VMware Cloud Community
frodemt
Contributor
Contributor
‎04-09-2010 04:03 AM
Jump to solution

NAT network between ESX hosts with DVS

Hi.

In my test of vSphere 4 I have two ESX hosts. I want to share one IP-address between all VMs on those two ESX hosts. In that regard I have a virtual machine which acts as a NAT router. This VM has two network connection which is connected to each their own vNetwork Distributed Switch. One has a physical network card (on each ESX host) that has connection to Internet. The other one has no physical network connection.

To test if this works I created a test VM on both ESX hosts. The system work on the VM which is located on the same ESX host as the VM which acts as a NAT router is located, but not the VM on the other ESX host. The other VM have no contact with the router and does not receive any DHCP data.

Any suggestions? I know I have done something wrong because DVS is new to me, but I really want this to work.

0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎04-13-2010 09:47 AM
Jump to solution

Hello,

This ends up being a vNetwork design more than anything even with vDS. FOr example if you want to have one NAT that works for all your hosts you would then have one NAT virtual appliance such as:

External Network pSwitch <-> pNIC <-> vSwitch <-> vPG <-> NAT VM <-> vPG <-> vSwitch <-> pNIC <-> Internal Network pSwitch


Now the vSwitches in the above can be traditional vSwitches or vDS' the key is that the 'seconds' vSwitch has to be connected to the same vSwitch on all other hosts so it has an uplink from a physical switch that is also connected to all other hosts. vDS does NOT alleviate the need to cable your vNetwork to allow VM communication.

The NAT VM can move from host to host as long as there is communication to that VM on each host on each network in this case the External Network and Internal Network.



Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos
4 Replies
scottlowe
Enthusiast
Enthusiast
‎04-12-2010 04:29 AM
Jump to solution

A distributed virtual switch is distributed only in the sense that is a single logical switch distributed across multiple ESX/ESXi hosts. While the switch is logically distributed, the switching still occurs locally on each host and thereforeas far as I knowyou would need a NAT device on each host in order for this to work.

Hope this helps!

frodemt
Contributor
Contributor
‎04-12-2010 05:02 AM
Jump to solution

Thank you for your answer Scott.

So if I understand correct, DVS makes it easier to manage the infrastructure, but does nothing more than standard vSwitch when it comes to functionality (no communications between ESX hosts.)?

Are there any other things I can try to get one VM as NAT-router work across ESX hosts, or is that impossible?

0 Kudos
Texiwill
Leadership
Leadership
‎04-13-2010 09:47 AM
Jump to solution

Hello,

This ends up being a vNetwork design more than anything even with vDS. FOr example if you want to have one NAT that works for all your hosts you would then have one NAT virtual appliance such as:

External Network pSwitch <-> pNIC <-> vSwitch <-> vPG <-> NAT VM <-> vPG <-> vSwitch <-> pNIC <-> Internal Network pSwitch


Now the vSwitches in the above can be traditional vSwitches or vDS' the key is that the 'seconds' vSwitch has to be connected to the same vSwitch on all other hosts so it has an uplink from a physical switch that is also connected to all other hosts. vDS does NOT alleviate the need to cable your vNetwork to allow VM communication.

The NAT VM can move from host to host as long as there is communication to that VM on each host on each network in this case the External Network and Internal Network.



Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
frodemt
Contributor
Contributor
‎04-14-2010 11:28 AM
Jump to solution

Thank you Edward. Very informative. Now I at least know how I can do it. If I want to do it without adding a new physical switch, can I use VLAN trunking of some sort in vSphere?

0 Kudos