1. Home
  2. Knowledgebase
  3. VMware vSphere (ESXi)
  4. vSphere vSwitch Guide

vSphere vSwitch Guide

Introduction

These guidelines ensures that a bridge loop does not occur when setting up networking / virtual networking in ESXi. Both physical and virtual appliances bridge traffic. The in-path interface is a bridged connection between the lan0 and wan0 interfaces. The lan0 and wan0 virtual interfaces needs to map to distinct virtual switches and physical interfaces. In other words the lan0 and wan0 should not connect to the same switch. Connecting lan0 and wan0 to the same physical switch requires the switch ports to be configured with two separate VLANS, namely an inside (lan0) and outside (wan0) VLAN and the switch needs to preferably run PVSTP. In general, a Wanos Bridge setup needs to be placed in-between the Router or Firewall (wan0 side) and the inside LAN network (lan0 side).

Enable Promiscuous Mode on the Port Group level. When using a single vSwitch, use two port groups with separate vlans, only enable promiscuous on the port group level. Promiscuous mode allows the interfaces to intercept traffic and is enabled through the vSwitch security properties in vSphere. Use distinct port groups for each virtual interface connected to a vSwitch. Avoid enabling promiscuous mode at vSwitch level.

createvswitch2

By default, Forged transmits are Accepted in vSwitch and this setting is inherited automatically when creating new Port Groups. Forged transmits needs to be accepted since this is required in Wanos.

virtualswitch-security

 

vSwitch Topology

An example of Wanos vSwitch Network Topology

 

Creating a new virtual network

Refer to the procedure provided in ESXi vSwitch under ESXi Installation guide.

Connecting the virtual network to the VM

Refer to the procedure provided in Configure Virtual Machine in ESXi Installation guide.




Tags
Was this article helpful to you? Yes 1 No

How can we help?