본문 바로가기
조회 수 3450 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print

About port group and virtual switch

http://networkvirtualization.blogspot.sg/2008/05/port-groups-in-vmware-esx.html


ESX servers have a whole virtual network within them: guest machines connect to virtual switches and uplinks from these switches to the outside. Although, one term that is not used outside of ESX are "port groups." After reading a bit about them and looking at the various tools the the ESX console provides, I think the best way for a network engineer to understand port groups is to see them as network hubs connected to a single vswitch port. This actually makes sense for multiple reasons:

  • All members of a port group share common attributes like a VLAN tag
  • All members of a port group can see all of the packets sent by other members of this port group
  • A port group is always connected to a single vswitch
Actually, it even makes sense to think of the VLAN tag as being applied to the vswitch port that is connected to the uplink of the virtual hub. Therefore, a vswitch with a portgroup "PG1" that has two members "VG1" and "VG2" would be built using a pswitch and a 3-port hub. The uplink of the hub is connected to a pswitch port. Applying a VLAN tag on that port group then corresponds to configuring the VLAN on the pswitch port.

Port groups in ESX are identified by their name, which must be unique within an ESX server. Having the same port group names in different ESX servers, however, makes a lot of sense, especially when moving guests around between them. More on this later.




How promiscuous mode works at the virtual switch and portgroup levels

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1002934


Details

Promiscuous mode is a security policy which can be defined at the virtual switch or portgroup level in vSphere ESX/ESXi. A virtual machine, Service Console or VMkernel network interface in a portgroup which allows use of promiscuous mode can see all network traffic traversing the virtual switch.

By default, a guest operating system's virtual network adapter only receives frames that are meant for it. Placing the guest's network adapter in promiscuous mode causes it to receive all frames passed on the virtual switch that are allowed under the VLAN policy for the associated portgroup. This can be useful for intrusion detection monitoring or if a sniffer needs to to analyze all traffic on the network segment.

For more information on configuring a virtual switch or portgroup to allow promiscuous mode, see Configuring promiscuous mode on a virtual switch or portgroup (1004099).

Solution

When promiscuous mode is enabled at the portgroup level, objects defined within that portgroup have the option of receiving all incoming traffic on the vSwitch. Interfaces and virtual machines within the portgroup will be able to see all traffic passing on the vSwitch, but all other portgroups within the same virtual switch do not.

When promiscuous mode is enabled at the virtual switch level, all portgroups within the vSwitch will default to allowing promiscuous mode. However, promiscuous mode can be explicitly disabled at one or more portgroups within the vSwitch, which override the vSwitch-defined default.

If software within a virtual machine is attempting to put the guest network adapter in promiscuous mode, contrary to the defined vSwitch or portgroup security policy, it may be necessary to investigate if the virtual machine is running undesired software. For more information, see Identifying virtual machines attempting to use promiscuous network mode on ESX/ESXi (1023341).


Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
37 Repeated characters when typing in remote console (ESX) Hojung 2014.11.21 1785
36 Accessing the Virtual Bios in vmware products Hojung 2014.11.15 1845
35 SSH access to ESXi/ESX hosts with public/private key Hojung 2014.11.12 1741
34 Auto Start/Shutdown Virtual Machines (VMs) in ESXi file Hojung 2014.11.10 1711
33 Install Sophos UTM Virtual Appliance on ESXi file Hojung 2014.11.07 5445
32 Fix ethernet interface when cloning linux VM or adding additional NIC in VMWare (ESX) file Hojung 2014.11.07 1481
31 Setting up VMware ESXi 5.5 on the Gigabyte Brix Hojung 2014.11.06 2684
30 Adding a USB controller and a USB device on ESX Hojung 2013.11.08 2644
29 Running VMs from NFS Datastores (Partition Alignment) Hojung 2013.04.11 3100
28 Installing VMware Tools in a Linux virtual machine using a Compiler Hojung 2013.01.09 3866
27 Quickest Way to Patch an ESX/ESXi Using the Command-line Hojung 2013.01.07 3090
» romiscuous mode is enabled at the portgroup and the virtual switch level Hojung 2012.11.22 3450
25 Enable SNMP on ESXi 4.1 Hojung 2012.09.26 2460
24 Adjusting ESX host Time Zone (ESXi는 UTC time이며 변경불가) Hojung 2012.02.03 6629
23 ESXi 5 Download Hojung 2011.10.25 5980
22 VMWare: Windows 7 Ethernet is Missing Hojung 2011.09.14 5970
21 VM Network Adapters (NIC) Hojung 2011.06.25 9563
20 How to install VMware Tool in CentOS file Hojung 2011.06.20 8419
19 How to clone a VM manually without using the converter Hojung 2011.06.15 8641
18 Install ESXi 4.1 on Asus P5B-VM Hojung 2011.04.21 12118
Board Pagination ‹ Prev 1 2 Next ›
/ 2

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5