vSphere Availability

 View Only
  • 1.  Incorrect HA configuration

    Posted May 10, 2010 08:19 AM

    Hi,

    I would like to ask some questions and get some feedback on the HA cluster configuration at our workplace as it doesn't seem correct to me.

    Our configuration is as follows.

    2 x hosts (ESXi) - Same configuration on both hosts

    vSwitch0 - vmkernel - management network - 2 pNics/teaming (Active) - SAN network - 168.217.94.

    vSwitch1 - VMportgroup - 2pNics/teaming (Active) - LAN - 168.217.91

    vSwitch2 - vmkernel x2 - 1 management network - 1 vmotion - 1pNic - 10.254.1.3

    Some questions.

    1. HA failover won't occur if our LAN network goes down as there is no heartbeat on the LAN, so failover won't be detected

    2. SAN goes down but isolation address is set to 168.217.91.?? network, doesn't matter LAN is pingable, no failover.

    To me, i think we should remove the second management network from vSwitch2 and put it on vSwitch1 (LAN) and set no isolation address. Then we would have heartbeat traffic on both networks.



  • 2.  RE: Incorrect HA configuration

    Posted May 10, 2010 01:45 PM

    Which management network is the default in your config? I'm assuming it to be on vSwitch2, which would have necessitated an additional management network vmkernel portgroup on a secondary vSwitch, for redundancy, hence vSwitch0 vmkernel port. If the vmkernel port is default on vSwitch0, then I don't agree with the configuration, and would have rather seen the SAN network isolated, without additional traffic being forced out those physical NICs. If you can not allocate an additional physical NIC to vSwitch2 to make that vswitch redundant, then I would team my management and vm portgroups NICs together, and set 1 NIC for management use, with the other two as standby, and vice versa for the vm portgroups. I also would not put my management network and VM networks on the same segment, for security segregation. This may be a moot point if all of your networks can route to all others, but that's a separate discussion.

    -KjB



  • 3.  RE: Incorrect HA configuration

    Posted May 11, 2010 05:54 AM

    vSwitch0 is the default management network with vSwitch2 providing the management network redundancy but vSwitch2 is on the same physical network (SAN), which to me is not required as we have provided redundant network paths for vSwitch0 (SAN)

    My concern is that no heartbeat exists for the LAN, so if a network failure occurs, the hosts won't know that a failure has occured and as a result no host isolation will occur.

    Here is what i was thinking we could do, remove the management network port from vSwitch2 and leave it entirely for vmotion.

    Add another vSwitch - vmkernel - management network port. Patch that to the LAN but use a non routable IP, my network engineer is insistent about having a non routable IP for the secondary management network.

    The only thing is, there will be no redundancy as their is only one spare pNic.

    Second option. Add remaining pNic to vswitch1 (LAN) and add management network to that dedicated pNic, with non routable IP.

    The only issue here is their will be no pNic redundancy.



  • 4.  RE: Incorrect HA configuration

    Posted May 11, 2010 12:58 PM

    You definitely want to maintain the pNic redundancy. I would caution against removing that.

    Typically, I would not want my host to into an isolation state if my vm network was unavailable. If that is your intent, the isolationaddress value will allow you to maintain your current config, and add values to that advanced HA option. You can use this to set multiple isolation addresses kb.vmware.com/kb/1002117. Multiple isolation addresses, however will require all of those to fail for the server to consider itself isolated. I would caution against this, as a vm network failure would cause all of your hosts to go into an isolation response, and your whole cluster can fail. Not a good situation.

    -KjB



  • 5.  RE: Incorrect HA configuration

    Posted May 17, 2010 01:21 AM

    Actually, now that i've had longer to think about the configuration the more comfortable i feel.

    I no longer think its necessary to have a heartbeat on the vm network, as we have pNic redundancy there and it would be a major outage if both were to fail. I'm not sure whether i'll use isolation addresses as HA is protecting against physical failure, which we have redundancy for.

    Thanks for the second opinion.