VMware vSphere

Hello,

I am trying to figure out how to get two VMs to talk to each other using a vDS. Specifically when both VMs are in different hosts.

Both hosts vsphere1 and vsphere2 are connected to the same physical switch. One of the VMs "ubuntu(firewall/router)" is on vsphere1 and the second VM "centos" is on vsphere2.

I will not be using any vlans at this moment because I need to figure this out first.

My configuration is as follows:

vCenter 5.1

vSphere 5.1

vDS name: Homenet.vDS0

Uplink Portgroup: Homenet.pg0-DVUplinks

                    vmnic5 vsphere1

                    vmnic5 vsphere2

Portgroup: Homenet.pg0

                    VM:ubuntu(vmnic0)

VM: ubuntu (two interfaces)

                    vmnic0:192.168.2.20 (physical network)

                    vmnic1:10.0.1.20 (Security.pg1)

Note: vmnic1 would be the gateway for the VM in the "Security.vDS1" vDS

vDS name: Security.vDS1

Uplink Portgroup: Security.pg1-DVUplinks

                    vmnic5 vsphere1

                    vmnic5 vsphere2

Portgroup: Security.pg1

                    VM: ubuntu (vmnic1)

                    VM:centos(vmnic0)

VM: centos (one interface)

                    vmnic0:10.0.1.30 (Security.pg1)

Each host (vsphere1 and vsphere2) has one interface conneced the vDS "Homenet.pg0-DVUplinks" and "Security.pg1-DVUplinks"

I want to be able to have the"centos" VM use the "ubuntu" VM as a router/firewall to limit what goes out via the uplinks. I dont want the "centos" vm to have connectivity to the physical network unless it goes through the "ubuntu" VM. Is there a way that I can tell the portgroup that  holds the "centos" VM to only go through the "ubuntu" VM?

The vSphere Networking guide mentions the following so I assume that it can be accomplished.

To protect your most sensitive virtual machines, deploy firewalls in virtual machines that route between

virtual networks with uplinks to physical networks and pure virtual networks with no uplinks.

So if I understand your topology you have a physical security switch and the only connections on it are are the two physical interfaces coming from the ESX hosts.

Your Centos machine will need a router to talk to anything outside of this broadcast network, so unless you provide another router you are forcing his traffic to go through ubuntu machine by setting the Centos machines default gateway to 10.0.1.20.

For your configuration this physical switch should be isolated, if it isn't isolated you would need to run VLANs.

Thanks for the response Heath.

So even thought the Ubuntu VM has a connection to the same vDS as the CentOS VM, the CentOS VM needs to go through the Cisco switch in order to communicate with the Ubuntu VM in vSphere1?

I am guessing that is what is causing the problem since the CentOS VM is able to communicate with the Ubuntu VM when they are both on the same vSphere host.

This is what it looks like.

              (router/firewall)

                 192.168.2.1

                         |

                         |

                 cisco switch

                192.168.2.6

          |                              |

          |                              |

192.168.2.250         192.168.2.249

   vSphere1                 vSphere2

          |                              |

------------------------------------------------

                       vDS

------------------------------------------------

          |                              |

      Ubuntu     

    Router/FW            CentOS(eth0)

       eth0                     10.0.1.30

   192.168.2.20        

       eth1  

     10.0.1.1

update:

So what I eneded up doing was connecting both servers together directly and removed the centos VM from the uplink which had access to the physical network. Everything is working fine now.

Thanks!

Message was edited by: carboncopy