Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Can a Nexus 1000v be configured to NOT do local switching in an ESX host?

Before the big YES, use an external Nexus switch and use VN-Tag. The question is when there is a 3120 in a blade chassis that connects to the ESX hosts that have a 1000v installed on the ESX host. So, first hop outside the ESX host is not a Nexus box.

Looking for if this is possible, if so how, and if not, where that might be documented. I have a client who's security policy prohibits switching (yes, even on the same VLAN) within a host (in this case blade server). Oh and there is an insistance to use 3120s inside the blade chassis.

Has to be the strangest request I have had in a while.

Any data would be GREATY appreciated!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Can a Nexus 1000v be configured to NOT do local switching in

Right. PVLANs = Private VLANS. The VEM module will still switch, but all hosts that are members of the isolated PVLAN will not have L2 connectivity to each other on the VEM.

5 REPLIES
Community Member

Re: Can a Nexus 1000v be configured to NOT do local switching in

Let me make the question simpler. Customer wants to use Nexus 1000V in the ESX host instead of native VM vSwitch. Is that possible to disable local switching (traffic among VMs in the same ESX host in the same VLAN) in this scenario without turning on VNTag? Thanks.

Cisco Employee

Re: Can a Nexus 1000v be configured to NOT do local switching in

I don't think its possible to the tell the VEM to push all traffic upstream instead of switching locally. I will ask to be sure.

Your best bet might be to use Private VLANs.

Cisco Employee

Re: Can a Nexus 1000v be configured to NOT do local switching in

I checked and there is no way to turn off the local switching feature.

The best feature available would be to use Private VLANS. This would give your customer the isolation they are looking for.

Community Member

Re: Can a Nexus 1000v be configured to NOT do local switching in

Thanks for the follow up.

So by private VLANs, are you referring to "PVLAN":

"PVLANs: PVLANs are a new feature available with the VMware vDS and the Cisco Nexus

1000V Series. PVLANs provide a simple mechanism for isolating virtual machines in the

same VLAN from each other. The VMware vDS implements PVLAN enforcement at the

destination host. The Cisco Nexus 1000V Series supports a highly efficient enforcement

mechanism that filters packets at the source rather than at the destination, helping ensure

that no unwanted traffic traverses the physical network and so increasing the network

bandwidth available to other virtual machines"

Cisco Employee

Re: Can a Nexus 1000v be configured to NOT do local switching in

Right. PVLANs = Private VLANS. The VEM module will still switch, but all hosts that are members of the isolated PVLAN will not have L2 connectivity to each other on the VEM.

611
Views
0
Helpful
5
Replies
CreatePlease to create content