So just to be clear, is this a good setup?

NIC1 (onboard)-----|

\ |-(teamed)-> production network

NIC2 (onboard)-----|

NIC3 (PCI)------> service console

HBA1 -

> iSCSI array

HBA2 -

> iSCSI array

If not please clarify. I'm planning to add another NIC down the road for VMotion. I'd be interested in any recommendations for a specific setup that will support 2 ESX hosts and the EQ PS100E that would provide active-active MPIO capabilities.

Thanks,

Mike

I would make this small adjustment:

NIC1 (onboard)-----|

\|-(teamed)-> production network

NIC2 (onboard)-----|

NIC3 (PCI)------> service console

NIC1 (onboard) -

|

NIC2 (onboard)------| --- Virtual Switch (all 3 NICs teamed)

NIC3 (PCI)----

|

Port Group for Virtual Machines:

NIC Teaming Tab

Override

NIC1 and NIC2 active.

NIC3 standby.

Port Group for Service Console:

NIC Teaming Tab

Override

NIC3 active.

NIC1 and NIC2 standby.

Similar approach for VMotion port group if you're using it.

Start reading my last post from:

NIC1 (onboard) -

|

NIC2 (onboard)------| --- Virtual Switch (all 3 NICs teamed)

NIC3 (PCI)----

|

I accidentally copied in your config above mine and I don't know how to edit my post.

Hello,

Another option is:

NIC1 -> SC portgroup w/vMotion portgroup with no bridges between the portgroups.

NIC2 & NIC3 -> Teamed for VM Network

This way your SC is not on the same network as your VMs. I like to keep those quite separate for security reasons.

Best regards,

Edward

if you team for redundancy, don't team your two onboard NICs. They are on the same part of the PCI bus, and might fail together.

Better team one onboard NIC with the PCI NIC (or all three together as suggested).

No redundancy in your solution for the SC.

I'd take the comment above and apply it to my post and use 1 and 3 as your active for VMs with 2 as standby and use 2 as your active for SC with 1/3 as your standby.

These are all good and helpful posts. I do have a question about IP schemes for my SAN vs production networks. Currently our SAN and LAN are on the same subnet - I was told this would make it easier to manage the PS100E than trying to put it on a separate subnet (of course I could have misinterpretted something). But lately I've been reading several posts where people describe separating their LAN and SAN networks for security reasons.

My question is how should I configure each of the interfaces above if I follow the recommendations to team NICs 1&3 for the VMs and use NIC 2 for the SC. We use a 192.168.1.x subnet so what would be my ideal setup? Should I definitely separate the SAN and LAN into different subnets? If I do so then how would I be able to manage the SAN from my workstation?

My current plans are to have a single GB switch dedicated between the ESX host and the SAN. This switch will be connected to the LAN switch so I can manage the SAN from my workstation. Next year I'll be adding a second switch for redundancy. Will all of this work OK or have I gone about this the wrong way?

Forgive my networking ignorance. I'm still somewhat green when it comes to network design. Thanks again for all the great suggestions!!

Mike

correct, you can't use both for the same SAN, multipathing and loadbalancing won't work from hardware to software initiator or vice versa.

Sorry, I should have been more clear.

I'm not trying to multipath between the HBAs and the NICs. I'm going to dedicate the HBAs to the SAN. However, my question is whether I should create a completely separate subnet for the SAN to keep it segregated from my production network. Is that necessary if I'm dedicating the HBAs to the SAN and letting all my network traffic flow through the NICs? It seems easiest just to keep things as they are with a single subnet.

I'm no iSCSI guru, but I'd guess you might not need separate subnets, but you will definitely want separate VLANs.

I have one switch dedicated to the SAN that is mostly separate from my production switches. The only connection between the two is a single patch cable between my SAN switch and one of my production switches so that I can connect to the SAN for management purposes. Is a separate VLAN still necessary in this setup?

Not if it's physically separate.

OK, so I think I have this ready to go, but I'd like some validation from the gurus (you guys).

Does this look like the best way to configure ESX networking?:

Set up a single vSwitch to use all 3 NICs in a team. Set NICs 1&3 as Active for the VM Port Group and Standby for the SC Port. Then set NIC 2 as Active for the SC Port and Standby for the VM Port Group.

Or would it be better to create 2 separate vSwitches and dedicate NICs 1&3 to one vSwitch and NIC 2 to the other vSwitch? That would seem more complicated but does that config give me any benefits vs a single vSwitch?

Remember, in the future I'll be adding another dual-port NIC and making use of VMotion, HA and DRS when we set up our second host. For now I just need to best utilize the 3 NICs that we have. Thanks.

Hello,

I use dedicated vSwitches/pNIC combinations. But that only works if you have plenty of NIC ports available. I like the physical separation. But with VLANs and portgroups this is not necessary.

As for iSCSI, your SC need to see the iSCSI network (be on the same subnet or netmask that allows both subnets) The main reasons is to handle authentication which is not part of the vmkernel. The VM Network does not need this.

Best regards,

Edward