I am writing this post from old discussion about “what is the difference between the Port Group and the NSX logical Switch?” There is a huge development in the idea and the way of the switching in the virtualization in general and from VMware specially. So, this give me the idea of the evolution happened in the network virtualization from the standard switch (not mentioned in this post) and the distributed switch to Logical switch and the logical routers in NSX-V to the more supportability of the wider network covering by NSX-T.

Distributed Switches (in VSphere)

The Distributed virtual switch is the virtual switch introduced by vmware to distribute the virtual network switching configuration between the hosts to provide the virtual machines with the connectivity and to give the VMs the flexibility to move between the hosts with the same network configuration.

The port Group is segmenting the distributed switch with multiple groups to identify the VLAN ID and other options. So, the VMs when try to communicate with each other they will have two scenarios for switching and 2 for routing.

In Case of Switching

• 2 VMs in the same host with the same VLAN ID (subnet)                    Use Case 01

  The traffic will be in the same host and will be switched in the virtual switch.

• 2 VMs in different hosts with the same VLAN ID (subnet)                Use Case 02

  The Traffic will be directed to the physical switch to switch it to the second VM in the other host (go out to the physical network)

In Case of Routing

• 2 VMs in the same host with the different VLAN ID (subnet)                Use Case 01

  The Traffic will be directed to the physical switch / Router to route it to the second VM and return it back to the same host (go out to the physical network)

• 2 VMs in different hosts with the different VLAN ID (subnet)                Use Case 02

  The Traffic will be directed to the physical switch to start switch it to the second VM in the other host (go out to the physical network)

Note That this technology did not obsolete and used to build on top of it all the NSX technologies. (NSX-V, NSX-T)

Logical Switches / Logical Router / Edge Gateway (in NSX-V)

The Logical switch is one of the introduced concepts in the NSX-V and it is responsible for the L2 switching between the virtual machines in the virtual environment and it is based on the vxlan packets only. So, it is segmenting and switching the traffic of the vxlan packet inside the NSX only between the VMs by the segment ID (not VLAN ID).

And the traffic routed between the logical switches in the NSX by the logical routers. And all this still within the VXLAN packet inside the virtual environment (managed by NSX) the converting between the VXLAN and the VLAN become from the edge gateway.

So, the Edge gateway is the responsible to integrate with the physical routers either the aggregation or the Core switch. And the uplink of the edges is the port group of the distributed switch. And all the other interfaces of the edge router should connect to the logical routers that connected to the logical switches.

All the information related to the logical routers and logical switches distributed to all the hosts managed by NSX. So, the packet when start to go out from the vnic of the VM, the host knows exactly the packet destination and the switching, routing done in the first host.

So, the VMs when try to communicate with each other they will have two scenarios only common in switching and routing. And additional use case for external

In Case of Switching

• 2 VMs in the same host with the same Subnet (Segment ID)                Use case 01

  The traffic will be in the same host and will be switched in the same host using the logical switch.

• 2 VMs in different hosts with the same Subnet (Segment ID)                Use case 02

  The Traffic will be directed to the VTEP Host using the physical switch to switch it to the second VTEP host that have the destination VM in the other host (go out to the physical network in the VTEP tunnel)

In Case of Routing

• 2 VMs in the same host with the different Subnet (Segment ID)                Use case 01

  In this case the traffic will be in the same host and will be switched in the same host using the logical switch and the logical router.

• 2 VMs in different hosts with the different Subnet (Segment ID)                Use case 02

  The Traffic will be directed to the second host using the physical switch to switch it to the second VTEP host that have the destination VM in the other host (go out to the physical network in the VTEP tunnel)

• For VM will communicate with external service (internet or physical server)
  

  The Traffic will be directed Through the VTEP between the VM host and the ESG (Edge router) host and the ESG will route the traffic to the external network. As in the setup the ESG should route or be peered with the first physical router (aggregation / Core switch).

From the previous use cases we see that one of the most benefits from the NSX that the traffic on the physical network optimized to the only VMs not hosted in the same physical host and even it will directed using the TOR switches without the need to go through the full network to the core switch.

NSX-T Distributed Virtual Switch (N-DVS)

This is the New distributed virtual switch provided by NSX-T that have the capabilities to be extended to the bare metal servers and the KVM servers that will not work only on the virtual machines as the previous technologies but also extended to the other platforms supported by NSX-T. and it is distributed through the Endpoint TEPs and the final gateway in case the traffic will be go out of the NSX-T network (internet or the environment that not covered by NSX-T) is the Edge gateway (Tier-0 Router). And this is passed on Geneve protocol (That replaced VXLAN).

Summery (Conclusion)

The port group is responsible for the L2 (switching) communication between the VMs or for the VMK (management, vmotion, VSAN, …..) and it ‘s rely on the physical NIC’s (must include uplinks ) specially if the two VM’s  in different hosts.

And for the Logical switch this is new in nsx-v and it’s responsible for L2 traffic of the vms inside the nsx only (in the virtual environment) and the traffic between the distributed routers. it’s not depended on any physical network adapters and it’s mainly responsible for the VXLAN packet. the logical switch here is only identifying the VXLAN segments. the port group in the NSX-V is responsible for the communication between the VTEPs for the physical communication between the hosts which including the VXLAN traffic.

SO, in simple way the port group is mandatory for the communication between the physical hosts for management or for the VTEP communication port group understand only the VLAN traffic.