So if I understand your topology you have a physical security switch and the only connections on it are are the two physical interfaces coming from the ESX hosts.
Your Centos machine will need a router to talk to anything outside of this broadcast network, so unless you provide another router you are forcing his traffic to go through ubuntu machine by setting the Centos machines default gateway to 10.0.1.20.
For your configuration this physical switch should be isolated, if it isn't isolated you would need to run VLANs.