Christopher, wow that is kind of you to say. Glad it helped! Thanks for watching.

Nulatium, glad you liked this! I like doing these deeper dives into networking as it is a core concept that is often missed

Glad you enjoyed it!

Thanks Jason

@@VirtualizationHowto YES ! :P

Steven, glad it was helpful!

Mateusz, thanks for the comment and glad it was helpful!

Last!!

Brandon, thanks for the comment and questions! Lots of topics in the questions you posed. Distributed switches place the management of your virtual networking at the vCenter level which makes things a lot easier if you are managing multiple ESXi hosts with the same port groups, etc. So in other words, you don't have to manually create standard port groups on each ESXi host, you can instead simply add the host to the distributed switch and it automatically inherits all the port group settings, etc. However, this is a mixed bag of features vs. disaster recovery. Distributed switches can become a nightmare if you lose vCenter as it houses the configuration for the switches. The switches won't be automatically wiped out, however, you will have a situation with orphaned and ghosted distribusted switches. I still use Distributed switches heavily, however, I usually keep a single standard switch configured with an uplink just for disaster scenarios. Also, it isn't an absolute requirement that vCenter is housed on the same ESXi hosts that it manages. You can house vCenter anywhere as long as it has network connectivity to the hosts it manages. It is common to see vCenter housed on the same ESXi hosts it managed though. The way this works is you have a cluster of ESXi hosts. You vMotion the vcenter SErver to a different host if you are upgrading a host in the cluster. You keep working your way through the hosts until they are all updated. There are also automated processes to take care of this whole process if you want it to be fully automatic. Upgrading vCenter Server itself, is also not bad either as you deploy the new vCenter Appliance and use direct ESXi host connections during the upgrade process instead of connecting to vCenter itself. I hope this helps with most of your questions. let me know! Thanks again.

@etienneb4403 thank you for the comment! Yes VLANs have many benefits, including using only a single uplink, but also network segmentation for different traffic types. Let me know if you have more detailed questions, please hop over to the VHT forums here and we can discuss further: www.virtualizationhowto.com/community

@ziqif3407, shoot me a message over on the forums here and let's talk shop: www.virtualizationhowto.com/community. Thank you again.

@codingwithjerry-fn4cv Thank you for the comment! Sign up on the forums and I can give more personalized help here: www.virtualizationhowto.com/community

Mike, this might be a good topic for a video for sure. There are cheaper switch models out there that support VLANs, but I am not sure what your budget is. Cisco is certainly the favorite for those that like the Cisco CLI as it is the industry standard. However, you don't have to go with Cisco, their CLI is just the most popular. ONe thing you run into with cheap switches is they are often what they refer to as unmanaged and not capable of more advanced features. Look for a managed switch with CLI access. The Cisco small business switches are actually not terribly expensive, depending on what port count you need. Unfortunately, the supply chain issues have driven the prices of even those switches much higher.

@@VirtualizationHowto - I am fortunate at this time to have a budget of whatever I can convince myself I should buy if it can help me get better in my career, within reason of course! One idea I had was to get a managed switch with a smaller number of ports and daisy-chain the unmanaged switches I have for different VLANs, maybe?

@@mikeschinkel I might recommend looking at used, corporate take-outs. They provide a way to play with enterprise gear without paying "new" cost. They also generally provide more capacity and reliability than consumer gear. Check with your IT aquaintances.

@@scotta.3866 - Thanks. BTW, since I commented as month ago I have done a lot of research and ended up ordering two new Microtik switches; one with lots of 1GBe ports + 2 SFP+ ports, and another with support for eight SFP+ ports. I decided against used enterprise equipment for a variety of reasons; 1.) noise and power usage, 2.) the hidden gotchas of enterprise licensing that can be discovered *after* purchase (I've been watching Patrick Kennedy discuss that on his ServeTheHome channel), 3.) the uncertainty of buying used, and 4.) because the Microtik switches are a really good deal new. I also like that Microtik switches have both a CLI and a web UI (as well as a Windows GUI but I doubt I'll use that.) Anyway, I haven't set them up yet but will be doing so in the near future.

Microsegmentation is usually handled with a software-defined solution. It allows having a mini firewall protecting every host on the network. You can use virtual firewalls to segment traffic but it does not scale very well.

@@VirtualizationHowto OK, i see what you mean, the scale part. So, if Proxmox can centralize it's VM firewall configuration plus add firewall templates/rules for the VM & allows the template/rules to follow the VM from host to host, then it would scale ???

fbi fido - It is really a limitation of all types of virtual firewalls. As mentioned in the video, traffic needs to be routed through a firewall for the filtering rules to be applied. If you have two VMs on the same VLAN with a pfsense virtual firewall protecting them, the firewall can't intercept traffic between them IP to IP on the same VLAN. You would have to have a pfsense firewall setup for every single virtual machine and each would have to be on their own VLAN to intercept traffic between them. VMware NSX installs specialized VIB files on each ESXi host allowing even layer 2 traffic between two VMs to be filtered and rules set up to filter that traffic which provides a much more efficient and practical way to filter that traffic.

@@VirtualizationHowto "You would have to have a pfsense firewall setup for every single virtual machine", is that not how Proxmox is setup ???, each host has a firewall, each VM has a firewall, even if no routing at the firewall layer.

fbi fido, ah yes, I read pfsense instead of Proxmox in your message. Yes I do believe the Proxmox centralized firewall can protect VMs with rules as well. I haven't delved into testing this, but if so, would be similar. I am not sure how it handles intra-VLAN traffic, etc. From what I see, NSX provides superior capabilties (identity-based rules, etc) but this would be a viable option. I am looking at the documentation here: pve.proxmox.com/wiki/Firewall