VMware Networking Community
EricP_ENI
Contributor
Contributor
‎06-25-2021 03:12 PM

Isolate nested VM

Hi,

I'm not sure to be in the right location but...

I'm looking for the right product !

Use case:

Supply Citrix Xendesktop VDI Win 10 hiosted on esxi for Students making Networking Workshops.

Win10 are running nested virtualization with a type 2 hypervisor (Vmware workstation or Virtualbox) whre will run several VMs like pfsense, linux, Windows server running services like DHCP DNS Radius,VPN....).

That kind of workshop are risky for our shared infra (Rogue DHCP, L2 broadcast storm, IP confilcts...).

We've had the idea for each student a VLAN and a portgrour on esxi but we are reaching some physical limits on our HPE Synergy Infra. Max 250 VLAN in a a network set. And we will have more students soon.

I'm looking for solutions to this problems. I've seen several interesting things but even if i have some good skills in networks anf virtualization; I'm a littel bit in the "Fog" :-). 

I've seen PVLAN but i'm quit sure it's not the solution with our physical limits,

I've read articles about Network Virtualization and Sotware Defined Networking, VxLAN, NVGRE...

Today, VMs are running on Esxi standard Edition.

Do I need Esxi Enterprise plus ? NSX (if yes) which licence ?

I hope someboby could help me answering these questions?

Regards  

Eric

0 Kudos
1 Reply
DanRobinsonHP
Enthusiast
Enthusiast
‎04-21-2022 06:29 PM

If you can spare an extra uplink port on each Virtual Connect, setup a Synergy Uplink set using a Tunnel.

The tunnel counts as only 1 VLAN on the Synergy (do you have 4 frames in your LE? Because actual limit is 1000/#Frames in LE).

The only downside is you have to hand the entire tunnel as a single (well pair for redundancy) FlexNIC in the Server Profile.  So you can't split up the VLANs.

 

Common Large VLAN config I have seen.
Uplink Set Main - Carries a dozen or so VLANs for various functions. Each VLAN defined as a OneView Network.
Uplink Set Tunnel - Carries a bunch of VLANs, up to 4K limit, because Synergy sees it only as 1 outer wrapper.
Uplink Set Storage - Either iSCSI or FC, etc.

Server Profile:
1 - Mgmt 1 - Mgmt VLAN via Main Uplink set
2 - Mgmt 2 - Mgmt VLAN via Main Uplink set
3 - vMotion 1 - vMotion via Main
4 - vMotion 2 - vMotion via Main
5 - VM 1 - VM Traffic via Tunnel
6 - VM 2 - VM Traffic via Tunnel
7 - Storage 1 - Storage Traffic via Storage Uplinks (FC/iSCSI/NFS/etc)
8 - Storage 2 - Storage Traffic via Storage Uplinks

VMware:
Standard Port Group 0 - Mgmt Traffic on vmnic0+1
Standard Port Group 1 - vMotion Traffic on vmnic2+3
Distributed Port Group - VM Traffic on vmnic4+5
Standard Port Group 2 - NFS/iSCSI traffic on vmnic6+7 (FC would use vmhba, not vmnic)

I know this is late, but hope it helps.
PS: Newer VC Modules, the VC SE 100 F32, supports full 4K VLANs without Tunnel mode in case you are ever in a position to upgrade or add more Synergy.

0 Kudos