Theory – Can it be done? Virtual switching hub presented to multiple physical NICs

This post was originally published on this site

Hello team,

 

In the past I’ve had ESXi running a sole NGFW appliance, with all available NICs passed through to the NGFW appliance – works a treat. Representation is below.
Physical | Virtual Switch | Port Group | vNIC on NGFW VM
NIC0 –> ETH0 – ETH0 – ETH0 WAN
NIC1 –> ETH1 – ETH1 – ETH1 LAN  (Note also sharing management to esxi host)
NIC2 –> ETH2 – ETH2 – ETH2 LAN

NIC3 –> ETH3 – ETH3 – ETH3 LAN

 

With the example above was done recently with a Fortigate VM, utilising a fortigate feature called Software switch. For those who don’t know its essentially a way at the firmware level within the VM to allow multiple interfaces to work together as a switch (Eth1, Eth2 and Eth3 in the software Switch which operates as LAN).

 

What I’m trying to figure out and having difficulty finding a definitive answer to whether its even possible is this –  I’d like to be able to bypass the software switch in the VM level and have ESXi do that function instead, so the VM is instead presented with 2 vNICS instead of 4.
Physical | Virtual Switch | Port Group | vNIC on NGFW VM
NIC0 –> ETH0 – ETH0 – ETH0 WAN
The second one would be the following
NIC1, NIC2, NIC3 –> LAN – LAN – ETH1 LAN

 

This would mean that NIC1, NIC2 and NIC3 are in the same broadcast domain (LAN), and would operate as a standard switch.

 

 

Documentation regarding Virtual switch capabilities lead me to believe this may be possible (I don’t believe teaming NICs will accomplish this).

I’m not concerned about performance implications that may arise, I’m more interested to know if its possible and if so how.

I’m using ESXi 6.7u3

 

Thank you
Josh

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.