Expert
Expert

Best practices vSphere and CNA

Hi there,

We are planning to use 10Gb CNA in the near future. I was wondering if someone could point me

to some best practices documents or whitepapers?

Cheers

Please consider marking my answer as "helpful" or "correct"

Please consider marking my answer as "helpful" or "correct"
0 Kudos
11 Replies
Virtuoso
Virtuoso

Hello AllB,

Take a look Here, http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/white_paper_c11-496511.pdf


Please, don't forget the awarding points for "helpful" and/or "correct" answers.

Regards

________________________________________

Ing. Diego Quintana

VCP 410- VCP 310 - VAC - VTSP

My Linkedin Profile

Join to Virtualizacion en Español group in Likedin

!http://feeds.feedburner.com/WetcomGroup.1.gif!

Ing. Diego Quintana - VMware Communities Moderator - Co Founder & CEO at Wetcom Group - vEXPERT From 2010 to 2020- VCP, VSP, VTSP, VAC - Twitter: @daquintana - Blog: http://www.wetcom.com-blog & http://www.diegoquintana.net - Enjoy the vmware communities !!!

Expert
Expert

Cool. That will get me started. I probably have a few questions for the community soon Smiley Happy

Please consider marking my answer as "helpful" or "correct"

Please consider marking my answer as "helpful" or "correct"
0 Kudos
Leadership
Leadership

Hello,

You may also wish to check out "Rethinking vNetwork Security" and the Virtualization Security Podcast that covered this subject... http://www.virtualizationpractice.com/blog/?p=4284


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XII: 2009-2020,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
Expert
Expert

Thanks Will,

Great article and definitely some food for thought!!

Currently our DMZ is physically separated at switch level and has its own separate vswitch and pNics in ESX.

Our DMZ network will not be part of the new Cisco Nexus 5010's we are implementing and I guess we will be keeping

it separate as is.

I am planning to run vmotion, data and storage over the 10Gb CNAs configured as suggested by Cisco.

I would like some additional advice on the service console though. My colleague, who is responsible for

the networking side of things, wanted to keep the service console off the CNAs. He reckons he read it is recommended

but I am not so sure anymore, especially after reading these articles....

Any thoughts?

cheers

Please consider marking my answer as "helpful" or "correct"
0 Kudos
Leadership
Leadership

Hello,

With CNAs in use you will most likely be using VLANs anyway you slice it unless you are dedicating 10G to just the VMs.... But you want to run vMotion on it. I assume you also want to put IP Storage and VMs, which are 3 distinct and important networks. IN essence adding the Service Console will not mean much. The article I wrote points to having the Virtualization Management tools on 1G links instead of combined 10G links.... However, there is no reason at all you cannot add Service Console to 10G if you already have vMotion.

FT, vMotion and Service Console are the critical virtualization networks... Consider carefully how you wish to protect them.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XII: 2009-2020,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Expert
Expert

Maybe the graphic of the following articel helps.

http://blogs.vmware.com/networking/2010/05/vsphere-loves-10gige.html

Expert
Expert

Thanks Will,

We have always used VLANS in our network and obviously did so for ESX networking.

Not in production yet I have placed Vmotion in active-standby configuration spread over the two CNAs. I did the same for the IP storage

but switched the active-standby order. My VM traffic uses the CNA in an active-active configuration.

After reading the comments here I can see no reason why not to place the Service Console on the CNA. I might keep the redudant console on a pNIC

Please consider marking my answer as "helpful" or "correct"

Please consider marking my answer as "helpful" or "correct"
0 Kudos
Champion
Champion

Even though the Service Console can live on CNA card, but for completely independent and isolation, it would be redundant if you can have it on two seperate NICs just in case the CNA failed. It's like HP Flex 10, you can carve out the traffic pipe for each traffic types but consider all eggs in one basket would be critical when it failed. Are you using Cisco UCS B200 or C200 series along with your Nexus 5k switches?

I would place high traffic such as Virtual Machine, vMotion and Backup port groups on those CNA card and low traffic like Service Console to physical NIC for redundancy. You can check out POC for 5k switches and performance details here http://malaysiavm.com/blog/cisco-nexus-5000-poc/


If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

Regards,

Stefan Nguyen

VMware vExpert 2009

iGeek Systems Inc.

VMware, Citrix, Microsoft Consultant

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Stefan Nguyen VMware vExpert 2009 iGeek Systems Inc. VMware vExpert, VCP 3 & 4, VSP, VTSP, CCA, CCEA, CCNA, MCSA, EMCSE, EMCISA
0 Kudos
Expert
Expert

Am using HP DL380 G6 with qlogic CNAs. Currently I have two service consoles, each with a dedicated pNIC, going to different switches (a 2950 and a 6500). We were thinking of placing only one SC on the CNA. Cheers

Please consider marking my answer as "helpful" or "correct"
0 Kudos
Enthusiast
Enthusiast

Maybe a little late, but have you considered Xsigo?

0 Kudos
Leadership
Leadership

Hello,

I would not place vMotion, FT, or SC on the CNAs. Keep them separate. But this is more a security concern than anything else. Availability of these networks may be required if the CNA fails so that you can move VMs without impact. COnsider all aspects of availability with your design, what happens in all particular failure cases? The goal is to never need to reboot a VM Smiley Wink


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XII: 2009-2020,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos