VMware Cloud Community
ashrafkhalifah
Contributor
Contributor
‎06-04-2012 12:58 PM

Many vswitches or port groups, which better????

we have lan that contains many zones and all servers connected to the same lan but our firewall determine how each zone talks with the other zones and each zone has its IP subnet

now and after converting all our servers to virtual servers I want to know the best practice for network setup?

1-create one dedicated vswitch (LAN) and then create port group for each zone with vlan ID (internet, prod servers, terminal servers.........)   ?

2- create many vswitches (by using the same physical uplink NIC for these vswtches), each zone has its own vswitch ?

thanks

0 Kudos
4 Replies
a_p_
Leadership
Leadership
‎06-04-2012 01:24 PM

If all your VLANs are available on the same physical switches (no separated DMZ etc.) you can use a single vSwitch with the appropriately configured port groups for the virtual machine network. I's recommend you sue a separate vSwitch for Management/vMotion though and in case you have iSCSI storage, use a dedicated vSwitch for this too.

Reasons to use multiple vSwitches would be - as mentioned - separate physical switches for e.g. DMZ/Internet or if you want to separate traffic (bandwith considerations)

André

0 Kudos
ashrafkhalifah
Contributor
Contributor
‎06-05-2012 12:15 AM

already have separate vSwitches (also seperate pswitch) for Management/vMotion though and seperate vswitches (also seperate two pswitches) for iSCSI storage,

but the current status is multiple seperated DMZ on the same physical switch but as i said the fw control them so which better mutliple vswitches or one vswitch with multiple port groups?????????

0 Kudos
vGuy
Expert
Expert
‎06-05-2012 01:00 AM

ashrafkhalifah wrote:

2- create many vswitches (by using the same physical uplink NIC for these vswtches), each zone has its own vswitch ?

you cannot have one pNIC linked to more than one vSwitch. Depending on the no. VLANs and pNICs you got, using portgroups with VLAN tags will be more effiicient imho.

0 Kudos
a_p_
Leadership
Leadership
‎06-05-2012 03:29 AM

... multiple seperated DMZ on the same physical switch ...

Can you please clarify this. Does this mean you have separate access ports for DMZ and don't allow the DMZ VLAN on the other trunk/tagged ports? In this case you'd certainly need to create a separate vSwitch for the DMZ network.

If all VLANs are allowed on all trunk/tagged ports, I would probably configure a single vSwitch with the appropriate port groups.

André

0 Kudos