Port Groups are the group of ports used on that port group. Port Groups are created on the Virtual Switch then VM’s are assigned to the Port Group. Port Groups are also used to manage the vm by categories such as Windows, Linux etc. You can create multiple port groups depending on your requirements. In vSwitch you can assign policies on vSwitch & the Port group level but in case of vDS you will have the more granular option by which you can assign policies on ports also. In this post we will look at some of the advanced Port group settings which you will get for additional security & networking.
When using the Distributed Switch you can configure the Advanced port group settings based on the per port policies which helps in better & efficient management of networking & also provides the additional security to the virtual networks.
When you create port group or if you have already created port group. Go to Edit settings > Advanced.
Here you can find some of the Advanced settings available for the Port group. Some of the settings are exclusive only to the distributed switch not available in Standard Switch.
Configure reset at disconnect:
If you Enable this per-port overrides settings will be discarded. When a distributed port is disconnected from a virtual machine, the configuration of the distributed port is reset to the distributed port group setting.
Override Port Policies:
Here you can override the Policies on the per port level if you want. You just have to choose Allowed or Disabled. Let’s see what each option will do for you.
It will help you to Block specific ports from sending & receiving the network traffic from Distributed Switch. This option is not available in the Standard Switch.
As you can easily understand by it’s name what it does but there comes a some advantage using with distributed switch. So when this is allowed in the distributed switch port group you can restrict the network bandwidth on the port group from incoming & outgoing traffic. In case you are using standard switch you can only restrict the outgoing traffic.
It will allow you to configure the VLAN Tagging on per port level in the Distributed Switch. You can configure External Switch Tagging(EST), Virtual Switch Tagging (VST), and Virtual Guest Tagging (VGT).
It will allow you to Teaming the Uplinks per port group for the Load balancing & Failover.
Provides protection of traffic against MAC address impersonation and unwanted port scanning. The networking security policy is implemented in Layer 2 of the networking protocol stack.
NetFlow is network analysis tool which help you to analyze virtual machine IP traffic that flows through distributed switch port group. NetFlow is available on a vSphere Distributed Switch version 5.0.0 and later. Version 5.1 and later of the switch supports IPFIX (NetFlow version 10). This option is not available in the Standard Switch.
Traffic Filtering & Marking:
By using the traffic filtering and marking policy, you can protect the virtual network from unwanted traffic and security attacks or apply a QoS tag to a certain type of traffic. The traffic filtering and marking policy represents an ordered set of network traffic rules for security and for QoS tagging of the data flow through the ports of a distributed switch. In general, a rule consists of a qualifier for traffic, and of an action for restricting or prioritizing the matching traffic. This option is not available in the Standard Switch.
That’s it for Today Friends. I Hope you liked reading this post & If you find anything more to be added or removed feel free to write it in our comments. If you find it useful You are Feel free to share this on social media to help others & spread knowledge.
If you have any query on any thing you are free to write it in our comments section & we will make sure to provide you the better solution as soon as possible.