9 Responses

  1. bali
    bali at |

    The reason for having the mac change accepted for a vss is VM level clustering I believe. It caused a lot a stress why an MSCS would not work an a VM layer. Since the cluster will be using its own IP and generated MAC the cluster will be inaccessible without letting the different MAC thru. I think VMware has decided to easy up this confusion for users… but this is just a theory .)
    As for why vDS has this setting rejected… VM level clustering is NOT supported over vDS. This kinda affirms this logic.

    1. alpacapowered
      alpacapowered at |

      MSCS clustering does not generate or use new MAC addresses for the virtual cluster IPs. The virtual IPs are just using the physical MAC of the currently active node, so this setting is entirely unrelated to MSCS (NLB clustering is a different story though).

      During failover the new active node will just generate gracious ARP broadcasts with it’s own MAC, thus notifying other systems in the layer 2 domain to update their ARP caches for the virtual IP.

      Great article by the way. I was never aware that this has an actually visible effect on the respective dvPort.

      1. alpacapowered
        alpacapowered at |

        Also, I’m very sure that VM level clustering is fully supported on distributed vSwitches too.

        I’ve never heard about it not being supported and can’t find any reference at all in the clustering docs by VMware:

  2. www.youtube.com
    www.youtube.com at |

    Hi, i read your blog occasionally and i own
    a similar one and i was just curious if you get a lot of spam comments?
    If so how do you prevent it, any plugin or anything you
    can advise? I get so much lately it’s driving me mad so any support is very much appreciated.

  3. Blog Series: ESXi 5 STIG – ESXi Server Everything Else | VM Field Tips

    […] How The VMware Forged Transmits Security Policy Works Rejecting VMware MAC Address Changes Explained […]

  4. Configuración de políticas de seguridad de vSwitch con PowerCLI |

    […] función que desempeña cada parámetro. Chris Wahl tiene un par de posts excelentes donde explica MAC Address Changes y Forged Transmits. En cuanto a Promiscuous Mode, cuando se habilita, permite a las VMs que se […]

  5. Configure advanced vSS settings – Objective 2.1 – Implement and manage virtual standard switch (vSS) networks | Ahmad Sabry ElGendi

Share your point of view!