Hello, guys. How are you doing?
I need some support here, could you help me?
I have six pNics installed in a server. The complete scenario is 2 identical esx servers, but it can change latter in the future, with more esx servers.
My original Idea is to give two nics for vm traffic, two for service console redundancy (one service console attached in these nics) , and the last two nics for vmkernel (vmotion). All the nics would be in the same network. So my question is: Is there any problem with that?
There is no problem in doing that but, it's better to place the Service Console behind a firewall on separate vLan and only the Administrators can gain access to it via restricted ports.
I was wondering if, with all the virtual machines in a network (eg.192.168.1.X) and with the service console and vmotion IP in the same network would be a problem. I also would like to know if the vmotion gateway being the same gateway of the VM's would be a problem, or if I dont have/need to specify vmotion gateway.
Yes, it's a problem because you are not segregating your networking traffic among others within the same host. Again, it's better to segregate the networking traffic becuase the vMotion traffic travels in Clear Text. If your vMotion network the same as the Service Console && your VMs Network "All in the same Network Range" and these VMs are internet facing then it's a security problem. If one of the VMs get compromized then the hacker can gain access to all of your host.
Lastly, can I "create a network" just for vmotion? I mean, this network does not exist in the LAN.....i would just give IP's in another range (like 10.1.1.X) for the vmotion interfaces in the esx servers. Or, to do it, i would need some real network implemented (for example a VLAN defined in the switch)
vMotion can work even as long as both network can reach each other even if they are connected via a Cross Cable. As long as the VMkernel Network of Host1 can ping other host VMkernel and the Default Gateway which is configured in the Service Console is pingable via VMKping command. Your vMotion should work without any problem even it's on 10.0.0.0 or 10.1.0.0
P.S: I know that, for security reasons, is best to keep the SC in another network , but this is not the case.
Thanks in advance.
Since you have got 6 pNics in your host. Do this;
pNic0 & pNic1 for vSwitch0 "Service Conosle"
pNic2 & pNic3 for vSwitch1 "VMkernel"
pNic4 $ pNic5 for vSwitch2 "VM Network"
If you would place a DMZ VMs You can do this;
pNic0 & pNic1 for vSwitch0 "Service Console & VMkernel" Using vLAN Trunking and both pNics can backup each other if one of them goes down, still you can access the Service Conole and still you will be able to vMotion
pNic2 & pNic3 for vSwitch1 for Production "Internal Network VMs"
pNic4 & pNic5 for vSwitch2 for DMZ VMs
Best Regards,
Hussain Al Sayed
Best Regards,
Hussain Al Sayed
Consider awarding points for "correct" or "helpful".
