dsohayda
Enthusiast
Enthusiast

Check my management network configuration please?

Jump to solution

I'm trying to work out the settings outlined in this yellow-bricks article, but i'm not sure i've got it right;

http://www.yellow-bricks.com/2011/03/22/esxi-management-network-resiliency/

I have two vmnics added to vswitch0, vmnic0 and vmnic10.

2013-06-27_11-02-34.jpg

On that vswitch I have two port groups, one for vmotion vmk1 and the other for management vmk0.

On the NIC teaming tab of the vmotion port group I specify vmnic10 as the active adapter and vmnic0 as the standby with failback set to no.

2013-06-27_10-56-42.jpg

On the NIC teaming tab of the management network port group I do the opposite, vmnic10 is standby and vmnic0 is active, but with failback set to no again.

2013-06-27_10-57-06.jpg

Is this correct so far?

What I'm ultimately confused by is the vswitch configuration NIC teaming tab. Should both adapters be set to active since they are each active for a different port group in that vswitch? and should failback be set to no in that tab as well?

2013-06-27_10-56-14.jpg

Thank you for any help you can provide.

0 Kudos
1 Solution

Accepted Solutions
vMario156
Expert
Expert

The first thing I noticed: You are using the same subnet for your managment and the vmotion traffic.

Use VLANs and put it on separated segments (vMotion traffic is not encryted).

Regards,

Mario

Blog: http://vKnowledge.net

View solution in original post

0 Kudos
11 Replies
vMario156
Expert
Expert

The first thing I noticed: You are using the same subnet for your managment and the vmotion traffic.

Use VLANs and put it on separated segments (vMotion traffic is not encryted).

Regards,

Mario

Blog: http://vKnowledge.net

View solution in original post

0 Kudos
dsohayda
Enthusiast
Enthusiast

That is how we used to do it, but using two distinct vswitches, one for vmotion on vlanX, and the other for management on vlanY.

I thought the benefit of the yellow-bricks configuration was that it was redundant in that if one vmnic goes down the standby kicks in and takes over.

If we were to use different vlans how would that work? once it failed over to the standby vmnic wouldn't that cause it to get a different IP address on that new vlan? or am I missing something?

0 Kudos
admin
Immortal
Immortal

vMotion has internal vSwitch traffic.So it should not matter if both vMotion and mgmt network belong to same VLAN. But I would recommend to set Failover to yes if vmnic10 has to failover to vmnic0 or vice-versa in case of failure.

0 Kudos
dsohayda
Enthusiast
Enthusiast

Why would you set failover to yes, and in what nic teaming tab? The one on each port group, or the one on the vswitch? Or all of them?

The article mentions setting it to no to avoid a false positive on startup.

We highly recommend setting failback to “No” to avoid chances of a false positive which can occur when a physical switch routes no traffic during boot but the ports are reported as “up”. (NIC Teaming Tab)

0 Kudos
cjscol
Expert
Expert

I don't know if it is still the case with ESXi 5 but with 4.1 if the Management interface and the vMotion interface were configured on the same subnet, even if they used different vSwitches, then the vMotion traffic went out of the pNIC configured for Management, even of the vMotion vmkernel port was configured to use a different pNIC on the same vSwitch as detailed above.  See ESXi4.1 vMotion using incorrect vmnic | Pelicano Computer Services

Calvin Scoltock VCP 2.5, 3.5, 4, 5 & 6 VCAP5-DCD VCAP5-DCA http://pelicanohintsandtips.wordpress.com/blog LinkedIn: https://www.linkedin.com/in/cscoltock
0 Kudos
NagangoudaPatil
Enthusiast
Enthusiast

Work with network team to get VLAN for each segment, service console and vMotion.

0 Kudos
dsohayda
Enthusiast
Enthusiast

I can do that, but I'm not sure I understand why I would do that if I'm using each port group as a standby for the other. If we were to use different vlans how would that work? once it failed over to the standby vmnic wouldn't that cause it to get a different IP address on that new vlan? This does not seem ideal to me.

0 Kudos
OscarDavey
Hot Shot
Hot Shot

Hello,

My recommendation and not mine (this is the theory), use separate subnets for

management and internal traffic, use VLANs, it is effective and at first secure.

Hope helped you.

0 Kudos
TommyFreddy
Enthusiast
Enthusiast

Separate VLAN and subnet is better for you. That can increase your administrative control as fail over.

0 Kudos
dsohayda
Enthusiast
Enthusiast

Thanks for the input. We went the vDS route with management on its own vlan and vmotion on a non-routed separate vlan.

0 Kudos
OscarDavey
Hot Shot
Hot Shot

Sounds perfect!

Your Oscar

0 Kudos