0

My customer is looking at deploying Azure Stack HCI. The network infrastructure I am responsible for designing will be based around Aruba CX10000 switches which have embedded Pensando module that will allow stateful firewall services. In order to use this feature for microsegmentation policy enforcement we would need make sure VM to VM traffic within the hypervisor gets sent north towards the switch. The "standard" way of doing this is by deploying a Private Isolated VLAN (PVLAN) and relying on the switch to use proxy arp to inform a VM it needs to send even local VLAN traffic northbound to the switch. I have seen that PVLAN support was added in Hyper-V 2016. Does anyone know whether Azure Stack HCI allows you to create vSwitches that support PVLAN in this way. (I'm sure people will say why aren't you using Datacenter Firewall for this, which is a fair point, but because the environment will be a mixture of other hosted workloads it might be good to have a consistent approach to make use of the Aruba hosted firewall and hence a single point of policy management)

Design options only at this stage

Improve this question
2
  • "My customer is looking at deploying Azure Stack HCI" - and neither him nor you are reading any manual or marketing material or... really?
    – TomTom
    Oct 18 at 7:54
  • Thanks for the snide comment, but I haven't found anything specific in Azure Stack HCI documentation I can find. PVLAN is a not so commonly feature from talking to colleagues, so any real world experience and pointers would be appreciated. (I'm network infrastructure guy and not a server guy, hence my reaching out)
    – martyvis
    Oct 18 at 21:26

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .