Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1042
Views
0
Helpful
5
Replies

Can a Nexus 1000v be configured to NOT do local switching in an ESX host?

Go to solution
sheidelbach
Level 1
Level 1

‎10-16-2009 12:36 PM

Before the big YES, use an external Nexus switch and use VN-Tag. The question is when there is a 3120 in a blade chassis that connects to the ESX hosts that have a 1000v installed on the ESX host. So, first hop outside the ESX host is not a Nexus box.

Looking for if this is possible, if so how, and if not, where that might be documented. I have a client who's security policy prohibits switching (yes, even on the same VLAN) within a host (in this case blade server). Oh and there is an insistance to use 3120s inside the blade chassis.

Has to be the strangest request I have had in a while.

Any data would be GREATY appreciated!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lwatta
Cisco Employee
Cisco Employee
In response to sheidelbach

‎10-20-2009 09:23 AM

Right. PVLANs = Private VLANS. The VEM module will still switch, but all hosts that are members of the isolated PVLAN will not have L2 connectivity to each other on the VEM.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
mail2vc
Level 1
Level 1

‎10-16-2009 01:20 PM

Let me make the question simpler. Customer wants to use Nexus 1000V in the ESX host instead of native VM vSwitch. Is that possible to disable local switching (traffic among VMs in the same ESX host in the same VLAN) in this scenario without turning on VNTag? Thanks.

0 Helpful

Go to solution
lwatta
Cisco Employee
Cisco Employee

‎10-19-2009 09:45 AM

I don't think its possible to the tell the VEM to push all traffic upstream instead of switching locally. I will ask to be sure.

Your best bet might be to use Private VLANs.

0 Helpful

Go to solution
lwatta
Cisco Employee
Cisco Employee

‎10-20-2009 08:58 AM

I checked and there is no way to turn off the local switching feature.

The best feature available would be to use Private VLANS. This would give your customer the isolation they are looking for.

0 Helpful

Go to solution
sheidelbach
Level 1
Level 1
In response to lwatta

‎10-20-2009 09:19 AM

Thanks for the follow up.

So by private VLANs, are you referring to "PVLAN":

"PVLANs: PVLANs are a new feature available with the VMware vDS and the Cisco Nexus

1000V Series. PVLANs provide a simple mechanism for isolating virtual machines in the

same VLAN from each other. The VMware vDS implements PVLAN enforcement at the

destination host. The Cisco Nexus 1000V Series supports a highly efficient enforcement

mechanism that filters packets at the source rather than at the destination, helping ensure

that no unwanted traffic traverses the physical network and so increasing the network

bandwidth available to other virtual machines"

0 Helpful

Go to solution
lwatta
Cisco Employee
Cisco Employee
In response to sheidelbach

‎10-20-2009 09:23 AM

Right. PVLANs = Private VLANS. The VEM module will still switch, but all hosts that are members of the isolated PVLAN will not have L2 connectivity to each other on the VEM.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents