VMware vSphere

 View Only

  • 1.  Management Network on same IP range as VM Network?

    Posted Aug 03, 2010 08:42 AM

    Started a new job several months ago, and recently have been tasked with migrating there existing development environment to ESX.

    We have 3 Host servers and an iSCSI SAN which I have got up and running and seems to be working fine. My question is, when can I have the Management Network on the same IP range as the VM Network, and if so are there any problems this might cause?

    The reason I ask if that we have had to secure the dev environment which this setup is for, on an interface on our firewall and also give it a different IP range from our current network. This is how I have everything configured using ESXi 4.1 and vSphere.

    VM Network is 172.25.28.x

    Management is 172.25.28.x

    vMotion is 172.25.4.x

    iSCSI is 172.25.3.x

    Now originally the plan was to have Management on 172.25.8.x but when I set this up, i cannot get it to route properly onto our current LAN which is 172.25.1.x.

    All the hosts are connected onto a Cisco switch which is 172.25.28.1 and this is connected to the firewall with gateway 172.25.28.254, and the firewall routes traffic to this interface fine. When I setup a VM it communicates fine, but the management nics if set to 172.25.8.x do no see the corporate LAN. I have to change them to 172.25.28.x and then setup an esxcfg-route 172.25.1.0/24 172.25.28.254 on the console for it to work.

    Basically though, is there any reason why I cant run the management network on the same IP range as the VM network? If not, any idea how I get it working on the 172.25.8.x range?

    Thanks!!



  • 2.  RE: Management Network on same IP range as VM Network?

    Posted Aug 03, 2010 09:03 AM

    Hi Andy,

    Welcome to the forums.

    There is no problem having management and virtual machines traffics on the same subnet, despite the fact that it is recommended to separate them.

    It seems that you are managing your VLANs at the physical switch level. Have a look at the configuration of your Cisco and check that necessary VLANs are allowed on the desired ports. Also verify that the routing between your different subnets is well configured in your firewall

    Hope it helps

    Regards

    Franck



  • 3.  RE: Management Network on same IP range as VM Network?

    Posted Aug 03, 2010 09:19 AM

    Your design can work.

    But you can use also a single physical network (maybe not for iSCSI, in this case I prefer to have dedicated switches) and use VLAN to isolate different networks.

    On each portgroup than you configure the VLAN ID and a custom team policy to use by default a different NIC (for example to separate management and vMotion).

    See also:

    Andre



  • 4.  RE: Management Network on same IP range as VM Network?

    Posted Aug 03, 2010 09:57 AM

    Thanks for the help guys.

    I would prefer it on its own IP range but for the life of me I can't figure out why it wont route properly when I put it on 172.25.8.x. It can see everything on the local 172.25.28.1 switch but doesn't seem to go past the gateway/firewall even if I set everything to allow. I've tried setting differing routes and additional gateways/routes via esxcfg-route but nothing seems to work until I put it on 172.25.28.x, so I think I might just leave it on that and VLAN it out. Currently no VLANs setup but this is my next step with it actually.

    Will still be keeping iSCSI on its own vSwitch and will also keep vMotion on its own IP range, even though it'll be in the same vSwitch as Management.



  • 5.  RE: Management Network on same IP range as VM Network?

    Posted Aug 04, 2010 07:58 AM

    I also need to setup VLANs for this as well.

    VLAN504 for vMotion

    VLAN508 for Management

    VLAN528 for VMs

    Not done much with setting VLANs up in the past, so would I set all the physical switch ports associated with these to TRUNK, give them access to all the above VLANs and then also set the VLANs on the virtual switch port groups?

    I tired this with the managment console but as soon as I did it dropped of and I couldn't see it. Had to go to the tech support console and remove the VLAN ID before I could see if again?

    Any ideas?

    All connected into a Cisco SGE2010 switch.



  • 6.  RE: Management Network on same IP range as VM Network?

    Posted Aug 04, 2010 08:44 AM

    Hi Andy,

    You are right about how to implement VLANs. The easiest way is to Trunk ports on the physical switch and manage VLAN tagging at the port group level.

    If you still have a problem with your management network when activating VLAN on its port, you definitely need to check deeply your CISCO and firewall settings.

    Good luck

    Franck



  • 7.  RE: Management Network on same IP range as VM Network?

    Posted Aug 04, 2010 09:56 AM

    Ah that could be my problem them. I was setting the ports to Trunk, and assigning to VLANs at the Cisco level, which all seemed fine, but it was when I also tagged them at the vSwitch/PortGroup level that connectivity dropped.

    I'll try just setting ports to Trunk and then just do VLAN tagging at the ESX level and not on the Cisco switch tomorrow.

    Thanks for your help with this, really appreciate it! Having to learn this all as I go so apologies if I come across wrong with anything.

    All I have to figure out then is why I cant have my Management Network on a separate IP range which wont route through my gateway. Oh joy :smileyhappy: