VMware Cloud Community
lolo31
Enthusiast
Enthusiast
‎02-22-2018 03:11 PM
Jump to solution

Isolation address in 2 Node Stretched Cluster

Hello,

In a 2 Node Stretched Cluster :

Building1: ESX1

Building2: ESX2

Building3: Witness

Full L2 (No route / GW) for this VLAN that is used only for vSAN.

Dark Fiber 10Gb/s between Building 1 and 2.

I don't have any other device on this VLAN.

Is there any problem to use the Witness IP for the only isolation address ?

Thanks!

Reply
0 Kudos
1 Solution

Accepted Solutions
depping
Leadership
Leadership
‎02-28-2018 02:58 AM
Jump to solution

the isolation address in this case can be the witness, as it is only a 2 node cluster that shouldn't be a problem. I do wonder how the witness is connected to the "data sites"... as full L2 including the witness network is not a scenario we recommend.

View solution in original post

Reply
0 Kudos
5 Replies
srodenburg
Expert
Expert
‎02-27-2018 07:41 AM
Jump to solution

Well, a problem that I see is when you upgrade the witness-appliance. It' a rip-and-replace procedure. You delete the old appliance, build a new one by deploying a newer appliance-version etc. and all that time, both nodes are going bezerk because the witness is gone.

Don't forget that while the witness is unavailable, you cannot produce new objects. You can forget about making snapshots or powering on a VM etc. as all such actions produce new objects (snapshot-object, swap-object etc.)

And what if you simply reboot te witness. Not a problem as it's quite fast but both nodes will freak out.

Something tells me this is a bad idea... 😉

Read this:  Isolation Address in a 2-node direct connect vSAN environment? - Yellow Bricks

Or if the buildings are quite far apart and have their own physical uplinks to site 3, it's actually becoming a regular stretched cluster. Then this best practise applies: vSphere HA heartbeat datastores, the isolation address and vSAN - Yellow Bricks

Reply
0 Kudos
GreatWhiteTec
VMware Employee
VMware Employee
‎02-27-2018 08:27 AM
Jump to solution

Please refer to StorageHub for recommendations on this setting.

https://storagehub.vmware.com/t/vmware-vsan/vsan-stretched-cluster-2-node-guide/cluster-settings-vsp...

Reply
0 Kudos
depping
Leadership
Leadership
‎02-28-2018 02:58 AM
Jump to solution

the isolation address in this case can be the witness, as it is only a 2 node cluster that shouldn't be a problem. I do wonder how the witness is connected to the "data sites"... as full L2 including the witness network is not a scenario we recommend.

Reply
0 Kudos
lolo31
Enthusiast
Enthusiast
‎02-28-2018 05:57 AM
Jump to solution

Hello,

Thanks you all for this informations.

depping

For the L2 network with the witness, I had no choice. (I know that L3 is recommended).

But you know, L2 is supported and the customer did not want to route his trafic to Witness...

With Witness for the isolation address, I tried a lot of failure scenario, and everything works as expected so i am going to keep it that way for now.

Regards.

Reply
0 Kudos
srodenburg
Expert
Expert
‎02-28-2018 11:36 PM
Jump to solution

I still think there will be a problem when the witness appliance is, for example, upgraded.

During an upgrade, the appliance is removed from the FD config and the VM removed. From that moment on, both hosts will think they are isolated and start killing off VM's. There is no witness anymore to pick a winner either.

One can not hand-start VM's as it requires the witness appliance to be alive. But it's gone. So you end up stuck, until a new appliance is deployed and registered in the vSAN config of the cluster. Only then can you start VM's again.

It sounds like asking for trouble to be honest..

Reply
0 Kudos