VMware vSphere

 View Only
Back to discussions
Expand all | Collapse all

Should all my switches have an IP on each VLAN?

  • 1.  Should all my switches have an IP on each VLAN?

    Posted Apr 17, 2013 05:59 PM

    Let's assume the configuration in the picture:

    • vSwitch0
      • Management Port Group (vmnic0 active / vmnic4 failover)
      • Vmontion Port Group (vmnic4 active / vmnic0 failover)
    • vSwitch1 - iscis native mulitpathing w/ port binding
      • iscsi1 Port Group (vmnic1 active / vmnic5 unused)
      • iscsi2 Port Group (vmnic5 active / vmnic1 unused)
    • vSwitch2
      • VM Network Port Group (virtual machines)

    My questions revolve around the VLAN IP assignments on the physical switches, and what happens when either switch goes down.

    Scenario 1:

    • Switch 1
      • VLAN 5 IP Address 10.0.0.1
    • Switch 2
      • VLAN 5 no ip address

    -What happens when Switch 1 goes down.

    • Will VCenter still be able to communicate with the host? I don't think so

    -Does each VLAN need an IP address on each switch?



  • 2.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 17, 2013 06:49 PM

    Welcome to the Community - Yes each physical switch will need to be configured to support the vlan - now when you say you need to configure a vlan IP for the switch are the switches acting as Layer 3 switches providing  a gateway to the vlan?



  • 3.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 17, 2013 06:56 PM

    Yes, they provide a gateway between all VLANs.

    So both switches will need an IP on all VLANs in order to communicate with other VLANs should either switch go down?



  • 4.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 17, 2013 07:31 PM

    Yes, and you will generally want a third address shared by the two (using VRRP or similar) to have the clients actually use as a gateway.



  • 5.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 17, 2013 08:55 PM

    At this point in time, I just want my Vcenter server to be able to communicate with my ESXi host should switch1 lose power. Sounds like I need to give Switch2 an IP address on every VLAN if I want this to happen.



  • 6.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 18, 2013 02:02 AM

    I think there's a terminology issue here to address.

    Should all switches have an IP address? Doesn't matter. VMware doesn't care whether it can logon to a switch.

    Should each VLAN have a routable gateway? Only the ones you need to route. This is more relevant, but it doesn't mean it has to be done on a switch.



  • 7.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 18, 2013 12:43 PM

    I think I was trying to make this harder than it needs to be.

    From my Googling I've found this page - http://blogs.vmware.com/kb/2013/02/challenges-with-multiple-vmkernel-ports-in-the-same-subnet.html

    And the key points from it are:

    • Have only one VMkernel port per IP subnet (the only exception here is for iSCSI multi-pathing, or multi-NIC vMotion in vSphere 5.x).
    • A dedicated non-routable VLAN or dedicated physical switch for vMotion purposes.
    • A dedicated non-routable VLAN or dedicated physical switch for IP Storage purposes.
    • A dedicated non-routable VLAN or dedicated physical switch for Fault Tolerance purposes.

    My goal at the beginning of all this is to guard against a switch failure.

    What I've determined is that I need to put my VCenter Server on the same subnet as my management network so that if a switch fails it does not have to cross VLANs to talk to my hosts? Sound right?



  • 8.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 18, 2013 01:16 PM

    I'd say that's a good idea, yes.

    In addition to that, I would suggest setting up a first hop redundancy protocol (FHRP) on your switches and float the switch virtual interface (SVI) for your VLANs. Here's a link to configuring HSRP on a 3550 (quite similar to your 3560).

    http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_14_ea1/configuration/guide/swhsrp.html

    Cheers.



  • 9.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 18, 2013 01:25 PM

    If I did that what would the advantage be to me? (Not being a smart@ss, just wanting to understand)

    Would it allow my desktop machine (which would be on a different VLAN than my management network) to be able to talk to Vcenter and the hosts when either switch loses power?



  • 10.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 21, 2013 06:26 AM

    Yes. From the first line of the link I provided:

    This chapter describes how to use Hot Standby Router Protocol (HSRP) on your Catalyst 3550 switch to provide routing redundancy for routing IP traffic without being dependent on the availability of any single router.


  • 11.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 18, 2013 01:25 PM

    That is the sum of it all yes.   the next question is how do you protect your vCenter? :smileywink:



  • 12.  RE: Should all my switches have an IP on each VLAN?

    Posted Apr 18, 2013 01:28 PM

    Ha, a topic that rarely gets enough attention...

    Currently with a 2 host cluster and standard vSwitches it's not protected. I've come to the conclusion that with such a small virtual infrastructure it'd be easier to create a new one than to try and implement log shipping, failover clustering, etc. (It might not be the best solution, but for now it's what I'm going with)