Secondary Management Network on "NFS vSwitch"

I am having a hard time understanding and was hoping I can get some help.

vSwitch0 has two vmk's for Manangement and vMotion.

vSwitch1 has one vmk for secondary Management (vmk2) and one vmk for NFS (vmk3).  vmk2 and vmk3 are on the same subnet.  Load balancing is IP Hash going into a Cisco 4500.  Four vmnics are port channeled over two seperate blades.

When configuring the NetApp for read/write permissions on the share, we only allowed the IP address for vmk3.  We could not write to the datastore until we added the IP of vmk2 to the NetApp permissions.

So my question is even though it is a vmk checked for management, ESXi still uses it for IP storage traffic?  Am I misssing a configuration step that will make vmk2 handle only management traffic? Is this a valid configuration?

Any help is much appreciated.

0 Kudos
2 Replies

I guess using same network for Management and NFS is not recommended.Also, were you using only one nic connected to vSwitch1.

Create another vSwitch i.e vSwitch2 and create vmk3 for NFS.Check it now with out assigning read/write permissions to  IP of vmk2.

As part of best configuration, please refer "Networking Best Practices" @ .This section talks about using different VLAN ID's to differentiate between the management network and NFS traffic.If you cannot alter your network traffic as mentioined above,try tagging with a VLAN ID to vmk3 and check.



I'm afraid that the VMware multipathing is a bit more complex you think.

With ip hash method, having 2 vmknic or 2 uplink is not enough to ensure it'll multipath.

VMware is using an algorithm to calculate a path. It takes into account the source ip address (vmk) and the destination ip address (your nfs array). BUT if unfortunately, the algorithm give the same answer for both calculation... the path will be the same.

Please follow the VMware KB to understand how path is calculated with ip hash : here and how to set your ip addresses to be sure multipathing works.

This article speaks about one vmk and two NFS array ip address. I think it's the only way to realy multipath your nfs trafic.

In my mind, the vmkernel will always use the first vmk contacting the array. So having 2 vmk will NOT multipath and it's the reason why you had to allow your first VMK to write to make NFS working. i think until your first vmk will reach the destination, the second will never be used.

One other way, is to have one vmk and one nfs ip in a IP range (ex and one second vmk and a second nfs ip in a second range (ex Then you can be sure both path will be used, but this scenario depend the storage array type and how failover occurs.

hope it helps.

Stéphane Grimbuhler

Senior Virtualization & Storage consultant (VCP / VCAP-DCA)

VMware Instructor (VCI)

My Blog :

Grimbuhler Stéphane (VCP, VCAP-DCA, VCI) (My virtualization blog)
0 Kudos