VMware Cloud Community
mfirth
Enthusiast
Enthusiast

MAC learning in non Enterprise Plus with VMware 6.7

Hi,

For a lot of modern VM environments, it is likely (maybe even necessary) to have multiple MAC addresses within a VM. For example, any form of Linux containers that bridges traffic to the main instance network will usually have different MAC addresses for each container.

A while ago, VMware created and published a "fling" that would enable MAC learning on an ESXi host:

ESXi Mac Learning dvFilter

This worked by the user having to put the vSwitch into promiscuous mode, but then adding a "dvFilter" to each VM to limit which packets went to each VM.

This worked well, and could be installed on any level of ESXi server, even a free license.

Then, a few months later, a new "fling" was published that provided the same effect in a different way:

ESXi Learnswitch

However a critical difference between the two flings is that the "Learnswitch" option requires a Distributed vSwitch, while the "MAC Learning dvFilter" option would work on either a standard vSwitch or a distributed vSwitch.

Unfortunately, the licensing for the Distributed vSwitch seems to be only available with the absolute top tier license "Enterprise Plus".

VMware Knowledge Base

The "Learnswitch" page says that the fling has been released as a standard feature in ESXi 6.7, and it looks like the "MAC Learning dvFilter" has not been updated to support 6.7.

Does this mean that the only way of doing MAC learning (and thus being able to run bridged Linux containers and similar things) in ESXi 6.7 is to have an "Enterprise Plus" license?

If so, only making it possible to have more than one MAC address in a VM available to customers who are able to buy £20,000 plus editions of VMware seems a very unfair change.

Reply
0 Kudos
1 Reply
sharix
Contributor
Contributor

You already gave a great overview of workarounds of the vSwitch dfficiencies in ESXi (which is a vHub, not a vSwitch).

Unfortunately I can only confirm that the binary of the 6.5.0 dvfilter-maclearn​ vib doesn't work with ESXi 6.7

(Log: Load of <dvfilter-maclearn> failed : missing required namespace <com.vmware.vmkapi.incompat#v2_4_0_0>, although there's "vmkapi_v2_4_0_0_dvfilter_shim").

No idea why Learnswitch requires a distributed vSwitch – in my case, I don't want to utilze DVS, even where I do have the licenses.

So the lack of real switching-capability fixes for standard vSwitch in ESXi 6.7 is a severe regression, independent of the purchased license.

I had to roll back to 6.5 in many environments, where I have machines with virtual guest tagging (VGT).  Not very satisfying situation.

Hopefully VMware releases esx-dvfilter-maclearn-6.7.0.vib very soon.  Shouldn't be much more effort than a new compiler run and maybe some struct adaptions...

Reply
0 Kudos