Vsphere Private VLAN

Private VLAN is a concept where we can cave multiple VLANS inside on VLAN. It’s a logical separation of a same VLAN.

PVLANS helps us to save no of VLAN ids and ip addresses. Because we can separate same ip subnet into separate portions using PVLANs.

Also this will help us to stop unnecessary communication between virtual machines.

To use VPLAN we need to have distribute switch/es in our VMware environment.

There are three categories in a PLAN as bellows

Primary:

Promiscuous Primary VLAN –

This is the native vlan for PVLAN and it’s the default one.

We can put all the common devices in this PVLAN(Example LDAP Servers)

Secondary:

Isolated (Secondary) –

VMS in the Isolated PVLAN can only communicate with the promiscuous PVLAn. Even those vms wont communicate with the vms which are inside the same Isolcated PVLAN.

Community (Secondary) –

VMS in the community VLAn can only communicate with the vms in the promiscuous PVLAn and all other vms in the same community PVLAns only.

Use case of PVLAN

Below diagram shows one use case of PVLAN.

pvlan

  • All these servers are in my DMZ area.
  • Vm01 and vm02 are my web server frontend and SMTP gateway. Most of the port of these two vms are open to external access.
  • Vm03 & vm04 are Application server cluster
  • Vm05 & vm06 are my LDAP and DHCP server for DMZ
  • Vm01 and 02 doesn’t need to communicate each other. Since I have placed them in to isolate area vm01 cannot communicate with vm02. But vm01 and vm02 can communicate with virtual machine sin promiscuous pvlan segment.(vms)
  • Vm03 can communicate with vm04 and all the vms in promiscuous segment.

How to configure PVLAN

To configure PVLANs, our main requirement is to have a vmware distributed switch.To use this feature we need to have a vsphere enterprise plus licenses.

Steps for configure PVLANs.

  1. Right click on your distributed switch and select edit.

clip_image002

  1. Select “Private VLAN” tab and enter the primary VLAn ID from left side pane and you can add your secondary PVLANs(Promiscuous,Isolated and Community) from right side pane.

We can have one Promiscuous secondary VLAN, one Isolated VLAN and multiple community VLANs.

clip_image003

  1. Now we can create port groups and assign private VLANs.

clip_image004

clip_image005

clip_image006

clip_image007

Now we can assign relevant network assignment to virtual machine.

clip_image008

Advertisement

One thought on “Vsphere Private VLAN”

  1. Pingback: VLAN tagging and PVLAN’s in vSphere 6 – Virtual Reality

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: