I am new to ovs and AHV configurations in general and have a networking question. I have been reading through the documentation on networking and still am not clear on a question or two.
Situation: I am mapping out steps to create a DMZ zone for my server environment. My firewall will be configured with a DMZ port and vlan tagged, public IP will NAT to server in DMZ zone, and ACLs will control what traffic can get threw. This will be routed through vlan tagged ports via lay 3 switch to my Nutanix cluster. The server mentioned above will be on my Nutanix cluster and will need to communicate with with 1-4 other Nutanix VMs in the same DMZ/vlan.
If I create a "network" in Prism with vlan tagging and apply it to all DMZ servers in question, will this keep my DMZ traffic separated from all trusted traffic?
If not, do I need to configure a new bridge to keep this network traffic separate from my other networks?
My concern is because all traffic is being routed to the same trunk ports on my switch to access the 10gb ports and all traffic is flowing throw br0 that it might not actually be segregated. Hopefully that makes since.
Please take a look at this following best practice guide. It discusses all things networking with Nutanix. Let me know if you still have questions after reading through this.