Re: Management Network Configuration

hccvm · ‎03-08-2022

Hello,

We are reviewing network configurations of our ESXi hosts and have stumbled across an area of concern with our management network setup. We have two physical connections on our host for our management network and the switch ports are not configured for any type of teaming (etherchannel, link aggregation, etc). In vSphere we have a distributed switch with both of these uplinks and they both appear to be active. When the ESXi host was originally configured, we selected the first link as primary and then selected the second link. No default settings have been changed on the vDS either.

The question we have is this a supported configuration or do the multiple physical connections need to be teamed and configured accordingly in vSphere? There is a concern from our networking group that this can lead to mac flapping and other networking issues.

Thanks.

alantz · ‎03-09-2022

That is the way mine is setup. I don't think you'll have issues because on the portgroup you have load balancing probably set to routing based on virtual port. Only one interface will be used since its ip routing based and not switching. At least in my mind that is how it works and why its not a problem.

--Alan--

scott28tt · ‎03-09-2022

As soon as any virtual switch has multiple uplink ports you are using NIC teaming, with a default policy applied.

https://kb.vmware.com/s/article/1004088

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

hccvm · ‎03-09-2022

With the default policy applied with multiple uplink ports, is it required to set up link aggregation on the physical switch ports? We want to make sure that letting the vDS handle the NIC team will not cause network issues on the physical switch. I've attached a screenshot of the vDS policies.

Thanks.

alantz · ‎03-09-2022

That looks default and at least for me it doesn't cause issues.

--Alan--

hccvm · ‎03-09-2022

I ended up opening a ticket with VMWare to get an official response and they confirmed that no link aggregation is required on the physical switch. They did however say that only one uplink should be active and the other should be set to standby.

Thanks everyone.

irigoyen · ‎03-10-2022

I also agree with @alantz and @scott28tt.

In all my environment I configured the management network with 2 active uplinks and seems that’s working fine. As described in the article https://kb.vmware.com/s/article/1004088, the Teaming Policy should be “Route based on the originating port ID”.

Setting the links to active/passive is also supported, in this case you have to be careful to set the failback to no. Here is an interesting article of Frank Denneman: https://frankdenneman.nl/2010/10/22/vswitch-failover-and-high-availability/

I would recommend though that for the management network to use a VSS instead a VDS.

hccvm · ‎03-10-2022

Thanks for that article, I may have to ask VMware about their recommendation about fallback settings. If both uplinks are set to active, I don't think they are both used at the same time for increased throughput absent a link aggregation on the physical switch. But if there is no ill effect of having both active and it helps to prevent the issue in the article, then it might be best to leave it as is.

All

Management Network Configuration