VMware vSphere

 View Only

dSwitch with no uplinks for guest isolation?

  • 1.  dSwitch with no uplinks for guest isolation?

    Posted Dec 14, 2018 10:59 AM

    We have recently added a second host for our dev/test environment and set them up as a proper cluster.  Being dev, many of the guests running on these machines need to be isolated from the production network to avoid IP conflicts, etc...  We previously did this with a vSwitch on the single host that had no vmnics assigned to it, and therefore kept all the traffic internal to the host.  This also meant I was free to create/modify/destroy Port Groups and VLANs at will.

    My question is what is the best way to preserve and extend this function across two hosts?  If I create a dSwitch with no uplinks, will guests in the same dPort Group on different hosts be able to communicate?  In other words does it glue the dSwitch together using traffic tunnelled through the vmkernel adapter (or some other method?)

    I realize I could establish an isolated VLAN between the two hosts, however the complicating factor is I have no access or control of the physical switch that both hosts are connected to, and it's under a formal change control process that can take months to get approval.  I'd really prefer not to have to touch the configuration at all, and especially not each time I need to whip up a quick test environment for something.

    Any thoughts on the best way to proceed?
