0 Replies Latest reply on Apr 29, 2020 12:48 PM by domsik

    NIC Teaming - Failover settings

    domsik Lurker

      Hi.


      I would need some recommendations for the failover settings at NIC Teaming for ESXi 7.

       

      I have following Hardware:

      • Server with two phsyical NIC's (ESXi 7)
      • Firewall-Cluster (2 physical FW) in active/passive (master/slave) mode - the passive/slave Firewall has also an "uplink" on his ports, but not respondig to any packets

       

      • NIC1 of Server directly connected to FW1
      • NIC2 of Server direclty connected to FW2

       

      Now I want to creating a teaming with failover, in case one Firewall fails or the master/slave changes between the two firewalls. Let's talk about the case "master/slave changes between the two firewalls" (e.g. reboot or monitored WAN-Interfaces fails => causes a master/slave change on the FW-Cluster).

       

      My settings for the vSwitch0:

      vswitch0.png

       

      I have set the "load balacing" to "use explicit failover order" and the "network failover detection" to "beacon only" (because the slave/passive FW has always an uplink on the port). Then I have to set both NICs at "failover order" to "active" (active/passive will not work in case of a change of master/slave Firewall).

       

      Setting for the Management Network:

       

      mgmt.png

       

      On the MGMT-Network Port I have configured to "inherit from vSwitch" where possible. Then I have set "override failover order = yes". And now it doesn't matter if I set "failover order" to "active/active" oder "active/passive". That means basically it is working as expected - If I reboot FW1 (master) then the FW2 becomes the new master. I'm able to reach the ESXi throug web-interface. Also if FW1 comes up again (now the slave) it is working (I think because vSwitch0 is set active/active - otherwise it isn't working).

       

      I haven't found an explaination example for my case (passive FW has also an uplink on his ports).

       

      Now my Questions are: Why doesn't it matter if I configure the MGMT-Network to active/active or active/passive? Is there anything to consider - are there cases where I can get troubles with specific settings? What are the recommended settings for this case?