I followed your design Paul (with a few changes) but now I am experiencing some annoying networking issues:
Depending on where I place a VM on the cluster (esxi01, esxi02 or esxi03) it can only ping certain machines but not all.
I set up a pfSense appliance so it acts as a firewall for all my subnets and public IP's and so far it works very well. The firewall currently live on esxi02 and there is a ssh port forwarding rule to another internal VM (vclient02) but the issue here is that it only connects when the VM is on esxi02 but not the other hosts.Same problem as ping I guess. Machines get isolated.
Output:
esxi01
~ # esxcli network vswitch standard list
vSwitch0
Name: vSwitch0
Class: etherswitch
Num Ports: 128
Used Ports: 16
Configured Ports: 128
MTU: 9000
CDP Status: listen
Beacon Enabled: false
Beacon Interval: 1
Beacon Threshold: 3
Beacon Required By:
Uplinks: vmnic7, vmnic6, vmnic5, vmnic4
Portgroups: Internal, FGOC, DMZ, NFS, vMotion, Management Network
~ # esxcfg-vswitch -l
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 128 16 128 9000 vmnic4,vmnic7,vmnic6,vmnic5
PortGroup Name VLAN ID Used Ports Uplinks
Internal 0 0 vmnic6,vmnic4,vmnic7,vmnic5
FGOC 2000 5 vmnic6,vmnic7,vmnic5,vmnic4
DMZ 666 3 vmnic6,vmnic4,vmnic7,vmnic5
NFS 2003 1 vmnic4,vmnic7,vmnic6,vmnic5
vMotion 2004 1 vmnic5,vmnic6,vmnic4
Mgmt Network 0 1 vmnic5,vmnic7,vmnic4,vmnic6
esxi02
~ # esxcli network vswitch standard list
vSwitch0
Name: vSwitch0
Class: etherswitch
Num Ports: 128
Used Ports: 29
Configured Ports: 128
MTU: 9000
CDP Status: listen
Beacon Enabled: false
Beacon Interval: 1
Beacon Threshold: 3
Beacon Required By:
Uplinks: vmnic7, vmnic6, vmnic5, vmnic4
Portgroups: FGOC, Internal, DMZ, vMotion, NFS, Management Network
~ # esxcfg-vswitch -l
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 128 29 128 9000 vmnic4,vmnic7,vmnic6,vmnic5
PortGroup Name VLAN ID Used Ports Uplinks
FGOC 2000 6 vmnic6,vmnic4,vmnic7,vmnic5
Internal 0 6 vmnic6,vmnic4,vmnic7,vmnic5
DMZ 666 9 vmnic6,vmnic4,vmnic7,vmnic5
vMotion 2004 1 vmnic5,vmnic6,vmnic4
NFS 2003 1 vmnic7,vmnic4,vmnic6,vmnic5
Mgmt Network 0 1 vmnic5,vmnic7,vmnic4,vmnic6
esxi03
~ # esxcfg-vswitch -l
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 128 9 128 9000 vmnic6,vmnic5,vmnic7,vmnic4
PortGroup Name VLAN ID Used Ports Uplinks
DMZ 666 0 vmnic6,vmnic4,vmnic7,vmnic5
FGOC 2000 0 vmnic6,vmnic4,vmnic7,vmnic5
Internal 0 1 vmnic6,vmnic4,vmnic7,vmnic5
vMotion 2004 1 vmnic5,vmnic6,vmnic4
NFS 2003 1 vmnic7,vmnic4,vmnic6,vmnic5
Mgmt Network 0 1 vmnic5,vmnic7,vmnic4,vmnic6
~ # esxcli network vswitch standard list
vSwitch0
Name: vSwitch0
Class: etherswitch
Num Ports: 128
Used Ports: 9
Configured Ports: 128
MTU: 9000
CDP Status: listen
Beacon Enabled: false
Beacon Interval: 1
Beacon Threshold: 3
Beacon Required By:
Uplinks: vmnic7, vmnic6, vmnic5, vmnic4
Portgroups: DMZ, FGOC, Internal, vMotion, NFS, Management Network
In resume this is the IP addressing:
FGOC: 192.168.22.0/24 - VLAN 2000
DMZ: Public range - VLAN 666
Internal: 10.19.1.0/24 (switches, hosts, firewall are on this subnet - VLAN 1 default)
vMotion: 10.19.5.0/24 - VLAN 2004
NFS: 10.19.3.0/24 - VLAN 2003
Mgmt: 10.19.1.0/24 - VLAN 1 default
I can post the switch config if necessary or any other command. Any help would be much appreciated.
Thanks
Miquel