I have a customer with the ESXi management interface on a private VLAN, with a firewall VIP being the default gateway. If the firewall is taken offline for management, or a failover is performed, the default gateway will stop responding. I don't want this to cause an isolation event on the ESXi hosts.
I thought about adding an IP to the switch VLAN interface the host's management ports are conencted to, but the customer doesn't want me to do this, as there's no way to stop the switch routing (layer 3) and there's already an IP being used on a different VLAN interface already. There is nothing else on the VLAN other than the ESXi hosts and the firewall interfaces that make up the virtual IP for the default gateway. I could use routed IPs, but they would all depend on the firewall pair anyway.
My idea is to use the other ESXi host's management interface IPs and configure as follows:
das.isolationaddress0 <default gateway IP>
das.isolationaddress1 <mgmt IP of ESXi host 1>
das.isolationaddress2 <mgmt IP of ESXi host 2>
das.isolationaddress3 <mgmt IP of ESXi host 3>
das.isolationaddress4 <mgmt IP of ESXi host 4>
das.isolationaddress5 <mgmt IP of ESXi host 5>
das.usedefaultisolationaddress false
Is this a viable option? There are five hosts in the cluster, running the HPE OEM version of vSphere 6.5 and they are using the VCSA (which is on a different VLAN).
TIA
Keep in mind that if your hosts are all on the same subnet and your gateway goes offline it will not cause a network partition (or host isolation) since the heartbeat communication between master and slave will continue to flow every second, because of that I don't see your idea as a viable option. See the following link for additional HA fundamentals: https://ha.yellow-bricks.com/fundamental_concepts.html
Keep in mind that if your hosts are all on the same subnet and your gateway goes offline it will not cause a network partition (or host isolation) since the heartbeat communication between master and slave will continue to flow every second, because of that I don't see your idea as a viable option. See the following link for additional HA fundamentals: https://ha.yellow-bricks.com/fundamental_concepts.html
Thanks for the reply, very helpful.
I had to read this 4 times to get it :), but I never tried this and am not sure it will work, lets go over it. What you are trying to achieve is use the ESXi host IP-Addresses to figure out if the isolation response needs to be triggered. By adding them all on an isolation of a host the following will happen:
My guess is: the host will be able to ping itself and as such the host will need be declared as isolated. Leaving the VMs running. (tested it, when I disconnect the NICs the host will still be able to ping itself.)