understanding Vmware ESX VLANs

Yes ... If a you have configured router of some sort to route the traffic between VLANs.

I would like to know if VMs on the same ESX host can communicate to each other if they are in different VLANs .

No physical impossibility with the default configuration, of vSwitches. Standard or Distributed.

This has nothing to do with ESXi, but VLANs in general are Virtual Networks, e.g. traffic on VLAN A, cannot communicate with VLAN B.

You need to have something, a device between the VLANS, this could be a router, or Inter-VLAN routing enabled on the Physical Switch - Layer 3.

"You need to have something, a device between the VLANS, this could be a router, or Inter-VLAN routing enabled on the Physical Switch - Layer 3. "

- So best practice is to put all VMs that are on the same subnet on the same ESX Host ?


- I am looking at ESX host / Configuration / Networing. The Switch has so many  VM Port Groups and each with its own VLAN ID.  I am not sure what's all that represents .

There is really no best practice here, it depends WHY your NETWORK design has decided to use VLANS, and not a flat network.

What should be best practice is the same networking should be configured across ALL HOSTS, it then does not matter where the VM is hosted.

To use a VLAN in ESXi, each Virtual Machine Portgroup needs to have a VLAN TAG - simple.

So if you have a very large Datacentre, you could have many thousands of VLANS, and Virtual Machine portgroups.

Many reasons to use VLANS, and this is not specific to ESXi. It's networking design.

You may want to use VLANS to isolate traffic, DMZ, Printer Traffic, VPN Traffic, Management Traffic etc some organisations has VLANS for different floors, buildings, workstations, servers, Locations, DR Sites etc

and remember, limit of some networks is 255 IP devices etc If you are an organisation that uses a Class A network, you need some method to device and route that network!

Let 's say we have ESX host with IP address 192.168.0.8/24 the Default gateway for ESX host is 192.168.0.254 (L3 Switch interface or a router).

Then when you create VM Port Groups with VLAN IDs in Vsphere , for instance (110,1121,1130,etc..)

how do you associate those VLAN IDs  with physical VLANs on the Switch.

Thank you

Let 's say we have ESX host with IP address 192.168.0.8/24 the Default gateway for ESX host is 192.168.0.254 (L3 Switch interface or a router).

Then when you create VM Port Groups with VLAN IDs in Vsphere , for instance (110,1121,1130,etc..)

how do you associate those VLAN IDs  with physical VLANs on the Switch.

Thank you

It has nothing to do with IP Addresses!

Configuration of the physical switches, nothing to do with VMware ESXi. It just simply adds a number to the traffic you give it, on the Virtual Machine Portgroup.

All ESXi Host does, is add the Ethernet VLAN TAG of whatever (number you give it e.g.  (110,1121,1130,etc..) to the ethernet packet, when it hits a physical switch which understands VLANS, if checks for a TAG, and then hands off the traffic down that pipe....

It might be a bit heavy going this link, but have a read...

http://www.mustbegeek.com/understanding-vlans-in-switching-world/

Andrew,

I understand how VLANs work in Physical switch. I am trying to understand how you configure in Vsphere the VMs in one Vlan to talk to other VMs in the other Vlan.

If I understand your comment , when you add VM Port Group , you should enter VLAN ID the same as the VLAN number of on the physical Switch.

For instance if I have a physical switch VLAN 110 then the Vlan ID of the VM port group should be VLAN ID 110

Correct ?

I am trying to understand how you configure in Vsphere the VMs in one Vlan to talk to other VMs in the other Vlan.

The answer is SIMPLE - YOU DON'T! or CANNOT.

VMware ESXi does not provide any functions to do this, or vCenter Server.

You would need some sort of routing function and ESXi/vCenter Server does not provide this!

If I understand your comment , when you add VM Port Group , you should enter VLAN ID the same as the VLAN number of on the physical Switch.

For instance if I have a physical switch VLAN 110 then the Vlan ID of the VM port group should be VLAN ID 110

Correct ?

That is correct.

I guess I got it... the physical switch, through the Trunk port, looks at the VLAN ID that came from Vsphere and knows to which Vlan on the physical switch it should go to.

-Regarding the IP address of the ESX Host,  is it the same IP address as the one you configure on the Management Network Port group  ?

I guess I got it... the physical switch, through the Trunk port, looks at the VLAN ID that came from Vsphere and knows to which Vlan on the physical switch it should go to.

adding one question to my above comment : if the Vlan ID  that came from ESX to physical switch has no match  on the physical switch (I mean there is no VLAN that matches that VLAN ID), then what will happened, will it be dropped ? or forwarded to other physical switches ?

Some L3 switches Trunks can be configured to allow all Vlans to pass through.
L2 Switches  will allow all Vlans to pass through by default

I guess I got it... the physical switch, through the Trunk port, looks at the VLAN ID that came from Vsphere and knows to which Vlan on the physical switch it should go to.

correct its called TAGGING, hence the expression VLAN TAG

adding one question to my above comment : if the Vlan ID  that came from ESX to physical switch has no match  on the physical switch (I mean there is no VLAN that matches that VLAN ID), then what will happened, will it be dropped ? or forwarded to other physical switches ?

NOTHING, its got nowhere to go...

Some L3 switches Trunks can be configured to allow all Vlans to pass through.
L2 Switches  will allow all Vlans to pass through by default

it may pass them all, but its traffic is not going to get anywhere, to its destination if nothing is configured for the Tag

it may pass them all, but its traffic is not going to get anywhere, to its destination if nothing is configured for the Tag

Andrew , I meant if that VLAN is located in a physical switch that is not directly to that ESX Host
for instance VLAN 110 is in ESX55 connected to physical Switch77, but the physical Switch88 that has Vlan 110 is not directly connected to ESX55

Now Physical Switch77 should have some mechanism to channel  VLAN 110 traffic to physical Switch88 that has VLAN 110

Got it...
Thank you