Sorry, seemed I am answering my own question, but I just want to post my finding to help others who may encounter this strange problem in the future.
I did a test by setting a private IP 10.0.18.10 on VM1 on ESX Host 1 on vlan 10, then do the same for VM2 on ESX Host 2 on vlan 10.
Guess what? They can poing each other!
To future prove my original Netgear VLAN setting is correct, I did the following tests
test 1. Change vlan 10 to vlan 20 on ESX Host 1, now VM1 cannot ping VM2, so original VLAN tagging or 802.1q is working indeed!
test 2. Change Netgear Port 11 & Port 12 (both on ESX Host 1) to Untag, now VM1 cannot ping VM2, so original VLAN tagging or 802.1q is working indeed!
So why public IP doesn't work? I am pretty sure it's the link between core switch and my Netgear ISN'T SET TO VLAN TRUNK, so I will ask them to do so, but I suspect they won't allow me. (During google, I saw a topic regarding VLAN Trunk outweights security? and vice vrsa, I think that's the reason my data center may not allow me to do so)