faking NAT with a VMware distributed switch across multiple hosts

Answer Synergy

Well your problem may be that your setup is as overcomplicated as your question :)

DHCP does not pass router boundries without enabling a relay

Once you have that actualized then your other 'machines' will be able to touch base with your DHCP server :P

Some questions that might help clarify things:

• Which system in your diagram is the DHCP server?
• Where is the NAT being performed?
• Have you verified that the dvSwitch is in fact working properly? (You might try assigning a static IP to one of the VMs on the other host and see if it can ping or otherwise connect to the other VMs).

I have set up systems with DHCP traversing a dvSwitch without any problem, so it is possible to do this sort of thing. My guess is that the dvSwitch just isn't configured properly.

Good luck,

--jed

Ok, finally I think I understand, let me test my assumptions;

1. You have a number of VMs that need to access some form of 'proper' network in a NAT'ey way, they also need to obtain their DHCP addresses too - I'm unclear if they need to access another internal network at the same time - perhaps you could clarify this.
2. You wish to use a dvSwitch to save on admin (actually most VCPs are steering clear of dvSwitches in production environments right now, preferring to wait for the next version).
3. You're seeing inconsistent behaviour across the dvSwitch (see item 2 by the way).

If this is right then I think you can make things easier for yourself by doing the following;

1. Create your dvSwitch, attach to vNIC1 of all appropriate VMs AND your nominated 'router/DHCP' VM's vNIC1, set clients to use DHCP.
2. Attach 'router/DHCP' VM's vNIC2 to your 'proper' network dv/vSwitch port.
3. Install OS and router/DHCP daemons/services on 'router/DHCP' server, configure to as appropriate.

Optionally attach VMs vNIC2 to other internal network if required.

This should allow all your appropriate VMs to get their DHCP information from the 'router/DHCP' VM, which will also pass itself as default gateway - in turn it will then NAT route all traffic from that interface. If required you can simply use static routing on the VMs to point non-NAT-requiring traffic to their vNIC2 to be handled by the internal network as required.

Does this make sense - I know it's pretty close to what I think you're suggesting but in lieu of clearer text/diagrams it's the best I can do right now.

Without a lot more information about your environment I can't say precisely what's wrong. I suspect the problem that you are having may be related to how you have set up (or more specifically not set up) VLAN's and PVLAN's within your distributed switch environment and your physical switch(es) but it may simply be that the uplink ports aren't configured correctly on all hosts. The precise configuration of your dVSwitch across all the hosts is therefore highly relevant. As others have pointed out dVSwitches aren't the easiest things to work with at the moment, and making changes to them can be both counter intuitive and prone to error. A screenshot of your dVSwitch with the NAT dVPortgroup highlighted to identify the uplink paths on all hosts would be very illuminating.

The best place to start is with the vSphere Networking Guide and even though it's not directly relevant the VMware\Cisco Nexus1000v DMZ Guide is worth reading too.