VMware Cloud Community
julian2
Contributor
Contributor
Jump to solution

vSphere 6.5 Host Isolation Address Selection

I have a customer with the ESXi management interface on a private VLAN, with a firewall VIP being the default gateway. If the firewall is taken offline for management, or a failover is performed, the default gateway will stop responding. I don't want this to cause an isolation event on the ESXi hosts.

I thought about adding an IP to the switch VLAN interface the host's management ports are conencted to, but the customer doesn't want me to do this, as there's no way to stop the switch routing (layer 3) and there's already an IP being used on a different VLAN interface already. There is nothing else on the VLAN other than the ESXi hosts and the firewall interfaces that make up the virtual IP for the default gateway. I could use routed IPs, but they would all depend on the firewall pair anyway.

My idea is to use the other ESXi host's management interface IPs and configure as follows:

das.isolationaddress0 <default gateway IP>

das.isolationaddress1 <mgmt IP of ESXi host 1>

das.isolationaddress2 <mgmt IP of ESXi host 2>

das.isolationaddress3 <mgmt IP of ESXi host 3>

das.isolationaddress4 <mgmt IP of ESXi host 4>

das.isolationaddress5 <mgmt IP of ESXi host 5>

das.usedefaultisolationaddress false

Is this a viable option? There are five hosts in the cluster, running the HPE OEM version of vSphere 6.5 and they are using the VCSA (which is on a different VLAN).

TIA Smiley Happy

Reply
0 Kudos
1 Solution

Accepted Solutions
rcporto
Leadership
Leadership
Jump to solution

Keep in mind that if your hosts are all on the same subnet and your gateway goes offline it will not cause a network partition (or host isolation) since the heartbeat communication between master and slave will continue to flow every second, because of that I don't see your idea as a viable option. See the following link for additional HA fundamentals: https://ha.yellow-bricks.com/fundamental_concepts.html

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto

View solution in original post

3 Replies
rcporto
Leadership
Leadership
Jump to solution

Keep in mind that if your hosts are all on the same subnet and your gateway goes offline it will not cause a network partition (or host isolation) since the heartbeat communication between master and slave will continue to flow every second, because of that I don't see your idea as a viable option. See the following link for additional HA fundamentals: https://ha.yellow-bricks.com/fundamental_concepts.html

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
julian2
Contributor
Contributor
Jump to solution

Thanks for the reply, very helpful.

Reply
0 Kudos
depping
Leadership
Leadership
Jump to solution

I had to read this 4 times to get it :), but I never tried this and am not sure it will work, lets go over it. What you are trying to achieve is use the ESXi host IP-Addresses to figure out if the isolation response needs to be triggered. By adding them all on an isolation of a host the following will happen:

  1. no traffic between slave and master or master and slaves
  2. if it was a slave then the slave will start a "master election process"
  3. if it was a master now the master will ping the isolation addresses
  4. if it was a slave an there's no response to the election process then the slave will ping the isolation address after it has elected itself as master
  5. if there's no response to any of the pings (happen in parallel) then the isolation is declared and the isolation response is triggered Now the question is: will there be a response when the host tries to ping itself while it is isolated, as you need to add all ip-addresses to "isolation address" options...

My guess is: the host will be able to ping itself and as such the host will need be declared as isolated. Leaving the VMs running. (tested it, when I disconnect the NICs the host will still be able to ping itself.)

Reply
0 Kudos