VMware Cloud Community
Cavester
Contributor
Contributor
‎06-18-2009 05:46 AM
Jump to solution

Configuration Recomendations

Hi,

Can someone help me work this out please? I have had a nightmare trying to get HA working but that is for another post. First I want to reconfigure one of my ESXi boxes from scratch with your expert recomendations...

I have a HP DL 380 G4 with 2 onboard nics. I have installed an additional quad (4) port nic and 2 QLogic HBA's for storage. Can you tell me the correct why I should configure the box?

What I am thinking is this...

HBA0 - Private VLAN 2?

HBA1 - Private VLAN 2?

pNIC0 -> vSwitch0 -> Portgroup0 (service console) - Private VLAN 1?

pNIC1 -> vSwitch0 -> Portgroup0 (service console) - Private VLAN 1?

pNIC2 -> vSwitch1 -> Portgroup1 (VMotion) - Private VLAN 2?

pNIC3 -> vSwitch1 -> Portgroup1 (VMotion) - Private VLAN 2?

pNIC6 -> vSwitch3 -> Portgroup3 (VM Network) - Public LAN

pNIC7 -> vSwitch3 -> Portgroup3 (VM Network) - Public LAN

The part which I dont understand is the VLAN's. Should Service Console and VMotion be on separate VLAN's (required in esxi 3.5) or should the service console be on the Public LAN? Also should the HBA's be on the same VLAN as the VMotion VMKernel?

Very confused Smiley Sad

Thanks.

0 Kudos
1 Solution

Accepted Solutions
AntonVZhbankov
Immortal
Immortal
‎06-18-2009 06:00 AM
Jump to solution

I assume you have iSCSI HBAs.

First of all, make redundancy using ports from different physical NICs. If port goes down, it's very likely whole multiport NIC goes down. VMotion should not be on public network.

You can combine Service console and VMotion networks to one VLAN, since you don't have enough ports on internal NIC. Am I right that pNIC0-3 is quad and pNIC6-7 is internal?

vSwitch0 -> Portgroup0 (service console) - pNIC0 active pNIC6 standby - Private VLAN 1

vSwitch0 -> Portgroup1 (VMotion) - pNIC0 standby pNIC6 active - Private VLAN 1

All other pNICs add as active to vSwitch1 -> Portgroup2 (VM Network) - Public LAN

HBA0 - Private VLAN 2

HBA1 - Private VLAN 2


---

VMware vExpert '2009

http://blog.vadmin.ru

Message was edited by: Anton V Zhbankov

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda

View solution in original post

0 Kudos
12 Replies
AntonVZhbankov
Immortal
Immortal
‎06-18-2009 06:00 AM
Jump to solution

I assume you have iSCSI HBAs.

First of all, make redundancy using ports from different physical NICs. If port goes down, it's very likely whole multiport NIC goes down. VMotion should not be on public network.

You can combine Service console and VMotion networks to one VLAN, since you don't have enough ports on internal NIC. Am I right that pNIC0-3 is quad and pNIC6-7 is internal?

vSwitch0 -> Portgroup0 (service console) - pNIC0 active pNIC6 standby - Private VLAN 1

vSwitch0 -> Portgroup1 (VMotion) - pNIC0 standby pNIC6 active - Private VLAN 1

All other pNICs add as active to vSwitch1 -> Portgroup2 (VM Network) - Public LAN

HBA0 - Private VLAN 2

HBA1 - Private VLAN 2


---

VMware vExpert '2009

http://blog.vadmin.ru

Message was edited by: Anton V Zhbankov

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
0 Kudos
Cavester
Contributor
Contributor
‎06-18-2009 06:59 AM
Jump to solution

Thanks, the penny has dropped!

So, A) The service console does go onto a Private VLAN and B) I configure it the way you have suggested as I am unable to obtain redundancy with the quad card the way I had specified in my original post.

Thanks.

0 Kudos
Cavester
Contributor
Contributor
‎06-18-2009 07:01 AM
Jump to solution

P.S. Does it matter if I put the ISCSI HBA's on a separate VLAN or can I put them on the same VLAN as VMotion and Service Console?

0 Kudos
Cavester
Contributor
Contributor
‎06-18-2009 07:44 AM
Jump to solution

After trying this there are a couple of problems with what you have suggested.

One is that you cant have two VMKernals on different switches on the same subnet and the second is that I cant assign the nic from one switch to another for failover, they would need to be on the same switch.

Still confused ;(

0 Kudos
AntonVZhbankov
Immortal
Immortal
‎06-18-2009 07:53 AM
Jump to solution

You'll have active-standby redundancy. Active link fail - it will switch to standby.


---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
0 Kudos
AntonVZhbankov
Immortal
Immortal
‎06-18-2009 07:57 AM
Jump to solution

There are some reasons to divide iSCSI network and management network (and public).

1. Security. iSCSI is insecure protocol and you can have access to private data transmitted over network. But as far as VMotion is not more secure, security is not reason here.

2. QoS. If you don't have traffic priorities on switches, no reason to divide.

But you should divide public (VM Network) and management, of course.


---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
0 Kudos
AntonVZhbankov
Immortal
Immortal
‎06-18-2009 07:58 AM
Jump to solution

You don't have to have 2 VMkernels, just 2 ways to access VMkernel, that's all. 2 links are enough.


---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
0 Kudos
Cavester
Contributor
Contributor
‎06-18-2009 08:07 AM
Jump to solution

ESXi will not phisically let me place the VMKernal Port Service Console and VMKernel Port VMotion on 2 vSwitches if they are on the same subnet.

Also it will also not physically let me assign a vmnic on one switch as standby, active or anything else to another switch without first removing it from the switch it is on. They must be on the same vSwitch which is why the following suggestion will not work...

vSwitch0 -> Portgroup0 (service console) - pNIC0 active pNIC6 standby - Private VLAN 1

vSwitch1 -> Portgroup1 (VMotion) - pNIC0 standby pNIC6 active - Private VLAN 1

What I would need to do to get it to work is put them on the same switch in the same port group OR place them both on different VLANs, however if I done that then we still have a problem of not being able to use vmnic as standby which is already placed on another vSwitch.

0 Kudos
AntonVZhbankov
Immortal
Immortal
‎06-18-2009 08:19 AM
Jump to solution

Sorry, of course there is typo.

vSiwtch0 for both portgroups.


---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
0 Kudos
Cavester
Contributor
Contributor
‎06-18-2009 08:22 AM
Jump to solution

... And the portgroups? I cant have two VMKernel objects on the same subnet.

0 Kudos
AntonVZhbankov
Immortal
Immortal
‎06-18-2009 08:37 AM
Jump to solution

Oh, I thought you have ESXes, not ESXi's because of "service console".

My ESXi's are working fine with one VMkernel only without any problem.

Once you upgrade to ESXi 4, you can have 3 VMkernels on the same subnet, one for management, one for VMotion and one for FT traffic.


---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
0 Kudos
Cavester
Contributor
Contributor
‎06-18-2009 08:44 AM
Jump to solution

Bingo! Thanks buddy. I'll configure with one portgroup for both console and vmotion on a vlan and see how it goes. Then I can maybe split them out when I get round to version 4.

0 Kudos