0

I have an ESXi and create two vlan networks, vlan 10 and vlan 20. VM1 connect to vlan 10 and VM2 connect to vlan 20. How can the two VMs communicate?

sky
  • 179
  • 8
  • I don't use a VC to manage the ESXi host. – sky May 07 '18 at 07:29
  • Possible duplicate of [How can hosts on two different VLANs communicate?](https://networkengineering.stackexchange.com/questions/28446/how-can-hosts-on-two-different-vlans-communicate) – JFL May 07 '18 at 07:41
  • But this issue is focused on VM inside of ESXi – sky May 07 '18 at 08:40
  • The point is: to have 2 VLAN to communicate, you need a router between them. – JFL May 07 '18 at 09:00
  • @JFL And using two interfaces of the router to connect vlan 10 and vlan 20? – sky May 07 '18 at 09:36
  • Unfortunately, questions about host/server/VM configurations are off-topic here. You could try to ask this question on [sf for a business network, or on [su] for a personal network. – Ron Maupin May 07 '18 at 13:23
  • Access switch port is connected with base server trunk link allowing required Vlans . If both vm and in different Esxi host and network admin will ensure both base server are reachable . – Sagar Uragonda Dec 06 '20 at 10:12

1 Answers1

0

On a vSwitch you don't have VLANs - you have port groups.

Port groups can be associated with (external) VLAN IDs. Only vNICs on port groups associated with the same VID talk to each other. If you need vNICs on different port groups to communicate you need a router in between - this router can be virtual between the port groups, or physical between the VLANs.

Zac67
  • 81,287
  • 3
  • 67
  • 131
  • Yes. I created two portgroups based on the vswitch and associate with vlan 10 and vlan 20. Vm1 is connected to vlan 10 portgroup and vm2 for vlan 20 portgroup. Then i deployed a virtual router(vyatta) and assigned two vnics to connect vlan 10 and vlan 20 portgroup. So it worked, two VMs can communicate. I wanted to know in this case, the traffic between VMs crossed ESXi host or the traffic just happened within the esxi? – sky May 07 '18 at 11:50
  • Yes, if both port groups are located in the same host no unicast traffic leaves the host. As far as I know, not even ARP broadcasts, but I haven't verified this. If you do not assign physical NICs to the port groups, no traffic at all can leave the host. Alternatively, don't assign the VLAN IDs on the physical switch and all egress traffic is dropped for sure. – Zac67 May 07 '18 at 12:17
  • Thanks bro! But i learned from an article about SDN and it tells without SDN traffic between VMs in different vlan will leave host and forward the traffic to a core router and then arrived to VMs. Like vm1 - ESXi- core router- vm2. I want to confirm and verify that. But in my case it seems the traffic doesn't leave host! Do you have some ideas? Btw in my case it is a virtual (Nested) ESXi host and deployed vm1 vm2 virtual router in this esxi. – sky May 07 '18 at 12:43
  • Leave which host, the physical or the virtual one? The vSwitch requires a physical NIC to let the port groups communicate with the outside world. With a nested host, the inner one gets a vNIC as 'physical NIC' that is in turn connected to a port group on the outer host. – Zac67 May 07 '18 at 16:54
  • Ok. Let me ask more directly. Let's forget the virtual nested ESXi setup. But just i have a physical ESXi host in my office and there is a physical nic connect to the company network. In this physical host i created two portgroups and associate with different vlan(using default vswitch). I deployed two VMs connect to those portgroups. Vm1 is vlan 10 and vm2 is vlan 20. Then deployed a virtual software router and assigned two vnics to connect vlan10 and vlan20 portgroup. And the result is VMs can communicate. In this case, the traffic still happened within the physical host? – sky May 07 '18 at 23:00
  • Yes - see the 2nd comment above, this is the exact scenario. – Zac67 May 08 '18 at 06:24