VMware Cloud Community
RussellArdo
Contributor
Contributor
‎06-14-2018 07:00 AM
Jump to solution

Is it possible to isolate vSphere Replication Traffic to a dedicated VLAN?

Environment... vCenter Server v6 Update 3c, 3x Hosts v6... split into two physical locations at my site. e.g. 2x hosts located in Site A and 1x host located in Site B.

Each site has two DataStore ( Primary and Backup ) and the sites are linked with multiple 10 GbE Ethernet connections.

I would like to use vSphere Replication to replicate all Primary DataStore guests to the opposite Site's Backup DataStore.

E.g. a Guest located in Site A / Primary DataStore is replicated via the Replication Appliance to Site B / Backup DataStore and vice versa.

Now... this is possible and I have it working... even with just the one Replication Appliance.

To my knowledge you can only have one Master Replication appliance per vCenter Server as this holds all the replication config and history in a database form.

Additional Replication appliances can be added ( think they are actually called AddOns ) to disperse processing load across servers but that's all they do.

Anyhow... now to the question...

I'd like to isolate the network traffic of vSphere Replication to an independent VLAN.

The concept here being... I could dedicate physical host NICs and network resources to perform this operation and keep the traffic within a separate broadcast domain from the Management VLAN.

However... the guides for setting this are puzzling me and I don't think it is possible.

The network isolation guide step you through setting up a Port Group with VMKernel ( specifying an IP Address ) and selecting options for this VMKernel to be used for vSphere replication... two tick boxes for outgoing and incoming ( NFC ).... on each host. Source and Target.

NOTE - The add networking wizard does allow you to specify a VLAN through this process too although nothing is mentioned in the guide.

Next you turn off your Replication appliance... add a second NIC... boot it up and assign it an IP Address through the VAMI.

NOTE - The guide does not mention the Port Group you need to assign to this second NIC.

What I'm puzzled with at this stage is that when you add a second NIC... you can't select the newly created Port Group as it is setup as a VMKernel.

This leaves me to question the data flow of the vSphere replication network isolation and I don't think it is possible to keep this traffic within it's own VLAN.

So my two questions are...

1) Am I correct in thinking that vSphere Replication Traffic isolation is only isolating traffic to a NIC and can not be separated to a VLAN?

2) Does the 2nd NIC added to the Replication Appliance need to be on the same LAN ( VLAN ) as the Host Port Group VMKernel?

Many Thanks

0 Kudos
1 Solution

Accepted Solutions
RussellArdo
Contributor
Contributor
‎07-06-2018 11:49 PM
Jump to solution

I had a conversation with VMware support and raised this question with them.

Answers were Yes and Yes... however...

Traffic Isolation within a VLAN does look to be possible... you just need a another PortGroup.

E.g. follow the guides on setting up the VMKernel on each host, set the VLAN ID and the respective IP Address for that VLAN and tag for sphere replication.

At this point you won't be able to add a second NIC to the Replication Appliance using the new Port Group because it is configured with a VMKernel.

However you can create another Port Group ( without VMKernel ), specify the same VLAN ID configured earlier when tagged for replication... and assign that Port Group to the Replication Appliance as a second NIC.

Just make sure the second NIC is configured with the same IP Range as the VMKernel, your physical switches used to interlink your host vSwitches are tagged for the VLAN.

I'm already very impressed with vSphere replication.

I have an essentials plus license too so no Storage vMotion and this has helped no end to move guests around our DataStores with minimal outages when compared to waiting for a 1TB guest to vMotion whilst Offline.

I've successfully performed recovery for a Windowds 2012 R2 Domain Controller as well ( requires quiesce set on replication config to keep AD consistent ).

In addition... due to my license limits... this also came helpful when needing to clean up orphaned snapshots created by backup solutions .... that are a pain to remove through cloning due to the lengthy outage on guests with large disks. Is now pretty much a reboot to resolve through recovery.

I'd urge anyone looking to use vShpere replication to investigate seeding too... e.g. after recovery, remove original guest from inventory...create a new replication config for the recovered guest pointing back to the original data store. Very impressive and only block changes are synced.

View solution in original post

0 Kudos
1 Reply
RussellArdo
Contributor
Contributor
‎07-06-2018 11:49 PM
Jump to solution

I had a conversation with VMware support and raised this question with them.

Answers were Yes and Yes... however...

Traffic Isolation within a VLAN does look to be possible... you just need a another PortGroup.

E.g. follow the guides on setting up the VMKernel on each host, set the VLAN ID and the respective IP Address for that VLAN and tag for sphere replication.

At this point you won't be able to add a second NIC to the Replication Appliance using the new Port Group because it is configured with a VMKernel.

However you can create another Port Group ( without VMKernel ), specify the same VLAN ID configured earlier when tagged for replication... and assign that Port Group to the Replication Appliance as a second NIC.

Just make sure the second NIC is configured with the same IP Range as the VMKernel, your physical switches used to interlink your host vSwitches are tagged for the VLAN.

I'm already very impressed with vSphere replication.

I have an essentials plus license too so no Storage vMotion and this has helped no end to move guests around our DataStores with minimal outages when compared to waiting for a 1TB guest to vMotion whilst Offline.

I've successfully performed recovery for a Windowds 2012 R2 Domain Controller as well ( requires quiesce set on replication config to keep AD consistent ).

In addition... due to my license limits... this also came helpful when needing to clean up orphaned snapshots created by backup solutions .... that are a pain to remove through cloning due to the lengthy outage on guests with large disks. Is now pretty much a reboot to resolve through recovery.

I'd urge anyone looking to use vShpere replication to investigate seeding too... e.g. after recovery, remove original guest from inventory...create a new replication config for the recovered guest pointing back to the original data store. Very impressive and only block changes are synced.

0 Kudos