, broadcast or traffic for/from "external" MAC address will pass the uplink(s).

I just want all traffic goes through my gateway even between VMs on the same port group… Is it possible?

No idea if it can work.

But have a look at this thread:

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Erik_Zandboer
Expert
Expert
‎02-03-2010 09:58 PM
Jump to solution

VMs on the same subnet on the same ESX server in the same portgroup will never hit the physical network.

You can force your VMs not to "see" each other using PVLANs, but you'd need vSphere enterprise plus (and its distributed vswitch) to get it done. But even then, since you're still on layer2, the VMs will NEVER see each other.

The only way for your setup to work, is to put each VM in a different VLAN, then route them together with a physical router.



Visit my blog at http://www.vmdamentals.com

Visit my blog at http://www.vmdamentals.com
0 Kudos
danm66
Expert
Expert
‎02-03-2010 10:58 PM
Jump to solution

The only way I can think to

make it do what you want without vlan's is to overload the gateway and assign each vm

to it's own subnet and select a physical device to be the gateway for

all of the subnets. Thus, the gateway device would have multiple

IP's. This is possible with Cisco routers, iirc, but not sure about

other devices.

Either way it's a hack and I wouldn't want to have production relying upon it.

What is the reason for going through gateway?