VMware Cloud Community
Abby01
Enthusiast
Enthusiast
‎12-06-2010 01:01 AM
Jump to solution

1000v Port-profiels

I have an esx host with two 10gb nework card, connected to two nexus 5000. I have configured the

nexus 5000 to allow vlan 10-12 (FT,vmotion, Service Console), 13 14 and 15.

when creating port-profiles, will I need to create a port profile for each vlan.

Many Thanks,

Abby

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
logiboy123
Expert
Expert
‎12-08-2010 11:16 PM
Jump to solution

I personally always seperate out every function to a different VLAN;

1) Service Console or VMkernel if you have ESXi

2) VMotion

3) Fault Tolerance

4) iSCSI - Unless you have fibre channel

5) VM Networking - A seperate VLAN for each VM Network Port Group

6) Nexus 1000V Management

7) Nexus 1000V Control & Packet (you can further seperate these two out for added security if you want to)

I personally would not want to put vCenter on a distributed virtual switch with version 4.1. This can cause big problems if you lose either networking or vCenter. If I absolutely had to put vCenter on a vDS then I would also put my SQL instance on the same server as vCenter. But this of course depends on your budget, licensing constraignts etc.

The reality is that if you use a shared switching infrastructure, then having seperate virtual switches is a waste of time as once the data hits the physical network it is all on a shared medium. The only way to secure this type of setup is to use VLAN tagging. My company by default implements solutions where at the very least the Management layer is physically seperated from the data networks. If I get my way, I can also put iSCSI on seperate switch infrastructure as well.

Your Nexus 1000V Management networking needs to be able to talk to your vCenter server and each of the hosts and it needs to be routable. For these reasons I have historically put it on the same network as my Service Console. I create a VM Network port group and put the Nexus 1000V on it using the same VLAN ID as the service console network. However the Packet and Control networks do not need to be routable, they just need to be available to each host, so are fine to add as a generic VM Networking Port Group on the vDS.

How many network cards do you have per host? I will need to know before I can tell you what sort of Port Group configuration I would use.

Is your networking all shared, or do you have seperate physical switches? This will effect how many vswitches you should use.

Are you using iSCSI or Fibre Channel, if you have iSCSI will you use Jumbo Frames, do you want to use Round Robin Multipath IO? This will also affect how many vswitches you will need and their configurations.

Regards,

Paul Kelly

If you found this or any other post useful, please consider assigning points respectively.

View solution in original post

0 Kudos
7 Replies
mittim12
Immortal
Immortal
‎12-06-2010 05:31 AM
Jump to solution

Welcome to the forums. I have moved your thread to the vSphere networking forum.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

0 Kudos
logiboy123
Expert
Expert
‎12-08-2010 05:44 PM
Jump to solution

What are you putting your vCenter server on? a VM on a vDS?

I spoke with VMware support to find out if running vCenter on a vDS is supported. After dealing with quite a few people in Australia and India the final consensus was yes it is supported, but it is not recommended.

Apparently the next major point release of vSphere will include more supportability for running vCenter on a Virtual Distributed Switch. I would wait until 4.2 before doing this.

To answer your question I need to log into a client site and their VPN router is down at the moment. If you are still interested to find the answer please let me know and I'll check it out tomorrow.

Regards,

Paul Kelly

Abby01
Enthusiast
Enthusiast
‎12-08-2010 09:22 PM
Jump to solution

thanks for the response, however I am very new to virtual switches 1000v.

I have setup the trunk port as I have mentioned on the nexus 5000 ports. including vlan 10-12 (FT,vmotion, Service Console), 13 14 and 15 for data.

when seting up the port profiles do i need to setup a seperate port-profile for v motion, console, and the data part as well

as control-packet, and management.

I need to help in planning the number of port-profiles i would need to setup on the 1000v

thanks again

0 Kudos
logiboy123
Expert
Expert
‎12-08-2010 11:16 PM
Jump to solution

I personally always seperate out every function to a different VLAN;

1) Service Console or VMkernel if you have ESXi

2) VMotion

3) Fault Tolerance

4) iSCSI - Unless you have fibre channel

5) VM Networking - A seperate VLAN for each VM Network Port Group

6) Nexus 1000V Management

7) Nexus 1000V Control & Packet (you can further seperate these two out for added security if you want to)

I personally would not want to put vCenter on a distributed virtual switch with version 4.1. This can cause big problems if you lose either networking or vCenter. If I absolutely had to put vCenter on a vDS then I would also put my SQL instance on the same server as vCenter. But this of course depends on your budget, licensing constraignts etc.

The reality is that if you use a shared switching infrastructure, then having seperate virtual switches is a waste of time as once the data hits the physical network it is all on a shared medium. The only way to secure this type of setup is to use VLAN tagging. My company by default implements solutions where at the very least the Management layer is physically seperated from the data networks. If I get my way, I can also put iSCSI on seperate switch infrastructure as well.

Your Nexus 1000V Management networking needs to be able to talk to your vCenter server and each of the hosts and it needs to be routable. For these reasons I have historically put it on the same network as my Service Console. I create a VM Network port group and put the Nexus 1000V on it using the same VLAN ID as the service console network. However the Packet and Control networks do not need to be routable, they just need to be available to each host, so are fine to add as a generic VM Networking Port Group on the vDS.

How many network cards do you have per host? I will need to know before I can tell you what sort of Port Group configuration I would use.

Is your networking all shared, or do you have seperate physical switches? This will effect how many vswitches you should use.

Are you using iSCSI or Fibre Channel, if you have iSCSI will you use Jumbo Frames, do you want to use Round Robin Multipath IO? This will also affect how many vswitches you will need and their configurations.

Regards,

Paul Kelly

If you found this or any other post useful, please consider assigning points respectively.

0 Kudos
logiboy123
Expert
Expert
‎12-08-2010 11:50 PM
Jump to solution

Can you seperate out your 10GB NIC's into smaller virtual NIC's?

Regards,

Paul Kelly

If you found this or any other post useful, please consider assigning points respectively.

0 Kudos
Abby01
Enthusiast
Enthusiast
‎12-09-2010 12:16 PM
Jump to solution

I have two 10gb fibre connections per Host. I have 4 host running exi 4.1. I have vcentre already installed, and will require a VDS.

I know I will need two port-profiles for the Data Network, with the correct vlan ID, what other port-profiles will i require

I also have two seperate nexus 5000's switches, with one 10gb Fibre uplink to each port.

.

Regards,

0 Kudos
logiboy123
Expert
Expert
‎12-09-2010 12:33 PM
Jump to solution

So you will have a single vDS switch for all hosts with both 10GB NIC's assigned as uplinks on the switch.

This means you will need a port group for each of the major functions within vSphere and you should deffinately use VLAN tagging to seperate traffic.

With this setup I would use the following port profiles, each with its own VLAN ID:

1) VMkernel Port Group - Management

2) VMkernel Port Group - VMotion

3) VMkernel Port Group - Fault Tolerance

4) VM Network - Data Network 1

5) VM Network - Data Network 2

6) VM Network - Nexus Packet & Control

7) VM Network - vCenter Server & Nexus Management only

Regards,

Paul Kelly

If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

0 Kudos