VMware Cloud Community
slashji
Contributor
Contributor
‎04-25-2019 07:34 AM
Jump to solution

Networking at vCenter Server - creating multiple host internal network with Distributed Switch (vDS)

We have 8 vSphere hosts and vCenter Server sitting on top of them.

The main networking is working.

Hosts have 4 VMNIC´s.

Topology:

Physical Switch - VMNIC adapter - Distributed Switch (added to all hosts) - Network Port Groups for management, vmotion, vsan and intrenet access (named SWITCH).

Everything works fine. New VM´s get their first IP parameters from DHCP and they can ping eachother and access the internet.

Now we need to deploy system to create internal networking.

We created another vDS  and added hosts to it. Also created a Port Group (named: INTERNAL_SWITCH)

We created 2 VM´s - both having 2 NICs, one using SWITCH to access internet and another one using INTENAL_SWITCH to configure private/internal network.

Those 2 VM´s are on different hosts.

The problem:

Guest VM´s on different hosts cannot connect/ping/talk to each other using internal network.

We have tried using Promicious Mode and Forged Transmits.

The last conclusion is that the vSwitch doesnt act like a regular physical switch.

In my understanding - i have connected my 8 hosts to the new vDS but the vDS cannot transmit traffic between hosts. Real physical switch has to do that...

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
‎04-25-2019 07:45 AM
Jump to solution

If you want an "internal" network you still have to transport that across your physical infrastructure, which means you still need a VLAN. If VM01 is on ESXi01 and it wants to talk to VM02 on ESXi02, that traffic has to get externally switched. Creating a distributed port group isn't enough to steer that traffic appropriately as you also need a VLAN.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

View solution in original post

0 Kudos
3 Replies
daphnissov
Immortal
Immortal
‎04-25-2019 07:45 AM
Jump to solution

If you want an "internal" network you still have to transport that across your physical infrastructure, which means you still need a VLAN. If VM01 is on ESXi01 and it wants to talk to VM02 on ESXi02, that traffic has to get externally switched. Creating a distributed port group isn't enough to steer that traffic appropriately as you also need a VLAN.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
slashji
Contributor
Contributor
‎04-25-2019 08:46 AM
Jump to solution

So i created another Port Group named: Internal1 under my working dSwitch. Added VLAN ID: 3 to isolate traffic.

The problem remains...

Physical switch is managed HPE Aruba using default configuration. Untagged ports default VLAN with id 1.

0 Kudos
daphnissov
Immortal
Immortal
‎04-25-2019 08:50 AM
Jump to solution

So does VLAN 3 exist on the trunk ports assigned to the vDS uplinks? If not, then you have to have that.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos