ESXi and vlan setup

Started by francisaugusto, July 14, 2020, 09:03:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 14, 2020, 09:03:10 PM
Hi,

I am planning to migrate from a Unifi Security Gateway to a virtualized OPNsense. My idea is to have 5 or 6 VLANs on my home network.

I have thought about two scenarios, and I wonder if one will yield better performance than the other.

- scenario 1: I create one port group on ESXi to each vlan, and connect my OPNsense VM to each of them, ie., one Nic per VLAN.

OR

- scenario 2: I put all VLAN's in one single port group and connect it to OPNsense as a trunk, and create VLAN interfaces on OPNsense.

Is one scenario better than the other? Particularly I prefer scenario 1 as it is easy for vlan administration to tag vlan traffic on the virtual switch rather than on each guest OS, but I wonder if it makes a difference performance-wise.

Best,

Francis
July 15, 2020, 07:29:04 AM #1
VMware best practice doesn't explicitly discourage trunking VLAN's to VM's: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-B57FBE96-21EA-401C-BAA6-BDE88108E4BB.html

However, it is much easier to configure port groups than OPNsense VLAN's for the number you're considering. You'll need to note the MAC addresses of the interfaces in the VM settings so that you can assign the interfaces correctly in OPNsense.

Bart...
July 15, 2020, 10:01:16 AM #2 Last Edit: July 15, 2020, 12:14:04 PM by francisaugusto
Quote from: bartjsmit on July 15, 2020, 07:29:04 AM
VMware best practice doesn't explicitly discourage trunking VLAN's to VM's: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-B57FBE96-21EA-401C-BAA6-BDE88108E4BB.html

However, it is much easier to configure port groups than OPNsense VLAN's for the number you're considering. You'll need to note the MAC addresses of the interfaces in the VM settings so that you can assign the interfaces correctly in OPNsense.

Bart...

Thanks a lot @bartjsmit!

Indeed, I thought about that, but was just wondering if having 5-6 "physical" interfaces to OPNsense would impact performance vis-a-vis having vlan's.

I agree, it's simpler to configure things as port groups on ESXi - the only disadvantage is that if I want to add a VLAN so I need to shutdown OPNSense to add a new NIC for the corresponding port group.
Print
Go Up Pages1
User actions