Hello,

Well currently the environment is a cluster of 4 nodes, in the four ESXi there are three vswitches, one for administration, another for vmotion and another for virtual machines.

The client has a vcenter enterprise plus license, which would allow me to create the vDS and create the trunking vlan.

However, I could have those 4 nodes simultaneously connected to the Distributed vswitch with the standard vswitch that are already configured in the four esxi?

Each vSwitch - Standard and/or Distributed - needs its own uplinks (vmnics), so unless the hosts have unused network ports, you need to do a migration. As a side note, if the physical switches are the same for Management, vMotion, and VM traffic, you may consider to merge the different networks into one distributed switch.

Please don't mind me asking, but what's the reason to move from virtual switch tagging to virtual machine tagging?

André

It is for a specific vm that needs to work with those VLAN IDs.

But as I said before, we have standard switches for the different services.

I don't know if the hosts have unused ports, in this case I would have to validate it.

Regarding assigning vlan ID 4095 in a portgroup, would it be the most recommended for this situation?

Not necessarily the most recommended option (at least not in my opinion), because the VM will receive all tagged traffic from the vSwitch, which - besides the amount of traffic itself - could raise security concerns. However, in case of standard vSwitches that's the only option for VGT.

André

ok ok I understand.

In case you have uplinks available on the ESXi, you could have those hosts simultaneously connected to a standard vswitch and a distributed vswitch

Yes.
An Host can use vSS and vDS simultaneously. It helps if you have enough pNICs so that every vSwitch have atleast one Uplink 😉

We use a combination from  beginning with vSphere 4.0? since 2010 or so because for our IP based storage we would like to stay on vSS. All VMs and vMotion,FT use the vDS since then.

Regards,
Joerg

Hello,

Thanks for all your comments,

Seeing from another point of view, it could be feasible that at the physical switch level a trunk port is configured with those vlans and at the esxi level it can create the portgroups with their respective vlan id, I mean a portgroup for each vlan id

That's how this is usually done. Create port groups with the required VLAN-ID's, add additional virtual network adapters to your VM, and assign these network adapters to the port groups. Please note that the maximum number of virtual NICs per VM is 10.

André

Ok ok, at the ESXi level I would do it like this, but at the physical switch level you should configure a trunk port with those allowed vlan.

Yes, for this to work, the physical switch port(s) need to be configured as tagged (802.1Q) ports with the required VLANs allowed.

André

Good afternoon,

again here, reviewing the recommendations that they indicated to me, and analyzing the scenarios.

I have two options to offer the client:

1- In the vm, add network adapters that are connected to the portgroups with their respective VLAN ID.

2- Create a portgroup with VLAN ID 4095, and in this case at the operating system level (linux appliances) of the vm, add those VLAN IDs, in vm with Windows I have done it, but I would like to know if a linux level, is VGT possible?

I guess that this is possible with all Linux distribution, but why don't you just go with option 1 and avoid additional/unnecessary guest network configurations? The configuration for the physical network port(s) is the same in both cases.

André

I am creating a virtual firewall and will have a virtualized network interface going to my Internet ISP. I am not planning on bringing this connection to a switch. I am just going to plug it into the physical NIC on my OPNsense server. On the virtual switch/port group side would I just use 0 for the vlan?