- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Nick,
Its actually pretty straightforward. In your case, you need to first start checking the physical switch configuration where your esxi hosts are connected.
NOTE: The default TCP/IP route table you are seeing in your esxi host will show you the management vmkernel port used to manage your esxi host.
As per your description, you said you have 4 ports on each esxi host and you have 2 hosts which makes total of 8 ports going to your physical switch.
As per my understanding, your requirement of network separation is to have 3 different networks one for management, one for backup and one for VM.
- Please be informed that the management IP of your esxi hosts is always be default assigned to the vmkernel port usually named as VMK0. (I hope you are aware of the functionalities and difference between a vmnic, vmknic and vnic)
- FYI, vmkernel ports are used in esxi hosts to handle certain types of traffics internally(within the VMware environment) like management, iscsi, vmotion, FT logging and vsan.
You need to check your physical switch configuration for the 8 esxi ports connecting to it. Check for below:
- Check if the ports are in access mode or trunk mode. If your esxi hosts needs to accept traffic from different subnets/vlans the ports need to be in trunk mode.
- Check if LACP is configured for all the 8 ports or just 4 ports per esxi host.
- All the network separation happens at the L2 physical switch and be informed that esxi standard virtual switch is not a layer 2 device.
If above criteria is met, then you need to configure your standard virtual switches in both of your esxi hosts to further connect your VMs.
- By default the management network is assigned to the vmkernel port vmk0 and is part of vswitch0(unless you've changed it) and it will be mapped to one of the port of your esxi host. Leave it mapped to a single physical port and move forward.
- It would be ideal to map the other port to vswitch0 and create a new port group with name "PG-VM" or "PG-VLANID" in this switch for your 'VM' traffic where your management vmkernel port resides as you need to also keep redundancy of the physical ports in your mind to avoid single point of failure.
- Now you have 2 physical ports mapped to your first virtual switch(vswitch0) through which your VM and Management traffic(Keep in mind it is just management of Esxi and not VMs)will pass.
Now you have 2 ports left on each of your esxi hosts to use for your 'Backup' traffic.
- You can create a new virtual switch and a new port group for backup traffic and map this switch to the other 2 physical ports and name them "PG-Backup" or "PG-VLANID".
Please check VMware docs for the load-balancing modes and modes for redundancy of the physical ports which needs to be configured on the virtual switch level when you configure uplinks.
This way you can separate your traffic on the virtual switch level which does a logical separation as I told you before that the actual separation of networks happens on your L2 physical switch.
Now you can assign the VMs nics to the specific port groups.
Furthermore, as for your backup traffic goes, you can assign a separate nic to the proxy VM from the "PG-Backup" port group and use the IP from the backup subnet.
When the packet from backup port leaves the VM its header will have the route info and it will find its way through the physical ports of esxi to the physical L2 switch where it will find the route information of its vlan.
For DNS issue, you can use the same mechanism which you are using.
Please post the screenshots of your vswitch configuration and topology view if you need further assistance on this matter.
Thanks and don't forget to mark this answer as solution if it resolves your issue.