Friday, September 19, 2014

VMware Networking 101: vSwitches or PortGroup Security Settings – Part 4


Promiscuous mode: If you intend to use network sniffing applications or to monitor intrusion detection, this option is generally is used. This can defined at either switch level or Port group level, once the VLAN ID is set to 4095 on port group where VM is residing, VM can see all the traffic. 


To understand it better, as below picture VM01 can read all the frames which is receiving by vSwitch, on the contrary VM02 virtual network adapter will receive only intended frames.
 
MAC Address Changes: VM (with virtual network adapter) on esxi server has one virtual MAC address defined. This is stored in VM configuration file (VMX file).


This setting is accept by default. Once this setting is set to reject, and MAC address is altered inside VM network card properties (This is just a example and rare case when altering MAC address inside VM manually, in this case .vmx file or vm settings should be updated to sync the changes). Incoming IP traffic to VM get affected and dropped.
This setting affects in the Microsoft network Load balancing (NLB) environment, where VM MAC address get changed.



Forged Transmits: It is as similar as MAC Address changes, but outgoing traffic is affected and get dropped if set to reject. Again NLB (Microsoft Network Load Balancing) or other similar technology can break if this option is set to reject.



VMware Networking 101: VMware Network Load Balancing policies – Part 1
VMware Networking 101: VLAN handling in vSwitches – Part 2
VMware Networking 101: Network Failure Detection – Part 3
VMware Networking 101: vSwitches or PortGroup Security Settings – Part 4

Disclaimer:
This is a personal weblog. The opinions expressed here represent my own. If you find any correction need to be done or anything inappropriate, Feel free to comment on the post.

No comments: