VMware Cloud Community
LFC
Enthusiast
Enthusiast
‎07-06-2017 02:12 AM

vSAN Witness - Offsite Location

We are looking to build a vSAN 6.6 Stretched cluster in one of our clients offices in europe. The DC's are 500m apart and connected by 10g. Each DC has 2 x vSAN hosts and they are on the same L2 VLAN. The vSAN VLAN is not routable, however the Management VLAN is.

There is no other ESXi systems in the site, but the head office in the UK has a large VMware estate. Is there a solution for this? Reading some of the vSAN documentation there is a suggestion that an additional VMK port can be created on the Management VLAN and tagged for vSAN, but I nned to know if this will work prior to deployment.

The alternative is to go with a standard vSAN and raise the FTT to ensure there is always a copy of the data in both DC's

Thanks in advance, sda24269

10 Replies
Sreejesh_D
Virtuoso
Virtuoso
‎07-06-2017 02:57 AM

hi,

please have a look into the section "11. Stretched Cluster and 2-Node Configuration" in the vSAN POC guide.

Preview file
18412 KB
0 Kudos
LFC
Enthusiast
Enthusiast
‎07-06-2017 05:29 AM

Hi yezdi

I have read that section, however I did not know if this was specifically for the 2 node configuration. Our solution has 4 nodes, 2 in each DC

Thanks

0 Kudos
LFC
Enthusiast
Enthusiast
‎07-06-2017 09:41 AM

Hi Dave

Am I understanding you correctly here?

My vSAN Witness appliance would be resident on a cluster in the UK

My 4 x vSAN Data hosts would be in Germany.

The Germany ESXi hosts 'Management' VMK is routable and manageable from the UK, but the vSAN VMK's are on a Layer 2 stretched VLAN which is inaccessible from the UK.

So so I create an additional VMK on the 'Management' subnet on these hosts and tag for vSAN?

Thanks

Sean

0 Kudos
LFC
Enthusiast
Enthusiast
‎07-07-2017 03:14 PM

Thank you very much for your input. I will get this setup in a PO environment to prove the process ahead of the live installation

Regards

Sean

0 Kudos
Jasemccarty
Immortal
Immortal
‎07-09-2017 05:45 PM

Witness Traffic Separation is not supported in vSAN Stretched Cluster configurations, only in 2 Node configurations. 

Jase McCarty - @jasemccarty
steffen_richter
Hot Shot
Hot Shot
‎07-10-2017 02:00 PM

Hey LFC ,

I can only recommend to listen to Jasemccarty  response (he is the one who definitely knows best).

As of now the WTS / Witness Traffic Separation is not supported for Stretched Clusters, only for 2 nodes. This may or may not change in the future, but this is the situation now. Stretched Clusters are a bit different, please don't treat it like a 2-Node Smiley Wink.

BR

Steffen

VCI since 2009
0 Kudos
Jasemccarty
Immortal
Immortal
‎07-10-2017 02:45 PM

There was an error on storagehub.vmware.com that indicated it would be supported if (and only if) the Witness Traffic VMkernel connection and the vSAN VMkernel connection were connected to the same physical switch.

The error on storagehub has been corrected.

At some point this may become a  supported configuration, but it isn't today.

Jase McCarty - @jasemccarty
LFC
Enthusiast
Enthusiast
‎07-11-2017 12:45 AM

Hi Jase

Thats bad news for me, as I now have this configuration up and running and it seems to work fine. We did decide to install an additional server in the Germany site to host the witness appliance as per the instruction in the documntation you referenced that it must connect to the same physical switch.

Am I correct in saying that the vSAN VLAN therefore needs to be routable at L3 on the network? If WTS is not supported, then how does the witness communicate with the nodes on the remote vSAN network? My customers WAN infrastructure does not allow us to add/publish additional routed subnets, so this would be a non-starter as communication from another site will not work.

I could add a Witness VLAN and make the vSAN VLAN routable within the Germany site, but not out onto the WAN. I could then place the witness host somewhere in the Germany site (not either of the 2 x datacentres) on the Witness subnet and use a routed L3 connection to the vSAN subnet?

Does this sound feasible? If not, can you offer any alternatives as my customer has invested a signifcant amount of money  in this all flash vSAN solution

LFC

0 Kudos
GreatWhiteTec
VMware Employee
VMware Employee
‎07-11-2017 06:53 AM

Thanks for updating the docs. I'm removing my replies to avoid confusion.

0 Kudos
Jasemccarty
Immortal
Immortal
‎07-13-2017 03:16 PM

LFC​ the vSAN network will be required to be routable to the Witness in a 3rd location.


The hosts in each of your DC's will be required to communicate with the Witness VMkernel interface tagged for vSAN traffic.

The Witness VMkernel interface (vmk1) must have separate routing to each of your 2 DC's.

More information specific to vSAN Stretched Clusters can be found here: vSAN Stretched Cluster & 2 Node Guide

Jase McCarty - @jasemccarty
0 Kudos