Enable the VMware ESXi virtual switch to support VLAN
Currently, virtualization is widely used. Generally, a physical host can create multiple virtual machines on a physical host after installing VMware ESXi or Hyper-V Virtual Machine Software, in addition, each created virtual machine can provide external services like the original physical machine, which can undoubtedly make full use of server resources to save power and space. But when most of our friends use virtual machines, there is also a problem: the physical host performance is high enough. Generally, 64 GB memory is configured, and two intel CPU hosts with 6 cores are configured, you can create 30 ~ 60 virtual machines. However, physical hosts are generally only configured with 2 ~ Four NICs, each of which is connected to only one CIDR block. The enterprise network may be divided into multiple VLANs. In this way, how can these virtual machines flexibly use IP addresses of different network segments? To solve this problem, we need to make the "virtual switch supports VLAN". This article introduces this aspect.
1 experiment environment overview
If you want to create a virtual machine in VMware ESXi and use the IP address of another network segment, you need to create a VLAN for the virtual port in the vSphere Virtual Switch following the physical switch.
VMware Workstation and VMware ESXi are virtual machine software that can simulate multiple "virtual" computers on a physical machine. The virtual switch is similar to this. The vswitch is bound to a physical Nic, and the "virtual computer" is connected to the "virtual switch" through the "virtual machine port group" of the "virtual switch ", then, communicate with computers and virtual machines in other networks on the host through the physical network card bound to the vswitch. Each vswitch can be bound to one or more physical NICs (vswitches without physical NICs cannot communicate directly with the host network ).
The attribute of the vswitch port bound to the physical Nic determines whether the vswitch can divide VLANs. To put it simply, if the physical network adapter is connected to a common switch or an Access port of a layer-3 Switch (that is, a common VLAN-based port), then the virtual switch bound to the physical network adapter, only the VLAN specified by the Access port can be set. If the physical network adapter is connected to the Trunk port of the layer-3 switch, you can divide (or add) the vlan on the vswitch bound to the physical network adapter) virtual Machine port group. Each added port group can divide or specify a VLAN and communicate with other computers in the network through the connected layer-3 switch. The following describes a specific instance.
To implement VLAN functions in a vswitch, it must be used with a layer-3 switch in the network, as shown in Figure 1-1 of the experiment topology in this section.
Figure 1-1 vswitch Network Topology
In the topology shown in Figure 1-1, there is a layer-3 Switch and a server with two NICs. A layer-3 switch is divided into six VLANs: VLAN2001, VLAN2002, VLAN2003, VLAN2004, VLAN2005, and VLAN2006. The CIDR blocks of each VLAN are shown in Table 4-1.
Table 4-1 VLAN, address, and gateway for layer-3 switches
VLAN |
Address |
Gateway address |
VLAN2001 |
172.18.91.0/255.255.255.0 |
172.18.91.254 |
VLAN2002 |
172.18.92.0/255.255.255.0 |
172.18.92.254 |
VLAN2003 |
172.18.93.0/255.255.255.0 |
172.18.93.254 |
VLAN2004 |
172.18.94.0/255.255.255.0 |
172.18.94.254 |
VLAN2005 |
172.18.95.0/255.255.255.0 |
172.18.95.254 |
VLAN2006 |
172.18.96.0/255.255.255.0 |
172.18.96.254 |
The main configuration parameters of a layer-3 Switch are as follows:
<3526b> disp curr
#
Sysname 3526b
#
Dhcp-server 1 ip address 172.18.96.1 172.18.96.5
#
Vlan 2001
Vlan 2002
Vlan 2003
Vlan 2004
Vlan 2005
Vlan 2006
Interface Vlan-interface2001
Ip address 172.18.91.254 255.255.255.0
Dhcp-server 1
#
Interface Vlan-interface2002
Ip address 172.18.92.254 255.255.255.0
Dhcp-server 1
#
Interface Vlan-interface2003
Ip address 172.18.93.254 255.255.255.0
Dhcp-server 1
#
Interface Vlan-interface2004
Ip address 172.18.94.254 255.255.255.0
Dhcp-server 2
#
Interface Vlan-interface2005
Ip address 172.18.95.254 255.255.255.0
Dhcp-server 1
#
Interface Vlan-interface2006
Ip address 172.18.96.254 255.255.255.0
Dhcp-server 2
#
Interface Ethernet0/1
Port access vlan 2001
#
Interface Ethernet0/2
Port access vlan 2001
#
Interface Ethernet0/3
Port access vlan 2002
#
Interface Ethernet0/4
Port access vlan 2002
#
Interface Ethernet0/5
Port access vlan 2003
#
Interface Ethernet0/6
Port access vlan 2003
#
Interface Ethernet0/7
Port access vlan 2004
#
Interface Ethernet0/8
Port access vlan 2004
#
Interface Ethernet0/9
Port access vlan 2005
#
#
Interface Ethernet0/14
Port access vlan 2006
#
Interface Ethernet0/15
Port access vlan 2006
#
Interface Ethernet0/16
Port access vlan 2006
#
Interface Ethernet0/23
Port link-type trunk
Port trunk permit vlan all
Interface Ethernet0/24
Port link-type trunk
Port trunk permit vlan all
Interface GigabitEthernet1/1
#
VMware ESXi 5.1 is installed on this server. The first Nic of this server is connected to an Access port, which is divided into VLAN2006 and the management address 172.18.96.11 is set for this Nic; the other network adapter connects to the Trunk port of the vswitch (port 23 or 24 of the vswitch ).
Next, let's take a look at how to enable VLAN for a vswitch and assign it to a virtual machine.
For more details, please continue to read the highlights on the next page:
|
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
