6

Using ESXi v5.1 and vSphere, my networking is setup like so:

  • One standard Switch: vSwitch0
  • vSwitch0 has one uplink physical adapter (Internet connected)
  • vSwitch0 VM Network has 3 virtual machines (Web Accessible)

I'd like to add several "internal" VMs that are accessible only to the 3 Public facing VMs that are currently on vSwitch0. How should I do this? I know I could add a another "internal" vSwitch that is not bound to a physical uplink, then employ a "gateway" VM that is dual-homed, but it seems there should be an easier way. Can I accomplish this strictly with a networking setup? If so, how?

(Please feel free to use whatever IP scheme you need to illustrate your answer)

Thanks much!

Inator
  • 173
  • 1
  • 1
  • 6
  • Are you trying to use your ESXi system as a gateway without a separate firewall/router device? Is this a hosted ESXi instance? – ewwhite Oct 13 '13 at 15:00

3 Answers3

14

  1. ESXi 5.1 and vSphere are synonomous. They are the same thing. I prefer to call it vSphere since that's what VMware calls it.

  2. Create a new vSwitch for the internal VM's. Do not bind this vSwitch to a physical NIC.

  3. Connect the internal VM's to this internal vSwitch.

  4. Add a new vNIC to each external VM and connect it to the "internal" vSwitch.

  5. Configure the internal vNIC appropriately on each VM so that they're all on the same internal subnet (whatever RFC1918 address range you choose to use).

Now each external VM is multihomed and will have a connection to both the external and the internal network and should be able to communicate on the internet as well as to the internal VM's.

Of course, this is just one of the possible ways to do this.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
3

Associating a port-group to a vSwitch does not necessarily give it upstream network access. The upstream device has to have a corresponding interface with a like configure IP/subnet for those devices to talk to.

Create an "internal only" port group. Give each virtual machine needing access to the uplink network and the internal network a second NIC that faces internal.

How it would look:

Router: 192.168.0.1/24

ESXi Host: 192.168.0.2/24

Public Server 1:

NIC1: Assign to existing "VM Network" port group. IP 192.168.0.11/24, Default Gateway 192.168.0.1

NIC2: Assign to "Internal Only" port group 172.16.0.11/24, No Default Gateway

Public Server 2:

NIC1: Assign to existing "VM Network" port group. IP 192.168.0.12/24, Default Gateway 192.168.0.1

NIC2: Assign to "Internal Only" port group 172.16.0.12/24, No Default Gateway

Public Server 3:

NIC1: Assign to existing "VM Network" port group. IP 192.168.0.13/24, Default Gateway 192.168.0.1

NIC2: Assign to "Internal Only" port group 172.16.0.13/24, No Default Gateway

Internal Only Server 1:

NIC1: Assign to "Internal Only" port group 172.16.0.21/24, No Default Gateway

Internal Only Server 2:

NIC1: Assign to "Internal Only" port group 172.16.0.22/24, No Default Gateway

Internal Only Server 3:

NIC1: Assign to "Internal Only" port group 172.16.0.23/24, No Default Gateway

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35
-4

just add networks with specific vlan in the vswitch then add nics in said vlan pointing to specific network ... et voila!

if notice that the phisical interface is a trunk port will not ship between vlan only to specific vlan packets are tagged (segregation whithin the vswitch)

you can also in your case add phisical interface to specific networks ( for example a vlan 10 with internet access then add a nic in the vm so that it connects to an internal vlan and add another phisical in that vlan for the internal network ( you can of course expand on that )

also vcenter/vsphere ==/== Esxi

ESXi is the OS the bare metal runs vcenter/vsphere is the management applications.

spongebob
  • 1
  • 1