I'm experiencing an issue while trying to pass double tagged through a standard vSwitch.
A physical interface on the VMWare host machine is receiving double tagged traffic - the outer tag differentiates multiple switches (mirroring remote tag) and the inner tags are from the switches' own internal traffic. The internal traffic can be both tagged and untagged depending if the mirrored port was an access port or a trunk.
A vSwitch is configured with multiple networks (each for a different outer tag from a different switch) and a guest machine should see only (single) tagged traffic.
The problem is that the guest machine isn't receiving any of the traffic that was received (on the phy) as double tagged. If the original internal traffic wasn't tagged (phy on host machine receives only 1-tag) the guest sees that traffic correctly.
I also did a test and configured a network on the vSwitch with tag 4095 where any tagged traffic should be passed (VGT). Again the guest machine receives only the single tagged traffic as received from phy, only difference is that the guest sees it as tagged. This proves the guest OS correctly sees tagged traffic and leads me to conclude the problem is in the vSwitch.
So is there a way to force the vSwitch to ignore the inner tags and pass traffic to guest regardless of the inner tag?
vSphere/vcenter/ESXi version 5.1.0 in question.
Hopefully someone can clarify this for me.
Thanks in advance.
The vSwitch does not allow multiply encapsulated packets (QinQ packets).
Unfortunately you cant do that .
If you have more question let me know
Best regards
Your Oscar
and what about a distributed vSwitch?
The dvSwitch doesn't support that either, at least the builtin VMware dvSwitch.
The Cisco Nexus 1000V dvSwitch might be able to handle it though, but I haven't really found any definite info on that.
Sounds like somebody was able to find a workaround...
https://communities.vmware.com/message/1320716
Edit: and it was documented in this book: VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment by Ed Haletky himself, but the process seems a bit arcane.
- Mike
https://twitter.com/VirtuallyMikeB
http://LinkedIn.com/in/michaelbbrown
Message was edited by: Mike Brown