VMware Cloud Community
GoMeZ2020
Contributor
Contributor

VSAN stretched cluster L2 / L3 combo

Hi,

Can somebody point me at a good network design document for implementing a witness site.

From what I have I read we can have a stretched L2 for VSAN data traffic over the 2 sites.

The witness site should be connected over L3 links.

What is not really clear to me is how to witness detects a site failure.

If the L2 VLAN for VSAN traffic is for example 10.1.1.0/24.

I have 4 hosts in Site A en 4 host in site B every host will have a VMKernel adapter with an IP in this subnet.

In the below article they devide the subnet into 2 /25 subnets and use static routes from the witness site.

Just Another IT blog: vSAN stretched cluster topology explained

Is believe there is another method for this using a separate vmkernel adapter for witness traffic but can't really find any

good info on this.

From a network perspective the above IT blog is clear but where can I found another designs using the witness traffic vlan.

Not clear to me how it work or how it should be designed.

Reply
0 Kudos
4 Replies
MikeStoica
Expert
Expert

You can check this documentation VMware® vSAN™ Network Design | VMware

Reply
0 Kudos
T180985
Expert
Expert

This explains the Witness host & includes diagrams

Understanding the vSAN Witness Host - Virtual Blocks

Please mark helpful or correct if my answer resolved your issue. How to post effectively on VMTN https://communities.vmware.com/people/daphnissov/blog/2018/12/05/how-to-ask-for-help-on-tech-forums
Reply
0 Kudos
TheBobkin
Champion
Champion

Hello GoMeZ2020​,

The guide MikeStoica referenced should have all the information you need here, but just wanted to add my 2 cents:

"What is not really clear to me is how to witness detects a site failure."

It is aware of the state of the cluster by the fact that it is in constant communication with the Master and Backup nodes that each reside on one of the data-sites, if both sites are accessible to the Witness but they cannot communicate with each other (e.g. the ISL is down) then it sides with the currently set Preferred Fault Domain to avoid split-brain scenario.

"Is believe there is another method for this using a separate vmkernel adapter for witness traffic but can't really find any

good info on this."

I would always advise using WTS where available as while it may seem more complicated (e.g. additional configuration required) it does simplify things by splitting traffic out (and it is easier to troubleshoot as a result of this).

Bob

Reply
0 Kudos
GoMeZ2020
Contributor
Contributor

Tnx i will check this out and get back if I need some more clarification.

Reply
0 Kudos