Networking Configuration for vSphere 4 ESX or vSphere 5 ESXi _ VMwaremine - Mine of Knowledge About Virtualization

7/29/2019 Networking Configuration for vSphere 4 ESX or vSphere 5 ESXi _ VMwaremine - Mine of Knowledge About Virtualiz

1/9

3/9/13 Networking configuration for vSphere 4 ESX or vSphere 5 ESXi | VMwaremine - Mine of knowledge about virtualization

vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/

earch this site...

Home

Cloud

Cool Tools

HomeLab

VMUG

About me

VMware vSphere Best Practices

Networking configuration for ESX or ESXi Part 3Posted by Arturon May 29, 2012 in ESX, Featured, vSphere, vSphere 4, vSphere 5 | 19 comments

Today, third part, this time ESX(i) host has 10 pNICs (1Gbps) on Standard Switches (vSS)

Scenario #1 10 NICs (1Gbps 2 x quad port adapters and 2 on-board ports) standard Switch for each type of traffic

In scenario I have to design network for 5 different type of traffic. Each of the traffic has different vLAN ID which will help to utilize all NICs for more than

one traffic, optimize pNIC utilization and have network secured.

1. mgmt VLANID 10

2. vMotion vLANID 20

3. VM network vLANID 30

4. VM Backup vLANID 40

5. DMZ vLANID 50

When you dont have Enterprise Plus vSphere license the only way to configure virtual networking is vSS. In a diagram below, mgmt (Service Console or vmk

port) and vMotion were placed on common vSwitch0 with active passive approach (in vSphere 4 vMotion can use only on vmnic), Active and Stand by state

is set in a portgroups. On physical ports, where both pNICs are connected two vLANs must be trunked (vLAN 10 and 20) cause we need both network

available on each port, such as in case of failover traffic from both networks will carry over one port.

Other networks, have their own dedicated vSwitches, each vSwitch has at least 2 NICs connected to two physical switches and all vmnics are in Active state

(see table below for details). Below configuration follows virtual networking best practices in terms of:

hardware redundancy 2 physical switches, at least two pNIC per vSwitch,

failover each virtual network has at least two vmnics available

security separate vLAN for each traffic (e.g vMotion is not encrypted), vSwitch security options set to Reject

capacity each network has preserve bandwidth capacity (sending traffic over separate physical NIC)

Make sure that connection between physical switches are configured to carry all VMware specific traffic.Make sure that connection between physical switches are configured to carry all VMware specific traffic.

MORE IN ESX, FEATURED, VSPHERE, VSPHERE 4, VSPHERE 5 (82 OF

146 ARTICLES)

vSphere 4.1 HA DRS deepdive for FREE

last day
http://vmwaremine.com/vmware-vsphere-best-practices/http://vmwaremine.com/category/homelab/http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/http://vmwaremine.com/http://vmwaremine.com/http://vmwaremine.com/2012/05/25/vsphere-4-1-ha-drs-deepdive-for-free-last-day/http://vmwaremine.com/category/vsphere/vsphere-5/http://vmwaremine.com/category/vsphere/vsphere-4/http://vmwaremine.com/category/vsphere/http://vmwaremine.com/category/featured/http://vmwaremine.com/category/vsphere/esx/http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#commentshttp://vmwaremine.com/category/vsphere/vsphere-5/http://vmwaremine.com/category/vsphere/vsphere-4/http://vmwaremine.com/category/vsphere/http://vmwaremine.com/category/featured/http://vmwaremine.com/category/vsphere/esx/http://vmwaremine.com/author/admin/http://vmwaremine.com/vmware-vsphere-best-practices/http://vmwaremine.com/about/http://vmwaremine.com/category/vmug-2/http://vmwaremine.com/category/homelab/http://vmwaremine.com/category/cool-tools/http://vmwaremine.com/category/cloud/http://vmwaremine.com/http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/


2/9



ESX ESXi networking configuration for 10 nics

vSwitch settings (applicable for all vSwitches)

Promiscuous mode RejectMAC address changes Reject

Forget Transmits Reject

Load balancing = route based on the originating virtual port ID (default)

Network failover detection link status only

Notify switches Yes

Failback No

vmnic location vSwitch portgroup state vLANID pSwitch

vmnic0 on board vswitch3 backup VM active 30 Switch1

vmnic1 on board vswitch3 backup VM active 30 Switch2

vmnic2 quad NIC 1 vSwtich0 mgmt/vMotionactive in mgmt

passive in vMotion10, 20 Switch1

vmnic3 quad NIC 1 vSwitch1 DMZ active 40 Switch1

vmnic4 quad NIC 1 vswitch2 VM network active 50 Switch1


vmnic6 quad NIC 2 vSwtich0 mgmt/vMotionactive in vMotion

passive in mgmt10, 20 Switch2

vmnic7 quad NIC 2 vSwitch1 DMZ active 40 Switch2



If you have questions regarding particular case scenario, put question in comments and I will be glad to help you

Next post, further this week, will describes scenario with 10 pNIC but using vSS together with vDS (mixed virtual networking configuration approach)
http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/blog_10_vmnic_vss/


3/9



UPDATE:

Network configuration 10 x 1Gbps for vSphere 5.1

10x1Gbps vSphere 5.1 vDS

Above is my recommended network configuration for vSphere 5.1 with Enterprise Plus license. As you know one of the cooles new features in vSphere 5.1

backup possibility of the Virtual Distributed Switches. In case you lost vCenter Database and there is no way to restore it you can easily restore vDS config

into new DB awesome. No risk of loosing network after vCenter DB lost and all network types including mgmt vMotion can run on single Virtual Distributed

Switch. All vLAN has to be trunk on all physical switch ports.

vSphere network 10x1Gbps : vDS

vDS teaming options portgroup name active dvupl ink standby dvu

vDS1 LBT mgmt ALL none

vDS1 LBT vMotion ALL none

vDS1 LBT VMnetwork ALL none

vDS1 LBT storage ALL none

vDS1 LBT FT ALL none

vDS >

HP Virtual connect > then top of rack > then to the core switch

a- In this case, i believe there wont be any issue, just like the very first post ?

b- Do I need to enable the STP and portfast in all switches (top of rack, VC and core switch)?

2 - In the second case, the normal one - ESX > connected to top of rack > then connected to the core switch.

a- In this case, i believe there wont be any issue, just like the very first post ?

b- Do I need to enable the STP and portfast in all switches (top of rack, and core switch)?

so please let me know the above and what are the other things to consider also?

Thanks

Gopi

0

Gopinath 9 months ago

hello

I have 2 pswitches Cisco 6500 series as core switches, and i have vsphere 5 with enterprise plus license. I have one esxi host with 4 PNICS, the

2 core switches are interconnected via etherchannel trunk and we are not using stacking and stack cable.

Scenario-1

in the esxi host, i have created 1 vswitch and 4 pnics are attached to it. 2 pnics are connected to the pswitch1 and other 2 pnics are connected

to the pswitch2.

the vswitch teaming policy is selected as (Load balancing = route based on the originating virtual port ID (default)). 5 virtual machines are

connected to one VM port group,and running inside the vswitch

1 - will this work ?

2 - will i get the pswitch redundancy?

3 - any duplicate mac address issue occurs inside the 2 core switch?

4 - any packet drops occur in the event of one physical switch failure?

scenario-2

Share

Share

Share

Share
http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-675992510http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-676918845http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-677187804http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-675992514http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-676918845http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-675992514http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#


7/9



What's this? ALSO ON VMWAREMINE BLOG

Spotkanie VMUG Polska: Zarejstruj si ju dzi!

Artur Krzywdzinski no, calkiem fajnie sie zapowiada, trzeba z Maciejem

zagadac zeby organizowal w czasie jak bedziemy w

loud solution based on Nexenta with KVM and CloudStack

Marek Lubinski well iops differ, but we do lots of them :) and our iops are

quite big in size, therefore we m ax out

Reply

, .

1 - will this work ?

2 - will i get the pswitch redundancy?

3 - any duplicate mac address issue occurs inside the 2 core switch?

4 - any packet drops occur in the event of one physical switch failure?

Please help me, i am really confused with this.

0

Reply

Artur Kr zywd zin s ki 9 months agoM od Gopinath

Hi,thanks for comment

Both scenarios will work without any problems, you will have full redundancy, I suggest to use LBT, is really cool feature and works

fantastic.

Answers:

1 - yes

2 - yes

3 - no

4 - no

Cheers

Artur

0

Reply

StanJ 9 months ago

Hey Artur. I have also one proposal. As you also marked the topic as vSphere 5 related (upgrade expected) I would recommend you to

move also one NIC port from the VM network to the Mgmt/vMotion group. This decision ofc depends on number of expected VMs (related to

expected nr of vmotion migrations). You will have in this case environment more prepared for vSphere 5 from vmotion perspective and 3 NICs

should be standardly enough for Prod traffic.

Hi Sander, I'm also not familiar with NEN security certification. Can you briefly describe it or dirrect us to some documentation? Also if I

understood properly what you are proposing require two NICs (to have redundancy).

0

Reply

sanderdaems 10 months ago

What about the "DMZ" network, if you need a fully NEN certified DMZ network?

In that situation you need a separate PCI NIC adapter (separate bus) to split the network traffic, in case you combine 1 dual/quart port adapter

with LAN/DMZ connections it's "possible" to sniff the traffic/packets. To configure this redundant you need to add a second physical NIC adapte

in the host to connect the physical DMZ network switches.

If you don't need a NEN certified DMZ and you mean "DMZ" as a different subnet with VLAN ID.. why don't you add the two DMZ network

adapters to the LAN vSwitch for more bandwidth/redundancy and trunk the VLAN ID's together?

0

Reply

Artur Kr zywd zin s ki 10 months agoM od sanderdaems

I'm not security guru yet, unfortunately, I don't know what NEN is. But is always good to know how to improve design, if I would

place DMZ (to be NEN certified) on to on board NIC - will my design fill out NEN requirements ?

0

2 comments 12 days ago 9 comments 22 days ago

Share

Share

Share

Share

Share
http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremineblog.disqus.com/networking_configuration_for_esx_or_esxi_part_3/latest.rsshttp://disqus.com/http://vmwaremine.com/2013/02/16/cloud-solution-based-on-nexenta-with-kvm-and-cloudstack/#disqus_threadhttp://vmwaremine.com/2013/02/26/spotkanie-vmug-polska-zarejstruj-sie-juz-dzis/#disqus_threadhttp://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-675992450http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-676918844http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-675992450http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-675992456http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-675992510http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#comment-676918849http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#http://vmwaremine.com/2013/02/16/cloud-solution-based-on-nexenta-with-kvm-and-cloudstack/#disqus_threadhttp://vmwaremine.com/2013/02/16/cloud-solution-based-on-nexenta-with-kvm-and-cloudstack/#disqus_threadhttp://vmwaremine.com/2013/02/26/spotkanie-vmug-polska-zarejstruj-sie-juz-dzis/#disqus_threadhttp://vmwaremine.com/2013/02/26/spotkanie-vmug-polska-zarejstruj-sie-juz-dzis/#disqus_threadhttp://vmwaremine.com/2012/05/29/networking-configuration-for-esx-ot-esxi-part-3/#


8/9



Follow Me !!!!

Sponsors

social networks
mailto:[email protected]://www.zerto.com/backup-is-not-replication-backup-vmware-environments-new/?zsource=BLOGAD&zdesc=vmwaremine&zadid=312&zasset=HBRWP&zcid=701F0000000WU91http://www.trainsignal.com/VMware-vSphere-5-Training.aspxhttp://www.starwindsoftware.com/starwind-iscsi-san-overviewhttp://go.veeam.com/free-vm-backup.html?utm_source=vmwaremine&utm_medium=banner%2B&utm_campaign=freebackupThanks!http://www.unitrends.com/unitrends-enterprise-backup/free-version?src=vmwareminemailto:[email protected]://youtube.com/arturkrzyhttps://plus.google.com/u/1/103564538622652786498/postshttp://linkedin.com/in/arturkrzywdzinskihttp://twitter.com/artur_kahttp://facebook.com/vmwaremine


9/9


vmwaremine com/2012/05/29/networking configuration for esx ot esxi part 3/

vmwaremine.com on Facebook

+21

Follow

Cool Tools RVtools 3.5 available

for download shar.es/enBhT

Artur Krzywdzinski

@artur_ka

VMware Workstation 9.0.2 now

available

Artur Krzywdzinski

@artur_ka

16h

22h

Tweets FollowFollow

Tweet to @artur_ka

Meta

Register

Log in

Entries RSS

Comments RSS

WordPress.org

Powered by WordPress | Designed by Elegant Themes

Follow

Follow VMwaremine Mine of knowledge about virtualization

Get every new post on this blog delivered to your Inbox.

Join other followers:

nter email address

Sign me up!

Find us on Facebook

vmwaremine.com

Like

49 people like vmwaremine.com.
http://www.facebook.com/payamseidihttp://www.facebook.com/marcin.nitka.1http://www.facebook.com/marumo1981http://www.facebook.com/misiakzhttp://www.facebook.com/marcin.ostaszewski.31http://www.facebook.com/vmwareminehttp://www.facebook.com/vmwareminehttp://www.facebook.com/vmwareminehttp://void%280%29/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.escalateseo.com/http://www.elegantthemes.com/http://www.wordpress.com/http://wordpress.org/http://vmwaremineblog.disqus.com/latest.rsshttp://vmwaremine.com/feed/http://vmwaremine.com/wp-login.phphttp://vmwaremine.com/wp-login.php?action=registerhttps://www.facebook.com/vmwareminehttps://twitter.com/intent/tweet?screen_name=artur_kahttps://twitter.com/intent/follow?original_referer=&region=follow_link&screen_name=artur_ka&tw_p=followbutton&variant=2.0https://twitter.com/artur_kahttps://twitter.com/artur_ka/statuses/310303525613744129https://twitter.com/artur_ka/statuses/310394511417282561https://twitter.com/artur_kahttps://twitter.com/artur_kahttp://t.co/ZOoTzFEUuLhttps://plus.google.com/103564538622652786498?prsrc=1

Documents

Networking Configuration for vSphere 4 ESX or vSphere 5 ESXi _ VMwaremine - Mine of Knowledge About Virtualization