Can a Nexus 1000v be configured to NOT do local switching in an ESX host?

Answered Question
Oct 16th, 2009

Before the big YES, use an external Nexus switch and use VN-Tag. The question is when there is a 3120 in a blade chassis that connects to the ESX hosts that have a 1000v installed on the ESX host. So, first hop outside the ESX host is not a Nexus box.


Looking for if this is possible, if so how, and if not, where that might be documented. I have a client who's security policy prohibits switching (yes, even on the same VLAN) within a host (in this case blade server). Oh and there is an insistance to use 3120s inside the blade chassis.


Has to be the strangest request I have had in a while.


Any data would be GREATY appreciated!

Correct Answer by lwatta about 7 years 4 months ago

Right. PVLANs = Private VLANS. The VEM module will still switch, but all hosts that are members of the isolated PVLAN will not have L2 connectivity to each other on the VEM.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
lwatta Mon, 10/19/2009 - 09:45

I don't think its possible to the tell the VEM to push all traffic upstream instead of switching locally. I will ask to be sure.


Your best bet might be to use Private VLANs.

lwatta Tue, 10/20/2009 - 08:58

I checked and there is no way to turn off the local switching feature.


The best feature available would be to use Private VLANS. This would give your customer the isolation they are looking for.

sheidelbach Tue, 10/20/2009 - 09:19

Thanks for the follow up.


So by private VLANs, are you referring to "PVLAN":

"PVLANs: PVLANs are a new feature available with the VMware vDS and the Cisco Nexus


1000V Series. PVLANs provide a simple mechanism for isolating virtual machines in the


same VLAN from each other. The VMware vDS implements PVLAN enforcement at the


destination host. The Cisco Nexus 1000V Series supports a highly efficient enforcement


mechanism that filters packets at the source rather than at the destination, helping ensure


that no unwanted traffic traverses the physical network and so increasing the network


bandwidth available to other virtual machines"


Correct Answer
lwatta Tue, 10/20/2009 - 09:23

Right. PVLANs = Private VLANS. The VEM module will still switch, but all hosts that are members of the isolated PVLAN will not have L2 connectivity to each other on the VEM.

Actions

This Discussion