VMware Cloud Community
glee9
Contributor
Contributor
‎05-26-2009 01:30 PM

separate VLANs how do i justify

Hi all,

I'm currently setting up a small lab environment (1 VC host, 10 ESX hosts) with 2 NICs per host, and FC for each box. I've been talking to my network admin about creating separate vlans for service console and vmotion. He's asking me for justification and I've been reading the docs and forum to see if I can come up with something concrete.

As I understand it, here are the reasons:

-better security

-it's considered "best practice" in VMware

-in some cases can help to reduce contention between competing network resources

As I am in a lab setup, I've been able to run everything over one subnet (one VLAN), but how do I convince my network guy that I need more vlans?

Thanks for your help,

-g

0 Kudos
7 Replies
JarrettCampbell
Contributor
Contributor
‎05-26-2009 01:38 PM

Well for one, you nailed it on the better security and best practice- that should be enough said right there but if you need more, tell him that Vmotion, HA and DRS is typically pretty chatty and that you need to isolate that from your VM's for a variety of obvious reasons

0 Kudos
Steve_Tron
Enthusiast
Enthusiast
‎05-26-2009 01:50 PM

Hi,

Security is a good one vmotion sends data unencrypted, however if you wish to lab various network senarios like creating a DMZ network for virtual web servers etc vlans are the way to go

Regards

0 Kudos
jcck20007
Enthusiast
Enthusiast
‎05-26-2009 01:57 PM

how many VM you planning on deploy to each of your 10 hosts ? it all depend on your the expectation of how you going to grow your farm

0 Kudos
glee9
Contributor
Contributor
‎05-26-2009 02:01 PM

We are anticipating 4-6 VMs per host. My inclination is to go with Vmware (and the community of experts, ie you guys)'s recommendations and push for the vlans. Am trying to be able to categorically rule out the "but you don't need them" argument.

Thanks for all the quick replies - keep em comin!

0 Kudos
jcck20007
Enthusiast
Enthusiast
‎05-26-2009 02:11 PM

yes, you can tell your network team / guy that whenever there is a performance issue with your VM, they will be bugged the living life out them try to troubleshoot it .

what does it take for them to create a vlan for you ? an extra switch port or any additional cost ? or just time to configure them ?

if you have not tried

you can also try to push it from the management side to pressure the change (well nicely put it, to explain your point)

0 Kudos
glee9
Contributor
Contributor
‎05-26-2009 02:47 PM

I think their concern is that they have an existing architecture and they want to know why they would need to modify it.

0 Kudos
mehul96
Enthusiast
Enthusiast
‎05-26-2009 03:20 PM

If I am guessing it right, the purpose of this lab would be to pilot an actual deployment, test the available features and do some benchmarking. If so, then another justification would be to configure the lab as close as possible to the production environment. As others have mentioned, security and performance should get their attention upfront (or later when they experience sporadic traffic bursts on production LAN when using DRS (auto) or manual vmotion!)

Mehul

0 Kudos