when creating an "internal-only" vSwitch by adding no physical adapters to it, it is internal to the host. That means that having an internal vSwitch on host1 and an internal vSwitch on host2, there is no way to get a communication between them, even if they have the same name and are in the same cluster. This is because they have no physical adapters to make a connection to each other. Am I right?
Now, is there a way to get a communication between two internal vSwitches by using distributed switches?
Why I am asking:
I have a VM that works as a network optimizer for WAN and is built like a gateway device. So it needs to sit directly in the path between the VMs being optimized and the network.
If I am not using any cluster functionality the solution is simple by creating an internal vSwitch connecting all VMs to optimize and one vNIC of the WAN-optimizer. The second vNIC of the WAN-optimizer is connected to another vSwitch which has connection to the outside world by one or more physical adapters. Done.
However, if I want to use cluster functionality like HA or DRS, the VMs or even the WAN-optimizer might move to another host with another host-internal switch. Then, some VMs are isolated and cannot communicate with the outside world at all.
Is there a possibility to solve this? Perhaps by using distributed switches with physical adapters in unused mode?
Thanks for any suggestion and help!
Dont think you distributed vswitches will help you here.
But one option you have is to create rules in HA and DRS stating that all these machines need to be on same server. Not too sure that will work for you.
Finally other option is to add vmnics to your vswitches. IE they are no longer internal only. THing is you could Vlan them so that their traffic is isoloated.
hope this helps
Thanks opbz for your answer!
Both are valid solutions for my problem and I will surely use one or the other if there is no other possiblity.
However, using "rules within HA & DRS stating that all these machines need to be on same server" will make the environment somehow steady and undynamic. And if the number of VMs within these rules will rise and the ressources will become rare, I will run into problems with this solution.
Using VLANs to separate the "internal" switches from the other ones is only possible, if I am not already using VLANs within the environment / on the internal switch. And this might be necessary.
Hence, does anyone have another idea how to solve this?
Another option is to install an addtional NIC and use a crossover cable betyween hypervisors, ie if you have only 2 hyps in your case.
This what I currently hve configure in my home lab.
Hope it helps
How many hosts? Can you replicate the setup on all the hosts? Is the WAN-optimizer a VMware appliance? Does it have vendor support? I would check to see what the vendor recommends.
Why not use your existing physical networking and just create a new vSwitch on each ESX host, with a private dedictae VLAN - and make sure that the VLAN has no Default Gateway.
This way traffic can not be routed out of the Private VLAN that you have created and you still have your private VLAN between hosts . . without any new cabling etc required.
If you have to isolate traffic and VLANs are not good enough, you could create isolate switches on each ESX host to connect your VMs to, then use some sort of routing appliance (Vyatta etc) to actually route traffic for these VLANs, or create a tunnel or similar . . but this will be messy and difficult to configure and manage
first, thx@all for you posts!
@DCjay: Your solution is quite similar to the one of using a dedicated VLAN. However, since I'm using a blade center (Cisco UCS) I cannot do physical cabling but need to go with a virtual solution
@bulletprooffool: Your solution is the same like the second one of opbz expept the thoughts about security... Like I already said, it only works if I am not already using several VLANs on the private/internal switch. I still need to verify if this might be the case.
@DSTAVERT: I cannot tell on how many host this will be deployed since this will grow over time. Currently its 2-4 hosts within a blade center. Host profiles are availble, yes. The WAN-Optimizer is a VMware-Appliance deployed as ovf-file. And yes, I am already in contact with the vendor and waiting for his best practices. However, the product is very new, so it is kind of pioneer work...
Again, if someone has another idea how to solve communication between internal switches rather than the given possibilities, I am still very interested.