Port Groups is more or less a VMware specific term. A lot of beginners with virtualization get confused with port groups in context of a vSwitch.
A Port Group is a group of ports on a vSwitch. A Port Group is created in a vNetwork Standard Switch (also referred as virtual switch or vSwitch) or a vNetwork Distributed Switch (often referred as distributed switch or dvSwitch). It is a logical segmentation of a vSwitch. Every Port Group has a name also known as the Network Label.
A Port Group is:
- It is a management object for aggregation of multiple ports (on a virtual switch) under a common configuration.The configuration options possible for a port group include:
Security, Traffic Shaping, NIC Teaming
- It is an endpoint for connecting VMs. In the vSphere client, the workflow actually connects VMs to a ‘Port Group’ name. When you edit the VM settings, the ‘Port Group’ Name (Network Label) is listed as a drop down option under the ‘Network Connections’ option for a virtual network adapter, on a VM.
To isolate (restrict) network traffic between port groups, you can configure the port groups with VLAN IDs. Configuring different VLAN IDs on different port groups will restrict broadcast traffic between these port groups.
Remember virtual machines connected to port groups with same VLAN ID would be able to communicate with each other only if they are on the same physical/virtual switch.
Virtual Switch Tagging (VST):
When you assign a VLAN ID to a port group, packets are tagged as they leave a VM and are untagged as they reach the VM. This is known as VST mode (virtual switch VLAN tagging).
Virtual Guest Tagging (VGT):
When you assign a VLAN ID ‘4095’, it has a special meaning which says that:
VMs connected to this port group will see all the VLAN IDs that are configured/seen on the vSwitch that owns the said port group. This is also known as VLAN trunking on vSwitch (this is different from VLAN trunking configured on a physical switch). Now you can configure VMs connected to this port group to tag/untag packets from within the guest OS. This is known as VGT mode (virtual guest VLAN tagging). To perform virtual guest tagging and untagging of packets you will need to use guest OS specific tools.
External Switch Tagging (EST):
There is another type of VLAN tagging supported by an ESX server thats called as ‘External Switch Tagging’. This is typically transparent to ESX server and no special configuration is necessary on the ESX host. Here packets are tagged as they leave ESX host and reach the physical switch, while they are untagged are they leave the physical switch and reach the ESX host.
When to use Trunk Ports?
If you are planning to use VST or VGT on a vSwitch which is connected to a physical Switch via an uplink (physical adapter on your ESX host). Then you will need to configure the physical-switch-port to which the uplink is connected in a trunk mode.
- For detailed information on virtual switch VLAN tagging, please refer KB1004074
- Also refer to the VLAN tagging whitepaper from VMware, although this is for ESX-3.x most information is still valid for vSphere-4.x.