Data Center Virtualization Certification:VCP6.5-DCV Exam Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Configuring VLAN/PVLAN settings for VMs given communication requirements

Virtual LAN (VLAN) is a standard (IEEE 802.1Q) used to segment Ethernet broadcast domains in different logical networks. A specific tag (VLAN ID) is added to the Ethernet frames to identify which VLAN belongs to a packet.

On the physical switches, network ports can be configured in two different ways:

  • VLAN untagged: All packets bounded on a specific VLAN ID (this mode is also called access or untagged mode)
  • VLAN tagged: Multiple VLANs can flow in this port (this mode is also called trunk or tagged mode)

Some switches have a native VLAN option, where all packets without any VLAN ID can be tagged on the specific VLAN ID used by the native VLAN.

VMware vSphere supports different tagging options:

  • External VLAN tagging: Physical switch ports are in untagged mode on a specific VLAN ID. No configuration is needed at the virtual switch level.
  • Virtual switch VLAN tagging: Physical switch ports are in tagged mode on more VLANs, and each port group is configured on a specific VLAN.
  • VM VLAN tagging: Physical switch ports are in tagged mode and also the VM port group is configured on more VLANs using the VLAN trunking option on vDS (on vSS by using VLAN ID 4095).

To configure the proper VLAN configuration on a dvPort, choose the VLAN menu in the settings:

Figure 2.17: VLAN settings for a dvPort

There are different available options for the VLAN type:

  • None: Do not use VLAN.
  • VLAN: In the VLAN ID field, enter a number between 1 and 4,094.
  • VLAN trunking: Enter a VLAN trunk range.
  • Private VLAN: Select a private VLAN entry. But you need to configure the PVLAN at the vDS level, as described later.

For more information, see the vSphere 6.5 Networking guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.networking.doc/GUID-CF00FE1E-4BA4-4949-949B-29CAD52F3A89.html).

With distributed virtual switches, there is also support for Private VLANs (PVLAN), usually used to solve the VLAN limitations (in scalability and security) by adding a further segmentation of the logical broadcast domain into multiple smaller broadcast subdomains.

Each PVLAN is identified by two VLAN numbers (primary and secondary), and there are three different PVLAN types:

  • Promiscuous Primary VLAN: When the primary and secondary numbers are the same. It is the same as a traditional VLAN, with a single domain broadcast there—everybody can talk with everything.
  • Community: VMs can communicate with other VMs in the same community PVLAN and with all VMs in the promiscuous PVLAN.
  • Isolated: VMs can communicate only with VMs in the promiscuous PVLAN.

PVLAN must be defined first at vDS level—in the Configure tab, expand Settings and select Private VLAN:

Figure 2.18: PVLAN settings for a vDS

For more information, see the vSphere 6.5 Networking guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.networking.doc/GUID-A9287D46-FDE0-4D64-9348-3905FEAC7FAE.html).

上一章目录下一章