VMware Cloud Community
mutthu
Enthusiast
Enthusiast
‎10-10-2020 01:15 PM

2-Node vSAN Network

Hi all,

I am planning to install 2-node vSAN ROBO for our small office. I will appreciate your help on the networking side for the witness traffic separation.

I am not sure whether I have to separate the witness traffic from management or put the witness traffic on management.

If I can use the management network for witness traffic, it would be easy for me not to bother the network team too much.

I plan to configure the VDS/VSS as below

Management                          192.168.3.11--Will have two 10GB Acrive/Standby

vSAN-Direct Connect            10.10.20.11  -- Server A Port1 Active and Port2 Standby

vMotion-Direct Connect        10.10.30.11  ---Server A Port2 Active and Port1 Standby

Virtual Machines Lan               10.10.1.0/24-- Two 10 GB nic ports

I guess i have to issue the following at each Esxi host at the ROBO site to separate witness traffic to use the management routed netwrok.

esxcli vsan netwrok ip add -I vmk0 -T=Witness

If i am correct with above design,

Should I have to untag vmk1 at the witness appliance and tag it for vmk0 as the vsan traffic or can i put both witness and management at both network and leave vmk1 as the witness port?

0 Kudos
3 Replies
TheBobkin
Champion
Champion
‎10-11-2020 10:15 AM

Hello mutthu​,

Welcome to Communities.

If you want to separate witness and vsan traffic types then you can create a new vmk for this purpose or more simply just tag it on vmk0 on the data nodes (traffic type: witness) and vmk0 on the Witness (traffic type: vsan):

"Any VMkernel port, not used for vSAN Traffic, can be used for Witness Traffic. In a more simplistic configuration, the Management VMkernel interface (vmk0) could be tagged for Witness Traffic.  The VMkernel port used, will be required to have connectivity to the vSAN Traffic tagged interface on the vSAN Witness Appliance."

Witness Traffic Separation (WTS) | vSAN 2 Node Guide | VMware

There is little point having multiple interfaces tagged for vsan traffic on the Witness - so yes, remove the pre-configured one from vmk1 if switching it to vmk0.

Bob

0 Kudos
mutthu
Enthusiast
Enthusiast
‎10-11-2020 12:27 PM

Thank you for the help. We have L3 routing for the management network already between the HQ where the winteness appliance is going to be resided and remote site where the ESXi host are going to be.

Should we have to issue routing command esxcli netwrok ip route at ESXi hosts?

0 Kudos
TheBobkin
Champion
Champion
‎10-11-2020 12:35 PM

If there is already connectivity between the vmk0 on the Witness and the vmk0 on the hosts with the current network configuration, then they shouldn't require static routes to be configured.

Bob

0 Kudos