network design considerations for vmware deployments€¦ · vmware virtualization layer migration...
Post on 19-Jan-2021
22 Views
Preview:
TRANSCRIPT
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 1
Network Design Considerations for VMware Deployments
Koo Juan Huat juanhuat@cisco.com
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 2
Agenda
VMware Architecture and Components
VMware LAN Networking vSwitch Basics NIC Teaming vSwitch vs LAN Switch Migration, HA, DRS
Cisco/VMware DC Designs
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 3
VMware Architecture and Components
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 4
Virtualization
CPU
Mofied Stripped Down OS with
Hypervisor
Guest OS
App VM
CPU
Host OS
VM
Hypervisor
VMware Microsoft
CPU
Modified OS
App VM
Mofied Stripped Down OS with
Hypervisor
XEN aka Paravirtualization
Guest OS
App
Guest OS
App
Guest OS
App
Modified OS
App
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 5
VMware Virtualization Layer
Migration
VMotion, aka VM Migration allows a VM to be reallocated on a different Hardware without having to interrupt service.
Downtime in the order of few milliseconds to few minutes, not hours or days
Can be used to perform Maintenance on a server,
Can be used to shift workloads more efficiently
2 types of Migration: VMotion Migration Regular Migration
VMware Virtualization Layer OS OS Con
sole
O
S
OS
App. App. App.
CPU CPU
Con
sole
O
S
Hypervisor Hypervisor
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 6
VMware Architecture in a Nutshell
ESX Server Host
Virtual Machines
…
Production Network
Mgmt Network
VM Kernel Network
OS OS OS
Console OS
App. App. App.
VM Virtualization Layer
Physical Hardware
CPU
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 7
VMware HA Clustering
CPU
ESX Host 2
Hypervisor
CPU
ESX Host 1
Hypervisor
Guest OS
App1
Guest OS
App2
CPU
ESX Host 3
Hypervisor
Guest OS
App3
Guest OS
App4
Guest OS
App5 Guest OS
App1
Guest OS
App2
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 8
Application-level HA clustering (Provided by MSCS, Veritas etc…)
CPU
ESX Host 2
Hypervisor
CPU
ESX Host 1
Hypervisor
Guest OS
App1
Guest OS
App2
CPU
ESX Host 3
Hypervisor
Guest OS
App3
Guest OS
App4
Guest OS
App5
Guest OS
App1
Guest OS
App2
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 9
HA + DRS
HA takes care of Powering on VMs on available ESX hosts in the least possible time (regular migration, not VMotion based)
DRS takes care of migrating the VMs over time to the most appropriate ESX host based on resource allocation (VMotion migration)
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 10
VMware LAN Networking
vSwitch Basics NIC Teaming vSwitch vs LAN Switch Migration, HA, DRS
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 11
VMware Networking Components Per ESX-server configuration
VMNICS = uplinks vSwitch VMs
vmnic0
vmnic1
vNIC
vNIC
Virtual Ports
VM_LUN_0007
VM_LUN_0005
vSwitch0
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 12
vNIC MAC address
VM’s MAC address automatically generated
Mechanisms to avoid MAC collision
VM’s MAC address doesn’t change with migration
VM’s MAC addresses can be made static by modifying the configuration files
ethernetN.address = 00:50:56:XX:YY:ZZ
/vmfs/volumes/46b9d79a-2de6e23e-929d-001b78bb5a2c/VM_LUN_0005/VM_LUN_0005.vmx
ethernet0.addressType = "vpx" ethernet0.generatedAddress =
"00:50:56:b0:5f:24„ ethernet0.addressType =
„static“ ethernet0.address =
"00:50:56:00:00:06„
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 13
vSwitch Forwarding Characteristics
Forwarding based on MAC address (No Learning): If traffic doesn’t match a VM MAC is sent out to vmnic
VM-to-VM traffic stays local Vswitches TAG traffic with 802.1q VLAN ID vSwitches are 802.1q Capable vSwitches can create Etherchannels
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 14
vSwitch Creation YOU DON’T HAVE TO SELECT A NIC
This is just a name
vswitch
Select the Port-Group by specifying the NETWORK LABEL
vNICs
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 15
VM Port-Group vSwitch
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 16
VLAN Tagging Options External Switch Tagging
External switch tags packet Configured by setting the
Network Label VLAN ID to be 0 How is VM-toVM traffic
switched? (through LAN Switch or through vSwitch)
Can use native VLAN on 802.1q trunk (as long as native VLAN is not tagged)
A B
Virtual Switch 2 Virtual Switch 1
VMs
1 30 2 31 32
ESX Server Host
VMNIC0 VMNIC2
Port-Group 1 Port-Group 2
VLAN assignment
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 17
VLAN Tagging Options Virtual Switch Tagging
vSwitch tagging Tags outbound packets Strips tag from inbound packet
Most Common Deployment
It is set by assigning the VLAN ID to the Network Label in the Port-Group
Provides isolation between VLANs
Virtual Switch
Virtual Machines
VLAN “A” VLAN “B”
1 30 2 31 32
Port Group A Port Group B
ESX Server Host
VMNIC1 VMNIC0 VMNIC2 VMNIC3
802.1q trunk
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 18
VMware LAN Networking
vSwitch Basics NIC Teaming vSwitch vs LAN Switch Migration, HA, DRS
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 19
Meaning of NIC Teaming in VMware (1)
ESX Server Host
vSwitch Uplinks
vmnic0 vmnic1 vmnic2 vmnic3
vNIC vNIC vNIC
vNIC vNIC
ESX server NIC cards
NIC Teaming NIC Teaming
THIS IS NOT NIC Teaming
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 20
Meaning of NIC Teaming in VMware (2) Th
is is
NO
T Te
amin
g
Teaming is Configured at The vmnic Level
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 21
vSwitch0
VM1
vmnic0 vmnic1
Service Console VM2
Port-Group 1 VLAN 2
Port-Group 2 VLAN 1
802.1q Vlan 1,2
802.1q Vlan 1,2
ESX Server
Design Example 2 NICs, VLAN 1 and 2, Active/Standby
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 22
Beacon Probing
Beacon probing attempts to detect failures which don’t result in a link state failure for the NIC
Broadcast frames sent from each NIC in the team should be seen by other NICs in the team
Beacons are sent on each VLAN in use
VM ports
uplink ports
Teamed physical
NICs
LAN
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 23
Active/Standby per-Port-Group
VM5
VMNIC0
VM7 VM4 VM6
vSwitch0
VMNIC1
.5 .7 .4 .6
CBS-right CBS-left
Port-Group2 Port-Group1
ESX Server
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 24
Port-Group overrides vSwitch Global Configuration
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 25
Active/Active
vmnic0 vmnic1
ESX server NIC cards
vSwitch
ESX server
VM1 VM2 VM3 VM4 VM5
Port-Group
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 26
Active/Active IP-based Load Balancing
Works with Channel-Group mode ON LACP is not supported (see below):
9w0d: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed state to up 9w0d: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to up 9w0d: %EC-5-L3DONTBNDL2: Gi1/0/14 suspended: LACP currently not enabled on the remote port. 9w0d: %EC-5-L3DONTBNDL2: Gi1/0/13 suspended: LACP currently not enabled on the remote port.
vmnic0 vmnic1
vSwitch
ESX server
VM1 VM2 VM3 VM4
Port-Group
Port-channeling
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 27
VMware LAN Networking
vSwitch Basics NIC Teaming vSwitch vs LAN Switch Migration, HA, DRS
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 28
Rolling Failover (aka Preemption) By default Preemption is on
vSwitch0
VM1
vmnic0 vmnic1
VM2
802.1q Vlan 1,2
802.1q Vlan 1,2
vSwitch0
VM1
vmnic0 vmnic1
VM2
802.1q Vlan 1,2
802.1q Vlan 1,2
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 29
All Links Active, No Spanning-Tree Is there a Loop?
VM5
NIC1 NIC2
VM7 VM4 VM6
vSwitch1
NIC3 NIC4
.5 .7 .4 .6
CBS-right CBS-left
Port-Group2 Port-Group1
ESX Server
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 30
Broadcast/Multicast/Unknown Unicast Forwarding in Active/Active (1)
vSwitch0
VM1
vmnic0 vmnic1
VM2
Port-Group 1 VLAN 2
802.1q Vlan 1,2
802.1q Vlan 1,2
ESX Server
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 31
Broadcast/Multicast/Unknown Unicast Forwarding in Active/Active (2)
vSwitch
VM1
NIC1 NIC2
VM2
ESX Host
802.1q Vlan 1,2
802.1q Vlan 1,2
VM3
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 32
Can the vSwitch pass traffic through?
vSwitch
VM1
NIC1 NIC2
VM2
E.g. HSRP?
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 33
Can VM1 talk to Server3?
4 Uplinks
vSwitch
VM1
NIC1 NIC2
Service Console VM2
Port-Group 1 VLAN 2
Port-Group 2 VLAN 1
802.1q Vlan 1,2
802.1q Vlan 1,2
Server3
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 34
Can VM5 talk to VM4?
vSwitch
VM5 VM7
802.1q 802.1q
VM4 VM6
vSwitch
All links are active
VMNIC1 VMNIC2
.5 .7 .4 .6
ESX server1 ESX server 2
VMNIC1 VMNIC2
1 2 3
4
Catalyst1 Catalyst2
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 35
Is this design possible?
vSwitch
VM5 VM7
802.1q
802.1q
.5 .7
ESX server1
VMNIC1 VMNIC2
1 2
Catalyst1 Catalyst2
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 36
vSwitch Security
Promiscuous mode Reject prevents a port from capturing traffic whose address is not the VM’s address
MAC Address Change, prevents the VM from modifying the vNIC address
Forget Transmits prevents the VM from sending out traffic with a different MAC (e.g NLB)
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 37
vSwitch vs LAN Switch
Similarly to a LAN Switch: Forwarding based on MAC address VM-to-VM traffic stays local Vswitches TAG traffic with 802.1q VLAN ID vSwitches are 802.1q Capable vSwitches can create Etherchannels Preemption Configuration (similar to Flexlinks, but no delay preemption)
Differently from a LAN Switch No Learning No Spanning-Tree protocol No Dynamic trunk negotiation (DTP) No 802.3ad LACP Certain designs can isolate VMs 2 Etherchannel backing up each other is not possible vSwitch doesn’t have the equivalent of UPLINK TRACKING No SPAN/mirroring capabilities: Traffic capturing is by far not the equivalent of SPAN Beaconing doesn’t seem to add much value Port Security very limited
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 38
VMware LAN Networking
vSwitch Basics NIC Teaming vSwitch vs LAN Switch Migration, HA, DRS
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 39
VMotion Migration Requirements
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 40
VMKernel Network can be routed
ESX Server Host
Virtual Machines
…
Production Network
Mgmt Network
VM Kernel Network
VM Kernel Network
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 41
VMotion L2 Design
VM4 VM5 ESX Host 2 VM6
vSwitch0
vmnic0 vmnic1
vSwitch1 vSwitch2
vmnic2 vmnic3
vmkernel Service console
Rack10 Rack1
ESX Host 1
vSwitch0
vmnic0
vSwitch2
vmnic2
vmkernel
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 42
HA clustering (1)
EMC/Legato AAM based HA Agent runs in every host Heartbeats Unicast UDP port
~8042 (4 UDP ports opened) Hearbeats run on the Service
Console ONLY When a Failure Occurs, the ESX
Host pings the gateway (on the SERVICE CONSOLE ONLY) to verify Network Connectivity
If ESX Host is isolated, it shuts down the VMs thus releaseing locks on the SAN
Recommendations: Have 2 Service Console on redundant paths Avoid losing SAN access (e.g. via iSCSI) Make sure you know before hand if DRS is activated too!
Caveats: Losing Production VLAN connectivity only, ISOLATES VMs (there’s no equivalent of uplink tracking on the vswitch)
Solution: NIC TEAMING
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 43
HA clustering (2)
COS 10.0.2.0
ESX2 Server Host
vmnic0
10.0.200.0
ESX1 Server Host
vmnic0
Prod 10.0.100.0
VM1 VM2
VM1 VM2
iSCSI access/VMkernel
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 44
Cisco/VMware DC Designs
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 45
vSwitch and NIC Teaming Best Practices
Q: Should I use multiple vSwitches or multiple Port-Groups to isolate traffic?
A: We didn’t see any advantage in using multiple vSwitches, multiple Port-Groups with different VLANs give you enough flexibility to isolate servers
Q: Should I use EST or VST? A: Always use VST, i.e. assign
the VLAN from the vSwitch Q: Can I use native VLAN for
VMs? A: Yes you can, but to make it
simple don’t. If you do, do not TAG VMs with the native VLAN
Q: Which NIC Teaming configuration should I use?
A: Active/Active, Virtual Port-ID based Q: Do I have to attach all NICs in the team
to the same switch or to different switches?
A: with Active/Active Virtual Port-ID based, it doesn’t matter
Q: Should I use Beaconing? A: No
Q: Should I use Rolling Failover (i.e. no preemption)
A: No, default is good, just enable trunkfast on the Cisco switch
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 46
NIC Team Across Hardware
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 47
Cisco Switchport Configuration Make it a Trunk
Enable Trunkfast Can the Native VLAN be used for VMs?
Yes, but IF you do, you have 2 options Configure VLAN ID = 0 for the VMs that are going to use the native VLAN (preferred) Configure “vlan dot1q tag native” on the 6k (not recommended)
Do not enable Port Security (see next slide)
Make sure that “teamed” NICs are in the same Layer 2 domain
Provide a Redundant Layer 2 path
interface GigabitEthernetX/X description <<** VM Port **>> no ip address switchport switchport trunk encapsulation dot1q switchport trunk native vlan <id> switchport trunk allowed vlan xx,yy-zz switchport mode trunk switchport nonegotiate no cdp enable spanning-tree portfast trunk !
Typically: SC, VMKernel, VM Production
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 48
Port Security and VMware Incompatible
http://www.cisco.com/en/US/partner/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00808b0210.html#wp1170581
3750-STACK-top-R1(config-if)#switchport port-security maximum <number> vlan <vlan_number>
How many MACs do you have to count?
SC, SC iSCSI, VMKernel, VMotion = 4 + 1 MAC per VM + BIA MAC
maximum 5, violation restrict
If a MAC moves (i.e. Vmotion migration or NIC Teaming)
3750-STACK-top-R1#
9w0d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused
Port goes down or traffic is dropped
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 49
Configuration with 2 NIC SC, VMKernel, Production share NICs
Trunks
VM1
VMNIC1 VMNIC2
VM2
802.1q: Production VLANs, Service Console, VM Kernel 802.1q
Service Console VM Kernel
ESX Server
vSwitch 0
Port-Group 2
Port-Group 3
Port-Group 1
HBA1 HBA2
NIC teaming Active/Active
VST
Global Active/Active
Active/Standby Vmnic1/vmnic2
Active/Standby Vmnic2/vmnic1
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 50
Configuration with 2 NICs Dedicated NIC to SC, VMKernel, Separate NIC for Production
Trunks
VM1
VMNIC1 VMNIC2
VM2
802.1q: Production VLANs, Service Console, VM Kernel 802.1q
Service Console VM Kernel
ESX Server
vSwitch 0
Port-Group 2
Port-Group 3
Port-Group 1
HBA1 HBA2
NIC teaming Active/Active
VST
Global Active/Standby Vmnic1/vmnic2
Active/Standby Vmnic2/vmnic1
Active/Standby Vmnic2/vmnic1
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 51
Network Attachment (1)
802.1q 802.1q:
Production, SC, VMKernel
ESX server1 ESX server 2
VMNIC1 VMNIC2
1 2 3
4
Catalyst1 Catalyst2
VMNIC1 VMNIC2
No Blocked Port, No Loop
All NICs are used Traffic distributed
On all links
802.1q: Production,
SC, VMKernel
root Secondary
root
Trunkfast BPDU guard
vSwitch vSwitch
Rapid PVST+
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 52
Network Attachment (2)
802.1q 802.1q:
Production, SC, VMKernel
ESX server1 ESX server 2
VMNIC1 VMNIC2
1 2 3
4
VMNIC1 VMNIC2
All NICs are used Traffic distributed
On all links
Typical Spanning-Tree V-Shape Topology
802.1q: Production, SC, VMKernel root
Secondary root
Trunkfast BPDU guard
vSwitch vSwitch
Rapid PVST+
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 53
Configuration with 4 NICs Dedicated NICs for SC and VMKernel
ESX Server
HBA1 HBA2
vswitch
Port-Group 1 Service Console VM Kernel
Production VLANs
Active/Active Vmnic1/vmnic2
VMNIC4
VMNIC3 VMNIC2 VMNIC1
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 54
Configuration with 4 NICs Dedicated NICs for SC and VMKernel
ESX Server
HBA1 HBA2
vswitch
Port-Group 1 Service Console VM Kernel
Production VLANs
Active/Active Vmnic1/vmnic2
VMNIC4
VMNIC3 VMNIC2 VMNIC1
Dedicated NIC for SC
Dedicated NIC for VMKernel
Redundant Production
How good is this design?
Isolates Management Access
VC cannot control ESX Host
If this is part of an HA Cluster VMs are powered down
Isolates VMKernel
If using iSCSI this is the worst Possible failure, very complicated
To recover from
If this is part of a DRS cluster It prevents automatic migration
VMs become completely isolated
Management access is lost iSCSI access is lost VMotion can’t run
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 55
Configuration with 4 NICs Dedicated NICs for SC and VMKernel
ESX Server
HBA1 HBA2
vswitch
Port-Group 1 Service Console VM Kernel
Production VLANs
Active/Active Vmnic1/vmnic2
VMNIC4
VMNIC3 VMNIC2 VMNIC1
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 56
Configuration with 4 NICs
ESX Server
HBA1 HBA2
vswitch
Port-Group 1 Service Console VM Kernel
Production VLANs
SC, VMKernel VLANs
Active/Standby Vmnic2/vmnic4
Active/Standby Vmnic4/vmnic2
Active/Active Vmnic1/vmnic3
VMNIC4
VMNIC3 VMNIC2 VMNIC1
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 57
Configuration with 4 NICs
ESX Server
HBA1 HBA2
vswitch
Port-Group 1 Service Console VM Kernel
Production VLANs
SC, VMKernel VLANs
Active/Standby Vmnic2/vmnic4
Active/Standby Vmnic4/vmnic2
Active/Active Vmnic1/vmnic3
VMNIC4
VMNIC3 VMNIC2 VMNIC1
Redundant SC and VMKernel Connectivity
Redundant Production
HA augmented by teaming on Different NIC chipsets
All links used
“Dedicated NICs” for SC And VMKernel
SC swaps to vmnic4
VC can still control Host
Production Traffic goes to vmnic3
VMKernel swaps to vmnic2
Production Traffic Continues on vmnic1
Production and Management Go through chipset 2
Production and Management Go through chipset1
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 58
Network Attachment (1)
vSwitch
802.1q: Production
ESX server1 ESX server 2
1 2 7
Catalyst1 Catalyst2
vSwitch
No Blocked Port, No Loop
802.1q: Production,
SC, VMKernel
root Secondary
root
Trunkfast BPDU guard
802.1q: SC and VMKernel
3 4 5
6 8
Rapid PVST+
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 59
Network Attachment (2)
Typical Spanning-Tree V-Shape Topology
802.1q: Production, SC, VMKernel root
Secondary root
Trunkfast BPDU guard
vSwitch
802.1q: Production
ESX server1 ESX server 2
1 2 7
Catalyst1 Catalyst2
vSwitch
802.1q: SC and VMKernel
3 4 5
6 8
Rapid PVST+
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 60
How About?
Typical Spanning-Tree V-Shape Topology
802.1q: Production, SC, VMKernel root
Secondary root
Trunkfast BPDU guard
vSwitch
802.1q: Production
ESX server1 ESX server 2
1 2 7
Catalyst1 Catalyst2
vSwitch
802.1q: SC and VMKernel
3 4 5
6 8
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 61
4 NICs with Etherchannel
802.1q: Production
ESX server1 ESX server 2
1 2
7 3
4 5
6 8
“Clustered” switches
802.1q: SC, VMKernel
vSwitch vSwitch
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 62
VMotion Migration Example
VM4
vmnic0
VM5
ESX Host 2
VM6 VM1 VM2
ESX Host 1
VM3
vSwitch
Rack10 Rack1
vmnic1
vSwitch
vmnic0 vmnic1
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 63
Network Label and VMotion
VMs moving from one ESX server to a different one look for the same Network Label
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 64
VMotion Best Practices
Datapoints: Migration only happens within a VM HA/DRS cluster and/or within a datacenter VMotion looks for the Network Label to be available on the Target ESX Host VM MAC doesn’t change during the migration
Best Practice Make the VMkernel network routed, extend the Layer 2 domain only for the VM production traffic At most the Layer 2 domain needs to encompass ~10-20 machines, set the Layer 2 boundary within the Data center accordingly Enable the option “Notify Switch” in the vswitch so that target vswitch sends out a RARP to update the mac-forwarding tables
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 65
top related