Private VLAN in VMware - PVLANs

        PVLANs allow you to isolate traffic between VMs in the same VLAN. The main purpose of this network setup is to create additional security amongst the VMs on the same VLAN. Concept of PVLAN also resolves the VLAN ID limitations. This setup is commonly used to provide security for servers in DMZ. For eg: If we have MOSS servers and Exchange servers in DMZ, with the help of PVLAN we could prevent any communication between these servers. So any intruder who hacked on to the exchange server will not have any access to the MOSS server.

In short, PVLAN is a network setup that is used to logically divide the VLAN( Primary VLAN) into secondary VLANs.

3 Types of PVLANs

Promiscuous PVLAN

Virtual Machines in these PVLANs can communicate with any machines in the same primary VLAN.

Community PVLAN

Virtual Machines in these PVLANs can communicate with eachother and with the any virtual machines in the Promiscuous PVLAN.

Isolated PVLAN

Virtual Machines in these PVLANs can communicate only with the machines in the Promiscuous PVLAN. Please note that in an isolated PVLAN , even the communication of virtual machines in the same PVLAN is denied.

To use private VLANs between an ESXi host and the rest of the network, the physical switch connected to ESXi host must be PVLAN capable and configured with the VLAN IDs used by ESXi for PVLAN functionality. When we create a primary PVLAN, a secondary PVLAN with the same PVLAN ID will be created. This secondary PVLAN will be a promiscuous PVLAN. Once a primary PVLAN is created , we could create secondary PVLANs with the desired PVLAN ID and mark it as either Isolated or Community PVLAN. PVLANs could be created only in a distributed switch.
This is a VMware proprietary image 

Comments

Post a Comment

Popular posts from this blog

VMware and Windows Interview Questions: Part 2

Image
VMware and Windows Interview Questions: Part 1 VMware and Windows Interview Questions: Part 2 VMware and Windows Interview Questions: Part 3 VMware and Windows Interview Questions: Part 4 VMware and Windows Interview Questions: Part 5 VMware and Windows Interview Questions: Part 6 VMware and Windows Interview Questions: Part 7 VMware and Windows Interview Questions: Part 8 Follow this link for scenario based VMware interview questions. Maximum number of LUNs that can be attached to a host (ESXi 5.0) 256 Maximum number of vCPUs that can be assigned to a VM (ESXi 5.0) 32
Deep dive »

VMware and Windows Interview Questions: Part 3

What is vSAN ? It is a hypervisor-converged storage solution built by aggregating the local storage attached to the ESXi hosts managed by a vCenter.  Recommended iSCSI configuration? A separate vSwitch, and a separate network other than VMtraffic network for iSCSI traffic. Dedicated physical NICs should be connected to vSwitch configured for iSCSI traffic. What is iSCSI port binding ? Port binding is used in iSCSI when multiple VMkernel ports for iSCSI reside in the same broadcast domain and IP subnet, to allow multiple paths to an iSCSI array that broadcasts a single IP address.
Deep dive »

VMware vMotion error at 14%

Issue While performing vMotion, the operation fails at 14% with the below error : A general system error occurred: Migrtion to host <Destination ESXi IP> failed with erro Connection closed by remote host, possibly due to timeout (0xbad003f). Migrate virtual machine:A general system error occurred: Migration to host <Destination ESXi IP> failed with error Connection closed by remote host, possibly due to timeout (0xbad003f). vMotion migration [-1062729272:1406020861428172] (19-71629048648008) failed to receive...  Scenarios Scenario 1: Your management network and vmotion network are in the same subnet using the same physical NIC.
Deep dive »