Network Issues in ESX4

JasonVmware · ‎07-30-2009

Hello All,

Just wondering if this ia normal behavior

While testing ESX4 I have the current setup

vSwitch0

Service Console - Vmnic0, Vmnic1 -10.1.1.x

vSwitch1

Vmkernel (iSCSI, Vmotion) - Vmnic2, Vmnic3 - 172.16.1.x

vSwitch2

VM Network - Vmnic4, Vmnic5 - 10.1.1.x

Now while testing some things out / setting up the server I moved one of the iSCSI nics up into the vSwitch0 (vmnic2) by mistake. When this happened it brought down my Service Console and I lost connection to my Vsphere Client

So the setup looked like this temporarly:

vSwitch0

Service Console - Vmnic0, Vmnic2 - 10.1.1.x

Now the psyhical connection to vmnic2 is on a different vlan / switch all together however the primary vmnic was still set to vmnic0 for the service console. Even when i set the vswitch0 settings to explicit failover with vmnic2 as stand bye the service console still would not come back untill I removed vmnic2 or disabled the port on the switch for vmnic2. Is this normal? My concern is if this was ever setup in Production and someone accidently moved vmnic2 into vSwitch0 for whatever reason(Mistake, someone mucking around, ect) it would bring down the service console which would then trigger HA.

Any help would be greatly appricated.

weinstein5 · ‎07-30-2009

I think what happened is that the load balancing method of port based was selected on vswitch0 - the vmkernel selected vmnic2 as the nic to use for the service console - as long as the vmnic was connected and active the vmkernel used tha NIC to try to route the SC traffic -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

JasonVmware · ‎07-30-2009

Thanks for the response. Yeah I think this is what happened as well but I know I set the explicit failover on the port group so vmnic0 was active and vmnic2 was standby and it still occured ? could it be it was still holding the old pathing from when it was set to originating port id ?

Texiwill · ‎07-30-2009

Hello,

Moved to vSphere Networking forum.

Best regards,

Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

jbogardus · ‎08-03-2009

RE: would bring down the service console which would then trigger HA

Sounds like what you would like to consider is making sure your environment has a setup of correct checking isolation addresses on multiple vSwitches/VLANs for redundancy.

The info I cut and paste below is ESX 3.5 specific, but for vSphere specific and much more detailed reference on having hosts correctly check for isolation before HA failover:

Depending on if a specific environment sees certain types of reoccurring physical network issues, it may require customizing how Isolation is determined by the host.

Reference the following communities thread for more information about the Isolation Address settings.

http://communities.vmware.com/thread/118734

The main settings to be aware of are:

das.isolationaddress

das.usedefaultisolationaddress

das.allowvmotionnetworks

FYI, the das.isolationaddress setting is in addition to the default gateway (if it is set). In 3.5.x if you don't want HA to ping the default gateway at all to determine isolation set the das.usedefaultisolationaddress setting to false and reconfigure the hosts in the HA cluster. This will configure the HA hosts to not use the gateway at all and only use the IP Address set in the das.isolationaddress(#) setting(s).