Architects have creative designs that can sometimes save a lot of hardware costs and later maintenance costs. In some cases, the use of good Pvlan can simplify network management, but also meet the needs of security isolation.
Concept
The concept of Pvlan has long been in the physical network, vsphere distributed switch implemented this concept in the hyperviosor layer.
Private Primary PVLAN5 is our traditional VLAN, it itself is Primary, under it has a lot of secondary pvlan. Each seconary Pvlan has an ID.
The types of three kinds of secondary pvlan are:
Promiscuous:
Virtual machines belonging to promiscuous E and F can communicate with any device that belongs to a primaryvlan. The promiscuous Pvlan ID and primary VLAN IDs are the same. It's all 5 in the picture above.
Community:
Can communicate with virtual machines A and B belonging to the community Pvlan, but they cannot communicate with devices other than promiscuous Pvlan
Isolated:
Communication is not possible between virtual machines C and D belonging to the isolated pvlan, but they cannot communicate with devices other than promiscuous Pvlan
Scenario One:
There are many virtual machines and physical devices in a company's DMZ, fearing that a device might be compromised by another device.
Pvlan is a very suitable solution.
The following figure is excerpted from Pvlan–a widely underutilized Feature fromvxpertise.net
See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/virtualization/