Single nic for Console and VMSwitch at ESX 3.5 ins...

Superkikim · ‎03-18-2008

Hi,

I don't get it.... As long as I remember, it is not supported to use the console on the same nic as the virtual switch for VMs. The Console should have a dedicated NIC.

Therefore, why the hell in ESX 3.5, when you say during installation to create the VM network it adds it to the console vswitch ? Did I imss something ???

Another question: I heard from a collegue that it is best practice to make second Console port. This one can be with VMs.... Everything ok with that !?

Cheers

BryanMcC · ‎03-18-2008

The addition of the VM network on the same NICs as the Service Console is easily explained by the lack of some vendors providing additional network IO for the physical server itself.. Take the Dell blades for example they have an IO limitation of two network adapters if you are going to use a mezzanine for HBA in the 1855s and 1955s. Some times you are just limited and this addition to the feature set is a good solution for this limitation while still providing redundancy with the pNIC bond on your two adapters.

Not best practice but it works..

Here is a link for your second statement.

http://communities.vmware.com/message/588151

Help me help you by scoring points.

depping · ‎03-18-2008

I would add my secondary service console to the vmkernel vswitch, seems more save in my opinion. I wrote a blog about is a couple of months ago:

http://www.yellow-bricks.com/2008/01/14/service-console-redundancy/

Duncan

My virtualisation blog:

Texiwill · ‎03-18-2008

Hello,

It is possible to use only one pNIC for an ESX/VI3 server. It is however just not recommended. VMware never stated it was not possible. You can do this with everything on the same network, use VLANs, or even subnets. However I should say that performance and security will suffer.

Also in some cases it is necessary to place a VM on the SC network. I recently did this with a virtual FW so that the SC could temporarily access an ESX server on another network. This allowed us to copy over the existing VMs before shutting down the network. Once that was done, we shutdown the VM. This was a simple solution as they did not have this capability in physical terms. So yes, the automatically created portgroup does have some use. It is also a good place to put Administrative VMs that need access to that particular network. Perhaps your VC server? It all depends where the 'bridge' is between your production and Administrative networks. In my case they did not have one.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

azn2kew · ‎03-18-2008

There are situations that you don't enough NICs in placed or failured occured, so utilize it to temporary access to Virtual Machine network is alrite but performance and security will be in question. You must replace or add additional NICs asap in a production scenario. That's why everyone architected to have redundancy on virtual machine network port, SC, VMotion. There are situtation you only have two NICs in placed and one dead and yeah, you have to bind all SC/VMotion/VM Network 3 ports to 1 single NIC (bad but happened) that's low end testing environment

1. NIC1->SC/VMotion

2. NIC2->VMotion/SC

3. NIC3-4->VM Network

4. NIC5-6->DMZ/Spare

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

Regards,

Stefan Nguyen

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Stefan Nguyen VMware vExpert 2009 iGeek Systems Inc. VMware vExpert, VCP 3 & 4, VSP, VTSP, CCA, CCEA, CCNA, MCSA, EMCSE, EMCISA

Texiwill · ‎03-19-2008

Hello,

Also do not forget a pair of pNICs/HBAs for your storage solution. If its FC-HBA or iSCSI-HBA they are different, but iSCSI can also be used with pNIC and so can NFS.

For full redundancy and security of a system that uses iSCSI/NFS over pNIC with VM Networks you will want 8 pNICS. (2 for SC, 2 for vMotion, 2 for Storage, 2 for VMs)

If you add a DMZ network you will want another pair of pNICs.... I generally do not recommend mixing Production with DMZ VMs as there are issues where a DMZ VM can end up on a Production network and visa versa, but it is possible to do this within VI3. It depends on your approach to Security, and how much Security you really want, need, or require.