regnak2012
Enthusiast
Enthusiast

vLAN Change Procedure

Jump to solution

Hi,

We've currently got an environment using Distributed vSwitches and a virtual vCenter. We've a few Port Groups using vLANs, the rest do not have a vLAN set (Native vLAN, various subnets). The Network Team want to implement a vLAN tag on the management network & associated Port Group shortly.

I'm looking for advice regarding the best way to apply the change in VMware without risking locking me out after the Network Team make the change on their end! Anyone have any experience with this? I'd like to avoid HA activity during the switchover but avoid having to power down all the VMs etc.

Thanks

Mike

0 Kudos
1 Solution

Accepted Solutions
vfk
Expert
Expert

Are you using pass-through network connection or do you have flex-10 / flex fabric?  If this is the case then you would have to do a bit more planning, as you would also need to update settings on OA as well as vSphere.  Updating one physical uplink could potentially take out half of your uplinks.  If it is just a pass-through then you one host at a time.  Creating second management vmkernel is good idea.

You are already familiar with HA and datastore heart-beating (Isolated & Partitioned), but something to keep in mind is "In the case of an Isolation, a host is separated from the master and the virtual machines running on it might be restarted, depending on the selected isolation response and the availability of a master."


This should be fairly straight forward change if you plan carefully and are comfortable with your environment configuration.


vfk

--- If you found this or any other answer helpful, please consider the use of the Helpful or Correct buttons to award points. vfk Systems Manager / Technical Architect VCP5-DCV, VCAP5-DCA, vExpert, ITILv3, CCNA, MCP

View solution in original post

0 Kudos
5 Replies
JPM300
Commander
Commander

Hello regnak2012,

I would do this as a staggered change.  Find out the uplink ports that each host uses to each switch and give this information to the network team and tell them you want to do 1 host at a time.


Then pull one host into maintence mode and login to the console.  Then switch over the management network's to its new VLAN from the console.  Then get the networking team to make the change on the switch.  Bring the host back online and yours done.  With the management port on the proper VLAN you can do the rest of the VLAN changes through vCenter without the worry of a host dropping out or causing an HA event.  Once that host is done you can bring it back online and do the rest in the same fashion.

Is your mangement prot group in a standard vSwitch or VDS?

vfk
Expert
Expert

Can you tell us a bit more details on how your vSwitches are currently configured?  How many uplinks do you have? Are you using rack or blade server?  Then we can build a picture and advice best way to proceed. However some general guide

  • Staggered changes is definitely the way to way.
  • One host at a time
  • if all your management portgroup are connect to the same external switch, then consider disable HA network heartbeat monitoring while the network team work on that switch.
  • create a temp vmkernel interface on the tag vlans, give a temp ip address on the subnet and perform basic connectivity test. PING PING - this will help you insure everything is working before you bring the host back in the cluster only to discover VM have lost connectivity to the network.

vfk

--- If you found this or any other answer helpful, please consider the use of the Helpful or Correct buttons to award points. vfk Systems Manager / Technical Architect VCP5-DCV, VCAP5-DCA, vExpert, ITILv3, CCNA, MCP
0 Kudos
regnak2012
Enthusiast
Enthusiast

Thanks Folks!

You're going to love this wrinkle:

Two Datacenters, one Blade Chassis in each, Stretched Cluster and each Blade Chassis is connected to a core switch in each Datacenter (i.e. Chassis is uplinked to both switches so if one core goes down the blade chassis is still connected via ISL to the other). While very resilient it could make things "interesting" to cutover.

Using your advice, I could ask the network team to configure one set of uplinks at a time (i.e. do the ports connecting 1 chassis, then the other). The question is when to tackle the vCenter VM itself.

The ESXi configuration is VM networks & Management all on one DVS and iSCSI on a second DVS. The VMKernels have their own dedicated Port Group, Management VMs are on a different Port Group but both will essentially use the same vLAN after cutover. I thought about giving the Hosts a second VMKernel interface on a different non vLAN tagged network so they retain connectivity throughout but the vCenter VM itself still needs to come over. I think disabling HA is a good idea even though Datastore heartbeats will be there, I don't want VMs bouncing around!

Appreciate the Advice!

Mike

0 Kudos
vfk
Expert
Expert

Are you using pass-through network connection or do you have flex-10 / flex fabric?  If this is the case then you would have to do a bit more planning, as you would also need to update settings on OA as well as vSphere.  Updating one physical uplink could potentially take out half of your uplinks.  If it is just a pass-through then you one host at a time.  Creating second management vmkernel is good idea.

You are already familiar with HA and datastore heart-beating (Isolated & Partitioned), but something to keep in mind is "In the case of an Isolation, a host is separated from the master and the virtual machines running on it might be restarted, depending on the selected isolation response and the availability of a master."


This should be fairly straight forward change if you plan carefully and are comfortable with your environment configuration.


vfk

--- If you found this or any other answer helpful, please consider the use of the Helpful or Correct buttons to award points. vfk Systems Manager / Technical Architect VCP5-DCV, VCAP5-DCA, vExpert, ITILv3, CCNA, MCP
0 Kudos
regnak2012
Enthusiast
Enthusiast

Hi vfk,

We're using VirtualConnect and just Trunking all vLANs down to the Blades. I'll probably disable HA to take care of Host Isolation Response and VM Monitoring from causing trouble and move vCenter to one Host, migrate it and go from there. Forgot I'll need to do iLO but I can direct cable connect in the front of the blade too.

Thanks for the advice!

Mike

0 Kudos