Home > Blogs > VMware vSphere Blog


vSphere Distributed Switch, Traffic Filtering

When talking with customers about our vSphere Distributed Switch I often find that they don’t know about a feature in the Traffic Filtering policy engine that allows for creation of Access Control Lists or ACLs. This is in additional to being able to tag traffic and pass Quality of Service (QoS) or Differentiated services Code Point (DSCP) values up to the physical network for prioritization.

ACL’s allow you to create fine grain control of what traffic is allowed in or out of a VM, set of VM’s or an entire port group. The feature is configured at the port group level and allows for an unlimited number of rules. The rules are processed in the VMkernel, meaning no external appliance is needed which equates to no single point of failure and faster processing of rules and in some cases reduced network traffic since rule processing happens before the traffic leaves the ESXi host.

Watch the video below for a quick how-to:

I’ve also created a Traffic Filtering Walkthrough which guides you step by step in creating an ACL.

If you want to test out the VDS remember we have Hands-on Labs available, specifically for VDS check out  HOL-SDC-1302 – vSphere Distributed Switch from A to Z.

 

This entry was posted in Networking, Security, vSphere and tagged , , on by .
Mike Brown

About Mike Brown

Mike Brown is a senior technical marketing manager in the Cloud Infrastructure Technical Marketing group. Mike has worked in the IT industry for more than 17 years. His focus is on reference architectures for VMware vCloud Suite and the software-defined data center (SDDC) as well as VMware vCenter Server, vCenter Single Sign-On, VMware vSphere Web Client, and resource management technologies such as vSphere Distributed Resource Scheduler, VMware vSphere Network I/O Control, VMware vSphere Storage DRS, and VMware vSphere Storage I/O Control. Mike has multiple industry certifications, including VMware Certified Design Expert (VCDX). Follow Mike on Twitter @vMikeBrown.

One thought on “vSphere Distributed Switch, Traffic Filtering

  1. Alberto

    Hi Mike:

    I have a question for you.
    Do you know how the ACL applies to a VM?
    I mean they apply as IPTable? they apply as a filter?
    I’m trying to know a very deep level how the ACL control the incoming or outgoing to the VM
    In NSX there are a specific piece of software that run at the vmkernel, but you need to install it
    Is the same in a vdSwitch?
    Thanks

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>