VMware Cloud Community
vctl
Contributor
Contributor
‎06-24-2014 05:15 PM
Jump to solution

Best practices for setting up vSphere network with two subnets?

Okay, so I am setting up 3 ESXi hosts connected to a shared storage with two different subnets. I configured iSCSI initiator and iSCSI target with its own default gateway - 192.168.1.1 - passing through a Cisco router and did the same with the hosts configured with its own default gateway - 192.168.2.2. I am not sure if I should have a router in the middle to route traffic between the two subnets since I am using iSCSI port binding and NIC teaming. If I shouldn't use a physical router, how I can route traffic between different subnets and use iSCSI port binding at the same time. What are best practices for setting up a vSphere network with two subnets (ESX hosts network | iSCSI network)?. Thank you in advance.

Reply
1 Solution

Accepted Solutions
HeathReynolds
Enthusiast
Enthusiast
‎06-24-2014 05:56 PM
Jump to solution

The most common install for iSCSI would be so traffic between the hosts and

the storage isn't routed, since a router there could reduce performance.

If you had VLAN 10(192.168.1.0/24) iSCSI, VLAN 20 (192.168.2.0/24) ESX

MGMT, and VLAN 30 (192.168.3.0/24) Guest VMs, and VLAN 40 (192.168.4.0/24)

vMotion a deployment scenario could be something like :

NIC1 - vSwitch 0 - MGMT VMK(192.168.1.10) active, vMotion VMK(192.168.4.10)

standby

NIC2 - vSwitch 1 - Guest VM port group (VLAN30) active

NIC3 - vSwitch 2 - iSCSI VMK1(192.168.1.10) active

NIC4 - vSwitch 2 - iSCSI VMK2(192.168.1.11) active

NIC5 - vSwitch 1 - Guest VM port group (VLAN30) active

NIC6 - vSwitch 0 - MGMT VMK(192.168.2.10) standby, vMotion

VMK(192.168.4.10) active

You would place you storage target on VLAN 10 with an IP of something like

192.168.1.8 and iSCSI traffic would remain on that VLAN. The default

gateway configured in ESXi would be the router on VLAN 20 with an ip of

something like 192.168.2.1. Hope the scenario helps lay out some options.

On Tue, Jun 24, 2014 at 7:16 PM, vctl <communities-emailer@vmware.com>

My sometimes relevant blog on data center networking and virtualization : http://www.heathreynolds.com

View solution in original post

Reply
0 Kudos
5 Replies
rcporto
Leadership
Leadership
‎06-24-2014 05:23 PM
Jump to solution

I recommend you take a look at this document: http://www.vmware.com/files/pdf/iSCSI_design_deploy.pdf

And iSCSI port bind does not support routing.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
Reply
HeathReynolds
Enthusiast
Enthusiast
‎06-24-2014 05:56 PM
Jump to solution

The most common install for iSCSI would be so traffic between the hosts and

the storage isn't routed, since a router there could reduce performance.

If you had VLAN 10(192.168.1.0/24) iSCSI, VLAN 20 (192.168.2.0/24) ESX

MGMT, and VLAN 30 (192.168.3.0/24) Guest VMs, and VLAN 40 (192.168.4.0/24)

vMotion a deployment scenario could be something like :

NIC1 - vSwitch 0 - MGMT VMK(192.168.1.10) active, vMotion VMK(192.168.4.10)

standby

NIC2 - vSwitch 1 - Guest VM port group (VLAN30) active

NIC3 - vSwitch 2 - iSCSI VMK1(192.168.1.10) active

NIC4 - vSwitch 2 - iSCSI VMK2(192.168.1.11) active

NIC5 - vSwitch 1 - Guest VM port group (VLAN30) active

NIC6 - vSwitch 0 - MGMT VMK(192.168.2.10) standby, vMotion

VMK(192.168.4.10) active

You would place you storage target on VLAN 10 with an IP of something like

192.168.1.8 and iSCSI traffic would remain on that VLAN. The default

gateway configured in ESXi would be the router on VLAN 20 with an ip of

something like 192.168.2.1. Hope the scenario helps lay out some options.

On Tue, Jun 24, 2014 at 7:16 PM, vctl <communities-emailer@vmware.com>

My sometimes relevant blog on data center networking and virtualization : http://www.heathreynolds.com
Reply
0 Kudos
vctl
Contributor
Contributor
‎06-24-2014 06:09 PM
Jump to solution

I appreciate your detailed answer. When you said VLAN, did you mean on the physical switch or the virtual port properties VLAN ID?. Thank you.

Reply
0 Kudos
rcporto
Leadership
Leadership
‎06-24-2014 06:13 PM
Jump to solution

The VLAN must be present on both... on the physical switch and vswitch port group.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
Reply
HeathReynolds
Enthusiast
Enthusiast
‎06-24-2014 06:26 PM
Jump to solution

So there are a couple of places that you can manage VLAN tags in ESXi.

Ethernet frames have VLAN tags inserted, and these tags tell the switch

which VLAN that frame is destined for. The two important methods for us are

:

EST(External Switch Tagging) - In this case ESXi isn't aware of the VLAN

tag ID. ESXi passes ethernet frames upstream to the physical switch, and

the physical switch tags the frames based on the VLAN the port is assigned.

The cisco configuration for this would look like "switchport access VLAN

10". In this case each physical switchport is only carrying a single VLAN.

VST(Virtual Switch Tagging)- In this case ESXi is aware of the VLAN ID. You

must assign each VMK interface and port group to a VLAN. The virtual switch

inserts the VLAN tag into the ethernet header and then passes the frame to

the upstream physical switch. The upstream physical switch is configured as

a trunk, which allows multiple VLANs to pass across a single physical

connection. This is probably the most common configuration of ESXi.

Some cheap switches don't support VLANs, but any managed switch will. Take

a look here for more info:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100380...

On Tue, Jun 24, 2014 at 8:10 PM, vctl <communities-emailer@vmware.com>

My sometimes relevant blog on data center networking and virtualization : http://www.heathreynolds.com
Reply