VMware Cloud Community
deepbeat
Contributor
Contributor
‎03-14-2011 08:35 AM

Is there a way to make internal switches to communicate with each other?

Hi,

when creating an "internal-only" vSwitch by adding no physical adapters to it, it is internal to the host. That means that having an internal vSwitch on host1 and an internal vSwitch on host2, there is no way to get a communication between them, even if they have the same name and are in the same cluster. This is because they have no physical adapters to make a connection to each other. Am I right?

Now, is there a way to get a communication between two internal vSwitches by using distributed switches?

Why I am asking:

I have a VM that works as a network optimizer for WAN and is built like a gateway device. So it needs to sit directly in the path between the VMs being optimized and the network.

If I am not using any cluster functionality the solution is simple by creating an internal vSwitch connecting all VMs to optimize and one vNIC of the WAN-optimizer. The second vNIC of the WAN-optimizer is connected to another vSwitch which has connection to the outside world by one or more physical adapters. Done.

However, if I want to use cluster functionality like HA or DRS, the VMs or even the WAN-optimizer might move to another host with another host-internal switch. Then, some VMs are isolated and cannot communicate with the outside world at all.

Is there a possibility to solve this? Perhaps by using distributed switches with physical adapters in unused mode?

Thanks for any suggestion and help!

deepbeat

0 Kudos
6 Replies
opbz
Hot Shot
Hot Shot
‎03-14-2011 08:47 AM

Dont think you distributed vswitches will help you here.

But one option you have is to create rules in HA and DRS stating that all these machines need to be on same server. Not too sure that will work for you.

Finally other option is to add vmnics to your vswitches. IE they are no longer internal only. THing is you could Vlan them so that their traffic is isoloated.

hope this helps

deepbeat
Contributor
Contributor
‎03-15-2011 08:51 AM

Thanks opbz for your answer!

Both are valid solutions for my problem and I will surely use one or the other if there is no other possiblity.

However, using "rules within HA & DRS stating that all these machines need to be on same server" will make the environment somehow steady and undynamic. And if the number of VMs within these rules will rise and the ressources will become rare, I will run into problems with this solution.

Using VLANs to separate the "internal" switches from the other ones is only possible, if I am not already using VLANs within the environment / on the internal switch. And this might be necessary.

Hence, does anyone have another idea how to solve this?

Thanks!

deepbeat

0 Kudos
DCjay
Enthusiast
Enthusiast
‎03-15-2011 04:02 PM

Hello,

Another option is to install an addtional NIC and use a crossover cable betyween hypervisors, ie if you have only 2 hyps in your case.

This what I currently hve configure in my home lab.

Hope it helps

0 Kudos
DSTAVERT
Immortal
Immortal
‎03-15-2011 04:14 PM

How many hosts? Can you replicate the setup on all the hosts? Is the WAN-optimizer a VMware appliance? Does it have vendor support? I would check to see what the vendor recommends.

-- David -- VMware Communities Moderator
0 Kudos
bulletprooffool
Champion
Champion
‎03-16-2011 01:54 AM

Why not use your existing physical networking and just create a new vSwitch on each ESX host, with a private dedictae VLAN - and make sure that the VLAN has no Default Gateway.

This way traffic can not be routed out of the Private VLAN that you have created and you still have your private VLAN between hosts . . without any new cabling etc required.

If you have to isolate traffic and VLANs are not good enough, you could create isolate switches on each ESX host to connect your VMs to, then use some sort of routing appliance (Vyatta etc) to actually route traffic for these VLANs, or create a tunnel or similar . . but this will be messy and difficult to configure and manage

One day I will virtualise myself . . .
0 Kudos
deepbeat
Contributor
Contributor
‎03-16-2011 08:44 AM

Hi,

first, thx@all for you posts!

@DCjay:  Your solution is quite similar to the one of using a dedicated VLAN.  However, since I'm using a blade center (Cisco UCS) I cannot do physical  cabling but need to go with a virtual solution

@bulletprooffool: Your solution is the same like the  second one of opbz expept the thoughts about security... Like I already  said, it only works if I am not already using several VLANs on the  private/internal switch. I still need to verify if this might be the  case.

@DSTAVERT: I cannot tell on how many host this will be  deployed since this will grow over time. Currently its 2-4 hosts within  a blade center. Host profiles are availble, yes. The WAN-Optimizer is a  VMware-Appliance deployed as ovf-file. And yes, I am already in contact  with the vendor and waiting for his best practices. However, the  product is very new, so it is kind of pioneer work...

Again, if someone has another idea how to solve  communication between internal switches rather than the given  possibilities, I am still very interested.

Thanks again!

deepbeat

0 Kudos