VMware Cloud Community
spig777
Contributor
Contributor

sepreate vswitch for management?

I am setting up a couple of ESXi 3.5 hosts using networking example as recommended by Cisco here.

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns304/c649/ccmigration_09186a00807a15d0.pdf

In the example on page 59 figure 43 shows a single vswitch being used, with port groups being used to specify which VMNICs get used for service console/VMkernal and port groups used by VM's, which would obviously work fine.

My question is, is it better to use a seperate vswitch for VMkernal and service console, or is it better to use port group VMNIC settings to specify which VMNICS are used as uplinks to the physical network, as per the Cisco doc?

From the Cisco doc it looks like VMNIC2 and 4 would never be used for anything other than management traffic as they would not be active members of the other port groups that VM's are using. In that case why not put them on a seperate vswitch and set them up as active passive for the 2 management networks? This way it would be easier to see at a glance from the GUI which VMNICS are being used for management functions and keep them well away from the other port groups that contain VM's.

I'm probably missing something here, but it's not clear to me from the doc why they are using the single vswitch - or is it down to personal preference?

Reply
0 Kudos
5 Replies
depping
Leadership
Leadership

Welcome to the forums,

I think both configs would just work fine. I prefer a seperate vSwitch for the SC+VMkernel, cause it looks less complicated for most sys admins as you also point out. In the end it doesn't really matter, imho, as long as you have full redundancy set up and in any of the two configs you will have this.

Duncan

VMware Communities User Moderator

-


Blogging:

Twitter:

If you find this information useful, please award points for "correct" or "helpful".

Texiwill
Leadership
Leadership

Hello,

I think it also depends upon what you mean by vmkernel. THere are 4 possible vmkernel options available for ESXi

management

vmotion

NFS

iSCSI

management and iSCSI must participate in the same network for CHAP authentication, i.e management should be able to access the iSCSI servers through a firewall at the very least. The others should generally not share the same network. It is generally recommended to use 4 vSwitches but that also depends on the number of pNICs involved as well as pSwitches.

Check out my Topology blogs for some assistance on this.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
spig777
Contributor
Contributor

I was reffering to management and vmotion, no iSCSI or NFS used here at all, or ever will be.

2 stacked pswitches for fault tolerance. 6 pNIC's, 2 onboard 4 on card. I was thinking 4 active/active for VM's, with the other 2 used for management/vmotion in active/standby as mentioned in the Cisco doc.

Strange to me that the Cisco doc doesn't mention using a seperate vswitch. I would use 3 vswitches but as there are only 6 pNICs I'd say vmotion and management can share a vswitch as I'd like to keep 4 pNICs for VM's for bandwidth reasons. Obviously I want to have at least 2 pNICs per vswitch for fault tolerance.

I'm leaning towards using 2 vswitches rather than relying on using port group vmnic uplink preferences,despite what the Cisco doc says.

Reply
0 Kudos
Rob_Bohmann1
Expert
Expert

I generally agree that using multiple vswitches rather than multiple port groups per vswitch is a "cleaner" design (VM network vswitches excepted).

I think this is of greatest benefit where you have multiple admins with varying levels of experience and knowledge. If you are at a 1 or 2 person shop (VI Admins) then it is a wash probably. But if you have more people, and/or some who have not had a hand in designing/building out the infrastructure, then it is much more simpler for them to learn, use and troubleshoot with separate vswitches.

Texiwill
Leadership
Leadership

Hello,

More pNIC per switch does not mean things are better. I would have 2 pNICs for VMotion, 2 for Service Console, 2 for VMs. Use the other 2 where it is required. I would do some measurement of network performance and usage before assigning the extra pNICs where they are needed. If at all possible I would not mix VMotion with anything else.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos