VMware Cloud Community
5474
Enthusiast
Enthusiast

Network Configuration Critique

Now that 3.5 is out we're getting ready to deploy it on two HP DL585G2 servers.

We're in good shape CPU and memory wise but I'd like some comments/suggestions on our networking side of things.

The boxes are configured with their two onboard NICs + 3 Quad Port HP Nics. We're using Equallogic as our

storage side of things and have been thinking about only using the ESX s/w initiator to mount the OS files, all other

LUNS presented to the severs will be done within the OS through the MS initiator. I'm a little foggy as to where I need

the service consoles etc and on which VLAN (Management vs Storage) though I think I need one on both for the iSCSI to work.

Proposed Config

vswitch0 - Onboard Port 0, 1 Quad Port (Management) - Service Console

vswitch1 - Onbarod Port 1, 2 Quad Ports (Storage) - iSCSI enabled - SC needed?

vswtich2 - 2 Quad Ports (Vmotion) on Storage VLAN

Vswitch 3-5 - Team two ports and have those to present internal to the OS's for iSCSI

For our fabric we've got 2 Nortel 5510 in a stacked configuration. From what I've read we can do link aggregation

on those trunks to present 2GB on bandwith to the servers, if so what is the correct method to configure that

on the ESX side?

thanks

Reply
0 Kudos
6 Replies
Rob_Bohmann1
Expert
Expert

Overall your plan looks good to me.

vswitch1 - Onbarod Port 1, 2 Quad Ports (Storage) - iSCSI enabled - SC needed? >> yes, add a 2nd sc console connection, needed for discover and authentication for storage, if you enable chap, don't enable until you have the storage working to avoid problems and make troubleshooting easier for initial setup.

vswtich2 - 2 Quad Ports (Vmotion) on Storage VLAN >> any particular reason why you put this on the storage vlan? I would put it on its own separate private vlan for security reasons. (memory contents of servers during vmotion not encrypted)

Vswitch 3-5 - Team two ports and have those to present internal to the OS's for iSCSI >> where are your public interfaces for your servers or are these on the same network as the guest servers ISCSI connections?

mcowger
Immortal
Immortal

Be careful if you quad port cards are Intel rebrands, ESX currently has bugs doing trunking with those cards.

--Matt VCDX #52 blog.cowger.us
Reply
0 Kudos
5474
Enthusiast
Enthusiast

Rob, thanks for the comments. Yes, having public facing NICs would be good, oops.

The Quad NICS are Intel82571EB chipsets. Anything details on the trunking issue?

Reply
0 Kudos
mcowger
Immortal
Immortal

Here's the link....

http://communities.vmware.com/message/580204

--Matt VCDX #52 blog.cowger.us
5474
Enthusiast
Enthusiast

Thanks for the linkage. The chipset is slightly different and hopefully it's fixed in 3.5 but at least I know what to

look for in case we start having issues with the config.

regards

Reply
0 Kudos
Texiwill
Leadership
Leadership

Hello,

The best performance, security, and redundancy is to physical NICs (pNICs) as follows.

  • 2 pNICs for SC (administrative network) vSwitch

  • 2 pNICs for iSCSI (storage network) vSwitch

  • 2 pNICs for vMotion (vMotion Network) vSwitch

  • 2 pNICs for VM Network vSwitch

You can add more VM Network pNICs for more networks. This setup will give you security, redundancy, and performance for the iSCSI network.

You must maintain physical separation for all your administrative and storage networks.

Best regards,

Edward L. Haletky, author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, (c) 2008 Pearson Education. Available on Rough Cuts at http://safari.informit.com/9780132302074

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos