Solved: Re: Network Configuration advise

nelmangle · ‎04-21-2008

Dear all,

We are about to commence our first customer VMware architecture and would like to better understand how we best provision the networking element.

Our DC has the following networks Production, Backup and Management. Typically we we employ 2xnic (physical) ports to poduction, 1xnic (physical) port Management and 1xNic (physical) port Backup. In a VMware infrastructure how do we employ vSwitches etc in order to maintain this level of networking.??

E.g. do we have a vSwitch for Production with 2xPhysical NIC ports, and a vNIC within each VM

Should we place the service console on the management vSwitch and Management network.

All advise welcome

Regards

Nels

Erik_Zandboer · ‎04-21-2008

Hi,

If you have a setup using 4 NICs, I would consider to make one big vSwitch, trunked to the switch(es). Then prioritize each VLAN to a separate pNIC. Using this setup, each VLAN uses its own pNIC, untill it fails, then they'll start sharing (failover).

Another nice way (especially when you have management and production physically split), is to create two vSwitches, and make a team of 2 pNICs per vSwitch. Run production over one of them, and all non-production (console, vmotion, backup) over the other vSwitch. Prioritize once again if you have multiple VLANs trunked, for example put SC and backup on the first management pNIC, and VMOTION on the second, both allowing to failover to each other.

In the examples above I assume you do not use IP based storage. If you do, I'd suggest to use 6 pNICs, or think VERY carefully how to use your 4 pNICs (probably use the single vSwitch option then, and prioritize carefully).

Visit my blog at http://www.vmdamentals.com

View solution in original post

Yattong · ‎04-21-2008

Hey Nels,

You'll find a lot of information and how other ppl have configured their environment below.

http://communities.vmware.com/thread/140341?tstart=0

Good Luck

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points ~y

Erik_Zandboer · ‎04-21-2008

Hi,

If you have a setup using 4 NICs, I would consider to make one big vSwitch, trunked to the switch(es). Then prioritize each VLAN to a separate pNIC. Using this setup, each VLAN uses its own pNIC, untill it fails, then they'll start sharing (failover).

Another nice way (especially when you have management and production physically split), is to create two vSwitches, and make a team of 2 pNICs per vSwitch. Run production over one of them, and all non-production (console, vmotion, backup) over the other vSwitch. Prioritize once again if you have multiple VLANs trunked, for example put SC and backup on the first management pNIC, and VMOTION on the second, both allowing to failover to each other.

In the examples above I assume you do not use IP based storage. If you do, I'd suggest to use 6 pNICs, or think VERY carefully how to use your 4 pNICs (probably use the single vSwitch option then, and prioritize carefully).

Visit my blog at http://www.vmdamentals.com

nelmangle · ‎04-21-2008

Erik,

thanks.. not use of ip storage. we actually have 3 separate networks, Production, management and backup (which in this architecture is not going to be heavily utilised) and 4 pNICs to employ.

we will be using ent edition, so vMotion, DRS and HA...so how does this affect how we apportion things

thanks Nels

Erik_Zandboer · ‎04-21-2008

Hi,

When you state "separate networks", do you mean separate infrastructure (eg three different switches), or are these segments available in a single switch using VLANs? If you have different pSwitches, I would suggest to look at VLANning and trunking (802.1q or dot1q). If you have to keep things separate, I would suggest to use a team for your production environment to survive NIC/link failure for production. Then one port for management (in which you would have to run vmotion as well), and one port for backup remains. In a setup like that, I would recommend NOT to use HA, because HA is risky without having a redundant SC connection.

With the use of VLANning, the story above applies.

Visit my blog at http://www.vmdamentals.com

nelmangle · ‎04-21-2008

Erik,

VLan segregation for the various networks (prod, Man, Backup). So, based on your answer below, could i have 1 vSwitch=Prod with 2 pNIC ports, 1 pNIC port on each of the Backup and Management (vSwitches) networks and have the SC on both the man and backup?

thanks in advance

Nels

Erik_Zandboer · ‎04-21-2008

Hi Nels,

Like stated above: Two valid options would be to:

1) use one vSwitch with 4 uplinks, where each uplink is a dot1q trunk;

2) use two vSwitches with 2 uplinks each, where each uplink is a dot1q trunk (where you could allow/disallow certain VLANs if you wish/require).

The option you describe here would not work. Do not try to have a vswitch with two uplinks to different VLANs. Always create a team, where both uplinks contain the same set of VLANs in a dot1q trunk.

So in your case if you use two vSwitches:

1) create a vswitch with two uplinks, where both uplinks have access to the production VLAN (either direct access or through a single VLAN in a trunk);

2) create a second vswitch with two uplinks, where both uplinks have access to management, backup and vmotion VLANs through trunks;

3) prioritize traffic through the second vswitch so that for example service console and vmotion have one pNIC as their primary uplink, and backup uses the other pNIC as primary uplink.

That would give an acceptable solution I think. As you can see, both vswitches have two uplinks that carry identical VLANs, so that the vswitch may failover if a link fails. Also, by specifying the prioritisation, you make sure that vmotion traffic will not interfere with backup (as long as no NIC or link failure occurs).

Visit my blog at http://www.vmdamentals.com