I've had to study VMware for work projects, so I thought I'd share topics I've learned lately here. Most of the VMware blogs will be basic level, and I try to keep the discussion related to networking. That said, let's look at VMware standard vSwitch VLAN tagging methods.
** From: VMware vSphere Essentials **
The standard vSwitch is a core networking construct of the ESXi hypervisor. A vSwitch (vSwitch0) is created during the installation of the ESXi hypervisor and it is used to configure the VMkernel interface (vmk0) on it.
Policies are applied on port groups, not on individual ports. Port groups are logical constructs to group virtual ports on a vSwitch. There are two basic types of port groups:
VLANs cannot be configured directly on a standard vSwitch; they have to be set on a port group. There are three different ways by which VLANs are handled on a virtual switch:
The external physical switch to which the ESXi host's physical NICs are cabled will do the tagging/untagging of Layer 2 frames. The physical port on the external switch will need to be configured as an access port. The major drawback is that the entire vSwitch (all the port groups on it) will only handle traffic from a single Layer 2 subnet.
In external switch tagging mode, a frame from a virtual machine will flow untagged through the vSwitch. The external physical switch's access port will then assign (tag) a VLAN ID to it and send the tagged frame forward. When the frame flows back to the virtual machine, the access port will remove the tag and forward the untagged frame to the vSwitch.
The Layer 2 frames are tagged at the vSwitch. The ESXi host's physical NIC carrying the frames should be connected to a physical switch port, which is configured in trunking mode. The virtual machine and VMkernel port groups will need to be configured with the associated VLAN IDs. This is the most common and favored implementation in most environments.
In virtual switch tagging mode, when a frame from the virtual machine enters the virtual switch, it is assigned a VLAN number (configured on the port group the virtual machine is connected to). The VLAN tag will then be carried over from the active physical NIC to the trunk port on the physical switch. When a frame comes back to the virtual switch from the physical switch, it will untag the frame and then forward the frame to the virtual machine.
The guest operating system assigns VLAN tags to its outbound frames. The port group to which such a virtual machine is connected should be configured with VLANID 4095 (meaning to trunk).
In virtual guest tagging mode, the VLAN-tagged traffic will flow unmodified through the virtual switch and to the physical switch. The guest operating system is solely responsible for tagging and untagging on the frames.
** From: VMware vSphere Essentials **
The standard vSwitch is a core networking construct of the ESXi hypervisor. A vSwitch (vSwitch0) is created during the installation of the ESXi hypervisor and it is used to configure the VMkernel interface (vmk0) on it.
Policies are applied on port groups, not on individual ports. Port groups are logical constructs to group virtual ports on a vSwitch. There are two basic types of port groups:
- A virtual machine port group
- Can only be used to connect virtual machines' vNICs to it.
- There can be more than one virtual machine port group on a standard vSwitch.
- A VMkernel port group
- Can only be used to connect a VMkernel interface.
- Many virtual machines can connect to a single virtual machine port group, but each VMkernel port group requires a separate port group on a standard vSwitch.
VLANs cannot be configured directly on a standard vSwitch; they have to be set on a port group. There are three different ways by which VLANs are handled on a virtual switch:
- Physical/external switch tagging
- Virtual switch tagging
- Virtual guest tagging
External Switch Tagging
The external physical switch to which the ESXi host's physical NICs are cabled will do the tagging/untagging of Layer 2 frames. The physical port on the external switch will need to be configured as an access port. The major drawback is that the entire vSwitch (all the port groups on it) will only handle traffic from a single Layer 2 subnet.
In external switch tagging mode, a frame from a virtual machine will flow untagged through the vSwitch. The external physical switch's access port will then assign (tag) a VLAN ID to it and send the tagged frame forward. When the frame flows back to the virtual machine, the access port will remove the tag and forward the untagged frame to the vSwitch.
Virtual Switch Tagging
The Layer 2 frames are tagged at the vSwitch. The ESXi host's physical NIC carrying the frames should be connected to a physical switch port, which is configured in trunking mode. The virtual machine and VMkernel port groups will need to be configured with the associated VLAN IDs. This is the most common and favored implementation in most environments.
In virtual switch tagging mode, when a frame from the virtual machine enters the virtual switch, it is assigned a VLAN number (configured on the port group the virtual machine is connected to). The VLAN tag will then be carried over from the active physical NIC to the trunk port on the physical switch. When a frame comes back to the virtual switch from the physical switch, it will untag the frame and then forward the frame to the virtual machine.
Virtual Guest Tagging
The guest operating system assigns VLAN tags to its outbound frames. The port group to which such a virtual machine is connected should be configured with VLANID 4095 (meaning to trunk).
In virtual guest tagging mode, the VLAN-tagged traffic will flow unmodified through the virtual switch and to the physical switch. The guest operating system is solely responsible for tagging and untagging on the frames.
Comments
Post a Comment