vSwitch Configuration

adamhodgkins · ‎06-30-2009

Hi all, I currenty have ESXi 3.5 set up, and I have 2 vSwitches. One is for our LAN and he other is what our customers VM's are connected to. At the moment, each switch is assigned to it's own physical NIC.

The problem I have is that we have 2 customers networks on the same vSwitch, and what I would like to know is if I create another vSwitch and move one customer to the new one - ending up with one customer per vSwitch - can I then assign both vSwitches to the same physical NIC and if so will that separate the 2 networks beause at the moment all servers on the switch can see each other....?

Any advice / better ways of doing this would be greatly appreciated!

Many thanks!

Adam

J1mbo · ‎06-30-2009

Think of vSwitches exactly as you would physical switches.

There are much more fundamental issues here than switching in relation to your customers security (or lack of).

adamhodgkins · ‎06-30-2009

The security is what we are trying to address, and basically just need to know if it is possible to have more than one vSwitch going to one NIC?

Thanks

Adam

J1mbo · ‎06-30-2009

But whether it will or won't work, it won't help as you'd just have two switches somehow cascaded to the physical switch and one broadcast domain.

What is needed is seperate subnets all interconnected with a firewall (virtual appliance perhaps) linking the appropriate customer VPNs (presumably) to their service LAN.

HTH

adamhodgkins · ‎06-30-2009

So presumably having the 2 networks on different address ranges, and access to those networks controlled by our physical firewall isn't really sufficient then? We are still in early stages of this, and i'm just wondering how to go about having multiple networks side by side running on our ESX box. As it ony has 4 NICs surely somewhere down the line multiple networks will have to access the same NIC?

Adam

J1mbo · ‎06-30-2009

The problem is that if they're on the same broadcast domain, they could just sniff the network to see other subnet addresses via broadcast traffic, add an IP address and off they go.

Also you said "beause at the moment all servers on the switch can see each other" - which implies the firewall configuration isn't there yet.

Although I've not looked at VLANs on ESXi myself, it strikes me that that could be the way forward on this one? Certainly it supports VLANs on the uplinks.

HTH

AntonVZhbankov · ‎06-30-2009

You can separate customers traffic on one vSwitch using VLANs.

---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda

anujmodi1 · ‎06-30-2009

First of all, two vswitches can connect to single nic card. vswitch are similar to pswitch with more enhancements of number of ports and port group. With VLAN tagging you can create mulitple port group and define your own boudries to broadcast in vswitch. Configure the VLAN tagging on pswitch and map the port groups with those vlan and can separte your clients network easly.

ESX 4provids you more scalability with Distributed switch and Nexus 1000.

Anuj Modi,

If you found my answer to be useful, feel free to mark it as Helpful or Correct.

The latest blogs and articles on Virtulization:

http://communities.vmware.com/blogs/amodi

Anuj Modi, If you found my answer to be useful, feel free to mark it as Helpful or Correct. The latest blogs and articles on Virtulization: anujmodi.wordpress.com

adamhodgkins · ‎06-30-2009

I was wondering whether to look at vlan's, but was wondering if there was something simple that I had missed out! Will have to find some info / best practice guides for creating vlan's on vswitches I think!

Thanks for your help!

Adam

J1mbo · ‎06-30-2009

One of the CCNA texts should help - this one is pretty good IMO:

http://www.amazon.com/CCNA-Certified-Network-Associate-640-802/dp/0470110082

anujmodi1 · ‎06-30-2009

These two kb article will give you all the information you need to configure on pswitch and vswitch...

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1004127&sl...

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1004074&sl...

Have fun....

Anuj Modi,

If you found my answer to be useful, feel free to mark it as Helpful or Correct.

The latest blogs and articles on Virtulization:

http://communities.vmware.com/blogs/amodi

http://vsolutions.compare2shop.com

Anuj Modi, If you found my answer to be useful, feel free to mark it as Helpful or Correct. The latest blogs and articles on Virtulization: anujmodi.wordpress.com

adamhodgkins · ‎06-30-2009

Brilliant, thanks for your help everyone!

Adam

All

vSwitch Configuration