Deployment of V2110: Question about vSwitch?

  • 0
  • 1
  • Question
  • Updated 4 years ago
The Installation Guide about V2110 says if all 3 NICs are used (admin/esa0/esa1) they must be connected in separate virtual switches
(vSwitches) in the ESX/ESXi host.
 
I have a customer that currently is running only one vSwitch in the ESX.

Someone works different this? If I running V2110 using the 3 NICs in only one vSwitch, I'll have problem in the future? Why?



Sincerely,

Edson Moura
Photo of Edson Moura

Edson Moura

  • 472 Points 250 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Kurt Semba

Kurt Semba, Employee

  • 1,230 Points 1k badge 2x thumb
If you don't need three interfaces, you can simply disable two of those virtual interfaces on the vSwitch where the VM is connected to. Or is there a reason you would need three interfaces in the same VLAN?
Photo of Edson Moura

Edson Moura

  • 472 Points 250 badge 2x thumb

Hi Kurt,

Yes. I need of the three interfaces because I would like to separate the traffic logically and physically.too. There are some topologies that I'd like to point in differents interface (esa0 and esa1) and admin port to management.


Thanks for your comment,


Edson Moura


Photo of Kurt Semba

Kurt Semba, Employee

  • 1,230 Points 1k badge 2x thumb
Hi Edson,

if you want to physically separate the three interfaces you will need to create three vSwitches in your ESX server anyway. 

Kurt
Photo of Paulo Francisco

Paulo Francisco, Employee

  • 1,462 Points 1k badge 2x thumb

Deviating from recommended defined procedures is typically a bad thing. Such deployments will inherently result in GTAC escalations and result eventually in customer dissatisfaction.

As Kurt mentions, if you intend to use all three interfaces you must follow the recommended deployment configuration and use different vSwitches. With current images, the second esa port (ESA1) will NOT work if connected to the same vSwitch as esa0. We are addressing this constraint in 9.15.

However, there are additional reasons why separate vSwitches per interface will still be the recommended deployment:

1) Bandwidth capacity - Sharing a single vSwitch is typically is serviced through a single (active NIC) which may be further shared with other load on the machine. This additional load will significantly reduce the amount of bandwidth available to the controller and could give rise to interface saturation significantly below the levels defined for the platform. Even though controllers are leased as a virtual appliance it should still be considered a switching appliance, with dedicated ingress/egress ports per platform certification. Treating it like a general virtual server can lead to un-expected performance constraints.

2) Security - Separating the vSwitch ensures that traffic from users does not inadvertently get mingled with other network traffic - post de-capsulation if the controller is supporting tunneled topologies. The separate vSwitch guarantees separation and therefore improves network security.

Therefore, for the reasons above, customers/Partners need to be strongly encouraged to follow the standard deployment configuration

Photo of Hartmut Sachse

Hartmut Sachse

  • 2,598 Points 2k badge 2x thumb
Hello Paulo.

What are the recommandations for connecting the 3 vNICs to a dvSwitch (Distributed vSwitch)? Since firmware 9.x the V2110 official supports the dvSwitch, but can not find a updated installion guide. Most customers use dvSwitches to provide a consistent virtuel switching infrastructure between all ESXi hosts.

Best Regards
Hartmut