TheVMinator
Expert
Expert

vCenter and vmkernel traffic

My esxi hosts are on vlan 210, which is network 192.168.10.0/24 .  Their VMkernel ports for ESXi management traffic have addresses like 192.168.10.10.

Now I'm building vCenter.  I have different vlans for each type of traffic.  Should vCenter be on the same vlan 210 or on a different vlan? 

0 Kudos
6 Replies
rcporto
Leadership
Leadership

vCenter can sit on a different VLAN but if there is a firewall between vCenter server and ESXi hosts, you will need open some port to allow vCenter manage the ESXi hosts, take a look: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=101238...

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
TheVMinator
Expert
Expert

OK - it can sit on a different subnet - so my next question is should it? What are the factors that would lead me to put in on the same or on a different subnet?

0 Kudos
rcporto
Leadership
Leadership

If vCenter and ESXi hosts are on the same datacenter I prefer place them on the same network... but there are some use cases like DMZ and remote location that vCenter will be on different network (subnet).

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
TheVMinator
Expert
Expert

Ok - in my case all traffic is in one datacenter and there is no DMZ involved. So it seems like in this scenario this leads to a decision with two possible tradeoffs:

1. If vCenter is on the same network as my ESXi vmkernel management ports, then vCenter's database also needs to be on that same network.  I don't want that network to be a virtual machine network in general, except for vCenter since it communicates directly with them and its database since I want lowest latency between them.  That means that other management vms such as:  Update manager, VCAC, vCO, Log insight, vCM, databases for these VMs, chargeback manager, etc. would all be on a different network than vcenter, because I don't want to make my ESXi management traffic network a network for every VM under the sun.  The tradeoff there is that all these other virtualization and cloud management vms have to communicate with vCenter on a different network.  They have to be routed meaning traffic between them always has to go to a physical switch and back, even if the VMs are on the same ESXi  host  since ESXi doesn't do routing.

2.  If VCenter is on a different network than my ESXi hosts, then it can be on the same network as all other VMs that might want to communicate with it with low-latency connections.  However, then traffic between vCenter and ESXi always has to be routed and has whatever additional latency is involved.

Given I have these tradeoffs what is the best strategy for grouping:

-Group vCenter and its database with ESXi vmkernels

or

-Group vCenter with its other management vms

and why?

Thanks!

0 Kudos
NavalgundRaj
Enthusiast
Enthusiast

TheVMinator Not required to be on the same VLAN. Regards Basavaraj.Navalgund banavalg@yahoo.com

Note: If you found this correct or answer useful please consider the use of the Correct buttons to award points. Regards Basavaraj.R Navalgund
0 Kudos
AdamRushUK
Enthusiast
Enthusiast

Although there are several options, generally I see vCenter, DB, ESXi host (and other management servers) on the same subnet/VLAN.

Separate subnets/VLANs are then used for vMotion, storage (iSCSI/NFS), VM traffic etc.

VCP-Cloud | VCP5-DCV | MCITP:EA | MCSE | CCNA | CCAA LinkedIn: https://www.linkedin.com/in/adamrushuk | Twitter : @adamrushuk