VMware vSphere

Without getting into a debate about why, does anyone know if it is possible to force traffice between 2 vm's on the same VLAN on the same vSwitch to communicate via an external switch?

put them in different subnets, and force them to go through a gateway router to talk to each other.

Switches are switches, they move frames on a layer two level. You can't force traffic to take a route with a layer 2 switch.

So introduce layer 3 IP routing and they will go onto an external switch on their way to the gateway.

if you want to do this you would need to do the following:

1. Create 2 virtual switches in vcenter assign one virtual switch to one nic on the host and the other virtual switch to the second nic on the host.

2. Create a virtual network on vswitch1 with the vlan

3. create a virtual network on vswitch2 with the same vlan

4. assign one vm to the virtual network you created in step 2 and the other vm to the network you created in step 3

5. make sure both physical nics are connected to the same external switch.

Interesting.  You can't use 2 separate port groups using the same VLAN number, they will stay inside the vSwitch.  You could try one port group using say, vlan 100 and then create another portgroup using vlan 0 and set the pSwitch port native vlan to 100.  In this config, the vlan 100 portgroup will tag the packets with v100 and the vlan0 portgroup won't tag, the pSwitch will put those untagged packets in vlan 100.  Since untagged packets won't talk to tagged packets on the vSwitch, you have to go to the pSwitch to get to vlan 100.

That might not jive with the pSwitch configs you may have (would not work for us, we use native vlan for COS).

You could also try using Virtual Guest Tagging on the vSwitch and tag the packets with a network driver in the VM (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003806)

Ben

BenConrad - sorry but they won't stay inside the same vswitch, as long as you specify different pgroup names, the vlans can be the same and that 1 vm use pgroup1 and the other pgroup2. pgroup1 going through vswitch1 and pgroup2 going through vswitch2.

Hi,

I'm not sure your comments are pertinent to the original question.  Orig question is:

'Without getting into a debate about why, does anyone know if it is  possible to force traffice between 2 vm's on the same VLAN on the same  vSwitch to communicate via an external switch?'

A singular vSwitch is the topic of conversation, you have made suggestions relating to multiple vSwitches, not a singular one.  BTW, if the requirements were to use 2+ vSwitches your original statement is correct with the caveat that the vSwitches should be using redundant uplink.  However, that won't scale past a 1:1 ratio on the vSwitches, eventually you will have multiple VMs on the same vSwitch-portgroup and the traffic will not leave the vSwitch for VMs that live on that vSwitch.

I think VGT is the way to go here.

Ben

Ben sorry I think you've misunderstood, my explanation as to the two vswitches was a resolution to his problem. Hence he can't achieve he's outcome using a single vswitch.

Hi,

The Nexus vSwitch supports ERSPAN, which you can use to tunnel Layer 2 frames to any remote port you want, if that's the goal.