Hello,

Do you mean 'vMotion' instead of 'vmkernel'? Remember the vmkernel networks are used for iSCSI, NFS, vMotion, and within ESXi, vmkernel also implies the management console.

So which network are we actually discussing? Let's assume this is vMotion as you mentioned you do not use iSCSI or NFS and we are talking about ESXi.

I would give my Blue Gears -- Networking posts a read, specifically this one on Combining Networks. The key things to consider are redundancy, performance, and security. It is also to realize that VLANs are a TRUST issue and not a physical 'security protocol'.

Combining Service COnsole and vMotion on the same pair of pNICS is fine depending on whether you have to adhere to PCI or other regulations, then it really is not a great thing to do. However, for general usage it is accepted and you either have to use VLANs, or subnets. Your vMotion IP address cannot be within the same subnet as your service console. This is enforced by ESX itself.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|
Virtualization Security Round Table Podcast

"Your vMotion IP address cannot be within the same subnet as your service console. This is enforced by ESX itself."

Are you sure? We have used vMotion and Service Console in the same subnet for several months without problems.

-Asko-