VMware Cloud Community
systimax
Contributor
Contributor
‎12-04-2007 08:10 AM
Jump to solution

Confused about VLan Routing and Vmkenl to SAN

Hello, Im a little confused on having a iscsi san on a sep Vlan

As of now we have 2 Vlans. 1 and 2. 1 is for the network 2 is only for san traffic. Neither of them can get to each other as we have no routing enabled.

on a esx test box I have 3 nics in use

1 virtual network and service console on vlan 1

1 Vmkernel to a NFS nas on vlan 1

1 Vmkernel to the Iscsi San on vlan2

What should the gateway of the vmkernel on vlan2 be that points to the san be ?

The point of the 2 vlans not being able to talk to each other is to segment the vlan traffic from the network...however its a pain to manage. How are others doing this? Are you allowing VLAN routing? and if so doesnt that negate the point of having the 2 sep vlans?

0 Kudos
1 Solution

Accepted Solutions
jhanekom
Virtuoso
Virtuoso
‎12-04-2007 12:53 PM
Jump to solution

The VMkernel gateway, similar to the SC gateway, is a "per-host" setting, rather than a "per vSwitch" setting. You can only have one default gateway for the SC, and one default gateway for the VMkernel.

In your case, I would set the default gateway for the VMkernel to be the same as the gateway for the SC. If you're going to route somewhere (NAS, for example), it's going to be to something attached to VLAN 1.

View solution in original post

0 Kudos
4 Replies
doggy
Contributor
Contributor
‎12-04-2007 08:35 AM
Jump to solution

We use a wholly seperate switch for iSCSI traffic. For ESX iSCSI volumes we put an iSCSI Service Console (and a VMKernel) on to a virtual switch which is connected to that physical switch by 3 physical NICs. We give the iSCSI Service Console NIC an IP within the iSCSI subnet. We have no traffic leaving that subnet so the iSCSI SC NiC's gateway, for us, is irrelevant - but it happens to be the IP of the switch.

Just as an aside, we use MS iSCSI initiator on the VM's guests themselves to connect to the iSCSI SAN for their VM drives and we put no gateway or DNS etc in those NICs at all.

Hope it helps any

d

0 Kudos
systimax
Contributor
Contributor
‎12-04-2007 09:30 AM
Jump to solution

So the Vswitch that holds the vmkernel to the San must also have a service console as well on it?

As far as the gateway i meant on the vmkernel port that connects to the san.. what should that default gateway be? The Vmkernel Default gateway

0 Kudos
Mork
Enthusiast
Enthusiast
‎12-04-2007 11:18 AM
Jump to solution

If I remember correctly from the course (haven't actually used iSCSI yet), with the software initiator I seem to recall that the initial traffic to the iSCSI SAN is generated from the Service Console, and once connected, the actual iSCSI traffic is sent/received via the VMkernel TCP/IP stack.

So, if you don't have a Service Console on the same vSwitch in your situation, then it won't work as you can't route from your Service Console VLAN to your iSCSI VLAN.

I think the situation changes though if you have proper hardware initiators with your iSCSI NIC's.

I'm pretty sure that's right, but someone else feel free to confirm or clarify...

As far as your gateway goes, if your iSCSI VLAN can't route, then it doesn't really matter what your VMkernel gateway is, so maybe set it to your iSCSI IP or something?

Cheers, Pete.

jhanekom
Virtuoso
Virtuoso
‎12-04-2007 12:53 PM
Jump to solution

The VMkernel gateway, similar to the SC gateway, is a "per-host" setting, rather than a "per vSwitch" setting. You can only have one default gateway for the SC, and one default gateway for the VMkernel.

In your case, I would set the default gateway for the VMkernel to be the same as the gateway for the SC. If you're going to route somewhere (NAS, for example), it's going to be to something attached to VLAN 1.

0 Kudos