I am in the process of deploying a new virtual firewall and trying to work out what is the most performant method of implementing it in terms of traffic routing/switching within VMWare. I would like to understand how routing/switching works in ESXi under a couple scenarios.
Firstly, if I have two port group which has two VMs connected to it, how is trafficked routed between VMs. I assume ESXi handles this at a hypervisor/kernel level or is traffic processed on the physical nic (ie hairpin).
Second scenario is if I have a port group for servers on VLAN 10, and then have a second port group which permits all vlans (trunked) for a virtual firewall (both port groups are on the same vswitch), how does traffic route/switch if a server was to try and communicate with the firewall on vlan 10? Is esxi able to determine it does not send the packet external (ie to the NIC or the switch the server is connected to?
essentially I am trying to deploy a virtual firewall and trying to work out if I should attach multiple nics to each port group I have, or create a new one and trunk all vlans though it.
View Reddit by zh12a – View Source