VMware Cloud Community
pjwallis
Contributor
Contributor
‎02-27-2011 10:09 PM
Jump to solution

Spare Switch as isolation address

we have a situation where our school has 3 hosts, and loads of vm's.

now we need to restart the core switch, which would normally take around 3 hrs, due to the need to power off the whole network.

the core switch is setup as the isolation address currently.

what we are wanting to do is setup a spare switch which is attached to a spare vmnic.

we then want to set the spare network switch as the isolation address, so that we can restrat the core if needed during the day without taking 3 hrs.

so we have tried to setup the switch with an IP and subnet mask, connect the hosts through vmnic6 to the switch only, and remove references to vmnic6 in the rest of the system.

however this doesnt work...

from a putty to the service console we cannot ping the switch.

we tried to add a new service console to a new vswitch, and set the vmnic6 to that vswitch, then assign the new service console an IP in the same range as the switch. - nothing.

does anyone have any ideas, or ways around this?

Reply
0 Kudos
1 Solution

Accepted Solutions
mcowger
Immortal
Immortal
‎02-28-2011 02:49 PM
Jump to solution

Well, in your case, because you hosts are directly on your core (which is pretty uncommon BTW, and I would consider changing that), they will need an isolation address to stay up, because they will lose their intra-host heartbeating.

However, given that you know that you wont have any network connectivity anyways and that every host will consider itself isolated, you could do 1 of 2 things:

1) Set your isolation response to 'Do Nothing' during the maint.  This would prevent your VMs from being shut down even if all the hosts decide they are isolated.

2) Disable HA during the maint. Obviously this would disable your HA ability during the maint.

I like option 1, because its less intrusive to your cluster.

--Matt VCDX #52 blog.cowger.us

View solution in original post

Reply
0 Kudos
9 Replies
Basheer09
Enthusiast
Enthusiast
‎02-27-2011 10:36 PM
Jump to solution

Hi,

Make sure ur spare switch is pingable from the service console of ESX servers. I mean host routes and network switching all those.

Secondly follow this KB article to set Isolation address to spare switch : http://kb.vmware.com/kb/1002117

Kindly consider clicking on "Correct" or "Helpful" if this info is useful.

Reply
0 Kudos
pjwallis
Contributor
Contributor
‎02-28-2011 01:42 PM
Jump to solution

Hi Basheer09,

we are unable to ping the switch from the esx console.

thats the issue i think.

due to that, i dont want to setup the isolation address yet because it will start triggering the isolation sequence if i cant ping it.

or do i need the isolation in there for it to ping the switch?

if i plug the switch into the core, then it is pingable, because the ESX goes through another vmnic, through the core and then to the switch, so it doesnt find it on vmnic6.

Reply
0 Kudos
pjwallis
Contributor
Contributor
‎02-28-2011 01:50 PM
Jump to solution

i had wondered if i put the switch in another IP range, and enable DHCP whether the ESX hosts would detect the network, and then be able to ping to switch... Just a theory though... havnt tested it out yet.

on that note, does anyone know where esx gets the network information for the vmnics from?

i.e. if you go into the vswitch and have a look at the network adapters list, the vmnics have an observed IP range.

Where does ESX get that info from - normally it would be from a mixture of the IP address and the Subnetmask.

reason for the question is that on vmnic6, there is no observed IP ranges.

There is a static IP for the service console assigned to the vswitch where the vmnic6 is assigned...

please see the attached jpg's.

the vswitch3.jpg is the layout of the vswitch.

the vswitch3_properties.jpg - well fairly self explanatory - it shows the observed IP ranges as none...

Preview file
9 KB
Preview file
23 KB
Reply
0 Kudos
mcowger
Immortal
Immortal
‎02-28-2011 01:51 PM
Jump to solution

I think you might have missed a critical aspect (or maybe I dont understand what you want to do here).

If your islotion address is down but your hosts are up (and can still ping each other), the isolation address is not used and the hosts will not entire a HA event state.  In other words, the isolation address is a last resort - theres no constant pinging of this address.

If your ESX hosts are all on the same switch (and that switch wont go down, even if your core switch does), they should still be able to ping eachother and you dont need to worry about the isolation address.

If you are shuttign down ALL the switches (as in, they wont have link anymore), then I'd recommend just disabling HA temporarily to prevent bad things.  Your VMs will continue to run happily during your maint. window.

--Matt VCDX #52 blog.cowger.us
Reply
0 Kudos
pjwallis
Contributor
Contributor
‎02-28-2011 02:18 PM
Jump to solution

[Bit of History]

we had a situation where we hadnt specified the isolation address, and it defaulted to the default gateway, which was the firewall, now we did some maintenance on the firewall, and suddenly the vm's didnt receive a heartbeat from the firewall and then the hosts went into isolation mode, and we lost contact with everything...

since then, we changed the isolation address to the main core switch, and was under the impression that when the VM's didnt receive heartbeats from the isolation address after a period of time, would go into isolation mode.

hence our desire to have the spare switch setup on the back of the hosts on a spare vmnic.

but from what you are saying... i think... is that it should stay up, but just incase disable HA while restarting the Core. as a precaution always.

because they are all on the same switch, and without the switch they wont be able to ping each other.

(our hosts are only connected to each other via the Core switch) the Fibre channels are connected to a brocade switch then to the SAN.

so if the Core goes down then they in theory cannot ping each other, or from what we have tried cannot.

Reply
0 Kudos
mcowger
Immortal
Immortal
‎02-28-2011 02:49 PM
Jump to solution

Well, in your case, because you hosts are directly on your core (which is pretty uncommon BTW, and I would consider changing that), they will need an isolation address to stay up, because they will lose their intra-host heartbeating.

However, given that you know that you wont have any network connectivity anyways and that every host will consider itself isolated, you could do 1 of 2 things:

1) Set your isolation response to 'Do Nothing' during the maint.  This would prevent your VMs from being shut down even if all the hosts decide they are isolated.

2) Disable HA during the maint. Obviously this would disable your HA ability during the maint.

I like option 1, because its less intrusive to your cluster.

--Matt VCDX #52 blog.cowger.us
Reply
0 Kudos
pjwallis
Contributor
Contributor
‎02-28-2011 03:49 PM
Jump to solution

Thanks for the advice,

in relation to the core setup etc, we got told by some people that we just setup a new switch and set that as the isolation, then leave the core straight into the system. our core has a 128GB backplane, so 1GB to each port simultaniously.

so we will have to look at the network infrastructure again if we need to incorporate a new switch with a high backplane. as this info was given to us before we had 3 hosts.

we may have to get another switch so that things run smooth in the future.

so in the HA virtual machine options, we just need to change the Host isolation response to Leave powered on?

Reply
0 Kudos
mcowger
Immortal
Immortal
‎02-28-2011 04:24 PM
Jump to solution

That would be my suggestion.

--Matt VCDX #52 blog.cowger.us
Reply
0 Kudos
pjwallis
Contributor
Contributor
‎02-28-2011 04:38 PM
Jump to solution

awesome,

thanks mcowger!

Reply
0 Kudos