Hi there,
We are planning to use 10Gb CNA in the near future. I was wondering if someone could point me
to some best practices documents or whitepapers?
Cheers
Please consider marking my answer as "helpful" or "correct"
Hello AllB,
Take a look Here, http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/white_paper_c11-496511.pdf
Please, don't forget the awarding points for "helpful" and/or "correct" answers.
Regards
________________________________________
Ing. Diego Quintana
VCP 410- VCP 310 - VAC - VTSP
Join to Virtualizacion en Español group in Likedin
!http://feeds.feedburner.com/WetcomGroup.1.gif!
Cool. That will get me started. I probably have a few questions for the community soon
Please consider marking my answer as "helpful" or "correct"
Hello,
You may also wish to check out "Rethinking vNetwork Security" and the Virtualization Security Podcast that covered this subject... http://www.virtualizationpractice.com/blog/?p=4284
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]
Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]
Thanks Will,
Great article and definitely some food for thought!!
Currently our DMZ is physically separated at switch level and has its own separate vswitch and pNics in ESX.
Our DMZ network will not be part of the new Cisco Nexus 5010's we are implementing and I guess we will be keeping
it separate as is.
I am planning to run vmotion, data and storage over the 10Gb CNAs configured as suggested by Cisco.
I would like some additional advice on the service console though. My colleague, who is responsible for
the networking side of things, wanted to keep the service console off the CNAs. He reckons he read it is recommended
but I am not so sure anymore, especially after reading these articles....
Any thoughts?
cheers
Hello,
With CNAs in use you will most likely be using VLANs anyway you slice it unless you are dedicating 10G to just the VMs.... But you want to run vMotion on it. I assume you also want to put IP Storage and VMs, which are 3 distinct and important networks. IN essence adding the Service Console will not mean much. The article I wrote points to having the Virtualization Management tools on 1G links instead of combined 10G links.... However, there is no reason at all you cannot add Service Console to 10G if you already have vMotion.
FT, vMotion and Service Console are the critical virtualization networks... Consider carefully how you wish to protect them.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]
Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]
Maybe the graphic of the following articel helps.
http://blogs.vmware.com/networking/2010/05/vsphere-loves-10gige.html
Thanks Will,
We have always used VLANS in our network and obviously did so for ESX networking.
Not in production yet I have placed Vmotion in active-standby configuration spread over the two CNAs. I did the same for the IP storage
but switched the active-standby order. My VM traffic uses the CNA in an active-active configuration.
After reading the comments here I can see no reason why not to place the Service Console on the CNA. I might keep the redudant console on a pNIC
Please consider marking my answer as "helpful" or "correct"
Even though the Service Console can live on CNA card, but for completely independent and isolation, it would be redundant if you can have it on two seperate NICs just in case the CNA failed. It's like HP Flex 10, you can carve out the traffic pipe for each traffic types but consider all eggs in one basket would be critical when it failed. Are you using Cisco UCS B200 or C200 series along with your Nexus 5k switches?
I would place high traffic such as Virtual Machine, vMotion and Backup port groups on those CNA card and low traffic like Service Console to physical NIC for redundancy. You can check out POC for 5k switches and performance details here http://malaysiavm.com/blog/cisco-nexus-5000-poc/
If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!
Regards,
Stefan Nguyen
VMware vExpert 2009
iGeek Systems Inc.
VMware, Citrix, Microsoft Consultant
Am using HP DL380 G6 with qlogic CNAs. Currently I have two service consoles, each with a dedicated pNIC, going to different switches (a 2950 and a 6500). We were thinking of placing only one SC on the CNA. Cheers
Maybe a little late, but have you considered Xsigo?
Hello,
I would not place vMotion, FT, or SC on the CNAs. Keep them separate. But this is more a security concern than anything else. Availability of these networks may be required if the CNA fails so that you can move VMs without impact. COnsider all aspects of availability with your design, what happens in all particular failure cases? The goal is to never need to reboot a VM
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]
Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]