All hosts inaccessible after VLAN changes

Morat · ‎02-18-2011

Hello,

I'm having a bit of a nightmare here...

we're a small shop with 2 ESXI 4.01 Hosts and VMWare Essentials Plus. The VMWare hosts run application servers, the Domain Controllers are still on two physical servers.

The hosts are Dell poweredge 2950s and the switches are HP Powercurves. In this case a 5308xl and a 2626-PWR.

Everything has been running just fine for months, but I needed to do some VLAN trunking to accommodate changes in the physical location of our internet connection.

There are two fibres running between the two switches, with one VLAN running on each fibre and ports in each switch statically assigned to one VLAN or the other.

With the changes, I needed a third VLAN between the two switches so I put the two fibres into a trunk and tagged the trunk for the three VLANS at each end. Everything was fine, traffic was flowing correctly and I went home. I didn't realise that the VMWare hosts had both freaked out. None of the application servers were available on the network and when I checked in VSphere client, all hosts were showing as inaccessible. I could not do anything with them at all. As soon as I removed the changes to the switch configurations the VMs were available again, although powered down. One host allowed me to power up its VMs straight away, the other required a reboot.

Could anyone point me to an answer or general documentation for my problem? I'm guessing that ESXi doesn't like tagged vlan traffic by default. Google searches seem to support this but I haven't found anything definitive.

thanks!

bulletprooffool · ‎02-18-2011

I am pretty sure that what you have done is isolated your hosts form each other with invalid VLANs.

If you have HA enabled on the hosts, they' been looking at the host isolation response settings for HA, decided they are isolated and 'shut down VMs' as per your configuration.

Of course in your case, you managed to isolate all both hosts, so they all considered themselves isolated and as such both enforced the same policy, shutting down VMs etc. (Both hosts lost full network access - not just access to eqach other, so both assumed that they were the isolated host)

Personally, I try to have a minimum of 3 hosts per cluster (though of course you VLAN change in this instance would have more than likely still had the same result that it had this time)

One day I will virtualise myself . . .

Morat · ‎02-18-2011

Well, what you say makes sense - I may well have isolated the hosts but I don't think I did it by assigning any invalid VLANs to the hosts since the configuration on their ports was unchanged. What I'm wondering is whether having the VLAN that the ESXi hosts use tagged on a different (trunk) port would make them fall over.

You are entirely correct in assuming that HA is enabled on the hosts.

EDIT:

I feel I should update my initial post.

1. The version is ESXi 4.1

2. It was the Virtual Machines that were showing inaccessible when I logged into the hosts - not the hosts themselves.

3. Both hosts use an iSCSI box for datastores. All interfaces for the ESXI hosts and iSCSI are in the same VLAN (something I hope to change) but the SAN NICs are in a different subnet.

4. the VCentre machine is also a VM, and it was one of the downed servers. I had to use the vSphere client on my laptop to get to the hosts individually.

thank you again!