Solved: To tag or not to tag in the Hypervisor

RSEngineer · ‎03-31-2013

Typically, an ESX host is connected to a switch port that is configured as a trunk. The reason, of course, is that an ESX host has a bunch of VMs on different VLANs and therefore the hyspervisor tags the frames...and you know the rest...

In all the years I have been configuring switch ports that connect to ESX hosts, I have always configured them as trunks. Theoretically, though, the hypervisor does NOT have to tag the frames if, say, all the VMs are one only 1 VLAN. Is that correct? I am thinking then that EST tagging mode is deployed, in which the physical switch does all the tagging and the hypervisor is configured to have all VMs belong to a port group set to VLAN ID 0. Then the physical switch port can be an access port. But in reality, has anyone ever seen that? If so, how often and when was the last time?

As I said, I have never seen this.

Thanks

rickardnobel · ‎04-01-2013

RSEngineer wrote:
Rick, totally agree....one thing I am curious about, though, is how often EST mode IS/WAS actually used...

I have seen it sometimes with Management and vMotion sharing the same interface and both on VLAN 1 (native/untagged) on the physical switches, but for VM access it is not common of course.

My VMware blog: www.rickardnobel.se

View solution in original post

rickardnobel · ‎04-01-2013

RSEngineer wrote:

Theoretically, though, the hypervisor does NOT have to tag the frames if, say, all the VMs are one only 1 VLAN. Is that correct?

Yes, correct. If you leave the VLAN unset (or 0) on the vSwitch the frames will leave untagged and then "collected" into the access (untagged) VLAN configured at the switch port.

If you know that you will never use any more VLANs then this could work well, however when you in some point in time apply your second VLAN that must be bound to a vSwitch portgroup then all physical switch ports must be reconfigured. Making the switch port "trunks" / tagged ports makes this more flexible for the future.

Bandwidth wise you will lose 4 Bytes extra for each frame in overhead when doing VLAN tagging..

One other advantage in doing VLAN tagging in ESXi is that the VLAN number is clearly visible which makes troubleshooting easier. If using untagged frames from the ESXi you must do some very careful switch examination to know which VLAN is actually used. For this reason it makes sense for me to add the VLAN tag on the VMK portgroups where you connect to network storage even if it should only ever be a single VLAN there.

My VMware blog: www.rickardnobel.se

RSEngineer · ‎04-01-2013

Rick, totally agree....one thing I am curious about, though, is how often EST mode IS/WAS actually used...I have never configured a switch port as an access port for an ESX host.....do you see anyone doing this, even in 1G environments?

chriswahl · ‎04-01-2013

It was somewhat common in 1 GbE environments that used a large number of uplinks to a host. I would often see ports dedicated to vMotion or FT hooked into a physical access port.

I've never seen it for a 10 GbE deployment, as it often means sharing a multitude of different traffic types on a single uplink pair.

VCDX #104 (DCV, NV) ஃ WahlNetwork.com ஃ @ChrisWahl ஃ Author, Networking for VMware Administrators

rickardnobel · ‎04-01-2013

RSEngineer wrote:
Rick, totally agree....one thing I am curious about, though, is how often EST mode IS/WAS actually used...

I have seen it sometimes with Management and vMotion sharing the same interface and both on VLAN 1 (native/untagged) on the physical switches, but for VM access it is not common of course.

My VMware blog: www.rickardnobel.se

All

To tag or not to tag in the Hypervisor