VMware Cloud Community
heywoodg
Contributor
Contributor
‎10-22-2008 04:45 AM

Best practice for vswif gateway device

Hello,

I am configuring two service consoles on our ESX hosts. One is on a dedicated NIC, and the other one is on the SAN Network (we have an Equallogic iSCSI array).

It all seems OK and I can connect to both SC's via each IP, but I am unsure as to whether I should be designating a specific vswif interface as the gateway device (currently I am), or leaving it as auto?

Any hints or suggestions?

0 Kudos
2 Replies
Texiwill
Leadership
Leadership
‎10-22-2008 07:59 AM

Hello,

There are two schools of thought on iSCSI SC connectivity. The first is to create 1 SC and have it participate within the iSCSI network through a gateway, routing, etc. The second is to place a new SC port on the iSCSI network, which doubles your attack surface for the ESX SC. However, this depends on the security of your iSCSI network. If it is just for ESX hosts then its not a big issue, if it is for VMs and other hosts as well, that could be a concern.

Either way the default gateway for the SC should be the one for the primary SC and NOT for the iSCSI network. You can add a route specific to the iSCSI network if you need, but you should not make anything on that network the default gateway.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
heywoodg
Contributor
Contributor
‎10-23-2008 07:46 AM

Thanks for that, but I think we are talking about different gateways. What I am referring to is:

  1. Go to the configuration tab

  2. Click on networking

  3. Click on "properties" for one of the switches with a service console

  4. Edit the properties of the service console

  5. Press the edit button

  6. Look at the gateway device for the service console

Apologies if you are talking about the same thing and I just don't understand it!

Currently, that gateway device is set to a specific vswif, but with multiple service consoles, I am just wondering if I should set it to "auto".

Cheers

0 Kudos