VMware Cloud Community
hooshoo
Contributor
Contributor

dvSwitch configuration

I'm looking for a best practice/recommendations for my ESXi hosts on a different subnet than the vDesktops running on them.

I have a Horizon View cluster that I just built and in the process of putting vDesktops on it. I am currently using a dvSwitch and right now the hosts and the vDesktops are on the same subnet. I will need to vDesktops to go onto the same subnet as my physical PCs and the hosts to remain on the same subnet they are on (which is a server subnet). Should I just create another dvSwitch for the hosts and management VMkernal Ports to be on or can I create another port group? I have a port group on this dvSwitch now for vMotion - which is on its own subnet - so i assume I can just do the same. Obviously, I will have to pull a couple of the physical adapters that are on the current dvSwitch and assign them to the new switch or port group for the hosts. If there is a more efficent way, with out having to "use" 2 or 4 of the 14 NIC adapters that I currently have between the hosts to get put the host an VM's on different subnets, that would be great.

Hope this makes sense and thanks in advance.

Reply
0 Kudos
4 Replies
HeathReynolds
Enthusiast
Enthusiast

Are you using gig ports or 10G? Is your storage IP or FC?

You should be able to trunk to your physical switches and add port groups without adding physical NICs using VLANS.

My normal VDS config for gig networking with fiber channel is a single VDS with 4 uplinks. One uplink would be active for mgmt, standby for VMotion. 2nd uplink would be active for VMotion, standby for mgmt. Uplink 3 and 4 would be active for guest traffic.

Create trunk ports on the physical switches and use a separate VLAN for each traffic type. Make uplink switch port configs identical for consistency.

My sometimes relevant blog on data center networking and virtualization : http://www.heathreynolds.com
Reply
0 Kudos
hooshoo
Contributor
Contributor

I am using gig ports for the hosts and VM's.

Storage is 10G IP.For the storage, I created a DVS for it.

So, are you saying that once I have the trunk ports created on the Cisco gear, that I really dont have to create the seperate port groups that I have now - one for VM traffic and the one for vMotion traffic? How/where do I specify on the DVS or port group? Would I just select VLAN Type = VLAN Trunking and enter the range there?

Reply
0 Kudos
HeathReynolds
Enthusiast
Enthusiast

No, you will create a port group for each VLAN. You can create a third VDS (or use a VSS) for MGMT if you really want, but you are also fine to continue making a port group for each VLAN on the existing switch. You will want to manipulate the active / standby / unused for your port groups to separate vMotion traffic from guest and management traffic.

The main drawback to how it is configured now is that you are sending your traffic untagged, you will need to have the upstream ports configured as trunks and then add VLAN tags to your port groups. Your network team should be able to configure a "native VLAN" on the trunk for the same VLAN that is currently assigned. This will allow you to continue sending untagged traffic while you work to migrate your port groups to VLANs.

With 8 uplinks per host you could do -

MGMT - VLAN XXX - Active Uplink 1 , Standby Uplink 2, Unused all others

vMotion - VLAN YYY - Active Uplink 2, Standby Uplink 1, Unused all others

Desktops - VLAN DDD - Active Uplinks 3 - 8, unused 1,2

This would provide separation of traffic without needing to create another VDS.

You have enough NICs that you have flexibility to do anything you want, so you definitely have the option of just creating a VDS MGMT and vMotion and moving these guys over. You do want to make sure that MGMT and vMotion are on separate subnets and VLANs.

Edit - There are a lot of options for network configurations, and with 10G and the number of gig interfaces you have you could do any. You may want to read Chris Wahls networking for VMware book so you know all of your options and the trade offs.

My sometimes relevant blog on data center networking and virtualization : http://www.heathreynolds.com
Texiwill
Leadership
Leadership

Hello,

You can also use the following setup to ensure things are properly segregated, which is what I do:

Management Network contains all ESXi hosts + vCenter and any other management tools

Desktop Network contains my desktops connection broker etc.

VM Network is all other VMs

Segregation is achieved by using different networking constructs for the different critical networks. For example, I use a VSS for my management network (a hold over from when vDS had issues when vCenter died)  and a vDS for all else. I have 2 Portgroups on my VDS and I use vCNS Edge to segregate all networks from each other. I really like having my management network on a different control plane than my other workloads. You could use VSS, VDS, Nexus, NSX, etc. but that is a level of segregation not everyone needs.

Check out the following for some thoughts on this:   vSphere Upgrade Saga: vShield Edge Missing Manual | AstroArch Consulting, Inc. the vShield Edge discussion and elements is a bit dated (it is far easier now w/VCNS) but the concepts are correct.

You can also use VLANs assigned to a portgroup to handle this segregation as well but if you ever need to cross VLAN/portgroup/subnet boundaries you still need a firewall/gateway device. So I put Edge(s) in place as needed.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos