0 Replies Latest reply on Apr 5, 2020 3:17 AM by matan129

    VM Traffic Tunneling

    matan129 Lurker

      Hi all,

      I’m a developer working on a custom SDN solution in my organization.

       

      In essence, I want to be able to tunnel VM traffic transparently, favorably with some kind of IP tunneling (vxlan, etc.)

       

      Currently, in order to do so, we have a very cumbersome setup.

       

      We’ve created a dedicated DVS that has ~4096 portgroups, each one with a distinct VLAN.

       

      When a machine needs to be tunneled, we move its NIC to some empty portgroup on said DVS, support it has VLAN ID 100.

       

      Also, we have a trunk portgroup, and a separate machine dumps all the traffic from the DVS. Since the machine is alone in its portgroup, we know that all the traffic with 100 as the VLAN tag is traffic of that machine, so we can continue from there and tunnel it.

       

      We use Open vSwitch to do so - we wrap the traffic in VXLAN.

       

      As you can probably already tell, this setup is very limiting. First of all, it limits the number of machines connected to 4096 - the number of possible VLAN IDs.

      Secondly, that means that VLAN-tagged traffic cannot be tunneled from/to the VMs, which is something I want to be able to provide. It seems that the DVS doesn’t support double 802.1Q tagging.

       

      We currently use vSphere 6.7. I was wondering if there’s another, well supported, way to achieve that result, possibly with other VMWare products.

      I've heard about NSX, but I am not sure that it can do what I want.

       

      Thanks,

      Matan